 So, thank you for coming to our panel this morning on Wall of Sheep, should it be illegal or not. And my name's Jennifer Granick. I am the Civil Liberties Director at Stanford Law School Center for Internet and Society. And I am going to be the moderator of today's debate. And for the debating sides we have in the side resolved, Wi-Fi sniffing should be illegal. We have the no side, it should not be illegal. Professor Matt Blaze, who is an expert in secure systems, cryptography and trust management. He's an associate professor of computer science at the University of Pennsylvania. And on the pro side we have Kevin Bankston, who is a lawyer specializing in free speech issues at the Center for Democracy and Technology. He used to be a colleague of mine when we both worked at the Electronic Frontier Foundation. And his specialty was the Electronic Communications Privacy Act and national security and these types of surveillance statutes. So they're both extremely well qualified to take perhaps even both sides of this debate, which I think you'll see as we go on through the discussion that it's a little bit less of a debate between Matt and Kevin than it is a debate that we have internally within ourselves. The hacker loving side of us versus the privacy loving side of us and us really just not knowing what the right course is and what we ought to do. So we talk about the wall of sheep because it's something everybody here at DEF CON is familiar with. It makes Wi-Fi sniffing very familiar. But it's really just a framing device because that's not in any way the only experience that people have with open Wi-Fi sniffing. I think for the rest of the world, probably the experience that people are most familiar with is the Wi-Fi sniffing that happened in connection with Google Street View. And for those of you who are not familiar with that situation, basically you may know Google drives around in these cars and takes pictures of the streets and then when you are on Google Maps, if you want to see what the storefront looks like or something, you can look at the actual photographs. And what one of the engineers who was working on the project decided would be fun to do is also to collect information about Wi-Fi networks. Now, this information can be really useful primarily in helping with location identification and location tracking because if you know a certain Wi-Fi network, a certain SSID is at a certain area, it helps more precisely define where you are when you are looking on your device and trying to figure out where am I on this map. So that's super useful and the intention of the engineer was to collect that information and this debate today isn't about collecting that information but he also decided not just to collect SSIDs and MAC addresses but also to collect what the FCC, the Federal Communications Commission and their report called payload data or the contents of the communications, the e-mails, the substance of the e-mails that were being sent over the Wi-Fi network, that sort of thing. And so basically what they were collecting was all non-encrypted data, not just header information but also the substance or payload data as well. And this arguably, as they will discuss, violates the Electronic Communications Privacy Act which says you cannot intercept these electronic communications and there's also other statutes that talk about intercepting radio communications that are encrypted and that's not allowed. So there was an investigation and the FCC was investigating whether in running their street view cars with this Wi-Fi sniffing technology basically they used Kismet so many of you may be familiar with that. So running it with Kismet whether that was a violation of law or not, something that might be of a lot of interest to some of the people in this room and what the FCC concluded at the end was big surprise, there's no precedent on this. They really didn't know what the answer was and they didn't really have all the information they wanted because the engineer who had been involved in the coding decided to take the Fifth Amendment and didn't give the FCC any information. So they said, well, you know, we kind of don't have enough of the law and we don't really have enough of the facts but what we do know is we don't think Google was cooperative enough in the investigation so we're going to find them $25,000 for failing to cooperate with us. So people are laughing because I guess they think $25,000 is like a slap on the wrist and you'll be happy to know that you're in pretty good company there because Senator Dick Durbin who's a Democrat from Illinois also didn't exactly laugh but got a little mad when he found out that they only received a $25,000 fine and he said, I don't understand how just because I don't encrypt my network, if this is communications coming from inside my home, my private communications, how that means it's unprotected and people can just ride around and collect it with impunity and the FCC chairman Julius Junkowski agreed with him and said during this hearing, yes, perhaps you Congress, don't blame me, I'm the FCC, it's your fault. You guys should update the electronic communications privacy laws in order to address this and fix the problem by making sure that when we the sheeple are using our unencrypted Wi-Fi networks that we are still, that our privacy is still protected and that's what the Senate is here for us, here to do for us is to protect us which will be the side that Kevin will be arguing and Matt will be arguing on the other side. So just to give an example, so just to be clear we're not talking about whether it's okay to run an open wireless network, we're not talking about terms of service and whether your provider allows it or anything like that, we're really talking about this information collection and interception issue. So hopefully that'll make sense and what we're going to do is sort of introduce the debate with the argument or discussion that Matt and Kevin had online and then they're going to talk back and forth and then we're going to let you guys be the judges of who should win and maybe either before or after that we'll do some questions. There's no prizes from either of the people for voting for them. So do you guys want to introduce how you, okay. Yeah, well actually I want to say thank you if you're out there for the person I met in the Starbucks line who bought me my coffee and muffin today because of how beat up I'm going to get today on this issue. This is very sweet of you. We wanted to introduce ourselves with a story of five, our Twitter discussion that led to this debate to sort of illustrate how I think we're both wearing devil horns a bit today playing devil's advocate. I'm not here representing an official CDT position. CDT doesn't have a position yet on this but we wanted to start a conversation because there are now policy makers talking about whether to do something in what to do about this issue but instead we'll just read the tweets that began this conversation. Okay, so three months ago. So this is actually an example of Twitter leading to something interesting. When the New York Times was reporting about how everyone was mad at Google, I sent out a kind of exasperated offhand tweet in the hopes that somebody would help me understand it. And instead Kevin helped me realize I understand it even less than I originally did. Kevin storified the tweets and we have a little history of them which you can see on the screen there. We opted for the blue on blue motif. So I'll start with reading mine. So I started out by sending out struggling with whether Wi-Fi sniffing should be considered wiretapping. Either way seems to invite bad unintended consequences. Indeed, my privacy advocate side and my free speech and innovation side have been arguing over this for a year. Would love to talk. The status of Wi-Fi sniffing is an important unsettled legal question. It's important not to advocate based entirely on one's feelings about Google. Oh, and then I tweeted again. Much of the reporting commentary has been focused almost entirely on Google and its evilness or lack thereof. This short changes a complex issue. Opposer, I have a First Amendment right to take photos in public. Any reason I shouldn't have the same right to capture unencrypted radio? It's all waves. Opposer in another direction. Millions of people use open Wi-Fi for private communications. Law protects unencrypted cordless calls. So why not Wi-Fi? And then I'm used. Tech people think sniffing is fine. People who care about privacy think it's terrible. You understand both, your head explodes. On the one hand, I do research that involves intercepting radio traffic. I think this is legit to do. On the other hand, lots of people have unencrypted Wi-Fi without realizing it. Claiming they deserve to have privacy violated is unsatisfying. Lawyerly response. Suggest very close look at 18 USC 251016 on this question. So that's just what the law is. Better question is what should it be? And then I respond with a non-lawyerly response. I can't figure out what 251016 means here. But yes, the harder question. What should it say? Is the interesting one here? And so we're having that discussion here. And you will hear too much about 251016. Very shortly, as I introduce you pretty quickly to the law as it stands now and just how confused it is, which I think is one of the main reasons why Congress does need to act whichever direction you think it should act. So we have this federal wiretapping statute, the wiretapping portion of the ECPA, the Electronic Communications Privacy Act. And it generally prohibits anyone, private party or the government, from engaging in any unconsented or unwarranted acquisition of the contents of a communication by a device or interception. Unless that communication is transmitted in a way such that it's readily accessible to the general public. This is a really important phrase, readily accessible to the general public. Based on the dictionary definitions of those words, how many people here think that unencrypted Wi-Fi communications are readily accessible to the general public? Okay. It's pretty close to unanimous. The thing is though, there's actually a definition of what those words are supposed to mean in the statute, which I would be showing to you, or actually am on blue on blue. And it's a little confusing because it's sort of a double negative because if something is readily accessible to the general public, it's not protected by the wiretap act. So the definition though is, readily accessible to the general public means, with respect to a radio communication, this is a definition specific to radio communications, that such communication is not five different things. So if it's not any of these five things, then it isn't protected by the statute. It's a little confusing, but one of those five things and the most relevant was, is scrambled or encrypted. So this has led Google to argue, in the class action against it, Jof V. Google, that open Wi-Fi, by virtue of not being scrambled or encrypted, is under this definition, readily accessible to the general public. The FCC, in its recent report, seemed to take this argument on face value and just say, well, Google argues this and we don't really have any facts. So we're just going to skip this. They looked at the code. They had that guy from Strasse-Briedberg look at the code and it didn't capture it. You're not on, Mike. They looked at the code. They had an audit, a forensic audit. And this forensic auditor looked at the code and it did not capture the encrypted packets. So it excluded those. And so Google is saying we only capture the unencrypted stuff and we're arguing that under this definition it's not readily accessible. The open stuff is readily accessible and that's not covered and so we get off the hook. Thing is though, the plaintiffs obviously in this lawsuit out in California disagree. They've argued that actually this definition, they've argued and the court has agreed that this definition doesn't apply and they have argued and the court has agreed that this definition doesn't apply, the district court, the lower court, because, and this is the reason people hate lawyers, Wi-Fi isn't a radio communication. So not my argument, but the plaintiffs argued and the district court agreed that when Congress said radio communications it didn't mean radio communications. It meant something narrower than that, something that more maps to traditional broadcast radio. Breaker, breaker, breaker. And so just to give a little alertly background, so this was on a motion to dismiss. So they were trying to, Google was trying to dismiss the case. The court said, no, I don't believe this definition applies so you have to go by the dictionary definition of readily accessible to the general public. And the plaintiffs have alleged in a complaint that I have to take as true at this stage that Google required really sophisticated equipment to intercept this stuff. Certainly Google used really sophisticated equipment to intercept this stuff, but you don't need really sophisticated stuff to capture any of this. So I have questions about how well this argument is going to fare on appeal. It is on appeal right now. The specific question on appeal to the Ninth Circuit right now is, are Wi-Fi communications radio communications such that this definition applies? So you have these two readings. I don't want to necessarily say that they're equally plausible, but you do have Google arguing one side, a district court saying otherwise, the FCC seeming to agree with Google. But there's a third reading because there's another one of those five things in that definition that's relevant, which is a reference to specific frequencies allocated by the FCC. As they were allocated in 1986, these frequencies were used for various satellite communications, auxiliary broadcast stuff, and private microwave services. And so even if they're not encrypted, Congress chose to protect communications on those frequencies against interception and carve them out of the readily accessible definition. What do you think those frequencies are now used for? Wi-Fi. Not all Wi-Fi though. And this is where it gets fun and crazy and stupid and one of the main reasons I want to do this talk. On this plain language reading of the statute, the statute which carves out communications on these particular frequencies, whether or not your Wi-Fi communications are protected by the WireTap Act, turns on what channel your router is set to, such that channels one through six are completely readily accessible to the general public. Channel seven through ten, it depends because they cover a range of frequencies so it may veer one way or it may veer another. The only channel on this reading that is completely not readily accessible to the general public is channel 11. So if you want to run an open Wi-Fi but take advantage of the legal protections under this reading, follow Nigel Tuffnell's advice, turn it up to 11. And if you're sniffing and you want to be cautious, you may want to avoid sniffing channel 11. But so that's why I think whatever you think of this issue, it's dead clear, the law's a mess. And we all need clarity. You need clarity, I need clarity, we need clarity for the government and for Google so that everyone is on the same page in terms of what's legal and what's not. And so that's why we need to act. I'm going to argue soon that we should act in favor of protecting the people who use open Wi-Fi. But in the meantime, I'm going to let Matt talk for a while about why that might be a problem. Okay, so the perspective that I'm coming from this, in this debate, and let me start out, I love you, Kevin. You know, this is... I think we could both take either side of this. But the perspective that I'm coming from is that I do research that involves radio interception. If you're interested in hearing about some of that, come to our talk at this time Sunday morning or Saturday night, depending on your perspective. The... And you know, I believe that there are legitimate reasons to intercept radio signals over the air that lead to useful results. So what I'm not going to come... The perspective I'm not going to take, because I don't think that it's reasonable or tenable to take this, is the ethic that says, well, people who can't figure out how to set the crypto option on their router don't deserve privacy. And you know, we have the wall of sheep. We're kind of implying that people who can't figure out how to set up their routers are kind of deserving of about the same level of protection that you would give to sheep. I think that's... We need to reject that position if we want to be taken seriously. But that said, I still don't think that it makes sense to base a policy on the fact that we're kind of mad at or suspicious of Google and Google's sniffing of Wi-Fi networks. First of all, sniffing just Wi-Fi networks, doing what Google did, has led to incredibly useful things. You know, we have things like geolocation databases, which started out as kind of a guerrilla hacker project where you'd sniff local networks, stumbling around, remember, net stumbler, find networks, geotag what those networks are, and boom, we've built a pretty good alternative to GPS on top of that that doesn't require an open view of the satellites and will often give you better location resolution than you'd be able to get out of doors. I think that is just an unambiguous good thing to have and do. Now, there's a question of whether apps on your phone should be able to get access to this without your own permission. But I think we can probably, you know, all agree that having the technology to do this, unexpected consequence of, all of a sudden everybody's got a Wi-Fi router in their house and in their business and it's in a fixed location, and you can actually use that to do something really useful just by sniffing those signals is, you know, that's just an advance for society. I can imagine other things as a security researcher that might, you know, that don't exist today but I could imagine things that might exist in the future. For example, if I'm going to join a local open Wi-Fi network and become a client of that open network, one of the things that I might want to do is have some level of network situational awareness. Run my own little IDS on that network and find out have I, you know, have I logged into a good neighborhood or is this the DEF CON network? And sniff traffic to find out whether there are active attacks going on. We could certainly imagine a strict law passed in response to what Google did that would make it illegal for me to protect myself in that way. So, you know, I think that anything that we do, any wording of a law or any interpretation of regulations that says you can't use the signals that are coming into the equipment that you've got is going to lead to, first of all, a stifling of very important kinds of innovation that we haven't imagined yet but that are going to be out there. And secondly, are going to be ineffective at reaching their results. Now, the second problem is that radio architecture is changing. In, you know, the 1980s and the 1990s and really through the beginning of this century, the way you designed anything that used radio had a pretty clear separation between hardware and software. You had radio hardware that would capture signals, perform a significant amount of filtering in the radio hardware to decide what you're passing back to the thing that's using the radio signals and what you're not passing back, what you're processing and not processing. The frequency tuning would take place in the radio hardware. The filtering about how you demodulate the signal, would take place in the radio hardware. In cases like wireless networks, even things like filtering out which packet headers you pass back to the software layer would largely take place on the radio side of that interface. That's a traditional way of designing radio equipment that dates back to, you know, Marconi. And that's been, you know, a rock-stable truth for a long time and then it's starting to be shattered. So today we've discovered that software-defined radio has a lot of promise. In a software-defined radio architecture, this line between the hardware and the software just gets pushed all the way back to the antenna. Pretty much you have the antenna and then everything else past the antenna is software running on your computer. Now, what that means is that a sensible way of doing things like recording all of my traffic that I'm legally entitled to get because it's actually my traffic on my network or intercepting, you know, a TV signal or what have you. Maybe it isn't quite there yet today, but it may be in the very near future the sensible architecture will be to record the raw RF signals, what we call in the software-defined radio business the INQ data for a certain limited range of spectrum, store that and then later use software to effectively demodulate and extract the signals that you're interested in. So now, if that becomes the dominant radio architecture and there's a really good chance that that's going to become the dominant radio architecture particularly for things like Wi-Fi, pretty soon what we're talking about when we say you shouldn't intercept radio signals from other people's networks is going to mean one of two interpretations either that it's illegal to use any hardware with a software-defined interface because they all would violate this because that's how they work which means we're outlawing the most promising and revolutionary radio technology that's come about in a hundred years or it means that what this regulation actually does is telling you what software queries you can run on data that you've collected on your own machine. It's essentially saying you can look at this file of INQ data and extract these bits from it but not these other bits from it and from a technical point of view that's both scary and nonsensical. So I worry about those unintended consequences. Yes, we all want to protect, well many of us here want to protect other people's privacy but are we going to do it at the expense of these other things? Now let me end my comments on a slightly optimistic note. I have been saying for a while the truism that many people have said which is that if you think crypto is the answer you don't understand the problem. But in this particular case I think this question is going to be obsolete sooner than any regulations or laws can be passed. Unencrypted, fully open by mistake Wi-Fi networks are dying out. My dad is at the mercy of whatever the default configuration is. When I insisted that he sign up for DSL service they sent him a Wi-Fi router ten years ago that I threw out because it didn't have crypto options on it. They sent him another one recently that had crypto turned on by default. That's just what Verizon sends out now. The number of unlocked networks that aren't open on purpose is diminishing and it's diminishing fast. This is actually an example of a problem that is going to be fixed when all of the old hardware gets replaced as it's naturally going to be. And I think by the time Congress reacts to being mad about what Google did a year or two ago they are going to be solving a non-existent problem. A lot to respond there. But let's start with just sort of the basic affirmative argument. Why don't we just say that I won? Give it up to you. A diminishing problem but still a serious one. About quarter of all hotspots are open right now. Many if not most shared hotspots in your typical coffee shop airport hotel scenario are unsecured even if there's some sort of authentication required to join it. And so there's a lot of open traffic out there and a lot of people who don't really realize how insecure it is. And just to flag it for what it's worth there is also a sort of digital divide issue here to the extent that people who have their own internet are more likely to have a closed network while people who can't afford their own internet and have to use the free library Wi-Fi or whatever are less secure. And so that leads to an unfortunate situation where those without have to do without security and those with get to buy their security. But this leaves people vulnerable not only to creeps and snoops and stalkers but criminals who identity thieves and whatnot companies, be it Google or whoever else who want to sniff your traffic. And for my part as a civil libertarian my biggest concern is the government. And you look at the issue of open Wi-Fi sniffing it's not just a question of what you can sniff in the traffic it's what you can do with what you sniff in the traffic see fire sheet where using sniffing open Wi-Fi you can get the credentials to log into a bunch of the different services someone uses and so this adds a pretty, you know a layer of pretty radical insecurity to practically everything that happens online and it's not really fostering a positive security environment but I really wanted to cite especially my concern about the possibilities of mass surveillance. One can imagine someone with the resources of Google sending their robot cars all over the place and sniffing an enormous amount of traffic and then tying that traffic to your address and selling that to somebody. So your father what he thinks is probably not his father because he has Matt to look out for him but maybe some of y'all's parents or grandparents that could happen to them. If the law allows open Wi-Fi sniffing that could happen but even more worrisome is a little sniffer on every cop's belt and every cruiser or on every lamp post which I think is a possibility if this is allowed noting we don't know what the DOJ's position is on this they haven't said how they read the law right now which I think is notable and worrisome. And it's also particularly important considering the precedent of cordless cell phones which you had courts ruling on whether or not you had a fourth amendment expectation of privacy in your unencrypted cordless calls back in the 90s and they found no, it's an unencrypted radio of course you don't have a reasonable expectation of privacy in it. I think that similar arguments might be made might be accepted about your open Wi-Fi such that the fourth amendment won't protect us against the government and actually we've seen something similar to this already in a case called child pornography aren't in Washington where someone was running open Wi-Fi and was sharing over iTunes they ended up sharing child pornography over iTunes and their neighbor found it and called the police and they found that that person had no fourth amendment expectation of privacy. I think it's worth looking to the 90s to see what Congress did in the cordless cell phone context which is they updated the wiretap act to clearly protect the privacy of cordless calls even though they were unencrypted because millions of people and thousands of businesses were relying on that technology perhaps foolishly but even so they were relying on it to communicate privately and I think that we should do that here notably one thing that they did do which I think could also be done here is they made it it's typically a felony to commit a wiretap to do a wiretap in the case of capturing unencrypted radio they did a penalty reduction and made it only a misdemeanor although for reasons that are not clear DOJ got rid of that it was able to convince Congress to get rid of that in 2002 but I wanted to respond to a few of the things that Matt is saying technology may solve this problem but we've been saying encryption is going to solve these problems for years I mean anyone who's been in this community for very long knows that yes we've been pressing for more end-to-end security in SSL and we're seeing gains there but there's still an enormous amount of traffic that's not encrypted we've been pushing for encryption by default on routers and we're seeing that more and more but still there's an enormous amount that isn't protected and so I don't want to leave it to technology I want there to be a stopgap of legal protection and if we're concerned that this will become irrelevant then we can put a sunset on the law like take that what they did with Patriot well no, they renewed it well believe me I spent many years working against Patriot I'm not endorsing Patriot but there is precedent for saying putting a 5- or 10-year time limit on your law to recognize that the technology may change as far as the other issues that Matt brought up I think there are already several exceptions in the WireTap Act that I think are relevant and that could also be modified or expanded to address some of these concerns I mean already someone who provides a network can do interception for security purposes on their own network you can do interceptions with consent so there's a lot of security research you can do on networks where you actually tell people that they're being monitored there's an interference exception for radio you can actually monitor in order to identify and deal with interference I think in a statute that clarified that open Wi-Fi is covered you could have an exception that made clear that you could do interception as necessary to identify a network and connect to it and use it and identify which traffic is yours and which is not the software-defined radio question is a much bigger almost metaphysical issue which raises the question what should the line be when we're talking about intercept and it's a very interesting question because I understand Matt's concerns but at the same time if you heard the NSA making those arguments you would probably freak out I know I would because they're the kinds of arguments I litigated against for five years this concept that oh it doesn't actually count when we get it when we store it and it may not even count when we do analysis on it it only counts when we use it or look at it I'm not sure that's an adequately protective of privacy way to look at interception it's certainly not what we argued or would argue if we're talking about the NSA sitting on the network over at AT&T or when it comes to their interception of radio signal I'm not saying I certainly share the concern about we don't want to inadvertently impact innovation in software defined radio but I think the answer there is to come up with a good answer rather than just say it's too hard and we can't figure it out and so Kevin why don't you suggest some answers because of our timing suggest some answers let Matt respond and then we'll go to questions who suggest for the software defined radio situation I think that's the sort of thing where I'd love to have that addressed by technologists in a hearing before Congress but it's an example of the type of difficult issue that we do need to discuss and I think the one thing that Matt and I can agree on is this is not an easy issue and it will be a hard project to come up with appropriate amendments to the law if we want to cover this but let's be really clear that Matt's right now that some or all open Wi-Fi is already protected against interception under the WireTap Act and there may not be adequate exceptions in the law right now and so if we want to protect if we want to make sure to protect the type of activity that Matt's talking about we need to address that in the law no matter what we can't leave the law as it is should I respond to that so I think the reason that you can't come up with a policy answer to the software defined radio in the future architectures is because I don't think there is one but there may be an answer in the way radio privacy used to be regulated although it's legal status is unclear in the communications act section 605 later updated to 705 when they passed there was language that basically said and I don't have the text in front of me but paraphrasing intercept whatever you want but you may not disclose or exploit interceptions that you've made and that may actually strike the right balance here from a policy point of view unfortunately from a legal point of view and actually even from a freedom point of view it's problematic there was a supreme court case that cast significant doubt on the constitutionality of 605 705 basically if you had a right to intercept someone the first amendment kind of makes it difficult to restrict you from talking about something that you had a right to learn in the first place so there may be some difficulty there from a first amendment point of view but that may be what we're actually trying to achieve don't prevent people from using sensible technology and innovating but do prevent them from using things that are private to harm other people so it's interesting that we started with the people who run the wall of sheep and are making clear to all of us including in 2006 to myself that your communications were readily accessible at least to them from that to policy decisions affecting software defined radio and our privacy versus interception by the government and I'll just say that if any of you get a chance to ask general Alexander any questions later on here at DEF CON you might want to ask him about the line where NSA thinks their interceptions are regulated can they collect everything store it and read it later or are they prohibited from basically creating those databases on us by the governments and by the way we're going to be discussing statutes because that's something we need to know if we're going to protect ourselves in the future so with that let me take questions for our debaters here I think we'll do a couple of minutes of questions because those may influence the way that people vote do we have microphones out there and I'll repeat it and then we'll let these guys answer yes right here in the front please So her question is basically, just so I can sum so far. So basically her question was a bit, the Fourth Amendment has a reasonable expectation of privacy, but there's a plain view doctrine. Here you are basically exposing all of your information. How can that not be in plain view? And I'll just make one clarification. Remember, the Fourth Amendment regulates the government, does not regulate private parties. And so the question is, why is this not just, it's already out there? So that is the argument that they made with cellular telephones. And that's why I think we're all concerned that this information isn't protected by the Constitution and not protected statutorily as well. Do you guys have anything to add to that? I mean, I'll just, I will say that it's obvious if you're standing in a glass shower. The sad fact is, is that for many, many, many people, you can characterize them however you like, but many people as sheep or whatever. But many people don't recognize that their wireless communications are insecure. They should, and I think the wall of sheep people, as being one factor in terms of trying to educate people about that, although really everyone here should understand that. Which is why I think it's okay to call people who screw up here a sheep because they really should know better. But I don't wanna treat the regular populace like that. They actually don't know and they need protection. And so I completely understand and sympathize with your point and I made it myself in our Twitter discussion. But I look to the precedent of cordless phone. I mean, so many people were using it. It was so insecure, but if we accepted it as not private, then a lot of private stuff would be not private. Let's go to this gentleman in the black shirt and then the woman behind. So, sir. So the first question was about Google. Was it intentional? And the section question was about what the FCC's practices are with regards to channel 11. So I'll answer the first. The engineer who designed the code, according to the information Google turned over, knew that he was collecting unencrypted payload content data and intended to do so. It was unclear who else in his chain of command knew that that was part of what it did. So it was initially Google had said it was accidental, but actually that engineer and maybe some other people maybe not wanted to do that. The engineer believed that information might be helpful in Google search algorithm. And I think they collect all of your searches and they use that to refine their search algorithm later on. And he thought that might be helpful. At one point, he talked with somebody on the search team and said, is this information useful to you? And they said, no, it's not. And they continued to collect it, but allegedly did not use it afterwards. Kevin, do you want to respond to the? So he's referring to the fact that there are actually 13 channels for Wi-Fi, but 12 and 13 are not used in the US. Not supposed to be used in the US. And you're asking about FCC enforcement of that. I don't have an answer to that. I think in general, the FCC's enforcement regime, technical enforcement regime is reactive to interference complaints. So we are at time. This gentleman's lurking behind me, which means I have to get off the stage, so we need to take a quick vote. Who thinks that Kevin wins the debate? Thank you, John. Thanks, guys. You're very sweet. Who thinks that Matt wins the debate? Okay. You guys can buy Matt a drink after the panel. Thank you so much for coming. Thanks. And there will be Q&A four track two. It is across the hall. And so if you have other questions for the people who I didn't get a chance to call on, please head on over there.