 My name is Joe Burton and I'm a lawyer. You're supposed to go. Have you seen Alcoholics Anonymous? Haven't you guys seen Alcoholics Anonymous? That's how you started out. It's alright. We're here to talk about the L-Consult case. Alright, thanks guys. We're here today to talk about the L-Consult case. I know it's hot, so we'll try to keep it a little lively. If the microphone works, I'll go out amongst the audience, which I like to do. Trial lawyers like to be close to their jury. I don't like standing behind a podium, but I'm going to do that. What we're going to do with me is Bill Riley. Bill is also a lawyer, but he's a young enough and new enough lawyer that he's not recovering like I am. You don't have to say that to him. Let me just outline for you what we're going to talk to you about this afternoon. I'm going to talk to you about the case itself a little bit. I'm going to talk about the case and tell you where it is, what we're expecting. Talk a little bit about how it got to be, where it is. I want to talk a little bit about some of the issues in the case. I'm not going to bore you with a lot of detail law, but I want to talk a little bit about some of what I think are the political issues, the political slash legal issues in the case. I can't talk a lot about the specific facts of the case because the case is still pending, and we're going to be doing some things with it this month. I think I can talk about things that will be interesting to you. I'll do that first, and then after I finish, Bill's going to talk to you a little bit about the Digital Millennium Copyright Act itself and describe some of the features of that act and sort of be able to give you a little bit better background as to how the Elkinsoft case, the Elkinsoft company in Dmitri Sklerov, found themselves in trouble. And then Bill will also do is kind of take some lessons that maybe we have learned from that case. They're kind of painful lessons, I'd say that, but take some of the lessons that we've learned from that case and see how we can apply them to you guys and things that may be coming up on the horizon. And then we'll kind of close it out. We'll talk just a little bit briefly about some of the legislation that's been in Congress and that has been coming out lately and sort of what that may mean to you and sort of see how it relates to the DMCA, which was kind of a watershed in that regard. So that's kind of what the program is going to be. And I know it's hot and we'll keep moving. If you want to go out and go into the cooler outside, if you can believe that, that's okay. I want you to do me a favor. If I wave my hand like this, somebody be kind enough to bring me a little cup of water in case I drink all the water up here because it's going to get pretty hot. All right. You know, the last time I was in Las Vegas was about a year ago and I was here to visit Dimitri Sklerov, who was at that point in time in the county jail. He was in federal custody and he was in the county jail here and we had been retained on the case to represent Dimitri and I came out to see him. So it's almost a year since those events originally unfolded. And in fact, August 6th, thanks a lot, thanks a lot for that, is a closer date and I'll tell you about August 6th and the 2nd. But it's about a year ago since this whole thing started and how many people know about the case? I mean, do most people know about it and have heard of it? I mean, and it started when Dimitri was here at DEF CON last year and Dimitri and the ElkomSoft company. ElkomSoft is a Russian software company based in Moscow and they were here at DEF CON demonstrating some of their products and particularly Dimitri gave a talk about decryption and particularly decryption of PDF files. Well, as a result of that, and it's really not as a result totally of that because there were events that were going on before they ever got here. But I guess the best way to put it is that the government took that as an opportunity to arrest Dimitri and charge him. And the interesting thing about this is they arrested an individual and they initially didn't charge the company. They ended up arresting Dimitri in this hotel room not while the speech was going on. That would have caused a whole lot of fur. Hopefully I won't get arrested today. I don't expect that I am while I'm giving this. But they didn't arrest him during the speech, but they waited and he was in his hotel room, in fact getting ready to leave before he was arrested. We got involved in the case because one of the things that I do is criminal defense. In fact, that's a lot of what I do. I do what I call a criminal defense. And I like to think what I do is now is I'm sort of a prophylactic. And that is I try to keep people out of trouble before the act and actually then if they get in trouble after the act I'm sort of an after the fact pill. But what I do a lot now is to be the prophylactic and try to give advice so that people don't get themselves in trouble. But one thing that I feel that I want to do and I always have done as a defense counsel is you want to represent, I like to represent the underdog. And the underdog in cases frankly when you're going against the government can be a lot of things. Large corporations can be the underdog. The Anderson corporation can be an underdog. We can argue about the politics of that, but they can be an underdog. But particularly when you're talking about individuals, that's the underdog. And that's the reason that I wanted to get involved in that case apart from the fact that network security is something I've been interested in and it's an area of the law that we're trying to develop. Now why is that case important? Why is the case important? And thinking about what to say to you today I was thinking that the most important thing if you will that I can give to you is to try to explain why the case is important and there may be different, people may have different reasons, but this is I believe the reason. And the reason is we need to have now given the existence of the Digital Millennium Copyright Act there needs to be a standard for legitimate activity, legitimate conduct. People need to know when they're performing legitimate activity when that's what you're trying to do and that's what in fact you're doing. You need to know that you're not going to get yourself in trouble, that you're not crossing a line. Now there may be people who want to cross the line anyway, they don't care. Fingers up in the air as far as the government or whatever is concerned. That's fine, those people can do that. I'm the morning after pill for people like that. But for people who don't want to be in that position and that's a whole lot of people, what needs to happen is there needs to be some sort of standard for legitimacy. And right now, given the Digital Millennium Copyright Act, we don't know what that standard is. There really isn't. You as a software developer, you as a software company and in some instances you as users are in situations where if you do certain things, you may find yourself in trouble, you may find yourself being arrested and you don't know it and you had no reason to know it. That's why this case is important. Now that standard needs to be developed by somebody other than self-interested individuals and by that I mean primarily self-interested content owners because that's what we have right now. And let me explain. I'm not against copyright, alright? I'm against some things that are being done with copyright right now but I'm not against it, I'm not against property rights and I'm not against content owners. But what has happened is that self-copyright owners or content owners right now are the ones setting the agenda, setting the standard. And the problem with that is that the standard that they've set so far has no limits. It's difficult if not impossible for you to tell whether products that you may buy or products that you may develop in the area of software particularly as it relates to copyright protection, whether or not it's legal or it's not legal. And why the OCOMSOF case is important is because it gives us an opportunity to try to set that standard and bring some clarity to it. Now Bill's going to talk about the DMCA in a little detail but let me say this. I'm going to say something that maybe in this group sounds sacrilegious. But the DMCA is not all that bad. Now, I know, I know. The DMCA is not all that bad. The problem is the way that the DMCA is being interpreted and the way it's being applied. If you go and look at the legislative history of the DMCA I would tell you that I'd bet that a majority of people would agree with what was trying to be done there. And what was trying to be done there seems to me, you may disagree and we can talk about it, we'll have time for questions in that, but it seems to me to make sense. And the idea there was to try to prevent the circumstance where copyrighted content, property of someone else, was going to be unlawfully appropriated or infringed, copyright infringement. It was designed to figure out another way to prevent that in the digital age. Well, I don't know that I think that that's such a terrible thing in and of itself. So the act as Congress I think intended it to be is not so bad. But what's happened is that self-interest have hijacked it and have turned it into something where it is bad, where it really makes a mockery of consumer interest, of your interest. That is the problem. And the only way to solve that problem, there really got to be two ways to solve that problem, one is to repeal the act and come up with a new act and the climate that we're in now is not likely to happen. That's probably not going to happen. Maybe, but I don't think so. And the only other way is to try to erode it away by through the courts and through the law, through interpretation. Now sometimes that takes a long time to do. And sometimes you get lucky, and if you have the right case and the right circumstances, you can go get moving in the right direction without taking a long time. The problem with the current interpretation is that it's overly broad. And I'll give you an example. How many people heard about it? I think it's the Snow Sloth case. This is the, okay. Now HP, HP, these people wrote an exploit for I believe it is for a unit system. It's well known. They wrote an exploit for it. HP said, you know what? Well, let me put it this way. One of the vice presidents, HP said, you know what? We don't like that. We don't like the fact that you've put that out there. And they wrote a letter to the guys at Snow Sloth and they said, you know what? If you don't get rid of it, if you don't stop doing that, you guys are going to go to jail. And I mean that. You could be subject to $500,000 fine. You could go to jail. That's what they wrote in the letter to them. Now imagine if that's you and you get that letter and you've got your fledgling software company or your non-fledgling software company. What are you going to do? You're going to be chilled by that. And maybe not only chilled, but your business may even be killed. The reason that happened is the first lawyer in HP or whoever did it took the prevailing view, which is an overly broad interpretation of the rights of content owners and of what the Digital Millennium Copyright Act says. Now to a certain degree to HP's credit, somebody with some common sense and some law sense, I hope, thought better of it. And the following day, they basically rescinded it and said, hey, we're not going to do that. We didn't mean... That's not a policy. We didn't mean to write that letter. We don't mean what we said there. We don't mean to use the Digital Millennium Copyright Act in that sort of fashion. Well, that's good. But the problem is, it's out there and the reaction now from people is to reach for the gun and to shoot and ask questions later. And sometimes when you shoot and ask questions later, people get hurt. And sometimes when you shoot and ask questions later, businesses get killed. Now, what we hope to do with the Elthomsov case is to trim back this overly broad interpretation into one that is much more in line if not in fact in line with what Congress meant and in line with those things that will give you rights that you've had before, security and not having to worry about activity, legitimate activity, security and not having to worry about that you'll be arrested and thrown into jail. And for U.S. consumers, as I said, give you rights to do some things that you always could do. And in my view, you always ought to be able to do even though we're in the digital age. So that's hopefully what we're going to try to accomplish with the case. You know, we're sort of in the age of what I call the age of overreaction and the Snowsov case is an example of that. But I want to sort of talk about that in this way. As I said, one of the things that I do is network security law. And what that means is one aspect of what I do when I'm not defending individuals or corporations in criminal cases is I give advice and training to companies and individuals in the security business and individuals online about legal issues related to network security law. And there are really two arms to network security law. One of those arms has to do with what I call content security. And that's where the Elkomsov case falls. And that has to do with all of these issues about access to and getting into content and copying DVDs, copying music, et cetera, et cetera. That's the content arm. On the other side of information security is a network security arm. And that has to do with issues like network intrusions, et cetera. It's funny to me, and that's not funny haha, but that's funny curious to me, that right now where we see the most legal activity and we see really vigorous legal activity is on the content side. Companies like Elkomsov, companies who make products that allegedly are used to circumvent music protection or e-book protection, et cetera. The recording industry, the music industry, tremendous amount of lawsuits and legal activity on that side for alleged violations. On the other hand, where there are in my mind violations involving network security issues, for example, where you maybe make lousy software and your lousy software is the result of some sort of security breach and that security breach causes harm to others. You're not seeing very much legal activity on that side of the equation and you can ask yourself the question, why is that? Why is the activity the other way? Now the good news in one sense is that's going to change and over time you're going to see that sort of legal activity and one of the reasons it's going to change is because of infrastructure security concerns the government is going to require is going to start imposing requirements and is going to be essentially moving toward liability. So you're going to see that but that doesn't help now and it doesn't make people on the content side feel any better when they ask the question, why me? When I'm doing something that I intended to be legitimate and that was good, why am I in trouble? One of the reasons that I think that this case, the all-coms-off case, is really a prototypical case and it's the case to hopefully be the breakthrough is it involves a legitimate business that was trying to do a legitimate end, legitimate goals. That really is important. In this area, very often we've had some, I think, unsympathetic defendants and that's made it difficult even though their cause or position may have been correct. It makes it sometimes difficult in that context to make the sort of movement in the law that you want and it's my feeling that the all-coms-off case is a little different that way and that may give us an opportunity to move forward because all-coms-off as a company is just like almost every one of you out there. They're out there, they're trying to do the right thing and that should hopefully make a difference. Let me talk about the case real briefly. How am I doing on time? All right. July 16 of last year, that's when Dimitri was arrested here and it really wasn't until August 6, he was in custody until August 6 and we managed to get him out on bail on August 6 and he had a really torturous journey. It took 10 days to go here in Las Vegas to San Jose where the trial court was and sort of a torture is around the country a trip by the martial service to get there and so imagine if you were in a strange country, take Afghanistan or take any country you want and you're there and you sort of put away for 10 days with very little access to people that love you and care about you, imagine how hard that was and Dimitri to his credit stood up very well to that. He's a very intelligent guy, very personal, very intelligent guy and he did well through the ordeal but it wasn't until August 6 that we were able to get him out of custody and getting him out of custody meant that he only had a larger jail which means he had to stay in the United States, he wasn't able to go back home and his family, he had at that time a very small child who at that time I think was a little over 6 months old who had been born, he had an older child and his wife so imagine being torn away from your kid at that point. We did manage to get him out of jail, August of August the 28th he was indicted and the interesting thing about the indictment was at that point in time they not only indicted Dimitri but they indicted the company originally the charges were not against the company though it's my view they always intended to go after the company but it wasn't until the indictment that the company was charged. September and I believe it was September the 13th September the 13th we were able to bring Dimitri's wife and his family over to the United States which made a really big difference to him in terms of trying to stay up and be ready for what we thought at that point in time was going to be a long ordeal. Later in September we hired another lawyer John Kecker who's one of the finest trial lawyers in the United States a friend of mine somebody who I've known a long time and we brought in John to represent Dimitri and I continued to represent the company at that point in time. It wasn't until December and I think it was December 13th that we were able to work out a deal with the government where Dimitri was allowed to go home and the company would stand up and I don't know if people remember this but almost from the beginning one of the great things that Elkomsov did and that Alex Gadoloff did was to say look take me if you want to do this thing if you want to charge somebody with a criminal offence if what's happened here is a violation of the law at all but if you think it's criminal take me don't take this guy who's got this family who's an employee of the company who's an engineer who all he did was develop a program take me that didn't happen and it really wasn't until about December 13th that we were able to do that and what happened was Dimitri added into a deferred prosecution agreement so finally for the last time let me make clear what that means the third prosecution agreement says you've been charged with an offence if you do certain things according to this agreement we will dismiss the charges against you it's as if they never occurred we'll dismiss the charges okay now what are the things that had to happen Dimitri had to obey laws had to make himself available for trial if there was a trial against the company and he had to tell the truth he didn't have to snitch on his company he's not testifying against his company all he has to do is tell the truth as far as he knows it that's what he had to do that's a great deal that just makes him a witness and allows him to go home which is something that should have happened for a long time and it took us about five months in order to get it done but we finally did get it done and he went home and he was home for Christmas so that was a good thing after the beginning of the year in the case we filed motions meaning legal arguments with respect to the case and let me just talk about a little bit about a couple of those motions I'm not going to go into a lot of detail but a couple of them are important as to some of the issues that I raised before one of the motions that we raised in that case had to do with extraterritorial application of the law and that is we made the argument where the activity is in cyberspace if the activity occurs in cyberspace how is it that the United States government gets to charge an individual for activity that occurs in cyberspace well a government takes sort of a contrary view and the government took the view that well, yeah cyberspace, cyberspace cyberspace doesn't really mean anything all that is is that is a bunch of computers down on the ground someplace and as long as we have a computer somewhere in the United States that's involved in transaction that's sufficient to give us jurisdiction so we lost that motion because the judge agreed to that well, I got to tell you that you know, I think that motions ahead of its time maybe we'll get an opportunity to take that on appeal if there is an appeal in this case but I have to tell you that you could mark my words but ten years from now the question of territoriality as it applies to cyberspace is going to be a lot more well understood and accepted and in another case like that it's not going to be the same result probably the most important motion that we raised was a motion having to do with due process and having to do with the vagueness of the statute and most specifically having to do with this notion of what happens if I make a tool and that tool can be used for good or that tool can be used for bad am I liable? if I don't intend to use that tool for a bad reason or for a bad purpose am I liable? and would I know that ahead of time when I create the tool that's another motion that we lost and I think that that's a very significant issue and I think that there's some significant chance that we're going to be vindicated about that if there's an appeal in the case now you might say well you filed those two motions and you lost both of the motions you guys ought to pack up and go home well we're not going to pack up and go home there's going to be a trial and the trial is going to start on August the 26th and I think that's probably very likely that it will start on August the 26th there's always some possibility that there might be some small delay but knowing what I know I think it's going to go forward on August the 26th and what I'd say to you is I wouldn't be dissuaded overly concerned because at least to this point things haven't gone the way we precisely the way we'd like them I think that we have some things to say to a jury and I can feel reasonably confident about that I guess I'm reminded of two things there was a guy named Joe Namath who many many years ago was in Superbowl 3 and at that time the fledgling New York Jets were part of the American Football League and they were playing the Baltimore Colts who were powers in the National Football League in the National Football Conference this was like the third Superbowl at the time and the Colts were overwhelming favorites and they asked Joe Namath what he thought about that and he said well what do I think about it well I think I guarantee that we're going to win well they did now I'm not Joe Namath in that case but I think the same thing I think it because I have to think it and I think it because I believe it there are lots of instances where the cases don't look so good where the outcome is surprising and I think that this might well be one of those cases so that's a little bit about the case I'll have a chance to answer any questions you have about about the case itself to the extent that I can and some of the other issues that I raised in the beginning at the end of this and I'll let Bill talk a little bit about the DMCA yeah Joe mentioned something about the interpretation and the way the interpretation has been going all across the country at the appellate level the trial level and there's an incredible amount of confusion regarding the DMCA and the way that the different jurisdictions have interpreted it and if you read any of the columns in a slash dot and all of the commentary you can see that there's an amazing amount of disinformation being spun around as well I know we don't have much time but at least I just wanted to be able to explain the DMCA can be, if you just read it on its surface it can be actually very complicated but there's kind of a simplistic way to be able to to explain it so then at least when you guys go home you're going to have a little bit better understanding of the framework in which a lot of these discussions are coming in and also the way that it might actually impact you guys if you're going to be doing coding or if you're going to be, or especially actually if you're a non-US coder there's actually some very specific recommendations to how to stay outside of U.S. jurisdiction and so I think probably the best way to skip through this is there's a couple provisions in the DMCA and everybody's familiar probably with the ISP Safe Harbor provisions and that's what Napster tried to assert unsuccessfully and that's what Kazaz is trying to assert right now and that's a completely different area of the DMCA even though it's still under the same umbrella of the DMCA what we're talking about here is the anti-circumvention provisions of the DMCA and those basically they prescribe two different types of software code and it's confusing if you just read the way that the code is written but basically what it is is if you think about it in a simplistic way if you have a let's say this is just a raw naked code it can be a movie an e-book let's just say with the e-book for example it's just raw and it's naked it's completely unprotected so what the content owners wanted to be able to have is the first part of code is they wanted to be able to say we're going to be able to place this in some sort of lock form and the code that's going to be relevant to this is basically just a lock and this is what's called an access control and this is like the serial numbers things like that any type of pin number any type of technical constraint prevents you from gaining access to the underlying code and so what they did is they said okay there's two things that they've done with access code they said the first thing is that the act the actual act of breaking the code that's wrapped around the the actual call this to the naked code that act is prescribed under the DMCA the other part is it's called the trafficking provision or the anti-trafficking provision and it's when you you know I've got some here it might help if I do a bit here it's stuck I think it's a sleeper the heat okay probably it's best to look at it like this 1201A prevents the this is the act of circumventing the access controls but the other thing it does is there's something called the tools and it's the tools that this is the second of the three provisions of it prohibits the manufacture the import the offer to the public provide otherwise and the access controls so it's basically doing any of those things that's creating the code that's going to be able to enable somebody to do the underlying act which is accessing the code without the rights but there hasn't been a lot of litigation and a lot of stress on this the big controversial area that's prescribed the big controversial area here so far with most litigation and that's never mind well I don't think I need that is that what people do is there's something called the copy controls and what the copy controls are is like if you recall just like the basic copyright law there's something called a basket of exclusive copyrights that's like to be able to if once you become a content owner you're able to to limit the amount of people that or the access to the control of the code you can limit the distribution rights and things like that and so what the content owners were afraid of is that once naked code gets outside of a box then people will be able to ship it around the internet and print on the copyrights and so what they did is the second part is they prescribe something when you wrap code around see we spent a lot of money on the props here it's uh you just wrap the code so basically this is a copy control code and then what they've done is they prescribe and this is what Dmitri ran into the problem with and Alcomsoft and several other people is they've written the code that's actually used to defeat the copy controls so there's two codes here I don't know if that's clear enough but you have the copy control code and this code here and we're not going to get into the actual arguments that we develop but I think it might be helpful for people to take a look at how the federal government has prosecuted these cases and you can learn some of the lessons that the way that the U.S. attorneys and the FBI have done it so the first thing what I wanted to be able to do is just to sort of explain that the location in the server or the web hosting service is incredibly critical because what they're trying to do for example if you're outside the United States obviously outside the U.S. jurisdiction the way that the U.S. attorney's office has been able to imply or refer jurisdiction has been taken a look sort of in whole of all of the types of activities that you use to be able to sort of traffic in this code so the location is extremely important and if you're a German or if you're a Russian company you've got to be very careful because for example if you host your code on ISP in Atlanta one is a contractual jurisdiction issue right there because you've entered a contractual jurisdiction with a company in Atlanta but also it's actually the bits of the code are actually physically residing and so the courts have found it quite persuasive and so they can actually say okay we have the right to be able to to at least indict somebody for something like this in the criminal area. Another part is the website and the U.S. attorney's office and the FBI they're going to take a look to see the tone of the website and if there's an intent that you might have been using this software for example like this the copy control access software that you might be using that for to promote infringement and it's highly advisable to be able to figure that when and this is actually applies to anybody at any time to put anything up on a website as the guys in 2600 found out is when you're writing stuff on your website imagine just run it through the jury test if you're a prosecutor or the plaintiff's attorney is reading the content that you have on a website to a jury and run it through that because it's very persuasive to juries and to judges especially at the pre-trial where they're trying to discover if there's jurisdiction or not. Then there's telephone and contact information if you have 1-800 numbers for example then they're going to say well if you have a 1-800 number it's only accessible in Canada or you must have been intending to do business in the United States. Meta tags that's another thing this applies across the whole spectrum as well as the guys from 2600 found out as well that they will take a look at the meta tags and they'll string them together the words like infringement the words like crack or the words like hack things like that that can be also very persuasive declarations and warnings and this is something that you see almost in every alternative website will follow that is actually in the U.S. Attorney's manual you've probably read it a hundred times anytime someone says okay I've made this I've developed a software and it does this really nasty stuff and it can do this nasty stuff and this nasty stuff so if you're going to do that nasty stuff don't download it and a lot of people think well that's good enough to be able to sort of separate me I'm not to do it but actually the U.S. Attorney's office has said use that against the people because they can use that as saying that this is the information that you knew at least make it available to the public so that one that you've been used against you because you're basically saying yes I know it does all this nasty stuff so they've put that link there before they might have had to infer it the location of the software that's also something that a lot of people don't think about but if you're a German company you're selling just to Danish companies and you have an ISP that's located in France but say for example that there might be cashed in the United States or say that they might have some sort of backup data center in the United States and if it's residing here not saying that that could actually tip the balance but it's certainly persuasive. Credit card transaction processor obviously is incredibly important as well and correspondence you have to watch out for all the correspondence you're doing even on using that files any type of correspondence they're going to scan, they're going to do it complete like the way back machine they're trying to reconstruct what your website's done so in case you found out and just a reminder again what they're trying to do is they're trying to look to see if they can get something you basically what you can fill the smell test something they can, the prosecutor can go up in front of the jet and say these guys are really bad and this is the intent because a lot of what we're talking about here are tools that have multiple purposes and so they can be used for good and used for bad so these are the things that people just do on their websites and they don't realize that they're actually giving the prosecution ammunition and Joe spoke about snow soft and Joe did you want to just mention I think Jennifer Granik yesterday pretty much covered the Patriot Act pretty well and also we don't have a lot of time but I know there's a new House Bill 3482 that you guys might have heard about that it's made a lot of headlines with regards to life sentences for hacking and for cyber crimes and that actually I think Joe probably has some comments on that or hear me? It's sort of an interesting circumstance if that didn't wake you up it ought to when you're talking about potentially having life sentences for for hacking now it ought to wake you up one could make the argument what you have to do is you have to see what that Bill says and it's life sentences for intentional or reckless activity that leads to a loss of life so really what's happened in one sense is since the federal government really doesn't have a homicide statue the federal government does it in sort of bits and pieces and what you have in one part is to make one form of homicide involuntary manslaughter or second degree murder by a computer in this case they've made that potentially an offense for which you could get life and a lot of that is a reaction to infrastructure issues so for example let's say you had some cyber terrorists who decided to take over the air traffic control system and he decides to shut it down or whatever and that causes an airplane an airplane to crash into the ground or to crash anywhere and people die well and he does that by use of some computer intrusion it would have to be by that that's a circumstance in which which the bill contemplates you might justify a life sentence or the same thing suppose somebody takes over the Hoover Dam and unleashes the Hoover Dam and you've got a loss of life and a loss of property that's a circumstance in which you could contemplate a life sentence the problem with anything like that or what you have to be aware of is it doesn't necessarily have to be limited to only those circumstances and the definition of reckless reckless is a form of negligence it's an extreme form of negligence but that's what it is and when I say that it can be great like a lot of things in the law and when you have that you have the potential for perhaps activity that that you wouldn't expect or that doesn't fall into the two areas that I said to lead to somebody being indicted and potentially charged with going to jail for life that's pretty sobering I think and with regards to the European Cybercom trade I don't want to really add too much to that but I just want to say that the Europeans have even made it a little bit worse because remember what I was talking about with the DMCA what they've done is they've banned the trafficking of the tools or they've banned actually the act of doing the access control they haven't banned the possession of this tools yet and the European Cybercrime Treaty has actually banned the possession of these tools which is actually, that's really actually amazing the good thing about it is they've made some significant car routes well it's actually interesting to see how it's actually going to be interpreted but they've made some significant car routes for network security research so that was sort of like the compromise and as far as the, there's just I guess we want to leave some time for questions one other bill I want to mention is and people probably have heard of it this bill which purports to require hardware manufacturers to have in the hardware some sort of copy protection device and that's going to be a requirement well now think about that so now if it's in hardware and if as a matter of software you've got software protection you have a circumstance where the DMCA is going to protect against against certain sorts of almost all kinds of tools that are designed to get around those kinds of protections it really gets dicey to understand what kind of tool you can make that wouldn't fall within one of those two laws and the end result of that is if people don't make the tools then the consumer people at the end use may not have the same rights that they had before that's what's really scary and that bill is really an extension of the DMCA and it's a pretty dangerous one it closes a hole and it makes it much much more difficult for us to have the kind of digital rights that we should have is there any questions? any guards? what about the placement of the web server? would the case have come down even had elkomsoft hosted its web server in Russia the answer is you think not however the government's position the government position and the law right now is really if there are sufficient contacts it's not just a server but if there are sufficient contacts in the United States involving the illegal activity for example one of the things that elkomsoft did is used a service to collect money a pay service in the United States the government argued hey that's enough to give a jurisdiction and there were some other things so the answer is it shouldn't be but I think right now the way to be interpreted the answer would be yes the question was is the only way to be safe assuming you're completely outside of the United States is to is to block access to your web server I think that that's a factor I guess I would say I don't know that you necessarily have to go yeah the reason the answer is yes is because this question is an answer if I'm there and all I do let's assume I don't have any I don't have any pay service in the United States I don't do anything the only thing that I do is I put this up for sale in my web server you would think that that would be safe not clear and so what you'd have by blocking access from the United States is an argument about intent and that hopefully you could convince somebody but you might have somebody who didn't buy that argument and you'd still be there but that's probably if I were your lawyer I'd say yes that's what you should do I think the question was the question was what's the jurisdiction for US citizens who commit an act outside of the United States am I right that's not against the law in the country but it's against the US law and what's the other part of it for a foreigner who it's not against the law in their country but against the law here so we have the answer to the converse that's the outcome soft case the answer to the contra converse is the same thing now that's a little bit more difficult US laws can have extraterritorial effect normally what you want is that the law should indicate that it's meant to be applied extraterritorially but it's conceivable to have lots of circumstances where laws have extraterritorial effect this best example is what happens when an embassies bomb US embassies bomb overseas something like that you can have jurisdiction oh that's right but you can have other acts that are overseas you can have acts that involve the planning of it for example the activities caused over there so it's possible to do it I would say the way that you'd want to do it is to have that provision explicitly in the law that's something we argued in outcomes of that it should be explicitly in the law that argument wasn't brought at this point I just have to add one thing to that he's right the congress should write the law so it's actually explicit and you can see that with the statutory rape laws for example if it's legal to have sex with a minor in Thailand it's under 16 but they've specifically written the statutory rape law so if a US citizen intends to go to Thailand to have sex with an underage person even though it's legal in Thailand it's breaking a US law so when they come back they can be demanded into custody so it has to be very specific that that was the congressional intent to be able to have it apply overseas and there's a couple more examples but yeah it has to be pretty safe you can pretty much find out what the intent is because it goes down to notice one more we're out here okay thanks