 you all so much for coming to spend 45 minutes with the ACLU. We appreciate it a lot. This year there are not Q&A rooms, so we hope that those of you who want to continue the conversation will come to our table in the vendor room where you can become members or renew your membership, get our new DEF CON special edition ACLU Fourth Amendment t-shirts. We would love to see you there. My name is Ben Weisner. I direct our national project on speech, privacy and technology. The women and men at the table with me work on surveillance, national security, technology, privacy, both in our national office and in some of our affiliates around the country. So when we heard that the NSA had been disinvited from DEF CON this year, we kind of scratched our heads a little. Because since when has the NSA needed to be invited? We had planned to do a review that we were going to call a year in surveillance and talk to you about the breadth and scope of the work that we do on privacy and surveillance. And then Ed Snowden got on a plane to Hong Kong and really changed everything. So maybe we should give him a hand. And what he revealed is something that many of us were anxious about, knew about, had worried about for years, which is that the NSA's strategy has been to collect everything and worry about the law later. That as technology has developed, as the cost of collection and storage has gone down, the NSA has begun to construct the most comprehensive surveillance time machine ever created and then hope that the law could be twisted in order to justify what it was already doing. I feel that we say it so often it's a cliche that the law has not kept pace with technology. We believe that Americans privacy should be protected by constitutional law, not by Moore's law. So my colleagues here are going to talk briefly. There's five of them. We have only 45 minutes and we do hope to have time for a couple of questions to give you a taste of the kind of work that we are doing with regard to NSA surveillance. And we hope that many of you will join us at our table. We also have one of the parties tonight on the pub crawl party like it's 1986. That is ACLU, ECPA humor. So we hope to see more of you all later. And to kick us off, this is Alex Abdo from our national security project. Hi everyone and thanks so much for coming. So I want to talk just for a few minutes about the prison program which was revealed a couple of months ago by Ed Snowden. But before I get to the prison program, I want to talk about what there was before the prison program and what we were doing beforehand because it's a really fascinating change of events in the last two months. In 2008, Congress passed the most sweeping surveillance statute that Congress has ever passed called the FISA Amendment Act of 2008. And it essentially gives the NSA and the government unfettered access to Americans international communications. And we challenged the law at the time because we didn't think that the fact that someone is communicating internationally means they should sacrifice the right to privacy. That in today's interconnected world, you can't often control the way your packets are scurried around the world. And your right to privacy shouldn't depend on the paths they take and the friends you choose to associate with. We brought that challenge in 2008. And for the next five years, we didn't actually litigate the merits of whether the government can collect our international communications. We spent five years debating with the government whether our clients were allowed to sue. And our clients were lawyers who represented Guantanamo detainees, human rights researchers and activists who worked in areas of the world where there was a significant violence and counterterrorism interest on the part of the U.S. government. And journalists who reported on those areas, the very sorts of people who would find themselves trapped in an international NSA surveillance dragnet. And for that reason, these individuals, our plaintiffs, our clients, took significant and burdensome measures to protect the confidentiality of their communications. Some of them had ethical obligations to do so. Others just thought it was good professional responsibility. Despite that fact, the government argued that we couldn't sue unless our clients could prove that their communications were surveilled. And if you know anything about the NSA, you know that's a vicious catch-22. Nonetheless, the government prevailed in front of the Supreme Court in February in a decision, a five-to-four decision, holding that the government's most sweeping surveillance statute ever enacted is essentially immune from judicial review unless the NSA, in its benevolence, chooses to disclose who it's surveilling. I don't recommend you hold your breath. So that all changed two months ago when Ed Snowden disclosed the existence of the prison program. And the prison program is essentially one version of an implementation of the FISA amendments act. It is a small part of the way the government conducts its international surveillance. But it's authorized by this very same statute that was passed in 2008. And some of the most important disclosures that Mr. Snowden made are of the procedures that the government uses to select its targets and to protect the privacy and theory of Americans who find themselves ensnared in the international dragnet. And having seen those procedures now, we know that they never should have been secret in the first instance, but they reveal a number of really critically important things about the way the government conducts its surveillance. The government's main defense, if you've been reading the news, about the prison program, is that it's a program directed at foreigners, not Americans. And I think that's an extraordinarily misleading defense of the program. When the government was pushing for the passage of this act, actually to a predecessor of the statute, it argued that some of the communications of most interest to the NSA were the ones that had one terminus in the United States. And you can imagine for obvious reasons why that would be the case. But the government used the fact that Americans were communicating internationally, essentially to bootstrap away their rights to privacy. So even though foreigners have to be the targets of the government's surveillance, Americans' communications are inevitably swept up into them. And you might think that because the government calls the collection of Americans' communications incidental under these programs, you might think that they would treat them as incidental and delete them when they get them. We now know, thanks to Ed Snowden, that that's not the case. The government is allowed to keep even Americans' communications in the course of targeting foreigners for five years in any event, and indefinitely if any of a number of sweeping exceptions apply. One of the exceptions, by the way, is if the information is encrypted. So ironically, as we are now seeing a push in the industry for greater use of HTTPS and encrypted communications, we are actually handing the NSA more authority to retain those communications indefinitely until a time that they can decrypt them if they can't already. The second big problem with the government's targeting of foreigners is that it presumes its targets are foreign unless it has a reason to believe otherwise. Which is a really bizarre way of going about it, you can imagine. So if the government has any doubt as to where you are, and they don't have any positive indication that you're an American, they'll treat you as a foreigner and targetable, and they'll retain your communications even if they later discover that they were wrong. So they think you're a foreigner, it turns out you're not, but they keep your communications anyway. And you can imagine the types of services available digitally now that would give the government the doubt they need about your foreignness to allow them to keep your communications. You could think of services like TOR or VPN services. The final problem, you know, a major problem I find with the government's defense of its prison program, is that it says the program is supposedly limited to foreign intelligence information, which is this phrase they bandy about, which really has very little meaning. It includes things as broad as the foreign affairs of the United States, which essentially makes a target out of everyone who's a foreigner. And we know that in part because the procedures that were released by Ed Snowden confirmed that two of the broadest factors the government relies on in determining whether someone is exchanging foreign intelligence information are one, if you're communicating with a foreigner, and two, if your phone number or email address appears in a foreigner's contact book. And these tools and the presumption that you are a foreigner is that virtually every international communication is susceptible to NSA surveillance. And they can keep those communications even if they later discover that you're an American. Just two quick additional points and then I'll hand it over. First, that the government is not actually limited to directing its surveillance at targets. It can direct its surveillance at third parties to collect information about its targets. And it can do so using IP filtering and country code filtering. And the example that I think has been thrown out is that they might decide that Osama bin Laden is a target and then decide to IP filter internet traffic for everything going into or out of Pakistan as their filter and then collect everything. So the prison program allows the government to do broad geographic surveillance in a way that ensures that countless people's rights to privacy are unjustifiably intruded upon. And secondly, the government considers that any extensive use of a IP range or cryptographic service by foreigners allows the NSA to target that IP range or cryptographic service. So if there's a service like Tor, for example, that is used extensively by foreigners and who knows what that means in the context of terrorists, you know, there are not so many terrorists in the world, we hope. So if a dozen of them are using Tor, that might justify the government in collecting everything that's going on over Tor to allow traffic analysis and maybe later decryption. So, you know, the irony is that those who seek to protect the sensitivity of their communications the most are engaging in communications that are born targetable. Whether or not the government has any specific reason to collect those individual's communications. I think there's an easy fix to this problem but maybe we can discuss that later and I'll hand it over for now with that vague teaser. Easy fix. Well, hello. My name is Catherine Crump and I'm a staff attorney with the ACLU's Speech, Privacy and Technology Project. I've been at the ACLU for about eight years and I've been primarily litigating challenges to government surveillance programs and that length of time has given me a little perspective on this because for years members of Congress have been saying things like if the American people knew what was actually going on with some of the NSA related spying programs they'd be really outraged but there was no way to have an honest conversation about what was happening until just recently when Edward Snowden finally disclosed some of these programs. But there has been such a torrent of information about the different programs that I think it can be often difficult to try to figure out what the different specific programs are and what they're doing. So, Alex talked about the PRISM program and now I want to spend a few minutes talking about the NSA's domestic collection of all telephony metadata. Why the ACLU thinks there are serious privacy problems with this and then what we're doing to try to rein in the NSA's surveillance. So, we know now, thanks to reporting by the Guardian and Ed Snowden, that the NSA is collecting all domestic telephony metadata. It has gone to the Foreign Intelligence Surveillance Court, the secret court in Washington, D.C. and it seems that every three months it gets an order authorizing it to collect telephony metadata from all major U.S. telephone communications company. So, at the end of every day, every telephone call that you make, every telephone call that you receive and how long those telephone calls last get handed over to the government. This is true for domestic communications. This is not about international communications and I think sometimes in some of the government's counter messaging, that fact is being lost. The government has also tried to argue that metadata isn't sensitive and has made the point, for example, we're just getting telephone numbers, we're not getting anyone's name, but I think the people in this room certainly see the flaw in that argument without anyone having to point it out. It's not just that the government is getting this information, it's that they're also storing the metadata going back five years. So, that's really a truly vast amount of information about all of the communications all of us engage in. So, what is the government doing with this information? The government says that whenever it has a reasonable, articulable suspicion that there is a selector, which is probably a telephone number, for example, associated with terrorism, it can query this database for that number and track connections going out three hops. So, the telephone number that calls the telephone number that calls the telephone number. When you think about that, it ends up being a sweeping amount of data because if the typical person has, for example, 40 telephone numbers in their phone, that can sweep in as many as 2.5 million phone numbers. This, by the way, isn't actually being approved on an individualized basis by a court. The FISA court has simply approved this general programmatic approach to surveillance, but there's no supervision of individual pieces of surveillance along the way. I want to step back for a second and talk about what a major paradigm shift this is. As my colleague, Ben, mentioned at the beginning, this is about collecting at all. We haven't previously lived in a world where every single thing we say and do is capable of being recorded, but that's now the world we live in, and that's exactly what's happening when it comes to telephony metadata. The government's argument is that it essentially doesn't implicate a privacy interest for the government to merely collect the data. That only happens when you look at it, but I think having a record of essentially everyone you call can have a real chilling effect on who people are willing to communicate with. The standard under which the government says what is the government's legal argument here? The government is relying on a section called 215 of the Patriot Act, which says that it is authorized to collect information that is relevant to certain types of investigations, generally for an intelligence or terrorism investigations, and on that relevance definition, the government has argued that every single phone call all Americans make are under that definition relevant. Now that's a pretty broad and sweeping definition of relevance, one we haven't really seen before, and I think it also poses an interesting conundrum too that I think is coming up a lot in the era of big data. Does the fact, as the government, if it is true that to understand the meaning of one piece of data, you need to have the entire universe. Does that make the entire universe of data relevant? Now you won't be surprised to hear that the ACLU objects to this program. We think it raises real privacy problems, and one of the first orders that was disclosed about the court giving the government access to this information dealt with Verizon business network services, which is pretty startling to us, because do you know who provides the ACLU's telephone communication? Verizon network business services. And we sat in our office and we thought taught about all the people who call us, all of the whistleblowers who call us, maybe seeking legal help or protection. Everyone who calls our offices for help with reproductive freedom services, right? Or reporting any number of abuses. And you can see some real problems with the idea that all of this information is being monitored and logged by the government. And because we think that poses a real threat to the longstanding right of Americans to be able to associate with one another. And also our fourth amendment, freedom to be free from unreasonable searches and seizures. We filed a lawsuit in federal court very quickly after the program was revealed. And we've asked the court to enjoin the government from engaging in this mass collection program and also to delete all of the data from the ACLU in this, because we know that it's sitting in a database, every phone call we've made for the last five years. The court has scheduled a briefing schedule for the going through the fall. There's an argument in November. And so hopefully by the time we're all back here next year, we'll be able to report a little more. I don't know if any of you had the privilege to hear Chris Segoian this morning in the pen and teller room. I made the mistake of getting there at five to 12 and you all had the seats already. So next up, Chris Segoian. Hi everyone. So I'm the principal technologist with our speech privacy and technology team. I joined last fall for those of you who caught my talk earlier. The FBI is now in the hacking business. If you didn't catch the talk, hopefully the video will be available at some point. I want to talk for the few minutes I have, I want to talk about how the government spies. There are not enough FBI agents to follow every person. There are not enough NSA employees to read everyone's email or to go and directly acquire everyone's communications. The government doesn't have the resources to directly monitor every American or let alone every foreigner. But they want to read the communications of every foreigner and they want to be able to collect information about every American and so they have this problem. Particularly for for dragnet style searches where you want to do a keyword search or you want to do social network analysis, you need everyone's communications. What do you do when you don't have the manpower to collect everyone's communications? You deputize the telephone and internet companies. In some cases with their willing assistance and in other cases against their will. But you force these companies to help out. Sometimes paying helps to get them to agree. We learn for example one of the documents that Ed Snowden released is a 2009 inspector general report from the NSA showing that about $100 million dollars in voluntary assistance payments were made to telecommunications companies to get them to participate in some of the domestic metadata programs. $100 million dollars goes a long way when you're buying the goodwill of companies who are going out of their way to help the government with its mission. So I want to talk about the role these companies play. Every internet company, every telephone company has a team of people who do nothing but respond to surveillance requests and I'm not going to talk about how many requests they get because my colleague Nikki will be talking about that but I want to emphasize that these companies provide assistance that enables surveillance that wouldn't be possible without their help. There would not be a 215 metadata program without the willing assistance of AT&T and Verizon and reportedly sprint. It simply wouldn't be possible. There wouldn't be a program of monitoring the communications of foreigners talking to Americans if the NSA couldn't get the undersea cable operators to provide access to the communications that are flowing through fiber optic cables. Those with a foreigner and one with an American or those where both ends are foreigners and the communications are passing through the United States. The NSA program depends upon American communications companies. What's been good is that as communications have shifted in the last few years from telephone companies to internet companies we're starting to see companies that aren't as happy about being deputized. We're starting to see companies that are deploying crypto whether it is HTTPS to protect data over the wire or in some cases end to end crypto and really what this is doing is making dragnet surveillance difficult. I don't think that we're ever going to be able to put the government out of the surveillance business. I would personally like to but I don't think we're ever going to get there. But I do think we can make dragnet surveillance impossible. We just have to raise the cost. We have to make it difficult enough to target one person that they simply don't have the resources to collect everyone's communications. Crypto can help us get there. Moving from companies that say yes to dragnet requests to companies that only say yes to target requests can help too. But I really think we need to be thinking not about making it impossible for the government but making it expensive. Chris Rock has this joke in which he says that he believes that guns should be legal and bullets should be a million dollars apiece. And I think surveillance should be expensive too. And the problem right now is that the cost of surveillance is that it's just too damn low. Thank you very much. Hi everyone. I'm Nicoloser. I'm the technology and civil liberties policy director for the ACLU of California. So very nice to be back with many of you today. I just wanted to take a sort of bigger picture for a moment to understand just how Edward Snowden's impact has rippled out much farther than NSA spying. Much farther than the docs that he released or the revelations. And just to give everyone a sense of just how important these revelations have been to getting out the truth about what's really happening and ongoing efforts by the ACLU and other organizations to really reestablish some desperately needed and long overdue balance between government surveillance and all of our personal privacy. So Edward Snowden's actions in addition to really giving us a sense of what the NSA has been doing has finally given us all our real first information on just how often as Chris was talking about that the government from the lowest levels of police on the street to all the way up to the highest echelons of the NSA, how often the government is really taking advantage of anachronistic Supreme Court decisions from the 1970s, outdated privacy laws that haven't been updated since the 1980s from before the web even existed from when our cell phones were the size of bricks and no one could even imagine that people would actually store email for longer than six months. And they've been taking advantage of these outdated laws and things that really haven't been properly reconsidered for decades to engage in what we have known for a long time to be a largely unsupervised shopping spree in the treasure trove of data that online companies are collecting every day about who each of us are, where we go on a daily basis, who we know what our concerns are, habits, our hobbies, and are keeping that for extremely long periods of time. The ACLU first really started to sound the alarm about this sort of surveillance industrial complex that had been growing and growing largely in the dark way back a decade ago in 2003. We knew for a long time that this was happening, that the government was really reaching into these treasure troves and largely getting at this data without a warrant, without a judge's permission, but we never had the facts. The government doesn't need to tell the American people how often they're demanding electronic communications that are being held by these companies, unlike the fact that they have to report how many wiretaps they issue. They're not required by law to do that, so they weren't doing it, no surprise. And the companies weren't very interested in telling us either how many times the government was knocking on their door and asking for really personal data about people. They didn't really want to give us pause and wonder and worry. Are we really having sort of a three-way conversation every time we email a friend or pick up the phone? So we knew it was happening, but the facts just weren't there. The companies largely didn't want to come forward and the government didn't want to give us this information voluntarily. But post-prism, a lot of what we had known for a long time was finally confirmed. The companies, in an attempt to actually defend themselves against being said that they had given a back door to the government and to actually try and assuage the fears of the public, many of them for the first time released transparency reports that gave some contours of just how many demands were coming from local law enforcement all the way up the pike. We had had some companies like Google and Twitter come forward with these reports before, but post-prism was the first time that folks like Yahoo and Apple and Facebook actually came out with this information as well. And it really confirms what we had long known that tens of thousands of requests are coming into these companies just in a six-month basis that's affecting 80, 90, 100 thousand different accounts. And if you think about all the information that Google might have in a particular account, it could be tons and tons of emails or photos, sort of the whole range of data. So we know from some of the reports Google and Twitter are actually doing a breakdown of how many of these demands are actually coming with a warrant and how many of these demands are really just coming with a subpoena, which a judge often has never seen. And as we expected, subpoenas are sort of much take the bulk of these things. You know, Twitter recently reported just a couple of days ago that 56% of the demands for the government are subpoenas. Only 23% are warrants with probable cause. And Google has gotten over 5,000 demands that are subpoena demands just in the past six months that accounts for over 10,000 plus accounts of people. So we're finally starting to see a glimpse into how often the government is demanding this information, which finally gives us some of the facts to talk to Congress about how important it truly is to update these laws and make sure that they do keep pace with the technology that we're all living in, the fact that we are living our lives online and the government shouldn't be able to reach in and spy on that personal information without having a very good reason in going to a judge and explaining it. Thank you. So we have one more speaker. We have 15 minutes. We probably will have time for a couple of questions. So maybe while my colleague Cade Crockford is speaking, if some of you want to gather at the microphones, we'll try to take a bunch of questions at once and use our last 10 minutes or so to answer those questions. So go ahead, Cade. Hey, everybody. My name is Cade Crockford. I work for the ACLU of Massachusetts where I direct something called the Technology for Liberty Project. And I just want to say to sort of frame what my colleagues have talked about and what I'm going to say that over the past 12 years since 9-11, we've really seen a dramatic shift in the relationship between the governed and the government. And that is marked by two really problematic features. One of them is that now we're basically guilty until proven innocent as these bulk records collections programs demonstrate. And the second is that, you know, the way that a democracy should work is that the government is transparent and people have privacy from the government. Unfortunately, that situation has been radically flipped. So now the government is incredibly secretive, as we know, about its surveillance policies as well as even about the law in some cases. And the government can, if it wants to, know nearly everything about us, even if it doesn't have articulable suspicion, probable cause, show evidence to a judge, all of the sort of, you know, traditional American norms of justice. So having, you know, framed the conversation in that way, I just want to talk very briefly about how some little brothers have sprung up over the past 12 years. So we've heard a lot about Big Brother and some of the corporate surveillance but, or the facilitation of surveillance by corporations, but also, you know, the Department of Homeland Security and the Department of Justice have over the past 12 years given billions and billions and billions of dollars to state and local law enforcement to build up a really robust surveillance and sort of militarized police infrastructure at the state and local level. And they've done this by funding, you know, the procurement of things like electronic fingerprint readers at state and local police departments nationwide, face recognition technologies, as well as something called automatic license plate readers. Can I just show a hand of how many people in this room know what those are? Great, y'all are awesome. All right, yeah. So we just put out a huge report on this, actually, you can see it at aclu.org slash plates. Basically what we found is that the state and local police departments as well as private corporations are operating under the same methodology that the NSA is. They want everything. They want to collect it all. They want records of where everyone has driven, you know, going back depending on the police department, either months or years even in some cases. We found that the regulations are all over the map. There are only five states that have laws on the books about this kind of technology. So in every other state, it's really up to local police departments to decide how long they want to keep records of where everyone has driven. And right now, as I'm sure you know, these cameras are not as ubiquitous as surveillance cameras as CCTV, but they will become that ubiquitous. In fact, I'm sure that within the next 20 years, these cameras will be on every single police cruiser. They'll be at every single intersection in urban areas. So really it's going to be a situation where the government's going to be able to warrantlessly track our driving habits retroactively for, you know, however long they keep this information. So I also just want to tell you very quickly about, okay, on the license plate reader tip, private companies. There are these private companies, one of which is called Vigilant Solutions. Vigilant Solutions maintains a database called the National Vehicle Location Service. That database has at this point over 1 billion discrete license plate reads, probably actually much more than that. Those are slightly dated figures that I'm working off of. And that information is accessible not only to state and local law enforcement as well as the FBI, immigration customs enforcement, likely the US military, but also to other private companies, insurance companies, repo men, tow truck drivers. So, you know, the corollary between the NSA's surveillance and collusion with companies like Google and state and local cops colluding with private companies like Vigilant Solutions is really a very serious problem that again, as my colleagues have said, are in the vast majority of cases, state legislatures have not really stepped up to the plate to deal with. And so that's some of the work that we're trying to do in the states is to pass discrete legislation that would, for example, ban the police from retaining this data for a long time. You know, the ACLU, Chris maybe is the one exception to this. But the ACLU as an organization does not oppose law enforcement surveillance if they go to a judge and get a probable cause warrant, right? I mean, there are murderers in the world, there are rapists. People do bad things. If there's evidence to show that somebody is involved in a criminal activity, then the judge should give cops a warrant to invade that person's privacy. I personally don't like it either, but I think it's a reasonable balance to strike between privacy and security. But what we have now is that probable cause warrant practice barely exists anymore. The DOJ has said to Congress that it doesn't think it needs a warrant to read our emails. The DOJ has also said to Congress and to courts that we have no privacy interest in information showing where we go 24 hours a day that is communicated through cell site information through our cell phones. And I just want to give you really quickly a very brief example of how not only the collected all sort of theme has trickled down to the state and local level, but also the state secrecy itself has really trickled down in a very dangerous way. And that is a case that we had a couple of years ago during Occupy Boston. Somebody decided to pick a fight with the cops and put together a paceman with information about Boston Police Department officers that was all publicly available. This person didn't do anything illegal, but just put it all together in one sort of database and put it on a paceman. Well, the DA in Suffolk County where I come from did not like that whatsoever. And so they went after this person. They sent what's called an administrative subpoena to Twitter. This is not a warrant. No judge ever sees this piece of paper. Subpoenas are just pieces of paper that prosecutors fill out and give to companies like Google, Microsoft, Twitter, Facebook. So Twitter is one of very, very few companies that actually stands up for its users on a routine basis when they get these subpoenas. And they do that by informing the person who's targeted that a subpoena has been filed that prosecutors are seeking information about them. So what happened was this person came to us at the ACLU of Massachusetts and said, you know, the DA in Suffolk County wants my information and I'd like to remain anonymous. So we took the case. It was incredible what happened after that. You know, this is a very low level issue. This is not some like, you know, Al Qaeda national security issue. But we had a, you know, PIPS week, I'm just going to say that. We had this like PIPS week assistant DA, right? In Suffolk County telling a judge, you know, holding ex parte hearings, which essentially means that the government is giving information to the judge in secret that not even our attorneys could see, right? So secret proceedings, and to this day, two years later, those records are secret. They were sealed. The prosecutor asked that these records be sealed. So I mean, you know, it's just incredible abuse of power is going on at all levels of government. And I think that said, the people probably have a lot of questions. I would just say, please support the ACLU if you care about these issues, because we're really working in every state. We work on a range of issues, as my colleagues said, from choice to privacy and everything in between. So thank you for coming. I appreciate it. So I see six people standing. We have nine minutes, maybe seven. The only way we're going to make this work is if people speak for 30 seconds and ask a question. If you have statements for us, we'll be at the table this afternoon. You will not believe my ability to violate your right to free speech if you go beyond 30 seconds. OK, I'm really good at it. So let's start here. But really, we don't want to hear your story. Is the mic on? Yes, OK. I'm Mike Doherty from Atlanta. And I was going to ask you about the judicial system. I actually am under federal investigation for data security practices. So go to devilinsidethebellway.com and you'll see my book coming out for 17th. But it is amazing. And the judicial system I find incredibly, incredibly behind. And judges don't a deal. So how do you deal with the judges that don't a deal in the judicial system that is just so far behind and just look in the other way? OK, let's take let's hear the next one. We're going to take them all. And then we're going to answer. Go ahead. My name is Dana Morrow. I'm from San Antonio, Texas. These issues come up. I'm concerned. So I write my congressman and my representative like I'm supposed to or like I'm told to do. I make phone calls. I leave messages. All I get is the, excuse me? OK, well, the question is, what can I do? How can I get a better response than thank you for being a concerned citizen? We'll get back to you. I don't ever get a response. OK. Citizen empowerment. Next, quickly. So what about me? I'm not American. I'm a foreigner. Obviously, I use American services all the time. Am I suspicious just because I'm a foreigner? That's my question. OK. Go ahead. Thank you. We're going to go over here. Any thoughts or remarks on Senator Wyden's recent speech and his frequent illusions to a potential or hypothetical geolocation tracking program? Yeah, yeah, totally. OK. Hints of geolocation tracking by the NSA. Quickly, next. 2006, 2007, I assisted most of the telecommunications companies in the country installing Cisco TAPMHIBs and NARS probes as part of the Communications Act for Law Enforcement, also known as CLEA. That was all done on their dime, and I believe one of the speakers mentioned that they were being subsidized. So I'm curious to know how we know that that's being subsidized by the federal government as opposed to being picked up by the carriers. Come talk to us at our table, please. Yeah. Go ahead. How can people get access to this stuff for civil matters, civil lawsuits? OK. And again, most of these answers are going to be provided at our makeshift A part of the Q&A at our table in the vendor area. But go ahead. I didn't hear anything on Lexis, Nexus, or Fusion Centers. Yeah, come talk to me at, yeah. Yeah. Well, OK, so fellow panelists, there are a range of things that you can weigh in on. I hope someone at least will say something about the feeling of helplessness that citizens have who write to their legislators, because it seems to me that we are in a pretty unique moment where we are being heard. But go ahead. So I'll respond to two of the things. If Wyden could, so Senator Wyden has been warning about the NSA's abuse of its surveillance powers for several years, and most recently he's been specifically highlighting the issue of location. He said, he gave a speech last week in which he said the word location five times. If he could signal any more clearly, I don't know what it would look like. Right now, he's basically standing on a stool waving his hands, jumping up and down. So I think there's something location-related that he's trying to tell us about, and I hope we will find out what that is. To Miko's question about foreigners, it's not that you're suspicious, it's just that you're fair game. Foreigners don't vote in Kansas, and so U.S. law doesn't protect the communications of non-Americans. That's really unfortunate. I think if we were gonna see change there, it's not gonna be because individuals are writing to their members, it's gonna be because companies are complaining they're losing out on contracts in Europe and Asia. If the cloud computing companies want to salvage their foreign business, we're gonna need to see a big change in the law, or they're gonna need to start using end-to-end crypto where you don't care about government access to data. Alex? So just quickly on what you can do. A week and a half or now, two weeks ago, there was an incredibly important vote in the House about whether the government was going to rein in the NSA's bulk collection of our phone records, and surprisingly, I mean, unsurprisingly the vote lost, but surprisingly it was very close, 217 to 205 votes, and a big part of the reason why the vote was so close is because literally thousands of people called their representatives and urged them to vote in support of the bill that would have reigned in the NSA. That support matters more than you know, more than I knew up until a few weeks ago. If you have any questions about it, you should really talk to Kevin Bankson at the Center for Democracy and Technology who's been doing some incredible work on this and can speak to how effective it is for you to call your representatives. And I'd just like to say for those of us who are in California, we know how difficult Feinstein has been on these issues. She's been a huge supporter of the NSA and has just been intractable for years and years. A couple of days ago, Feinstein actually said, hmm, maybe there need to be some changes. So, you know, and we also saw President Obama meeting with top legislators just a couple of days ago saying that he's open to suggestions. So, you know, we have finally sort of started to turn the tide in Washington, D.C. based on the fact that members of the public have picked up the phone, have responded to those emails from the ACLU and have started to meet actually with their members of Congress. So, it is making a huge difference. We've talked a lot about sort of how we got to this point and the problems that we're seeing, but we're at a really crucial point to turn the tide on these issues. And I really hope that anyone in the audience who has not picked up the phone and called their members of Congress or stopped by our booth and filled out the action alert, please do it, because we can change this. We really can. This is a predictable and self-serving note to end on, but it matters a lot for you to become members of the ACLU. And I mean it, I mean it, you know, we have between six and 700,000 ACLU members nationwide. The NRA has over four million members. If all of you who had an affinity for the ACLU were members of the ACLU, we would have a lot more voice, a much louder voice in Washington. I'm not saying that to denigrate the NRA. For those of you who are supporters, they're a very effective organization in support of what they do. We can be even more... Help us be that effective. Yeah, no, no, seriously, it matters a lot to have a large civil society counterweight to the kinds of developments that we've been talking about today. So please come by, get our special edition DEF CON 4th Amendment t-shirt, join the ACLU, continue the conversation. Thank you so much for joining us today.