 Oh, hello. Hi, everybody. I am Cindy Cohen, and I am the Executive Director of the Electronic Frontier Foundation, and I can hardly contain my excitement at our event today. It's going to be so much fun because it's combining some amazing people with a topic that I am incredibly passionate about, and that is the effect of surveillance and privacy on all of us. So welcome. This is a part of our 30th anniversary year, and what we've been doing this year is having a series of conversations that we're calling EFF 30 fireside chats, commemorating the 30 years that EFF has been fighting for you and fighting for digital freedom. So remember that we are saving the final 15 minutes of this program for you. Drop your questions into the chat at twitch.tv slash EFF live. We'll pick them up and respond to as many as we can. Please also note that EFF has a code of conduct. We want everybody to be kind to each other today, so please make sure you keep that in mind. So this series of live discussions look back at some of the biggest battles in Internet history, their effects on the modern web, and what they can teach us about where we need to go from here. And today we're taking a closer look at surveillance and the ways that privacy and its absence affect each of us and our communities. And I also want to talk a little bit about what it's going to look like if we get it right. So joining me today are three very special guests. First, EFF policy analyst Matthew Gariglia. Matthew's work on EFF's activism team focuses on surveillance and privacy issues at the local, state, and federal level. The folks at Ring can certainly attest to Matthew's effectiveness. He's an anti-surveillance activist and a historian of policing and his bylines have appeared in NBC News, Washington Post, Slate, Motherboard, and of course EFF's own blog. Thanks Matthew. And next up is our director of engineering for SIRPOT, Alexis Hancock. Alexis is the leader of EFF's SIRPOT and HTTPS Everywhere web encryption projects. She's an expert on digital freedom and on consumer technology and her latest research focuses on online rights and our digital identities in the age of COVID-19. Welcome, Alexis. And finally, you know, I'm pleased to welcome somebody who, you know, maybe you've heard of a little bit. His name is Edward Snowden. He is a former U.S. intelligence officer who in 2013 blew the whistle on the NSA's massive unconstitutional surveillance apparatus or as I like to call it, gave us standing. And as well as its other global spying programs affecting millions of ordinary people around the world, he is a best-selling author, a technologist, and a cybersecurity expert, and the president of the board of our dear friends, the Freedom of the Press Foundation, and of course a renowned model of hoodies and EFF stickers. Thank you so much for joining us, Ed. Thank you so much for barring all the time zones and being with us here today. It's really a pleasure to be with you tonight. This is great. This is actually the first chat where Ben and I can see comments from people. So I've read out there who's commenting live chat. Hello. All right. So today we're going to talk about surveillance. And I want we want to bring together a few strands of issues that EFF has been working on for a long time. And these strands are often separated in the way that people think about it, where we think about surveillance as a national security issue. We think about things that we call it EFF street level surveillance, like cameras that are all around us these days. And the technologies that help protect us against surveillance and counteract mass surveillance especially. So around the world, these involve separate technologies, separate bodies of law, separate law enforcement agencies and administering agencies. But to me, at the bottom, they're really all asking the same question of us. Is it going to be possible to have a private conversation in the digital age? If so, what are we going to gain from that? And how do we get there? If not, what are we going to lose if we lose the ability to have a private conversation in the digital age? And it's very much at play right now. And I also want to say that today we're going to focus quite a lot about governmental surveillance, but not as much about corporate surveillance. But if anybody tells you that you have to choose between the two of these or that one's more important than the other, they're kind of being phony with you. Truth is, that's because and Matthew's work really highlights this. The surveillance done by companies is both available to and often spurred by governmental pressure and incentives. There's a kind of what I think of as an unholy alliance between the corporate trackers and the government trackers at this point. The companies build technologies that have surveillance built in because they want to know everything you're up to and often sell it into a somewhat skeezy ad market or even themselves just use it to build an asset of customer information or simply cut corners around building technologies. I'm looking at you, Internet of Things people, but also because as we all know, they want to track us and target ads to us and that that has become the holy grail of the Internet and the governments love it too. It means that they can just go to a company and find out what you've been up to. They don't have to bother with pesky things like making sure you know that they're tracking you and they can use mass techniques like tapping into the internet backbone or sending a FISA request to Google or Facebook to search everything that they have. So these two things work together and anybody who tells you we only should focus on one or not the other or that they're not interacting, we have to pick between the two of them. They're really not dealing in an evidence-based world and I believe it's important that we do that. So this is why EFF has long pushed not only against governmental surveillance but for baseline privacy regulation around the world and it's why that we think it's a long time for companies to start thinking about you as someone they owe an obligation to. Lawyers call this a fiduciary duty. This idea that when somebody holds your data they need to have the same responsibility for it that your accountant does when they hold your information or your doctor does when they hold the information where or your lawyer when they hold your information that they have to be primarily responsible to you for it and they can't be too faced about it and and tell you one thing but actually do something else. So with that baseline of what we're going to talk about today we're going to talk to about 1245 and they're going to switch to your questions. So if you have questions go ahead and put them in the twitch stream and our team is picking them up and putting them in a place where we can get to them. So let's get right to it. Oh my goodness I got to get to the right page. So let's start Ed with you. 2013 you did a little thing and it woke up the world about government surveillance. I'm assuming that if you're tuning into an EFF live stream you probably know a lot about what Ed did and how it helped us but you know what's changed since then? What are the changes that you see from where you sit in governmental surveillance of the kind that you showed us all? So let me dial back just inch from that because there are a lot of people who are familiar with what I did but you know it's it's been like eight years now since 2013. Some of the people who are on the stream were like probably chewing on crayons eight years ago and for those who don't remember generally like there was a time when people didn't understand that everything that you did on the amendment was watched to the degree that we know is true today. Like there were many people who were spying on different things but it was like the company that was doing it was shared. There's only so much they could know is very limited. It was not clear that there was this very intimate embrace between corporations and government not just one government not just the United States government which was the one that was exposed but also many other governments around in the United States there was what's called the Five Eyes Intelligence Alliance which was the thing looking for countries around the United States, the United Kingdom, Australia, New Zealand and this was a very close intelligence sharing partnership to the point where they all had their sort of spy sensors on the internet that were watching communications as they raised this and just so you could conceptualize that for those of you who don't have that background. Just think for a second how is this stream getting to your laptop or your phone right from these people who are on different sides of the planet like how functionally does that work you know the internet is not made of magic the little app that you tap on your phone is not made of magic and you go well I'm connected to your Wi-Fi access point right or I'm connected to Lutinti surveillance. Yeah sure but how does that work and the reality is all of our communications today structurally the tech are intermediate by other people's computers and other people's infrastructure cables buried in the ground like cell phone towers that on a building down the street or satellites you know across the sky I don't know where you're at but all of these mediums are owned by someone it can be the starbox right that you're sitting back when the world was over and the idea is all of these different routes that you cross wireless access point that has to be connected to a cable somewhere right that five cable or the coax command of the wall and that goes to some that goes to you know Comcast or whoever your internet service provider is in the Comcast they haven't agreed with someone else they've got a big cable somewhere it goes to another service provider that goes to a fearing provider it's to a data center that goes across the ocean to another one to another one to another one that eventually lands in some place Russia where I am San Francisco or Cindy Cohen's or you know New York or something where you might be but in all around the world this giant meshed together net of many different providers you didn't know what was that you know communication hit the cable that goes out your wall or hit the radio waves as it exits your phone and it's the cell phone all of these lungs that you were riding across people who ran them were taking notes for communications and our communications were largely unencrypted which means they were transiting this network electronically naked right there was a time when everything that you typed in the Google search box not only was visible to Google which is still true but it was also visible to everybody else who was on that Starbucks network with you right it was visible to your internet service provider who knew this person who paid for this account search for this thing on Google Facebook and all these other guys anybody who is in between your communications could take notes and then what is still true today even as our communications become encrypted meaning they're sort of armored as they transit this hostile like it's like wearing clothing or you know being in a car that's got blacked out windows they can still see your communication moving across them but they can't see what's inside this is not true of all communications but it's an increasing large fraction except things like in switch most people don't send encrypted so the bottom line is no more it was being abused or rather our innocence was being exploited we didn't realize how hostile it was I came forward in 2013 and I showed things that not just upstream communications the kind of things that I described was happening but this slide which you may not see because it might be tiny but you can put your screen up what's called the prison program was where the government was working with and this is literally the NSA working with the FBI to go to Google to Apple to Facebook and say we want to see what's in this person's account and if you weren't American and remember I know we probably got a lot of Americans on the call but 95% of the world's population is not American they didn't even need a warrant for this they could just ask for it based on what they call a reasonable articulate suspicion which I was taught at the NSA just means a gut feeling that you can write down they could get everything that's in your account and for an American they could still get this information there's just a slightly higher legal thought that's so now what this means is your communications as they cross the wire could be taken by anyone just because they couldn't was there anybody who was getting information about you these big corporate silence you internet who know everything you ever clicked like on Instagram every link that you've ever read from Facebook and so on and so forth they had these giant dossiers which were becoming increasingly perfect records of our private lives sharing so Cindy asked to wind way back from the history lesson since 2013 since we learned these many of us learned those of us who were paying attention that this was happening what's changed I'll see the funny thing about how priests work in open societies at least in theory is we can't collectively decide on a response to a problem until we agree on what the problem is until we know what's happening and the most important thing that's happened since 2013 is the people now know we are being exploited right and awareness of what's happening has risen and what this means is we can start to respond bit by bit it takes a long time some of these require technical solutions some of these require legal solutions which means they require political solutions and this is why we have groups like the EFF right if you're not a lawyer if you're not a politician if you're not an activist if you're not a lobbyist or whatever you're not going to be able to influence the policy process normally but maybe you can help the EFF or the ACLU or some other group and they can do this over half they can help move forward and this has really changed EFF ACLU many different organizations around the country have been suing the government and forcing them in court to prove their programs are the full and then just a few cases in the last few years which in courts are finally sort of raising an eyebrow what the government's doing and going y'all are violating constitution or as courts like to do because they don't like to jump straight to the unconstitution thing they say you have violated the law and you have likely violated the constitution soon enough we'll get to the point where they say you have violated the constitution but you know this courts always act like 10 years playing as late what happens in that intermediate period well what people like you do maybe install a different app maybe you stopped using Facebook right maybe you change your behaviors maybe you don't take the phone with you if you go a certain place where you didn't be cracked right maybe you start using an encrypted message or something like Sydney instead of using something that's less secure like SMS and this is the idea is when we think about this problem of surveillance on the internet there are many different problems there's communications and transit what we describe before that hostile path where all of our stuff was naked well as we encrypt it they become more difficult to see into mass surveillance becomes more difficult so everybody starts trying to spy through your cheat room so what's that that's going to companies but then what if you make sure these companies have less information about by using sort of peer-to-peer communications or things where the company doesn't hold information that they can see this is so called zero knowledge encryption now they can't get information to the same degree as it crosses the internet they can't get the same degree of information from companies you have protected yourself to a greater degree that's great everybody else what about not you know everybody who's a specialist and this is where we're going there are still so many problems and we're still fighting to fix them but you know we're not there yet there's so much work to be done well i really appreciate you calling out and explaining about this kind of pathway that things go on because that's an area where we really we've really taken great strides and alexis i'd love for you to talk a little bit about surpad and the and our role in in basically encrypting the web because it's it's it's one of the bigger changes and i think it doesn't get the attention that it it it does because you know policy people likes talk about policies but let's let's let's talk about the tech a little bit yeah so just yesterday actually checked on a benchmark that said that most web traffic is encrypted above 95% now which is a great deal of news so it's a huge change yeah yes it's leaps and bounds from 2013 right and 2015 was a turning point especially since major browsers like chrome started to input messaging saying that hey this site is not secure and sites started to scramble and say hey how do we do this and that's where a cert bot steps in where it's a free open source software that we have at the EFF that we work on to actually automatically supply free SSL certificates or secure certificates for traffic right in transit automating it for websites web servers everywhere and they've issued many millions of certificates by now and just let me jump in for a second here because for those people in the chat who aren't familiar with like what is a certificate why why is the EFF issuing certificates right like it's not like a paper certificate all the encryption that we're talking about for web traffic this big change that she mentioned we're up at 95% now is because of the issuance of these kind of security certificates as they're called which is really just a way to make the idea of public key encryption more legible what is public key encryption look it up and work again right on youtube but this is the way all of your communications are protected and this is work that uh uh alexis and the EFF doing your communications are more protected because of these issuance of security certificates yes um security certificates um help basically keep data private in transit um so you'll see in your url browser you'll see HTTP and that was the norm for a while that's where it started and in HTTPS you can look at the s as a secure part right and once you see that happening in your browser you know that your data is encrypted in transit so that way it can have a layer of protection over what exactly is traveling between your request and that website server so that's like more of an explanation there but i'm really happy that now that we've had such more benchmarks according to you know the the monitors of like chrome and firefox saying that it's around like 95 percent and up on web traffic now firefox just last year put in a HTTPS only mode in their browser um other browsers also offer default HTTPS as well and there's other browsers that are starting to do things like keep the protocols of today around tls the protocol that takes HTTPS there's other things happening as of course where mixed content blocking that's more in the weeds of what you know things happen where you'll have an HTTPS site a secure site but they may be unencrypted links on the page so so blocking that things of that nature so certbot helps automate those certificates for the website which creates that little padlock that you'll see or HTTPS in your browser and being able to use tools like that really really helps along where it makes HTTPS the default it helps makes HTTPS just work in the background for people and so i think it's one of those things that don't get talked about a lot is because of the fact that it's becoming more of a normal process now it's not as many arguments against HTTPS as it used to be used to be performance problems it's going to be too hard to deploy on our users but now we've all seen that that's not actually the case and going forward there's a lot more accessibility to actually do that and certbot and let's encrypt help make that a thing yep let's encrypt and HTTPS everywhere really they're the pieces of this that you don't see and you shouldn't have to see unless you're setting up a website um but they give people the same kind of security that you know nobody sells you a car without breaks nobody should sell you a browser without security um let's switch gears just a little bit um and talk about the kind of you know what we call street level surveillance ordinary surveillance that people are are are are having in their day and i want to bring matt into this because this is really uh his his area of course ed chiming as we go but you know what are some of the pieces of surveillance that that you know we also may not see but that are really tracking us every day and and why does it matter yeah i mean i think as we said earlier i think the the boundaries between not just private and public surveillance are blurring but also between federal and local surveillance um with things like fusion centers which are really merging all the information that can be collected by local police and sending it up the chain of command to the federal government but if if you are living in the united states that you are likely walking past or carrying around with you street level surveillance everywhere you go and this goes double if you live in like a concentrated urban setting or if you live in an overpolice community and so you're likely to drive past automated license plate readers which are going to photograph and record and timestamp your car every time you pass by a camera uh private and public security cameras um and this is where it gets a little tricky because you know even if it's a internet of things uh doorbell camera that you put on your door uh police can get a warrant or they can request from you or from your neighbor that footage or here in san francisco we have business improvement districts as many cities do which put up their own semi-private semi-public security cameras as you think so what so the store knows I come in but the thing is that police can often often rely on uh this these this footage to request and to bring warrants and a lot of the manufacturers of this street level surveillance technology are counting on it as part of their marketing because they've seen that police make very effective marketers and so if they build a special interface that police have access to they are more likely to go out to the community and sell it to stores or to homeowners associations to put up because they know they get the benefit of having private surveillance that is readily accessible to them without having to go through the bureaucratic loopholes or having the city pay for it themselves their facial recognition shot spotter which are these microphones in cities which supposedly can detect and record supposed gunshots although now there is increasing speculation that they have a high rate of false positivity for fireworks and car backfires and the reason why all of this matters is because on the one hand they trigger more police interactions and as we've seen especially with communities of color with immigrants work-class communities police interactions often have violent outcomes and so if a shot spotter misfires and sends police armed police to the site of what they think is a shooting there is likely to be a the higher chance of a more violent outcome if they get there and then the kids who are shooting off firecrackers encounter these armed police who think they're going to a shooting and this is the same for false positives on automated license plate readers and facial recognition which police claim is just an investigative lead right it's just giving them a lead that they can follow up and investigate but too often police get a supposed match and they go out and they immediately arrest that person without following up to see if they were even in the city of the day of a supposed robbery they're following up on and the other way this affects communities is that when you put any community under a microscope like some cities are under in terms of just constant street level surveillance on every block via geolocation tracking or facial recognition or automated license plate readers police are going to find a reason to arrest and harass people because a majority of what police do every day are not finding serial killers and terrorists they're ticketing people for jaywalking and they're arresting people for jumping turnstiles at the subway and so if you put any community under the microscope that these over surveilled communities are under you're going to find a reason to arrest harass and and ticket people and this provides a statistical problem because surveillance is part of the self-fulfilling prophecy because the more you surveil people the more you're able to ticket and harass them and then the more the numbers look like that is a high crime neighborhood in need of more surveillance and policing and so this really disproportionately impacts communities of color vulnerable communities and communities that are already overpoliced yeah and and of course if you had machine learning onto that you doubled down on the on the targeting so it's one of the things that that we all I think hopefully have learned to this point that you know slanted data in even more slanted data out of most machine learning systems so and what do you think about the kind of the kind of opening up of I think more and more awareness and more and more surveillance at a kind of a hyper local level yeah I mean look Matthew talked about things like automated license plate recognition and we've got all these cameras everywhere that are now networked those are being increasingly analogs not necessarily at the local level but you know frames get sent when there's object recognition that's done locally that goes this looks like a face why don't we send that face back to membership and when you've got a time stamp indicate that this person was at this location right or this face maybe we don't have an identity but then we see the face pop up somewhere else then we see the face pop up somewhere else then we see the face pop up somewhere else and three years later you have you know a perfect record of this person's anywhere that they interact with commerce to where that they interact with a developed area maybe it doesn't have you at your home but the minute you turn on to the interstate your license plate gets on your state and you drive three states over you don't even have a phone with you but your car turns off here and they know you want this place to this place general and then you go to the local you know you enter the parking garage guess what some of the platen now they know here where you're at and the whole idea is should we compile records that are so comprehensive they're filled by so many units you know this isn't like we're not talking the CIA here we're talking about any company with enough money to pay a data broker to go look we just want the firehomes we want all the stuff that you get or at least the ability to query these cases because you know we don't even care what it is you interrelate it with something else we saw this license plate show up outside our store at a strip mall and we want to know how much money we want to know what neighborhood we want to go you know is there a public record that this license plate you know is associated with this house on for example like in google street this type thing because they're starting to blur those now but that wasn't was the case uh can we put this through an image search was this license plate photograph anywhere you know put your license plate number or picture in the back of your car into an image search often sometimes you'll get results and when we combine this with faces when we combine this with the presence of your phone because remember your phone is starting with a lot of identifiers too if you have it super locked down it's starting off bluetooth beacons it's telling facebook for example what kind of wireless networks are you because you know how your phone always you pull down that little lamp shade menu and it goes oh which kind of wi-fi at access point do you want to connect to if you're not at home maybe if you're at home well those are a proxy for location because you know all these wireless access points they're radiating over the year so these can be mount and they are meant the people's app from your phone just report this and if you location services enabled at the same time you have this and in some operating systems you're pumped to have location services to sort of interact with these kind of by access points you get this uh location information then they have a gps fix for all these wi-fi networks so then when someone else has their gps turned off but they are able to see wi-fi networks they still know where even with gps terminal and then you turn off all the location sensors on your phone but the cell phone network still know where you're at like we talked about before like how does the network you dial a phone number and that phone rings wherever it is on the plane instant how how does the network know where you're at when you got location services turned right you know when you have wi-fi turned off when you have bluetooth turned off when you have gps turned off but you're still connected to the network right well you're registering to the nearest cell phone tower to you saying here i am here i am your phone is constant screaming out of the here i am here i am is there a cell phone tower that hears me and the cell phone tower goes i hear you you create a handshake and then whoever owns that cell phone now enters you into a register it can be a home register if that's where your frequent in the network can be a visitor register to your like often but then they share this upstream the phone globally knows where all phones are at the ponds that's how they can signal to each other wherever you are right and location services doesn't turn that off because it can't turn that on and it shouldn't i mean i think that this is where we you know we we started off talking about how you know there are technical issues there are legal issues there are policy issues technically i want my phone to ring no matter where i am i i you know that that's like one of the great benefits of modern technology i mean some people call it a curse but that you can get a phone call no matter where you are i want that to be it and so that's an area where rather than technical there may be some technical things we could do but fundamentally we need legal protections and the good news is the supreme court is actually started recognizing that you know that that that just because you're out in public doesn't mean that there isn't some agglomeration of information or information over time about you that doesn't trigger a warrant requirement now that's that's some some starter pieces but but that's an area where to me like when we think about all the tools in our toolbox the the technical tools are a little probably they're not going to get to the place where i don't think where where the company doesn't know where your phone is because there's some ways why we want that to be but the legal protections can make sure that the company is very limited in what it can do with that information especially when the government comes knocking um so i want to um i want to shift a little in the last well we've got a little more time i wanted to talk a little bit about covid because we're in covid times and a lot of the work that alexis has done especially but i think all of us have done at EFF is trying to balance you know the needs of this pandemic um with the concerns about surveillance and and the recognition that um i think as ed knows well things that you do in the moments of crisis they they don't just go away right like you you have to think carefully about what you do in a moment of crisis especially around surveillance because here we are in 2021 and we're still trying to stop some things that got implemented right after the september 11 attacks that don't have much utility anymore i think it's fair to say um so um so alexis let's talk a little about covid and some of the surveillance concerns we've had and and what what what you guys on the on the EFF team especially have done to try to mitigate those so we've been tracking some things um ever since contact tracing kind of came on to the scene and i think the baseline i've been trying to do in our research is to find out where technology can and can't help and when is technology being presented as a silver bullet for certain issues around the pandemic when it technically should not be um when people are the center of being able to bring us out of this right and health and access to health care so one of the things was contact tracing and the other part that's become more recent is vaccine passports or digital credentials really that are being proposed as solutions to present if you're vaccinated or not in different contexts and the context we were worried about was the scope creek so we already do have situations international travel um schooling um educational institutions where we present that we're vaccinated or not in certain contexts right and those systems already exists but what these proposals were were um presenting our context that don't exist currently um presenting if you're vaccinated going into a grocery store presenting if you're vaccinated to access public services and that is when we started to step in there and talk about okay what exactly are we trying to solve here and are we actually creating more barriers for people to access everyday services um and being able to actually access health care in a way that makes sense and storing your medical data with private companies who want to present private solutions to other private companies um doesn't necessarily deem a solution so we wanted to be able to actually talk about that and with contact tracing we had parameters up right to actually have privacy in mind first and foremost because of the fact that you know if if you want to contract contact tracing to be effective it has to be widely adopted right in order to be wildly adopted you need people to actually trust it and people don't trust it it won't work um so that's one of the things that we've had happen and actually kept track of and then with vaccine passports most of the solutions don't talk about what happens after all this is quote unquote over we don't know what do we do with that data what is the data retention policy um well the context of digital credentials of medical data be expanded we don't know and we don't and that is the actual problem that I actually have is the long-term consequences that can happen out of this you mentioned 9-11 we've had entire institutions created just from 9-11 um so when we treat everything as the bad guy in the room and protecting us from said bad guys when we're creating permanent solutions that actually affect people that we were technically saying that we were um protecting and saving and keeping secure and safe we have the dhs we have is we have all these other institutions that were created um out of that time of fear and we don't want to create more institutions that are permanent and cause digital barriers and cause more um detriments to everyday citizens out of fear um we should be creating digital solutions that help one of my main things is keeping technology in a way where and creating technology technological solutions that are actually helpful um I'm actually personally tired of technology feeling so nefarious I make a phone call I make a text and all these different vectors are are able to attack me at all places and I'm personally very tired of that I want technology actually work I love technology and there needs to be people in place to actually think about it when they're actually creating new solutions and ask themselves is this actually helping humanity if it is not then you need to halt that process and not build that out and we're hoping that with digital vaccine passport solutions that they actually halt and think about it before they actually deploy something else that will need to be worked out and fixed and I don't think the pandemic is a time to roll out experimental technologies like that that's a great great response I just want to follow up on because you know Lex is like I couldn't agree to be more um I think a metric that we we we stopped asking ourselves in in the United States which is really sad relative to you know when I was young uh you know when I was in school and the teacher was being frankly to dick um kids would say reflexive it's a free country isn't it and it feels like people don't say so anymore like Matthew what you were talking about with local policing and all these things getting into us uh Alexis what you were talking about with more and more increasing layers of commissioning more and more dates that we have to walk through in order to go to the store in order to travel in order to get a job we have to prove ourselves and prove ourselves and establish ourselves the satisfaction of cool to a government to a corporation to some kind of institution to a person again and again again whereas it used to be when it was not possible to know as much it was not required that we established as much of ourselves and this is something that you know I've been struggling with a lot because when you talk about privacy to other people it comes off all very abstract and strange but you know we as Americans even if it's wrong even if it's a false invented history even if it's like national myths they are things that for a lot of us we believe whatever because Hollywood told us because we watched a show and like it felt right you know we're we're the good guys were wonderful and a lot of that frankly is wrong but the idea can still be true and what is liberty today is it being able to install whatever app you want right is it being able to choose whether you want facebook to screw you or whether you want google to screw you liberty is freedom from permission it's being able to act without having to ask and what happened to that when we begin to intermediate every connection that we have every you know connection to a relative to someone we love to to a friend to the pizza store with a sheet of glass right that we we stare into that glows in our face that we paid for but doesn't really belong to us because it doesn't answer to us because increasingly uh we don't control it but it controls us it says you know send this you send this take sure you send back your permission you send whatever and we have to answer this or have we become more free in the last 20 years or have we become less free and if we become less free why is that and what can we do about this the city brought up something you know very interesting in the beginning this idea of a fiduciary duty and like it sounds like this crazy legal term like fiduciary banking or something like that but think of what it does if you go to the hospital and the doctor you know knows everything about you you know they they know the size of your feet and they've got your medical charts they're not supposed to sell them the Nike he's not supposed to send you coupons for a certain size shoe but you know with the internet with all this data collection technology everybody is using this probably very personal information they get to effectively build billboards outside your house if your doctor did that if your lawyer did that if your accountant did that you know we we would burn burn their office down why do we accept that it's okay here maybe the city right maybe we need to establish a fiduciary duty uh for these guys in legislation assume what we do for every other class that has privileged access to information about our lives maybe we say this data doesn't belong to them and maybe this data belongs to us even if they hold it if it's about us we aren't or we should be our devices you know they they force us to click these user consent agreements you know that end user licensing agreement signing up for our county that says click okay to continue and if there's not like choice like no thanks like some of these things you want to install the app you have to agree you in order to get a job and to pay your bills in order to buy a car like tests have these things on more and more cars you have to agree more and more things whether they are cars whether they're computers whether it's your phone you have to click okay to continue and if you must do something it's not consent it's not a choice we're being given the illusion of consent and all of our laws all of our politicians are pretending it is equivalent to the font but we don't have to go along with that honestly questioning that is i think but a huge part of the fs1 because it's been that's why i'm really glad to be having this conversation with you guys today is to say thank you oh thanks well back at you it's so so great to have you as i told you this before it's so great to have you on our team ed and you really are and um there's let's let's go to the questions i promised everybody but um i do have a final question for everybody that i'm going to get to at the end and i want you to all to think about a little bit which is you know give me give me i will want a couple points from each of you so what's the world going to look like if we get this right what's it going to look like let's let's let's let's let's go around robin i want you to think about it and because we got some user questions but i will ask this at the end and i wanted to give you a chance to know because this is really where i'm focused a lot right now i feel like um and some of this is of course you know my job is to tell you is to you know help run an organization that tells you all the way that is that you're being tracked and all the ways that things are bad and all the fights that we're in and i feel like we need to at least take a little moment to talk about what the what this is going to look like if we get it right because we're going to get it right that's my job that's our job we're going to get there and so we need to start thinking about envisioning that but let's get to the questions from our because we have a lot of them we will not get through all of them i apologize in advance my crack team is pulling them out of the um thing and and organizing them the first one is um uh obviously facial recognition and it's from icarus redux uh obviously facial recognition is a hot button issue these days with cities taking up initiatives to ban its use by governmental entities but facial recognition is something that necessarily piggybacks off of pervasive video surveillance um irrespective of the inheritance bias of of algorithms what emerging technologies or collaborations of technology do you think pose the biggest risk towards mainstreaming that a city state national or international level um matthew i'm going to go to you first because i know you're so deep in the facial recognition fight yeah i mean i think one of the startling things is just how casual and easy to use the technology has become i mean you have um police officers or drones or you know even robots to some extent equipped with this with this technology who can just like whip their phone out on a protest scan over the crowd and like get the names and faces and everywhere where their faces has appeared on the internet before um and this technology has become it's become casual it's become ubiquitous you don't need a warrant to use it often oftentimes police enter into agreements with these companies without permission from anybody oftentimes these companies will market it with free trials directly to the officers without even going to administrators um so i mean i think i think the the big fear is that you know we're going to reach a moment where a drone can zip over a crowd at a protest and every single person in that crowd can be identified their social media accounts can be linked to their photograph and that really opens up people to reprisal and retribution from the government depending on what they're protesting especially what you're protesting is the police who are surveilling you and so i think you know the the real concern about this technology is just how ubiquitous easy to acquire easy to use it is and how few um regulations there are and how to use it which is why EFF advocates for banning government use of face recognition and why so many cities have taken the step to do it yeah and that's this is a good time to mention the electronic frontier alliance which is the network of groups across the country um that are really taking this local and if any of you are either members of EFA groups thank you uh if you're not and you want to join one or start one in your group let it go because you know a lot of this local work it really you know EFF is happy to support but it's it's the local people showing up um at the board of supervisors or or the state legislatures or county that really makes the difference and demonstrates to lawmakers that this is something that really matters to the community so um let me go to a next one because this is directed to ed it's our zubary uh edward thank you for joining us constitutional protections are extremely limited and somewhat suspended at the border uh airports etc um fourth amendment and first amendments respectively um that being the case how can we enforce the government to protect our digital privacy at the border and how do we pressure the legislatures into pass the necessary pending bills that will in fact protect us it's a great question i mean uh the primary question is how do we pressure legislators to do anything um the sad reality is uh when you look at the way our system functions today it's really not function this is not searching for me this is like academic journals political science that are studying the system that uh say if you look at all of the uh different ways you could interpret the u.s political system is currently working it's either dominated by economic elites which mean you know like the CEOs of companies and whatnot are the ones who are able to effectively get their will represented in congress and laws passed uh or by a sort of a plurality of interest groups uh you know these could be corporate these could be non-governmental but it has to be a very sophisticated sort of institutional effort in order to get congress to do anything and i mean if you look at the history of u.s legislation the last decades you'll see it doesn't really represent the public interest and this is very clear you simply look at public polling room and then you look at the legislative history of the issue and you see they they don't align um i don't we fix that i mean this is like a laurence lecce kind of question uh you need structural reform to the way our politics work changes in campaign funds to make sure that it's not just uh very rich people who are the only ones that it's worth the time for a congressperson to pick up the phone to listen to um but then beyond that there are and this is another question within the chat that i saw come up uh i i think it was valker from germany just now uh said you know do i see like open source software um or non-proprietary software is like a primary response to this um and the answer of course is yes you know i might say free software um free is a freedom not free is a beer but the idea here is there are the avenues that the system provides to us uh for us to sort of appeal for the redress of grievances uh this is sort of like the proper chance uh argument whistleblower that says go talk to your boss you know talk to your management go talk to senator um and they'll fix everything what if they won't what if they quit well i believe we have the name also the responsibility to to provide and create new systemic avenues to providing for the common good who weren't presented to us uh creating contributing and using free software is a way to uh sort of pursue this but it's not enough and this is why organizations like the eff are so important like even if not you're not uh even if you're not part of you know that interest group eff is the kind of organization that can at least try to provide us some kind of so we're not completely ignored but remember that that's not enough there's what you can do maybe your developer maybe you can use these tools maybe you're interested in technology you know a little bit about it maybe use these tools maybe you're not but there's probably something else you can do something else that i don't know you can do right uh it might be something that you know you can do but if you care enough if you look enough uh into these things if you investigate if you have a curious moment you will find these things make a difference we all can individually and also collectively yep thank you oh that's such a great call to action and of course eff uh our tech projects are open source and we're always looking for volunteers um our efa groups and other groups are doing a lot of this work and when it comes specifically to the border eff and the aclu have a piece of litigation uh in that where we won tremendously in the district court we lost horribly in the first circuit and now we're asking the us supreme court to take on um to vindicate your first amendment and fourth amendment rights at the border so you know we're going to do the activism we're going to do the technology work and we're going to do the legal work because you know when people ask me you know which of these should we do and the answer is of course always all of the above and as end points out you need to look into your own heart to figure out where you best fit in trying to help make the world a better place um but everybody has a thing that they can do to help be part of this movement um i just want to underline that cindy had a much better actual answer to the question there on board is we're taking it to the supreme court so it's a team it's a team effort my friend um one other question and this is one that i think it will be great for for folks to hear this is from j paul cv sp surveillance culture given the ever-increasing sophistication of granular surveillance at scale isn't the eventuality of living in a world without anonymity ultimately inevitable if so do you think it will still be possible to balance power between governments and the people and how would a potentially threatened democracy begin planning for this eventuality more oversight and regulation so are we you know is this is is this uh you know privacy is dead get over it is that the the the place where we we need to be and i want to i'm gonna start again i'm gonna start with matthew on this because i know you think about it a lot and then we'll we'll go around yeah i mean i i think first of all i i don't think it's inevitable i mean i think there is a looming backlash that we see at the street level at the federal level of people who have had quite enough of you know as lexers are saying how exhausting it is that that tech is is betraying you that uh that you are noble all the time and seeable and that these things have consequences um especially for criminalized population so i mean i think there is a coming backlash but i also think that there is an alternate future in which being knowable is not as scary as it is now if there is actual uh a trust and a feeling of benevolence between citizens and government um that like uh you know centuries of criminalization and and racialization have have created a system in which you are afraid to be knowable by your government because it is such a punitive institution and so i think both uh that future is not inevitable um but if it is there is a way to imagine that future that is less scary oh that's great because you segued into my last question anyway which is how do we imagine a better future lexus do you have anything to add sorry i had to unmute myself um so i always tell people during my security trainings that you know no technology makes you a ghost online none of it even the most secure anonymous driven tools out there nothing makes you a ghost on the internet and i don't think that um it comes down to necessarily your own personal burden like you're not burdened alone when it comes to that feeling and i think people can relish in the fact that there's actually a more collective unit now that are noticing that you know that burden and is not yours to to bear right so there's that um far as like future um as far as our privacy goes is going to take you know firing on all cylinders like cindy said with activism technology and legislation it's going to have to take all three of these parts and what i tell people is just don't just know that there are people fighting out there that do want to make a better future for you when you are presented online i always tell people to do a power analysis of what's going on with whatever technology that they are using if you feel like your isp would rat you out you feel like your phone would just rat you out do you feel like AT&T or whatever telecoms communications that you're using will rat you out start targeting the power analysis in your life in that way and i guarantee you there's somebody standing there fighting i i guarantee it that once you start looking on who's fighting you'll find them and it's a really corny thing to look on but i always go by a quote where it's like you know if you look for darkness that's all you'll oversee but if you look for light you will often find it and yes that is from an animation called the last airbender and it's very corny but that's something that i live by when i do my privacy work so that is something that i usually do and look to when i do tell people um to not necessarily just lay all arms down and stop fighting somebody is still fighting and i guarantee there's something you can do to help them oh that is so great okay and we've got three minutes left you get the last word on this okay uh i'm not gonna promise i'm gonna hit three minutes but first but that was a great quote that was a great show i know it's amazing that you quoted that on stream um uh i just want to respond to like what math you said earlier to get to this like the question is basically like uh isn't it true that nobody cares and uh whether it is or not you know can things be better and first of all i think it's not true it says you know nobody cares so many i think they feel like they can't do anything you know i've i've given like talks about this in all kinds of audiences and i always get some ancient charlie rose looking moderator at like you know these like type conferences very serious people know it isn't true young people don't care about this you're like no no it's not true and when i give the same line in front of an audience of an older generation and a younger generation without privacy younger people have a stronger response younger people understand the intrusion of this because they've been earned by it they have a dumb friend who put something that they shouldn't on their facebook timeline or tagged them in something that shouldn't or they know someone the same way they see the charlie or at least they can understand but they feel and probably lead quite rationally that they can't the the thing is this raises the question like does it have to be the way we talk about like facial recognition cameras license plate readers like these biometrics are being increasingly collective what we do about them you can't change your face you can't change your fingerprints right like you don't really get to change your license please leave that's the whole reason they do that it's the same reason all of these are your phone numbers it's paying to change your number they're trying to get ways of tracking difficult costly for you to change when we talked about permissioning before like all these companies seem to do this stuff when new technology comes out like they buy all these you know facial recognition standards and whatnot they want answer permission we talked about a permissionless world these institutions these corporations their government in these governments they live in a permissions world our world is increasing unfree and mission does it have to be in particular when we're talking about data collection we're talking about digital surveillance i think what we need to do is we need to think about what the weaknesses of the system has a current disease what are the points at which it could possibly fail right what are the principles that the operation of these systems of main surveillance of bulk collection or whatever you call them the presumptions these systems make uh that they need to be in order to operate what ones those presumptions fail like on the corporate prong here we're talking about things like um the fact that mass surveillance is a practice is legal in many cases it's lawful they say you agreed to this because you clicked okay to continue even if you didn't read the agreement even if you couldn't read the agreement even if there are studies that show if you try pouring all these things in a year that shows you don't have enough time so it's not going to be that legally retrieved as if you did there's not possibly a way in which you could agree you couldn't even read these agreements and then if we move away from corporations right to governments we're not talking about what's legal because in the words of Henry Kissinger you know they said the illegal we do immediately the unconstitutional takes a little bit longer they do it because mass surveillance is cheap uh it's very simple it's very easy to do at scale could we make these capabilities unlawful corporations and could we make them costly for immigrants i think in almost all cases the the answer is yes and if like Alexa said you know you you you're looking around for other people living in the US and the rare place you find somebody not doing anything about it the answer there is the person that you're looking for is you you can and should be first right when i was at the NSA wearing an eff hoodie by the way remember they can't do this work and these people like you contribute um you know i talked to my co-workers i talked to my colleagues i showed what was happening which they didn't know because they didn't have the need to know and it's like nobody was going to do anything about it because nobody felt that they could do it but the reality is any once could do it only we dare to drop and sometimes the person that you're waiting for is you oh well there are there's no bigger mic drop moment than that one let me tell you um thank you so much for this conversation i want to thank and oh we got a lexus back that's good and alexis and matthew for joining us today i want to thank everyone who considered continued to who contributed to our discussion in the chat and who did such great questions and all of you watching around the world um it's it's you know frustrating to be in covid times but honestly this is an event that we probably couldn't have done at the scale that we did if it weren't in covid time so we look for our little silver linings where we can get them um this is eff's 30th anniversary and i am duty bound as the executive director to tell you that our movement to protect rights and freedoms begins with you eff has led the charge for privacy free expression and innovation for over 30 years and counting and we need your help to keep up the fight as ed pointed out so generously if you haven't yet i encourage you to donate to eff today and to become a member at eff.org slash 30 um and that's all the time we have today thank you all for joining us and i hope that you'll continue these conversations about freedom and technology with your colleagues and your friends and your loved ones wherever you are and thank you so much and we'll see you at the next dff 30 fireside chat thanks everyone thanks so much and thank you guys for all the work you do and thank you everyone in the chat for joining us to stay free