 To welcome to the annual DEF CON convention, this meeting was held in exciting Las Vegas, Nevada from July 9th through the 11th, 1999. This is video tape number 14. Last couple of years, DT has arranged to meet the FED panel for the Black Hat boothings and take place immediately preceding DEF CON, unless you had such a good turnout of FEDs for both Black Hat and DEF CON. We decided to fliggle the mentors sitting up on our panel interacting with all of us. I will tell you also, I know that at least one or two of them went through quite a struggle in getting this cleared at the highest levels of government to be here with us. So first I'd like to introduce you to each of them and give a little history. Probably the most interesting candidate we have here on the panel today is Agent Jim Christie. Raise your hands if you've heard of Jim. Jim was the lead agent in the Handover Hacker case. And if you haven't heard of the Handover Hacker case, then there are some books back there in the room that you can take a look at. On my right we have Phil Loringa, who is with headquarters, Office of the Secretary of Defense, Secretary of the Army, Information Systems Command Control Communications and Computers. And if you put one more word on there, I'm going to run out of breath before I say it. Basically Phil is, I believe, the senior most civilian managing information security programs for the Army. And on the far end is Jeffrey Hunker. Jeffrey Hunker is with the National Security Council, and he is the senior most person handling information warfare, information security issues. So we have a pretty weighty panel up here, and I don't mean that as a bad thing. So without further ado, what I would like to do is go ahead and open the floor to questions after Jim starts off. He's got just a small presentation. I told him he has ten minutes or less, and you can throw him off the microphone. So we'll let Jim start with that. Okay, I'm going to start it off. I'm Jim Christie. I'm a criminal investigator with the Air Force Office of Special Investigations, and I'm detailed to the Department of Defense. So I can't do anything without a slideshow, so this was major teeth pulling here. So basically it's us versus some of you, but I think you guys are outnumbered here. So you say you do it for the challenge, the intellectual challenge, and you don't do harm, and you're just bringing attention to a particular problem. I think it's bullshit, okay? So if you really wanted a challenge, you would have our jobs. You. Okay, are you on this side or us on this side? Your targets, if you're on that side, your targets are unlimited. It's only limited by your imagination, where we have to protect everything from you. You don't have to play by the rules. We do. We're limited only by your imagination again. We're limited by constitution, statutes, treaties, ethics, morality. Absolutely. Bullshit. Just ten slides of this, okay? You can attack whatever you want. We have to protect ourselves 24x7x365. We're not in here. Forget leap year, okay? You can stop attacking any time, and we still have to protect all the time. The government, the budgets haven't gone up, so we basically have to do with what we've got. So now we have a whole new mission area to protect these damn things, and we're having to cut other things, maybe social programs. We're thinking about that. My mind is that whether it's the government that you hit, or whether it's a private company that you hit, it all gets passed on to everybody, and you're all going to pay one way or the other. Plus you had a major head start on us, because you're smarter than us. So our seniors didn't go up with this technology. We don't understand it, so we're just learning about it. So you guys have been out there developing techniques, and the technology is exploiting and proliferating, and we're just recognizing it's a prominent, and now it's huge. And so we're way behind you guys. You guys can align yourself with anybody, whether it's acting along, joining a group, multiple groups, criminal organizations, terrorist organizations, and nation states, and we have to protect against all of that. The motives are all different. We already talked about challenge, that's bullshit. You can just be malicious. You can be the same kid I grew up with that went around shooting BB guns, shooting people's windows and light poles out. The only difference is that now you put national security at risk. So you're curious. There's all kinds of different reasons that you give, but we still have to protect everything from all those different motives. You don't require major resources. Try protecting everything. We really have a major challenge to protect against everything. You can be anybody from the ankle-biter to that nation state, and the problem that we have is that we can't tell the difference until we trace it back to where the little sunbushes fingers meet the keyboard. So we have to run every case, as if it were as a nation state or a terrorist organization. It's not that we target ankle-biters. They're probably the only ones that we can catch. We have geographical boundaries. If you think about law enforcement agencies, what we have jurisdiction for, it's always based on geography. A city, a county, a state, a country where cyberspace has no boundaries. And, you know, transcending these boundaries and the rules that go along with those boundaries make things really difficult for us. And you could be singularly focused on breaking into a particular system. We have other competing priorities, espionage, murder, terrorism, all these other things, to protect you and, you know, most of all, protect your rights. So in the old days, the challenge was not to get caught. That wasn't much of a challenge. But the government is starting to light all the start and to twinkle a little bit. And so it's going to be a little bit more dangerous for you. And you don't want to jeopardize your future employment, your security, and even your freedom. So join the good guys, you know? It's not like we don't need the help. Okay? And, oh, by the way, the last slide, you know, hey, we got a major problem coming up with Y2K. Don't kick a cripple. It just stirs your patriotic feelings, doesn't it? Please. On that note, let's open the floor for questions. Can you please stand up and speak up really loudly? You guys are technologically in control for some of the state networks. Do you agree with the government engagement that's happening as far as making even attempts at hacking or breaking into anything illegal and not breaking into anything even if they want to take an attempt to shoot something? And actually, I'm not the one that will pay that Y2K. Doesn't that make you feel like there's been one point where people are actually pushing the state secrets and wishes to act? It's a question. I'm sorry about your question. Well, do you want to turn this question over? Yeah, what exactly was the question? Your turn. Your turn is attempting to make the attempt to break into a system illegal and have criminal consequences. Litigation meaning that somebody could sue you? That litigation is what you sue for several purposes. You need legal, like, prison. I've been in my 39-50 years just trying to change my thinking. Sit down. Play an English here for the crowd. Can everybody hear me? I'm not familiar with the litigation you're referring to. I do think it's important that we protect privacy rights for all Americans. And that is an important part of what makes our nation what we are. It's an important part also of why there's a number of terrorist groups and there's a number of nations out there that are starting to look at cyber-attack as a means of hurting us. And I'm for everything that's going to protect the rights of Americans to be secure with the information that they've put into trusted hands, whether that's going to be information they share with their employer or information that they share with the government. And if protecting those rights means making the job of people who are breaking illegally into systems harder, I think that's a good thing to be doing. That's all. The internet goes to the government preaching that it doesn't take responsibility that they first start personal information on the internet or it's putting responsibility on people that are exploring personal information on the internet. That was a very good question. Basically in summary he said, does the government consider personal responsibility when you place information on the internet for securing that information, correct? Or is the responsibility for the insecure placement of that information in the hands of the groups who are able to export the vulnerabilities that are there? What I would say about that, the analogy I would make is you shouldn't punish somebody for not walking into their house and going through their file cabinet, but still for illegal entry and violating their rights. I think part of that is an education problem. People think the internet is secured. This is a whole different group. You guys understand what goes on, it's a party line. Whereas most people don't understand that. They think they're on the telephone. Guy in the red stood up first. My question is that all these activists inside the U.S. from and other countries in the U.S., if there are a lot less, we're just still getting busted tonight. Ask the international panel of government experts that will be here next year. I had a question. It's kind of the same question as mine. There are a handful of people around the United States that are certainly most of the sides of the U.S. and the U.S. are here. So that was sanctioned by the government to do that. It's such important. So what is the cost of the amount that we have for political reasons? What is the ground for that? I think that was interesting. As ethics and morality as your slide showed, it greatly increases and happens and decreases a lot in other countries. Not only in the United States, but real morality, ethics, downright feelings for actors go down to a point where an agency will be developed that will be slowly bent on finding instead of passing and punishing actors who will actually evolve in their actions. Let's look at this as two separate issues. The first issue, which was a very valid question, was what is the difference in endorsing activities against countries that were actively involved in hostile actions with versus the government's response to our own citizens conducting such activities? Was that basically a question? I'll take a crack at it. As for the reports about what did or did not take place in Yugoslavia, I can't comment on that. I don't know. Can either of our other panelists comment on it? Mr. London? No comment. I do defense. But there's a second part to this, which is there are other nations out there that are actively developing cyber-attack capabilities aimed at the U.S., and you can find in the public record officials in China and Russia. I know nothing. I think what he's saying is that they're building organized cyber-war capabilities. Is that what you're saying? No. I'm not aware of any of that. Jim? I actually hope we're doing that. You know, we use cruise missiles and we should use any technique and tool available to us. We used a lot of cruise missiles in Yugoslavia, but I didn't want you guys to have them and use them when you want them. Do you have a little one? Yeah, look. Eventually, you'll figure out how to build them anyway. Let me get a crewman in here. Bill has a comment. I don't know how well this is working okay. It is. For years, when your parents were growing up and I was still in high school, we were talking about an arms race and we were talking about the Cold War, the countermeasures and measures. I submit to you that today we are in an arms race. The arms race today is a cyber arms race. It is cheaper and sometimes, I guess you could imagine, more effective to keep a ship from leaving port because you have found out the navigation system, then it is to let that sucker sail and blow it out of the water. It is just a new weapon. We're very concerned that those capabilities that are being developed out there by kiddie scripters and other folks will eventually be picked up and realized what kind of value it could actually be. When that value is truly realized, we're not talking about replacing somebody's webpage, we're talking about killing folks in that we remain very concerned about. Yes, we are in arms race and it is on today. In the back. In the back. Yeah, this is Petty. I'll go through many things as far as increasing their money. Just to give you some insight to what you need to do, join the community and be able to increase their money and be able to pay for the Cold War, and see what's going on. What's up? Want to take this? I was distracted for a second as I was handing the... More money. Yes, more money. There is more money. There's a lot of money. There's more money. There's three major new threats that have emerged over the last eight years for Americans. There's a lot of technological weapons and you've heard about the concerns about anthrax. There's the concerns about using radioactive and radiological weapons. And thirdly, there's a concern about cyber attack. I deal with cyber attack. It's a real threat. There are real nasty people out there who are developing capabilities armed, aimed at the US. And the federal government has dramatically increased that's a billion. It'll be a billion and a half this next year. We expect quite a considerable amount going forward. A lot of that's going to be in R&D. A lot of that is going to be in training and education. Frankly, for some of the people out here, for information security. Not your head, yes. That's all. I think for once to address that. Let me see if I can address that. Beauty is in the eye of the holder. You've heard that. Reaction to an action is also very similar in this extent. You've had a couple lawyers talk to you guys today talking to you. In essence, they may not have said it, but they're talking about the development of case law. The need of things that are going on today for prosecution and so forth. No one's ever done it before. Not sure what the account measure to the measure ought to be, as I mentioned. But if you think about some of our other countries on this planet, the way they counter hackers, we bring you back to a story not too long ago from China. Two hackers busted into a national Chinese bank, ripped off $37,000. They were caught. You know what their punishment was? They were shot. Tonya, that's perhaps so. Do we do that in the United States? And the answer is no. I don't know if any hacker is going to go out and kill me. So are you saying that we're still in the transition period trying to figure out what an accurate punishment is? I think that it will be a number of years before we have case law that is as standard as burglary crimes are today. I just have one comment. How many out here have gone to jail for hacking? Not a whole lot of you, huh? So, you know... They're in the pub suites. Did you guys go to jail? No, they just have a class. That's the world on a full-fledged problem. And I have to say, on the good side of it, I'm not on your side personally. I can't say the reason why I can't say who I want to go to jail for. That's because I have seen many friends who don't get hired for security, go to jail for extended periods of time, Now, at least, I don't know what you think of any of these people who are illegal. They may believe that they're outside of the rest of the law. But, just a few months ago, I had found out a very annoying group of strategies that were made in the town of the Obligionist. And the process I found may not have basically been accessed to a very broad, very important level. And I had to contact the administrator there, and A, I had to tell him, I had to convince him not to tell you about it. And the reason for this is because the Obligionist was curious maybe a little bit. And we're in another band of bringing down anything that I do with the government. The government says that the Obligionist and the Obligionist have been in prison for years, when all of the Obligionist is moving around like this. And I, well, I had to remember not to try to stay with the Obligionist, but it was all part of it. Unfortunately, I guess learning is because I know you Obligionist. Comments? Yes, I have two important comments to make about that. The first is that, as was pointed out before, with the growth of the Internet, with the growth of electronic commerce the way it is, case law and societal norms about how we treat this is an evolution. And it's not the government that sets and determines that. It's going to be a combination of congressional, state action, and individual decisions by courts and by private plaintiffs in terms of that. And you have to be part of that process. We don't set all of that. We don't make it all up. It's a process that involves all of us, and it certainly is a process in evolution. I don't claim that the current case law and the current laws that we have for protecting electronic communications, privacy, and information security are perfect. They've changed. The technology has changed, and we have to recognize that we're in evolution right now. So what I would ask is, cut us a break in terms of saying, you the government are doing this, and recognize the fact that we're in a rapid transition, the Congress is going to be involved in this, the state legislatures are going to be involved in this, and a lot of lawyers and court action are going to be involved. Second point is, in terms of sharing information with the government, one of the things we're working very carefully on right now is to make certain that the sort of case that you're involved in right there, where you are tracking somebody down, and the like, that we have the mechanisms in place so that you can talk to us, or talk to law enforcement as appropriate, and not face the concerns about overreaction. It's a big issue. It's an issue we've never faced before. It raises a number of legal issues, both in terms of how corporations and lawyers look at it, as well as in terms of security, and how law enforcement looks at it. But we aren't working on that very much. I know it's not the right thing to do, but I don't want to set them to jail for four years again. It's real. That's it. In the back of the glasses. I'm saying that if someone wants to come to your side again, again, if you want to do, you're going to have to fight for it, and you're not going to be forced to do this. But how is it that he wants to do justice to you? Do you want to do that? Do you want to do that? Do you want to do that? Do you want to do that? Do you want to do that? Well, there are several different categories of folks that didn't violate the law and had the same capability that you had. The problem is, like, is scope. Like I said in a couple of my slides, you can work when you want. Our folks have to protect everything, which is a huge problem. And we have good people out there who have a good set of models. And what we need for you guys to do is before you get caught, before you cause damage and ruin potential job security in the future, is to come to our side, because you're going to get those same capabilities and you're probably going to get better tools. And you'll find out what the challenge really is. Okay. Money. Oh, my man. I understand you have got this decision involved in doing it this week. That's not what we get. I mean, if you want to do that, what part of this is driven by someone wanting to get and put them back in the jail? He basically said what part of this process is driven by getting a federal indictment under their boat? The indictment and the prosecution. I'm not a prosecutor. I'm an investigator. So my job is... See, if you paid $8.95 in advance, who could have heard that the Department of Justice got a black hat? And like I said earlier, when we start an investigation, we don't know who the bad guy is. We're not looking for script kiddies. We're looking for the folks who have Ken Carr's significant damage. So now that we've run that investigation, it turns out to be a 21-year-old. Should we just turn her back? I don't think so. The issue is, the question is, are some of the prosecutions just based off of somebody trying to simply get an additional prosecution or indictment under their belt? I'm going to answer that from the perspective of the National Security Council at the White House and the focus that we're putting on cyber security right now. And I'll speak from that perspective and the funding and the focus that we're putting on that. We're concerned about threats to our economic and our national security that are not individual hackers. They're not disgruntled insiders. They're well-organized, well-funded, malicious groups that are trying to destroy our country. There are countries and there are terrorist groups. I mentioned two of them earlier. You said China and Russia. Right. I've probably talked about this. China and Russia. Stand up. Long. Screw crypto laws. Let's go with Jeffrey Hunker on that from the National Security Council. Because we don't want strong encryption in the hands of terrorists. The comment slash question made over here is, don't terrorists already have strong encryption? Okay. The public doesn't have access to strong, non-existent, extroverted, and photographing systems. Does the government be insuring our privacy if we can't do it for ourselves? Could I have an easier question, please? Strong encryption is available to all Americans. The public key encryption and the key escrow proposals that have been made have the sort of legal protections to protect Americans' privacy rights. Go ahead. No, I think that's a great thing. Absolutely. But as soon as you violate the law by breaking somebody else's privacy, that's a whole different issue. To test products, to hone your skills on your own systems or with permission, that's great. And that's the kind of people that we want. Look at that. We've worked with systems. There are a few treaties at America. A number of other countries signed the West grocery world in intellectual property development nation. And it suggests that you should not reverse engineer something because I essentially see it as crap or not because if you want to trust them, you can't test because if you test to make a term that is faulty, and it's a circular cash 22 thing. And I have a question that actually says that if you goal this, actually not secure systems that you can trust, you know that you need to be the leader, but these people are smarter than anything else that the world has. If you goal this secure system which option you want, you want the systems to be just tested by your own controls or allowing problems, misconfigurations. You want your own citizens to test them if they're not going to screw them up. They're not going to just going to test them and provide them for lots of major possibilities. So what else are we for? You want four people. If you block your own people, if you block your own people from telling you you have problems, and you have extremely hard to enforce foreign actual problems, and you're going to catch them and you're not going to get your secure systems and you need to accept them. I'm not No. But let me attempt to summarize this. It has to do with the... Why get them off to a reverse engineer without getting in trouble? Is that what you're saying? I'm not an expert in this, so I'm just going to speak from a personal capacity. I think that the language in the WIPO treaty was not written with the intent of making illegal the sort of reverse engineering that you're talking about, and we hope to clarify and rectify that in the future. Also, someone asked me to interject that with PKI e-commerce, that you mentioned the government having an interest in supporting that, that isn't it a fact that it would only require the injection of a subpoena to... Just an obfuscant quote would be just required to be a subpoena for ATs and not to have a judge to deal with the search warrant or to be the large capital. Well, if we need... Again, so it goes back to how much is the government really ensuring our privacy for us? The whole issue of PKI and key recovery is part of an ongoing dialogue, and if people feel that this needs to be a stronger legal protections, then let's have stronger legal protections. The congress is considering it. The administration is considering it. It's going to be part of case law. Let's build them in. Now, we'll subsidize. Question? Question in the back. Your name's comment on it? We have a vote. We have a congress. We... Congress and Senate. That'll be effective. You have a question in the back? Please speak up. Thank you. Benefits to kiosk on? I'm not touching. I wish the FBI were here. Does someone have a non-PKI kiosk or e-commerce question? In the insert. Let's have the army got into that. I'm not really sure. I like you. In fact, if there's anybody from global hell here, I'd like to meet them. It's... It's... It's... It's... It's... It's... This is an issue where you have a backup, a number of backup servers, and quite frankly, we had an oops. When the backup server wasn't fully backed up properly, and that 1110 file was still there. Can someone explore that? It is not a big sin, but it was because it was very public. Those kind of things, I'm afraid, will happen on any system that you have. Operators, if you are one, you know you're overworked. There isn't enough hours in the day just to maintain continuity of operation in your systems. And if you look at all the advisories that are out there, whether they come out according to Mellon, where they come out the assist, where they come out of 101 other places, I question whether we will ever have the capability to implement all of them in a secure manner. I don't think you realize how huge we are. I mean, seriously, I mean, I mean, you know, the problem is education and training. You know, the system administrators that we have, their job and their priorities that keep the thing up, and they don't know what to do, they don't know what to do, they don't know what to do. Their job and their priorities that keep the thing up and running and it never has been security. Now security is becoming priority and they don't have the training and education to make this thing work. So it's going to take time and it's going to take resources and the problem that we have in the government as soon as we train them, then the private sector buys them. I would like to I'd like to get paid more too. Are you sure? No. What do you think? They're in the private sector. Earlier in the statement that all types of nation states are under the terms of tax, whether the skirt kitty hits the soap or not, the vulnerability still exists. It needs to be addressed. And I don't know how many machines you have that still move. Do you have a question? Question? The issue has to do with product liability for, I guess mostly for sauce. Say it. You know you want to say it. It's a good question. I'm glad you brought it up and we're looking at it. I would like nothing more. Wait, did you say you would like nothing more then? I would like nothing more to then to have some more market incentives out there to ensure that products are going to be put out on the market that they do what they're supposed to be doing. When you do that with cars, I think that should be true for information systems as well. Let me comment on this as well. I obviously can't talk from the White House because that's not where I work. But let me tell you what we are looking at from a department and a firm perspective. In fact, the Department of the Army is driving this particular initiative. Everything we buy, we buy generally in a contract. So we develop the specification characteristics in the deliverables. We do that predominantly against cuts because that's what the mandate by Congress has been. They have reduced our development R&D resources so forth that we have to go commercial. However, in those contracts we are now stating very specifically that the applications that we buy have to have some sort of guarantee that there is no malicious code, virus free, and they operate as intended. Now the big hammer is if you don't deliver, we don't buy from you again. He said the word. He said the M1. We do buy from Microsoft. But I will tell you that we have increased our cooperation in the area of security with the Microsoft folks out of Washington. They have come out with some rather interesting solutions. It's a problem that you all have brought out in the past. DevCon. And we're still defending this country, aren't we? Question over there on the side. Loud, please. Very good comment. Very good question. The question is if the concern is lowest price what is the problem with open source? That's a really good question. And we are looking at that very carefully. That's the White House guy. Who was it? I'm getting struck down. And measures and counter measures. I was wondering whether or not you would bring the assertion that corporations with individuals who develop and test those things kind of need the application of them as something for the attorney general and wanted to look at. But would you agree that people should have the right to develop and test the same kinds of techniques as it depends against or absolutely as long as you don't test them on somebody else who doesn't know it and doesn't consent to it. I really have no comment on that. It gets into so many issues of legal liability, legal liability for organizations that want to hack back and take counter measures and the like. I know that it's something that people have been looking at, thinking about and maybe doing. But it raises a whole bunch of issues. Are you just talking about testing your own products in your own environment or are you talking about going out and developing tools and techniques on somebody else? An innocent bystander. You're doing it in your own environment though, right? I don't have a problem going on. Question? Loud. Loud. Louder. You say you have a good guess, right? Does it bother you that without us we would be here to document these problems and how to fix them so that some real religious group actually could come and attack them? Comment? Phil will comment. Basically said, does it bother you that the people in this room, the people here at DEF CON are the ones finding the vulnerabilities would you prefer it be us to find them before somebody else come along and find them an exploit? You like one of these terrorist groups that you've referred to? The gut answer at two o'clock in the morning bothers the hell out of me. The other answer though from an academic perspective this is the kind of conferences where this kind of information can be exchanged and if you don't think that it is being exchanged, it certainly is. These are the kind of conferences that are kind of applaud yourselves because you're the kind of folks that are actually making the industry more conscious of what the hell they're putting out there. Well if we're only listening to you once a year we certainly want to have a better track record so that you can't say that next year. Your second question? How much do the jobs pay? How much do you make now? How much do you make now? You're up now. He makes 15 hours already. He has the next round. Okay, you. Yeah, plug. Well, how much do you make since the process of the union departments and other departments to the government? It's now, in my opinion, the overalls of the decision of what's going on in the country because in the system of time, in terms of the kind of action that's going to be shared in the private sector that's going to be shared in the new case, we've lost the time to do that. Who's more interested in the overalls? Well, that's why Jeffrey's here. When was the last time you had someone at DEFCON from the White House? The point is that the government has a lot of trouble communicating amongst itself as well as with private industry and so what are we doing about making certain that we actually have a full picture? The president 18 months ago signed a couple of executive orders specifically reorganizing the federal government so that we do, in fact, for the first time have in the White House my position was created as well as position of another person at the International Security Council specifically to coordinate all the work that's taking place across the federal agencies. We've also created a special unit that for the first time has brought together the FBI and the Secret Service and the intelligence community and it's frankly working very close, starting to work very closely with the private sector in terms of exchanging information about the sort of new threat that we're talking about. So can we email you? Absolutely. Absolutely. Do you want my address? Yes. It's Jeffrey underscore underscore hunker at nsc.eop.gov J E F F R E Y underscore A period underscore hunker h-u-n-k-e-r We only have time for a couple more questions. So who's going to be aggressive? This guy asked first but you got to listen. You made an observation in the first comment earlier instead of saying it's a house that you're leading unsecured consider a business and someone walks into your business after hours when it's unlocked there's a certain level of responsibility in securing it. It was an observation. Part of that is education and awareness. Some people don't know that they need to lock their doors and that's a lot of what the government's doing is doing education and awareness and then how do you and how do you pay for securing that particular system your house. Everybody can't afford to put an alarm on their house. Go ahead and in some neighborhoods need them. So For those of you who didn't hear you made a comment regarding health information privacy protection protection medical records and so forth. There's now a requirement to have adequate protection in place by 2001. Are there similar legislative activities going on to protect areas outside of health information? Not yet in terms of mandating it. We'd much prefer to be working on a voluntary basis. If that doesn't work then maybe somebody will propose it but that's certainly not something that's possible. You have one minute. Thank you. I'm going to try to So one of the things that I can say about everybody from this side of the table is not about anyone else in the room is that one now and we all fight every day for war against refugees. Every good question is not being intelligently and finally answered. Every time we have a good question or a good comment or it's we're looking into that and I think everything of course was concentrated with all of the opinions. Everyone's got their way to voice. We all seem to know what's going on and we call this little government stuff but we want to hire a person to see if he has been able to figure out some years. That's why we all quit taxing with the brown companies. Thank you. That's great. Well I think this has been an interesting meet the fed panel. We are down to no time. Is our next speaker here? Are you the next speaker? Do you think that this was a beneficial addition to the comm this year? Then we'll do it again next year and we'll see who shows up. And also Phillip Moeringer will be speaking tomorrow at 10 a.m. He's the Army guy.