 Thank you all for coming out here today. I'm Sasha Meinrath. I'm the director of the Open Technology Institute and also vice president of the New America Foundation. This is a great crowd. I'm always worried when I start talking about technology that everyone's going to run for the hills. But in many ways, it's really notable because we have folks from both sides of the aisle here. And when it comes to surveillance, this is an issue that cuts across traditional political divides. And that's really important. There may not be a whole lot of issues that me and my Kato Institute allies on these issues agree on, but this is one of them. And that's really important because it shifts a lot of the dynamics. The issues around NSA surveillance clearly have profound implications and repercussions for us across our lives internationally and are increasingly seen to intersect with a number of different places. Most recent now, over the last 24 hours, has been that the CIA is collecting a lot of information on our financial records, which is of a size and scope that we had no idea about until the New York Times and others started covering that. And I expect that the actual impacts are going to only increase as more information becomes public. Let me start by saying that it is an honor to introduce Congresswoman Zoe Lofgren right before this, Bruce, and the Congresswoman were talking about how, hey, you know, remember when we were battling on these issues in 1995? And it puts into perspective just how longstanding a lot of the real champions on these issues have been fighting and holding the line for rule of law and for a balance between necessary surveillance and our civil rights and liberties. She's an example of the kind of bipartisan response that has emerged on Capitol Hill. She's been an incredibly strong voice for those that are looking to have this balance between security needs, the law, and our Constitution. And of course, because she serves on both the Judiciary Committee as well as the Committee on Science... What is it? Science, Space, and Technology? It changes every year. Yes, indeed. She's actually ideally situated to be formulating solutions that address some of the major issues that these programs are raising right now. So together with a bipartisan coalition, she's called in for reining in some of the surveillance programs that have overreached. She's also introduced legislation that would enable companies to shed light on the number of surveillance orders that they receive and which and how many of their users those are impacting through the Surveillance Order Reporting Act. And she's also working on legislation that would rein in some of the NSA's telephone surveillance practices. So Congresswoman Lofgren is obviously no stranger to a lot of these issues. She's someone who's worked on them since entering Congress in 1995 and has been a champion also about increasing broadband access more generally. And this definitely intersects with, especially a lot of the poor minority communities, are detrimentally being impacted by this in ways that have not yet been fully documented and understood. She worked to lower the cost of internet access for schools, libraries, other public institutions. Matters, because for many communities, for many people in this world, the internet access is no longer a luxury good, but rather an absolute necessity for their pursuit of life, liberty, happiness. So this is why it is an honor for me to introduce Congresswoman Lofgren and to get her to introduce to you this afternoon some of the work that she's doing and some of her thoughts on this issue. So with that, Congresswoman Lofgren, the floor is yours. Thank you. It was good to be able to meet with Sasha and Bruce for a few minutes before walking over, and it's true, I actually first met Bruce when we were working on the control of encryption as an armament. In 95, I think it was 52-bit encryption that was controlled at the time. I think that was not rational. Ultimately, we succeeded in that effort, but obviously we still have issues. And I have been, in fact, part of a bipartisan group here in the House, and that doesn't happen very often, to try and put some order into what I think is overreach in our spy agencies. Before I say anything further on that, I am not one who thinks that the United States has no need to find out what our enemies are doing. We have actual enemies, and it's important that we find out what those enemies are doing and protect ourselves. So I'm not one who says there's no need for that. I also, however, believe that you can do that consistent with the requirements of the Constitution for Americans and also with some order relative to our non-enemies around the world. I think it's pretty clear that what we have engaged in and have learned about because of the Mr. Snowden's leaks has enraged much of the world. Now, I think certainly NSA and my judgment of Congressman Sensenbrenner, who actually was the author of the Patriot Act, they have interpreted provisions of the act in a way that I think is nonsensical and was never intended by the Congress, but Congress also bears the responsibility to clean this up. And at a minimum, I think we need to do three things. First, we need to place strict limits on bulk collection of information. Right now, we know because of the leaks, I'm not ever going to talk about what I've been told in classified briefings, but as Bruce and I just discussed, he probably knows more than I do because he has the capacity to look at documents that are not provided to the Congress. But we know, according to the newspaper, that using section 215 of the Patriot Act to get business records, that the NSA is suggesting, and they've said this publicly, that the phone call records of every American is relevant to a terrorism investigation. I just think that is so nonsensical. When we put the word relevant into the act, we thought it was a limitation, and NSA apparently looked at it as an expansion of their authority. We need to curb that bulk collection authority. And I would know, without talking about anything, business records are not just phone records. I mean, there are a lot of business records, and I think that to assume that bulk collection of business records per se, the way the NSA is doing it, it's not appropriate. Second, I think we need to take another look at section 702 of FISA. Right now, it prohibits the collection of information on U.S. persons without a court approval, which is fine. However, if it also prohibits targeting a foreign person when the real target is an American backdoor, but if you inadvertently get information about an individual and later use it without court approval, I think that's a big problem. And as we know now, defendants are not even being notified as to how their information was obtained. It's a real problem, constitutionally, in my judgment. I think the government should get a warrant before it can use information it collects under section 702 for U.S. persons. And I actually spoke out about this provision on the floor the last time the act was reauthorized. Third, I think Congress needs to make sure that the actions under the FISA court are more transparent. The idea that litigants can't see the government's arguments that the court is making judicial rulings that are not shared with anyone that the American people don't know. That's not the way the American legal system works. The government doesn't face off with anybody else. In the court, that's not the way the American legal system works. So we need to change that as well. There are a number of bills that have been introduced. And as I say, there's been a bipartisan support for most of them. As most of you know earlier this year, Congressman Amash, who's a freshman and I think he proudly says T-party member, had an amendment to basically strip the funding for the NSA efforts. That was not... It could have been drafted better in my judgment. But even with that, it was just seven votes short of passing. And I think that did catch the attention of the administration, which is really what it was intended to do. And we've actually had more briefings from the NSA since that vote than we had in the prior decades. So we have had some new attention to this. I have, as mentioned, a bill called the Surveillance Order Reporting Act that has bipartisan supporters that basically would allow internet companies to say without, you know, what they've done on some periodic basis, clustered so that for protection right now, the internet companies have the worst of all worlds. They comply with court orders. They can't say how few of them there are. And the assumption is that it's everything. And in addition to a civil liberties issue for all of us, this is a business competitiveness issue for American companies. Try and compete in Europe when the Europeans think that their data is not secure with you. The big bill on NSA reform is one introduced by Jim Sensenbrenner, and he is the right person to introduce it as the author of the Patriot Act. I am a co-author of the bill. It does a lot of what I've already talked about at the end vote collection. It requires a warrant to review information about Americans inadvertently caught up under FISA. It requires the FISA court to publicly disclose information about significant decisions. It requires the government to issue, actually he just took my bill on the disclosure verbatim, which I appreciate, put it into his bill. And it requires the government to issue public reports estimating the number of individuals subject to intrusions on their privacy. My friend Ron Wyden and Chairman Pat Leahy have introduced the companion bill on the Senate side. And so the question is, which of competing visions are going to proceed? As many of you know, Senator Feinstein has a different approach, and she did express concern about surveillance of the German Chancellor that began, by the way apparently long before she was the Chancellor. Diane has not been known as a critic of the program. I think that's a fair commentary. And the bill that she's introduced, many have said would essentially codify some of the problems that we are currently troubled by. I want to mention ECPA reform, because although that's not really a national security issue, it is also a privacy issue, and it's also a competitiveness issue. I was not in the Congress when ECPA was enacted in 1986. I don't know what they were thinking, but the idea that your email that's over 180 days can be obtained with a subpoena without a warrant is, I think, bizarre. The stamp is protected, but your wonderful email from your husband that you saved is not. I mean, we need to change that as well as geolocation. Representative Yoder has a bill that's just about email. My bill has both geolocation and email, and we're trying to get together and get a bill that moves forward. I can see that the lights have gone on, so the vote has been called. So I'm just going to wrap up unfortunately quickly to say that I think we have an opportunity to put some law and order into our very necessary intelligence programs. I look forward to working with all of you, and I do think the newfound enthusiasm, maybe that's unfair, but the increased vocal response by some of our large actors in the economy is also going to be very helpful as we try and move forward. So what you're doing is enormously important. Thank you for letting me say these few words, and I look forward to your help on getting these bills passed. Thanks very much. I think many folks here have probably intersected with, been briefed by, et cetera, a number of legal beagles. A lot of people who are working on the civil liberties, the legal side of these questions and concerns, that's vitally important work, but today I'm going to give you something completely different. Bruce Schneier, who's flown in today, is an internationally renowned security technologist. He has literally written the book on a lot of crypto. He's up to, I think, 12 books now. His latest is Liars and Outliers, enabling the trust society needs to survive. He's written hundreds of articles and essays and academic papers. He has a free, weekly newsletter, the Cryptogram. It's a monthly newsletter, the Cryptogram. It's read by about a quarter of a million people, along with his blog, Schneier on Security. He's my go-to person, and a lot of other people's go-to person on issues diving into the depths of cryptography, encryption, surveillance, et cetera. I would say that he has, in many ways, been here well before these current battles and is now known as a person that both, in some ways, prognosticated that things were not quite as we'd hoped and is now diving into the guts of what's really happening through the lens of being an incredibly talented technologist and sees what's happening and can see how that affects, impacts, distorts a lot of the internet workings that, in essence, are the foundation for communications today. So Schneier is also a fellow at the Berkman Center for Internet and Society at Harvard Law. He's a fellow also with the New America Foundations Open Technology Institute. He's a board member of the Electronic Frontier Foundation, an advisory board member of the Electronic Privacy Information Center, of most relevance today. He's a trusted advisor and is working actively with Greenwald to analyze the Snowden files and help release important information in an ethical manner. So I'm going to turn it over to him to talk for a few minutes to give you a sense of what he's seen and his concerns. I'll ask a few questions, and then we'll turn it over to all of you to ask whatever pressing issues are on your mind. If he can't answer those questions, certainly he will know who to put you in contact with if he can. So please welcome Bruce Schneier. Thank you. To me, the neatest thing about the Snowden documents are the codenames. I love codenames. There are enough codenames in my life. One of the most recent codenames we learned is a program called Muscular. Muscular is the NSA's program to collect Google and Yahoo user data by eavesdropping on the trunk lines between their data centers. Your email and your documents are stored in Google's cloud and there's several data centers around the world and those are connected by trunk lines. NSA's eavesdropping on those and collecting data. This is different from the NSA's program to collect Google and user data by eavesdropping on the links between your browser and the corporate web server. We don't know the codename of that one unfortunately. Those two are actually different from Prism, which is the NSA program to collect Google and Yahoo user data by asking the companies for it. And when Ms. Arizona Loughlin talked about more transparency and allowing the companies to talk about the requests they get, that will only affect that third program. There's lots more codenames. I'll give you my favorite codename, Fox Acid. I bet you sit at the cool table in the cafeteria if you work on Fox Acid. My candidate for stupidest codename is Egotistical Giraffe. I'm actually not making that up. They probably sit in the corner in the cafeteria. And there are lots of these. The general takeaway, which I want everyone to understand, is that the internet has turned, sorry, the NSA has turned the internet into a giant surveillance platform. And it is one that is robust. It is robust politically. It is robust legally. It is robust technically. And there's lots more to come. Lots that will never get out. But that, to me, is the important thing. I mean, I just described three different programs using three justifications to get at your Gmail. And when you have the sort of budget the NSA has, you can make these A or B let's do both sorts of decisions. And I think we're going to see that again and again and again. There are many ways into the same thing. And one of the things that worries me about some of the legislation that tend to be targeted, I want to step back for a second and talk about the technological trends that got us here. Fundamentally, data is a byproduct of the information society. Everything we do on a computer creates a transaction record. And whether it's using our phone, using our credit card, using our easy paths for road tolls, everything creates a data record. And data is increasingly a byproduct of our socialization. We don't talk in person anymore. We talk on email. We talk on Skype. We talk on IM. We talk on Facebook. All of those create records. That data is being increasingly stored and increasingly searched and increasingly used. Fundamentally, because of Moore's law, data storage drops to free. Data processing drops to free. It is easier to save everything that is to figure out what to throw away. You all know this? I mean, if you used email in the past about 15 years, there was a point where you stopped sorting your email because it was easier just to throw it all in one file and search it. Search became easier than sort. That's where we are. So the result is we're leaving digital footprints everywhere. This is not a question of malice in anybody's part. This is the way computers work. So what we have here is fundamentally an alliance of government and corporate interests at a very high level. I'm calling it the public-private surveillance partnership. I mean, the NSA surveillance largely piggybacks on corporate capabilities. Right? We through cooperation with the NSA asking the telco, hey, do you mind if we just surveil everybody? Through bribery, right? We learned a couple of weeks ago that the CIA is buying data from AT&T. This was a $110 million contract, ver-phone data, through threats and through compulsion and a combination thereof. So we're seeing all of these things being used. I mean, fundamentally, surveillance is the business model of the internet. We build systems that spy on people in exchange for services and the NSA is trying to get themselves a copy. That's what's going on. Most of this is metadata. I very much dislike the only metadata frame, metadata equal surveillance. Sort of an easy way to think about this. Imagine you hired a private detective to eavesdrop on somebody. That detective would put a bug in their room, bug in their car, a bug in their office, tap their phone, and you would get a report of the conversations. If you asked that same detective to put someone under surveillance, you'd get a different report. A report of where they went, who they spoke with, what they purchased, what they read, what they looked at. That's all metadata. That's all surveillance. Metadata equals surveillance at a very fundamental level. And this is not just about the NSA. We learned today in The New York Times that the CIA is collecting financial data. We know the FBI does the same things. And while the Snowden documents to give this extraordinary window into the NSA's activities, this is basically what any well-funded nation-state adversary would do. The U.S. actually has a very privileged position on the Internet because of two things. Because a lot of traffic goes through the U.S. and a lot of companies reside in the U.S. But we know that China does a lot of the same things that we're seeing here. And technology democratizes today's secret NSA programs, become tomorrow's PhD theses, become the next day's high school science fair projects. And this is the harm that I'm concerned about. That we are building an insecure Internet. The choice isn't should the NSA spy or not. The choice is, does anybody get to spy or do you make a secure Internet? Do we build an Internet that is vulnerable to all attackers or an Internet that is secure for all users? That is the issue. And what's happened is we've made surveillance too cheap. We've made bulk surveillance too cheap. And we need to make it expensive again. The good news is that cryptography works. And this is born out through a lot of the programs we've seen that crypto makes it harder. We do know the NSA and others have advances in cryptanalysis, but we've known this for decades. We in the academic community know how to build secure systems. Much of how the NSA breaks cryptography is by getting around it. We know that. Either exploiting bad implementations, default or weak keys, deliberately inserting backdoors, basically deliberately inserting vulnerabilities into the products you use under the assumption that only they can use them, which seems fanciful. Or what they know, what they call exfiltrating keys, exfiltrating equals stealing. But there's a group called TAO, Targeted Access Operations, which is effectively NSA's digital black bag teams. The solutions here are varied. And I think that's necessarily soaked. It's very complicated. I think there are going to be some internal self-corrections inside the NSA. Because as amazing as it seems, they had no contingency plans to the secrets being entirely and totally leaked. That just surprised me. It took General Alexander two months before we could figure out some sort of response. And the cost-benefit nature has changed. I think fundamentally, secrecy is different in the information age. There are books on this. Corporate America knows this. I think the government is learning this. And you have to assume that your secret programs become public in three to five years. If everything Snowden said showed us the NSA was spying on North Korea and the Taliban, nobody would care. It said the NSA is spying on Belgium. Or I guess even weirder that the U.K. is spying on Belgium. It's like Connecticut is spying on Nebraska. Those are the things that are surprising. And those are the things you only do if you think there's no chance it'll become public. And that's just changed. Corporations have a new cost-benefit analysis. It used to be it was risk-free to cooperate. It was risk-free to hand over the data to just say, okay, don't send us a national security letter. We'll do it willingly. Now there is enormous PR value in fighting. Google and Yahoo and Apple and Microsoft are all trying to fight. Telco's less so, but I think they're starting. So there's PR harm in cooperating and PR value in fighting again because it's becoming public. I think there are other self-corrections. There's an enormous amount of political blowback here, especially internationally, and that just changes the nature of what the NSA is going to do. The NSA is surprisingly risk-averse. That's one thing that amazes me, that they are very, very risk-averse. And remember they have a dual mission, protection and exploitation. The problem is that it's gotten out of whack. There's a lot of technical things we can do. I spoke to the Internet Engineering Task Force last week. That's the group that basically designs and builds the Internet protocols we all use. They are viewing this as the Internet is under attack and it needs to be hard and needs to be strengthened. Again, not against the NSA, against everybody. So we talk about encryption. We talk about target dispersal. We were way more secure when our email was among 10,000 ISPs, it went as among 10. We talk about anonymity. We talk about assurance. The goal here is to leverage the economics, the physics and math. The NSA might have a bigger budget than anybody else, but they are not made of magic. And the problem is that bulk collection became cheaper than targeted collection. You just need to change that. As the representative said, there's a lot of good stuff the NSA does. We want them to do that and not spy on everybody. Largely, this is a political solution. And we sort of know what this looks like, right? Transparency, oversight, accountability. I mean, there's a lot of devils in the details, but that's basically the way any political solution will work. One of the problems we have is that laws lag technology. And the laws tend to be outdated. I mean, Representative talked about that in the Astrod communications act that meant your email was considered a stored record after three months. Well, that was in a world where you downloaded an email to your computer every day. So three months kind of made sense. Now your email is on Google for years and years and years. And three months doesn't make sense. Technology changes, the laws don't. Problem, of course, is that raining in the NSA only affects the NSA. Doesn't affect non-U.S. persons, which is an issue in most of the world. Doesn't affect the actions of other countries either. I mean, you haven't heard this argument yet, but you will hear it if we rain in the NSA, China wins. That is an arms race argument. It's a zero sum game. It's us versus them. It might as well be us. Now I think that is fundamentally flawed. I think a secure internet is in everybody's best interest. That we need to secure the internet even if the other people don't. And we need to start fostering broad agreement there. Because that's the way you turn a zero sum game into a positive sum game. And then it becomes a traditionally very hard international problem like money laundering and nuclear proliferation or human trafficking. I mean, those aren't easy, but at least we all basically know where we're trying to get to. So I think we eventually will win this protecting is more important in these dropping arguments. It's going to take a decade or so. In the near term, I'm hoping we win the tell us what you're doing argument. Because that's real important near term. And I'm happy to take questions. Great. We have a... Just very briefly, so we know that telephone metadata is being collected. We know text messaging, email, social networks are being collected. We know that encrypted communications is not just being collected but being stored even more so than other communications. We know web searches and search histories are being collected. We now in the last 24 hours know financial data is being collected. We haven't yet heard anything about pictures and videos, facial recognition, what happens with cars that are collecting a lot of information. What happens with all those smart devices, these internet of things devices that make your home all automated are also sharing data? I don't know about you, but I look at that, I'm like, whoa, that kind of is scary given all of the other places that are being where data collection is happening. I've also noted that you're not walking around with an advocacy. You actually have a computer. So I was wondering if you could talk a little bit about what are you doing as best practices? What can people writ large do? Not the super techy geeky stuff, but like the general sort of like, what raises the bar for people to help protect their communications? Fundamentally, the way you protect yourself is you throw away a computer and throw away your cell phone, which is fundamentally useless advice. We've built an internet which is highly interconnected and highly dependent on companies to provide us with services and to keep our data. And once we have that, we are vulnerable. I've written essays on how to protect yourself, the things you can do around the edges, my mother didn't understand a word of that. And that's not surprising. There's actually not a lot we can do. And this is unfortunate. The solutions here are either going to be done by the internet boffins. There'll be stuff that'll happen in the background that you won't see that will protect you. Oral stuff that'll happen in this building, which I guess you guys would see and I won't, but it'll protect you. But there's not a lot of technical things that can propagate down to the average user level. I mean, yes, if you are super paranoid, there are things you can do. I mean, there are things I am doing to protect myself because I know as I am working with these documents, I am a target, not of the U.S., I mean, it's their stuff, but of other countries. But that's really very extreme. Talk us a little bit about what's happening at IVTF and other standard setting bodies in response. What are the issues we have, and this is unfortunate, is that these stories have weakened the internet trust model. The internet used to be run on effectively a U.S. benign dictatorship. The world generally believed that we were acting in the best interest of the world and generally let us alone, let us do it, let the U.S. techies be in charge. That governance model is gone. I mean, no longer does the world say, well, yes, the U.S. is a good steward of the internet. And unfortunately, there isn't any good model to replace it. And I think this is very dangerous because a lot of the replacement models are worse. There are a lot of far worse countries in the U.S. that are using our actions to justify far more invasive surveillance and far more worse control over their citizens. And I really dislike that. The IETF, which is an international body of techies, that are building the standards. I mean, they make the web work. They make your email protocols, chat protocols work. They are working on... They started to work on ways to harden the internet to make it more secure against all actors. And I mean, there's a lot of tech here. This will take a couple of years. This is the fast process. But I think it's an important one. I think over the past decade, we've built standards that where security was optional. And right now, it is an optional. And again, this is not about the NSA. I mean, figure we have a two-year lead here on what criminals are going to do. Or maybe a three-year lead. Five years if we're really lucky. I mean, these techniques aren't somehow magically NSA only. And that to me is the real problem. We don't get to say, look, we need to spy. Therefore, you can't have a secure internet. You only say everybody gets to spy. You don't get a secure internet. So that's one more. And then open it up for big time questions. One of the things that's come up quite a bit is sort of the real threat. And then sort of the rumor monitoring threat. And the notion that we can't trust anything. Now all encryption is broken. Everything is falling apart. Can you talk a little bit about what is still thought? You know, we know encryption works. We do. And actually, this is a lesson if you're following the documents of the NSA's attempt to break TOR. TOR is an anonymity tool used by human rights activists around the world. You know, good guys as well as bad guys like everything else. The NSA cannot break TOR. And it really annoys them. This is the lesson we learn from the NSA's collection of address lists and buddy lists from your browser and their server. You look at the data, they collected about 10 times the data from Yahoo as they did from Google. Which seems odd because Google is about 10 times Yahoo's size. But the reason is that Google has encryption enabled by default and Yahoo does not. So the Yahoo eavesdropping was much more fruitful. This is also the lesson from the muscular program. There was this great back of the napkin hand drawn diagram in one of the presentations. This was published by The Washington Post that where the NSA person who wrote this explicitly pointed to the place where the encryption was removed by Google to enable them to have access. Encryption does work. Even if you think about it, there's so much data. A lot of what's going on is real time selection. So the NSA goes now making this up, although it's probably true, to AT&T and say we need a copy of everything. This copy goes into this room where they say it's a bunch of computers and they can't possibly save it all. There's way too much. Every microsecond, they have to very quickly figure out what to save. So anything that makes that job slower, and this is also true for China. China is doing the same thing. Anything that makes that job slower is going to be a win. This is why the NSA, right now, if it's encrypted, the NSA shunts it for possible later storage. It's possible because almost nothing is encrypted. You know, encryption provides cover traffic for people who need it to stay alive. So encryption does work. Even moderately strengthened encryption is a good thing. The more we can make those pipes opaque to the governments, to the criminal organizations, to everyone who wants access to it, the safer we are. I mean, Snowden said this in his first interview in Hong Kong, and he said that encryption works, and encryption is one of the few things you can rely on. What I say is trust the math. The math is good. The math is your friend. I saw one question. I saw you first. Thank you. My name is Laura. My question for you, I worked in a mill for many years on national security issues, and one thing you could see happening with anything that was just complex and layered was that it migrated to the military because they had big resources and institutional capacity. This is true with computer scientists. There's a lot of technical issues. So you can see this problem as a process failure of institutions and governments. I love your book, and I love this idea of we need to figure out how to make trust and reputation more valuable currencies. How do you see that happening in your community? Because the technologists, especially the specific technologists, are so missing in the formative process of legislation and formative conversations of making this issue important. I think it's true, and the lack of technologists is felt in this extraordinarily technological issue. The benefit we have is that where the technology is being built, there are pretty much only technologists, and the policy people are just, you know, it's too icky to go there. They're kind of intense. I don't recommend them for policy people. So you do have this separate technological trajectory, which is important. We do need lawmakers to understand the tech here. I actually really worry that we're going to get a law passed which looks good, does nothing, easy to get around because of the full complexity and robustness of the surveillance, and everyone pats themselves in the back when they get home. So I am scared of that. This is very technological. The less technologically invariant, the more technologically invariant we make our laws, the better. Because in five or six years, it almost seems unimaginable that Facebook will be gone and there'll be a new thing we'd never heard of, but all the cool kids are using, and it'll be different. So we really need to think about how we make this work. We're leveraging the economics and the physics and the math. Those are more invariant than laws are. Yes, I'll show you next. Yeah, Marcia Gordon with the ATT. On the international blowback, do you... Well, first, can you explain there are rumblings, for example, in Germany about sort of walling off the cloud and in other countries as well. Can you explain technologically how that would actually work? I actually can't, which worries me, because I'm not sure anybody else can either. So there is talk about it. The government of Brazil learned, much of what they just made, that pretty much their entire internet flows through Florida. And the government is saying, wow, that's not good. What can we do about that? And one of the things countries are talking about, and Germany is one, Brazil is another, is trying to make their internet more national. So that when you send your data to what I'm going to make, and this up to Gmail, that Google somehow ensures that the data stays inside Germany. We don't know how to do this. And I think trying to breaks a lot of things about the internet. I think the balkanization of the internet is a worry and something that's not good for the internet. And the more we see these nationalistic... we're going to do it here, we're going to do it there, because suddenly much worse governments are going to start doing this. And we like it. That data flows across borders where it can be protected, especially in regimes that are doing much worse. So I actually don't like the balkanization. Technically, it's going to be very, very hard if it's possible at all. And politically, I think it'll be a disaster. Couldn't it lead to a trade war? Oh, don't ask me about trade wars. I do bids. I don't do trade wars. Sorry. I guess it could, right? I don't know. When you mentioned China, what would be the other countries that would be way up there on that? So the bad list countries that I mean, and this is not exhaustive, that I think of as using U.S. actions to justify their actions, Russia, China, Iran, Syria, Tunisia, Egypt, those are the ones that come to mind. I mean, not the kind of people you would want to put in charge of an open global for the internet, right? I mean, sure. I want to say that it was nice to be. Why do you think none of the legislative actions that we've seen so far attempted to stop the work that NSA is doing to weaken domestic security? I think that's just a fundamentally hard thing to wrap your head around. I mean, so the codename here, a couple of codenames are cool, is Bull Run. And this is the NSA program to go to the companies that provide internet security to you, me, to everybody, and basically say, hey, your security is kind of strong. Do you mind breaking it in this very specific way and don't tell anybody about us? And companies have said yes. We do not know the names of the companies that have said yes. We do know the names of a few companies that have said no in certain instances. That's nice. But I think that's just a very hard thing to understand. And this is dangerous because the conceit here is that only the NSA can exploit this vulnerability. And we know historically where these things have happened in other countries, a very famous case in Greece, where these vulnerabilities are found out by criminals or other countries and exploited. So again, we don't get to pick and choose who eavesdrops. We get to pick and choose whether eavesdropping is possible or whether it's not possible. I think it's a very important issue because that fundamentally breaks the trust model of the internet. Right now, you do not know if the secure products you buy are any good. Perfectly possible, the companies selling them to you are lying because they have some agreement with the NSA or possibly some other government. We do not know. A lot of security products come from Israel. There's a good famous one from Finland, from Russia. Like suddenly, everything is suspect. If we can't rely on the products and services out there to protect our corporations, our selves as individuals, then we're really at sea. So, I mean, why is it not being addressed? I think it was really hard. But I think it's vitally important. I'm not hearing it. I'm not hearing it either. Of course, despite all the issues around Chinese economic espionage, this is a very active concern for American companies. This is a place where NSA is intentionally not significantly active against the American business and national security issues. And it gets business especially. And then the U.S. companies are losing sales because you can't trust the Americans and now is something that rings true, which is awful. I mean, that is bad. I mean, we want to be the trusted stewards. We want to be the ones in favor of security and openness and freedom. And then it bothers me that we're not. Let's take maybe three questions and wrap it in succession while you respond to those and then we'll wrap up. Sean Gallagher from Nourstown. I wanted to ask you if you thought there's anything to be done with IPv6 and the new internet, based on IPv6 to improve security and hard security and standards that are being committed to action? Quickly, the answer is yes. The long answer is going to take and these people will be bored. Better. It's a war. I'm Noman. I've been with the House Foreign Affairs Committee. We often hear about private sector solutions to problems that don't. Government, is there possibly a private sector solution to these challenges? I mean, there is, but fundamentally the government can go and say, here, we order you to break your solution and not tell anybody. Suddenly we can't trust it. That's the issue. Yes, I believe if the government got out of the way, we can secure the internet. We can do a really good job. But there's no trust now that getting out of the way is actually getting out of the way. The ability is, and it's bribery, the NSA could get at the data without us knowing. That's the problem. We have no assurance. We have no way of knowing that what we build is what we get. One last question. I have one quick question. How do you think that the bills that like PIPA and those things have affected technologists' attitude towards legislators and their ability to interact with them? There's a belief among technologists legislators don't get it. They're going to be like my father. It's not that they're stupid. They're not born into the internet. It's going to take 30 years before we get legislators that were born understanding this stuff. So there is this disconnect. I think that's okay. We're not the only technology where this is going to be hard. We just have to figure out how to do it. We have, and it's only the last thing I'll say, General Keith Alexander gets in front of Congress if I had these capabilities, I would have stopped 9-11. He says that. And no one looks at him and says you couldn't stop Boston and one of the guys on the terrorist watch list and the other guy had a sloppy Facebook trail. That should have been a gimme. When you don't have that ability to go back and forth. The NSA shows congressmen these documents in a sealed room. They can't bring advisors. Of course they're going to get snowed and they know it. They talk about it when Amash spoke at a Kato event I think it was last month. And he talked about how just surreal it is to see documents and you're not allowed to ask questions or understand them and that's called oversight. So we just need to get the technologists involved because this stuff is techie. I mean it is. It's a great way to end this. Thank you.