 So we're the Electronic Frontier Foundation, organization founded in 1990. We have been working on defending civil liberties in an online world, started out by helping out in a Steve Jackson Games, was our first client. They had been raided by the Secret Service because someone had put some information concerning E911 on their BBS. The Secret Service seized all of their computers, which included the computers they needed to produce their games. That made them very upset and unable to do business. EFF came in and got them their computers back and have been trying to help out defending civil liberties online since. Our main issues... Thank you. Privacy, free speech, innovation and fair use, coders, rights, transparency in government. And our distinguished panel will be saying a few words about our work and then the structure will be to turn it over to you, the audience, to ask questions of the panel. But a few cautionary words before we get into the questions and answers. One is that this is not the appropriate forum for asking for legal advice for yourself. If you have confidential information, please don't put it into your question. If you want to convey confidential information to us, we should do that privately. If we are unable to provide legal assistance to you, we have a network of cooperating attorneys that work with a lot of people. So if you come to us for help, we'll do our best to either help you ourselves or find someone to help you with your legal problem. But that's something best taken offline. We've had a tradition for the last couple of years. We've got a coders rights project which we kicked off last year. We've continued this year and plan to continue next year. So for people who are presenting at Black Hat and Def Con and have some questions about the legal issues arising from their presentations, if they're disclosing a vulnerability, if they're disclosing something about what they did. In order to find that vulnerability that they're wondering what the legal situation surrounding is, we encourage people to get in touch with us before next year's Black Hats and Def Con to ask those questions. So let me briefly introduce the panel here and then I'll turn it over to them to give some more detail about what we're doing. To my left, Kevin Bankston, a senior staff attorney. This is Marsha Hoffman, a staff attorney at EFF. Jennifer Granick, our Civil Liberties Director. And Fred Von Lohman, a senior staff attorney. I'll start off with Kevin. Thanks, Kurt. Hi, I mostly work the government surveillance beat at EFF and it's been an interesting year of highs and lows in that area. As some of you may recall back in January 2006, we sued AT&T for illegally opening up its network and its databases to the NSA. Thank you. We were pretty excited about that case too, but there have been a few wrinkles since then. Last summer, despite our best lobbying efforts and the efforts of a lot of you working as activists, Congress passed an immunity for the phone companies that have assisted the NSA, creating this rather scary procedure where if the Attorney General files a secret piece of paper with the court that says, they didn't do it, I think it was legal, or the President told them it was okay, the cases had to be dismissed. And two things happened after that. First, after the Attorney General did file his secret certification, we challenged the statute as unconstitutional. We thought that violated our plaintiffs due process rights, violated the separation of powers and the Attorney General into judge and jury, usurping the court's role to decide what the law is. We also filed a new lawsuit called Juul v. NSA, challenging the government directly, the NSA, the DOJ, other government offices and officers, and some individuals in their personal capacity, including Dick Cheney and Alberto Gonzalez. And so, unfortunately, our challenge to the constitutionality of the immunity didn't go that great. Earlier this summer, Judge Walker in San Francisco, despite some apparent misgivings about this unprecedented immunity, held that it was constitutional, which was a great disappointment to us. We are going to be appealing that decision to the Ninth Circuit. In the meantime, however, we're moving full speed ahead on the Juul v. NSA case. Just two weeks ago, we argued in court against the government's motion to dismiss that case, where the government has been arguing that the NSA program is still such a secret that to litigate its legality at all would harm national security, and also pushing the rather aggressive theory that no one can ever sue the government ever for damages or for an injunction for violating federal surveillance statutes. We're waiting for a decision on that motion right now, and we'll certainly update you guys when that happens. In the meantime, we've been working on some other issues, trying to protect the privacy of your email and the privacy of your cell phone's location. Last time I was here a couple of years ago, I told you about a case called Warshawk v. U.S. Steve Warshawk was the CEO of Berkeley Nutraceuticals. You may be familiar with their mail enhancement product insight. Well, Mr. Warshawk was being investigated and was eventually prosecuted for a variety of flavors of fraud, and as a part of that investigation, the government used a law called the Stored Communications Act to get his emails without a warrant, something that we think the Fourth Amendment doesn't allow. We briefed the Sixth Circuit on that issue as Friends of the Court, and citing our arguments to Sixth Circuit also issued an incredible opinion saying, indeed, the email that you store with third parties, your Gmail, your Yahoo mail, your Hotmail, is protected by the Fourth Amendment, and the government has to get a warrant before they can acquire it. Unfortunately, well, thank you. Don't clap too soon, though. Unfortunately, the on-bonk Sixth Circuit, the entire panel of judges of the Sixth Circuit, ended up vacating that decision on a procedural ground. But now Mr. Warshawk has been convicted and he's appealing his criminal conviction, and so we have another bite at that apple because he's arguing that the court should have suppressed his emails under the Fourth Amendment. And so we once again have thrown in an amicus brief arguing that the Fourth Amendment protects the privacy of your email, and we just filed that last month and we're waiting for a decision there and hoping for a good one based on the earlier decision. Finally, we've continued our work on protecting the privacy of your cell phone. We've had a lot of success getting the government to have to get a warrant before it wanted to track your cell phone in real time. We've gotten into a great situation where a lot of magistrate judges, when faced with government applications to track your phone without probable cause, have come to us asking for our opinion, asking us to brief them on it, and we've had several courts, based on our briefing, deny the government's requests. But now we've broken into a new issue which is what does the government have to do if it wants to get stored records of the phone company about your location. And in a case that we weren't aware of at the time, a magistrate in Pennsylvania said that they needed a warrant. We jumped in and filed a brief when the government appealed that to the district court and success, the district court agreed and upheld the magistrate's decision requiring the government to get a warrant where it gets your cell phone company's location records. Of course, the government has appealed that now to the Sixth Circuit. I'm sorry, the Third Circuit. And we've briefed the circuit court and we're once again waiting on an opinion. So a few disappointing things have happened this year, but we're continuing the fight on multiple fronts. And right now we're waiting on a bunch of opinions and we expect several of them are going to be pretty darn good. Thank you. And now Marcia Hoffman, talk about our transparency efforts. Hey there everybody. DEF CON is particularly close to my heart because in 2006 we actually announced the launch of our transparency project here and everybody was super supportive, which I always really appreciated. EFF has a project that we call the FOIA Litigation for Accountability or Flag Project. Basically what we do is we... Excuse me? Accountable government. Accountable government, sorry, sorry. Basically what we do is we use this law that's called the Freedom of Information Act. And basically it allows anybody to make requests to the government for information about what the government's up to. And there's a presumption that the government has to release this information unless there's a really good compelling reason why it shouldn't, like national security or it would compromise a criminal investigation or something like this. So we use this law to make requests of the government and we're mostly interested in information showing the government's use of technology in the way that it may or may not compromise civil liberties, especially in a national security or law enforcement context. And when we get the information we try to put it up on our website, make it available to the public. When we have trouble getting the information we strategically file lawsuits to try to get the information released more quickly or a greater amount of information released because we think that the government is wrongfully withholding it under a number of exemptions. So since we launched the project we filed about 150 requests. We've litigated several lawsuits. In the past year one of the most interesting things in our little bailiwick of EFF has been seeing the way that the change in the presidential administration has affected the Freedom of Information Act and government transparency in general. On his first full day in office President Obama released a memo announcing that his presidency was going to be an unprecedented era of transparency which made us very enthusiastic to see that promise come to fruition. Unfortunately we found through our lawsuits that began in the Bush era and now have continued through the Obama era that this has not worked out as well as we would hope and we've been a bit disappointed with the government's reluctance to change some of the decisions that it made under the Bush presidency that we thought weren't very well made. And to the extent that you want to talk about those lawsuits I'm happy to talk about them more in the Q&A. You might be interested to know about a couple of our more recent lawsuits that we filed in the past couple weeks. We filed suit against a number of federal intelligence agencies including the CIA, the NSA, the Department of Justice which has underneath at the FBI and some other agencies seeking reports that have been made to a presidential advisory committee called the Intelligence Oversight Board. Basically this board is responsible for taking a look at intelligence activities throughout the intelligence community and reporting to the president any that might be unlawful or contrary to presidential order. And agencies are responsible for sort of self-policing and reporting to this board incidents that raise questions about legality. And so basically we're trying to get all of those reports across the government since 2001 and are hoping that that might give us a pretty good idea of what kind of intelligence misconduct has been happening during this time and how frequent it is. Another lawsuit that we filed recently is one in which we're seeking the FBI's internal guidelines on conducting investigations within the United States particularly investigations involving surveillance. These are guidelines that were released in the past several months and appear to be operational but we have no idea what those guidelines say so that's another thing that we're seeking pretty aggressively. In closing I just want to say that we spend a lot of time trying to investigate and come up with good requests and to the extent that any of you have ideas for things that we might be requesting from the federal government I certainly would like to hear it. Thank you. Jennifer Granick, civil liberties director talk about the coders rights project. Thank you. So coders rights project is the work that we do it's the umbrella name we use for the work that we do that's to help reverse engineers and computer security people and hackers like people at this conference. And I spent some time already today talking about some of the cases of who came to the earlier talks. Our MBTA case is one of these cases involving trying to protect the rights of people to present their research at conferences. We also do a lot of work involving well let me say when we did the MBTA case we had talked to those researchers prior to their coming here to the conference to give their talk. And so the work we do here is both a kind of flashy and exciting thing goes horribly awry and a lawsuit gets filed and you have to react really quickly and show up in court and argue about restraining orders and gag orders and preliminary injunctions and those sorts of things. But there's immense amount of work that we do for coders rights that goes on behind the scenes which involves us talking to people who have concerns about their projects ahead of time. And this year maybe because of MBTA or maybe because y'all are pushing the envelope a little bit more than usual or something like that was a particularly busy year at that time. We talked to by my count about nine different people ahead of their time of giving their talks and finding out what they were going to talk about how they did the research, what their concerns were researching the relevant laws and giving people some advice about how to best present their work in a way that was going to manage the risk that something might go horribly awry so that we can continue to have the kind of valuable information transmitted at conferences like this continue to go on. So I always say and my colleagues sort of think it's horrible, but I always say why do we try so hard to help these people make nothing go wrong ahead of time? It's all this talking and work and stuff and then there's no lawsuits and we don't get to go to court and argue stuff with judges and get some opinions and everything. I'm always mindful as I said in the talk before that while litigation is what I've chosen to spend my life doing it's certainly not what you guys have chosen to spend your life doing and so we do a lot of stuff behind the scenes and early on to try to make sure that you don't have to so that's part of Coder's rights. We also spend a not small amount of time and I spend a lot of time worrying about the scope of the computer crime law both at the state and federal level and we do a number of different kinds of cases trying to litigate about the computer crime law and narrow its scope and fewer things that it applies to the better because the law is over broad so the more we can do to kind of like tie it down and narrow it, the better it is and actually Marcia has a case under Coder's rights project that she's working on now that I'm going to ask her to talk to you about. Sure. So this case is called United States vs. Cione and it basically involves a situation where there was a woman who worked at this company she started to have an affair with her boss and was married the woman was also married and she started to become suspicious that he was perhaps involved with other women as well it started to really really bother her she did some things that maybe she otherwise wouldn't have done we all find ourselves in these situations right she hired somebody to basically get the password to her lover's email account and his wife's email account and some other people with whom she suspected he might be involved and she used those passwords to access those email accounts numerous times and she took some of the information that she got from those accounts and made some cryptic perhaps threatening phone calls to him and to his wife and suggesting that she knew he was not such a great guy using some of the details that she learned from these accounts and she also printed out copies of some of these emails and mailed them to him and to his wife this is what we call bad facts bad facts these are bad facts not a very sympathetic client but that's okay the government decided to prosecute her for her behavior and charge several violations of the law two of which are very interesting to us for one thing the government said that this woman violated the computer fraud and abuse act now among other things the computer fraud and abuse act says that if you intentionally access a protected computer without authorization and thereby obtain information from any protected computer this is a violation of the law this can be a misdemeanor or this can be a felony it's a misdemeanor if the person commits this conduct and that's just kind of the beginning and end of the story but if the person does this in order to commit another crime or another bad act then it's a more serious violation and it's a felony and it's also said that this woman committed a violation of the Stored Communications Act and basically there it's a crime to intentionally access without authorization a facility through which an electronic communication is provided and if you do this and by doing so you access an electronic communication while in storage then you violated the law basically what the government was saying the first thing and also doing the second thing the first offense should be elevated from a misdemeanor to a felony so basically she obtained unauthorized access and in doing so obtained unauthorized access to a stored communication and so the first one is a felony and we think this is basically double dipping that this woman should not be punished so severely for basically what is one act she should be punished one time and one time only so we're filing what's known as an amicus brief or a friend of the court brief in this case we're not actually representing this woman but we're kind of weighing in and saying that in the trial court signing to convict her of those two offenses and thereby elevating one from a misdemeanor to a felony was just really too harsh and shouldn't have been it just shouldn't have been done so that's the story with that case so that's in sort of early stages the Sarah Palin email hacker case which people might be more familiar with fact pattern wise and so here we have this situation where again the computer fraud and abuse act is being read in this really broad way where it has a lot of application and it really does matter whether it's a felony or misdemeanor because basically misdemeanors don't get charged really all that much at the federal level and felonies always do so we also do a bunch of work for reverse engineers and for coders stuff that arises under the anti-circumvention provisions of the DMCA and variety of different kinds of cases and we're always looking for other good new cases so if you have issues as they come up in your research or in your talk when you're giving talks at this or at other conferences please send an email encrypted or give me a call and let us know and we can talk about what those issues are so thanks very much alright thank you and finally Fred von Lohmann to talk about some of the legal issues civil liberties issues arising in the copyright world yes so I've mentioned a couple of these a little bit earlier I'll just review them for those who weren't in our earlier talks in the copyright space we continue to do a lot of work around fair use and free speech particularly for online video there have been a lot of bogus takedowns of content on sites like youtube some of you may know that Warner music group has suddenly decided that every video that has any song of theirs in it should automatically be blocked off youtube so we've done a lot to sort of help explain to people how the youtube process works the removal process the dispute process the counter notice process all of the rather complicated ways you can get your videos restored if you believe you in fact are not infringing copyright law and we have brought some of those folks into court where we've been able to sue people who send bogus takedowns so we're going to keep doing that there are a couple of things that may be more near and dear to the hearts of some of you here we are in front of the copyright office right now we get a chance once every three years to ask for exceptions to the anti-circumvention provisions of the DMCA that pesky law that says you're not supposed to be bypassing technical protection measures used on copyrighted works like software and increasingly hardware devices like your cell phone so two of the exemptions we asked for this time around one would be jailbreaking your phone which increasingly means the iphone to get the ability to run software of your choice from sources of your choice to run on the phone you own apple has taken the position that doing that jailbreaking your iphone violates the DMCA because of their signed chain of trust encryption system for the firmware we've said even if that's right that doesn't infringe any copyright when I use my own phone to run my own firmware on that phone to run software that I choose to run we don't think any copyrights are infringed we're asking the copyright office to come to that same conclusion and give everybody a three year blanket exemption to allow them to jailbreak their phones the other exemption we've asked for here and here I think to some of the folks here in this room is an exemption that actually Jennifer Granick pioneered three years ago that she got an exemption that lets you unlock your phone your cell phone in order to take it to a different carrier for the last three years that has been had an exemption to allow it under the DMCA there are still some cell phone carriers who don't like that we are fighting to make sure you continue to at least not have to worry about the DMCA if you want to take a phone you own to a carrier of your choice so those are sort of two parts of our efforts to sort of underscore that you bought it you own it part of the copyright law which I think matters to anybody who cares about the ability to modify and adapt and basically pop the hood on the hardware and software that you own another case that we took a few months ago that might be of interest to some is a case involving a website called blue wiki blue wiki is a public wiki site like many others that are available free hosting for wiki based discussions one of the discussions there was about how to make your ipod touch or your iphone sync using software other than itunes so folks who don't know this in the last several versions of the iphone and ipod touch apple has added a little hash on to the database file the itunes db file that is the index file that tells your ipod what's on your ipod you know metadata artists title album genre all of that stuff is included in a database table that table is in the clear but there's a little hash that's calculated that's put with that table and if your iphone doesn't see a properly calculated hash it won't load that index file which essentially is if you want to use something like song bird or win amp or any of a number of other open source media management tools you won't be able to easily sync your media from your own computer to your ipod touch or your iphone so on blue wiki this bunch of hobbyist bunch of hackers started talking about what it would take to reverse engineer this they didn't stick they had just started it was basically a dump of some compiled apple code really short snippet it was basically an obfuscated mem copy function not exactly terribly crown jewels material and they basically said hey we need help we need the following things we're looking for volunteers who might be interested in reverse engineering this hash function they had not succeeded there were no tools there they had not written anything about how you would actually accomplish the goal they were just soliciting help apple sent a bunch of lawyer letters to the folks who run the blue wiki service said hosting that discussion of reverse engineering violates the dmca we wrote back well blue wiki the guy who runs it called us we took him as a client we wrote back to apple and said what? so it was the first time we'd ever heard anybody argue that simply talking about reverse engineering not distributing a tool not explaining how it's done but simply saying hey this is a problem that might be interesting and here's how we might want to address it that that by itself violated the law we thought that was completely bogus we gave apple a chance to explain why they thought this they wrote back a several page letter and we said okay fine we're going to sue you so we sued apple said this is protected speech this does not fall within the scope of the law you've got nothing and fortunately it's one of these hard things we say at EFF where total victory for your client is never enough apple a few months well a few weeks ago actually back down withdrew their threat and said maybe we didn't really mean it that's of course a disappointment to me because I would have preferred to kick their ass in court get a precedent so you know good victory but I think it's not the last time that we will have to address the question not just of is it legal to reverse engineer but is it legal to reverse engineer in public because that's fundamentally what this was about the ability to solicit and build a team to do reverse engineering in a public forum in a public way without worrying about lawyers silencing that discussion so if it happens again hopefully this time Apple won't back down and we'll beat them all the way in court so thanks thank you Fred and so now I'm going to introduce myself my name is Kurt Opsall I'm a senior staff attorney at the EFF I work in the civil liberties and privacy free speech space as well as on some copyright issues but without further ado I would like to turn it over to y'all for questions we have I believe a live mic at the front side here on the right so if people want to line up there for questions or if you shout them out I will try and translate them we'll start out with you sir the question is what kind of computers are protected by the computer fraud and abuse act so the statute has a federal statute has to have an interstate nexus connection to interstate and so what protected computer is a term of art under the statute which basically means a computer that's in interstate commerce and that means a computer that's connected to the internet it could also mean a computer where the parts have come from another state or something like that so it's not a difficult standard to meet protected basically means it's enough to warrant federal jurisdiction it was a mildly interesting question of whether something was a protected computer when we did the MBTA case in that case it was the system the computers that were involved were the Boston transit system and in that case there was a little bit of a kerfuffle about whether those were protected computers because they were all in Boston and they had introduced a declaration into the dockets showing that at least one of the Boston T stations was actually in Rhode Island so there was interstate nexus there but I think they could have made that with a far lesser showing than that it doesn't take a lot to invoke federal jurisdiction sir? I have a question regarding your work on ensuring that there's probable cause required for certain kinds of surveillance if you're successful it might result in less surveillance if law enforcement goes to judges and they're turned down or it just might result in law enforcement doing the paperwork right and the same amount of surveillance actually happening do you have a sense for which which way it might go? well first I hate to characterize it as simply doing more paperwork the probable cause standard is a constitutional protection in the Fourth Amendment we don't think it's a trivial thing that being said there are certainly cases where the government seeks surveillance authority without showing probable cause even though they have it in the paperwork or they want to continue to gather precedent where they've been able to get it without probable cause I do think that to the extent we were able to for example require probable cause before the seizure of email or require probable cause before live or historical cell phone tracking that would result in a distinct lessening of in terms of the numbers of these surveillances but you do raise a good point that certainly in some cases they do have probable cause they just don't want to bother having to show it I've become interested in the Seibel Edmonds case her case was denied certiori for the US Supreme Court she's a former FBI translator my question is does the 4th amendment have to be sacrificed on the altar of national security no hi so I actually have a couple questions and I'll be very impressed if you can answer it in one word so I've been running a tour exit node for over three years now cool well it's been interesting, it's been a fight so I have several questions I've obviously received a number of DMCA takedown notices which I've responded to using your template letter I've also been accused of hacking a number of systems around the world which I've just very politely emailed back and said no that's not the case here's what I'm doing however I've had now one two ISPs that have cut me off I'm on my third so far they've been great and I'm not going to name names so one question I have is do I have any recourse as far as working with my ISPs I've been straight up threatened by people in my ISP I really wish I recorded these conversations these abuse guys are frankly assholes seriously I apologize if there's a nice one in the audience a nice abuse department person so that's my first question my second question is am I protected under the Safe Harbor Act of the DMCA as providing basically as long as I take some action about a hacking complaint or what not or could I be taken to court for that and if I am taken to court for either a DMCA notice or some accusation of a hacking attempt what do I do because I just honestly have no idea what I'd do at that point so I'll start by saying thanks for running a tour exit note I am on the board of the tour project and the tour project was an EFF project for a spell as well my only regret is that Roger Dingledine's talk is cross is going on right now I think so otherwise I tell you all to be there so let me answer those questions as best I can first you have recourse against your ISP if you want to run a tour exit note probably not your relationship with your internet service provider is largely defined by the terms of service, the contractual terms that came with your account so a lot will depend on reading that fine print that being said a lot of ISPs the one piece of fine print that most of these agreements have is we can terminate you at any time for any reason or no reason at all to reject to refunding the rest of your monthly payment that month and so they don't have to have you as a customer and if they choose not to have you as a customer it can be very difficult to force them to keep you as a customer so I think you're doing exactly the right thing which is try to talk to your ISP build a relationship, hopefully choose an ISP that knows what tour is understands why it matters and understands why fundamentally the ISP is very unlikely to have legal exposure based on what you're doing now they may not want your business because you're running up end with or whatever else but if they say we're afraid we're going to get sued for it tell them to call us, I'm happy to explain why I don't think they're any more likely to get sued for what you do than any other customer of theirs is up to, they're just carrying bits the law gives them reasonable protections maybe not perfect but pretty good so the second question, will the DMCA the tour exit node operator from copyright infringement claims that might happen because somebody's using your tour exit node to share an HBO series or something we think the answer ought to be yes you are effectively operating no differently than most ISPs are you're just passing bits you're not choosing those bits you're not altering those bits that question has not been tested in court if you google for the terms EFF tour test case you will find an email message that I sent out a while ago explaining that we are looking for a test case if a copyright owner wants to have that fight I would love to have that fight but I also have a list of what would make you a good person to be our client in that test case explaining that if you're a major self maybe you're not the best client for that I would encourage anybody who is running a tour exit node who's in your position who wants to think about this and is getting a lot of these complaints and wants to decide do I want to be a test case or not, read that email think about whether you meet those criteria if you do and you want help call me so Jennifer is asking me to say a few words about section 230 of the communications decency act the communications decency act is probably most famous or was most famous because it was attempting to stop indecent material from being on the internet as it turned out that was unconstitutional however another aspect of the act section 230 provides strong protections for users or providers of interactive computer services and some of its protections include a protection from state criminal law claims that are based on the activities of third party users of the interactive computer service the basic idea behind the law is that the soap box is not liable for what the speaker has said it has a some exemptions for example intellectual property is not protected by 230 that's handled copyright under the DMCA safe harbors another one is federal criminal law so the CFAA and also the electronic communications privacy act those aren't covered because those are federal laws but state criminal laws are protected against them through section 230 cool thank you nice shirt sir I have a couple of general questions first off I was following you on the ACTA case I think it stands for anti counterfeiting trade agreement at least I got the impression that you sort of backed down from that and attempting to obtain this document through the freedom of information act can you explain that a little bit sure no problem one of the FOIA cases that we did in the past year was for documents related to ACTA counterfeiting trade agreement which was an international agreement being negotiated between a bunch of countries it's still being negotiated and I think perhaps Fred might be in a better position to talk maybe a little bit about ACTA and what it does do you want to just say a couple sentences I'll just say a few words ACTA is being currently negotiated by a lot of major western trading countries the idea is to strengthen protection international cross border protections for counterfeit goods as you might imagine there's an awful lot of copyright owners and trademark owners who are trying to basically jump into that action to use this as a way to lever up protection for movies, music more criminal penalties for people who defeat DRM all the kinds of things you would imagine they would try to sneak into this document as far as we can tell they are but the negotiations are secret the drafts of the documents are secret all of this is going on behind closed doors and is being done by our government nominally in our name and so part of what we were interested in here is getting copies of some of the drafts and getting some transparency in on the process so that's where the Marcia comes in so that's where I come in we worked with our international team and we got a few documents that we didn't find terribly interesting and a lot of the material was withheld because the government said it was classified under an executive order one of the reasons why information might be classified is because it pertains to foreign negotiations, foreign government information and as a consequence the government says that it implicates national security and in that situation that information can be properly classified and not surprisingly under the FOIA, classified information is exempt from disclosure and it's extremely difficult to challenge that in a court of law and get a judge to second guess the government's decision that something ought to be classified and get a judge to actually say you know what never mind you should release that so we assessed our chances of success in that case and we thought it was extremely unlikely that we were going to get a judge to unclassify it and so that's why we decided not to continue to challenge that decision by the government I will say we are continuing to fight on the act of front and in fact ironically we have found more cooperative transparency from our trading partners in other countries than we have from our own government so that fight's not over and we continue to talk to people in the FOIA department they have wanted to talk about questions raised by this case and by other questions about the act of process and its lack of transparency and we are engaging them they are engaging us in further discussions about transparency around that process we just made the decision that in the FOIA context we weren't likely to get much more than we already had and that our resources were better put elsewhere and I think that this was supposed to be passed on very short notice the treaty? in sort of a synchrony between the countries what does the EFF plan to do with anything in response to this because it's my understanding that it's also intent to be passed relatively undemocratically by the president's signature alone yeah we again we continue to be working on that both through our own US trade rep and the other negotiators here as well as with other parties to the agreement who are negotiating, you know, parties in other countries that are negotiating as well my my sense is that it's not imminent at this point I think we have had success in getting people to slow this thing down and ask questions including as Marsha points out even within the Obama administration some reconsideration may be underway of at least the degree of transparency so it's not over, it doesn't appear likely that act is going to happen anytime real soon but of course it could move quickly so the idea is we're staying on it and hopefully we'll keep people apprised given that this agreement is planned to be passed by the president's signature alone can communicating issues about this agreement with congressmen have any impact yes absolutely congress certainly has input here, treaties are generally ratified by advice and consent of the senate I believe that would be true for this one as well and more importantly quite frankly if the members of congress who run the trade portfolio have an interest here they're going to be heard by the US trade rep, they're going to be heard by US negotiators so I think there is still some room for improvement even within our own government on this you said that this has to be ratified by congress correct but I think advice and consent of the senate is all that's required I'm not positive on that score and I again the person who runs the act of portfolio for us is my colleague Gwen Hins who runs our international team and is I'm sure somebody would be happy to answer more questions if you want to ping her directly okay my second question which is rather we've got a couple of questions sorry I wrote mine down does the fact that the use of the state secret privilege in the US in the case of the US vs. Reynolds that it was based on lies and just to protect the Air Force command does that come up at all in your experience and if so like what's anecdotes or anything like that because it kind of boggles my mind how the state secret is so wonderful privilege but it's all based on or the precedent was based on you know protecting a couple of officers ass so the question is about the United States vs. Reynolds case that came before the Supreme Court in the 1950s during the McCarthy era and it concerned a lawsuit over a plane crash a government plane crash Air Force plane and the errors of people who died in that crash felt that the government may have been negligent in its duties with respect to the plane and then when they sued over this the government said no no no you can't go ahead with your suit because this will reveal state secrets that there's classified information about this super secret experimental plane and so it will endanger national security if this suit is allowed to proceed and this went all the way up to the Supreme Court and the Supreme Court decided the case and created the precedent behind what is known as the state secret privilege which allows in some circumstance the government to dismiss a case based on concerns about national security and the Supreme Court and none of the courts below that ever none of them ever looked at the evidence years and years later that evidence was eventually declassified and it turned out that there was no national security nexus the information that they were hiding was that they were in fact negligent and that the experimental national security related aspects of this plane had nothing to do with the crash were nowhere near that and so thus it was revealed that the basis of the state secret privilege was in fact the government using that privilege to hide their own negligence and deceiving the court about the national security implications as it turns out that nevertheless the state secret privilege and Reynolds is still good law and the state secret privilege remains alive the family of Reynolds and others who died in that crash actually tried to reopen the case saying that there had been a fraud upon the court and it should be reconsidered but that effort was unsuccessful and it certainly is mentioned when the Reynolds case comes up we certainly like to remind the court that it was based on this and one of the arguments at least behind the state secret privilege is completely undermined by this because those who are opposed to it are saying that's exactly why you shouldn't have a unilateral state secret privilege that gives this much power to the federal government and one of the things that we've been litigating in the context of our NSA surveillance litigation is whether or not the state secret privilege requires the court to dismiss the suit in the context of our suit against the telecoms the judge agreed that the state secret privilege did not require dismissal of the lawsuit so we succeeded there and then the government went to congress and got telecom immunity passed which was very flattering but it didn't help keep the case going though we are appealing the telecom immunity issue and the government raised it again in our suit against the government jewel versus NSA and in that case we are arguing with the government whether the case should be dismissed under state secret privilege we are hopeful to push forward there by pointing out to the court that the foreign intelligence surveillance act superseded the state secret privilege and provided a means by which a court can determine whether surveillance is legal under appropriate security measures that will both protect the national security interest and allow a court to have a ruling on the merits my question slash opinion or trying to get your opinion is related to in the UK there was a company or a person exactly show all the information but they would basically go out and find out the information and specs of an Apple computer and basically buy the same parts of an Apple computer for the third of the price and actually install Apple go out and purchase the CD to install Apple and then actually sell that computer to somebody and I heard that they got sued for Apple came in and sued that company or person the person was selling the computers for a third of the cost and Apple came in and said that they basically wanted their money back and the guy got sued for the remainder of the cost and the difference between the third and the actual regular price and I want to know what your opinion was on it and whether they were actually allowed to do that so I'm not familiar with the UK case you mentioned but this is an issue that has come up repeatedly is there any how many people in the audience run a Hackintosh at home a few, a few, good for you, good for you so the running OS 10 on a generic windows box generally known as a Hackintosh is not terribly hard to do pretty well documented online there are a few companies that have gone to the trouble of actually selling pre-built Hackintosh SciStar gets probably the most press here in the US about it they have been sued by Apple for doing so Apple has a number of very interesting legal theories many of which I think are bogus the key ones are one they say it violates the terms of the end user license agreement that comes with OS 10 I think SciStar plausibly you know SciStar plausibly responds by saying we don't install the software we never click I agree all we do is provide hardware with a retail shrink wrapped boxed copy of OS 10 so how is it that we violated a license the other argument Apple has is that they have technical protection measures built into OS 10 that's designed to prevent it from loading on any system other than an actual Apple romped piece of hardware I am not in a position to know what the technical merits of that argument are SciStar certainly disputes that that's true the bad news for SciStar is Apple is a big company with a lot of lawyers SciStar is a small company and they have essentially been driven into bankruptcy by the cost of the litigation and they did just find themselves a new set of lawyers to continue the defense but whether or not they're going to prevail at the end of the day is sort of hard to know based on whether or not they'll have the amount of money it would take to actually keep up the fight I'm not aware of Apple going after any individuals who whip up their own hackintoshes I'm also not aware of Apple targeting any of the sites where these activities are discussed if either of those things happen then I hope somebody will call wow this is really awkward recently we've seen in the news this problem with I don't think I'll go up any further because of the court how many engineers does it take to raise a mic stand we've seen in the news recently this whole kerfuffle with Amazon's Kindle which made people really question content ownership as well as what the hell can this device actually do with the stuff I bought and just I think a week or two ago we saw Barnes & Noble release an e-reader that decided to wrap six public domain works in some rather onerous DRM so I actually have two questions first is what rights and risks do users have in dealing with the DRM on these works that they've paid for and the second is do you see some sort of battle brewing that's going to clarify in the near future exactly what the publishers and the sellers of these devices can do with respect to that content so that's a really good set of questions we are unfortunately moving from a world of owning stuff to a world of having service agreements with vendors in 10,000 words or more of legalese describing what our rights may or may not be and Kindle's automated remote deletion of George Orwell's Animal Farm in 1984 off of Kindle's certainly kind of underscored that in a delightfully interesting way for anybody who hasn't heard Amazon has been sued now in a plain of side class action lawsuit for that that news just came out a few days ago it's interesting because Amazon's own terms of service promise that you will have permanent access to books that you buy a piece of legal drafting that I imagine somebody is being yelled at for as we speak always good if the lawyers actually talk to the engineers before they write stupid things in their service agreements you can be pretty assured that Amazon will either amend that or future folks won't be foolish enough to put that kind of language in so in terms of the big battles coming I think we're going to see them I think it's still a little early there are actually relatively few devices right now that I'm aware of that are tethered such that vendors can automatically rewrite the code and content remotely without asking your permission I can think of Tivo I can think of Kindle I can think of most DVRs that you get from your cable company but even the iPhone asks you before they do an update apparently there is some confirmation that Steve Jobs has the power to remotely disable and remove apps on your iPhone not entirely clear whether they'd have the nerve to use it we'll see but as we move to a world of tethered devices like this it's going to be a bigger and bigger question rather than being resolved on the basis of do you own that content it's more likely to be resolved on the basis of what does the service agreement say about this if it's fully disclosed and you quote-unquote knew when you bought it that this was possible I worry that courts will let folks get away with this which is probably a good reason for people to pay attention in advance and choose the products they buy based on whether or not they want this kind of remote tether to be involved obviously there are other ebook readers out there that do not have this quote-unquote feature of Amazon's ability to come in and change not only the code the operating system but also delete content that you may or may not have purchased on that so but yes it's going to be a big issue it's only going to get worse as more devices get more tethered this is a rather general rather general question about a specific class of issue that hasn't applied to me personally but I've watched it happen several times for those who don't know critics who protest against the church of Scientology generally have to wear masks at these at these protest sites because the church of Scientology is known to videotape and photograph its critics harass and stalk and harass them and their family members so some of these protests that have been video recorded by the the person in some cases a person who has videotaped these protests have uploaded them to their own YouTube accounts so what the church of Scientology has started responding to that with is to file a DMCA takedown notice because in order to file a counter notice you must reveal your identity to them what recourse would you suggest for a victim of such a bogus DMCA takedown notice if you do not follow through your YouTube account is generally banned and by YouTube's terms of service you are prohibited from creating a second one so there are a lot of issues surrounding the misuse of DMCA takedown notices in order to do a proper takedown notice one must say under penalty of perjury that the material is infringing and so if it is material that the sender of a takedown notice does not own a copyright in clearly it is not infringing their rights and it would be in that circumstance an improper takedown notice but there is an interesting feature about the DMCA is that the process under DMCA is to file a counter notice and at that point the material can get placed back on the original server but in the course of the counter notice you are required to provide a certain amount of information one thing you can do is if you have a council is to use the contact information of your council as part of the counter notice so that that fulfills the function of the DMCA counter notice a way that you may be contacted but without directly revealing the information and in some circumstances it may be worthwhile to consider a 512 misuse provisions one of the things that EFF has been involved in a variety of context certainly surrounding YouTube where it has come up a lot is filing lawsuits for the misuse of the DMCA notice process we have one ongoing right now involving a takedown by universal music of a home video featuring a dancing baby where a print song is playing in the background and we are trying to take that case through the courts and hopefully as a result of that case we will get some favorable rulings that will clarify the law around DMCA misuse and make that a more effective provision in the future suppose you do not have legal counsel or cannot afford it well one thing to do if you don't have legal counsel and cannot afford it is to contact the electronic frontier foundation for this specific for this specific scenario sorry well if we are not able to help we probably cannot take on at this point another DMCA misuse case until at least we get the one that we currently have to a conclusion there is only so many we can the bandwidth to do at any given time but something very important to know about our legal help services is that when we can't help someone we don't have the bandwidth ourselves we do make an effort to try and find counsel who can help put those people in touch and see what we can do to help someone find the right counsel sir hey hi computer fraud and abuse act as far as it applied to the lorry drew case my space do you think that was a good applicable use of the law and if not is there one or should she have been charged during the comments on that okay so I think that for people who are not that familiar with it there was a case where a prosecutor out of Los Angeles charged the computer fraud and abuse act for against a Missouri housewife who had provided false information to my space by giving information that purported to be of a teenage boy and the case was really because the circumstances of the situation were really tragic this account had been used by various people to communicate with a teenage girl and hurt hurtful things were said and the teenage girl killed herself so I think that this was a misuse of the computer fraud and abuse act and that terms of service violations cannot be violations of criminal law there was not a Missouri law that prohibited what had happened so it wasn't against the law it was one of these tragic situations where something terrible happens but there's not a law that applies to it and often as a result a lot of really bad laws get passed and Missouri has passed a harassment law in response to this case and I haven't studied it so I don't know if I think that law is particularly overbroad or not but very often these sorts of things result in you know kind of like let's pass a law to deal with this situation and it ends up having impact in a lot of other situations I think another aspect of your question was is are there any good uses of the computer fraud and abuse act and I think that there probably are some but I think that the statute needs a dramatic amendment to narrow it quite a bit to make it clear that we're talking about circumvention of security measures or destruction of evidence or bringing whole computer systems down and we're not talking about these kind of you know terms of service or lack of authorization because there's no agency relationship type of cases I was wondering what the current status was of the search and replication of American citizens computers re-entering the US and whether the Freedom Information Act has under the Obama administration anything's changed or did we ever actually get any good information from them about why they're doing it so your question has to do with searches of laptops at the border for those who haven't followed this issue in the past year, year and a half there's been a lot of discussion about the government's authority to search laptops of travelers crossing the US border a lot of this was prompted by a case in California in the Ninth Circuit called United States versus Arnold in which a district court in California ruled for the first time that some level of suspicion was needed before the US government could search a laptop in that sort of situation as a general matter the Fourth Amendment does not provide the same protections at the border as it does in places within the country because the thinking is that the government has a compelling interest in enforcing customs laws so the same protections don't apply so in the past the government's been pretty in the past and now the government is pretty free and open to search people's luggage and what have you laptops obviously present an interesting situation because there's so much information on laptops certainly a laptop is capable of containing a lot more data, a lot more information than you'd find in say a briefcase or luggage and so the court in California held basically for the first time in looking at this type of situation it departed with other courts and basically said look a computer's different you need at least reasonable suspicion and then that decision was overturned and basically the situation where now is the Supreme Court considered whether to look at that or not and decided not to and so at this point the case precedent is uniformly not good the government according to the courts the government does not need any level of suspicion to search your laptop at the border we did a FOIA case trying to get information about whether we wanted to get the government's policies and procedures you know sort of the internal working papers about how these searches ought to be conducted by agents at the border and we filed suit we ended up getting several hundred pages of information detailing how agents are instructed to do these searches which we've put on our website and you can look at also in response to the public scrutiny on this issue the Department of Homeland Security actually changed its policies and procedures about a year ago and posted the new policy on its website which you can look at now you know it's pretty problematic from our perspective basically they can search at will and they basically say they also can take your computer and take it off site to perform a search and they can keep it for a reasonable period of time and it's unclear what that is it's entirely unclear to us from the government's perspective how long they think they can you know hold your computer under the Fourth Amendment without causing any sorts of constitutional problems and you know this is something that we continue to look at and are trying to document the government's practices and so that's kind of the status of the situation now meanwhile encrypt meanwhile encrypt we've had several issues on privacy and I know you guys are fighting the fight on privacy and court but that's kind of like the back end of the situation and I'm wondering if it's the time with the congress changing and with political times changing and all the secondary use things now hitting you know the news media is it time to have a privacy law that actually details and clears some of this up and if so how would we craft that as opposed to letting the music industry craft us a privacy law I'm not quite sure what exactly you're asking I mean we are primarily a litigation oriented organization we tried our hand at being inside the Beltway organization way back in the early nineties and decided that that entailed a level of compromise that we weren't very comfortable with and we returned to the Beltway last year due to the push for immunity for the telcos and we fought that fight as best we could but in many ways it reminded us of why we are not an inside the Beltway organization and would prefer to press for people's rights in court and to the extent that privacy laws are inadequate for example under the fourth amendment to the constitution that we would seek to have courts enforce those rights that being said we are involved in a effort involving a coalition of civil liberties organizations and ISP and other internet service companies to come up with proposals for reform of the electronic communications privacy act which is the primary privacy law regarding the privacy of your internet and telephone conduct I'm not certain if that answers your question however I'm not asking you to sell your soul and become a policy person as opposed to who else to ask but the people who are defending our rights on privacy on what would a good blanket privacy type law look like. The fourth amendment is pretty short and pretty plain but evidently doesn't mean much either at times so I'm kind of curious as to what a statute from your guys expert opinion how could you clean something up and I don't care if it's politically palatable or not so as an initial matter the fourth amendment while it sometimes does not work as well as you might hope it actually is a really great thing and it has been enormously helpful to have something which trumps laws so that you can say that even if this law explicitly and purposefully is trying to invade upon your rights that that law is still trumped by the fourth amendment and the traditions that were handed down since our founding fathers so the fourth amendment it is a very powerful thing and it's something we find very useful in our litigation one you want an example of what a good privacy law is and actually I wanted to give the example of the video privacy protection act the video privacy protection act is the strongest privacy protection that you have under the law so more protection for what videos you watch than there is for your financial data or your social security number or your health information and this came about because Judge Bork was nominated for the Supreme Court and in the process of that nomination an enterprising reporter went to a video store and got the records of what Judge Bork had rented at the video store and then wrote a story about it now as it turned out Judge Bork did not in fact rent anything particularly scandalous concerns I believe but it made Congress think this could happen to me and perhaps they had rented something else and so shortly thereafter there was broad bipartisan consensus that we needed really really strong laws to protect the privacy of what videos you watch and they came up with you know you have to show that it has a really important reason it couldn't get this information from other sources it has to give you an opportunity to contest it it is just a very very powerful law so if we could expand the video privacy protections to areas outside of video that would be a wonderful thing have you guys handled any cases involving software patents lately that you'd like to summarize for us and what kind of developments do you see in software patents in the future so that's a very good question as some people may know the Supreme Court is hearing a case that touches on potentially on this question both the question of business method patents and potentially sort of by extension the breadth of software patents the case is Henry Bilski we are going to be filing an amicus brief in that case our patent busting project continues we about gosh I think it was about five years ago now chose ten patents that we thought were bogus when issued and which were also currently at the time being used to shake down small businesses and other folks who generally couldn't afford to protect themselves from patent rolls and we have done a pretty good job busting those patents I forget where we are now thank you two left that's right I think we've gotten eight of them into reexam two that are still left not all of them are software patents but many of them are now I will say the trouble with software patents is the incredible expense of defending actual software litigation which is why Pat being a patent troll continues to be a viable business unfortunately so we are doing what we can Congress is considering patent reform legislation that might help but that process has been stuck in political wrangling for a number of years and nobody at last I heard no one thinks that's going to change this year may have something may happen next so we are on that we're doing what we can I wish we could do more but you know without taking on multi-million dollar patent litigation on a regular basis it's hard to bust patents one at a time when there are so many bad software patents out there all right we're going to take a few more questions so hopefully get you out of here pretty soon so we'll take the people who are currently in line and then wrap it up and then we're going to be around for the rest of the weekend if people want to come up to us individually with further questions there have been a couple of mentions of both the legal status of shrink wrap license agreements and of terms of service and I'm wondering if there have been any other cases targeting those and particularly the effect of states that have passed the UCITA I know Virginia and I think Maryland maybe some others so yes there have been a number of very interesting cases involving terms of service end user license agreement type things the quick overview of the state of the law right now is that U.S. courts generally will find those kinds of contracts to be enforceable as a general matter if you were presented with them before you laid your money down and if you actually had to make an affirmative click I agree or other sign of assent so courts have been skeptical of so called browse wrap agreements those are the link at the bottom of the web page that says by visiting this web page you hereby agree to give away your first born those have generally there have been a few that actually have been upheld but generally courts seem to think that's bogus but if you actually they give you the splash screen they show you the whole thing you click I agree and before you had to pay for the product or you know if you had an opportunity to get a refund court seem to generally find those to be enforceable contracts so the main event in court today is assuming the contract is generally enforceable what about particular terms just because the contract is a whole maybe a deal, an enforceable deal doesn't mean every term necessarily will be respected and so what we're seeing is kind of term by term fights in courts the terms that are attacked most often are mandatory arbitration clauses they're frequently thrown out by courts who say that you know for example AT&T in their AT&T wireless your cell phone they have had their arbitration clause struck down several times in a row in California so that's sort of where the fight arises and of course for this audience one big question is what about the bans on reverse engineering there have been a couple of bad cases in the last five years on that score it's not a done deal I think there's still room to argue that those kinds of clauses should not be enforced there's some other bad clauses out there I hear that in the Apple app developer agreements you actually one of the clauses is you agree never to criticize Apple that's a clause I would love to see in court I think a court would probably say that's not enforceable so it really is a fight about which terms are reasonable the general overall approach is that these licenses are respected you mentioned briefly the question of the states that have passed UCDA UCDA for those that's kind of old kind of relatively old news now was an effort that a lot of people felt was captured by folks like Adobe and Microsoft to make a model law that was very pro licensor in other words pro vendor, anti-consumer only two states enacted that it's basically a dead letter now in fact I think three or four states have enacted provisions saying if someone tries to put UCDA into a contract against a citizen of our state we will render that null and void so I think UCDA is pretty much a dead letter for the most part that's good news the bad news is vendors continue to put ridiculous things in these agreements and it's sort of a case by case fight to see if you can resist them we are however always looking for a good test case on that and just a quick aside Judge Sotomayor who's currently up for the Supreme Court actually wrote one of the important and good decisions about online licensing agreements that's the leading case saying browser apps are bullshit you have had a new administration for six months now what has noticeably changed and what noticeably has not changed so yeah the Obama administration to office they did say a number of really great things in terms of promoting transparency in government and these gave us some great hope hope for change however we began to notice after a while in some of our cases that the briefs did not have much change in fact the same legal arguments that had been pioneered by the Bush administration this has been taking place in our warrantless wiretapping case their views about the secret privilege and some of their views about our FOIA litigation and what things should not be revealed to the public and so in terms of briefs actually filed with the court we have not seen much change with the new administration that has been disappointing the American public dodged a bullet in the last session of congress there was a bill that got house resolution 1955 got 406 votes in the last congress and it went to senator Lieberman's homeland security committee president Obama was on that committee at the time but if you folks know about house resolution 1955 that was the homegrown terrorism act that was going to bring us back to the Joe McCarthy rides again here in Hollywood blacklist but Jane Harman won't talk to me and I was just wondering is that bill is it being reintroduced if you know about that bill in the next session of congress the homegrown terrorism act? I'm not familiar with this bill we're primarily a litigation as Kevin was saying primarily a litigation oriented organization not so much a lobbying from time to time we have weighed in on bills like the telcom immunity bill which was very important to a case that we were doing and so we have glancing relationships with bills but I'm not in particular familiar with that one Jane Harman we are familiar with because of some of her activities with respect to warrantless wiretapping she was one of the first and most vocal democratic proponents of warrantless wiretapping when the NSA program was first revealed in December of 2005 but then more recently she discovered that the government had actually been wiretapping her and changed her tune about that and actually then was saying that was really unfair for the government to have those sweeping powers are you guys available to come over here for the question and answer session in 103 or do you want to cut all your questions off here? I've got one more gentleman here that wanted to ask a question, I want to ask quick one and then we'll just a quick one last year I really applauded the kids from Boston and their attack I worked for the transit agency in San Francisco and we just got to see the one about the parking meters which I always wondered how long it was going to take for someone to do something so I've talked to Joe Graham he had not yet been in contact with our agency so I've been trying all day to get people to take their heads out from under their wings and wake up so I'm going to try and be a proponent of this because I think it only makes us stronger and more secure but what recommendations do you have for being supportive but ducking the oncoming fire that may come as a result? Well first I want to thank you for you know being there to be interested in the talk and to be a conduit for the information to the transit authority I know that they wanted to talk to Muni about the problems that they found with the parking meters and I think that in my experience and this is a role that you could really play that would be really awesome and helpful in my experience it's really engineers talking to engineers that helps to get things fixed and get things done and sometimes it's the policy people and the press people who are worried about all sorts of other considerations other than trying to make things work that really kind of muck up the works a lot so what I'll just say to you is you're sort of serving a role in saying this is legitimate stuff we kind of knew about this we should have been worried about this now that we know we're going to do it and also kind of stressing the kind of responsibility about how this is the way that information is communicated and this is the way that engineers talk to each other and what I'm going to say is a question back to you you let me know what we can do to help make this kind of process go smoother so we can all learn from the experience of what Muni is going to do with this parking meter incident and I'll give you my card and let's keep in touch so yeah no thank you our next session is going to be with the federal folks where you can ask a Fed a question we have approximately 20 of those guys ladies coming in here one of the things that some of us around here have noticed we get along I get along great with the feds but when we talk about the FF it's always excitement we talk about feds it's like hmm so my question would be just very quickly is they're out there trying to do their job you guys are doing your job do you see your role or one of your roles perhaps to act as that counterbalance to try to pull some of the things that they want to do back to a more reasonable level is that really kind of where you see it going in some cases just want to eliminate all their ability to do things they're trying to protect us to be fair and you're trying to protect us and I guess that would be the final question where do you see your role maybe just even individually what you kind of proceed that to be I'll sort of start with this I guess one thing I'd say is that you have a lot less to worry about from the feds who come here to Blackhead and DEF CON than you do from a lot of the other feds who are out there and that's thing number one that I would say thing number two that I would say is that as a whole I think that the military and intelligence people are a little bit different from the law enforcement people in my experience and these people have very different sort of interests between military and intelligence and law enforcement and I think that the government is filled with civil libertarians and it's filled with people who go into government because they're patriots and they're patriots because I'm a patriot which is that they believe in the United States and they believe in the way that we do things and then there's a lot of other people out there who are not and people who get sort of wrapped up in what their job is and their mission is and become kind of focused on we convict criminals as opposed to you know we enforce the law or something more along those lines so to some extent I feel like our job is to encourage the people who are civil libertarians in their work inside the government and to be a counter force to the people who are not civil libertarians and then I think also our job is to help inform you guys about what it is that the government's doing so that they can live up to their promises to protect our privacy and to keep us safe at the same time and I think that we have to be very serious about making sure that you know and of course we respect civil liberties become something more than just a tag phrase that means that we're going to just leave everything on the floor there are a lot of people here who I have talked with, who I'm friendly with who work in the government and who do take that responsibility seriously and a lot who don't so hopefully those of you who are staying for the Ask the Fed panel later on today will give them help Thank you all very much for coming