 That's all. Morning, everyone. Yesterday, I had two brilliant ideas for how I was going to open the keynote this morning. One was going to be taking a group selfie, but then Robert and Jam stole that idea. My second idea was doing my brilliant Dries imitation. And trust me, I'm really good at it. Then Wonderkraut stole that idea. So I'm really left with nothing here this morning other than to announce our keynote speaker, who I'm really thrilled to hear from this morning. So we're going to hear from Corey Doctorow, who's a science fiction author, activist, journalist, and blogger. He's the co-editor of Boing Boing, a contributor to The Guardian, The New York Times, publishers Weekly, Wired, and many others. He was formerly director of the Electronic Frontier Foundation, a nonprofit civil liberties group that offends freedom and technology law, policy, standards, and treaties. He holds an honorary doctorate in computer science from the Open University in the UK, where he's a visiting professor. In 2007, he served as the Fulbright Chair at the Annenberg Center for Public Diplomacy at the University of Southern California. He co-founded the open source peer-to-peer software company OpenCola, sold to OpenText. And his forthcoming books include In Real Life, a graphic novel from first second, Information Doesn't Want to Be Free, a nonfiction book about copyright, and a children's picture book, which is relevant because I'm a new father. You can join us immediately following the keynote for a book signing in the bookstore back in the exhibit hall. So with that, please join me in welcoming Cory Doctorow. Thank you all very much. Thank you to Drupalcon for having me as a member of the Technology Speakers Union of England, Wales, and Northern Ireland. I'm contractually required to insert a hangover joke for all conference appearances beginning before 10 a.m. I have now fulfilled that requirement. Thank you. So, you know, I, like many of you, like all of you I presume, have a long and intimate acquaintance with free and open source software, and have spent a lot of time working and thinking about the questions of copyright reform and so on, and a frequently recurring motif and discussions that I have with people who are skeptical about freedom in software is that this is really about whether information wants to be free. You may have heard this phrase, information wants to be free. So to get at the bottom of it, I arranged to have a weekend away with information. We went to the Cotswolds. We drank Oki Chardonnay. We sat around a fire. We cried about our parents, and when it was all over, information took me in a great manly hug and rassed its stubble against my cheek and whispered in my ear its most intimate secret, which is that it does not want to be free. All information wants from us is for us to stop anthropomorphizing it, because information wants not one thing, and if it did, who cares? The imaginary desires of an abstract idea are not worthy of anyone's attention, but I still think we should be concerned about making free software, not because information wants to be free, but because people want to be free, and people can't be free in the information age without free information infrastructure. Increasingly, our world is made out of computers. Modern house is a computer that you co-inhabit. It's basically a giant case mod you live in. When you take the computers out of those houses, they cease to know how to respirate. They become almost immediately uninhabitable, and if you leave the computers off for any appreciable length of time, they will be permanently uninhabitable. Your car is a computer that you sit inside of, trapped, while it zooms down the motorway at 70, 80 miles an hour, depending on where you live. The Boeing 747 I flew to London from San Francisco on a couple of days ago is a flying Sun Solaris workstation in a very fancy aluminum case connected to some tragically badly secured SCOTTA controllers. You and I and everyone we know who grew up with Walkmans or iPods or other MP3 players, we have logged enough punishing earbud hours that there will come a day if we're not filled by a heart attack or a car wreck. First, there will come a day when we will have a hearing aid and it's vanishingly unlikely that that is going to be a beige, retro, plastic, hipster, transistorized, analog hearing aid. It will be a computer that goes in our body and depending on how that computer is configured, it will either be a computer that faithfully allows us to hear or a computer that decides what we hear, that makes us hear things that aren't there, that can make us not hear things that are there or even tell other people what it is we're hearing. I spent a lot of time in airport lounges. The first rule of the airport lounge is ABC, always be charging. I got to an airport lounge a little while ago, made a beeline for the only free electrical outlet, plugged my laptop in and not much longer, not much later, a very cheeky man came up to me and said, can I use that power outlet? And I kind of looked over my glasses at him and said, I'm charging my laptop. And he rolled up his pants leg to show me the robotic prosthesis he had and said, I need to charge my leg before the flight. And I said, the outlet's all yours. So the security of these computers, these computers that are in our bodies, these computers that are bodies are in the computers that are in our pockets and on our laps. The computers that fill our lives requires that we know what they're doing, that they perform their duties faithfully, that they refuse to take orders from remote parties unless we authorize those orders and that they keep us apprised of what they're doing. And there's only one real model for securing computers. It's the same model that has given us modern science, a model you might call freedom. Before we had modern science, we had a thing that kind of approximated modern science called alchemy. And alchemy looked a lot like science in that people did experiments to validate their hypotheses, but there was one critical difference, which is that alchemists never got a reality check by publishing what they did and letting other alchemists review it to find out how they'd just been kidding themselves. And as a consequence, every alchemist discovered for himself in the hardest way possible that drinking mercury was a terrible idea. And as a consequence, alchemy did not progress. 500 years, we call that the Dark Ages, during which alchemy prospered and was the dominant model. Alchemy was replaced by science. The big difference between alchemy and science is publishing. The freedom to know what other people are doing, the freedom to comment on it, the freedom to attempt to reproduce it. And in the same way, security only works when we have that freedom. As Bruce Schneier says, anyone can design a security system that works so well that he can't think of a way of breaking it. But unless you're the smartest person in the world and statistically that's very unlikely, all you've done is design a security system that works on people who are stupider than you. And so unless we tell people how security works, we can't be sure that our computers work. So floss is the necessary prerequisite for finding, patching and continuously improving the complex systems that we put into our bodies and that we put our bodies inside of. And in a sane world based on enlightenment principles, floss would be the only development methodology we accepted for useful and critical technology. No one would be allowed to build this hall, no one would be allowed to build a house or any significant structure using proprietary methods. If the firm of engineers you hired to figure out the load stresses on this arch said, we're not gonna tell you how we calculated it because that's part of our proprietary edge. You would not allow them to build a significant building. You wouldn't allow the firm of engineers or the architects to decide where the conduit went in the walls and not tell you so they could be sure that only they could be the ones who upgraded your electrical mains or added new ethernet cable. But the world of floss is getting more fraught, not more easy because everything in the world is made out of computers and so every problem in our world has a computer in the middle of it and lawmakers and policy makers just don't understand what that means. They have not yet come to grips with the idea of a general purpose computer. They don't understand that one of the crowning achievements of our last century is the touring complete computer that can execute any instruction that can be expressed in symbolic logic. They think that a computer is a bit like a car, it's complicated and it has lots of purposes but it's inherently regulatable. If you say to the automakers of your country, we've determined that speaker phones present a risk and they increase the number of collisions. It wouldn't be untoward to say as a result, manufacturers can't add speaker phones to cars. You may disagree with the methodology but no one would say, well, that's not a car anymore. But you can't say to someone, there's a program on this computer that causes some harm. Therefore, make me a computer that's incapable of running that program. We know how to make the general purpose computer. We know how to make the touring complete computer but no one has ever figured out how to make a computer that's touring complete minus one. Now, this all started with the copyright wars and so it's natural that free software and copyright find themselves often in dialogue although this is an issue that's much bigger than copyright. But you remember that at a certain point you started to get new kinds of entertainment media, DVDs that would sometimes you'd stick the disc in the drive and instead of playing the disc, it would say this disc is from the wrong region and you're not allowed to play it. And then that idea spread into other kinds of computers. For example, the iPhone in your pocket that won't run third party software unless Apple has signed that code. Now, the only way to make this stuff work is to make it illegal to tell people about the flaws, about the mistakes that the programmers made when they designed it. Because any vulnerability, any error in a device can be bootstrapped into a jailbreak that can be used to unlock it so that you can listen to music in the non-preferred way or buy DVD in the non-preferred country. And that has become a feature of law all over the world. It started with UN treaties, the WIPO, the World Intellectual Property Organization has the same relationship to dumb copyright that Mordor has to evil. It's kind of its origin node. WIPO passed this treaty in 1996, the WIPO Copyright Treaty, which is like the most important law no one's ever heard of, that bound its member countries to implementing these rules that make it illegal to tell people about how the flaws in their computers can be used or abused. And in the EU, we got that through the EUCD in 2001. In the US, you'll know about the Digital Millennium Copyright Act or DMCA of 1998. Embarrassingly for us Canadians, we got it in 2011 through Bill C-11, which is embarrassing because in 1998, it was just barely understandable how you could misunderstand how important the internet was gonna be. But if you're still making dumb mistakes like this about the internet in 2011, you have not been paying attention in a way that can only be summed up as felony stupidity. And so every country in the world to some approximation now has a law that says that if you have anything that restricts access to a copyrighted work, it's against the law to tell people about vulnerabilities in that system. Which means that every system that has some nexus with protecting a copyright is now a reservoir of long live vulnerabilities that can be bootstrapped into attacks on their users, bootstrapped into attacks by identity thieves, by voyeurs, by spies, by governments, by police. Most recently and most terribly and most immediately important to those of you who write the web is that we have now had a standardization of DRM and HTML5 thanks to a terrible decision of the World Wide Web Consortium which means that anything that has a browser interface will be illegal to tell people about flaws in it and increasingly everything has a browser interface. Every browser UI is going to harbor long live pathogens even as our browsers are coming to control every corner of our lives. Between the prohibition on reporting vulnerabilities and phones and browsers, it's almost game over. I mean you can see it happening all around us. What was the fappening, that leak of all those celebrities' private photos if not the most recent example of what happens when you make war on general purpose computers? What happens when people aren't allowed to know about flaws in their browsers? You get what happened to Cassidy Wolfe, the last year's Miss Teen USA who was tricked into installing a rat, a remote access trojan on her computer that allowed her attacker to capture incidental photos of her naked in her room because who doesn't walk naked in front of their computer and also to harvest the passwords for her social media accounts and then to blackmail her saying that if she didn't perform live sex acts on her webcam, he would release the photos to the internet through her social media channels. Now she went to the FBI and when the FBI caught this guy he had over 140 victims including minor children in the EU. The FBI then busted a ring of 100 more ratters from remote access trojan users around the world each of whom had as many as 400 victims, many of them minors. If you don't know what your browser is doing, if you're not allowed to know what your browser is doing, the risk is almost without limitation. And in the future, this idea of designing computers that try to hide what they're doing from their owners is only going to get worse. It will be the remedy for every evil. I like the idea of smart thermostats, I'm worried about the environment. I like the idea that we can use renewables or carbon neutral power sources that have a fairly steady output that we can't turn up or down and that that may mean that the power company wants to turn down your thermostat or turn it up by a degree when the load is at peak. And so I understand why we have smart thermostats but I also understand that smart thermostats only work or work best when the power company sends the signal to turn down your heat if you can't walk over and turn it back up again. And that means that there's an enormous incentive by all the companies providing smart thermostats to stop you from knowing what your thermostat is doing to stop you overriding it. And that means that the next time people take to the streets like they did in Euromiden in Ukraine, the local dictator will be able to use something like a Stingray, the devices that harvest the Emmys off of your phone to decide who was at the protest and then shut off everyone's heat that night. We've had calls now to design weapons that ISIS can't use if they capture them from US forces because it's horrific to think that ISIS is capturing weapons from US forces and then turning them against the US. But at the same time, any weapon that only works if it's correctly authenticated is a weapon that's vulnerable to being bricked if you can convince it that it's under attack. We are now increasingly in an era of self-driving cars and there are lots of problems that self-driving cars attend like boy racers, drag racing with them or people stealing cars. And so increasingly we're gonna have cops who wanna be able to override those smart cars and tell them to pull over to the side of the road or repo men who wanna tell them to drive back to the garage. And that only works if the person sitting in the car can't override the signals coming remotely. And that means that anyone who's in a car who is either in a state where the police can't be trusted or are corrupt or is in a state where the police lawful interception credentials have leaked is liable to having their car pulled over or driven to some convenient place where they can be robbed or murdered or raped. We have a moral panic already about 3D printers that can print guns. And increasingly we're hearing calls for 3D printers that can't print guns but we don't know how to make a 3D printer that can't print guns. All we know how to make is a 3D printer that has spyware out of the box that watches to see whether or not you're trying to print a gun and if it does, attempts to intervene. Now we need to head this stuff off at the pass before it's too late because human liberty and an information society is incompatible with the idea that our computers are designed to take orders from remote parties which we aren't allowed to know about or countermand. As much as guns and drag racers and climate change and ISIS scare me, the idea that my computer is designed to tell me I can't let you do that Dave, scares me even more. Not least because we know that this won't be an effective remedy against the harms. If there's one thing that copyright wars of the last 15 years have taught us, it's that DRM doesn't work. Not because the engineers who implement it are stupid, but because it's a fool's errand. When you know how crypto works, right, you have the eternal love triangle, Alice, Bob and Carol. Bob wants to send Alice a message and he assumes that Carol can read the message as it goes past on the wire because it's either going by radio or it's going over the public internet or it's going over a satellite where the footprint is an entire continent. So Bob thinks that Carol can intercept the ciphertext, the scrambled message. Bob also assumes that Carol knows how the message was scrambled because nobody invents their own crypto algorithms unless they're stupid because no one can design a security system that's proof against everyone in the world unless they let everyone in the world tell them about the dumb mistakes they've made. So Bob is smart. He assumes Carol knows how the message was scrambled. The only thing Carol doesn't know, the only thing Alice knows and Bob knows that Carol doesn't know is the key. And so long as Alice and Bob can keep the keys secret and there's lots of cool key management stuff we can do with crypto, then Carol can never read the message. We have it in our power now to use the phones we carry in our pockets to scramble messages so thoroughly that if every hydrogen atom in the universe were converted to a computer that did nothing from now into the Stelliferous period when the universe ran cold it would still not brute force that message. It is an amazing time in an age of wonders to be alive and that is why Bob and Alice can communicate without having to worry about Carol. But DRM is not Alice and Bob and Carol. DRM is just Bob and Alice. Bob wants to send Alice the message. Bob wants to control how Alice decrypts the message and make sure that she can't save the clear text because Bob wants to be sure that every time Alice decrypts it there's some kind of check done to make sure that Alice is still allowed to experience this media in the clear. And so everybody in the world is Alice, right? Everybody who has an interest in breaking this DRM is Alice and the keys are hidden in equipment that we give to Alice. So it's like giving the bank robber the safe to keep in his living room. And Alice not only includes just other people like you who have some interest in uncovering where the key might be hidden. Alice is like bored grad students with the weekend off an electron tunneling microscope. And there's a term in security. There's a term of art in crypto for this model. It's called wishful thinking because Alice will always recover the key if you give her the device that has the key in it and let her spend as much time as she wants in any lab that she wants, collaborating with anyone that she wants to extract those keys. Now here we are in the 21st century building the substrate on which the information society will run. You folks are building the CMSs on which everything from the onion to the White House lives. We're building it and we're making free software and making free software is the start but you can't make free code without a free society. This fight can't be won merely by writing good code. We need to convince our lawmakers to make good law too. We need to head this off at the pass not just with our technology decisions but with our political decisions. We need to take the fight to the EU. We need to take it to our parliaments. We need to take it to the UN and we need to take it to Congress. And when I started working on this stuff there was practically no one involved in doing this stuff. It seemed almost impossible to think that groups like EFF operating in isolation would somehow manage to convince parliaments and governments and Congresses all over the world to do the right thing, let alone the UN, let alone regulators. But now there are so many groups working on this that it actually gives me some hope. Maybe not optimism, but at least hope. The difference between optimism and hope is hope is what you do because you have no choice. If your ship sinks in the middle of the ocean you keep paddling even though you know there's almost no chance of being picked up because if you don't you'll sink. And everybody who's ever been rescued had hope. Everyone who wasn't rescued, well some of them had hope too but no one who's been rescued was rescued without hope. And so it gives me some hope if not optimism to know that there are groups all over the world working on it. And that's really my call to action to you today. It's not enough to write free software. We need volunteers, we need money, we need activism. Working with groups like the Electronic Frontier Foundation or here in the Netherlands, there's Bits of Freedom. In France there's Quadrature de Net. In the United Kingdom there's the Open Rights Group, there's Digital Rights Ireland, there's OpenMedia.ca in Canada and other groups all over the world that you're probably familiar with, Nets Politique, the Chaos Communications Congress and so on. Now the fight over copyright is not the mega boss. We are not in the final level of this game that we call Building the Information Society. Hollywood is not Big Brother, it's not ISIS, but they are the mini boss at the end of this level and we can't get to the next level until we defeat them. We can't fight for a free and open society unless we have free and open infrastructure and right now the biggest threat to that is the threat driven by people who are horribly worried that you might watch television the wrong way or you might listen to the radio the wrong way. In the United Kingdom where I live, in the last parliament, in the last hours of the last parliament, we had a thing called the wash up. Every time British Parliament prorogues for a new election as it's about to do for the 2015 elections, there's one last session of parliament in which non-technical station keeping legislation is passed without any debate just to keep the lights on while everyone's back in their constituencies, campaigning for re-election. And into that wash up, the Labour Party slipped something called the Digital Economy Act. And the Digital Economy Act, among other things, allows the Secretary of State to pass a rule that says that if you get three accusations of copyright infringement, they take away your internet access. Now what does that actually mean? Well just before this was enacted, there was a woman named Martha Lane Fox. She now has the coolest title I've ever heard, which is Baroness of Soho, which is like Dungeons and Dragons meets Freddie Mercury. But before that, she had the second coolest job title I'd ever heard of, which was the champion for digital inclusion, which is the championship I'd like to win someday. And Martha, when she got the gig, she said let's ask Pricewaterhouse Cooper to find out what it means when everyone's digitally included, excuse me. And whoa. And so Martha said let's find out what it means to find out if everyone's digitally included. So Pricewaterhouse Cooper, they went off and they did a little AB split. It turned out that there was a housing estate, social housing, like a housing project we call it in the US. There was this housing estate where a couple of years earlier they'd given them free internet access, not because everyone there was like super internet-y and high tech, just because they were closer to the phone company CO. And so it was easier to run a DSL line to them. And then there was another housing estate right next to it where they hadn't run this. So it's like a natural AB split, same population, different conditions. Two years later we investigated. So you'd assume that if you gave people internet access a few things would change, their kids might get better grades or maybe they would be like a little bit more up on the news or something. Well, everything changed for these people. Everything we use to measure the quality of life in a society changes when you give people internet access. What Pricewaterhouse Cooper found for these people who'd had internet for a couple of years was they not only had better educations, they're kids, but they were more likely to go on to tertiary education, more socially mobile. The parents had better jobs and they had more disposable income. They had better nutrition. They were more civically engaged. They were more politically aware and more likely to vote. That single wire that we wired into their houses delivered free speech, a free press, freedom of assembly, better access to nutrition, to employment, to income, to social mobility, to education, everything we used to measure the quality of life in a modern society. And the bill that was passed in the last parliament said that the Secretary of State could, at his discretion, make a rule that says that if you lived on the premises in which someone was accused of using a piece of network equipment to watch television the wrong way three times, that we'd cut all that off from you. So it's important that we fight about copyright, but not because of copyright, per se. I mean, I make my living from selling books and it's nice to, in fact, it's more than nice. It's super awesome to make a living making up stories that help you pass the long slog from the cradle to the grave. I mean, that's super awesome. If you told me 25 years ago that that was gonna be my day job, I would have laughed in your face. But if what it takes to have a free and fair society that I can bequeath to my six-year-old daughter is that I have to go out and get a real job, I'll get a real job. I mean, I haven't to believe I can make a living without spying on everyone and controlling their devices and backdooring all of the information society. But if it turns out I'm wrong, I'll get a job because as much as I like making up stories for a living, the queething of free and fair world to my daughter is far more important. If we can't trust our tools, we have already lost this fight. So that's the end of my talk. I'm gonna take your questions, but I've also been asked to tell you that when the questions are over, please don't all run out because there's an important announcement. I'd also like to remind you prior to your questions that while a long rambling statement followed by what do you think of that as technically a question, it's not a good one. So thank you. All right, who's got a question? I know that that was all totally non-controversial and self-evident and generally speaking, everyone just agrees, but there's a question. Hi, so would you like to join us at the end? Oh yeah, sure. So we've been fielding questions on Twitter. Oh, great, yes. So wow, you speak fast. Sorry, I should have apologized. I am one of nature's fast speakers. When I was at the United Nations for EFF, I would stand up and intervene in the slowest voice I had and then I turn around and look at the simultaneous translators and their boxes in the back and every one of them would be doing this. Yeah. That plus I've had enough coffee to kill a rhino today. Yeah, Larry Garfield, one of your biggest fans in the audience was commenting on how fast you do speak. I'm sorry. He caught us by surprise. Yes, I'm sorry. So I've been watching Donna Benjamin her tweets in the audience. The first one said, I'm feeling angry. And then she said, I'm feeling angrier. So you've obviously caused some quite passionate feelings within the audience. What practical advice do you have for our community to turn this anger into some positive action? Well, I think you folks are already doing something really important, which is building free and open infrastructure. That's super important and that contribution needs to be acknowledged. This is an audience of people who are already doing a lot more than most people. But as I say, there are these other policy levers that we need to move. I mean, Larry Lessig, he says there's four things that legislate us. One is code, one is law, one is markets, and one is norms. And I think that you guys are doing a great job on code and a pretty good job on markets too, but laws and norms need to be changed. And the law is the best way to change them if you don't want to get involved in lobbying or whatever, is to outsource that to groups like Electronic Frontier Foundation or Bits of Freedom or digitalrights.ca or whatever your local equivalent is and particularly to join their action centers and their mailing lists because although it sometimes feels like petitions are useless, we've had a number of recent victories in that world where nobody thought we could win. Like, you'll remember SOPA, right? The day that no kid could do their homework because Wikipedia went black. And when I started working on SOPA, I was in DC and everybody in DC, all my hill rat friends, said this is like a done deal. They've counted the votes. These lawmakers can't get reelected without the funding from the people who've told them how to vote on this. You will never win. Go back home and figure out what to do about a world where SOPA is law, not what to do to stop SOPA. But Aaron Swartz and the Fight for the Future Kids and EFF and a few other groups of people using really simple little JavaScript widgets, built tools that let anybody who is worried about SOPA black out their own page and say, this website's gonna have to go offline if this dumb law passes. Here's one click that you can do, enter your zip code and click it and we'll put you through on the phone to your lawmaker and you can tell them what you think of this. And we put eight million phone calls through to Congress in just a few days and Congress realized that as hard as it is to get reelected without campaign funding, it's a lot harder to get reelected without votes. And it totally changed the landscape. So getting involved in those action centers where you're asked to put in petitions and call your lawmakers, show up at their constituency offices and surgeries when they're campaigning for re-election makes a huge difference. And then normatively, I like elegant hardware as much as the next guy, but if you're buying gear from the fruit company that has normalized DRM and become the world's biggest DRM vendor, it's not helping. And as much as they do some nice stuff, you can't convince me that a little tick box that says, I'm an adult, let me decide whose software I'm gonna run on my own would be like a hole out of which all the elegance would run out and puddle around your feet on the floor. So making good normative decisions, being the nerd for your family and friends, the tech support for your family and friends, who takes the extra minute to get them working on floss platforms so that when things go wrong, they're easier to fix because while proprietary software is sometimes easier to make work, it's a lot harder to make work when it fails. It fails really ungracefully because you have to go look up your license keys for all the software to reinstall it and so on. So getting them in a system that fails gracefully, which is usually floss, is a great thing that you can do normatively and making sure that they understand that dimension and just making sure that when you have these debates with people, which are only gonna become more common about what we do about self-driving cars and guns and 3D printers and whatever, that you always bring it back around to, do you really want a thing inside your body that's designed to take orders from remote parties? Thank you. Great answer. So you've talked a little bit about poor legislation, misguided legislation, and the velocity of technology and how it's accelerating. It seems to me that lawmakers are struggling to keep up with this. I've seen examples where the Navy in America have been using Git to collaboratively produce policy and strategy. Do you think that there's a place for open source to help with the legislative bodies to try to form better legislation using technology that we use in development? Well, sure. I mean, I think we've seen some of that already just in floss-based sort of new front ends to bad government technology. Like in the UK where I live, there's a thing called They Work For You, which used to be that the parliamentary record in the UK was published as like word files, and it was under parliamentary copyright and very hard to search and very hard to access and so on. And They Work For You wrote a crawler that was illegal. It violated parliamentary copyright that pulled down the parliamentary record and turned it into a thing that looked like a Facebook page for each of your lawmakers. So you go and you punch in your postcode and it says, this is your lawmaker. Here are her last several interventions. Here's how many bills she's introduced. Here's how often she speaks in parliament. Here are other constituents who've left message of public messages for her and what she said. Here's where she fits in the statistical picture of lawmakers. Does she speak often? Does she speak not often? Does she vote against the party whip and so on? And totally revolutionized the way people interact with their parliament. The interesting thing about this is that parliament immediately became obsessed with They Work For You. It was like the first blush of social media, but for lawmakers. So it was like Friendster for lawmakers or Six Degrees for lawmakers. And it was that addictive thing where they were just all hitting reload to see whose stats were going up and whose stats were going down and who was the most responsive. And so when it actually came time to bust The They Work For You people, my society, for scraping the parliamentary record without a license, they ended up just giving them a license because there was no way they were gonna shut it down. It would have completely blown up all these Westminster village Politico junkies who were dependent on it. So there's lots of stuff that Floss is doing. I mean, the Pirate Party's liquid democracy tool is I think really revolutionary as a way of doing delegated democracy. So instead of asking everyone to vote on every issue, which very quickly just becomes nobody voting on any issue because you get total voter fatigue, you can delegate your vote to an expert. So you can say when environmental issues come up, let Jenny answer for me. And then Jenny can say when water issues come up, let Kelly answer for me. And then if there's ever an issue that you wanna intervene in, you can take your vote back. And so that kind of liquid democracy system seems like a nice balance between that direct democracy which creates total decision fatigue and fully delegated democracy or representative democracy where the only choice you get to make is like every five years you get to decide who's gonna represent you. And then in between they get to do whatever the hell they want. And do you think that that's maybe there's some parallels there with government departments not being well informed in technology and maybe they could devolve the decision making to experts in security and copyright? Well, so I think that the problem with expert agencies is not necessarily a technological one. I think it's an epiphenomenon of the larger phenomenon that Larry Lasig has been calling corruption, which is that when you look at regulatory outcomes, they basically favor rich big entrenched industries. And when the former head of the cable lobbyist group is put in charge of the FCC and then starts talking about how network neutrality is time is gone and it's time that we started building non-neutral networks, that's not a matter of technical ignorance. That's corruption. And there's not really any other good word for it. It's basically people from industry paying to help elect lawmakers who then ensure that people from industry are appointed to run the expert agencies that are supposed to be in charge of it. But where technology can have a role is in exposing that stuff. So tabulating the vote separately and making sure that we see when the policy makers are ready to intervene and say, well, we've decided now that we've consulted with the public, we've decided how it's gonna go. Being able to then say, well, the way you've decided it's gonna go runs totally contrary to the public opinion in this incredibly detailed way. It helps make the case that there is corruption there. Sometimes it causes them to reconsider, but it also helps fuel this larger fight that Lessig's involved with to try and get money and the undue influence of money out of electoral politics. Thank you. So Larry Garfield has posed a question. He says, how can we as web developers fight back against web digital rights management? Because he's saying that not using it feels very insufficient. Yeah, it really is. I mean, we need to knock this out at the W3C because here's what's happening. What happened is that all of the people in the browser divisions of the big three commercial browser vendors are terrified of the people in the app divisions and they're worried that everything interesting is moving into apps. And so they really want Netflix in browsers. And so they go to Netflix and they say, what will it take to get you into my browser? And Netflix says, well, we just need to specify your internals so that our video won't leak because we have this consensus hallucination that there's a thing called streaming that isn't downloading. As though the internet were made of a cunning arrangement of tubes with mirrors in it and there was a way to render a picture on someone's screen without sending them a copy of that picture. And in order to preserve this consensus hallucination, we need to make sure that the browser is designed so that users can't save the video because all streaming is, is a download without a save as button. And we need to make sure users can add a save as button. And so the browser vendors roll over and they say, great, we're gonna let you put save as buttons into or put specify our internals to a high degree. And then they all show up at the W3C and the W3C says, right, let's make some standards. Who wants to standardize Foo? And they say, sorry, Foo was standardized in a bunch of closed door meetings with Netflix. And they go, how about bar? And they say, bar two. And the W3C goes, holy smokes, we're worried about this app stuff making the web obsolete. Now we're doubly worried because all the interesting stuff is being specified in closed door meetings. What will it take to get Netflix into the room to help us standardize DRM? And Netflix says, oh, we're gonna be great corporate citizens. We'll pay for the reference implementations. We'll help with hardware. We'll, you know, we'll put as many people on this as we need. And the W3C right up to its founder, unfortunately, rolled over and let them have this. And now there are lots of other people lining up to get their stuff standardized too. So like the ebook consortium wants to standardize ebook DRM. Ebook DRM is just DRM for formatted text. And once there's a zero click install standardized way to DRM formatted text, every paywall newspaper in the world is gonna have this stuff. And since you can't really implement DRM in open source software because the user can go in and just turn it off if you've got the source and you can recompile it, then once this becomes a reality, most of the premium web, most of the interesting stuff on the web or at least some huge plurality of the stuff that people use the web for will be off limits if you're using an open source browser or an open source operating system, which is the end of floss in the operating system as we know it because there's not enough, the reason there's so much dev on server side, GNU Linux is because there's all this client side GNU Linux too and they're in a virtuous cycle. If there's no client side GNU Linux dev because anyone who's running Ubuntu or Mint or whatever or Red Hat can't see a third of the web, then server side stuff is gonna start falling by the wayside too. So it's really the end game. And what we need is people involved at the W3C and there actually is a way that W3C can divide the baby. You may remember the W3C wrestled with software patents more than a decade ago when software patents started to proliferate in the web. And what they said is we're not gonna take a position on whether software patents are good or bad. The only position we have is whether or not you should be allowed to implement our standards without taking a license from anyone. And on that, we are totally clear. So you can make as many software patents in the web as you want, but if you participate in our standards making, you have to agree to license all of those patents to anybody who's implementing a browser without any explicit communications, without any royalties, without any conditions so that you can always make a browser without it. Well, you could do the same for DRM. You could say we take no position on whether DRM is good or bad, but we do take a position on whether or not you should go to jail for reporting a vulnerability in a browser and that position is you should never go to jail for reporting a vulnerability in a browser. So if you're here in our DRM standardization, you have to promise never to sue someone who reports a vulnerability in a browser. And we also take a position that you shouldn't go to jail for implementing our standards. And so that means that if you're in our DRM standards bodies, you have to agree not to sue anyone or prosecute anyone who implements your DRM, even if they implemented in a way you don't like, e.g. there's a save as button. And at that point, there's no point in making DRM at the W3C anymore. But I think the W3C will have a much harder time defending the position that it's okay to send people to jail for reporting bones than they have in defending the position that DRM is just another tool that the web needs. And I think by helping reframe that at the W3C, which is something that all of you who are involved in deep web development can help us do, that that would really start to make a difference with the W3C. And they'll still try and standardize it somewhere else. They'll go to some crappy standards body like Oasis, but nobody implements Oasis standards, right? It's only the W3C and the other big standards bodies that count. So in an article in The Guardian that you wrote recently, you talked about how Mozilla kind of bowed down to pressure and risk out of fear of becoming irrelevant as a browser in Firefox. Do you think that issues and pressures relating to legislation or potentially corporate pressure is going to impede or skew the way that Drupal or other consort CMS's direction takes? Well, I think the Mozilla lessons are really important one. What happened was Mozilla was the kind of, you might think of them as like the competitor of Last Resort for the commercial side. Back in the days of pop-up ads, you had commercial browsers who were deadlocked on pop-up blockers because they were worried that the big publishers would degrade the experience of looking at websites on their browser unless they allowed the pop-up ads to come through. And Mozilla, they had a different set of motives. They had a different victory condition and so they just blocked pop-ups out of the gate and that was the end of pop-ups. But the economics have changed now so that even though Mozilla was the company that was holding the line on DRM for Firefox, once the commercial competitors adopted DRM, they were basically backed into a corner to follow suit. I still think it was a huge mistake and I'm still incredibly disappointed in them, but I understand why they did it. I understand that they felt that they had no choice but to do it and I hope that they will follow that up by doing some other work that I suggested in that column about how they can mitigate the effects of this. So I think, yeah, absolutely, you need to be out on the lookout for this. I mean, we used to be in this, we used to wonder like whether the future was going to be Orwell or Kafka, right? Which dystopia were we going to end up in? And it turns out that it's like Huxley, right? It turns out that it's entertainment that we can Huxley our way into the full Orwell, right? Entertainment can drive us to allow back doors to be put in all of our stuff to make sure that we're not watching TV the wrong way. And yeah, absolutely, I think Drupal will be subject to exactly the same pressures because there's going to be the same kinds of policy initiatives that say the way that we solve this problem is by designing computers that take orders from remote parties instead of their owners. I mean, lawful interception is probably a likely target for Drupal. Back in the 90s, the US government passed a law called Calia that says anyone building a switch has to build it so that the police can wiretap that switch without actually going to the phone company's premises and connecting equipment. So you just log into a terminal, you enter your credentials, and now you can listen in on any phone call. And as a consequence, all switches are now built with this lawful interception stuff sitting in the background. And that means that all places, even places without lawful interception laws are vulnerable. So Greece, for example, in 2005 when it was working on the Olympic bid, Greece doesn't have a lawful interception law. The Calia stuff is turned off on all of their switches. But someone logged into their central phone company's major switches and turned the lawful interception on and wiretapped the entire government, including the prime minister. And it's only because they didn't erase the logs that we knew they'd do it. So once you've got a back door in there, people will exploit the back door. They check offset if there's a gun on the mantle piece in act one, it's gonna go off by act three. And so you're gonna find lawmakers to the extent that you are now going TLS by default, to the extent that you're now installing encrypted stores, to the extent that you are now sort of building platforms that are not amenable to trivial wiretapping. Lawmakers are gonna show up and they're gonna say, put a wiretapped back door in this thing because the crypto is intact, right? That's the one great takeaway from Snowden. The bad takeaway is they've turned the whole internet into a giant surveillance infrastructure. The good takeaway is they don't know how to break the crypto, so they try to break the endpoints instead. And you're operating one of the endpoints. And so you're going to have spooks and you're gonna have cops and you're gonna have governments showing up and saying, let us wiretapped your stuff without needing to actually serve a warrant or show up at your door. And it's gonna be really hard to resist that, but as soon as you put that in there, then anyone who builds a Drupal instance in Egypt or Syria or the former Soviet Union is gonna find themselves just as wiretappable as people here. And you may think that the police here will follow policy, although that's kind of a stretch, I think. It's pretty clear that police in other places are even less willing to look at human rights fundamentals and proportionality in the rule of law when it comes to wiretapping entire populations. Okay, so we're running out of time now. Okay. I think maybe a lot of people in the audience might like to pick up this conversation afterwards. Sure. So your Twitter account is... I'm at Doctor O and I'm the first Corey in Google, if you wanna find my email address, just put Corey into Google. And I'll be signing books in the book room, but I have to warn you that I'm gonna run right after that, because I'm gonna make her fair roam to do this talk there tomorrow. So thank you all. So if you could remain seated, I'd like to invite Drace to the stage. He's got a few words to say. That was a great presentation. Thank you very much. Thanks. Yeah, I just wanted to give you a quick update on the Drupal 8 release. So this morning at breakfast, your friendly core committers met and we decided to basically release Drupal 8 beta one. And so... So obviously great news, special thank you to the other core committers, Gach, Alex and Angie and Jennifer. So thank you very much. If you go to Drupal.org, the announcement is live on the website. And so you can find all the information there. So go and download Drupal 8 beta one and give us feedback. Thank you.