 Thank you very much. We are the Electronic Frontier Foundation, so I think most of you probably are familiar with us, but just briefly, we are a non-profit organization dedicated to defending your rights online. We fight for privacy, for free speech, for fair use of intellectual property rights. We try and make a future that you would want to live in, and we do this through litigation from our teams of lawyers. I am a lawyer at EFF, I should introduce myself, I guess actually. My name is Kurt Opsall, I am the general counsel and deputy executive director at EFF. And we do this also through our activist team, try and raise grassroots support, get people politically active on digital issues, and through our technologists who try and come up with awesome software that will help enhance digital freedom. So we're going to go down the line here and have everybody introduce themselves and say a few words about what has been going on over the last year and what have they been up to. So talk a little bit about some of EFF's legal efforts over the last year, and there's been a number of things, probably too many to really highlight, there's only a few that I wanted to point out. So one which is big news recently, as I say yesterday, we filed a lawsuit against the U.S. government, against the Library of Congress and the Department of Justice concerning the 1201 restrictions on what you can do with for hacking and circumventing copyrighted protective materials. Thank you. Very exciting lawsuit because 1201 is an extremely problematic law. This was passed as part of the Digital Millennium Copyright Act of 1998, and it was sort of a recognition by the copyright industries that they were failing at providing technology that would be able to secure their devices, that DRM was not working very well at a technical level, and so they wanted to use their advantage in Congress through their intensive lobbying efforts to skew the playing field and to make it illegal to do something that would circumvent digital rights management technology so that they wouldn't have to try as hard on the technical front. And so they passed this 1201 and people said at the time, hey, this is a big problem. What about fair uses? What about legitimate uses? This is overly broad. And so the legislature said, well, we'll have an exemption thing. So if you think it's being misused, if it's going overly broad, you can claim this exemption. Go to the Library of Congress every three years and file a petition to say how it's been bad, and then maybe you'll get an exemption. So that's been going on since 1998. Every three years, we ask for exemptions, and some of them have been granted, and that has been great, but many of them have not been. And there still are these restrictions. Unless you get one of these things, you're still prohibited, even if it would be fully protected speech that ordinarily under our tradition of free expression would be allowed. And then even if you get one, it goes away. After three years, you have to reapply or the exemption's no good. And this doesn't really square with the principles of free expression that we've had in this country. You shouldn't have to apply to the government for a license in order to engage in protected activities. So we're trying to bring those principles to bear and get the courts to agree that Section 12.01 goes too far, hurts too much expression, and isn't the right balance. A couple other things to talk about. Another is our cases against the government for national security letters and also for the warrantless surveillance program. We have ongoing litigation on all of these fronts. Right now I'm working on a national security letter case, trying to bring it to get a court of appeal to agree that national security letters and the gags that accompany them are unconstitutional. That they shouldn't be automatically prohibited from speaking by something which is issued without court involvement from the FBI. So we're setting the briefing schedule now, and that's going before the Ninth Circuit Court of Appeal over the next year. And another area one of the things I work on is our coders rights project. This is where we try and protect security researchers and allow those research to be able to do their research, talk about their research, be able to enhance security by providing more information about vulnerabilities. And one of the major barriers to being able to do that is the Computer Fraud and Abuse Act. This is the federal anti-hacking statute, and it has for many years had a number of problems. Very extreme penalties and has some broad interpretation. So just quickly a little bit of news on what's been going on there. There have been a couple of cases that have come out in the spring and summer that are somewhat noteworthy. One is the nozzle case, and this case has actually been around for a while. It has had various rulings, it has had a very good ruling a while back that determined that violating terms of use didn't make you into a federal criminal hacker. This under one interpretation, the DOJ's interpretation of this law, access without authorization was hacking, and so therefore if a site had, you must be 18 to visit this site, and like 17 magazine did, and you went there and you were 17, you would be committing a felony. And so that case confirmed that if you go to a site and you just violate the terms of use, that in and of itself is not a crime. This is very good. But the two recent cases made some adjustments to that which are somewhat disturbing. So in the nozzle case, in addition to violating the, in that case it was an employment agreement, but a functional equivalent to the terms of use for what you could do with the system, there's also password sharing. So nozzle and his colleagues had obtained the password of an employee of this organization. They had the password with permission of the password holder and use that. And the court determined that that was a violation of the anti-hacking statute. They didn't believe that you had to actually do a technical hack, you didn't have to defeat a technical protection system, but that sharing a password would be enough. And while I, obviously they were very upset with what Nozl had done there, but there's a lot of widespread ramifications in this case which could be dangerous and that we're very concerned about because there are a lot of cases where people might want to share a password. That, you know, if a couple, one wants to share passwords the other so they can take care of some banking, this shouldn't be a federal crime. There are many instances in which with the authority and permission of the account holder, you should be able to use the account and not being subject to the prosecutorial discretion, the question of whether or not the government will decide to go after you when they could go after you if you wanted to, because we saw how badly that worked when the government went after Aaron Swartz many years ago and we're asking for many years in prison for doing something that ultimately the so-called victim of it didn't have a big problem with. And then the second big decision recently was power ventures, Facebook versus power ventures. In that case on the plus side it did acknowledge and reaffirm that merely violating the terms of use was not enough to make it into a CFA violation, but they also said that if you had been specifically told not to go to a site, in that case they had sent a letter, a cease and desist letter said stop using our site, you're not allowed here anymore, go away, that continuing to use it could be hacking and again without having to get around any serious technical measures to do so. I think this could be also a very dangerous ruling because it sets up a lot of possibilities where somebody through sending a letter could elevate a civil dispute, a thing that would ordinarily be determined by parties in the civil court going over disputes of contract into a criminal matter and criminalization of these laws is not the future that we want to live in. So that's just a little bit of what's been going on in the legal world and I'll turn it over to my colleague Parker. Thank you, Kurt. Hi everybody, my name is Parker Higgins. I'm on the activism team at EFF. It's super cool that EFF has an activism team and a lot of what we do is we bring the issues that we're working on and that we care about and that you care about out to the people and we figure out what the best place for a lot of interested people, a lot of interested hackers and people who develop software and people who have a voice and people who may vote, the best thing that they can do. The thing that I'm super excited about right now, Kurt just mentioned it, this lawsuit that we filed yesterday, Kurt got a round of applause for it. So we work on 1201 issues all the time. We work on DRM issues all the time. This is really the sort of most direct frontal challenge we can launch and I think a really important part of this is not just filing the lawsuit but highlighting the issues and bringing this out to the people. And so that's what I envision doing over, you know, not just when we launch but these things take a lot of time, like sometimes a depressingly long time. And so we have to keep people updated and keep people aware of what's going on as that progresses. And then the other thing, of course, that we don't do through impact litigation is policy stuff. So one of the big copyright issues that we work on is fair use on platforms like YouTube where the law is pretty clear about things being fair use but if Content ID flags it, then it bumps you out of the legal system and then bumps you into the Content ID track. And I don't know if people, by the way, just for reference, the lighting in here is such that I cannot see anything going on. So if there's a glimmer of recognition from YouTube, I have no idea. So I don't know if people are YouTube users but people who upload videos complain about this all the time, that their videos get taken down or they can't put ads on them or all sorts of things because of Content ID. And you can't, there isn't really an avenue to sue over that, which is our preferred problem-solving method. And so, you know, this is working with companies and putting public pressure to try to change policies that way. And we've got a couple of projects to do that sort of thing that hopefully come up in questions. I want to move it along a little bit so that we can get to the part that you all are interested in. But yeah, so that's what the Activism Team does and I'm happy to answer questions, not just about the copyright stuff that I mostly work on but our activism around policy and legislation on surveillance issues and other things like that. My name is Vivian. I'm a software engineer at EFF. I'm part of EFF's web development team. So I build sites and tools that support EFF's projects and I also maintain EFF.org. And that's really cool because I get to touch a little bit of everything that EFF does, supporting the projects that Activism does and that our tech projects team does. So I'm just going to talk about a few of the projects that I've worked on recently. One was to build a web landing page for our certbot project, which I think Jacob will probably talk a little more about. But certbot is a tool that makes it easy to get a certificate through Let's Encrypt and install it. And ease of use is a really important part of that project. So we wanted to make a site that would also make it really easy. So we still have the full documentation, but we built a little widget where users can input the web server operating system and the server that they're using and get tailored instructions at the level of detail that they're looking for. So that was cool. Another project that I worked on recently is a small site about street level surveillance technologies. So EFF, of course, does a lot of work opposing surveillance at the national level. But we're also doing some work opposing surveillance at the local level with law enforcement agencies. And there's a lot of surveillance that goes on at the local level. And a lot of it is done in secret. So we wanted to make that information more public. And we launched with a focus on two technologies, which are automatic license plate readers, which can read your license plate number and the location where it is, and biometrics, which are unique biological identifiers that people have. And we put together some cool infographics and some pretty extensive FAQs and resources for legal professionals. And then for biometrics, we actually did a cool project where we crowdsourced FOIA requests. So since this stuff is so secretive, there's not a ton of information about how it's being used across the country. So we asked users to submit public records requests to their local law enforcement and get information and share it with the EFF so that we could aggregate that information and get a better picture of what's going on. And we're getting ready to add Stingrays, which are also known as cell site simulators. To the information on that site, we're gonna have a bunch of resources about that too. Cell site simulators are used by law enforcement to track cell phone use. And then the third project that I've been working on recently is our Action Center. So that's an open source platform for political organizing. So it's a tool that's mostly used by Parker's team. So instead of having to come to web dev when they wanna do a campaign and say, hey, we need a site about this thing. Can you build us a website that lets users engage in this way? They can spin up an action on their own that can do things like help users call Congress. So they'll learn about an issue and then be able to engage on that issue. And it's open source, so other organizations can use it. We'd love it if other nonprofits used this tool. And what I'm working on with that right now is building out some student organizing functionality. So EFF is pushing to do more grassroots work where we are a hub for an action, but we're engaging with organizations around the country who are spearheading it at the local level. And part of that is more on-campus organizing. So what we would like to be able to do is run a campaign nationally and then allow on-campus university groups to petition their university to take a particular action. Agree not to sell any patents that come out of their research to patent rolls. So that's what I've been working on most recently and it's something that I'm really excited about. I'm interested in nonprofit technology and nonprofit web development in general, like talking about that. Jacob Hoffman Andrews. Parker said that our favorite way of solving problems is to sue. And I think that's true, but we do have two backup plans to other approaches to problem solving. One is to write code and the other is to write blog posts. I'm one of EFF's technologists and so that means I'm a multi-class researcher slash activist slash coder. And my biggest current project is called Let's Encrypt. And this falls under EFFs. Thank you. So this falls under EFF's long-running Encrypt the Web project, which has been going since I think at least 2010. I know Parker has spoken a number of times on encrypting the web and has put together our Encrypt the Web scorecard. And so we made a lot of progress there by writing words and saying, you should do this. If you have a website, you should encrypt it. You should use HTTPS. But we also found a lot of websites were stymied by the difficulty of setting up HTTPS on their website. It was expensive and it was time consuming and a lot of people just didn't necessarily know how to do it. Even beyond the cost, which was coming down, the skills needed to figure out how to submit a request and how to prove you on a site, how to install that in your web server was too high a barrier. So we dreamed of this notion of a certificate authority that would not only give you your certificates for free, but would allow you to automate the process. You could just run one command. Your whole website is HTTPS. So we put our noses to the grindstone and we made it happen. Let's Encrypt launched in December of last year. We've issued, we have four and a half million active certificates covering somewhere north of eight million host names. You know, you could think of a website. And along with Let's Encrypt the service, the certificate authority, we launched Certbot, which is a client for that API. And Vivian mentioned the awesome website that the web development team set up for Certbot. It's, if you haven't checked it out, I highly recommend it. It leads you through exactly what you need to do based on what operating system you have, what server you have, and leads you through the install process. If you're interested in Let's Encrypt, tomorrow morning, tomorrow afternoon, I'll be giving a workshop on integrating Let's Encrypt, rating clients, et cetera. And Sunday morning, I'll be giving a talk on Let's Encrypt for progress so far. I also wanted to mention another interesting project, more on the write blog post side. About a year and a half ago, we sounded the alarm on Verizon's UIDH header tracking, where they would actually reach into your packets and edit them and insert this unique header so that sites could use that as a token to identify you and request even more data from Verizon. And it was a tough battle and there was a lot of twists and turns in it and it didn't look like Verizon was gonna budge, but this year, Verizon and the FCC reached an agreement to do exactly what we had asked for, which was to say, this is purely an opt-in feature. It's so invasive to add this tracking header to all of your traffic that you have to affirmatively say, yes, I want this before they'll start doing that. So I think that was a great victory on that front. And now I think we'll turn it over to questions. Yes, very good. So now this is the portion where we answer your questions. So feel free, there's a microphone there in the center aisle so we can line up in front of that microphone and we'll take you in order. Just a couple of words before we begin on the question to give people time to get ready. One of the things that we do is we provide legal advice to people about their particular situations, but this is not the time for those questions. You wanna have attorney-client privilege when you're asking those questions. So if you're gonna be wondering of what you did is a violation of the law, let's have that be a private conversation. And we will be around here and we can have other conversations over the course of the weekend. But with that said, we look forward to hearing what you have to ask about EFF, our work, and the digital future, so please begin. Thanks, the EFF makes the news an awful lot, usually in cooperation with a lot of other acronyms and people that, stuff that organizations that people are usually more familiar with, like the ACLU. So sometimes I'll point this out and I'll say, well who the heck's the EFF? So how should we describe the EFF to the non-computer person? Usually I say they're kind of the ACLU of the internet, but I mean I realize you guys around like forever, since it was Cowboyland out there. So how would you like the, what's a good explanation of how do we describe the EFF to the general public who may not be that computer savvy? So if I could start out. We know a bunch of folks at the ACLU who are fairly close to them, and that is an easy way to describe what we do, but they would definitely say, well, but the ACLU is the ACLU of the internet. And they do actually have a very strong dot-right program, and they recently filed a lawsuit to challenge the CFAA on the grounds that it makes it difficult, that it actually makes it criminal for researchers to try and investigate bias in machine learning algorithms. So when I describe EFF, I usually say, kind of the specific topic areas we work on, we defend privacy and free speech online, and innovation, and many, many other things. Parker, do you look like it? Yeah, so I, not to pick on the, everyone does say ACLU of the internet, so I've thought about this a lot, not to pick on that phrasing. But the other thing is that a lot of our work doesn't have anything to do with the internet. Like this 12-on-1 lawsuit, one of the high profile things is that, because 12-on-1 creates restrictions around any, like access control measure on any copyrighted work, this includes embedded software. And so your tractor, if you're a farmer, now has embedded software. And John Deere came to the exemption process and said, no, we don't think there should be an exemption because we don't want people to be able to repair their tractors. And so, like this is, like when it comes to defending people's right to tinker with their tractor, it just doesn't have anything to do with the internet anymore. And so I like to think that it's all technology, really, that it's that we're making sure your civil liberties survive a collision with technology. And yeah, that sort of covers it, although if you're trying to explain it to a non-technical friend, that might not exactly do it for them. But yeah, it really is, even in the five years that I've been there, and certainly in the 26 years that EFF's been around, the border sort of crossed us. And now we work on a lot of issues that used to be, where we used to be niche and for the people in this room, now it's kind of everybody in society is affected by the stuff we work on. Yeah, it's definitely something that my team has been talking about a lot because we would like people to be able to come to EFF.org and instantly understand what we do, which is really hard. I think definitely I would echo what Parker and Jacob said. And also I've found it helpful to talk about the type of work that we do because I think the legal work that we do is like really helpful to draw a parallel to ACLU. And I think they probably do some activism similar to what your team does. I think also our tech tools are something that people are really excited about. So I'll often talk about, you know, we do this legal work and we do this on the ground activism and we also have these awesome tech tools. I do like, I like explaining to your friend, oh yeah, they're a group that sues the government and has a browser extension. All right. Speaking of which, if I can drop in. Oh well, I just wanted to mention one of the really cool projects we launched on the tech projects team this year is a privacy badger. Two browser extensions. Two browser extensions. And yeah, you can hear all about a privacy badger, I think, in this room in the session after next. Finally, shall we get to the next question, please? Thanks guys for doing this panel. This is really interesting. My question was about what's the hardest part about getting like public outcry and public action about things like SOPA? Is it like getting like general news media outlets to pay attention or is it like getting people to actually call their senators? What's the most difficult part of that process? Well, so with SOPA it was pretty easy. But generally, yeah, it's generally really hard. With the news media, a thing that I, this is like insider tips, until you have an image, like the TV won't cover it and like newspapers won't cover it. And so one of the things in retrospect, when we had Wikipedia blacked out and Google blacked out and these sites that literally you could take a screenshot of that could be B-roll, that was the thing that launched it up to the next level. But yeah, I think that one of the hardest things is that with a lot of these issues, again with SOPA it was so egregious and so poorly packaged, it was just not made to withstand any sort of public scrutiny. It was just supposed to be shuttled through directly from the NPA through Congress. A lot of times there is a better public face on it or a lot of times it's not clear. Like 1201, I do have to say this affects like not just mashup films but also tractors and also voting machines and these medical devices and finding that thread and explaining to people what the connection is is hard. And without that, yeah, getting them to pick up their phone and call for legislative change or whatever it is is tricky. And Parker, was this a good time to mention the EFA? Yeah, sure. So one of the ways that we're working on this and Vivian mentioned before some of our move to grassroots, to working with local groups is an alliance of mostly student groups and local groups. The EFA, which is the Electronic Frontier Alliance? Is that okay? You know, you get up here and yeah, and so that is really, there's no substitute for talking directly with someone who knows the issues a little better than you do. And so we're trying to build out that network and we've been already, we've been having some success building out that network of the connected points all over the country and hopefully all over the world. And there are regular meetings and we have video calls and it's definitely something that's working to get that kind of connection. All right, sir. Hi. I believe Vivian was talking about stingrays and license plate readers, which is what my kind of question is about. I understand basically how these things are used to target individuals, but I'm just wondering if you guys could talk in whatever level of detail you'd like to as how like the ring of steel that's here in Lower Manhattan or just anybody who goes below certain street, their license plate is just captured and it's stored for whatever, three years. Like how does that not run afoul of the Fourth Amendment? And the same thing with dirt boxes, which is like the super stingray that they put in planes and then just randomly go over neighborhoods or when there's a protest so they can track movements like is there some specific exemption in the Patriot Act that started this and it's just never been challenged legally? How is this legal? How could it be? Well, I can tell you a little bit of where the government stands on this issue. As you might imagine, I don't always agree with them but I can at least try to explain what their position is on a lot of these technologies. And I put these in sort of the broad category of technologies that take something that previously a police officer could do manually like they could walk around Lower Manhattan with a notepad and write down license plate numbers and they could follow somebody, they could take a picture of somebody with a camera. And then in their view, it's multiplication by zero. If it was okay, if there was zero problem with a single person doing it once, then if you did it for everybody all the time, 24-7, then you've just multiplied by zero and so you continue to not have a problem with it. And then it starts to get more ubiquitous so with stingrays, well, these things are just traveling off the airways and there we are. We're just checking out what's on the airways, what's the problem with that. And I think that the Supreme Court has actually had a couple of decisions which have, well, they've been promising but they haven't resolved the issues. And for example, there was a decision concerning tracking somebody was using a GPS tracker and the government made these arguments as well as okay to track this person with a GPS tracker because we could send someone to follow them and it doesn't matter that there was previously a practical limitation of what we can do, we should be able to take all the advantage of new technologies to use them to the maximum effect. And during the argument there, the justices were somewhat incredulous in this. They were like, so you're trying to tell me that if you just wanted to follow me to track me, put a GPS tracker on my car, wherever I go, you could do that and no warrant would be required, no court order. You could just do that and they had to say, well, yes, right, that was their position. And well, they came out that that was a problem in that case and it was a convoluted case. So there were different opinions on it but it set the stage I think for further challenges as the courts were starting to recognize that when you take things at scale, you make them ubiquitous, they do it all the time. You have a different set of societal problems and that we shouldn't change the world that we're living into one more of a dystopian surveillance state just because the technology for doing so is super cheap. I also wanted to just add one quick thing which is if the question broadly was how is this legal? Yeah, I think sometimes it's not and then we sue. And so just because the government is doing it doesn't, I think that they would say that makes it legal. That's how we decide what to do. Yeah, and to be very clear exactly, I was explaining what the government's position is and I think that we have continued to challenge some of these things and not only on the Fourth Amendment but what you mentioned for requiring a reasonable searches and warrants and such but also under the right of association that it's been long established that you have the right to associate with people and you can do so without the government knowing who you're associating with and some of these technologies actually make that very difficult to do and subject challenge under that amendment on the First Amendment. And to maybe answer a little of the underlying question of how do we stop this, there was another really good talk panel earlier about police use of surveillance techniques and they raised the point that it's much, much easier to stop new surveillance technologies from entering into your local police departments arsenal before it happens. If you can spot this at the town council level or figure out that your local police are gonna start doing this, it's much easier to fight it there than after it's already deployed trying to get it rolled back. And so this is a great opportunity for sort of grassroots activism, keeping an eye on town meeting minutes, filing FOIA requests and finding out what police departments are doing and trying to stop new surveillance activities before they start. On the same thread of 100% spine on us, 100% of the time, 100% of the locations we go, is there, I think everybody in the room here is concerned about that, but the general public who has quote, nothing to hide, end quote, is not because they truly believe that they have nothing to hide. And so how do you bring to their emotion, to them, the emotion that is important to stop this politically? Sure, so this has been a notion that's been around for a long, nothing to fear, you have nothing to hide. And I think that that is like a threshold level that for the most part, people do have something to hide, they may not be thinking of it right away or they may think basically the hidden assumption under the nothing to hide is that the current set of government is just fine and I'm not too worried about that. But if that government changes, maybe you do start to have something to hide. And we've seen all around the world, there have been circumstances where governments have changed in their character, rather suddenly, and then the tools of the surveillance aid are now available to people that you don't agree with. And we saw that here, where there was an interesting shift in who liked surveillance and who didn't like surveillance when the warrantless surveillance program shifted from the Bush administration to the Obama administration, some people shifted their views about whether it was a good idea. I wanna say is actually whether it's a good idea as a matter of civic hygiene, that you don't want to have the tools of the surveillance aid available, even if right now you don't feel like you have something to hide. But that's all right, even if you find people, no, seriously, I have nothing to hide. I am the most honorable person you would ever imagine. You know, okay, maybe that's true, maybe you are wonderful. But you have an advantage in society when other people are able to hide things, when a source is able to talk to a reporter and give information, whistleblowers can come forward without having to fear retribution for their whistleblowing. The fact that other people have privacy from surveillance benefits society and allows us to have a more open democracy. So it's not just about yourself and whether you have something to hide, but what kind of future you wanna have and what kind of society you wanna live in. So I'd like to invent maybe a sort of corollary to Schneier's law, which is that anybody can invent a crypto system so good that they can't break it, but you need to invent a crypto system so good someone else can't break it and that's much harder. Similarly, anyone can live a life such that they can't think of anything that they have to hide, but living a life such that the government can't find anything that you have to hide is much harder. And I also wanna push back a little bit. People like outside of this room, even outside of the other rooms do care about this and sometimes they don't always know that what they care about is privacy, but they do care about their right to associate and they care about freedom of speech even if they don't, you know, the Snowdenism is not caring about privacy because you have nothing to hide is like not caring about freedom of speech because you have nothing to say. But you know, people do care and they actually do connect to this and if you look at, you know, I don't wanna lean too heavily on this, but there are polls out there that suggest that a lot of people care about issues that we consider privacy issues. So there's a temptation to write that off and go into privacy nihilism mode, but this is something that people, even outside the hacker community, care about and are paying attention to. So now that we've, we're starting to reach a point where privacy issues are actually cutting into the bottom line of the industry's interests, have you seen corporations, have they been willing to lobby on behalf of these issues and does the EFF itself engage in lobbying? And lastly, do you think that we could see a reality where Fourth Amendment issues becomes the same kind of third rail political issue that Second Amendment issues are for politicians? All right, so a number of questions there. So I guess on one of those, which is you asked about does EFF lobby and do the corporation lobby? So EFF does a little bit of lobbying. As a nonprofit organization, a 501C3, there are actually limits on how much lobbying we can do and maintain our nonprofit status. So we do some, and it's mostly in the form of grassroots lobbying. Vivian was mentioning our Action Center and that is a way that people can go and reach out to their representatives. And then, did you work on the Democracy Tools project at all? Do you want to make that one? I do, but I haven't worked on it. All right, well, you can explain what Democracy Tools are and. Democracy Tools is another site that basically allows other people to set up something for contacting their representatives. So this is sort of more enabling others to do this. Well, I guess you can use them for whatever you want, but hopefully they'll be in the right direction. And then with respect to the companies, we've seen actually several of the companies get active. I mean, Apple has been very vocal on no back doors, standing up to a lot of government pressure to put back doors into their encryption and during the NSA surveillance. After the Snowden leaks, really brought a lot of things into the public consciousness. A group of companies were pushing back heavily against the surveillance. There was a group of major companies like Apple and Facebook and Google that formed a coalition. They took out a full page ad and I think it was the Washington Post. So there has been some activity. You can find a lot more widespread agreement among corporations that there should be strong limits on government surveillance and perhaps less so on limits on what corporations can do. Oh boy, and the other question about the Fourth Amendment being like the Second Amendment in terms of the Third Rail. Yeah, that would be nice, wouldn't it? I don't know. I think it is on a lot of the issues that we work on. I think the First Amendment is kind of like this too. A lot of people care about it a little. There's a lot of people who, you can do something that they'll find creepy or you can restrict their speech in a way that they won't like, but it doesn't happen that often to them. And so it's rarely a group of people's number one issue in the way that I think gun ownership is for a lot of people. Or at least the NRA has done a really good job of giving the impression that that's the case. And I think it will bubble up people's priority list as more and more of our lives are lived online and around technology. Abuses of that technology are going to be more and more important to people. And when it becomes someone's top priority or tens of thousands or hundreds of thousands or millions of people's top priority, then yeah, it does get to be a political third rail and we can only hope. I have heard, by the way, on the hill that when, so they've been talking about new copyright legislation basically since SOPO was defeated. And they say, they use a phrase like, oh, we can't do that, it would get SOPO'd. And so I think a show of force every once in a while does remind them that like, oh, yeah, there are voters out there. And if you piss them off, it's not good for the next election. So yeah, I think that we get there in bits and pieces. And it doesn't have to be people's top issue for it to be something that EFF can rally people around. I think that's an important part of our role. Unfortunately in this country, I think for it to reach critical mass, it usually has to end up being about commerce. So I would hope that we could kind of get that momentum around commerce the way the NRA has done where they've kind of put together their grassroots activists with the manufacturing base. Whether you like what they've done or not, I think it's been a successful model. Thank you. Thank you, thank you. Hello, all of you, thank you for doing what you do and thanks for a really great discussion today. My question is DRM versus GPL. I'm just curious about some comments. I know some people who really love the GPL, both version two and version three. And I know those same people also really love the Apple Store. So the question is, why can't we, or maybe we can, put GPL code in the App Store? I think if you read the Apple Find Print carefully, they don't care. In fact, if you read to the end, they even say, hey, if you don't like our license, replace it with one that you like. So, but it seems like they do get upset when a community posts code and there's internal disagreement in that community. So that's one thing. And this is a little ramble on question. I'm partially asking this to help formulate the right question. But the other comment is, it seems like the GPL in some ways is out of date and it may be controversial, but it was built in a world where we had desktops and sourced it and moved very freely. Whereas now, source is everywhere. We have GitHub, any number of ways to distribute the source explicitly or surreptitiously. So if something's under DRM, that's not gonna limit people's ability to examine or use that source. So back to the first question. What do you think? Is it okay to put GPL code in the App Store? I super love being in a room where you can ask about DRM VGPL and people are like, yeah. Yeah, I know what you mean. Doesn't happen to me at all. Can you put GPL code in the App Store? I mean, people do. Yeah, I haven't looked at the App Store agreement recently enough or closely enough to come to a conclusion on that. We ended up not, EFF has an app. We didn't put it in the App Store because we had some issues with how that agreement was. So we chose not to do the agreement with Apple that would require it if you wanna use the App Store. So it's possible that some of the GPL projects also have concerns about just the agreement you have to have with Apple as opposed to the agreement that you would end up having with your end users. But I don't know. Well, also, for fear of stating the obvious, the pernicious part of DRM in the App Store is not so much that it prevents you from reverse engineering your app. The source might be provided through another channel. The pernicious part is that Apple gets to choose what apps you're allowed to run on your phone and which apps you're not. And so it's sort of the DRM built into the iPhone inherently that only allows you to run apps from the App Store. Sure, I think that's very important. I would see that as a separate issue that requires its own adjudication, but also very, very important. And yeah, in terms of the updating, you know, that's an FSF question. And I do think, you know, they've given thought to that and we could have a long conversation. This actually probably, I think we're having a sort of happy hour thing later. Maybe I'll grant to you about the GPL there. One last teaser thought, and maybe we start some discussion outside of this panel. One of the things that I'm concerned about is this notion of a terminal binary, a binary that cannot reproduce itself. So really that means you've removed it so far from the source that, or you've changed it in some way, whether that's even possible. I guess you see that with the App Store you put something there, but you can never, you can't download it and then modify it. You have to replace it. So what the App Store represents is this collection of terminal binaries. But at the same time, they could be attached with source code. Anyways, there's a large community that's interested in this and just trying to weigh the balance. Thank you very much. Thank you. Also just to balance out Parker's comment a bit, if you're interested in the EFF Speak Easy, come to the booth downstairs for details. Yeah, that's what I was. Speak Easy. Yeah, that's what I was looking for. Hi there. Really great and important work. My question on the heels of this is a bit more banal. On amazonsmile.amazon.com, EFF is one of the non-profits you can choose to donate money to. Do you actually make money from that? Is that helping you? I mean, some. Yeah, we get a little bit from that. Definitely do it. Yeah, it's like they give one percent, I think, to the charity that you pick. Is it half? Yeah, that's right. Half a percent. Yeah, and we do, I have actually heard that we see like dollars. It's not gonna make the budget. But it's better than nothing. But if you're interested in helping EFF, one of the great ways to do so is becoming a member. Because in addition to donating some money, which helps us do our operations, it is very useful when we're going to Congress to say we support this issue, we oppose this issue. When we're filing a brief before court saying that we're good spoke people on this issue to say how many members we have and have that number be large. So please, if you have some moment, go downstairs, become a member of EFF. You can do it for a wide variety of donation levels. And getting a higher number of members is very helpful to doing our mission. Hi, thank you guys for actually existing in our lives, because many of us are clueless of what we wouldn't do without you. My question that needs real clarification for the room, however, is a word that gets thrown around a lot in society. Would you please tell us the definition of privacy? Thank you. I think a lot of people would have different definitions of it. One of the definitions that I like, it's actually been around for a long time. It came from an article about privacy, I think almost, but not quite 100 years ago. But it's the right to be left alone. That it's not just about keeping things secret, but having someone not be in your business. And there's other views of privacy. I mean, you can achieve privacy by going off and living in a cabin in the woods with off the grid and no correction. And maybe that is privacy. It's not legal advice. Right. But that is only one form of privacy. And people also want to have a form of privacy where they get to have some choices in whether their information is shared, that it can go to their friends, but not be shared to the entire world or to the government. So it's a little bit as well about control of your personal information. Yeah, I think for me, there's a piece of it that has to do with consent too that I'm really interested in, where sort of speaking to the point of people who don't feel like it's important to them. And I think we named a lot of ways where maybe it is in ways that aren't immediately obvious. But I think that there's also a piece where you should be free to choose, even if there's information that you're comfortable sharing. I think there's a piece of it where there's like a loss of control that people experience when they don't get to choose. And some people feel like, well, I just don't really think this is up to me anymore what people know about me. And holding that control is something that I'm interested in. And I think the fact that it's so hard to define speaks to a deep bursary that privacy is a very abstract ideal. And it's hard to get people fired up about because it's so abstract. And I think that's a challenge we face in activism in our particular communities, finding better ways and more specific ways to frame very specific problems we're talking about. Instead of privacy, maybe say Fourth Amendment violations or say non-consensual web tracking, which is how we talk about it with privacy badger, or say security. I think the enemies of encryption would like to say, well, there's privacy on the one hand and there's security on the other, but they're the same and you need one to provide the other and vice versa. And so I think when we talk about those more concrete ideas, it's easier for people to get excited about them. Hello. My question is about the let's encrypt. Sort of specifically the certificate error when your mail server is running let's encrypt and you open your mail client and you get the certificate error. And more generally, if the future of, is there still work being done? Is that gonna keep going into? Yeah, absolutely. So I would love to help diagnose your certificate error either at the Speak Easy tonight or possibly at the workshop tomorrow. I think it would require a bunch of back and forth that's not necessarily applicable to everybody. There's definitely a lot more work going on in let's encrypt. So EFF and Mozilla came together with some sponsors to create an independent long-running organization to maintain it. I'm still doing work for EFF on it. We still have a very active cert bot team. So some of the most important work there is scaling it out. I said we have four and a half million certs now. My talk on Sunday is titled The Next Billion Certificates, which is how many we're gonna have to issue to encrypt the whole web. So you can see there's a big gap between now and then. And also in the cert bot world we're always trying to make it easier and faster and work better for more situations. Okay, we have one more minute. I think we try to lightning round the very last question. All right. And I'm sorry, yeah, we'll be at the booth. Sorry about that. Hi, I'm Lynn Ulbricht. My son is Ross Ulbricht, the defendant in the Silk Road case. And you guys actually wrote it. I'll take it, I'll take it. Thank you. Thank you. You guys wrote, supported an amicus brief about the general warrants that were used for his laptop and social media. And because it didn't honor, it was unconstitutional because there was no particularity, which is part of the Fourth Amendment. So what in a couple of cases now, and they did it in the response to Ross's appeal, they say, well, it doesn't really matter if the warrant is constitutional because we did it in good faith. They're using a good faith argument. It's being upheld by the courts. And I'm like, well, okay, so if I get stopped by a cop for speeding, I can just say, well, hey, it was in good faith. Or if I'm running a website in good faith. So in any case, I just wondered about your comments because I'm concerned about it. It seems like it's, the Fourth Amendment's really in trouble. So yeah, this is a challenge that courts, a lot of the judges come from the background of being a prosecutor. They are of a starting point of being sympathetic to prosecutions. And sometimes they will say something. I mean, there are a number of actually doctrines along these lines that say, well, maybe you shouldn't have done that, but it's fine. And they acted in good faith. That's harmless error. We would have found inevitable discovery, we would have found this anyway. And this is a tendency you can find in courts though, I think there's been some pushback in one of the things that I think has been good over the last several years, has been that the Supreme Court has been looking more critically at some of these things. There was some commentary in a couple of cases sort of like where the court was recognizing, look, if you got rid of the exclusionary rule, yeah, you catch a lot more people, but there's something more important going on here. It's not just about the maximum effectiveness. I think we are very much running out of time, so let's see what we can do. Thank you so much for that question. Thank you so much. All right, thank you everybody. We're gonna be down at the booth downstairs and then come down there to find out about our speak easy tonight. And thank you so much for coming. Thank you. Thank you.