 Welcome, everybody, to the Meet the EFF panel. Thank you all for coming. We understand that we're up against General Alexander, so it's a tight competition, and we're glad you all decided to spend your noon hour with us. So thanks for being here. So this is the Meet the EFF panel. We're going to go and have brief introductions from each of our panelists who represent some of the EFF folks who are working to defend your civil liberties. Actually, a quick show of hands. How many people here are members or otherwise very close to familiar with the EFF? Okay. Thank you. Thank you very much. For those who don't know much about the EFF, you'll learn a little bit today. We are civil liberties non-profit that fights to defend your rights online privacy, free speech, and innovation policy, try and make the world safe for security research, to do their research and talk about it. And we're here today to answer your questions about what we do. We have a great selection of panelists. We might not have the particular person who works on a issue you have a question about, but we'll do our best. And one thing I wanted to say is if you have a question that's specific to some situation that you're in, this is not really the forum for those kinds of questions. One of the things we do is we provide counseling to people who needed pro bono, but this is not the forum for those types of questions because we want to make sure that if you did have such a question that it was in a confidential, privileged manner. But for general questions about what we're doing, cases we're working on, policy issues, this is the place for that. Before I begin, I just wanted to play for you a short video that we created to support coders' rights. And this is, well, let me just let it play and then we'll introduce the panel. Thank you. The production quality is, I understand, not very high, but that's because when you donate to EFF, your money is going mostly to programs and not to video production quality. All right. So let me start off by introducing myself. I'm Kurt Oppsall. I'm a senior staff attorney at EFF. I work on a wide range of issues. Probably the most prominent thing I've worked on lately was representing Matt Inman, the creator of the oatmeal in a dispute that he had with Funny Junk and attorney named Charles Carrion. I can tell you a little bit more about that in the Q and A session if people are curious. And let me turn it over to you. Hi there. My name is Eva Galperin. I'm trying. Here we go. Let's try this again. Hi there. My name is Eva Galperin. I'm the International Freedom of Expression Coordinator at the Electronic Frontier Foundation. I think I'm the only member of the international team here. So if you have questions about what goes on in the rest of the world, state-sponsored surveillance by authoritarian regimes and such, I am the person to talk to. Do it. Hey everybody. I'm Hanny Fukuri. I'm a staff attorney with the EFF. My focus is on criminal law. And recently we've, or some of the work I've been working on has included some work on cell site location data. And we just recently filed a brief in a Washington state criminal case challenging the constitutionality of Washington state's cyber-stocking statute as a First Amendment violation because it covers a lot of protected speech. So, yeah. Thanks for having us. Hi everybody. My name is Trevor Tim. I'm an activist at EFF and I do a lot of work on free speech issues and government secrecy and surveillance. So we can talk about WikiLeaks or surveillance drones coming to the U.S. And given that General Alexander is in the next room, we can also talk about our NSA warrantless wiretapping lawsuit that's been going on for six years. And just a reminder that actually just a week ago today the NSA admitted for the first time that they violated the constitution in a letter to Senator Ron Wyden. So we can talk about that too. I'm Peter Ackersley. I'm technology project director. I work on a range of issues from a computer science sort of perspective. The big ambitious thing that our team is working on over the next three or five years is encrypting the entire web. And we have a few projects that are helping to do that. And we've got a few more in the pipeline. HTTPS everywhere, the SSL observatory, sovereign keys. So if you have questions about encryption or EFF software projects more generally, you can ask them. Hey there. My name is Marsha Hoffman. I'm a senior staff attorney at EFF. I work on the civil liberties team. And I consider myself kind of a generalist. I work on privacy free speech issues. Our coders rights project which works to ensure that security researchers can do the awesome cutting edge work that they do without running afoul of the law. A couple of things that I've worked on recently include our requests to the copyright office to grant exemptions to the digital millennium copyright act to make sure that people can legally jail break phones and tablets and video game consoles. I also have done some work on a case that we're handling right now. Our client is a tele communications company that was the recipient of a national security letter. And we are representing that company in its challenge to that letter in the associated gag order. I also have been involved in a couple of amicus briefs we filed in cases in the past year or so. Involving attempts by the government to force people to decrypt data. And the question of whether the Fifth Amendment privilege against self incrimination applies in situations like that. I know that last year here there were a lot, a lot, a lot of questions about that. And I suspect that you may still be interested in that. And I would just flag that I'm actually giving a talk about that topic only on that topic in a couple of hours. And so if you have questions about that you might choose to wait and go to that talk. But if you want to ask questions about that here that's cool too whatever. I'm just going to jump in quickly to other fun topics that people can ask questions about if they want. One is the phenomenon of Apple's crystal prison and all the other lock down devices that we're facing, particularly with modern mobile devices and what we're trying to do about that. And the other is open wireless networks and encrypting open wireless networks so that you don't have to lock people out of your network in order to be safe from eavesdropping. Okay. Thank you panelists. And so let's start. We can start with your questions. Unfortunately we do not have a mic for the audience. So I'll ask you to say your questions and then I will repeat them so that everybody can hear the question clearly. And those who don't have loud voices maybe want to come up and be close to cut so he can hear you. Well, let's start out with you, sir, in the front row. So the question is about the NSA warrantless wiretapping lawsuit and the question is who are we representing? Do you want to take that? I can take it as well. So we have two lawsuits related to the NSA warrantless wiretapping. The first one we filed was against AT&T for its cooperation collaboration with the program. And in that case it was a class action. So we had a representative set of plaintiffs who were AT&T customers. That was based a lot on some information that a whistleblower provided to us about the Folsom Street facility which is a facility in San Francisco where in which there was a room built into the facility containing a splitter that would split the signal and send one copy of it off to the NSA and the rest routed to its destination. And so these were customers whose communications had gone through that facility. The second lawsuit was filed against the government itself, against the NSA and other elements of the governments that were participating in the program. And in that case we were trying to get a couple of things. We had the same set of plaintiffs who were saying they were injured by it because their communications had been splintered off. And we're also trying to get a ruling there that what they're doing is unconstitutional. Get a ruling at least on the merits of what is done. As far as the question, you know, what's the injury, what's the damage, is one of the things that is provided in a variety of the statutes, the Foreign Intelligence Surveillance Act and Electronic Communications Privacy Act and such are statutory damages, damages that are set by law where Congress recognized that sometimes damages for privacy violations may be hard to prove and set that forth in the statute. I'm just to add on to that a little bit. As far as how do we know this is going on, you know, after the New York Times reported on it in 2005, you know, dozens of major news organizations reported the same thing. And this evidence has been kind of in the public record for, you know, six years now. And even after Congress passed the FISA Amendments Act, which is actually going through Congress right now for renewal, which we are strenuously opposing because it really, instead of strengthening privacy protections in the wake of this scandal, it actually weakened them for Americans talking to people overseas. But even after that passed, there's been numerous reports that the NSA is still collecting just purely American domestic communications. The New York Times in 2009 said that they had been doing it still in a systematic way. Wired just reported a few months ago, I'm sure many of you saw about the massive data center they're building in Utah, which they plan to store basically every email sent around the world. And William Binney, who is actually on a panel here later this weekend, he, it was an NSA, longtime NSA employee, and he actually just joined our case, one of three NSA whistleblowers to present evidence in our more or less wiretapping case against the NSA. So the evidence is vast and yet still the government has yet to allow us to present that evidence in court. So the follow on question is, do we have a discovery and to get further evidence from that? And the answer is no, we did not actually get to do discovery. The case, even though it's been six years, is still in the preliminary stages. They have, well, there's two cases. So the first case was moving forward. They tried to get the case dismissed. That failed. And then went to Congress to get retroactive immunity given to the telecoms. There was a big battle in Congress over that, but unfortunately, telecom immunity did pass. And we fought the constitutionality of that and took that to the appeals court as well, but that unfortunately was not successful. I mean, it's flattering when you have your case being specifically talked about at the highest levels of government and they pass a special law just to kill your case. But nevertheless, that doesn't get us any closer to ruling on the merits. And then the second case against the NSA and the government, the state secrets privilege was asserted. And so we need to resolve whether or not the state secret privilege prevents us from moving forward with the case before we go any further. So we're a long way from that sort of thing. All right, another question. Sir. So the question, let me just repeat the question. The question was about SSL decryption devices placed outside a network so people can look at SSL communications perhaps to find malware, but also examining the communications. So this is a, I won't say totally common, but it's a thing that a decent number of companies do. They install these devices and then they go around to their employees' machines and add a root certificate. They make that a trusted certificate for each of the devices that's on that network. And then every device, whenever it makes a TLS connection, it gets man in the middle. The key it sees isn't the true key for the server it's trying to talk to so it does a handshake with the firewall and the firewall gets to read the contents of the encrypted communications. I'm not a lawyer, so I'm not going to give you the legal analysis of this and maybe one of my colleagues will, but I will say that doing this without getting very clear explicit consent from all of the employees who are affected by such a device is extremely risky. Okay, and then the sub part of the question was about the legality of it. So there are a number of laws that affect when you can eavesdrop on communications, most prominently the WireTap Act, which is a federal law. The WireTap Act requires one party consent. However, a lot of state laws require all party consent. And so one would certainly be wise, as Peter is suggesting, to get consent of all parties to a communication before intercepting it. There's also a provider exception that allows a provider to do things to protect their networks, but that would have to be that for someone who is a provider of it. So I mean, I hate to say it, it's often the case with these sort of legal questions, but it depends and check with counsel is probably the best answer. I'll take another question. Sir? Okay, so to repeat the question, the question is about TOR and other anonymizing technologies which may sometimes be used by people like child pornographers or other malfeasers. And the question is, does that affect how we feel about the technology and how we react to it? So from a legal perspective, I think that this is something that comes up in our discussions when we think about which cases to take. Because what we're trying to do on our legal team is try to pick the best cases that we possibly can to create a really good impact in the law that's going to help a lot of people, right? And so, you know, when a case comes up that we're thinking about maybe getting involved in one way or another, you know, and it involves child porn, for example, that's certainly one of these things that we take into account. Because I feel that often in cases like that, the judge is really going to want to bend over backwards to make sure that person gets punished, right? And sometimes I think that that creates the possibility that the judge is going to bend over backwards to sort of torture the legal analysis to make sure that that person gets punished. And we worry that that could have a greater impact on a whole bunch of other people that isn't going to be so great. To give you an example that actually does not involve child porn, how many of you are familiar with the Lori Drew case? Anybody? So several years ago, I'll bet you a lot of you read about this, several years ago there was this really awful thing that happened where a woman set up a fake My Space account, imposed as a young boy and then, you know, became, you know, connected to a friend of this woman's daughters. And, you know, the daughter was all excited that this, you know, this good-looking guy was into her and all of this. And then, you know, the woman basically kind of, you know, her fake persona turned on the girl and said all sorts of terrible things to her. And the girl became very, very depressed and she committed suicide. And it was, it was a terrible, terrible thing. And there were a number of prosecutors who looked very hard at that situation and I think they thought, you know what, somehow that should be illegal. And they looked into it and they couldn't really find any laws that they could prosecute her under. And so one prosecutor had this idea that maybe they could use the federal hacking law, the Computer Fraud and Abuse Act, to go after this woman on the theory that when she signed up for a fake MySpace account, she violated MySpace's terms of service. And in so violating the terms of service, she was gaining unauthorized access to MySpace's servers and therefore was guilty of violating the Computer Fraud and Abuse Act. And they, you know, they pursued a felony charge against her. Now the problem with that is, if that woman is guilty of a crime for violating terms of service, then that's going to be the case for all of us. And you've read these things, right? I mean, or you haven't. And that's part of the problem, right? I mean, you could be guilty of a crime for violating something that you never read and you don't even know what's in it. And of course that would be a big problem. And so we got involved in that case as an amicus. And ultimately a judge found in that case that it just couldn't be the case that violating terms of service turns you into a criminal. And we thought that was a very, very good outcome. But you know, I think that this demonstrates, at least from our perspective, as a legal organization, how difficult it is sometimes to deal with those sorts of things because you're right. On the one hand, you know, somebody's been accused of something really, really bad. And often they, you know, it appears that they've done something really, really bad. And perhaps as a society, you know, we say we want to punish that. But we also want to be careful not to do it in such a way that it moves the law in a direction that could affect a lot more of us that are not even implicated in that case. Eva, do you have something you want to add? No. I'll take another question. Let me see if I can get somebody in the middle, sir. Okay. So the question is, the gentleman comes from Spain. There are some protests who are organizing through social media. And do we have some experience in helping protesters internationally who are protesting using social media? Well, the work that EFF does internationally is a little bit different from the work that we do domestically because we do not have lawyers in every country. So we don't actually litigate internationally. But what we do do is we work with activists on the ground in order to help them to help them organize and oppose these kinds of laws. And we work with the organizations that already exist in the country in a sort of partnership in order to give them our support and sort of move the, our many members towards this issue. A lot of countries have actually looked at criminalizing certain kinds of speech in social media, including the state of Veracruz in Mexico. And I think there's also a similar law in India. And recently there was the Twitter joke trial in the UK where a British citizen joked about blowing up a plane over Ireland and was taken to court for, I think it was, I think today, was it today? Possibly yesterday that he had been convicted and he went on appeal and was acquitted today. So we do work with people all over the world and we certainly oppose these kinds of laws and try to draw attention to them when they happen. Okay, next question. I'll take at the end. Repeat the question. The question is if I could elaborate on the collaboration between EFF in the United States and EFF in other countries. EFF is not divided up by country. There is just one EFF. It's 30 something of us sitting in an office in San Francisco. But our reach is international because the internet is international. What we do is we collaborate with other organizations such as the online rights group in the UK. We work with NOAT in Tunisia. We work with an organization called Global Voices which helps give voice to bloggers all over the world and sort of highlight times when they're in danger for things that they say online. We've worked with the committee to protect journalists. And there are many sort of EFF like organizations all over the world and we try to encourage their formation and work with them to oppose bad laws in their countries. There are a few organizations called electronic frontiers like there's electronic frontiers in Finland, electronic frontiers in Australia. And those are fellow travelers but they are not directly affiliated. We don't have, they're not branch offices. So I take another question. In the back there. So the question was about battles about throttling bandwidth and where ISPs have, ISPs being asked not to connect to certain websites which I think maybe a reference to some of the ICE seizures of domain names and I guess a reference to throttling of a bit torrent by certain networks. Do you want to talk to that part? Sure. So we did a lot of work a few years back when Comcast which is the second largest ISP in the United States started injecting forged reset packets into bit torrent and other peer-to-peer connections and also some other protocols that their firewalls just randomly confused for peer-to-peer. So Lotus notes I think was having its connections reset and other stuff like that. So that Comcast back then was doing that very blatantly and a number of other ISPs were. And we ran the first controlled tests that confirmed that it was definitely Comcast doing this by collecting data from both ends of the connection. And that led to the FCC, the Federal Communications Commission, attempting to establish authority over a network neutrality in order to prevent Comcast from being able to do this kind of thing. And there's been a huge like kind of side argument about whether the FCC has the legal authority to do this and whether they're the right institution to do it. But the state of play at the moment is that all overtly US ISPs have kind of agreed not to do this sort of thing. And they've tended to be sued and run into trouble when they have done it. So if you're aware of a US ISP that is definitely throttling, differentially throttling traffic to one domain versus another, that's a really interesting thing to come and talk to us about, or just draw attention to, and it will tend, just drawing attention to it will tend to get the problem fixed. Because I think that a US ISPs are under a lot of pressure not to do this kind of thing. Internationally, the situation is more varied. There are a handful of countries such as the Netherlands that have actually passed explicit network neutrality laws. So in those countries, it's outright illegal to do this kind of thing. Whereas in the US it's more complicated. And there are some places where it's more overtly just, okay, we're doing it and getting away with it. And so I think what the internet community needs to do is catch companies that are doing it, draw attention to it and make sure it stops. All right. On the edge there with the EFF hat. So the question is how often are we engaged by legislatures and their staff when they're crafting legislation and drafting it? Okay, I'll take that. Fairly often we have some contacts in DC. Our main focus for advocacy is more on the litigation establishing precedent side of things. But nevertheless, we have had some good communications with some people back in DC over the language of bills. Do they listen? Well, I mean they listen. They don't necessarily do what we ask them to do. But you know, their staffers will make the time to be on a call with us, at least some of them, not all. And then we also, from time to time, will get involved at state legislative levels and also have some of our international team working on things like EU directives and some of the sort of semi-legislation that occurs out in that sphere. One great story of the sort. There's a big difference between talking to people, which people tend to talk to us. Sometimes they even come to us and then write a bill based on stuff that we tell them, but then there's this whole other question of whether the bill passes and becomes law and most of the time it doesn't. And then there are times when people in government and in Congress come to talk to us but don't listen. So a good example of this was Quaker and SOPA and PIPA, the various internet blacklist bills where they came to us and said, you know, we need to censor websites in order to, they didn't say censor, we need to take down these websites in order to enforce copyright law. And we said, no, you don't, that's a terrible idea. You should definitely not do this. And they didn't listen to us. They continued to try and pass those bills. And so then we ended up basically with the giant political campaign that we and a number of other groups ran against SOPA and PIPA that culminated with blacklist day. And we won. So sometimes they don't listen to us but we win anyway. Thank you. And thanks, I mean, I'm sure many of you were participants in the fight on SOPA and I think it's worth calling out and thanks for the clap there. That was a watershed moment in trying to put some sanity into what Congress did. One of the first times where Congress was really coming forward with a really bad bill and they were being told by the content industry, you know, this is fine. Everyone on the hill was saying this is a done deal and the only question is how bad is it going to be? And through massive grassroots support, it was turned around. So that was a really great thing. And it's important to point out that after SOPA and PIPA went down, they listened to us a lot more now. Sir, you were at it for a while? The question is what is the current state of encryption keys and being asked to give up your password and the Fifth Amendment? So for those interested in this issue, I'm going to speak about this briefly but I have an hour long talk about this later this afternoon. And so I don't want to take all of the, I don't want to steal my own thunder here and have you all just not come because you're like, oh, okay, I got the deal then. Two o'clock, right here. Two o'clock. So this is a really interesting question. Basically the issue is the privilege against self-incrimination, which we get from the Fifth Amendment, which ensures that witnesses have a right to remain silent and not have things that they say be used against them. And how that affects attempts by the government to force people to disclose passwords or encryption passphrases or, you know, simply compel them to decrypt data and then turn over a version that the government can then read and use. And there have been a couple of big cases on this in the past couple of years and I think that the rule that we can see from this new precedent is that, you know, if you have a valid Fifth Amendment privilege, meaning, you know, the government is trying to force you to make a testimonial communication that would reveal things in your mind that would tend to incriminate you, you can have a valid privilege that keeps the government from forcing you to decrypt your data. However, this can have limits. And the case that was decided first this year, you know, basically said, you know, listen, if there is a situation where the government already has a pretty good sense of what is, what that data is and that you have control over it and custody over it and it can, you know, it can be authenticated in some other way, then, you know, really they're not forcing you to say much more than they already know. And in that case, you might not have a valid Fifth Amendment privilege. So that's kind of the story there if you want to hear more explanation about it. Come this afternoon, please. Alright, another question. In the back, EFF hat. So the question is, what is EFF's position on the deployment of drones, offensive, domestic deployment of drones? Trevor? So, in February, the Congress passed a bill called the FAA Modernization Act and buried in this bill is a clause that says the FAA has to start issuing drone licenses to public agencies, including law enforcement agencies. And the FAA itself estimates that by the end of the decade, there may be as many as 30,000 drones flying in the U.S. And so these drones aren't, you know, going to be shooting missiles, but they will be able to do pretty much everything else that military drones are capable of, whether it's surveillance, you know, flying for hours or days at a time. You know, some of the drones, the military drones can, you know, scan entire cities and alternatively, you know, see the color of your shoelaces from a mile away. But they can also be equipped with facial recognition software, fake cell phone towers that can intercept text messages or phone calls or crack Wi-Fi or, you know, a Texas sheriff even suggested that he wanted to put less lethal weapons, he called them on drones like rubber bullets and tasers for crowd control. So, you know, the dangers are kind of unprecedented, especially in the privacy area where, you know, there aren't really laws that protect us against this type of surveillance. When you walk outside your home, you could potentially be followed by a drone for 24-7. So we've actually been working a lot in this area over the last six months. We filed a Freedom of Information Act lawsuit against the FAA. They were actually keeping who had the authorization to fly a drone secret, even though if you fly a manned aircraft, the FAA is actually very transparent. They tell you, you know, who's flying it, what type of plane it is and, you know, a lot of details about, about its, how it operates. But they didn't do that with drones at all. So we had to sue them and they released a list a few months ago that detailed about 60 public agencies that have drones. Now it's about up to 100, but again that's about to explode because of this law. So actually we're running a, because the FAA only really told us who was flying them, we don't know what they're using them for. So what we're doing now is we're running a campaign with an open government group called Mukrock. You can go to their website at mukrock.com and we're trying to file a public records request with every police agency in the U.S. that either has a drone authorization or wants to get one. So we've already filed with everybody on the FAA list and we're trying to ask them what are they doing with these drones? What do they want to do with them? What kind of type of surveillance are they going to, to use with them? And then we're also going to ask your local police station. So you can actually go to mukrock.com and fill out the simple form and they will file a public records request on your behalf and they'll do all the, the legal trouble and all the tough stuff. All you have to do is just fill out, fill it out with your information and your local police agency's information and you can find out hopefully if they have plans to get a domestic surveillance drone. And so once that we gather enough information in that regard we hope to take this information and take it to local city councils or municipal governments or state governments or even congress so they can pass legislation that can really set up robust privacy safeguards so if drones are being used to follow somebody that they have a warrant first and there's already a couple bills in congress going around right now. We don't know how much support they have but let's say generally this, this idea and hopefully our goal at least is to stop this before it becomes a problem and to kind of have this legislation be implemented before there is a drone flying over every town in the US. Alright thank you. So the follow up is are there any private organizations that are on the FAA list? Not yet. Right now only public agencies can get drone authorizations but that's going to change in 2015 according to the bill that congress passed that I just mentioned. In 2015 commercial entities can start getting drone licenses so you can, we might start seeing you know FedEx flying a fleet of drones to deliver packages across the US. In the black shirt fourth rule? So the question is how to reach out to people who might be satisfied with the status quo and to speak to them about some of the troubles and why they should be opposed to things like warrantless wiretapping and how do you, how do you communicate with those groups? So you know this is a really interesting question and I think we saw a little bit of this in January in the US Supreme Court when in January the US Supreme Court issued a decision called USV Jones that talked about the physical installation of a GPS device on a car and the Supreme Court held that that type of installation was unreasonable and in violation of the fourth amendment. Well it held that it was a search under the fourth amendment and because in that instant case that the court was considering it was done without a warrant it was unconstitutional. What was interesting about that case was during the oral argument Chief Justice Roberts who I would certainly say is a man of I don't know higher standing or whatever you want to call it asked the government attorney in that case whether under the government's interpretation of the law if they could install a GPS device on every single person of every single member of the Supreme Court's car to which the government attorney rightfully answered as they argued in their brief yes and naturally the Supreme Court unanimously said no and you know found the search unreasonable you know found that the installation of the GPS GPS device was a search but I think that really kind of captures how we can approach these technical concepts to people who may not necessarily be worried about it. You know in the Jones case the defendant they were surveilling was a guy who was a suspected drug dealer and he ultimately got sentenced to life in prison so you know this is kind of going back to your question you know this is somebody who maybe society may not think really deserves a break but I think when the technology got boiled down to a got boiled down to a way and explained in a way where nine elderly members of society who are Supreme Court justices are pretty highly ranked members of our society can recognize like you know what it's a bad idea if we let the cops just put GPS devices on anybody they want wherever they want for however long they want that's when change starts to happen and I think the way that gets done is both through just people like you talking to your friends and talking to maybe like your parents and people of an older generation who may not be as familiar with the technology and help them explain hey you know what you remember how you when you put a letter in the mail you don't expect the post office to open the letter and read it you just expect them to deliver it shouldn't the same thing happen or be true of our email and I think all of us here I think we all try to do that we all try to explain these kind of complicated or not so complicated but you know concepts that are relatively new to an audience of judges and legislators who may not necessarily appreciate them and I think as that happens more and more that's where you're going to start to see a change in societal values another example just very briefly and I'll stop talking like in the cell site location data think about a year ago I think you know everyone at DEF CON may know what cell site location data information is but the general public probably didn't and you didn't have a lot of major media companies covering it but in the last four or five months we saw as a result of the ACLU's FOIA request where they got all this information about it and as a result of some poking around by some congress members to different cell phone companies about hey how many requests are you getting from you know law enforcement when the number came out and it's the number that was reported was 1.3 million requests in 2011 and there have been some people who have suggested that that number is actually closer to one and a half million once that number comes out in the Wall Street Journal runs an article about in the New York Times runs an article about it and congressional leaders are starting to ask questions that's when you know people are starting to take notice so that that's that's how that change has to happen just to add on to that a little bit I think a lot of the times the problem is with people that are you know not they wouldn't attend this conference that may not know a lot about technology or the internet is the way that the problem is framed so when they hear things like the stop online piracy act they think oh that's people downloading music in movies and we're against that so we're obviously for this bill but what they don't understand just by the title and maybe by reading one news article about it is how broad the bill is and how it could affect millions of people who have never even thought about copyright infringement and could censor thousands of websites that could have just gotten caught up in a broad sweep of whether it was the attorney general or corporations doing the censorship so it I think it's important to kind of explain to people in more detail about how bills work rather than what they're called another example is a the data retention bill which actually just got dropped in Congress there with the author of soap a Lamar Smith had this bill it was called I don't remember the exact name but it was sent essentially stop child pornographers act but what and so what it would do it would force ISPs to keep your data for a year or 18 months so the law enforcement could access it whenever it wants and now you know this would have applied to everybody not just investigations regarding child pornography so often they use these buzzwords that people will just attach to without thinking much when in fact they actually affect a far broader group of people and so it's it's tough to get past that but that's that would be the lesson is to try to explain to them how a bill works rather than just what it's called or what it's trying to stop yes so the question is how do we respond to people who think where are all tinfoil headers you know I mean we try and make sure that everything that we do is backed up and sourced and is quite reasonable and I would say you know one of the things where this was coming up a lot was in the question of whether the NSA was engaged in in massive surveillance and it was very very helpful to have a whistleblower who could say that they were actually involved in installing the splitter in a secret room and in the Folsom Street facility but in the early stages of that there were some questions as to how we could make that information public and originally it was all filed under seal and so there were some awkward times in the beginning where yeah we were one of our staffers was on Fox News and was getting interrogated by Kovuto you know where's your proof where's your proof and of course we we did have the proof but at that point we couldn't make it make it public so the the question is whether EFF has experienced intimidation or shady experiences and I mean I have not you know I've not had any particular screening problems at the TSA or you know strange vans outside my house or anything like that but I guess is anyone I've never experienced anything like that and in fact I tend to think that just maybe maybe logically maybe we're even you know more protected from that kind of thing than other people because if anybody did intimidate us or you know you know try to make us feel uncomfortable I think that would be a really big press story most likely and so I tend to not have worries like that you know largely because I work at EFF. So I was just given the the one minute warning so we're gonna halt the questions from now but they will continue in the Q&A session which I believe is across the hall in a small room setting so if you have further questions I come there we'll also be around for the rest of the weekend we have a booth over in the vendor area where many of us will come by to hang out there's also another booth over at the Hackers with Guns shooting game so you can support EFF, shoot guns and and see us at the booth there so we hope to see you all around the conference for the rest of the weekend and thank you so much for coming it's been wonderful that we've been doing this for eight years thank you