 Hello and good morning. Good morning, Drupalcon. Welcome to day two of Drupalcon Vienna. I'm excited to see how many people there are here today. I was expecting, like, just George to be here, so thank you very much. Clicker. That's okay. Well, for those of you who don't know me, I'm Tiffany Ferris. I am the CEO of Pellentier.net, which is a Chicago-based Drupal firm. But I'm up here today because I am the treasurer of the Drupal Association. I think we're going to restart the slides. Anyway, I have had the privilege of serving on the Drupal Association board for the last long time. I served for three years on Drupalvzw. I've been on the board since 2009. And I've served the last six years on the North American based non-profit, Drupalcon Inc., right? So I was asked to kind of say a few words, and I think it's been a really interesting progression, right, for the Drupal Association. When I was first put on the board, we would have all of our meetings in IRC, text only. Occasionally we would meet in real life at Drupalcon. But our conversations were generally, they would go something like this, I would like to spend a couple thousand dollars on a server, and then everyone would vote, and we'd be like, yeah, you should do that. So every single expenditure was approved by every single board member every single time. And we spent probably 90% of our time thinking about either where Drupalcon should be or how we were actually going to pull off Drupalcon. So I stand here today very excited that we have matured as an organization. We've kind of moved on a little bit. So we are now a, I'm thrilled to report, we are a $5 million non-profit with audited financials and a very mature kind of governance model that we use to support the community. We use to support that mission. There we go. So this is actually from the, kind of what I see as the turning point for the Drupal Association. This was a meeting that we had after Drupalcon San Francisco. It was the very first board retreat. But it was, it was of the entire General Assembly, which at the time was about 30, 35 people. And it was the first time that we got together as an organization to think strategically about the Drupal Association and about what Drupal needed. So you'll see in this picture you've got, you know, Jacob Redding and WebChick. And this is actually the meeting, probably like right after this photo was taken, that Angie came up with the phrase, come for the code, stay for the community. So as I said, we are worlds away from, from that today as an organization. We are here. We, we know our purpose. We know our mission. We are here to unite the community, to build and promote this Drupal project. And as a board member, I really love the challenge and the magnitude of that mission. It's that promise of Drupal that, that keeps us all here today. And the Drupal Association plays a key role in fulfilling that promise. So we often talk about community. And in a literal sense, Drupal is actually an amalgam of a lot of different communities, right? At our core, we have our contributors, those who impact very directly the project, either through writing or reviewing code or documentation. And, and as we've grown, that's expanded into leading and mentoring and managing others as well. We also have an, an entire group of organizers at the local level who do this really invaluable work, whether they're planning and hosting meetups or camps. But I think those organizers also play a really key role in welcoming and onboarding all the new people into the project. Then of course you have the businesses. And while we think of the businesses in our community as providing financial support or code or logistical support, it's important to keep in mind that, that the business community are really on the forefront of selling and marketing Drupal. And they create this very essential feedback loop with our customers so that we can continue to innovate and iterate the project. And then of course the, the customers are, are community on themselves. And what is so important about our customer community is that they're the ones who are demanding innovative features and they're driving the demand for talent. So they create jobs, they create thorny technical challenges, and ultimately the momentum that we enjoy as the Drupal project. A successful Drupal needs all of these communities. We need those perspectives. We need their resources. And this is where the Drupal association fits in. We work with all of these communities because for us, it's about the people. As we have matured, the Drupal association serves as a convener, a connector, and a platform. We are a strategic partner for all of these Drupal communities. We identify and match people's needs and opportunities together. We facilitate interactions, relationships, and collaboration that helps us grow as a project, as companies, teams, and most importantly as people. For the last six years, the DA has worked to expand Drupal's reach by building relationships with all of the people who contribute to Drupal's success. We have invested in forging new relationships with people who had not historically participated. We have been reaching out to CTOs, CIOs, directors of engineering while maintaining the support that's expected of our established contributors and organizers. As Dries talked about in this keynote, the Drupal is growing and changing, and the DA is adapting as well. We've been listening to the feedback and thinking strategically about the trends we're seeing within our own ecosystem and beyond. So change isn't easy, but here's what I know. It always comes down to people, and that's what gives me hope. Every single person in the DA, especially Megan Sanaki and her amazing team, operates with this deep, deep care for the people of the Drupal community and a fierce commitment to this project. We are curious about new opportunities, we are committed to learning, and we are open to evolving however we can best and most uniquely serve the Drupal project. The best part is we don't have to do any of this alone, nor could we. Drupal's history has taught us to trust that help is given when we ask. Drupal people are generous with their time, their talent, and their treasure. So yeah, this last year we've identified some gaps, some things that need to be addressed, like governance, and things that just aren't working as well as we need them to, like Drupalcon Europe. These are both solvable. We are excited to be working with those in the European community to reimagine the potential and the promise of Drupalcon Europe, and we are very supportive of the community working groups' efforts on the evolution of community governance. Coming from the DA's humble and very practical beginnings, there is much to celebrate and yet still so much to learn as we tackle the opportunities ahead. So as I conclude my tenure at the DA, I just wanted to say thank you for changing my life and stay awesome, Drupal people. Thank you. Thank you. So on to the housekeeping slides, everybody I'm sure has Wi-Fi. The hashtag for this morning's keynote is going to be D.C. Monique. Coffee, free coffee after this from 10.15 to 10.45. After that, coffee will be available for purchase the rest of the day. Thank you to Vardot for that. Lunch is in the same spot as yesterday with the staggered approach. If you have any concerns, the code of conduct is there to help you and create a framework for you to address those issues. Rachel Lawson and Adam Hill are on site. Here's their contact information. Or you could file a report directly with Drupal-CWG at Drupal.org. Women in Drupal is tonight and awesome. So you should go. It's at the main conference hotel from six to eight tonight. Thank you to all of the sponsors who make this really important event possible. And then Trivianite, one of my favorites. Thank you so much to Thunder for hosting Trivianite. It will be at the Platinum Vienna tomorrow night. Of course, contribution sprints coming up. You can sprint in the hallways and then we have a sprint party coming up later this week. And the exhibit hall is open. You should go through it. Good swag to take back to all the people who let you come here for a whole week. So it's just nice to remember them with something that you didn't have to pay for. So that's good. Then of course, birds of a feather are one of the most, I find one of the most valuable parts of Drupalcon. Very informal gatherings of like-minded people. And the schedule is found at the top of the escalator on level one. This is zero. You all know that. Session evaluations are important. Session evaluations close that feedback loop for the people who put a lot of time and effort into preparing those presentations. It's your way of saying thank you. So whether your feedback is neutral, positive or negative, they do want to hear it. So please do fill out those session evaluations. It also helps us iterate the content and make sure that we're delivering the best content that you deserve. So I want to thank all of the sponsors without whom Drupalcon Vienna would not happen. We have our diamond sponsors. Thank you so very, very much. Our platinum sponsors. All of the sponsors. Yay. Thank you. Awesome. Great. Couldn't do it without you. As a treasurer, I am deeply, truly, truly grateful. Also as a treasurer, I'm really grateful for the supporting partners who support us all year long for those other business owners. Recurring revenue. Great. Predictable cash flow. Good. I really do like those things. Just because we're a non-profit doesn't mean we don't have to follow best practices. So now I am going to turn it over to Angie Byron, who you may know as WebChick, the one, the only person. There could be only one. And she is my friend. I call her up here now. Thank you. Yeah, sure. All right. Now that I've been thoroughly embarrassed. So my name is Angie Byron or WebChick online. Everywhere except for Gmail. So whoever that is must get a lot of really confusing emails that she knows nothing about. I work at Aqua and the Office of the CTO. And that means Drees. The project lead is my boss. No pressure. What I do in the Office of the CTO, I'm actually one of an ever-growing number of people who are paid full-time to work on Drupal itself. So what my job is is to go out and find the people in the community doing amazing things, like core initiative leads, people maintaining some of the top contributed modules, events that are being organized in various strategic locations, and that sort of thing and find out how Aqua can best support their efforts, be that through project management help, sticking developers on hard problems, doing patch reviews, organizing sprints, all those kinds of sort of areas where we can do a little bit of effort on our end and we can get a lot of impact and support a lot of people's efforts. So I'm very grateful for the opportunity. I am not going to bore you with a bunch of product mumbo jumbo, but what I am going to do is let everyone know that we also have a meetup going on tonight. It happens at the same, it overlaps the same time as women in Drupal, but you should be able to do both if you're interested in attending both events. So this is over at Das Campus, it was about a five-minute walk from here and it's very low-key just getting drinks with people, chatting, that kind of stuff. We're not going to try and sell you anything, we just want to hang out. So, yeah. All right. I wanted to talk just a second about my start in Drupal. So I got started in 2005 as a Google Summer of Code student, and the reason I knew about Drupal is because I'm one of those nerds that goes around and viewing source on every single website I ever look at, and I found this really interesting website called Spread Firefox, which was something that Mozilla put up and it allowed any individual person to self-organize marketing efforts around the Firefox web browser, so be that I'm at a university campus and I'm going to hold weekly meetups of promoting Firefox in my school, or I'm an artist and I made this cool poster and I want to upload it so people can print it off and hang it places and this kind of thing, and I just thought that was really neat that there's this piece of software that empowered people that way, so it gave people who were non-technical the ability to do things that would normally require a programmer like myself in order to do, and I thought that was really amazing, and Drupal over the years since then has empowered a number of different types of this sort of thing, so there's a number of non-profits that use Drupal now, like the ACLU, the Electronic Frontier Foundation, these kinds of things, and there's also a lot of people who use Drupal because it's an open platform, because you have control over all of the information coming in and out, and this kind of a thing, and I think it's really neat that we all contribute to something that, you know, yeah, as Tiffany said, gives us a lot of, you know, jobs, which is great, but also contributes to a larger whole and gives people more control and more freedom, because Monique, who I'm very happy to introduce, Monique Morrow is extremely passionate about these same types of topics, but at a global scale, so Monique is a chief technology strategist for the humanized internet, and this is an organization focused on empowering people to take control of their own digital representation, so instead of all of your information going off to Big Brother and for them to chew on and use in ways that you don't quite understand, putting that control back in the power of the individual to be able to manage that online and not making paper that, you know, be all and all of who they are. She's deeply passionate about the topic of governance, and particularly the ethics in technology. She worked at Cisco, where she worked on all kinds of crazy future, the, you know, internet of things stuff, so, you know, artificial intelligence, augmented reality, you know, blockchain, all of these kinds of technologies, and figuring out how can we support those technologies, but also do so ethically so that we're not, you know, taking away human rights as we're doing this sort of thing. So she's a member of the IEEE Ethical Considerations in Artificial Intelligence and Autonomous Systems. She also has the Brazilian Awards, and yeah, I'm very pleased to welcome Monique Moro to our community. Thank you. So, I don't think I'm going to need this. Thank you so very, very much. I wanted to spend a few moments on, I know that the whole discussion here was about humanized, and what does humanized mean in technology, and I want to take, talk about that for a few moments before we get to the presentation itself. So humanization, intentionality of what we do with technology, plus what the open source community can be doing in terms of creating this notion of a cyber bill of rights. So, oh, I'm going backwards. That's really cool. Let's talk about humanization, what I mean by humanization of the internet. First of all, you know, Angie actually talked about what I'm doing, and identity. You all have a passport, you all have some notion of identity, but I'm also working with people who don't, who don't have it. They're literally stateless, literally, literally stateless. It didn't matter as a refugee if they came into a country or tried to go into a country that they had all of their documents on Google Drive. It just didn't matter. Governments wanted to see, you know, affirmation at a station of where their documents came from. And so we need to change that dialogue a little bit. So that's on one side of the house. The other side of the house is on humanization, if we're talking about that, is looking at how we have intentionality and governance and what it is we do. The stakes are so high, so very high today, that we border on a surveillance state. And we need to be very, very, very careful about that. Hence why ethics is a big topic for me. The other component is how inclusive are you all with people who, with talent that's not being tapped on. Let me give you an example of another area of humanitarian, before I get into humanistic, before I get into the cyber bill of rights, is, you know, there's a group, I'm working on a project called Cool Abilities. And Cool Abilities are people who may have autism, who may have aspergers, who may be hearing impaired, who may be visually impaired, and yet they would like to code. And so working to work with this group of our population who would love to be involved in the communities that we all are serving today. And that's an example of being inclusive. So think about how inclusive you are in your communities and think about intentionality of what it is you do. And ethics is going to be a law, quite a bit of a red thread in what I'm talking about. So I'm going to talk now in the next several minutes about a cyber bill of rights community because it is about we, the people. It is about this notion of are you in control? Are you in control of your identity? Are you in control of your privacy? Copinicus may have said the sun is the center of the universe. But let me suggest that you are all the center of the universe. And the stakes once again is so high. Your privacy is a fundamental human right. Just read article 19. It's just a fundamental human right that we all have to have. And we can pick up the newspapers and we can read about people who have been arrested because the breach of privacy. We'll talk about that a bit. It's understood. It has to be understood. We have to know as we're pulsating so much information what's being used, what's being used about us. And it has to be a conscious choice by us all. So one of the things that I'm thinking about, I was taking you along this path, is digital identity. You pass through immigration authorities. What if I wanted to choose what it is I want to choose and how I want to share it with you? And could we think about even a bigger higher interesting areas? What does digital sovereignty look like at the end of the day? It's a bigger problem. But you should be the center of the universe. We should be the center of that universe. And I argue that we're not. Some people may argue that privacy is dead. Some people may argue that privacy is dead. But again, the stakes are fairly high. So if we think about the Internet of Things precipitating this kind of economy, we have to think about all of the things that are pulsating information about us. About what it is we're doing. And companies are amassing profiles. Some far more personal and some far more intimate. In fact, I was actually at the Internet Society Intercommunity 2017 event in Geneva last week hosted at CERN and we were talking about whether or not we have a trust deficit. And I think that's another thing to think about whether or not we have a trust deficit. So all of these things are pulsating about things and pulsating about things and information and we're even having microchipping events, you know, to sort of, I'm just thinking of employee, take this thing out. But that is kind of the creepy part about what we have to think about. So taking you along this path, I want you to ask yourselves questions on intentionality of use of what it is you do, even as coders and most importantly as coders in the community. So we need, when we have all of the stuff that we're looking at, we have all kinds of challenges amongst ourselves. There is this whole notion of data capture. We're just, everything is pulsating information as I said before. There may be this notion of lack of standardization of and how data is retained and that's what I'll talk about even more because I think it's a big top of mind for us. Profiling and traceability is already happening. It's just simply already happening. And the thing of it is, are you in control? Do you know about that? Do you know how data is being used about you? And so there is a risk in terms of going into what I will call this the spine line between safety, surveillance, etc. and not knowing. So we're just all over the map in terms of how data is being used and how we are sending out information about ourselves and not being cognizant or not being sort of responsible about that. The other concern is people think of it in businesses. Think of this is good business if I tell you that I'm going to you have privacy knobs and inform you, you know we're going to do this for you. It's about, it can be interesting a business opportunity but it is about currency at the end of the day. You are all and we are all products. And so there has to be this whole notion of how do we balance between this sort of economic exchange of us being a product and also being able to understand how information is being used and how we are being sort of sold as a product if you will. I have a very close friend and she said to me, you know Monique if I'm a product I want to be paid. I want to be paid for my stuff to be used, right? But you know that's the whole notion of I think the challenges that we are absolutely faced with today. And I always argue and always ask the question whether or not we are all in control or should we be? Or should we be? But here's the thing, if you're not in control and all of this data is pulsating somebody is gathering the data some things are gathering the data and somebody is watching you and somebody is profiling you and some entities are doing all of that and you may not be in control. And that gets into this sort of dialectic about what it is to be in a surveillance state. And it's not just about cameras in a city, it's all of this that's happening at this point in time. And you know I look at it from a macro societal perspective and I'm thinking oh wow have we seen this picture before? Have we seen this picture before and who is watching whom and how? Who is watching whom and how? And so we need to think about what it means to have ethics and humanitarian use of technology but I can start to profile you and I am. Look at AppliedMagicSauce.com. How many of you have heard of AppliedMagicSauce.com? Cambridge Analytica? Psychometrics? I can provide a psychometric actually profile of you based on your social media presence based on how you express yourself in social media. And by the way I can send it to your prospective employer. You know the other thing that could be said about, it is alleged, about Cambridge Analytica specifically is that specifically they may have been involved in the US elections. It has been alleged that Steve Bannon said this will be a technologically run election and maybe they were used. I don't know. But here's the thing. I can profile you and you don't know it. Oh by the way, this is from the economists about facial recognition. Facial recognition happening today. Every time you pass through immigration look at the camera. Right? Look at the camera. How long is that data being held? And oh by the way there are some countries starting to experiment with it. I mean even Germany had in Berlin had an actual experiment about facial recognition and they had to inform the people who traveling at this particular rail station, we're going to take pictures of yourself. And people were like no, I don't think so. And in the UK, highly, highly, highly used. Now the thing about facial recognition is it's happening and the reality is I can, this is from Stanford University, I can actually detect your sexuality in a facial recognition picture. I can actually detect what kind of diseases you have. In fact, I will detect the diseases and maybe it'll go off and maybe with your sexuality go off to your prospective employer and you don't know it. So reality today, by the way I was watching, I don't sleep last night, I was watching BBC and they were even talking about this. Talking about this. So are you in control? Another topic I wanted to say about are you in control here is in Birmingham, England, this is a true story about two years ago, you have children who are on the bus, teenagers, and what they do is it's not exactly socially acceptable behavior but they unfortunately spit on bus drivers. They spit on bus drivers, they had a problem with spitting. Well, guess what? The Birmingham police provided spit kits to the bus drivers and the DNA of those children, of those kids was actually recorded and they were actually put as or listed as anti-social. Did their parents know about it? No. No. And so how do you get that off of your record? So again, asking yourself this question of whether or not you are in control because all of this is happening as we speak. And some people will say well you know Monique, we've got terrorism that's happening today, we have this dialectic between what is safe, between how we actually have to provide, use this technology to catch terrorists, etc. But the thing is and what I'm finding as an ethical question is there is this fine line who do you trust? Do you trust central authorities? I mean this is kind of the fine line that we have to ask ourselves. And in that internet of things discussion at CERN this deficit of trust questions kept coming up. It kept coming up and somebody raised the question around blockchain, Bitcoin, the Silk Road. But you know and said you know this is this underworld black nefarious group but the thing of it is if you read about it the people who were most nefarious were the people investigating. They're the ones that actually took up, took quite a bit of the bitcoins away. Particularly in the Silk Road. And so what you have is centralized authorities. Has the internet for example been too centralized was the question that we were asking ourselves. So if we look at the implications, let me go back here. Implications to Europe. How many are you from Europe in this audience? Yay! I'm in the Schweiz. So you know what I think is interesting is that you can tell by my acts that I'm American but I've you know sort of I'm actually borderless if you think about it. Privacy is a big issue here and it's funny because my American callings kind of under what's going on that privacy is such a big issue. Well it is. I'm Germany if you think about it in Nazi Germany's the Nazis worked with what became the precursor of IBM. The Hollywood tabulator punch cards were used to have to actually take senses of the entire of the population. So they knew by ethnicity, they knew by religion where people lived and what they looked like etc. I mean where they lived where they this was a sort of this racist sense census project. So yes the strictest laws are here for the very reason of a history that goes back to that nastiness right. And so the thing of it is is that now you have to look at the general data protection regulation laws that are coming up on May 25th 2018. The laws are going to be strict. They are strict and if you're not careful whether or not you're with private companies or whatever you risk especially when we're talking about privacy engineering and privacy by design you risk being fined 25, 20 million euros at the very minimum. So you better know and better have your privacy by design and privacy engineering capabilities in place. For example if I send an email by accident to Amanda and it has a list of people being laid off that has to be reported. And by the way and she's on the list that's actually happened by the way. Her rights have been violated. So you have to kind of think about how you report that. And so yes it's a lot of information and we have to think about identity and identity theft. Oh I won't even talk about Equifax yet. But yeah I mean so these are very very strict laws. The right to be forgotten very strict. I was actually at the Facebook F8 conference. Anybody of you attend that in San Jose? So I was actually at that conference last April and people were asking about this. What about the right to be forgotten? And somebody said you know I had a colleague who said I just want to have the right to think. Right? And so this is a big issue and I think that we need to be very very concerned about it. One you know I think we need to take a look about the implications. And for those who are from Sweden I think you know about the biggest leak that happened. Actually it was 2015 not and reported most recently I believe in May. And that's when a government official decides to bypass the compliance regulations. And what they did was the Department of Transportation actually went and said I'm for cost reasons I'm going to go with this third party. Third party was IBM. IBM was not nefarious here but bypassed their national laws bypassed their compliance laws and a lot of data ended up in the hands of a third party. Including names and addresses of people, names and addresses of all kinds of folks and it resulted in government it resulted in actually people resigning from the government. That's when you trust the government this is not even about intentional data hot. So the implications are large and so the question to ask yourself is are you in control? And this brings me to what I think could be you know the opportunity for the open source community. And that is to think about the cyber bill of rights principle. Not what's happening in the United Nations or States. I think this is about community driven bill of rights and principles. That we need to seriously look at. So we think about freedom. I want to go over this because it's really really important. You know this is about the ability to share your information and communicate freely. And you can use the internet. Maybe you can. But it should be a it is the right. It's article 19. The other is transparency. And we have to and this is the whole thing I want to talk about. We have to make informed choices. Even if you're working for some of these companies you have to actually inform the people. What am I using you? Your data. And be open about it with organizations. How is it being collected? What am I using it for? And by the way. We were not lines and lines and lines and lines of legal code that my grandmother could not understand. We were talking about lawyers involved. Which is really cover your ass type of thing. Right. Safety. I can't say enough about safety. But you have to be safe and not be preyed upon. I think these are the principles I think we need to think about. This gets into all kinds of potential abuse. But it gets into another hypothetical for the lawyers who happen to be maybe in the room. If I don't like you and I use a vulnerability exploit to do nastiness to get into your house. Maybe it's through some manufacturing consumer manufacturing device. Such that it results in death. This is a true hypothetical. Who's responsible? Is it the manufacturing company that had the vulnerability? Is it the service provider that allowed me in? And the answer is you as a consumer are. Do you know that? Do you know it? So safety is really, really important. Control. Yeah. We have to have control and everybody will nod their heads affirmatively. You know, I go to my doctor in Switzerland who has control of my data, who has control of my, all of that. You do, really? How do I know that the doctor is not sending the data to the pharmaceutical, sending it for research, et cetera, et cetera? You don't. Theoretically, legally. Minimization, I think it's what's required. This goes into the privacy by engineering and privacy, engineering, engineering consequences, or privacy by design, if you will. Why are you collecting what it is you're collecting? For what purpose? And that will hit on these general data regulation protection laws. Security, I think we have to be secure. Equifax is an example. Look what has happened. 143 Americans, is it? They didn't even know. And 400,000 UK citizens did not know. And the CEO has retired. Retired. You don't know. And I think there are tremendous consequences to security and to safety. When you don't know how your data about you is being used. So, are you in control and accountability? When you do something, when you're coding, when you have, this goes to the question of governments. How accountable, how intentional, how do you define the use of what it is that you are developing to the community itself? Or to consumers? How do I know that this was created for the purpose and it's not also. The other part of ethics is who created it by whom? Off the backs of children? Off the backs of people who are slave trade traded? You know, you have to we all have to ask ourselves these questions. So this commences with the cyber bill of rights of principles that I think I strongly believe this community can really gravitate toward knowing what I'm knowing about this community. So I believe we are so close when we talk about privacy, surveillance state, open source and transparency. You know, I want things to be transparent on one hand, right? Truly want to be. I want to know how things and stuff about me is being used. But on the other hand, I think and I believe this is the part that fits very well in sort of this puzzle. I believe the open source community can do, can really do this type of thing in terms of providing that level of transparency and asking the question about privacy and privacy knobs, right? Because the stakes are high if you don't and it's called a surveillance state. And the interesting things about the surveillance state is that as I've stated before we're working along and going along this type of path. The technology is so great. I think somebody called it I have weapons of mass empowerment versus weapons of mass destruction. So great! How do you know that little spider in your room is not a spider and not a drone that I sent because I don't like you? It exists. And by the way why am I checking for liquid in your backpack when you go to a football game when I can buy a drone that could spray you with all kinds of nastiness? That exists the capabilities. So there is a really great book by the way called The Future of Violence. It's a great book for you all to have taken long plane rides. Superbook to read. It's very provocative but it just tells you this stuff exists. And so the surveillance state is something we have to be cognizant. And I think for those who are Europe and in the United States you can see what's happening with the rise of populist movements. Right? This rise of populist movements and although I live in Switzerland you know a quarter of the population is foreign. It's 8.2 million people and people are still talking about Was is Schweitzer's design? What does it mean to be Swiss? What does Swiss mean etc. And maybe history repates itself maybe the stakes are so high but it's incumbent upon all of us to actually take notes of this reality. We need to think about as I talked about the principles and talked about how the stakes are so high we need to think about what is our core values? What are we going to gravitate to as core values as a community? As a developer community? A community that really can do and really is doing great work but even when we talk about a cyber bill of rights this universal standards we are going to all adhere to the common principles that we are going to look at issues of data privacy and by the way, as I stated before we really need to we want to protect we absolutely want to protect our community and we want to protect individuals because of what's happening with privacy and privacy by design and here's where I think it becomes very interesting to have some ideas about it but it would be really interesting to hear from you is could you think about having a pledge and defining badges kind of tiered badges on adherence to those principles by organizations and or companies and maybe it's a bronze or maybe it's a silver or maybe it's a gold type of badge to think about how we develop it and I think again from a modest upper-end or a way that we work all together you could have all kinds of personal attributes you can define them define them about for those children who probably aren't aware of what's happening and yet they are usually the sources of being cyber bullied and cyber stocked what kind of identity scrambler capability would we be taking in concern as developers how do you revoke information rights especially if a company or an organization are not adhering to the principles it's not about shaming an organization maybe some people could say it's shaming an organization but it's actually making them aware here's your assessment and this is perhaps what an assessment readout could possibly look like from our perspective and data data tagging I mean I think it's interesting about the data tagging I tag you you tag me we tag the thing about glasses how do you know I'm wearing glasses that are prescription and not just tagging you you don't but they are prescription and I'm not tagging you so the thing about the it becomes this opportunity for the community to think about what is an audible chain of trust custody where you do look at the accountability explore the accountability for the individual you make that individual you make all of us back the center of this universe and you provide transparency on how and what is being used about me and communicated to me across maybe multiple providers it's not an easy problem but if it were you know I wouldn't be here you know talking about it because it's really really tough because you've got this dialectic between what is good business and you've got this dialectic between you know sort of this freedom expression libertarian point of view and we have to think about and then of course you've got this hovering big brother sort of dystopian view of somebody is watching you and I'm watching you etc so badges of honor could look like this I mean I don't know something the community can decide and think about and collectively look at but it becomes this sort of a bill of rights right and you can think about working with organizations like trust arc or trustee and the international association of privacy professionals they exist and I think it's a great way as a certifying body for sponsorship I think this is really really interesting because we you know this is all about why am I collecting things about you data about you even if it's pseudonymous anonymous what does that look like and I think that this becomes a very cool opportunity for us and I don't think the United Nations is the place to do this I think if anything it's probably broken I think this is the community to do it and I strongly believe that we all can create the future we want to have together not the one we want to avoid and I really call upon all of you to do exactly that as the originators at a community level for cyber cyber bill of rights to Dono thank you I feel terribly at Baltimore and introducing myself my name is David I'm here to ask some questions so that out of the way I asked a similar question to a keynote in Baltimore and I think the question is just as valid here I think there's a lot of feeling at least in the community at the individual level that I just built the tools I can't be held responsible if they're used for good or ill you know what's my responsibility if I'm just building a tool right this goes to probably the whole question about what does governance look like I just built a tool as a let me paraphrase Einstein I was just looking at atomic energy I didn't know there was going to be an atomic bomb right and I mean that because and I don't want to put fun at it I think it's all asking ourselves the question about I'm building this tool for what purpose and communicate that accordingly another question my company or a company or actually quite honestly a number of companies in the Drupal space already have gone into some degree either with partner organizations or built systems themselves things to do things like user segmentation targeting and profile building whether implicitly or explicitly if your chips are already on the table on one side what's your responsibility there the responsibility goes to what I pointed out earlier and that is communicate what it is you're doing with the consumers or with the people that you are you know who are your customers what it is I'm going to be doing why am I collecting data this is for what purpose and at least the consumer or I or you can actually opt in or opt out so you mentioned the Libertarian streak in tech and I kind of want to follow up on that I live in San Francisco I'm surrounded by a certain mindset that's very shall we say intentional in bucking the rules if rules even exist right and there's this notion that the internet will route around all obstacles be their laws or rules or or existing businesses how effective can something like this be if there's always somebody looking to quote unquote disrupt it you know if you're talking about so bucking rules there you go back to this tension between I want to make money you know I want to go to the market I will argue that the stakes are higher as I've stated before today than ever before I mean it can bring down companies if you're not careful and it has it has I think it's more that than anything else it is also about you know effectively communicating I go back to intentionality of what it is you built and why and for what purpose and yes I'm going to talk about purposeful based business stakeholder versus shareholder value is probably another kind of interesting viewpoint here it has been stated that 91% of consumers will switch brands even if it's the same kind of brand even if it's the same kind of cost if they know it's purposeful it's not made of you know there is they may pay a higher price too if they know that it's got some values that they gravitate towards and I think being transparent about that is really really key it's becoming more key now than ever before if that makes sense this is a little more on a personal when I started coming to Drupal cons we had keynotes that were talking about how the web and the internet were going to change the world to this incredible positive utopia and empower and uplift mass segments of people and now 11 years later we're having keynotes now about how these things we've built are now cogs in the great wheel that threatens to crush us all so how has technology changed has it always been there or has something in society changed to inform this new perspective I think I think it's more let's go back to the internet was a DARPA experiment if you think about it out of the United States Defense Department that's a reality so if I talk to somebody from the Russian Federation they're going that's a defense thing so you start looking at oh my god you start thinking about what's happening one of the lovely things about the internet that I will because I'm very very strong proponent of it is where I think it's me we have to be very careful it was all about this it's always about implicit based trust protocols were built so that nobody ever viewed the internet as something that was going to be at least talking to the originators of people who helped create it that it was going to be commercialized in such a way we're just building so many things on top of it that's going to be my argument a technical solution to a technical problem it's more now it gets into a higher level problem about what role do governing institutions play and this gets into this whole language of multi-stakeholder the internet should not be regulated that's a long discussion but it absolutely should not be and so that's one side of the house the other side of the house is we build these wonderful tools it's always been the case we build these wonderful tools now we have to take a step back and say okay we've built these wonderful tools what is the potential for abuse the potential for abuse has always been there but now higher I would say amplifying that question more so than ever before because as I said before the stakes are really high I was talking with some people from the cyberpunk community and last week it was really interesting what they were talking about autonomous systems the cyberpunk community one of the questions that they asked was what about these autonomous cars this was kind of tangentially off but what about these autonomous cars and what happens if I just hack into it and I create an accident and death right so there we're asking questions about responsibility at the cyber with some of the colleagues that I have spoken with the cyberpunk community they're asking the questions so should we that actually reminds me my wife is an attorney and she constantly asks these questions she's an appliance attorney so she's asking well if something goes wrong because she's always wondering if something goes wrong who's at fault because you know I have a more say rosy view of the future and hers is like oh my god who's on the hook for this when something goes awry when inevitably well but I don't have a dystopian view it's more of a responsible view and I think it's all of this dark stuff it's just to be cognizant of what it is we're doing at this point in time and I think that's more and I think it's interesting you're married to a lawyer so she probably does read all of it and I bet she has some probably inputs as to what should be done to make it even more simple than a three year old or my own grandparent can read or something because people don't know I mean I have a friend whose grandmother whose mother is uses social media I mean she's she said my mother's like in her mid eighties and all of a sudden somebody friended her and she really knew about what it is she did years ago and she said how did that happen I don't even know this person and of course it was like mom you're all over the social media so last question then to sort of tail on all of that as an individual then as a many of us here are not I would say the majority of us here are not empowered in a way to make sweeping decisions about their company or the organization they work with or sometimes even the software within Drupal how does one as a lowly individual contributor help or progress this forward ask the questions I mean you know this is sort of like you know I know how it is working having worked for big company etc I know that dialectic very well and I don't think any of you are sort of low individual contributors I think you have more to think and I think it's more asking sort of these tough questions about hey look you know there's a we what is for example our company's position on this what should we be thinking about I mean I think that's those are reasonable questions to ask the other thing is at a CEO I'll just say the CEO level for some of these companies one of the things that I'm noticing is that CEOs now are asking for more of an assessment report card on some of these issues and take it at the board level whether it's a vulnerability assessment whether it's a vulnerability private assessment privacy assessment and they want to I know one of one company in London want to actually make sure that it's part of the quote unquote DNA of the entire organization so that it's not left to just the privacy group of an organization or a security group of an organization but it's actually and they're looking at it for they're checking all the time on these vulnerability assessments every month so I think it's more that than speak up and be part of that and say ask questions what are we doing with vulnerability privacy assessments at our company level we should be doing that I mean if not you have so much talent and that's why I'm going with this collective community cyber bill of rights because I think it has to start here I don't think it has to start over there we already see that right I think it has to start in this community so think about if I if I've answered your question push back on me on that no I think that's great thank you so much thank you thank you