 Hello, my name is India McKinney and I am the Director of Federal Affairs at the Electronic Frontier Foundation and so we are going to talk about the coming war on encryption part three and how you can fight back. So thank you for being here, hopefully you're in the right space. So before, just going to time myself here so I don't run out of time, alright so before we get started I want to make something a little bit clear which is that I am a political hack. I am not a hacker, I am not an engineer, I am actually not an attorney even though I work for EFF. I have spent ten years in Congress, I started as an unpaid intern and I ended as a legislative director for a member of Congress from California and so what that means is I speak the language of Congress and I have learned to speak the language of EFF but it is definitely still a work in progress, it's not something that I am particularly fluent in but that means one of the things that I do well is I know what Congress is going to hear when you talk about these issues. When we talk about these issues here, it sounds different than what Congress hears and if that sounds like foreshadowing that's because it is. So we're here to talk about encryption but the story doesn't actually start with encryption. We're going to start talking about FOSTA-SESTA which was FOSTA is an acronym that stands for the Allow States and Victims to Fight Online Sex Trafficking Act and SESTA is the Stop Enabling Sex Trafficking Act. These bills had nothing to do with encryption but they had everything to do with protecting kids from bad people on the internet. It was a carve out to section 230 that was going to make platforms liable for some of the content that they were hosting that could be related to promoting or facilitating sex trafficking. And we obviously at EFF, we super hate this bill. Some of the biggest players in the tech space didn't want to be up against the kids sex trafficking bill. They didn't want to come out. They thought it was bad PR. They thought, I don't know what they thought, I don't work for them. They didn't want to come out and fight that fight. So we were fighting it along with some other folks in civil society because we could see what some of the downstream effects for making platforms more liable for content on their platforms was going to do to free expression on the internet. We fought super hard. We did all the things that we do at EFF. We had blog posts. We had action alerts. We sent emails. We sent newsletters. I spent a ton of time in Congress talking to people directly and I had staffers come and say to me, we totally get what you're talking about. We think this is super important. We'll be with you if it comes, if we do this again with terrorism, but I just can't tell my boss to vote against the kids sex trafficking bill. I just can't, politically, I can't tell my boss to do that. And the thing is, as a former staffer, I totally get it. This was new in my career at EFF. I hadn't been that far away from working in Congress. I couldn't have told my boss that either. Section 230 was a new issue for me. I had never heard of this law that founded, I'm going to use the internet all the time, but I'd still never heard of Section 230. Nobody in my 10 years in Congress came to talk to me about Section 230. Nobody came to talk to me about free expression on the internet. It wasn't a thing, it wasn't a problem. So when this bill came up and all these people are talking about these terrible things that are happening online and these victims can't get justice from these terrible platforms that are exploiting them and doing all of these terrible things and we have to hold these internet platforms accountable for these terrible things that are happening online, members of Congress are like, yes, that sounds reasonable, we should do that. And so we fought very, very, very hard, but only fewer than 3,000 people, EFF is a member supported organization, we have about 30,000 members. We had a bunch of people read our blog posts and our actions, but fewer than 3,000 people took that action to send a letter to Congress to say that this is a bad bill, don't vote for it. So it passed. Once it passed, a whole bunch of things happened. People took various parts of their website down, Craigslist closed entire sections of their website, WordPress took people off the platform, like many different things happened, downstream effects and people all of a sudden realized that just because they weren't sex trafficking, because they were good people, they were normal people, they were regular people, obviously the sex trafficking bill won't affect me, turns out it does because the platforms in trying to reduce their liability didn't just take away things that were related to sex trafficking because that's a little bit fuzzy, content moderation is really hard. They took away things relating to sex. They took away things related to dating profiles online. They took away things related to just adult content and because according to someone somewhere, queer content obviously equals sex content, they took away a lot of queer content. And so in the years that followed, we had a whole bunch of, like if we would do ask the EFF, besides at deaf content at other places, we always had really angry people coming up to us and saying EFF, why weren't you there? Why didn't you stop this? So my response was always, I was literally there in Congress shoving our one-pagers under the door of the cloakroom when the vote was being taken. Where were you? Where was your email to your member? Where was your message on Reddit about this bill? Where were you? Because people just weren't there. So that is relevant. You fast forward, there's a bill called EARNIT and the way that EARNIT is structured, it is a bill where an unelected government commission is convened to create best practices for the Internet. And if you don't do these things that this unelected commission decides are best practices for the Internet, you lose Section 230 protections related to child protection and all these other things. So it's the same playbook as Vostasesta. That's why it's related. It's the same message. It's the same, we're saving the children from the dangers of the Internet. It's the same, it super worked in 2018, we're going to try it again. Only because of the unelected commission and some of the people who are on the commission including the Attorney General, including the Secretary of Homeland Security have this super long history specifically as relates to going after CSAM and other child abuse materials of wanting to come after encryption. They don't like encryption because they think encryption directly leads to the exploitation of children. They have said this publicly. If you're around for crypto wars two, you know that they said it publicly. If you're around for crypto wars one, you know they said it publicly. They've been saying this over and over and over again and they haven't stopped. So when we read this bill, we realized that this is using the language of Vostasesta to go after private messages and encryption. And so we happened to receive leaked bill text, we got a little bit lucky, we happened to receive leaked bill text so we had time to do our super deliberative EFF process and figure out what we think, figure out what a message. And so once the bill text was publicly leaked, we were ready to go. We hit publish, we had an action, we had a whole thing. And because we had these two years of the impact of Vostasesta, the Internet was now paying attention. These messages, even though I'm not exploiting children online, this message is going to directly affect me and how it impacts how I go about the Internet. People were listening, people were aware, people were engaged. And also because we were able to publish as soon as the bill got introduced, they never got a positive news cycle about, oh look at all these things we're doing to protect the children from the evils of the Internet. We were ready, we were there. Every news article I saw that quoted the sponsors also quoted us or one of the other civil liberties organizations that were working to oppose the bill. So they introduced it in March 2020 and it ended up passing the judiciary committee because of complicated procedures that we can talk about if you want to, but I'm not going to bore you now. But we got about 50,000 people to write into Congress in that time period saying, don't vote for Ernett. Don't do this. And that's huge. So it passed the Senate Judiciary Committee, but then nothing happened. And so the thing with like that when nothing happens, bills don't die like that, especially after it passes committee. It can always show up on the floor. It can get added to a must pass package at the end of the year. Things can show up, but because 50,000 people had already written in about it, that lowers the chances of those things happening. Because if it does get added to a must pass package, I mean the definition of a must pass package is that it must pass. So if you have that many feisty people in the world saying do not do this and they're willing to write to their senators and their members of Congress about it, you don't want to add that to a must pass package because you could actually lose votes and then you have a whole different problem. So in 2022, they were smarter this time. I sort of, I was expecting this because this is a zombie bill. It's forever undead. Congress is a two-year process so it comes in on an odd year and then reconvenes, you know, we have elections and then the next January they start. So all bills die at the end of a congressional session. So then they start back up again. So I was waiting for this bill to come back and it didn't for a long time, but I didn't think we were in the clear. So all of a sudden, at the end of January, the bill both got introduced and it was announced that it was going to mark up in the Senate Judiciary Committee at the same time, which means we had less than a week to figure out what we thought about this bill, how this bill is different, and to mobilize people to tell their senators that this bill is still a terrible idea and you should not do it. In six days, 10,000 people sent emails to members of Congress saying this is still a terrible idea. You should still stop this. What are you thinking about? And so again, you know, messages continued to pour in after that and I'm just talking about EFF numbers. I don't have access to other friends in civil society and the stuff that they're doing, or if people just do it on their own and they don't go through our action center. I don't have access to that. These are our members, EFF members who did these. So slightly less than 40,000 messages were sent in less than a month about this. So again, EARNIT never receives a floor vote because you have this many people who are willing to take action about this in this small of a time frame. The people are engaged. The people are interested. The people are listening. It's a bad political move to do this. So great job. However, so it's complicated. So the way the mechanism works in EARNIT is the commission says if you don't do these things, you lose section 230 protections. So one of the things is if you don't have a back door or if you don't allow to have law enforcement have access to the message. It's a little because the commission hasn't convened yet. They haven't written their messages. We don't know what it would exactly look like. We do know the public statements of the DOJ, DHS, and many other law enforcement officials. And more recently, Senator Graham and some of the other senators, they do not want private messages at all. They think private messages creates a vulnerability for law enforcement. And if law enforcement can't see any of the messages, that's a problem and that needs to be changed. That's been very public. So I'm not making that up. I don't know exactly what that would look like, but I know what the goal is. So I want to break down, so those numbers that I showed you in the last slide, I want to break that down a little bit more. So one of the things that happened in the markup, because it still happened in the early February, late January period. So these are five senators who were willing to speak out publicly against this bill that is supposed to protect children from online exploitation. And so this is a really, really big deal in the language of Congress. These members are willing to say publicly, this is a threat to the queer community. This is a problem. This is a badly written bill. There are constitutional problems. I would like to see amendments before the bill moves. We want to specifically fix the threat to encryption. And I'm just really concerned about this bill. So where I have access to it, I've put the specific numbers that we know that those offices received through our action. Fun fact, in the process of trying to find out these numbers, we realized that there was a problem with the Senate API and some offices don't actually let you click through with the EFF action process. We've worked on that, but it's not perfect. So this is just, it doesn't take much. I mean, Senator Booker, New Jersey's not a particularly large state, but Senator Booker received fewer than 1,000 messages, but in a week period, a week-long period, saying this is a problem and we would like you to do something about it. And that's what it took for him to have the grassroots support to raise concerns about this bill. So he's continued to raise concerns about this bill because he knows this is something that his constituents care about. And so these are things, like they are listening, but it requires numbers. So now we're in the current year. So not only is Earn It Back, as it always will be, this is a zombie bill. It is a forever-undead bill. I am confident that we can kill Earn It every time they put it up, but we have to kill it every time. It's going to come back every Congress for the foreseeable future. This is what they want to do. The sponsors of this bill are true believers in this bill, and they really want to see this happen. But in addition, because Earn It has run into some challenges at the procedural level, the chairman of the judiciary committee, Richard Durbin, has also introduced another bill called Stop CSAM, the Strengthening Transparency and Obligation to Protect Children Suffering from Abuse and Mistreatment Act. Doesn't that sound like a thing we should all support? So again, this is a little bit of a section 230 carve out for civil claims against online platforms for injuries involving CSAM, and it specifically allows the use of encryption to be introduced as evidence of facilitation of illegal material. There's also some mens rea things that go along with that. But again, the target is clear. It's a little bit more clear, actually, than Earn It. They get at it a little bit directly, but the target is clear. And so in addition to that, initially, the Cooper-Davis Act, S1020, didn't target encryption. Instead, it was an ECPA carve out that specifically said if a provider sees that one of the or a platform sees that somebody has written materials related to fentanyl, related to fentanyl use or sale, they have to send that person's IP address identifying information directly to the DEA. So the DEA can investigate whether or not they are smuggling fentanyl and doing whatever. That includes all uses of fentanyl, including legal uses of fentanyl. So if you're a cancer survivor, if you have had a baby, if you're a medical person, if you're a policymaker talking about the fentanyl problem, all of that would still qualify under S1020 and have to be reported to the DEA for them to do an investigation. In committee markup, they added language to this bill that would put facilitators, make facilitators liable if they deliberately blinded themselves to the content that was happening on their platform, which, again, means encryption. The sponsors of the bill say they didn't intend to mean encryption, but the intent of the bill does not matter. The words on the page say you deliberately blind yourself. And if you cannot see the contents of the messages because it's end-to-end encrypted and the providers cannot see the contents of the messages, then you have now deliberately blinded yourself. So now encryption is on this bill, too. But I think it's also important to talk about that because it's not just about content of your private communications, it's everything. Like, this is part of the message about it's not just about encryption anymore, it's about all of the messages and it's about the ability to have a private conversation. Earlier this year on Valentine's Day, a little gift from the Senate Judiciary Committee to, I think, me personally, there was a hearing called Protecting Our Children Online, and they had a bunch of hearings, including a parent of a child who committed suicide after online bullying. Somebody from Nick Mick and a former New Jersey cop. And one of the things the former New Jersey cop specifically said in his opening statement, which I watched again this morning just for you, is, which I didn't pick up on the first time, is that law enforcement should be able to see all of the messages and he specifically called out TOR as a problem. And this is a problem for law enforcement that they're not able to do the investigations that they need to do in order to protect children online because private communications are happening clearly from bad people with malicious intent. If you are using encryption, if you're using TOR, if you're trying to have a private conversation, you are clearly hiding something and it is law enforcement's obligation and it's Congress's obligation to support them to go after those messages. And so they'll say a lot of the good stuff after that about like, we should have a warrant and there should be a process and there should be blah, blah, blah. But at the end of the day, what they want is to read all of your email, to read all of your texts, to see all everything. No private messages. Side note, the US Patriot Act is also a free authorization at the end of the year, so we'll talk about that later. I mean, later, later, there's no language. So that's the current landscape of what we're talking about. And so currently, all three of these bills have passed the Senate Judiciary Committee. And again, it's a procedural thing, they've all passed unanimously, but there's no recorded vote. So in theory, they could be on the floor as early as September. And there is a really good chance that one or more of them is going to be, unless. A lot of people have still written in about earn it, not as many people have written in about stop CSAM because it's new and because it has a much better title. How can you be against stopping CSAM? We had a very terrible, terrible meeting with Senate Judiciary Committee staff, specifically about the stop CSAM bill where we were raising our concerns, both about encryption and about all of these other things. And one of the staffers said to us, well, we understand that encryption is important for safety and security, but if you make encryption like 8% less secure and it makes law enforcement 40% more effective, isn't that a conversation we should be having? So I reported this back to my engineering colleagues at EFF and watched their heads explode because yes, this is a conversation that we have had before. Yes, there is no way to do that. Yes, we just can't do that, except that's not the conversations that's happening in the DOJ. That's not the conversation that's happening in Congress right now. And some of that is because, I mean, the DOJ is not going to be educating people about Crypto Wars 1 and 2 because they lost. It is totally in their best interest to be like, we've never had this conversation. Isn't this super reasonable? We should totally just throw a client-side scanning and it'll be fine, don't worry about it. It's in their best interest to do that. And so when you're a congressional staffer and you weren't alive for Crypto Wars 1, you weren't paying attention for Crypto Wars 2 and encryption has always just been a thing that happens. The internet has been encrypted. You've had iMessage on your iPhone. WhatsApp is a normal thing that you do. And if you're a cool kid, you use Signal. It's normal. It's just a normal thing that happens. You don't think of it as something that's under threat or under attack. And that's the thing that has to change. So now we're going back to the foreshadowing. This is where the language barrier actually starts to matter. So when talking about this, when you're a scientist or an academic or a technologist, it is hard for those people as a group to say things are absolute. If you've seen the movie Oppenheimer, there's actually a part in there where their spoilers, they're talking about, are we gonna blow up the entire atmosphere by doing a nuclear bomb? And so in their theory, there is a almost zero chance that it could happen, which means it's probably not going to happen. But theoretically, there is a possibility that this could happen. So they have this whole academic debate about this whole thing. And me over here is my little policy self. I'm like, so you're saying there's a chance? And so again, they actually do say that to a political person at some point in the movie and they totally freak out. And I'm like, yes, that is the appropriate reaction. But for the scientists, for the theoreticists, for the academics, they understand what they mean when they say almost none. The same thing is true with academics when you're talking about encryption. Is there a way that we could make a special backdoor that only can be used when the attorney general has the special key that he keeps taped under his chair and only uses in the most extreme best circumstances when the president says it's okay? There's a non-zero chance that we could come up with that someday. And so when you're talking about it from an academic or a scientific context, that makes sense in context, but politicians hear that and they think, so you're saying there's a chance. And so what they don't know is all of the other contexts. I don't understand how encryption works. I know that it works because my colleagues who I trust tell me that it works. And we've had a lot of conversations about end-to-end and client-side and I believe them because they're very smart, very hardworking people. But I also sort of believe that it's magic fairy dust. And I think so does Congress. So if it's already magic fairy dust, why can't you make the magic fairy dust do the thing that you want it to do? Why can't we find a compromise that keeps everybody safe and secure? Because members of Congress love signal. They love signal. Why can't we do a thing that lets them keep their signal but also helps us arrest the bad people who are exporting children? Where is that compromise? That is the political way. That's the political language. So I can't say because my academics won't say, my technologists won't say, that is not mathematically possible. What they say is it's probably not mathematically possible, which again means members of Congress hear, so you're saying there's a chance and I just need you to nerd harder so I'm gonna pass a bill that incentivizes you to figure it out. A year ago we were not talking about generative AI. Now we are. Who knows what it's gonna be like in a year? I need you to nerd harder to figure out a solution to this very real problem. That's what they hear. So be aware of that when you communicate or you write or whatever. So you have to figure out a way to provide the whole lot of the context so that they're not thinking, so you're saying there's a chance. So this leads to what you can do about it. Obviously the first thing that you can and should be doing is voting. Making sure that both privacy, whether it's communications privacy, whether it's data protection privacy, whether it's any of those things, that is something that if that is important to you should be a part of how you vote. More important than that, can't believe I'm saying there's something more important than voting, but more important than that is communicating to your member of Congress that you care about these bills in particular. And the way it works is you get one call or email per issue. And it's not useful for you to call and say I'm India McKinney and I want you to support encryption. They don't know what to do with that. What they need is I'm India McKinney, this is my address, I want you to oppose, earn it. I would like a response. I'm India McKinney, this is my address, I would like you to oppose the STOP-CSAM Act, I would like a response. I'm India McKinney, I would like you to oppose the Cooper Davis Act, this is my address, I would like a response. For each individual issue, you send one email, you make one phone call. And if you're really feeling extra spicy, you get your friends to do the same thing. Occasionally, things that we write, our action alerts, get posted to Reddit and Discord and some other things. And they kind of go a little bit viral and that's how we get to those super huge numbers, like the 50,000 numbers or whatever. I cannot overemphasize how unbelievably useful that is. EFF is a very strong voice in this particular community, we have a point of view, it's very specific, it's pretty consistent, but people can sometimes tend to drown us out because they don't think that we're actually people. Your friends know who you are, they know what you think, they know what you do. And so if you say to your friends, this is really important, I think you should look into this and send a message, that's how we get those multiplier numbers. It's the multi-level marketing scheme of political action, but it really, really super works and so we need those numbers. We get 20,000 emails or phone calls on one of these issues, we can keep it off the Senate floor and we can keep beating it back. But you do have to do it every Congress. You can't say, will we beat Earn It Last Time? Why do we have to do it again? We have to do it again because Senators Blumenthal and Graham are going to introduce it every year and if we get tired, if we walk away from our computers, if we decide to stop caring, they're gonna push it through. They truly believe in this cause, they are going to keep pushing, so we have to do the same thing. So currently, this is EFF's Action Center. So if you go to act.eff.org, that's what you will see. So this is a handy-dandy little shortcut. If you don't want to talk on the phone, you can just click these buttons, it'll populate the thing, it'll send it through. There's links in there, you can share it with other people. Again, this is enormously helpful. We do not collect any of your information so we will know where the email goes, but we don't know who sent them. We have no idea. We believe in the privacy ethos, we don't track you. Privacy Badger would block that anyway, so we don't do that. But all of these are either related to encryption or other bills related. There's also the Kids Online Safety Act, which doesn't include encryption, but is about content moderation. So if you don't want age-gating on the internet, you need to be against COSA2. So that's what all of these are. But if you don't want to click through EFF's thing, because you don't believe us that we won't sell your information, there's this phone number. 202-224-3121. This is the general number for Congress. You call this number, a very cranky woman will answer the phone. You say that you want to be connected to your senator, she will patch you through. And so again, you say your name, you say your address, and you say I want you, the senator, to oppose this bill, I would like a response. That is how you get into their database, the Constituent Management System, CMS. They keep track of who calls, but they have to know that you're a constituent and they have to know that you're a real person and they have to know that you're not calling about the same thing 15 times. Just like you get one vote per election, you get one vote about this. So it's much easier, or it's much better use of your time if you get 15 friends to make 15 phone calls than to do it 15 times yourself. And if you don't like talking to people, you can totally do it after hours. They have voicemail, the interns check it every day. Sometimes it fills up, so that's a little bit of a risk. But again, if you don't like talking to people, click our actions, they're really great. So again, sharing the actions to groups that you're a part of, like-minded people, friends, coworkers, that is one of the biggest and most important things that you can do if you actually do care passionately about protecting encryption and the ability to have a private conversation. Spread the gospel. Like we have to talk about this and we have to be publicly talking about this because I do actually think this is a real threat. I have heard rumors that the FBI is currently putting together a spreadsheet of investigations that have been stymied because of encryption. And they're going to present that to some of their law enforcement friendly colleagues in the Senate and the House in the hopes that they will again push legislation that creates liabilities for platforms and companies that provide encrypted communications. This is not a threat that is located only in the US. The EU and the UK are also looking at similar things. There is currently a bill in the UK where Apple has said that if this bill passes, iCloud and iMessage will no longer be offered in the UK because it directly goes after encryption. This is a real threat globally. And this is a thing that we have to work together in order to beat back. If every person here at DEF CON sends an email to Congress or to their elected representative in their home country, we can make an unbelievable difference. It doesn't take that long. It matters in the aggregate. If we all do that, we can stop these bills. If we don't, well, I have job security, but I don't know that I can do it on my own. And so that is all I have prepared for you. I wanted to leave time for questions. And so if you do have questions, I do have a little prize for you if you have questions. So the question is Australia passed a backdoor law and how does Australia pass that? So the question is how do you enforce an open source project? So there's different mechanisms for that. And I'm not familiar with Australian law. I know that the United States doesn't so much care about Australian law. So the open source project may not be allowed to exist in Australia, but I honestly don't know. You'd get sued or you'd get prosecuted by law enforcement, depending. So a lot of these bills, so the thing with both earn it and CSAM is it allows for civil claims. So if you have been harmed by somebody who texted CSAM over an encrypted server, you as an individual were allowed to sue the company for damages that also allows for class action suits against the companies for damages. So if you're, and so the concern is like what Apple said in the UK is rather than deal with that type of liability, we're just not gonna offer this product. So now the product is just by the company the product is no longer offered because they can't take on that liability. Or they choose not to take on that liability. Which makes sense. I can't blame them. You can get your sticker, by the way. Oh, so that's a really great question. Could we do the same thing on the other side, put a list together of all of the investigations that were not stymied by encryption? Well, you know, I don't know that we need to do that. I mean, January 6th happened and a lot of those conversations happened over Signal and WhatsApp and law enforcement still got access to those messages. And a lot of that stuff is public. And so I mean, I don't know that we need a list, it's in the newspaper, to balance. So yeah, so for public opinion, the thing is the public likes encryption. The public likes privacy. Anytime you poll privacy, it's like 97% of people are pro-privacy and I don't really understand what the other 3% are doing. Yeah, thanks. So I don't think we need to worry about public perception. It's lawmakers being concerned that people like us are overblowing the risk. And so it's not actually as bad as we say that it's going to be. And no, no, think of the children. So yeah. So there definitely are some people who think client-side scanning counts as regular encryption. So they're saying that, yes, it totally can be done. You should buy my product and do client-side scanning. There are people who are saying that. Yeah. Yeah, so the question is what happens if the open-source project is hosted somewhere else? That's a really tricky question that I don't really have time to fully get into, but the, that's a really tricky question. So data doesn't necessarily live in one place, even with open-source projects that are hosted in one particular place. There's the whole shrimps thing that is happening with where does data actually live? And so again, Congress doesn't really have a concrete idea that data has a specific source. If you have US-based ties, we're going to go after you. If you are in the US, prosecutions, I mean, it depends. It's, I can spend a lot of dystopian future scenarios and I would just really like to avoid all of that and not pass these bills. Like, let's focus on the goal. So yes, yes. So Apple's saying the thing about we're going to pull out of this product, like that was an incredibly useful messaging tool and I will say that, continue to say that until I'm blue in the face. But we have to be a little bit careful about how many international examples we use because they don't vote in US elections, so we don't super care. So let me get back here. So that's a great question. What else can we do if we do the Action Center and we recruit a lot of other people to the cause? I mean, a lot of, it's about to be an election year. A lot of members are going to have town hall events in their district, which are free and open to the public. Going to those as a physical person, going to those, going to the telephone town halls and asking questions about those. You know, as a staffer, I can tell you that we got memos from the boss about like who showed up, what questions were asked. Like those tallies are kept. And so, especially if you bring a group of people to these in-person events and say this is a thing that's really important to us in the community, what are you doing to protect it? That is kind of huge. It takes a lot of work. They're very boring, but it's huge. Well, they're gonna spam you. So they're gonna, they're not legally, they're not allowed to sell your information, but they're gonna respond to your concern and then they may send you other things about other things that they're doing that they think are related. Yeah, so I've actually heard that too. Like it's actually not a big deal if we pass, stop, see Sam and like signal goes away in the US because you can still side load it from like Russia or whatever. And it's like cool. So you're telling me that I should get my 81-year-old father to side load a weird app from Russia and we're cool with that? So like, yes, it doesn't solve the problem. The problem is encryption off the shelf protects people. Standard encryption, device encryption, message encryption, the fact that like iMessage comes standard encryption, the fact that WhatsApp is free and easy to download and supported, same with signal. That is a huge thing that goes for the privacy and security of normal regular people who are not gonna side load weird apps from weird countries. Like if you have a vested interest in making sure that law enforcement can't access your stuff, you're gonna go to do these weird side things but that's not the biggest threat. The biggest threat is regular people. Identity theft went way down. You can look at the FTC's numbers. Once Apple started doing automatic off the shelf full disk encryption, the numbers of identity theft plummeted because if somebody stole your iPhone, now they can't get into it, they can't get your Facebook, they can't get your passwords, they can't get your bank, they can't get everything. Full disk encryption, I mean, they did one thing and it radically changed the security of quite a lot of people. So yeah, having it be available in the App Store or whatever the Google Play thing is like, that's huge. And once you take that away, it's gonna impact people like my dad, not like the actual criminals. Yeah, yeah, yes. So the US State Department and the DOD are also variant pro encryption. I actually have a college roommate who's a foreign service officer and before she went overseas, she made us all, you know, our little group chat, she made everybody move to WhatsApp because she wasn't allowed to communicate with the sudden non-encrypted platforms. And so again, that's the type of thing where like active duty service personnel will have access to encrypted platforms but I don't work for the State Department, they can't provide me a mechanism to communicate with my friend except that it's off the shelf and it's free and it's supported and so now it works. So yes, the DOJ and DHS are super anti encryption because they want to read everything. The Pentagon and the State Department are very quietly, I mean, they have said some public things in favor of encryption like they required diplomats to use signal after one of the massive leaks where people were talking trash about other diplomats. It's like, do that over signal and like, but that was the sort of thing that kind of flew under the radar but it's explicit in the briefings if you have a friend in the military and they're about to deploy, it's explicit in the OPSEC briefings before they leave, don't put stuff on Facebook, put it on WhatsApp. Like if you have to communicate with people, do it on WhatsApp, do it on signal, do it on iMessage, don't email it and don't put it on Facebook. That is actually part of OPSEC. We'd like them to be more public. They don't do that. They don't really want to call attention to the fact that they like to have secret conversations. So yeah, yeah, I can't hear you, I'm sorry. So again, I really only know United States politics and United States procedures so I can't help that much but I will say that a lot of the stuff that we have written about encryption, the politics part not so much but the actual substance, please feel free to use that and share it with people and educate people. I'm completely Congress-based, I'm so sorry. So I'll get you, but yeah. Yeah, yeah, yeah, no, it's absolutely true. So there is definitely bipartisan support for getting rid of encryption and there's bipartisan support for encryption. So there's a huge contingent of current House majority members, the Freedom Caucus, who are very opposed to letting the FBI read their messages or have access to any of their communications. There's a whole lot of progressive Democrats that are also very opposed to letting the government read a whole bunch of their message. If this is not a partisan issue, all of these bills that we're trying to kill are bipartisan. The opposition is also totally bipartisan. It really comes down to whether or not you have the grassroots support from your constituents at home to oppose a bill that says stop CSAM. That's really what it comes down to. I mean, the encryption is not so much the issue, but like if you take a stand against encryption and you lose your election, that's hard. You need to know that people are going to show up to support you taking the position that you want to take. Elections actually do matter. Grassroots support actually do matter. Politicians actually do pay attention to the things that people are writing and emailing about. Absolutely, especially in the House, especially right now. A lot of elections are decided on very thin margins. It's super, super matters. We are close to time, but yeah. Yes, so yes. So when we were working on an antitrust bill here in Congress last time, there were some conversations about how does that impact encryption? How do you do encryption with interoperability? How do you work that out? And so we had language that like we had worked with the sponsors and to like not have that be an issue here. We have colleagues who do the work in Europe and in the EU and so I know they're having similar conversations over there. And so it's very similar language that we're suggesting. There is a way to do it, but it is something we have to think about. EFF is pro-interoperability and we are also pro-encryption and we think they can coexist. Yeah, oh yes, thank you. Yeah, so the Electronic Frontier Alliance is groups of people in various places across the country where they are independently organized. They work with us. There's like bi-monthly meetings or something where we all share information and stuff like that, but it's local people who organize with themselves to focus on issues in their areas. So again, I'm the director of federal affairs. I really only focus on Congress because they are keeping me quite busy, but there's quite a lot of stuff that is actually happening at the state and local levels that is hugely important. Local city, local groups have gotten a couple of different cities to ban the use of law enforcement use of facial recognition, for example. Like that is a huge thing that we can be doing. So there's a lot of EFA groups that are all across the country. I'm happy to connect you with my colleague Rory who would like to tell you a whole lot more about that. But if you want to do more, that's another thing to do more. I should have thought about that. Thanks for saving my job. You can start one. Yeah, you can start one. Rory would like to help you with that. Rory at EFF.org. Anybody else? Well, thank you again so much. Thank you.