 I'm John Pincus. I'm software engineer, software architect by background. I've been a long-term privacy activist, worked with EFF since the 90s really. And I run mailing lists in Washington State, the Washington Privacy Organizers, where we've been pretty involved in state legislation and federal legislation as well. Awesome. And I'm Maya Morales. Often can be found organizing with John on this stuff. I am an educator, activist, community organizer and artist. It was instrumental in helping pass a ban, municipal ballot initiative that banned face recognition and predictive policing tech in my city. I went on to do a bunch of legislative advocacy for Washington State and have also been diving into federal legislation. So glad to be invited here to chat with you all about the alphabet soup of privacy legislation this evening, afternoon for us, evening for y'all. All right. So the first thing that we want to start off with is just to offer our gratitude to all of you for being here, to EF Georgia and to Scott for organizing this and streaming it, getting that set up on Twitch, I think also on FB. And also to everyone who shared and boosted the event and lifted it up. Thanks for making the time to hang out with us and grateful that you're tuning in to Data Privacy. So thank you. We also would love to just like thank you in advance for taking the actions that we throw into the chat later and being willing to learn more about this stuff, educating your friends and family and coworkers, sharing everything that you learned here around. So, yeah, let's let's we're thankful. And then just before we dive into the soup. Thank you for this lovely image who ever made this. Just some comments on moderation and safe spaces. I think this is probably goes without saying but in whatever chat that you see whether you're in the webinar with us on big blue button or whether you're on Twitch or on Facebook please keep the chat friendly and respectful and keep it a safe space for everybody. And then also just wanted to welcome you to like if there are any terms that we use or questions that come up for any of you on privacy concepts or technology, just anything like that. Go ahead and just put it in the chat and if we can as we're speaking we'll just address it as we're going. And if it's a bigger chunkier topic we'll just save it to the end to the Q&A but you can go ahead and and throw those questions out there there are never any bad questions. If you don't know that's okay. We're here to talk about it. And if you don't know there are probably other people who don't know either so please ask. So this kind of our agenda for this evening is to just talk about organizing mobilizing our communities on federal data privacy laws post overturn of row. So we know that we're in a pretty unprecedented moment where after the overturn of row it's really called into question for so many more people who maybe previously didn't pay much attention to the need for privacy legislation. Are really turning their attention to the fact that oh gosh, maybe this is going to affect me a little more than I thought it would. And so this is kind of a pivotal moment for us in thinking about the role of the Supreme Court in removing rights versus advancing them and looking at what we may need to do federally and in states to ensure our rights and liberties. So we're going to go through going to give a brief overview of youth privacy bills. That will be a fairly short segment because that isn't something that John and I have been like deeply working with although we do work with folks who are. Then we'll look at the American Data Privacy Protection Act the ADPPA. That has been heard it's had a draft revision prior to August recess and so it's still somewhat in play although we'll get into that more later. And then we'll also take a look at my body my data act the health and location data protection act. And the fourth amendment is not for sale act. So I'm going to turn that over to John to start diving into federal youth privacy bills. Oh, you know, it's think of the children. Children really do get targeted by a lot of pretty abusive data practices on time and there's broad pipe partisan agreement that yeah, something should be done. The third federal legislation on that is COPPA the Children's Online Privacy Protection Act, which protects kids up to 12 years old that everybody agrees that's not good enough it's also kind of old I think it's from the 90s really. And so it needs a lot of updates okay. I will try to project thanks for the feedback Aaron. And so everybody agrees that that COPPA needs updating there are actually six different bills, six different child privacy bills all with their own acronyms introduced in Congress from representatives on both parties, many with bipartisan sponsorship. This is an area where people work very effectively across party lines. There are two that are going forward, both in the Senate currently, one is the Children and teens online Privacy Protection Act see top up. Basically this updates the existing COPPA, and it extends it to 13 to 15 year olds. I mean, 16 and 17 year olds are teenagers also you'd think they'd get protection but no. The next mix here is tech companies really want to minimize how much they have to do here. And so they've pushed back pretty strongly the current proposal is to extend it to 13 to 15 year olds. There's some good things in this bill there's some not so good things in this bill. The Senate Judiciary hearing committee had a hearing on it, and they've actually advanced it the way these bills work is they need to get through the appropriate committee in whatever chamber they're introduced in first the House or the Senate. Once the committee advances it then it goes to the floor, and it goes to the other chamber, same thing first committee then floor. So, this advanced from the Senate committee. The next step is possibly the Senate floor. They won't bring it there unless they're confident that they have enough votes to to to get it through the kids online Safety Act also got passed by the Senate Judiciary Committee. This is it's a compliment to the, the, the, to see top up. It requires tech companies to prevent harm to minors, and it mandates some transparency in algorithms. This is a huge problem gets talked a lot about in terms of Instagram targeting algorithms to teen girls that that feed into their eating disorders. Princess Haugen talked about that the Facebook whistleblower she talked about that in her congressional testimony and it made a huge impression on legislators, there's agreement that something needs to be done here. So that had unanimous support in the Senate committee. But there's a problem with with these bills a challenge really how does a site know whether somebody's a minor. There's a couple of different possible legal standards here. One is called actual knowledge. Yeah, if they know somebody's age well they can compute it's a minor how do they know somebody's age. Well they've told them or they've looked it up in some way. But if they don't ask for age, well then they don't have to treat people as a minor if the bill says actual knowledge as copper does. That's a big loophole. Another alternate standard is if the site knows or should have known that somebody's a minor, as somebody said in one of the hearings they've got enough information that they can target these ads at kids. That's enough information to figure out that their kids right. It's a good idea in principle but but the risk is that it pushes all these sites to do mandatory ID checks so that they can do age checks. California's just has a new kids design code somewhat similar to KSA and facial recognition vendors love this because well it's going to use facial recognition right that's really bad from a privacy perspective. EFF opposes the kids online safety act and what they're called to action says is the solution to kids privacy isn't more surveillance. I will, I will drop a link in the chat on on on that here to EFF action. We're going to be dropping actions throughout this a lot of them from EFF site. In other words, they make it very easy to contract contact your legislators and let them know what you think of it. Moving on to any if there's any questions on the kids privacy bills, please drop them in chat. And let's move on ADPPA is a comprehensive privacy bill or more accurately a consumer privacy bill. This protects a lot of online activities. This is to create a standard US data privacy regulation. Right now California has a privacy bill, which is decent. A few other states have weaker privacy bills worse than California. Their goal is to create a standard US data privacy regulation businesses love the idea of having a single regulation that they just have to obey to. There's some good things in it. It's got civil rights protections that prohibit online discrimination. So that's that's very important. That's a really big deal. There's a caveat here though, the bill doesn't have any whistleblower protections. The whip bill has some requirements for companies to fill out algorithmic impact assessments so that you can see if they're discriminating, but they're very, very weak. It's not clear that the civil rights protections are strong enough to be real. Well, actually, I'd go farther. The current version of the bill, the civil rights protections are not strong enough to be real. A good thing about the bill is it focuses on data minimization. This is a term of art and privacy law requiring companies to minimize how much data they collect and only use the data for the purpose that they collected. So if they've collected it to deliver you a package. Well, of course, they can deliver it use it to deliver you a package. That's good. But they shouldn't be able to use it for other things without your protection. Most modern data privacy bills have that. So does ADPPA. And again, there's a caveat. There's lots of exceptions here. One of the exceptions as well they can use it for targeted advertising unless you opt out. That's not really all that minimized. Good thing about the bill is it's got a duty of loyalty, which is a valuable and relatively new concept and privacy laws. It says just like banks and other financial institutions can only use your data. Can't use your data, your financial information against you. They have to use it in your best interests. Companies shouldn't be able to use your data either. The great idea there's a caveat again of the duty of loyalty and ADPPA is called the duty of loyalty, because it's only part of what a real duty of loyalty should be. Yeah, the, the question about copper and COSA relates to the data minimization, what collection limits are recommended in those bills a very good question. And I don't have a great answer to it. I'm afraid as Maya said we haven't dug into it that strongly. They do. COPA in particular has does have some good data minimization requirements, but I haven't looked in detail at the exceptions. COPA prohibits using it prohibits completely prohibits targeted advertising against kids. And so you can't use your data to target ads. That's good. Can I just, I just want to pipe in really quickly that in terms of the caveats in both of really both of those areas data, minimization and duty of loyalty. I mean, one of the problems is that there's a huge caveat for improving a product or research purposes. And so there's a concern and a worry that companies can simply sort of use that as a pretext right for collecting more and more data, because it's serving the purpose of improving the product, or making it work better for folks. Yeah, it's a great point. Washington's Attorney General flag bat in a discussion draft saying, Wow, this is basically a license for tech companies to hold on to data forever because you might need it to improve the product and and do whatever they want with it. There's products improvements. There's internal research. It's, it's a hard problem really it's like, as a software engineer well, I mean, there's also an exception for debugging and maintaining the software. Yeah, as a software engineer I kind of I kind of need that right it's like if, if some of the data that customers provided is causing my program to crash or behave badly well, I really want to be able to use that in the debugging. But that can be taken too far once we go to product improvements and internal research. And I think EFF has been very concerned that that the data minimization has some overly broad, they call them permissible purposes, what you're allowed to use the data for without consent, and EFF is concerned that they're too broad. Some of the major downsides of the of the bill and its current draft I mean it can still be approved there there's amendments possible but it doesn't protect lesbian gay by trans queer intersex they sexual two spirited people. There's a lot of big loopholes related to that. It doesn't deal with, with really deal with the data broker problems. There's some protections of against data brokers but but they're very weak. We'll contrast that with a later bill that Maya is going to talk about that that's got strong protections, no sales by data brokers on that's good ADPBA. It doesn't protect people who have uteruses from from being surveilled post row. And this, this is a, a huge challenge, and it's really almost scary that people haven't been talking a lot about this in the hearings. I would rather call it the, the elephant in the room. Here's a, here's a post that I've done on on the nexus of privacy, my newsletter, looking at the other post row threats questions as to how well it deals with this we've got another slide on this coming up. It doesn't address law enforcement surveillance my Maya this is something that you really focused on a lot you want to you want to say something about this. Sure, yeah, they're, they're just blanket exceptions and exemptions for law enforcement purposes. And we know that, you know, many of you may be aware of recent lawsuit by just futures law. So looking at the data broker loophole in terms of targeting immigrant communities and skirting sanctuary laws. That's one big example another very recent example that we're seeing around biometric data is this case of a Jane Doe a woman in San Francisco who, you know, contributed to a rape kit and several years later, that was used in a criminal investigation against her. You know, there are many different ways. I mean that wasn't a data broker sure but in terms of law enforcement loop holes. There's really a need to clamp down on what kinds of data can and cannot be shared with and used by law enforcement and and and the EPA just simply doesn't deal with that at all. And so I think, you know, we're really many, many communities are quite concerned about that and feeling like not only does it not protect pregnant people. LGBTQIA to us people, but additionally anybody already over targeted by law enforcement is still at risk. So I'll pass it back to you john. And I dropped a link in the chat with the other lawsuit that that Maya talked about. It's also lots of exemptions of various pieces of the bill. You know, one that I'm particularly upset about is government providers who act as service providers to government. They don't have to fill out any of these algorithmic impact assessments which are supposed to protect our civil rights. Wait a second. They're the ones who are using this data to violate people's civil rights shouldn't they have to fill out the algorithmic impact assessment. You know, I don't I don't know how many of you here are from a security background I've done a lot of security work and I think of this a lot in terms of threat modeling. So let's look at the threats, the post row threats to that this bill. My analysis is that it probably doesn't address these. I'll caveat that by saying I'm, I'm not a lawyer but you know the lawyers I've talked to say yeah these are some serious questions. This is actually something that representative issue from California who who represents Silicon Valley so you know she's pretty tech savvy as Congress people go she she brought up the prosecutors actually she talked about sinister prosecutors and states that criminalize abortion, how they can use location data to identify people visiting reproductive reproductive health care facilities. And this is bad. If people travel out of state to get abortions does ADP PA protect their data actually this is one where the answer is clearly no. Airlines and other transportation common carriers are exempt from ADP PA they're just not covered by this at all. And so that data gets no protection at all saber their airline reservation system they share data with governments today. Anti abortion crisis pregnancy centers. A lot of the people who visit crisis crisis pregnancy centers go on to make other decisions about their pregnancy. Can these crisis pregnancy share data with law enforcement or in states that have civil enforcement of their their criminalized abortion, and they share it with vigilantes. Let's to to the enforcement question. If crisis pregnancy centers break the law and violate people's privacy. Can they be held accountable. One of the exemptions Maya talked about is that in people can sue if a company breaks your law in some situations, one of the situations they can't see was if the companies makes annual revenue of less than $25 million, which covers a lot of crisis pregnancy centers. Can I add one thing there john. I one of the issues around people traveling right now to get abortions as well as abortion funds and how those bunnies move is that we know that because there are simply no protections around any of the data that's collected and because there is just such lack of public education about how data work how data collection works how privacy works, how much of your data is collected sold shared. Most people don't even really know how to use the very basic controls that we do have. And so it's hard to even have the discussion in some ways about how much more we need when people don't even know the very sort of small and limited amount that they have. There are like, you know, currently these discussions about I don't know if you all have heard of this be real video thing where you basically show where you are. As like a selfie and then you flip the camera and show where you are so that you get like a more realistic sense of somebody's messy room, for instance, when they're about to do a tick talk this is kind of like a newer engaging like video tool and that's tracking location data. And so a lot of folks, younger folks using that may have no idea that they're actually can be mapped to the their exact location and one of the problems with PPA is that the way that it defines geolocation data is within a certain number of feet. But when you're in a rural area that is basically not helpful in terms of privacy and protection around abortion healthcare because unless you're in an extremely dense urban area, limiting, you know, geolocation to not precise but a general and broad kind of location doesn't help you the clinic is going to be in a, you know, what is essentially a four block radius in the city is basically on its own in a strip mall or even an independent standing building in a rural area. So there are other things like that that are extremely problematic for folks seeking abortion healthcare in other states. And something I want to highlight is we're focusing here specifically on abortion. This is not the only people who are threatened by this we Maya and I were watching a really good webinar with Danielle citrone a law professor has done a lot of great work here, and she brought up oh gun owner owners, California has as a gun law which has the same kind of civil enforcement that lets individuals go after gun owners and say that they're violating the California law. That's, you know, that's a threat to gun owners, the California department that regulates gun ownership they had they had a huge data I mean, it only affected judges who owned guns but geez you really don't want to be leaking their home data, home late home information on the, on the internet. So the failure to regulate government agencies has a similar effect there. Right and as Maya brings up that people think seeking gender affirming healthcare same issues come up. You know, there's lots of areas that can be improved to create better protections in the interest of time and not going to spend a lot of time on these we could we can take questions if we want the one I do want to highlight though is the very first one, a floor not a ceiling. So ADPPA as a current as it's currently rewritten preempts all state and look stronger state and local laws. So the state of Maine is very upset about this, they've got a strong ISP privacy law that they work with EFF to help get them past that would go away under this Seattle has the broadband privacy ordinance that would also go away. And it's not just current like California has has their law they are very, very, very, very, very upset and speaker Pelosi is from California and so that's that's putting a roadblock in terms of the ADPPA but it's not just California. And it's not just current laws it's future laws. My is. Yeah, I mean, I would just add to that that in terms of setting a floor not a ceiling, you know, the other problematic piece, even if they were to try to do, you know, a long list of preemptive carve outs right so that they didn't preempt everything that they preempted, you know, certain things, it would generally the versions of that that we've seen. Don't take into account any strengthening of consumer focus loss so you know ultimately what we are learning and what what we know more and more about in the last couple of months this has really come to light in in many thanks to the awareness that is raised because of the overturn of this, you know, in the last few months or so, we've really been seeing a lot of information about commercial data surveillance. And so we know that that is an angle at which we must target data privacy and surveillance if our ability to legislate on anything today. And we just have these, you know, very sort of like finite tricky list of nuanced exemptions to preemption that may also even involve lawsuits for state to pursue. It's, it's really very problematic for our future privacy as well as our current privacy. Yeah, exactly. I mean, the right now the bill is kind of stalled because of the preemption issue specifically focusing on California. There's just been an idea for a new compromise floated that gives California a waiver and throws the other 49 states under the bus. My guess is that probably won't go forward but it just shows the kinds of dynamics here there you know there's there's so much more to say here I'll drop EFF link in about America deserves better. And, oh yeah what one last thing is a great loophole in there which which probably lets telecoms avoid $200 million in fines that the FCC has assessed. I think it's safe to say that that lobbying has had some effect on this bill and we'll get to that later. Questions on 80 BPA before we move on. Yeah, I mean any, any and every question that may have come up. We're happy to answer. Before we dive into these others. I'm just going to say I did. I did just have a question that I figure if one person hasn't maybe others do about the acronym for LGBTQ. To us. So the a generally stands for asexual and to us is stands for to spirit, which is an indigenous identification for sort of gender and sexuality. Which is really a belief that a person embodies a sort of to spirited self within one body. So hopefully that helps anyone else who has that question. This is Scott. I just wanted to say that there are a couple of questions that are in the chat. Yeah, yeah, I was just. Well, let's see. So, I think I've responded to Aaron's I was just about to get to a Watson's on what does a strong duty of loyalty look like. Did you get some other questions that didn't go to the public chat. Scott. No, I just see what you see. Okay. Okay. So yeah, a question from Watson of what a strong duty of loyalty looks like that's a great question. I dropped a link in the chat from Woodrow Herzog and Neil Richards. I do privacy scholars who have done, you know, they're the experts on the duty of loyalty. What they note is that the ADPPA's duty of loyalty is really just data minimization. That's, that's good. That's important. But data loyalty rules should also cover manipulation breaches of confidentiality, wrongful discrimination and reckless and extractive engagement models. ADPPA's got some coverage of some of these things, but they don't fall under the duty of loyalty and other things are completely not even mentioned in the ADPPA. Yeah, really good question. Are there any other questions before we move on on any of the platforms. Scott. No, I don't have any. Hang on. Too many windows. Okay. Yeah. No, I don't see any questions. Let's go ahead. Okay, so we'll move on to. So that was the ADPPA or the American Data Privacy and Protection Act. Let's move on to the other three bills that we want to talk about this evening. So my body, my data act. This is actually a very short and succinct bill, which is always delightful to read when you're doing legislative organizing and advocacy. The goal of this is to create a standard US data privacy regulation on health data post row. So really looking at getting pregnant or potentially pregnant people some safety. It has major upsides. It does not pre preempt stronger state and local laws. It's very clear in that it does not allow weakening, but it does not preempt stronger laws. It's written in a very clear, inclusive way. And the definitions are incredibly clear and specific. So, as opposed to a bill like ADPPA or the bad Washington Privacy Act that we slogged through as well. It just, it just has very lovely definitions. There are very clear explanations and expectations around obtaining consent for people's data. That is a real upside to this bill. It's got great data minimization requirements. It has a timely right of access and deletion of health data. I believe it's 15 days in the version that I have. So, a person could request that their data be accessed and deleted and the company would have to respond within 15 days, which is great. Not something that you see in a lot of other big bills that we've looked at. It would protect the uterus having people from being surveilled essentially post row because it would give a lot more control over health data. And it has very good enforcement provisions as well. It allows for private right of action allows attorney generals to take action. So there's, there's a good strong enforcement there. There are some improvements we'd like to see. So it'd be great to include all health data as protected under this bill. It is limited to reproductive health. And so in the interest of, you know, we know that there is a concerted effort to erode the rights of trans people and accessing care. And so it'd be great. And, you know, mental health care. There's all kinds of other health data that really needs protecting and isn't necessarily always completely separate from someone obtaining abortion health care actually. So it'd be great if there was an inclusion of all health data in this bill. And we'd love to see that change and the right to delete all of that data as well. Do you want to add anything on this bill, John? Yeah, as Maya mentioned earlier, it's been introduced. It hasn't had a hearing yet. I think this is one of the places where people taking action, contracting your representatives can really make a difference. From what we hear, they're debating about whether to move forward on this bill. And so this is, this is definitely a please take action case. I think the link in the chat. Yeah, thanks, John. So that link that's on the bottom of the slide is now in the chat and EFF has got an action on that. One of the things that makes this a strong one to share with others and to push your lawmakers to sponsor and support, share with friends around the country to do that as well is that it is probably less problematic for companies in some ways than some of the other protections we'll look at next, which involve location data. It doesn't make it any less important, but it definitely is an easier push to probably get through. So let's look at the, actually, before we do that, should I just see if there's any questions on that? Anybody have questions about my body, my data? I don't see any in the public chat, so I'm going to move on. And then if there are any, we'll return to that. So the other great bill to, okay, how does it relate to HIPAA? Yes, it does comply with all and doesn't restrict any sharing that is required under HIPAA. So it's compatible with HIPAA. All of these bills basically have a section that say, oh, for the institutions that are covered entities under HIPAA, which is generally only doctors, hospitals, insurance agencies, it's very limited. And for the specific data that's covered by them, so stuff on their website may or may not be covered. But the bills don't cover that because HIPAA is strong enough. These complement HIPAA. So it would really be those folks who facilitate healthcare data flow, right? So the third parties and the companies that have access to that healthcare data, apps that have access to that healthcare data, sometimes they work in conjunction with HIPAA covered entities as well. So it really targets those folks. I hope that answers your question, Erin. So the Health and Location Data Privacy Act. We have one more question. Yeah, let's look at that. So for my body, my data, are there any thoughts on how we see the private right of action playing out with such a broadly applicable law? So, you know, there's always a risk with a private right of action. There's always a risk that it just creates a payday for lawyers filing nuisance suits who just get some settlement just to get them go away. That's a lot less likely to happen for something like Health and Location Data Privacy Act, which is very narrowly focused on just the health information. That was relating to my body, my data, John. I'm sorry. I'm sorry. And I meant to say my body, my data. My bad for having the other slide up. That's less of a problem for my body, my data, which is just very narrowly focused on the health information. There's the people who testified about the private right of action for the, on ADPPA, they were from, they represented the convenience store trade association. They're saying, yeah, mom and pop corner shop, you don't want to expose them to just lawyers doing nuisance suits against them fair enough, but they're not, they're not likely to be implicated under my body, my data. Cool, I think we can move on. All right, so let's dive into the Health and Location Data Privacy Act. It's actually protection, not privacy. So it should say Health and Location Data Protection Act. Sorry about that, y'all. So this one obviously has the goal of protecting folks on some similar levels, health data, but also via that big location loophole. So there are lots of upsides to this. Again, it has the same kind of clear writing as the previous bill, my body, my data, it doesn't preempt stronger state and local laws. So it does not allow a weakening, but it does allow a strengthening of the law. It's very clear. It's got very inclusive and also specific definitions. It's got those clear expectations for obtaining consent to data collection, and it would protect users having people from being surveilled post row in the particularly on the location data problem that we're seeing. It's got good enforcement provisions, basically the same as the other bill. And this one is a lot trickier because, you know, we're seeing Apple, we're seeing Google roll out these user platforms that are now doing ad targeting based on location data. So there's a lot more sort of money at stake here with big corporations who are now like wanting to move into a location based plus biometrics based system where folks will have their location data be key to them, you know, hearing about a service. And so there's this sort of trickiness here that makes this bill, I think, a little bit more challenging to look at passing to be perfectly frank. But I think it also is a really great opportunity for us to kind of hold our lawmakers feet to the fire and say, hey, look, you know, if we're really protecting people in this era post row and post who knows whatever else is coming. Regarding the possible rolling back of rights, we really have to push back on the availability of location data to any and everyone who wants it and people really, really need to be able to offer non coerced affirmative consent on that it's so important that people be able to control who has access to our location. There are some improvements we'd like to see in this bill so like no exclusion for some of the bigger platforms like Facebook, Meta Google, Apple app developers, and third party health data contractors and researchers so this is specifically targeting data brokers. And we'd really like to see that expand to all entities. And non coerced affirmative consent for for all in any sharing of health and location data is something I put in is something I'd like to see you can pipe in if you feel differently john but I'm pretty sure you agree. I'd also like to see. I just noted this on my second reading of the bill that I'd really like to see predictions and inferences included in several of the definition sections because we're really seeing that that is a critical area for data privacy in terms of AI and algorithms we really need to have those kinds of things protected and dealt with in our definitions in our privacy laws. Surveys that's rad. Let's see anything else you want to add here on that john are you good. I'm going to take it that, okay. I'm just watching the time, and we should want to spend some time future casting so and this is a really important filter I want to make sure we do a justice. Cool take it away. So the Fourth Amendment is not for sale act. This bill prohibits government agencies from buying data without a warrant. If they'd usually needed a warrant to get the data, it says they can't end run around the Fourth Amendment by just buying the data, which they do all the time today, all the time. Fog reveal from EFF. EFF just this great article on this very sleazy, small location data company that sells to law enforcement location tracking, they track your location over months. They can just bring it up in a window and just watch everywhere you've gone for months on a budget without a warrant. This is something where there's very strong bipartisan agreement that something needs to be done here. I watched the hearing in the House, it's not a hearing in the House Judiciary Committee, and the chair, Jerry Nadler, progressive Democrat, the ranking member, Jim Jordan, conservative, they are seeing eye to eye on this. The guy from right on crime, which is a very, from the Texas public policy issue, I don't agree with them on many issues, but he was saying words that could come out of my mouth that no matter what party and government is in power, they are very likely to abuse the data they have, followed by Pramila Jayapal, our representative from Seattle, very progressive representative, her saying the federal government has built out this huge surveillance infrastructure, we have to do something. So there's a lot of support for this bill. The upsides, yeah, it allows stronger state and local laws, although, it's hard to imagine something stronger than Yanita Warren. It covers data, it covers everybody. It's got very good language for obtaining court warrants. This is co-sponsored by senators Wyden and Paul, both of whom are known as being amongst the best on privacy within their respective parties, and Wyden in particular has been doing this for years and years and years, he's usually right. Not always, but usually, and so this is very well crafted. Yeah, this helps any threat that you name, this is gonna help with. It's gonna help everybody with, and in particular, when we've got these post-rose surveillance threats, it's gonna help with that. And it gives greater protection to the people who the harms fall the most on today, who are most targeted by all these things. Maya, you're... I think you kind of muted yourself, John, so I didn't hear that question. Oh, your thoughts. Yeah, I agree, and I just think this is a really, really strong bill since it, not every strong bill that has bipartisan support is one we wanna put forward. I mean, we have a lot of issues with ADPPA, but this one is a standout. It amends existing law, so it's not sort of a standalone piece. It is something that, frankly, is long overdue. And so I think it's something that is really important to spread the word on, talk it up with folks, do the action that EFF has put out there. I know ACLU also has an action on this bill as well. So whatever, however you wanna take that. I dropped them both in the chat. I think whichever works. And then another thing is, you don't have to use any of these action forms. Just call the Congressional Switchboard or look up your Congressperson's web form. Everybody in Congress has a web form. Nobody publishes their email, but everybody's got a web form. I'll drop the link in later where you can go there. Just send them mail saying what you want. You can use the language on these sites as an example, or just write your own from scratch. What really matters is that they hear from people. I also dropped a few more links in there about the- And actually you could even use the slide. I mean, we've listed out some major upsides and reasons why this is great. You could even use this material if you wanted. Yeah, take a screenshot of the slide. And back to why are we focusing on this so much? So here's the dynamics on this bill in Washington from what we've heard from people who are there. This bill had a really positive hearing. Everybody said they wanted to go ahead with it. So now it's up to the chair of the House Judiciary Committee, Jerry Nadler, to schedule a markup. Markup is a session where they consider amendments, vote on the amendments, vote on the bill, then the next step is the floor. He's not doing that. Why isn't he doing that? We don't know why, but it's the kind of thing where, all right, well, getting his constituents to tell him that's good, but if we can tell other legislators, we were just meeting with some Washington state legislators today saying, please ask your colleagues to push pressure on the South House Judiciary Committee to have a vote. And having them hear from people that this is a bill that they care about, that really makes a difference in terms of what they spend their time on. Sorry. If I just can say, I mean, this is another bill, that that example of the woman whose rape kit was then turned around and used against her later, this is another example of that kind of potential harm. If we do not clamp down on the ability of law enforcement to just buy all the data they want and complete profiles on people, it means that there is this very creepy ability to decide that there's someone you wanna target. So whether that's for political reasons, whether that's because you simply disagree with them on particular issues, they're a person from a marginalized group. There's many, many reasons why it's just a bad idea to have that not be restricted. And so it's a really important one to push. Oh, thanks so much, Keith, for putting that in the chat. So the text from the slide is now in the chat if anybody wants to pull from that for letters to lawmakers. Should we move on, John? Yeah, just a brief moment on the bigger picture which applies to all of these laws but particularly the ADPPA. And before we get as this will bring us into the future casting, the big picture of what's going on here is Big Tech wants to pass very weak regulation in states and then say, well, there's a patchwork of state regulation and so we need to solve that. We need to have a single preemptive federal law and get that to be weak too. So if Congress doesn't pass ADPPA, Big Tech's gonna be pushing it in the states next year or maybe even weaker bills and then they'll take another try at federal legislation. But that's a game that two can play. We can also be pushing some of these strong bills in the states. The Fourth Amendment is not for sale act. That's one that I think is gonna pass nationally. If these others don't pass nationally this session, well, we can take them to the states as well. Any answering the question from the chat as Maya says, the slides will be available afterwards. Yes. Yeah. Should we do a little future casting as well here? Yeah, we should have a slide on this. I insisted that John leave our goofy Q and A about the slide itself in the slide as just kind of some light humor for folks in a peek into the process of collaborating on presentation. So some future casting. Yeah, I think, I mean, what John said about that sort of overall strategy, national to state privacy bills. I certainly have a lot of thoughts around the fact that the bills that we've seen aside from California's, and although California's could be stronger, I think there's a general sense in the state that they'd like to continue strengthening. In terms of the bills that have been pushed through in Utah, Virginia, and the ADPPA, one of my concerns really is the fact that not only do they not create strong protections for current harms and data abuses. They also don't protect us from what we know is coming, right? So we know that we're moving into this whole new era of technological development. We're really already there, but I think it just hasn't rolled out massively as yet, although I think that that is beginning to happen around virtual reality, blended reality spaces, augmented reality, and the use of AI in virtually every area of our lives. And if we think about the need for privacy protections in that space, those needs are different and maybe even greater than those we've identified for data collection from cell phones and computers. There is a lot of biometric data harm that is possible. There is a whole discussion of the tracking of movements and eye movements, and all of these kinds of artificial intelligence and machine learning systems that are essentially going to be studying human movement and reaction and emotion. We saw that Fight for the Future had a dear Zoom letter about please don't use our Zooms to train your emotional AI. I think we're gonna be seeing more and more egregious forms of harm and invasive technologies and research into our lives. In the coming years. And so I think for me, future casting, it's really about protecting our rights as folks in states to be able to bring stronger laws to protect people from things we know are coming and also things we haven't really fully anticipated that may be intersecting with those. Yeah, I mean, basically what Maya says, a couple of things to add is, I've been a privacy activist for a long time and things have just changed so much in the last couple of years and then just on overdrive in the last three months. For a long time, people, well, privacy is only for people who have something to hide. People get that, wow, everybody needs privacy. And so I think we're seeing when Maya talks about changes in the states, I think it's easier at the state level to work across party lines because all these feelings, all this move, it's bipartisan. People in both parties don't like the big tech right now. And to a large extent, the underlying political dynamic of the privacy battles isn't on party lines. It's corporate members of each party siding with industry against the populists and progressives who side more with the people. And like I say, nobody really likes big tech these days. So yeah, does any of this legislation introduce the idea of anonymized data collection, pandemic contagion tracking? Yeah, the pandemic contagion tracking is the kind of thing that really highlights some of these kinds of issues. So there's a big question about how to word, the ADPPA exempts what's called de-identified data. And you can do things with de-identified data. HIPAA similarly exempts de-identified data, but man, that's led to a lot of privacy leaks. So the right way to craft an exemption for valid public health purposes that doesn't allow people to be targeted doesn't allow people's COVID data to be used against them in any way. Crafting the right language for that is one of the things that we think the Health and Location Data Privacy Act has done a much better job, sorry, Data Protection Act, has done a much better job at than say ADPPA. Can I add something to that real quick, John? Which is I think, I mean, that is a really important point. And I think in terms of the de-identified data, we've really been spinning this out a lot with Washington privacy organizers. What does this mean? How could that be achieved? There's this idea that you can just like split up a name from a data set and it's all good. And I think there are a lot of lawmakers who don't really understand just how difficult it is to de-identify a data in such a way that it is simply not re-identifiable. That is a very tricky and detailed process. And I think what is gonna need on a legislative level is for real experts in data to sit down and craft language that can describe an enforcement process where companies or data collectors will have to describe the steps they took to de-identify and explain how they are 100% certain that they have collected anonymous and anonymized data. So I think that will be part of it. And then I think the other piece of that is if you're gonna do that, you've gotta take profit out of the picture. It really does have to be for the public good. And so I think that's very tricky. And I think we've obviously been struggling with that for years in terms of trying to get ourselves some good data privacy laws on the books. Yeah, that's a great question. And yeah, Chance brings up that the AI art programs essentially steal from artists. They copy and emulate the existing style of human artists and they're trained on this data. Similarly, there's a Microsoft GitHub co-pilot will help you with your code. Oh, but it's trained on everybody else's code. So it could well spit out my code fragments in somebody else's data. This is, we think of it in terms of copyright. We think of it in terms of privacy. Did I give my permission for my art to be used that way? Almost certainly not. Scott notes that we might wanna put profit in the picture at least partially with expanded private rights of action. You know, the private right of action is another kinds of things. Yeah, it's another one of these areas that there really are tensions in the privacy law about how to use these things to retain greediness and profit while still allowing businesses to operate. Maya, did you wanna take the Watson's question on the federal prior metric privacy law? Yeah, I kind of answered in the chat. I mean, I think, you know, I mean, as an organizer, I'm very interested in seeing super strong biometrics restrictions put in place. But obviously again, a floor, not a ceiling. I think we are really at the beginning of exploring how that is going to affect our worlds. And that is partially because, you know, there's some intersections with science and medicine as well here that I think we haven't even begun to explore in terms of data privacy. And so I think, yeah, it's gonna be an evolving field for sure. But I do think a federal floor of restrictions would be really helpful. And Watson brings up a BIPA, by that's Illinois's Biometric Something Protection or Privacy Act. It passed about 12 years ago before Big Tech was so successful at lobbying. It's got a very strong private right of action. When you read about these $100 million settlements or $100 million of class action suits, that's always under BIPA. And that's why it's such a critical rule. Clearview AI, when they got found guilty under a BIPA, they've had to stop selling their bogus facial recognition stuff anywhere in the United States. We need that kind of strong enforcement. ADPPA had an exemption for BIPA. Well, that's good, but what about other places? Washington currently has a very mediocre biometrics mode, but legislators are working to make it better. It's like, we've talked with a couple of state legislators about it. We wanna be able to do that. And I think that answers Aaron's question a little bit. Are today's legislators still a little clueless or are they starting to understand? You know, it's hard to, you know, that's a broad brush there. Like it's hard to answer that for, you know, every legislator, state and federal. But I think it does seem like there's a growing awareness. And certainly, this is very complicated by, you know, where you are politically, where you are on, you know, overreaches of law enforcement. You know, do you consider certain things overreaches or do you think that they're necessary? This is honestly a global conversation we're having right now because biometrics is being discussed in many countries in relation to identification and not just here in the U.S. as well as being used, you know, digital IDs and creating sort of standards in digital IDs across the globe and also within nations. And so this is a huge discussion but I think ultimately most privacy advocates would agree that this is a dangerous place to allow to not be legislated and not be dealt with. We need our privacy protected and once you go into the area of collecting everyone's biometrics, data security just becomes an incredibly difficult area and very risky. The threat modeling there is kind of ridiculous. And so, yeah, I guess I'll stop blabbing. Anything else to add, John? Yeah, well, no, it's a good question from Erin and what I'd say is there's increasing number of legislators of legislators who either get it or realize they're clueless and have a good staffer who gets it. That's very important in Congress. In Congress, having a good staffer who really gets it, they have so little time to spend on any one issue that they're very reliant on their staff. It often goes, often not always goes around age. And this is something that, go ahead. I was just gonna add one thing to that which is that I also wanna push back on that question. Are today's legislators still clueless? I think today's people are clueless. I think we really need to be educating everyday folks on all of this stuff. We need a lot more sort of popular education on data privacy, biometrics, all of these areas because most folks just don't have any clue. I think the overturning of Roe has started to change that. I think we have, in that sense, a great opportunity to educate folks but I think that's part of raising the awareness of legislators because what matters to people is gonna have to matter to legislators and so that's another sort of aspect of that. And it really ties to something we've done a lot in Washington state. So in Washington state, the last four years, Big Tech has tried to pass a very weak privacy bill. I call it the Bad Washington Privacy Act just to remind everybody, no, this is bad. And so we've testified in hearings, we've had meetings with legislators and it's not just the usual privacy circle who does it. It's not the local equivalents of the people who attend EF Georgia meetings regularly. It's also, we've also gotten into the broader community. I'm a farmer from Snohomish and here's why I care. I'm a retired nurse. I got this data breach notice from a company I've never heard of, what's going on. And so this helps legislators understand. Yeah. I'm just looking at the, oh, sorry, go ahead, John. I was gonna say, I dropped something in the chat from a Washington state representative who gets it really well. This is Brandy Donagay when she was a, she actually wrote this before she was a legislator when she was an activist working on privacy stuff but hey, now she's in the legislature. So we get more voices over time. Yeah, I just, oh, go ahead. Go ahead, Scott. And this is Scott. I just wanted to say to our participants. Yeah, at this point, I think we, if you wanna, if you wanna turn on your microphone or your camera at this point, it's okay to do so now because we've been in question and answer. Yeah, we've been in QA mode for a while. Maya, should we like, as that? Yeah, why don't I just close this out real quick. So we've put all those calls to action in the chat on each of the bills that we have. We don't have one on the location, I believe, right? On the health and data. Yeah, you don't have an action there if someone wants to create one. Hey, great. We've been actually trying to work on doing that. So hopefully we'll have one to share after this webinar with folks. So just a couple of things. Reminder to call and email your lawmakers in DC and also reach out to your local lawmakers and let them know that this matters to you. And, you know, John and I are happy to help facilitate privacy talks, privacy workshops, trainings, if that's a thing people have, groups have a need for. We are big privacy nerds, both of us now. As you can tell, we like to talk about this. We do, and text and meet with lawmakers. So yeah, subscribe to John's newsletter, which is the nexus of privacy. And then if you can help support this work further, I'm working on getting together a national organizing entity, which would be People's Privacy Network, trying to get that off the ground. And that would be sort of a national table for folks from multiple states with the idea of hopefully some people's laws coming forward in the absence of federal ones. So if you can support that, that would be great. I think John just plunked a GoFundMe link in the chat. Anything else you wanna add to close this out, John? No, I'm just to echo. Big Cat has a lot of money, a lot of lobbyists. There's great organizations like EFF, like Media Justice, like Ultraviolet, who are great on private. They don't have a lot of resources. They're surprisingly small. EFF's the biggest of them and they're dwarfed by any one of these Big Cat companies. Grassroots Organizing, groups like EF Georgia, groups like our Washington Privacy Organizers groups, groups like Maya's Washington People's Privacy. That's a really important compliment at the state level and federally. The problem is, wow, it's really hard to get funding for this. It's hard to get grants for this. And so that's why relying on crowdfunding is just really important at this stage of the game. I'm kind of calling it organizer mutual aid in a way. It's kind of, it's a way to try to help us continue the work when folks can crowdfund that. I think we have a better chance of continuing the work. And I know that one thing I've noticed in working with some of the bigger groups on the federal advocacy is that John and I really read the bills deeply. So do some of the other organizers that we work with and have a very different process of doing that even then some of the well-funded organizations and paid staffers who may have a million of the things on their plate, right? And so it's important work. Looks like there's a question. You wanna take that, John? Yeah, I was just gonna move us on through any time. Well, and first of all, thanks once again everybody for all your time. Really appreciate it. We're happy to stay around and talk as long as people want. Michael, a great question. Does ADPPA prevent the use of automated decisions or stop the use of AI from circumventing privacy? This is a great question. Good example of Google or Facebook wrongfully closing accounts based on AI decisions. It does not prevent that. It does the automated system. So there's language in there that has some stuff about getting information about how the algorithms behave in order to detect unlawful discrimination. So these are the- But it's not nearly stringent enough. But what's not there, unlike California's law, California has a right to opt out of automated profiling. ADPPA does not have that right. I actually testified about this at the FTC Open Forum they had last week. The FTC is considering doing some rulemaking on privacy. And so they had an open forum, just amazing public comments from a lot of people. And I talked about that. I'll drop the link in the chat. Really good question. And it also shows how complex this is and how broadly it affects things. I would also add to that, that ADPPA actually has an exemption for inferences, that may be made. So I mean, there's just so much that it doesn't deal with in terms of AI and automated decision systems. Okay, right now we are continuing to record and stream. If you'd like to ask any more on the record questions, feel free to put them in the chat or turn on your microphone or camera. We will be off the record soon. So if you'd like to wait, that's also okay. Larry says, thanks for all the info and context activity in this arena is overwhelming. Yeah, yeah, it is somewhat. And it's quite, I mean, I sort of put in one of the slides the image of a diver diving into the soup because in some ways it does feel like that when you're really taking a deep dive into this area of the law. It looks like John has put some additional links in the chat for nexus of privacy. Well, no, this was about Michael's on question on automated decision. And this is where my day job kicks in. I was on the Washington state automated decision systems work group where we looked at government use of these automated decision systems. So don't get me started talking on that or I'll never stop, but I will drop some links in. Okay, Aaron, did you have a question? Yeah, I wanted to touch on, you know, there's a lot of I think we as a society, we're facing real big challenges with the manipulation of young people by the social media giants, you know, to the point where suicide rates, you have one better point of the ceiling, things like that. But do we see anything in this legislation that is going to help address that at any level? Just in theory of this, you know, just one great question. I mean, that's what that's what motivated the Kids Online Safety Act that I talked about in California has just passed a kids design code that that tries to regulate this. And it's a huge problem. Something needs to be done. It's it's challenging to work out what needs to be done that doesn't have the unintended consequences of triggering too much surveillance. We'll see. But I think there's some good things in both of these laws and we'll see what kind of effect they have. And I think legislators, you know, legislators have so clearly heard this is a problem that they really want to do something about it. Yeah, so yeah, Florence brings up that, you know, it's hard to understand all this stuff. And so and so looking to trusted voices like EFF, I mean, EFF rarely gets things wrong. I don't always agree with EFF, but their analysis is always very clear and their recommendations for actions are very solid. You know, other groups fight for the future. Maya mentioned media justice, color of change is a good group to look to they've just introduced their black tech agenda. Yeah, I'm so excited about this. I want to talk about this. If you are familiar with color of change they have just yesterday launched. Finally, their black tech agenda in which they do call for strong privacy laws as well as laws regulating algorithmic bias. And so I'm really excited to see that I've been kind of waiting for them to come out with that. And it's finally here. So you can, they've got a hashtag, it's hashtag black tech agenda. So you can find that on in the Twitterverse and Insta and such. Okay, are there any? Okay, there's another question we got. So I'll read this one out loud. This is a broad question. Do you all have any thoughts or resources you'd recommend on learning about data sovereignty, data unions or ideas of what successful businesses built on owning your own data might look like? Awesome question. Ooh, John, do you want to start there? Yeah. So at the technical level, a lot of work on data sovereignty, the things to search on are under self-sovereign IDs. There's a book I'd recommend when I stop talking I will look it up and see if I can drop the link. And that's at the very deep technical data level. Ideas about what successful businesses built on owning your own data might look like. That's a great question. And I think a lot of people are wrestling with it, myself included. I think one key thing is, I think subscription models are what come up the most. I think consent-based models make a lot of sense. I actually believe that a lot of people will opt into advertising and marketing as long as it's not targeted. And people want to see relevant stuff, right? I mean, I don't want to see, I don't currently have a dog. I don't want to see ads for dog food. And so in the right situations, if people will trust you, which means trusting that you're being very responsible with the data, minimizing how much data you want to collect, I think those kinds of things can possibly be businesses. And I hope that as regulations shapes things, part of the goal here is to enable opportunities for companies that are doing the right way. You want, right now the rules are stacked for surveillance capitalism companies, Microsoft, Amazon, Google, they write the laws, they benefit them. We want to change that. We want to change things so that the laws really are built on people who are trying to do the right thing, own their own data and things like that. Yeah, if I can add, I would also say that there's a huge opportunity here to explore rulemaking that creates a field for that to happen in. And also to look at the way that climate is a huge piece of this. I mean, we know that data centers take up a huge amount of energy to cool them as well as space and materials. And it's actually better for us to minimize and do responsible data collection. We don't need to have this sort of like mass surveillance data capitalism continue. We can change course and we can do so in a way that helps us socially as well as our climate and our environment. So I think that's also an opportunity here for having that discussion. I know that I was looking into ARPA funds and I was realizing that my county that I live in had received ARPA funds that were earmarked for building data centers. I know the county, I know the landscape here. I'm not so excited about them using large swaths of land to build data centers here unless they are absolutely needed. And I think the reality is that we may see similar to the way that we saw with factory farming we may see such an explosion of this into the future if we don't clamp down on this that we actually lose tons of valuable land to data centers. And I don't think anyone really wants to see that but the time to set that policy is now. And so creating good laws around this is also important for that reason. Yeah, I found the link and I dropped it in the chat. It's called the Domains of Identity by Kalia Young. And I think it's something that we're all wrestling with and hopefully I didn't give you any great examples and hopefully that'll be different in the year or two. Yeah, as Freya says, the time to fight back is now while we can because and this is why we fight so hard on these bills that are not what they should be because once Congress passes something they're not gonna go back to it and make it better. No, no, no, no, no, no, no, no. They're gonna like the classic FERPA student privacy bill passed in the 90s, HIPAA passed in the 90s. They haven't touched them since then. ECPA passed in the 80s hasn't been updated. So when we pass something it's gonna be there for a while. Yeah, so completely agree. Yeah, and if you really think about that, you know, if you really, I mean, I know everyone here is interested in technology so that's not a difficult task. If you really think about a law passed in the 90s that hasn't really been substantially updated in 2022 that's crazy. I mean, we have seen a huge boom in what is technically possible and an enormous explosion of the collection of data. And so it just doesn't make sense for us to not know that, understand it and think ahead when we're looking at laws. And at the same time, if you look back at these laws there are a lot stronger than some of these laws that have been proposed now. I mean, the best laws now are just as good as the best laws I've ever been or probably better. Fourth amendment is not for sale, that's a great law. My body, my data, that's a great law. But HIPAA for example, when you look at its law enforcement exceptions, even if there's a warrant, if somebody has an ethical duty to disobey, HIPAA says that A, they can't share data with law enforcement without a warrant and then B, even with a warrant if there's an ethical duty because these are doctors and medical people that overrides the warrant. Now, when you look at legislation like the ADPPA, oh, now there's no restrictions at all. It just shows how while these bills are old they're at a higher level because again, Ted was not as good at lobbying back then. Yeah, yeah, Angel points to the solid project. I think that's a really interesting technical approach to owning your own data, putting yourself in control of your own data. I don't know if there's been a lot of progress on doing business models around that yet. But it's important that technically we've got these building blocks coming in. I think Tim Berners-Lee of the World Wide Web fame is associated with that, I believe. I think Keith might have been about, or Scott, someone I think raised their hand maybe or was about to pop in. Their hand raised? Yeah, we've got a few more minutes. Maybe last question or two. We have one. And Scott, were there any other questions in the streaming platforms or are we good on that? I'm not seeing that. I mean, the raw recordings will be available in the streaming platforms for a while. The Twitch keeps it up for a week. So we can go back and look at it, but I don't see any questions being posted. Okay, I see a few people still typing. Let's get one or two more in. Well, we're waiting for- I'm close to 90 minutes, so. Well, we're waiting for questions. I'm just gonna, someone did ask me for a little more info about the national organizing. And so I'm happy to return to that. Let's see, Diwali asks, how can we get involved to facilitate information delivery? I'm not sure I totally understand that question. I think do we have an email list that people can sign up for or anything? Do you have something like that, Maya? I don't yet, no. I do not have the funds and capacity to do a regular news, I'm sorry. So we can certainly work with Scott to get information for now to electronic frontiers, Georgia, and share once we've got something better involved. If you're on social media following our social media channels, EFF is very good about sending out action alerts, so sign up for their actions. I think that's another good way. Yeah, electronic frontiers, Georgia, does have a mailing list, but it's not restricted to privacy questions. Keith, if you're on, maybe you could post the ef-georgia.org website. It's at the very top of the chat window. Okay, okay. Cool, and I just threw in the chat, since I don't have a newsletter capacity to do that this time, but I do try to post regularly on Twitter and Instagram. They, I don't have them linked, and so they're not always identical info on each one, but if you're on either of those platforms, I know not everyone is even comfortable with those. I'm not on Facebook with Washington People's Privacy, that just feels sort of silly, and Instagram is kind of the compromise that I've made to make sure I'm reaching out to millennials and younger who don't always use Twitter, so. Okay, I guess that's it. I was gonna say, Maya, why don't you just do a little bit about the National Organizing? Okay, cool. Yeah, sure, just very briefly. Basically, because I came into this work with the experience of running an electoral campaign, so being a big part of People's Ballad Initiative Campaign, we did municipal ballot initiatives, but moving from that space and then into the state legislative advocacy space of privacy and biometric stuff, I really realized that due to the huge lobbying power of tech, due to the fact that we do face a really uphill battle when it comes to passing very good laws that aren't dominated by sort of the need for accommodating profit, that we may actually need to pass our own laws, and we may need to do that state by state in a very similar but differently motivated way than tech lobbyists are. So my goal is to try to create a national table that can be both an organizing meeting place and a resource, and hopefully pass really good People's Laws in many states at once is my dream. And so doing that will take planning, it will take a good amount of funding, and it will take bringing, as I've termed it, a dream team of privacy law writers to the table. So that's kind of in a nutshell what I'm going after. Do you want to say anything else about that, John? Desperately needed, and yeah, strongly, we really need something like this. Thanks much for all the discussion and all the great questions. Yeah, thank you all for being here and thank you, Scott, for holding the space and inviting us to it. Thanks. Yeah, I do need to go ahead and wrap up the official stream and recording at this time. If you've got any final thoughts, or you'd just like to say goodbye at this time? Yeah, let's keep working. And take action. We dropped a bunch of links there and we'll work with Scott to get them sent out and let's keep talking. And I just want to add, take action, yes, to sign the petitions, talk to lawmakers, but even if taking action for you is bringing this up at a dinner conversation with a friend or with your mom on the phone or whatever, I think that's also action. Talking about this and how important it is is also action. Thanks y'all.