So this morning we are talking about to hack government technologist as policy makers i am Ñ consul tony, currently the chief technologist of the FTC. You might know me from my working with the Washington journal or with the Washington post. I was one of the reporters that worked on the Snowden documents that brought you that smiley face, and I'm Carol McÑ-Ñ IÕm a commissioner with the federal trade commission. And I'm an attorneys not a technologist and I have been in the policy space for a long time at both I FTC, white house and the DOJ. as you can probably tell by the difference in these pictures, IÕm the type of person that rely relies technologist like ÑÑÑ to help me do my job which is a little bit about what were gonna talk about today, just a word about the disclaimer that's at the bottom of this slide. Both Ashkan and I work for the federal commission. And so do a lot of people. i actually have 4 other colleagues who are also commissioners and They don't always agree with everything we say, so we are talking here about our experiences and were speaking here individually and not on behalf of the whole entire trade commission, or the government. >> So this talk we are going to talk about what the tech policy. on of the great debates right now, and why do technologist, you and the audience, why do you guys matter? this talk isntÉ its not a tech talk. We are not dropping any other days. kinda have some vulnerabilities, but theyre of the human kind, theyre people and process. >> just to start >> does it work? >> video playing so this senator Ted Stevens and his relatively famous quote during the 2006 technicality debate where in hes saying that the ÑÑÑÑÑ infrastructure of the internet, and uuuhm we included it just because it sort of underscores the message, because that people who make laws who make policies do need to have technical experts that help them understand the technology that they are empassing, and to be fair he wasnÕt totally wrong, right it was kind ÑÑÑ, more ÑÑÑÑ than ÑÑÑÑ for example, not bad right? and so there are number of policies that have been hotly debated in DC right now, this was kind of a word cloud in many of them, privacy, data security, crossword or data flows, the right to be forgotten, wassenaar, computer fraud and abuse act, which you guys are probably in admittedly familiar with, there is cyber security legislation that is currently on the floor, the senate, computer breach and data security, tons of debates, and uummm and uuuhh video playing: but i wanna start here in the FTC, because everyday, you take the lead by making sure that the americans, their hard earned money, and their privacy are protected, especially when they go online, and these days thats pretty much for everything, managing our bank accounts, paying our bills, handling everything form medical records, to movie tickets, controlling our homes smart houses, from smart phones, secret service does not let me do that, but i know other people do. so this is president Obama, actually at the trade commission, earlier this year talking alot about the tech policy issues the we at the trade commission spend alot of time on, consumer data privacy, data security, the internet of things, uuhhm, this was actually really memorable to the FTC, President Obama is actually the first president since President Roosevelt to Visit the trade commission. They think it really underscore how important alot of these technology policy debates are right now and how they risen up literally to the highest level of the government. just to note also, i think its important to explain that At the trade commission we protect consumers and we are focused on the practices on the private sector that are impacting them so that's what where he going to focus on in this talk today. We are talking about consumer privacy im talking about privacy as it relates at the commercial space. We are not part of the government that gathers information about people and thing like that, thats a different debate, thats an important debate, but were gonna stay out of it for now because that is not th e FTC jurisdiction, >> Which it an important point that you guys all know which is that is nearly every part of the society has some technological component? nearly everything we do is online of technically mediated by an app or computer of some sort, thats the part where we come in to play, We come in as technologist. >> just to level up, theres a kind of an Alphabet soup of laws that protects the data consumer and privacy in the US, sometimes we refer to this as sector base approach and this is just a slide that runs through many of those laws. That we protect children under 13 and cafA. we have special Protection about financial information and health information for some kind of student records. We have obviously privacy protection from the telecommunication act as well, that the jurisdiction of the FTC so in several state laws as well. So that's the kind of landscape that we are operating in and the kind of protections thats are out there and we also have the FTC. >> and of the things we have to think about is, for the most part there are not a lot of restrictions for companiesÉ uuhm what information companies can gather. or what consumer data practices protection in law, We have the patchwork as Carol said, the laws and regulation that achieve that effect, but there is not specifically prohibiting companies from gathering information for example. >> So the FTC how does it fit into this space. It was created on 1914 by president Wilson, thats him on the left, it was part of a policy debate that was focus on trying to combat the economic power of the trust just like on the cartoon of standard oil and that stuff so is created because there was a lot of concern about the power that these trust had in our economy and that was a 100 years ago, but it was given in a relatively broad authority to protect consumers from unfair deceptive act of practices and that's the next slide. >> And as Carol said, you can think of us as the white hats of the government. Where he here to protect consumers. were here to promote good practices of companies Get them to fix their shit when is broken, were kind of uuuhmÉ As far as government goes on the consumer side of things. >> So as the authority that we have we use essentially in a number of ways and were gonna spen a little time talking about that today, mostly to check to make sure that privacy promises that are made to consumers are being actually being ÑÑ to at hear too and that consumers are protected from unfair practices especially when it comes to securing their data. >> and unfair, it took me alot of guess, but unfair doesnt mean, you know ÒHey that's unfair, theres a specific legal definition of unfairness and as Ñ Ñ Ñ law, it is really important to understand that definition as we try to highlight practicing that might be problematic. There is restriction like it cant be offset by available benefits, theres likelihood to cause injure or harm in some way. And so I'll let Carol explain more about the law. video playing: i dont know anything about this, maybe you know something about this it has to do with federal trade commission and apparently theres a product being marketed in the united states, it was caffeine laced undergarments, the idea is that the caffeine in the undergarments is that the wearer could lose weights and and have less cellulites, by putting caffeine in your underpants. >> That seems like a really a cool idea, it turns out that this product donÕt actually work which is a bummer. and we, uuuhm, literally right? We at the FTC protect consumer from a bunch of products or marketing claims that dont do what they claim they do, right? That's a really low tactic and we also so we do that's like our bread and butter but we also do a lot of high tech products as well. >> It was just undergarmentsÉ under pants. Consumers in 1914 were adopting technologies like the phone and rails in fact one of our first cases was against this company that produces a calculation machine and brought a case that it did not due the claims. And then we have understanding what a calculating machine, what the capability were and what claims they were making and understanding the technology underlying their claims. And it has always been a part of our work. we in the 60s or 70s would build systems to automatically test tar contents in cigarettes. So this was a parallel smoking machine that would inhale cigarettes and measure the ingredients, it became the FTC method. and then again were building technology to measure things. like if you folks remember, Like the droid army that would measure the vulnerable libraries and multiple android devices in parallel, these are the types of things that weve always been engaged with to help measure and contrast and understand practices and particular spaces. >> So the FTC at 100 is increasingly engage at looking at technology and high-tech products. This gives a sense of some of the cases involving huge tech companies in the last five years and sometimes the FTC is refer to the federal technology commission beacuse of our goal, increasingly looking at these the practices of these companies as it relates to in fact that they are having on consumers especially their privacy and their data security. >> were gonna step through these cases, but to start -- >> To start one important thing and weve been talking about it a little bit, We have the ability to try to make sure people are marketing their products fairly to consumer and deceiving them. So this case actually is current in litigation and here the issue is does an unlimited plan that is throttled is that actually unlimited. And our allegation in this case is that its deceptive to consumers to say that they have an unlimited plan if in fact theyre gonna be throttled over certain threshold. right in here we have to understand like how network routing works, whats is congestion based throttling vs network management, >> You know. For example SS 7 and weird networking and GSM protocols. that you knowÉ Some people now in this know that obscure technical underpinnings of old telco uuuuhhh, Telco systems, so in order to bring this case so companies will bring argument and they would say that this is how it needs to be managed and we would say for example if youre capping people with 5gbs regardless of network congestion, that might not be congestion throttling and so it becomes the core elements of our case. >>the privacy promises, this is a big piece of what we do on the enforcement side, >> The reason we are spending a little time talking ability the FDC enforcement is that enforcement is actually one of the strongest tools that we have in our tool box to help shape policy and practices in the private sector. Google bus for example this case involves a broken pipe as they promised which is that Google made to gmail users, about how they use gmail information and wether they would use that in the way that different than the Gmail user expected so it is relatively important because we allege that in fact that the Gmail user couldnt avoid, or couldnt have anticipated user buzz and didnt have adequate notice to be able to opt you out. >> Once the settlement is reach the company is often put under order, for example google is under order for 20 yrs, To maintain that privacy policies, that privacy promises in fact has regular privacy assessment and we then use that authority to later bring other enforcement action. So you may recall Google was also found circumventing Safari browser settings basically responding safari cookies. And then we later brought in enforcement actions with monetary penalties once under order. >> Similarly, for facebook, you know the facebook case again we took at a hard look at whether representation of facebook had made to users about how they could restrict their information were actually true, and determine that they want and brought case there, this is also pretty important because we look at how retroactive change to how users information was handled, actually was deceptive to uncertain consumers, and so we looked at a change in policy and try to hold Facebook accountable for the promises they have made. >> This was one of my first cases as staff technologist at the tim in 2010. There was a lot of technical work that needed to be done. We allege that Facebook apps will have access to more information than what users were told, so you could restrict your information sharing to private. for example via facebook settings but as a person in the audience know, via the facebook API, you could pull alot of information, you can pull whatever information the user had set, so we have to do things like understanding the IPI run App so demonstrate, or wrie apps that demonstrate and verify our claims. There was a claim regarding deletion of photos there is need to understand how CDN works, when you delete your photo on facebook, if you deep link to that photo it is still available in the cache network because they didnt delete the photo off their CDN. There was another case to sharing information and folks here know how advertiser gets information via refer headers, so facebook claim that they wouldnÕt share your information with advertisers but in fact, your facebook ID and the page your on would be stn will sent to advertisers embedded embedded on the facebook page because they didnt properly ÑÑÑ the advertisement, etcÉ so a lot of the case legal finding so we had technically demonstrate what our claims were with regards with information sharing. >> If I can just underscore that per second, I'm a lawyer not a computer scientist. Half the time I might understand what the terminologist that Ashkan is using. but when i can work with a technologist who does, they explain it clearly, then it helps inform our mission, But core part of why this partnership is so important, no me, so this is a relatively users case again about privacy promises, this is a company whose technology that allows their clients, the retailers, to track to check users as they are coming in and out of their retail location and then we brought a case here because the company says user's consumers will have the option opt out in retail location, that was using the technology. that they will have notice in the retail location using the technology, neither which were happening so we brought a case saying that was deceptive. >> Do you know what this? the retail tracking? Promise no Wi-Fi sniffing, retailers malls, will install essentially access points that are passively moldering for wifi and GSM beacons and they will track you whether you return or where you walk through the mall and there was a lot of technical claims a lot of the companies in the space argue that the information is anonymous the collect uuhhm for example they may mac addresses but they use quick graphic to anonymize the mac addresses and in fact if you guys know they are hashing the mac addresses with known hashes often time is 6 byte mac address, and the first part is the manufacture code so the space required to actually boot all of the hashes is quite small where its actually 2-30th and you can do on the regular laptop or you can download it ÑÑ Ñ Ñ or a lot of the argument was when companies make claim that this information is anonymize would demonstrate it is not. its right there, the current status is closed, you can reverse the hash, or you can go back to the mac address, Similar regards to claims about notice, companies that make claims like the tracking only occur within the mall but as you all know Wi-Fi signal can trigger pass walls so visitors at store next door will have this location tracking technology. So informing the pros and cons and the pitfalls were critical to bringing this case. This can where we, the community can really contribute. >> Finally snap chat, this is a case that's ongoing every effort to make sure that after being marketed truthfully to consumers and then this case we allege it was deceptive said this claims that messages would disappear forever when it fact was actually easy to capture them. we also had uuhm, carefully with data security and practices and some of the other practices, have been found that the claims they made are also similarly misleading, this is another case where folks in this community there was a talk in 2013 about ephemeral app and how they were in fact not ephemeral. This is an area where this community has contribute quite a lot, and researched and demonstrating that when companies make privacy and security claims, of course its something we want, We want privacy in apps, but when its not true. It actually harms consumers if you can snap chat some sensitive of some one and they can easily scrape that information, consumers are effectively harmed they are proceeding and sending these photos under the assumption of trust. so in addition to kinda deceptive claims we also bring enforcive actions to companies that fail to meet reasonable security practices. So one of the cases that I work on was HTC. If folks remember that they have this ÑÑÑÑÑ this carrier IQ which was kind of a telemetry app inside multiple smart phones, the carrier would essentially get the OEM to load this this kind of logging in feature to help understand how people use the phone or monitor the devices. So in this case carrier IQ, HTC integrated the carrier IQ sytem, as well as their log ÑÑÑÑ in a way that somehow broke the android permission module, they allowed unsigned code, the damon was using a IAMF user bound to all their interfaces and any other app could also pull all the information from the damon, they enable debug options, in the production code so it was logging all sorts of things like key presses and SMS So here we make the case by this point of of investigation that by not having not proper procedure of reviewing code or by testing and doing code signing. They were not essentially maintaining reasonable practices, they broke the android permission model wand would effectively leak other information to other app. >> And just a word about these security cases. weve been talking before about private cases that sort of involve deception or promises made that isnt kept, In security cases we also use our authority to bring them. Which means we talked about this in the beginning, that we are looking at whether consumers are can avoid the harm to them and whether they're in fact sort of the way we look at it in the security context that leads us to, excuse me, the practices that are being used by the company be reasonable. We don't believe in such a thing like perfect security but what we do search to enforce here is reasonable security in place to protect the consumer data,that the company has and that's where the technologist are vital to our mission. Understanding the practice and procedure that are in place. >> This is another case where multiple apps, like fandango the ticketing app and credit karma an app that you can pull your credit score were such not validating and allowing SSL middle attack feeding the whole purpose over SSL so we brought a case against them by breaking certain validation they were not engaging and reasonable security practices. >> And these cases also involve deception element as well. So promising you're securing something when you are not can be deceptive. >> One of the resent cases. Trinet, which is a, IOT camera. this was probably one of out IOT cases, It was a web cam that allowed users to advertise to monitor your baby can be used in banking environments. It was a security camera. Expect the security functionality allows any user, that it can pull the IP address of the camera to pull the video feed even if the user had marked the video as private and this is one of these case where again the understanding for example how to connect the network, this was a really easy one. You can redirect to the camera but some of the newer cams for example bad default or the way they do port negotiation will allow any pull any videos from number of cameras, without even needing to the admin interface and so these IOT case were really interesting for us, to were kinda understand There has been a number of talks here informing some odf the problems in IOT, and i think this is a critical area for us >> Just a word about the harm in this case. Is obvious if the harm is credit card information and financial information and that kind of thing. Here the harm is exposing video feeds from people's home to public internet. And we think that's a violation of privacy that is deeply harmful. >> In the case there were example state of undress and engage in sexual activity which we would argue as harmful. if an attacker can review that and punch an IP address And watch that feed and in the last case we'll talk about is the Case of designer wear. it was an older case, I did not work on this case but essentially, I'm sorry the nudity was in this case not in the other case this was essentially a rag, So the designer wear made software that allowed rent to own companies, to monitor devices that they rented to consumers so the software can be enabled to monitor keystrokes, take screen shots every 2 mins, take web camera shots every 2 minutes and no notice to consumer so we argue that was an unreasonable practice. In some cases photo of children,individual not in clothes and couple engage in sexual activity were captured by this software, this was on people that were late on their payment. And would capture this data without the users knowing. >> So again unfair and deceptive is harmful to consumers because its exposing them to things they cannot avoid and theyre not aware of and they're really very vulnerable as fi your computer is turning on and taking screen shots sort of like Mr.Robot. >> So this is just we just cover a few of our cases but there are tons that are very technical. We brought cases against companies using flash cookies browser setting, and privacy controls, we recently had a mobile app that have a bitcoin miner enabled in it that would have essentially would use your phone to mine bitcoins when you are not using the phone, weve brough cases against companies that uses CSS history sniffing, whic is again an academic paper which then inform us of this practice and verify and demonstrated the problem ourselves but then we have a technical concept and the we have a number of concept of dat security, But in addition to enforcement. >> So we have been talking ability our big stick our enforcement cases and there is a bunch more of them. So we can provide that information and is on your web site but we also shape policy and the public policy debates in a variety of other ways, . We can be workshops, very focus on the internet over things. We think the invasion and potential in this phase terrific for consumers but as a bunch of folks in this room know and as waht is demonstrated through out defcon this year and last year, there are lot of potential vulnerabilities in these products. So we look carefully at that. Data discrimination. Fitness and health wearables, and chemical passes there that are affecting consumers if you are generating your own health information and sharing it is not HIPPA protect and had a lot of people may totally not understand how that information being shared. >> Also we are doing a workshop in NOvember on cross device tracking, do you folks know what this is? advertisers want to know when you see an add on your mobile beside. and you later purchase it on your device or your computer, That are you the same user and contribute the same user or impression, but the technology behind is interesting so we are having a workshop to discuss some of the concerns and some of the consuming notice and functionalities , for example the technology work to either log in services, so you can be logged in to one of the biggest companies like google, facebook and twitter, there able to know are you the same user but for good portion of the practice a lot of companies will try to behave that model that two devices are related. You might have a burner phone and your regular phone and try to keep those at the technology separate, but in fact the technology will try to fingerprint and then identify that the same phone, are connecting to the same location or maybe they visited the same websites, and is using browser fingerprinting or some sort of behavior correlation or statistical correlation. One of the more interesting Technology for example. is something that might resonate in the bad bios card, One company might use audio beacons, subsonic audio beacons, that we can't hear but one phone, the add library in one phone will admit these calls, and add library in the other phones will pick up that these two phones are in the same proximity and that these two phones are within each other and then they will link that together and thats the current practice We want to learn more about. >> So we also put out material, really excited about our start with security initiative. We are going to be doing workshops around the country starting in the fall. So weve already released what we call start with security its on our website. If this is your field I encourage you to look at it. Is based on more than 50 cases brought on this case and really and get into sort of lessons learned, best practices that were drawing from our enforcement efforts. >> So one is happening September 9 and the other September 5 in Austin. We are trying to bring star ups and researching like yourself and others together to how can we think ability security from the gecko, how can we prioritize and what are those practices, And also have a tech FTC blog. It highlights some of the technical concerns in the space. Is very much inform by this community. Technical lawyers of the FTC there are few. This is a blog post on how to access API security. so theres a bunch of load that we were actually trying to hit up, What should be best practices. Is informing by the work you all do as well. >> We have excited to use the American compete app to run contests to harness the technical know how of this community and others, so this week weve actually beem running humanity strikes back contest which brings new tool to block robocalls is and report them into a crowd source honeypots. pretty excited on our efforts, Built on our effort here last year zapping rachel, Rachel is that annoying customer service, does anyone know rachel from customer service? this is actually important to us because we actually get about 170,000/ complaints month about robot calls. From people who are on the do not call list S. really hard for us to try to enforce our law and protect people from these really annoying call and we are trying to develop new tools and harness new technology not only to help us with our enforcement effort but also give consumers new tools. >> And the contest will be announce today at 2 here in the award and this is a very good example of the need to have harmony between technology and law and lot that has happened in policy is the lawyers, are like, technology will fix it. Someone should make a law against that. But in fact you need the 2 working together. So we have the do not call list but robo calls can jump of PDXs and make calls from any numbers and hard to send a reputation. So what are some other tools we can employee to protect consumers or in act they do not call mission? which is to protect consumers from robocall, We also have im happy to announce we are kicking off an office of technology research. this is essentially an in house research group that puts together some interns that manage to wake up at 10? And they're doing ongoing kind of proactive research into emerging technologies. so were block boxing things So were looking at vulnerabilities things, were looking at data issues, data discrimination. some of the topics that personal to me, the Internet of things Obviously connected cars which is a hot issue. ansd this idea of algorithmic trasparency And by that I mean so passwords that help highlight companies charging different prices to different people based on your ZIP code or refer headers or what cookies you might have, on way i like to save the message home how many of you guys use a mapping software? Almost earn. But how many actually know whether you're being serve the best routs. So we assume the system is routing us on based on shortest distance or traffic or congestion, but how do yo know its now routing you in front of a store front or a billboard the company seeing you as a kick back for. We don't have a way to look into those problems Currently and know what the bias and in hand and so driving might is one factor but there is issues in regards to discrimination and gender bias and a lot of problematic areas in society that algorithms can help be there directly or inadvertently contribute to bad practices or bias practices so that's an area I'm very interesting in. >> A word about this. OTRI office, I think is really important. And in fact Ashkan rules and the rule of technologist in the FTC what we see is the urgent need to protect the consumers in an increasingly wired and connected world, we need to to have our own technologist helping us form out law enforcement and policy making mission, and so were expanding the role of where the technologist are playing and i think its vitally important so we can understand what is happening in the market place and keep up in the very exciting and innovative way >> We hug like this RTC. This is what we're doing now. But there is a ton. >> FTC rocks. >> That's true, but there is a ton of other technical debates that are boing on DC that a lot of us are not engage on but are important to technology but they are inf act critically important to tachnology and require a deeper understanding on technology, so data security, exploit controls, So we talked about of the drones. >> Student privacy, patents, facial recognition controls, These are all really important tech policy debates. The FTC applies as role on them. And so do alot of other govt agencies, and so is Congress and we are here to make a plug for you to bring your technical knowhow into that debate and we think having technologist at the table and is absolutely vital. >> and so this is call of duty, and this is fun, but this is another call of duty,this is actually alot more fun, turning a bunch of high powered policy makers, taht their understanding that world is completely wrong, is really great actually ive donr it a few times. but its also critical. So otherwise if we are not engage in these debates if we are not trying to enforce and what the policy impact of the laws that will be propose. Then people that dont have any technical background or brag about the fact they don't use e-mail or have a flip phone. in congress there a flip phonem and i dont wanna pick on particular members But there are people that say we dont need to know about technology that we make the right law, we think the internet should work like this and we think technology should work like this. And if we don't engage ask enforce this debate, other people that make that laws that affect us without any understanding of the underlying technical impact. And so. >> So I may take raise, in case you missed it, we need your help. Your work has a lot has allot of impact on what we do. we want you to come and help us, weve been talking about some of the formal ways to engage, but i also wanna make a plug in for whats coming in for having a brown bag and talking to us about your research, we do that regular at the FTC and is really helpful. >> So if you want to contact us, FTC dot net is my blog. ÑÑÑÑÑÑ If you have coming to DC and want to give a presentation shoot me a line. Check out the office of technology research, OTRI we are hiring we are trying to bring in white hat research and research coordinators people to do server as much in house, office of technology research. So e-mail me or check out the USA job posting under FTC. Horrible web site so you might just want to e-mail me. So you can come work, I want to argue is not the most glamorous job but is a bunch of constraints but again its tour of duty just 1 or 2 year and help work on some of these issue and help do research and yo get to work on really fun stuff. You can poke apart on any technology and make policy recommendations in addition to poking up pipes, you can actually suggest that, you know what this is how things should work, you can make suggestion of how to make policies and how companies should implement or just ideas. You can create solutions to these problems. Is really fun. Even though its govt and your friends will make fun of you. and call you a fed >>.so that sour talk, So we have few minutes for question. im happy to take questions. im also happy to talk about a few tricks on what I found regard to policymakers so is not always, I think is lot of it is being able to communicate things. Not that we adopt do a good job on. But engage policymakers so I'm happy. There is going to be a mic if anybody has a question. So right here, fourth row. >> Thank you for coming. One thing in blocks in consumer practices is how demonster privacy harm -- where is in the enforcement action the commission doesn't have though show harm to the consumer. I was wonder if you can talk to them to actually show arm to themselves. >> This is a really important question. We continue to use our authority to try to make promise policy that is being made adhere to. We really look at the kinds of information that are expose and data security cases and look very carefully at the proms and commits that were made and whether they were adhere to railroad people were misled. >> There is current some -- to provide those laws but a right now. A lot of the issues -- clearly and consumers understand. With the exception if you with demonstrate farm they get to -- harm -- they get to do that and that might change over time as peoples understanding and is impact. Changes but right now you know a lot of our authority is face on unfair and deceive which we are trying to use to protect consumers but the laws are different than they are in Europe for example. >> What happens to the companies when they are found in violation? >> We general consent order to have the company under 20 year order. They contain these two years -- so as a part of that process -- we can hold them and have actually done that. >> And we can say stop doing that that's bad or find them as well depending on the type of issues. We can say if -- people that scam your grandmother out of her saving we go after those companies and shut them down. >> We can get consumers money back. So in our cramming cases for example in justice for kids we are misleading we got hundreds and millions of dollar for consumer that goes back to the consumer as redress which means in the mail with a check. >> Can you detail the process of what happens when a tech policy law comes in like the TTP CISA. When a policymaker is more lead how are they getting that technical information -- Congress really CS and in. >> Oftentimes this goes into some of the points I made. They don't know when they don't know and they don't care and even though these are important issues. So we are starving children and whatever else. So to make this stuff kind of tractable or important you can highlight those critical points and you have to make sure the point is being made. People have demonstrate that it is in fact an issue and people have to concern audio safety. And so. >> Can I jump in as a nontechnical policymaker? I think when you are talking to us med fore matter, pictures are good. So have you back up a little bit and sort of speak plain English, use picture and diagram and try make real right at the beginning and then get technical. >> So don't assume that your -- knows what the hell are you talking ability. In the same you guys saw those a -- don assume the people are you talking to know what this is. You have to find always back and go forward. >> And don't make us feel dumb for not knowing. >> Metaphors are really powerful tools. You with help someone understanding the concept but it has to be intact so as you say is more like a phone call then a postal mail, as you start if the thing is going forward then maybe is not like a phone call maybe is caps so you have pick a med fore that's maintains but it helps allot to do homework on what the law is on the previous med fore. So there is a law regarding phone call and wiretapping so if you understand those laws you can use the med fore in a way that -- I have den -- realize that again people have limited time. What the turning point that this decision hedges on. First focus on that just that piece and then expand because you need to hit home with the one piece otherwise you'll -- a lot of what happen there and I feel bad because we con -- technical conversation. For saying some wrong so is a lot of this communities work to say, these are important issues, here I'll help you understand. You are not dumb for understanding. Just as the same way are you not dumb for not understanding. So we have to talk same level of respect in people. >> Hi. I wanted to take this personal attract. But I -- for disclosure. I assume that you were you know going through -- when you receive your FCFDC so however -- Terrel. As a commissioner you are -- right? So at least you have a perceived alliance that would allow you that people would think you would make decision. Prioritizing what to investigate and so forth based on whoever appointed you. Even Ashkan -- opinions that you don't fully agree where you want to take. >> Whether I'm going to fire Ashkan? Not just to be clear. So I think the point is really cool one actually because you're talking about a little bit how our government works which is that people who are politics hacks. Well. People who have politic are deeply engaged in making very important policy choices. And hopefully we have using experts to help us do that. I'm definitely politic I'm appointed by president Obama. -- 2 republicans, 2 democrats and chair who appointed by - so there's no question there is a divide there -- that's politic and part son and that does reflect. We don't always agree. For example 2 of agree and 3 of us don't and we try to explain where the differences are but all of us are really committed. Also we use economic expert, technical experts -- jump in, this is actually so there is politic agenda and this is how government works. You cannot under estimate the power of proof. >> If you can use signs to prove a point. Then the politicians or the people with an agenda have to ignore you but height lighting -- of the world -- even if a state of the security. Like nobodies want to get pop in Congress that's the worst thing for them. So you might find by highlighting and working with the press or people to highlight you can cut through that politic pull shit. >> That's our time. >> Thank you for coming out and getting up early [ APPLAUSE ]