 With Chris Teitzel, with great power comes great responsibility. Chris is a third generation tech nerd, having used computers since before he was in school. He tried to escape the pull of his genes by obtaining a bachelor's degree in molecular biology. However, it didn't last long before he found himself pulled back into tech. Having been around computers his whole life and equipped with the background in science, he has a passion for using technology to better the lives of those he means. Chris has been involved in an open source development for a number of years where he has focused on data privacy and security with the goal of demystifying proper data protection through encryption. This led him to create his latest company, Locker, where he is currently the founder and CEO. Let's give a round of applause. Yes, this is actually one of my claim to fame as my grandpa started at IBM in the 50s. My dad thought he could get away and became a science teacher two years later. He started at IBM. He is on his 37th year at IBM. I sent him all of this. I'm a doctor and then I now live in technology. At some point I'll get an IBM employee ID just because I have to carry on with creation. Today we're going to talk about with great power comes great responsibility. I still remember the day that my dad called me down to the garage and had a moving box. He opens up the moving box and I can still smell the smell of old paper. Inside was his comic collection from when he was a kid. We're talking original Fantastic Fours and Spider-Man and Batman. Batman versus Spider-Man, which I didn't even know existed. But in the 60s and 70s everything went, I guess. As a kid I grew up reading these and then I myself got into X-Men and Spider-Man and Superman, one of my favorites actually was the Death of Superman series. Growing up I always had this concept of what is a superhero and how do these superheroes act? Why do we as people put superheroes on a pedestal? I talked about this for a little bit. A little bit of background. I've been in Drupal for nine years. I'm starting to make the conversion. It's not fully there yet, but in the last couple of years I've been more and more in the WordPress community. But I keynoted Drupal Camp London this year and I was talking about the idea of being superheroes as a way to empower developers. But as I went through the year I started thinking more and more about the idea that if we're superheroes it comes with responsibility. So if you look at WordPress, WordPress powers some massive brands, worldwide brands, Star Wars. I mean you run Star Wars. Your code is what makes Star Wars live on the internet. But you also change the world. Your code is what's delivering powerful news to people every day of their lives. And so I came to this realization in the last year or so that what we do to many people is pretty much the same thing as flying. And I came to this realization as I was sitting in Istanbul. I was on my way back and decided to take a quick jump through Istanbul as one does from Europe. And so I was by myself and I said I'm going to find Hukabar being a six foot one red headed pale white guy walking into Istanbul, like locals only behind the Grand Bazaar at Hukabar. Obviously I stood out quite a bit. And so they sat me down. Pretty soon some folks came over and we started talking and we sat there for hours. And we were smoking and drinking tea and talking about politics and religion and life. And then they said well what do you do? And I go I make websites and it was like this explosion on their head. Like oh I've always been wanting to make an e-commerce website. Do you know how to make an e-commerce website? I was like yeah I can create one in a couple hours actually. Like oh my gosh this is amazing. But hosting. He's like hosting is really hard to do. And I don't know how to do hosting and I was like no I've got friends that run a hosting company that'll always keep your website on no matter what. It's just like I came to this realization that me speaking about this it's like I was so it was off the cuff. I don't know how to do e-commerce. I can build an e-commerce store. But to people who don't know what we do is a very very powerful thing. It's the same thing as Superman flight. And so as I started to think about that I started to think we have the same duty to use those powers to protect the people who don't have them as superheroes. And the reason why is because some men are looking for anything or aren't looking for anything like money. They can't be bought, bullied, reasonably negotiated with. Some men just want to watch the world burn. And unfortunately we have those people in our community, outside of our community. And so we need to use the technology that we have, the power that we have with it to make the world a better place. It's all who bends. Famous line is with great power comes great responsibility. And so that's the title of the talk today. Now I'm going to ask some questions and I'm not going to really have all the answers. I'm kind of taking you on my journey here. So I hope that this kind of sparks conversation. There's a Q&A like beanbags lounge back there. We'd love to talk more. But I hope this is more of a conversation starter than, you know, this is Chris's flag on the ground of what is ethics and what should you do, right? And so I can't start a presentation about superheroes without your new scheme of mind. So my lovely wife and my two kids. Sorry, I don't get it. Emotional effort. Wow, I've done this talk like three times just the first time I'm crying. But it makes me think, what type of web do I want to build for them? And this came to realization during this talk. Work camp Europe, I'm crying now. I'll tell you, this is the first talk that I've ever seen the Q&A. There was like tears. It was like a therapy session upon therapy session. So go watch this. A lot of the talk today is, I like to say, you know, or the classic phrases, you're standing on the shoulders of giants, more than one of those giants in the community. So definitely go watch this. But the ability to create and the ability that we have in our code comes with the ability to manipulate. And we're seeing that a lot today. So Facebook and Twitter started to ban Alex Jones. And folks started screaming out, oh my gosh, like Twitter and Facebook are creating what is and what isn't on the web, right? Twitter got a little delayed in their response to it, but they ended up getting on the bandwagon and saying, no, Alex Jones isn't allowed on our platform. And so as you're building platforms, you have the ability to dictate what is on them. But nobody builds on Twitter expecting an Alex Jones. Nobody builds on Facebook expecting a Cambridge Analytica to appear. But they do. And we've seen this in WordPress as well, with the controversy around a lot of the Sandy Hook conspiracies that were hosted on WordPress.com. And normally WordPress.com and WordPress in general have democratization of publishing and anybody can have a voice. But what happens when that voice is destructive? It's causing pain to others. And so WordPress.com updated their usage in their terms to basically say you can't post the pictures of a minor without their permission, without their parent's permission. And that allowed them to go in and take down a lot of the Sandy Hook conspiracies and I'm not going to go down that rabbit hole. You don't. But really horrible, horrible things. And WordPress was able to take them off the web. And this brings up the idea of, I'm going to butcher the Latin, if anybody's a Latin major or knows it, I apologize, but it's Cuis Custodia, Ipsos Custodias. And it translates into who watches the watchmen. So as we build and as we start to create these platforms for publishing, we have this power to dictate what's on them. We have the power to ban somebody and say with Alex Jones, he's not in the App Store, he's not in Google App Store, he's not on Twitter, Facebook, Instagram, everything. He's gone. He's wiped off the web or the main portions of it. But who watches that? And who gets to dictate? Who gets to say? And part of this that we start running into is that with big data, there's a big responsibility that sits out there. You have a responsibility to curate and make sure that you're providing a platform that's going to give folks the ability to speak. One of the beautiful things about WordPress and just the open web in general is that it gives a voice for the voiceless. It allows people to publish. You would never have that chance before. But when you start doing that, you start doing that in scale. You have a responsibility to monitor and review what you're going through. And so last year in The Economist, they published an article and there's been a couple of follow-ups to it. But their theory is in the ongoing discussion is that data is the new coil. There's more value now in data and the data that we're collecting and the websites that we build than is in fossil fuels. And again, with that power, with that monetary value that's being built, there's a lot of responsibility. It's a responsibility that us as developers, we kind of like to live in this free world where it's like, nobody can tell me what to do. I'm just going to build and create and I'm going to do what I want. And that's great. But then you launch it out and all of a sudden you run into an issue of what happened with Strava. Now how many people know what Strava is? A couple hands in the room. So Strava is a fitness tracking application. So you can bike, run, hike, walk, do whatever you want. It'll track it and allow you to share with others. Track your times, your miles, mileage, all sorts of stuff. Really awesome app. And so they came out with the global heat map and they said we've got data from millions of people across the world and we're going to publish it out and show you where are the hotspots to go running, biking, walking. That's pretty cool. Here's a picture of Seattle and I apologize for the dark screen here. But it kind of shows you where the hotspots are. Where are people running? Where are they biking? You can even see, you can check the slides online. You can even see the ferry lines because that's where people are traveling on the ferries and stuff. This is some pretty cool data. And so when they first published it, people started looking at it, looking around the world and then they started looking at the Middle East and they said wow there's a couple of spots there that you wouldn't expect to have spots. They're kind of out in the middle of Afghanistan and they have these really interesting patterns to them. And what Strava did by accident was publish where secret bases for the military were located in Afghanistan and Pakistan and all over because they just said whatever data we have we're going to publish. Now the military personnel that were wearing their Fitbits and their Apple Watches and everything else weren't thinking about the fact that they were giving data away. But this is what happens when we go out and build really cool stuff and not think about what are we doing. So I tried. The bases aren't on there. The unknown bases aren't on there anymore. The known bases are. It's actually really cool. I encourage you to go on strava.com. I believe it is. The links and the slides. It's really interactive. You can zoom around and see everything. But you can go to the random parts of the world and see where they're walking in these cities. And so the question that you have to think of are what are the unintended consequences of what I've built? I'm going to go build something really cool. I'm going to go build a Strava heat map. I'm going to go build a Twitter or a Facebook or a social media platform that's going to allow anybody to publish. But what happens with that, right? And collectively, what's really scary is that big data is starting to know more about us than we know about ourselves. And one of the best anecdotes for this is that there was a father who called up his local target and started just screaming out at the manager, how dare you send my high school teenage daughter pregnancy coupons for diapers and prenatal medicine. How dare you? And they said, sorry, sir. This isn't intended. We're really sorry. We're really sorry. The manager said, I'm going to look into it and I'll call you back in a week or so. And so he called me back and said, look, I don't know what happened. I don't know how to slip through the cracks. And the dad said, no, I'm sorry. I had to talk to my daughter and come to find out she is pregnant. And so what happened was, is Target had the great idea to say, we're going to look at people that register for our baby registry or baby registry. And what they did is every purchase that you made at Target, customer ID, and that ID would track every purchase that you made with your credit cards, with online, in-store, wherever, it would all go into this ID and they would begin to track it. They had your email address, your home address, everything you say, your credit card address, right? And so what they started doing is watching, and when somebody registered for the baby registry, they then went back six months into their purchase history and said, uh-oh. They stopped buying soaps with dyes in them. They started buying unscented body lotion and they started buying calcium and all of these supplements that when you find out you're first pregnant, you start taking, right? And so they were able to create a matrix of about 20, 25 products that if you bought enough of these, you would have a pregnancy score and they would trip an advertisement that got sent out. And so what ended up happening was the daughter would go to Target and she was buying all these things because she knew she was pregnant and they ended up sending the keep on store. Now, this quote came from the Forbes article and I think it's really interesting. It says, if we send someone a catalog and say, congratulations on your first child and they've never told us they're pregnant, that's going to make a lot of people uncomfortable. I would agree. They actually got it down to the point where they saw that if you were buying blue or red, they would say congratulations on the baby boy or the baby girl. Things that you may or may not want them to know. And then the statistician was also quoted as saying, we're very conservative about our compliance with all privacy laws. But if you're following the law, you can still do things that get people pleased. And that's true. And part of the issue is that we in the US have a very lax sense of privacy, a lax sense of privacy regulation. And so the article also said that quickly after these quotes were set, Target pulled all communications and wouldn't let them talk to them anymore. And I would be shocked if they still do this to this day. But this is what happens when you build something really cool. Like, hey, we can target pregnant women before they're on our registry. This is a great way to get new coupons and people into the store, but you're also exposing people for being pregnant when they may not want people to know that. But one of the good ways that this is being used is in Facebook. If you or someone you know starts posting and Facebook has algorithms to kind of detect a depression slide and they can say, okay, this person is starting to slide into depression, so we're going to show them a message that says, hey, we care. Somebody cares. Here's a number to call. Go talk to somebody. And they actually have built suicide prevention into Facebook's platform because they've noticed that their platform can early detect some of these behavioral patterns. Can all these people get attacked here? It can. It can. And so that's, again, this is the dual-sidedness of the future, right? Another future that I had some slides for, but I took them out because I was afraid we were going to go through them too quickly, was the memories of the future. It's really awesome. Every day I get a new memory. It's like, oh, that was three years ago. I can't believe that. I see my kid from two or three years ago. They're a little baby. But there was somebody that posted out there that says, I'm sick and tired of getting a memory every year of my son's suicide. I'm not a good thing to remember every year, right? I'm already going through it. And Facebook is retraumatizing me on it. And again, it's one of these features that has the duality of it. So as we build, we have to think to ourselves, what are the unintended consequences and how can we prevent some of that unintended consequences from occurring? And you start getting into this kind of minority report, you know, pre-crime. We can tell things are happening before they're happening. And we're seeing this actually with some of the genetic testing that's going on. So how many folks have sent in the swabs to see what your family history is and stuff? Awesome. You guys are actually part of a drug trial that you don't know you're part of. And now all of your relatives, if they've ever committed a crime that has DNA evidence but they don't know who it is, they recently in California actually caught a serial killer like 30 years after it occurred because they were able to trace the DNA to a family line of somebody who was a prime suspect and they go, huh, that's odd. The DNA that we collected at the scene matches the family line that we saw in 23 Me. Let's go get a warrant and then get that guy's DNA low and we will use the killer. And so they're starting to actually, and they got the rights to do it, they're selling your data to cancer drugs and to create genetically tested, or genetically targeted drugs for various things. Again, really cool. You've got all this data on people from all over the world. You've got DNA from everyone and you can make these medical breakthroughs. As a science nerd, that's really cool. Being a molecular biologist, DNA is really fun. This scares the hell out of me as a technologist because I can't control where my information is going. And so you run into the 80-20 paradox and this gets applied in a whole bunch of different ways, right? The basic 80-20 paradox is 20% effects. 80% of the effects are caused by 20% of the code or whatever. But there's also the 80-20 rule and I'm guilty of this myself. When you're building a system, you say, let's make it for the 80%, let's just make it work. There's no way it's ever going to be 100% and I think we've all been guilty of this, right? You get a bug in and you're like, that's in the sidelines, we don't need to worry about that. But then the question comes, what happens to the 20%? What happens to the 1% that are being affected by this? And it may not be a bug, it may be the memory of a suicidal or a suicide in the family or it may be the pregnancy coupons. What happens to that 20% of that 1% and are you creating a system that can cause pain? This is why accessibility is so critical to everything we do because as we build, if we don't think about the 20% or the 1%, we're building a way for people to no longer be able to use technology, no longer be able to use the web. And we're isolating them and sometimes these are already minority populations, they're already disadvantaged and you're pushing them farther away. And so technology has the power to change millions and millions of lives and I think that's one of the fun things about WordPress and if you're a core contributor or you build plugins or anything like this your code when you deliver it is going out to millions of people and I have my first realization of this when I was building a website that had a broad reach to it getting 8 to 10 million kids per month and I had this kind of epiphany that holy crap, I push a wrong CSS, a line of CSS or a bug here and 8 million people are going to see it. That's a lot of people. But at the same time, I've also been involved in some technology where we're starting to send geolocated SMS messages to people experiencing homelessness to educate them about services that are in their area that they may not know about. And that's pretty fun because now we can use technology to reach and impact the lives of millions. And so, growing up in a tech family we had a little bit of tough love in our family all in good humor though but my dad always ingrained into me ever since I was a kid and I was learning to code learning to code basic at four or five years old is that computers are only as smart as the people who program. So that was his way of saying, it's not the computer's fault, it's yours. Anytime I was like, ah, stick with the computer, it's not the computer, let's do it. And so because of that, it's not technology has the power to change millions of lives, we have the power to change millions of lives and we need to take that on. And so the question is, what are you doing to protect all of your users? What are you doing, whether it's a blog or whether you're building massive experiences like the New York Times, what are you doing to protect and to provide for all of your users? And so this is why privacy is a community responsibility. We need to build a community around privacy. We need to build a community around accessibility. Now sometimes, we need a little nudge to get ourselves there and unfortunately for us in the US we don't get those nudges fast enough. So Europe enacted a GDPR which we all got to go through this last spring which was a lot of fun and we all now get to click on the, yes I want your cookies, yes I know your cookies, yes I know your cookies. But a really good source for GDPR and privacy in general, Heather Burns, she's in Scotland, look her up on Twitter, she has some great, great slides and presentations she's been doing recently and what she's been talking about is the differences between the European and American views of privacy and it boils back to just the European and American culture. And I was actually having this discussion today with someone and they were talking about the American view and I haven't even talked about this and they almost went bullet point for bullet point down this. And the inherent sense is that as Americans free speech is a fundamental right. Everyone gets the right to free speech like Alex Jones, Westboro Baptist Church or the New York Times, you can say whatever you want. And the data belongs to the owner, the owner of the site or the owner of the application and it's an opt out culture right, we're going to automatically check the box for you, oh you didn't uncheck the box sorry but we're going to use it anyways. And then the other thing is we have an inherent fear of government and inherent trust in business and it goes back to our bootstrap mentality of everybody can build a business anybody can be successful so our businesses are what we believe in and the government is just trying to squash us. And of course we sue first to ask questions later so everything is just let's just sue and figure out what the courts will say about it Now in Europe it's almost 108% opposite privacy is the fundamental right. It belongs to the user not to the application owner. It's an opt out culture and people trust the government and fear businesses and now this isn't to say and litigation is a last resort so a lot of our American views on GDPR will wait to see who gets sued first and then we'll make our decisions on how much we want to apply for it right because that's our mentality and so this is not saying one is better than the other this is just saying we need to know what our differences are if we're ever going to talk about an even privacy or accessibility or ethics we need to know where we're coming from culturally now I come from the Drupal community originally and I got to see this in WordPress and Drupal and how we handle some of these things right and so WordPress you have privacy and core. Drupal we don't. We put it into control I'm currently trying to change that but it's not really something that's happening in core currently the GDPR module in Drupal has 2300 installs there are millions of websites in Europe that are running Drupal and 2300 of them are using a standardized platform that means that the rest of them are all just kind of doing whatever they want to do coding their own and hoping that it's compliant and hoping that it's safe and so because of this and WordPress is very much the plug and play you turn it on it works Drupal if you've ever worked with Drupal I love it but it's like oh you need this module and that module and this one's an API for that one and that one's going to talk to this one and this one and then there's a UI that you're going to configure a few things for and then you're good whereas in WordPress you just turn it on and it works and so knowing this that it isn't a WordPress or a Drupal thing it's how can we work together and adopt common best practices across the open web knowing our different communities and knowing our different cultures how can we build a sense of what is right and how can we handle privacy on the open web and when I talk about the open web again I'm pointing to some people that are much smarter than I so go watch these these will just be like pour yourself a coffee if you're out there you can put a little bit of Baileys in there because it's going to be a deep ride but taking what back and from whom is a great look into the open web the origins of it what it really means to have the open web and actually just this week the World Wide Web Foundation actually just published a contract for the web of core principles that they're pushing to say the web entirety this is what will happen it says the web was designed to bring people together and make knowledge really available everyone has a role to play to serve that the web serves humanity and by committing to the following principles governments, companies, and citizens around the world can protect the open web as a public good and a basic right for everyone so then it goes into this as a government here's what you need to do as a company here's what you need to do as a citizen here's what you need to do now there's a lot of discussion of are these right or are these the right principles and all that I look at it as this is a great framework and yes it breaks it down and some people say it should be everyone's responsibility we should just put out a credo and this is what it should be but if you think about it government doesn't act without people people are what power business and business unfortunately at times is what powers the government and so we all have to have our own roles and as long as we go back to the cultures and the communities and all the different understanding of what we do we have to make sure to create a better web and so WordPress is actually leading this right now because you guys have privacy in core Julin just got that tool set in kudos to them we're making it happen and so what we're proposing is we're actually going to be creating an open web privacy working group and this open web privacy working group we're going to create a set of standards that say this is what we're going to hold our projects to as a project we're going to commit ourselves to certain basic fundamental principles of privacy accessibility and what will that entail and then we can each respectively take those back to our projects and work on whatever it is in core that we do and the beauty of this and I was having a discussion earlier today about this with someone and yes it seems very altruistic like we're going to go out and conquer the open web and we're going to be doing everything and when you get into the trenches it starts to suck but the problem is that without this we are reactive to the communities around us rather than proactive we're reactive to GDPR rather than having a voice into what GDPR really does because there are parts of the laws that just make no sense and it's because you have other interests outside of our own that are able to voice them into it and so what we're hoping to do with this is not only state what we're going to be doing as an open web but then also have some advocacy into the decision making and the policy making that goes on around us so that we can actually take part in these decisions but all this work needs you because WordPress is a volunteer run organization right and we have a lot of companies that are working in it but even those companies volunteer time to make core happen people take their own time to make core happen and so this work needs your assistance so what can you do please please get involved whether it's writing a blog speaking out on Twitter or get into the coding if that's what you do become an advocate for privacy become an advocate for accessibility and start to think about how you can make WordPress impact the world in a better way and so here's core privacy Slack channel all that good stuff there's office hours they're kind of early in the morning for us here on the city coast time but you can get involved there accessibility as well in Slack and online get involved and there's a lot of ways to get involved here we just a developer to get involved and so think about the impact of your code think about the impact of the plugins and the websites and the applications that you're building with it and what it does and I'm going to get a lot of clack for this from the hardcore community Russell Rool is a supervillain but he actually had a really good line he says if you become more than a man devote yourself to an ideal so the question is let's devote ourselves to build a better web for our future generations we have that responsibility because we have that power my name is Chris Taitzel from Walker and with that I'll take a couple of questions I've got maybe about 10 minutes or so yes we've got a microphone here as well sorry I just threw my hand up real quick no yeah so one thing thank you first of all for this good talk one thing that I think about in terms of those of us who build the web and things like Facebook and Twitter is that I believe that people build platforms and products that reflect their values and their view of the world and I personally don't believe that people start building appropriate solutions for this diverse world to live in until the teams build these things look like the world they're building for can you say something about that yes without getting my foot too caught in my mouth I agree if you look at the communities that are building they don't look like the world population unfortunately a lot of times they're living which is unfortunate for more than one way but it's true and also what it is is that if you're building at a for profit company when we build we're building for one thing to grow for profit we also have an altruistic side of our company in that our goal is to make encryption available to everyone we want anybody to have access to it yes it's a double-edged sword but we believe that it's a fundamental right of the web to have that if your company's aim is to just build for profit and not build for the world at large I do think you run into a lot of those issues I will give the larger company's credit for some of the steps that they're starting to take do I believe that it's a little too little too late yes but I believe that there is some change starting to occur I I'm above the belief that that change is going to have to be forced upon them so I'm personally starting to get involved in the policy around privacy at the federal level in trying to get involved there so that we can have a voice for our views of the web not just the commercial views of the web and again I really recommend you go back and watch the Taking Back What from Moom Taking Back What from Moom because it talks about that the open web I was originally fostered by Facebook and Google and then all of a sudden it started cannibalizing to the not open web so I hope that answers your question but I do think that we're starting down that path and I think we've kind of opened Pandora's box a bit and we're trying to cram everything back in but I think it's possible but I think that if nothing else, if we don't it's like global warming, if we don't do anything now about what we build in the privacy issues that we're running into on a daily basis then it's just going to continue to be worse by ethics and privacy are a pretty heavy topic so questions normally don't come right away so I think more accessible to what I was getting at is I think part of the I think part of the I think part of the I think part of the I think I sound comfortable about this that just who I am as Romino being s May right so what do we do what do we sure we have people out of the table that help us we have to proactive about it Diversity, inclusion, accessibility, doesn't come naturally for everybody, especially doesn't come naturally for groups of people. Because as we start to group, we start to group with people that are like us, whether we like it or not. And so we need to push diversity, we need to push. And it's not just cultural diversity, it's diversity and pain points, right? And bringing that into our companies and bringing that into our communities, embracing it when somebody has a different view, don't shoot it down, elevate it, and bring it to light. A good example of that, one of the first times I met Heather, we were in Belfast for work in. We were sitting down at a pub, and me, being the dumb American that I am, opened my mouth and I was like, so what do you think of Brexit? And it was like two days afterwards, right? Or like a week afterwards, right? Didn't realize how sensitive the topic was. As I'm in Belfast, which has a long history of issues, so again, me not being culturally aware, and her reply was awesome, she just looked at me and she goes, how's Trump? I was like. Two shake. I give you that one. And so yeah, so I think it's, sometimes we try, like I was trying to spark a conversation and I just don't know how at times, and so I ended up putting my foot in my mouth and bringing up sort of subjects, but it's through that that I think that we learn. So yes, we're gonna make mistakes, and yes, there are gonna be issues. If you look at the community now, WordPress and Drupal, the web at large, we're having issues. We're having issues, these specific issues of people from underserved communities, from accessibility needs, trying to have their voices heard. And so it's not something that is theoretical, it's something that we're living through right now. And so it's how do we get voices with voices? How do we actually live out what are the open webs credo in our code, in our communities, and in our lives? Is that certain? Can I say something about that? All right, well, I love coffee, so I'll probably go with coffee. I also love beer, so I'll be drinking tonight at the other half of the party, so please come find me. I'll give it to you. I'll buy you the first free beer and we can talk more about it. Thank you. Woo!