00:00:00.267-->00:00:05.205
>>Thank you everyone for coming,
thanks for coming to the ask EFF
panel. We are so glad to see so

00:00:05.205-->00:00:09.810
many of you people here today.
Uh This is going to be a uh kind
of a lightning round. We have

00:00:09.810-->00:00:15.582
about 30 mins in here, and with
the transition in here we have
about 20mins for questions. SO

00:00:15.582-->00:00:22.055
we are going to do very brief
introductions and then we will
look forward to answering your

00:00:22.055-->00:00:26.460
questions. Brief word of warning
as many of you will know, one of
the things we do is give legal

00:00:26.460-->00:00:28.462
advice to people who are in need
of from this community. This is
not a place for those questions,

00:00:28.462-->00:00:30.464
you want to have those in
private conversations with the
uh with the privilege attaching,

00:00:30.464-->00:00:32.466
this is the place for more of
your general questions on some
of our work and policy

00:00:32.466-->00:00:37.471
initiatives. Um so while you are
thinking of the great questions
to ask I will start with the

00:00:45.245-->00:00:50.584
introductions. My name is Kurt
Opsahl, I am the general council
of the Electronic frontier

00:00:50.584-->00:00:55.956
foundation or EFF you will
probably know as you are here.
We are a non-profit civil

00:00:55.956-->00:01:01.695
liberties organization dedicated
to defending your rights online.
Um with that I will let our

00:01:01.695-->00:01:06.366
esteemed collection of panelist
introduce themselves. >> My name
is Jeremy Gillula. I am on the

00:01:06.366-->00:01:09.937
tech projects [inaudible] the
EFF. So we are the team that
develop things like searchbot,

00:01:09.937-->00:01:14.942
lets encrypt and [inaudible] and
privacy badger, and also explain
tech to the lawyer people >> Hi

00:01:17.077-->00:01:22.282
my name is Katitza Rodriguez, I
am EFF international rights
director. I work on global

00:01:22.282-->00:01:26.820
surveillance issues. Helping
groups fight draconic
surveillance laws and in

00:01:26.820-->00:01:32.492
particular in Latin America. >>
Hi I am Andrew Crocker. A staff
attorney. I work on our civil

00:01:32.492-->00:01:37.197
liberties team. Especially on
our National Security, privacy,
crypto stuff. >> Hi I am Eva

00:01:37.197-->00:01:42.369
Galperin. I work on EFF's
international team. Mostly on
issues regarding privacy and

00:01:42.369-->00:01:47.307
security of vulnerable
populations all over the world.
I also do our state sponsored

00:01:47.307-->00:01:52.312
malware research. >> And I am
Nate Cardozo. I am senior staff
attorney at EFF. I do crypto and

00:01:55.182-->00:01:59.987
security policy as well as free
speech and privacy litigation
and I will be giving a talk

00:01:59.987-->00:02:06.393
immediately after this one in
the same room about crypto law.
[Applause]. > So yeah save your

00:02:06.393-->00:02:10.897
crypto law questions for that
talk, because it's going to be
great. So uh we have a mic here

00:02:10.897-->00:02:16.503
in the centre aisle, so if you
have a question, why don't you
come on forward and ask on the

00:02:16.503-->00:02:21.508
mic. >> Question: Hi um, My
question is, do you think we can
trust Tom Wheeler? >> Who? >>

00:02:27.581-->00:02:32.586
Tom Wheeler? >> Um...I'll pick
that one. Uhhhh So I am probably
the only one on the panel that's

00:02:35.122-->00:02:40.127
worked on net neutrality issues.
Uhhhh I mean in some sense we
don't have to trust him right?

00:02:42.396-->00:02:47.034
Because everything he would do
that would have any consequence
ends up being a public thing.

00:02:47.034-->00:02:52.639
Uhhh But I have been very
pleasantly surprised by the
direction he's been pushing the

00:02:52.639-->00:02:54.641
FCC, um I mean I trust him, but
keep an eye on him. >> So trust
and verify? >> Yeah exactly. >>

00:02:54.641-->00:02:56.643
Uh so what do you think the
privacy and security
implications are for Americans

00:02:56.643-->00:02:58.645
following the IANA transition? >
OOOH. Anyone >> The person who
worked on IANA is not here so

00:02:58.645-->00:03:03.583
yeah. >> Ask Danny >>So none of
the of the rest of you do
anything with... >> I think

00:03:15.395-->00:03:20.400
Jeremy Malcolm. >> We have at
this point around 70 employees
and we bring a good selection

00:03:29.776-->00:03:33.847
here, this is a great group of
folks, but unfortunately we
can't cover every possible

00:03:33.847-->00:03:40.253
issue. >> And also I can state
that IANA transition is not an
issue we give priority to. >> If

00:03:40.253-->00:03:45.258
anyone has another question come
forward and we can also give a
little brief discussion that we

00:03:48.829-->00:03:53.834
have been working on while you
are getting your questions
ready. Uhhh...let's please. >>

00:03:57.904-->00:04:02.609
Question: Hi I just got asked by
a friend if the EFF would
endorse his campaign for judge

00:04:02.609-->00:04:08.582
and I said I was sorta dubious
about that. Can you elucidate
whether the EFF can or cannot

00:04:08.582-->00:04:13.386
participate in political
endorsements of candidates or
positions and why or why not? >>

00:04:13.386-->00:04:19.159
Um we actually cannot, as a
non-profit organization. Uhhh we
don't get involved in what's

00:04:19.159-->00:04:25.565
know as electioneering. uhhhh
this means on the plus side that
if you donate to EFF, it's a tax

00:04:25.565-->00:04:31.304
deductible donation and we get
some uh some advantages as an
organization, but that also

00:04:31.304-->00:04:36.409
comes that we are non-partisan
non-political organization that
does not get involved in

00:04:36.409-->00:04:41.414
elections. >> Who wants to talk
about export controls? >> > I
see you trolling. >> Question:

00:04:49.856-->00:04:53.760
One thank you for your guys help
with the net neutrality stuff, I
think everyone in here

00:04:53.760-->00:04:58.765
agreeingly appreciates it, so
thank you. Has anyone on the
panel [applause] >>Thank You

00:05:04.004-->00:05:07.073
[applause] >> ...uuhh actually
i'm curious is anyone here
familiar with the kind of stuff

00:05:07.073-->00:05:13.079
that's going on with Europe with
the privacy shield and GDPR?
[Inaudible] >> That's Danny.

00:05:13.079-->00:05:18.084
Ummm I don't know the content of
the GDPR right now. I know that
um European union have passed a

00:05:22.222-->00:05:27.227
new regulation for data
protection directive from the
GDPR, um due to um max cherm's

00:05:29.396-->00:05:35.001
litigation, the safe harbour
provision which allows its
european provision that

00:05:35.001-->00:05:40.440
compelled companies to, if you
want to transfer data from
european union to united states

00:05:40.440-->00:05:46.146
you have or to any country have
to be adequate country. >> ...um
so the question I, and you may

00:05:46.146-->00:05:49.416
not know the answer which is
fine, but I was just curious
like I have been looking at it

00:05:49.416-->00:05:53.086
pretty heavily and I don't think
America's ready [laughter]. and
the the the right to be

00:05:53.086-->00:05:55.088
forgotten clause is even from a
technology perspective, there's
just a lot in there that I think

00:05:55.088-->00:05:59.426
is gonna be extremely
disruptive. And I just didn't
know if you had a take on that

00:05:59.426-->00:06:04.364
or not. >> I got it >> Yeah um
okay. Yeah I forget it. >> Oh
the right to be forgotten.

00:06:09.236-->00:06:15.041
[Laughter]. Um if you want to
see people from EFF really
squirm uncomfortable then ask us

00:06:15.041-->00:06:20.547
about the place where your right
to privacy and your right to
free speech overlap. Um iN

00:06:20.547-->00:06:26.786
europe the uh the right to be
forgotten is actually reasonably
popular. Uh in the United States

00:06:26.786-->00:06:33.426
we tend to sorta err on the side
of the first amendment and EFF
believes the right to be

00:06:33.426-->00:06:38.031
forgotten is quite problematic.
On one hand who amongst us has
not done things that have ended

00:06:38.031-->00:06:44.271
up on the internet that we are
not terribly proud of that we
would not like seen indexed by

00:06:44.271-->00:06:49.643
google. On the other hand what
we are really worried about is
the right to be forgotten can

00:06:49.643-->00:06:55.548
and will be used by the powerful
to cover up their misdeeds. And
we have a great deal of evidence

00:06:55.548-->00:07:00.287
that this is exactly what's
happening. So the EFF does not
support the right to be

00:07:00.287-->00:07:05.759
forgotten, we think it's super
extra problematic. >> Well
that's only one provision of the

00:07:05.759-->00:07:11.865
GDPR. [Inaudible] and in Latin
America we copy a lot of laws
from Europe. From data retention

00:07:11.865-->00:07:16.970
to the right to be forgotten. So
we already have bad precedence
in for instance right now in

00:07:16.970-->00:07:23.643
Peru..uh.. that they in a right
to be forgotten case they put a
huge fine to google and also in

00:07:23.643-->00:07:28.348
another case where they put a
huge they are investigating
uhhhh investigative journalist.

00:07:28.348-->00:07:34.120
So we have problems in Mexico,
and in Columbia, the sentence in
Columbia was favourable to

00:07:34.120-->00:07:40.760
google, but it was not good for
the media, the media have to
take down the content. Or the

00:07:40.760-->00:07:47.300
index of the content on their
website. >> Good good. >>
Question: Is there anything the

00:07:47.300-->00:07:52.305
EFF is doing or can do to move
technologies that are ITAR
restrictive and dual use...that

00:07:54.441-->00:07:59.446
are out there and essentially
that...is there a way to move
them from ITAR to dual use or

00:08:01.681-->00:08:08.355
off of that? >> Um sure Thank
you for biting on my expert
control taunt. [Laughter}. We do

00:08:08.355-->00:08:14.260
a lot of work around export
control. Most recently the state
department proposed listing

00:08:14.260-->00:08:20.133
cyber products on ITAR. Um
without defining what that its
is, without what it would be. So

00:08:20.133-->00:08:25.138
we wrote...um we only caught
wind of it a couple of days
before it was debated, and we

00:08:27.407-->00:08:32.812
along with our friends ASK us
now wrote a very strongly worded
letter saying: don't do this,

00:08:32.812-->00:08:39.819
this is stupid. Um we are also
working to make sure uh that
things like pentesting tools

00:08:39.819-->00:08:46.559
don't get included in the IAR.
Right now crypto is still
unfortunately in the EAR... >>

00:08:46.559-->00:08:51.965
What's an EAR? >> ....not in the
ITAR. What? >> What's an EAR? >>
Oh. EAR is the Export

00:08:51.965-->00:08:56.102
Administration Regulations. It's
administered by the commerce
department. Uh and it covers

00:08:56.102-->00:09:02.242
dual use technologies. It's a
lot better than ITAR, which is
the United States Munitions

00:09:02.242-->00:09:08.548
List, uh crypto used to be
treated the same way as tanks
and hand grenades. Now it's

00:09:08.548-->00:09:13.553
treated the same way as MRI
machines. Um so we're trying to
make sure things like pentesting

00:09:16.923-->00:09:21.928
tools don't require a licence to
export. So stay tuned, that's
the Wassenaar arrangement

00:09:24.697-->00:09:30.370
process. Was on a panel last
year in this hall talking about
that and it's still very much

00:09:30.370-->00:09:35.375
live. So we blog about it from
time to time, Eva and I are
leads on ITAR and EAR stuff at

00:09:39.846-->00:09:45.652
EFF. >> Question: Hi. I always
leave defcon a feeling a bit
deflated. So I wondered if there

00:09:45.652-->00:09:51.591
some good things that happened
in the last year or some good
trends that you could highlight

00:09:51.591-->00:09:56.596
hopefully? >> What's the good
news? >> Well we won the Apple
FBI case. >> Yeah yeah.

00:10:03.236-->00:10:08.241
[Applause] >> So last year
uh.... >> You want to talk about
lets encrypt? Say

00:10:12.512-->00:10:17.083
....[inaudible] >> Yeah the
launch of lets encrypt in the
past year. Oh did I steal your,

00:10:17.083-->00:10:20.920
Oh I'm sorry... [Applause]. I
didn't mean to steal it. Yeah
free certificates, easy to

00:10:20.920-->00:10:27.694
setup. Id say its a pretty big
win. >> Well I have pretty big
wins in small countries too we

00:10:27.694-->00:10:32.765
defeated data retention in
Paraguay, which is a big issue,
because the European Union have

00:10:32.765-->00:10:39.405
been the villain exporting these
laws developing countries. And
that was the first win in those

00:10:39.405-->00:10:46.012
countries. >> Another big win is
uhhhh the increasing use of end
to end encryption. As you may

00:10:46.012-->00:10:50.350
know the EFF has lots of
interesting projects to encrypt
the web, encrypting data in

00:10:50.350-->00:10:57.257
transit, we have https
everywhere. We started surfbot.
But this year we saw this year

00:10:57.257-->00:11:02.962
the implementation of the signal
protocol, uhh for end to end
encryption for all whatsapp

00:11:02.962-->00:11:09.702
messages and whatsapp is the
largest sort of messaging
platform in the world. So that

00:11:09.702-->00:11:14.641
bring ends to end encryption
default to hundreds of millions
of people, and I think thats

00:11:14.641-->00:11:19.879
kinda... >> 1.1 billion people
>> ...1 billion people. 1
billion dollars. So I think

00:11:19.879-->00:11:24.884
that's a pretty big deal, a
pretty big win. [Applause] >>
Question: Yeah so last year

00:11:28.588-->00:11:33.826
let's encrypt was just in beta
and uh this year it's, you know
it's everywhere. I mean in the

00:11:33.826-->00:11:40.567
developer community at least and
I'm using it in production now,
uh I am , I Was sick of paying

00:11:40.567-->00:11:44.470
for certificates every year and
everything so thank you for that
. Ummmm what's, uh what are the

00:11:44.470-->00:11:48.074
next steps for let's encrypt and
how to we get it kind of
everywhere and make it the

00:11:48.074-->00:11:55.014
default for everyone from the
wordpress guy all the way to the
backend server admin. >> So uh

00:11:55.014-->00:11:59.485
one thing that I think it either
just happened or is about to
happen: is the let's encrypt

00:11:59.485-->00:12:06.025
root certificate is going into
the mozilla trust store, which
is pretty awesome. Ummm and then

00:12:06.025-->00:12:12.699
um let's see we are working on
new ummmm new challenge
techniques or new challenge

00:12:12.699-->00:12:17.704
protocols, and umm we are just
gonna keep pushing it out. Um I
mean at some level it will just

00:12:21.040-->00:12:25.912
keep being adopted and people
just keep using it. >> Are we
second or first biggest CA in

00:12:25.912-->00:12:30.917
the world? >> uh It uh I think
third, but I think it depends on
how you measure, so yeah. I mean

00:12:34.454-->00:12:39.459
just keep telling everyone to
use it. That's basically it. >>
Hi guys, So I have two

00:12:45.131-->00:12:50.837
questions. So you probably know
that the EFF is a big player and
a lot of people use your

00:12:50.837-->00:12:57.543
extensions and lets encrypt. So
the first question is can the
EFF be in any way forced to

00:12:57.543-->00:13:02.482
co-operate with your favourite 3
letter agencies? First question.
Second is if that happens, what

00:13:04.617-->00:13:10.423
kind of safeguards and ways you
have to notify users that this
happening or some kind of kill

00:13:10.423-->00:13:16.262
switch for like add ons or
something like that? >> So we
have not received any National

00:13:16.262-->00:13:21.868
security letters nor any orders
to modify our code. So we can
put that out there for now,and

00:13:21.868-->00:13:28.775
you know ask that question again
next year and see what happens.
Ummm but I think you know, this

00:13:28.775-->00:13:34.480
would be something that we of
course would fight. We believe
very strongly uhh that the

00:13:34.480-->00:13:41.220
government should not be able to
force a backdoor, that one of
the core issues that the EFF has

00:13:41.220-->00:13:47.927
been working on for most of its
existence since the 90s, is the
notion that code is speech, that

00:13:47.927-->00:13:53.666
you have first amendment rights
to publish code. And that if the
government is going to come

00:13:53.666-->00:13:59.439
along what and tell us what kind
of code we have to publish ,that
would violate our rights. We

00:13:59.439-->00:14:05.878
also think they don't have the
statutory authority to tell us
what to put in our code, but

00:14:05.878-->00:14:12.285
even if they did have a statute,
that statute would be
unconstitutional. And I think

00:14:12.285-->00:14:18.858
the second way that there is
some assurance is that uhh we
put our source code out there.

00:14:18.858-->00:14:23.663
And I think jeremy could you say
more on that. >> The other
addition is all of our

00:14:23.663-->00:14:28.334
extensions as well as lets
encrypt are all open source, or
[inaudible]. You can check the

00:14:28.334-->00:14:32.105
source, you can compile it
yourself, you know if you don't
want to trust the distribution

00:14:32.105-->00:14:37.110
channel. Uhh and the other thing
is we also by default we don't
really collect any data, https

00:14:48.921-->00:14:50.923
everywhere if you turn off the
SSL observatory, uhhh it doesn't
send anything back to us

00:14:50.923-->00:14:52.925
whatsoever. Privacy badger
doesn't send anything back to
us, maybe like craft recording

00:14:52.925-->00:14:58.164
like that if you turn it on. So
we don't have a lot to give the
Feds if they came to us, which

00:14:58.164-->00:15:05.071
is of course by design. >> Also
we are a hard target.
[Laughter]. They would have to

00:15:05.071-->00:15:10.076
have some brass, if they would
think we would backdoor
anything. [Laughter]. Yeah. >>

00:15:12.578-->00:15:15.982
Question: Similar to what we've
heard before, thank you guys so
much for everything that you do.

00:15:15.982-->00:15:21.521
It makes us able to as a
pentester and i'm sure as many
other people here thank you

00:15:21.521-->00:15:27.326
makes us able to do what we do.
We also, you mentioned earlier
the signal protocol which has

00:15:27.326-->00:15:31.364
been incredibly successful with
its integration in several
different apps including

00:15:31.364-->00:15:36.369
whatsapp. Is EFF doing anything
to help either from the
technical side, help develop it,

00:15:38.538-->00:15:43.676
or from the legal side make it
more available for people in
maybe other countries to access?

00:15:43.676-->00:15:48.681
Crypto export plug. >> Well I
was gonna say, one thing we are
working on, some of you may be

00:15:51.851-->00:15:58.224
familiar, we had this secure
messaging scorecard up for a
while. uhh we are working on a

00:15:58.224-->00:16:03.396
revamp for it. And really the
main focus for that is to
encourage developers to

00:16:03.396-->00:16:10.403
basically adopt better
protocols, better tools, better
designs for secure messaging. Um

00:16:10.403-->00:16:16.175
and so watch, so I would say
watch this space, it will come
up soon. We'll be rating, not so

00:16:16.175-->00:16:22.381
much rating but basically
listing you know which tools we
think are secure, which ones we

00:16:22.381-->00:16:27.386
would say avoid at all costs. So
that's part of it. [Inaudible]
>> Umm just a one quick preview

00:16:30.857-->00:16:36.662
of the revamp secure messaging
scorecard, there is no such
thing as a completely secure

00:16:36.662-->00:16:41.667
tool. There is nothing that will
be in our top tier, this thing
is perfect. Nothing is getting 5

00:16:44.537-->00:16:50.309
stars. Everyone has room to
improve. THere's lots of ways to
go and um we are hoping we are

00:16:50.309-->00:16:56.649
going to see a whole lot more
integration in end to end
encryption tools in the future.

00:16:56.649-->00:17:02.455
>> To answer your questions, we
promote some tools on our
surveillance self defence. One

00:17:02.455-->00:17:04.457
of those is signal. We do even a
lot of security training uhhh to
potential trainers in developing

00:17:04.457-->00:17:06.459
countries and around the world.
We just finished a tour in
mexico, through all the country.

00:17:06.459-->00:17:11.464
So we do a lot of that, our
guide is in several languages,
and we are looking to translate

00:17:20.773-->00:17:27.146
it into more. >> Thank you >>
Question: I also want to thank
you very much for all of the

00:17:27.146-->00:17:31.984
work you are doing, including
net neutrality. My questions is
about net neutrality. It seems

00:17:31.984-->00:17:37.390
uh certain mobile carriers are
getting away uhhh getting around
net neutrality by zero rating

00:17:37.390-->00:17:42.395
certain streaming provider, uhh
what are the EFFs thought on
like whitelisting only

00:17:44.897-->00:17:49.568
particular websites like
streaming websites? >> Sooo uhhh
we definitely have...um zero

00:17:49.568-->00:17:54.574
rating is complicated as on the
one hand it's very easy to say
uhh, what I mean and there's

00:17:57.243-->00:18:02.348
reasons to say it can be useful
in certain scenarios and make it
a lot easier to access the web

00:18:02.348-->00:18:07.653
for people. At the same time
it's really easy to make it a
tool that distorts uhhhh uhhh

00:18:07.653-->00:18:14.126
competition and really makes it
hard you know, it can almost be
a form of censorship in some

00:18:14.126-->00:18:19.131
sense. One thing um... we are..I
mean so we are keeping an eye on
uhhhhh on zero rating. If you

00:18:22.268-->00:18:27.273
saw our blog post earlier in the
year, that go the T-mobile CEO
uhh cursing at me via Twitter.

00:18:29.275-->00:18:34.280
And we are continuing to look at
that, um I don't know, we don't
at the moment have any like big

00:18:37.850-->00:18:43.522
complaints or anything planned,
but we are sorta staying on the
topic and keeping an eye on

00:18:43.522-->00:18:50.429
things. And it's on our radar >>
And we are following the FCC
enforcement actions very

00:18:50.429-->00:18:55.434
closely. >> Okay >> Thank you >>
Question: Lets encrypt presents
uhh an obvious threat to the

00:18:57.503-->00:19:02.108
[inaudible] industry, What do
you, what does the EFF see as
the future of for profit

00:19:02.108-->00:19:08.881
signatories and what should they
do to stay relevant if anything?
>> [Laughter] Um okayyyy.

00:19:08.881-->00:19:13.886
[Laughter]. Well So so so, so
one big thing lets encrypt
doesn't do is extended

00:19:16.022-->00:19:21.327
validation. It's only domain
validation. Ummm so it is really
just, it's just authenticating

00:19:21.327-->00:19:26.332
that you control the domain that
you say you do. It's not saying
you are in fact the organization

00:19:28.367-->00:19:34.673
that you say you are. And so,
and you know we don't, there's
no easy way to automate that,

00:19:34.673-->00:19:39.211
and because lets encrypt want to
be a automated system we don't
see, I mean we aren't really

00:19:39.211-->00:19:43.649
ever going to get into the
extended validation business.
And so that's an area where you

00:19:43.649-->00:19:50.423
know for profit CAs can still do
things, umm I mean I would say
just off the top of my head

00:19:50.423-->00:19:56.729
that's the biggest one. um I
mean in some sense you know I
mean part of it too is we wanted

00:19:56.729-->00:20:03.402
to get that long low tail you
know, I don't think you know
Bank of America or who else is

00:20:03.402-->00:20:07.406
going to switch to a lets
encrypt certificate, just cause
they really like that little

00:20:07.406-->00:20:12.411
extra green bar in the url bar,
so. >> Thank you >> Question: Um
my question is regarding uhhhh

00:20:15.781-->00:20:21.721
the root cause for canary watch
being abandoned, and what the
best direction for it is for

00:20:21.721-->00:20:26.725
National Security letters? >>
Uhhhh thank you so I worked on
the Canary Watch project and on

00:20:28.727-->00:20:34.967
the National Security letter
cases. So with canary watch, uhh
you know we had a lot of

00:20:34.967-->00:20:40.806
ambitions for the site. WE
wanted to have a something that
would list out what various

00:20:40.806-->00:20:45.811
canaries were, would have
automated uhhhh checking to see
if there were any diffs and, it

00:20:49.215-->00:20:54.420
ended up having a lot of false
positives, that were just
because of the URL change or

00:20:54.420-->00:20:59.925
format change or something about
it changed, that wasn't a
meaningful one. There was also a

00:20:59.925-->00:21:05.030
couple of instances where people
just didn't updated things in a
timely manner, and then they

00:21:05.030-->00:21:10.035
did, so then it was a human
error false positive. So it was
really not being effective at

00:21:13.772-->00:21:18.778
uhhhh the concept. I actually
think that that for uhhh people
who want to be transparent, who

00:21:21.113-->00:21:27.653
want to be able to say that they
have not received a national
security letter, ummm that

00:21:27.653-->00:21:31.323
regularly issued transparency
reports where you list
everything. You put the

00:21:31.323-->00:21:35.895
subpoenas, the warrants,
whatever it is you might be
getting, and you say national

00:21:35.895-->00:21:42.067
security letters 0, FISA court
orders 0. And you issues those
such as many companies do, going

00:21:42.067-->00:21:48.707
all the way up to giant telecoms
and internet companies regularly
issue those and then every 6

00:21:48.707-->00:21:53.712
months you issue a new one, and
in each one you say the most you
are allowed to by law. If it's 0

00:21:56.215-->00:22:00.986
you say 0, if you received one,
you might not be able to say
anything at all. But in all

00:22:00.986-->00:22:07.860
cases you just do what you can
allowed by law. But also if you
get that NSL, in the meantime

00:22:07.860-->00:22:14.500
reach out to EFF. Because we
want to work on that, we are
already litigating on behalf of

00:22:14.500-->00:22:17.770
two companies that have received
National Security letters, we
are challenging the

00:22:17.770-->00:22:23.809
constitutionality of the
letters, they are gag order.
That is going up to the 9th

00:22:23.809-->00:22:30.382
circuit court of appeals right
now, and we are uuhhhh uhhh, we
think they are a tremendous

00:22:30.382-->00:22:35.120
constitutional problem. Theses
letters are going out without
court involvement, gag order

00:22:35.120-->00:22:39.525
that only that only has court
involvement on the back and
after you complain about it, and

00:22:39.525-->00:22:45.531
does not comply with the first
amendment. That's what we do
about NSLs, we need to get NSLs

00:22:45.531-->00:22:47.566
found unconstitutional and
stopped. >>You can send, you can
send your emails to

00:22:47.566-->00:22:49.568
[inaudible]@eff.org. >> Thank
you. We have 2 minutes so this
may be our uhhh last uhh..

00:22:49.568-->00:22:51.570
>>Question: I would like to
thank you and I have donated to
you in the past, but having said

00:22:51.570-->00:22:53.572
that I don't really follow you
guys that closely. But I do have
question though, you guys are

00:22:53.572-->00:22:56.208
routed in the western legal
systems in Europe and United
States, but what about areas in

00:22:56.208-->00:22:59.345
the world particularly China and
Russia, where the legal systems
are not as sane, do you have

00:22:59.345-->00:23:04.283
partners, what kind of work have
you done in those areas? And
that's pretty important as they

00:23:12.057-->00:23:17.062
are 300 million people right
now. >> The EFF actually has
quite an extensive international

00:23:34.446-->00:23:39.451
team. The Internet is global and
so are the problems on it. Uhhh
and some of what we do is uhhhh

00:23:42.154-->00:23:48.827
policy work. Obviously we don't
do impact litigation outside of
the United states, because this

00:23:48.827-->00:23:55.234
would require us to have lawyers
from every country and that's
more staff than we actually have

00:23:55.234-->00:24:00.172
at all of the EFF. But what we
do is uhhh we do training, we
provide all kinds of technical

00:24:04.443-->00:24:09.581
advice, we have a project called
Surveillance self defence, which
you can find as ssd.eff.org,

00:24:09.581-->00:24:14.586
which is translated into 8
languages, including Russian if
I remember correctly. That

00:24:17.790-->00:24:22.127
that's gives you all kinds of
technical advice on how to keep
yourself safe, especially in

00:24:22.127-->00:24:26.932
situations where you don't trust
the government. Basically if you
don't trust the government,

00:24:26.932-->00:24:32.037
encrypt everything. [inaudible]
And also we do policy work. >>
Yeah we do policy work. Because

00:24:32.037-->00:24:34.039
we cannot have lawyers in each
country, we work with lawyers in
each country. Umm to fight to

00:24:34.039-->00:24:36.041
draconian surveillance law we
share knowledge on the topics,
but we also use international

00:24:36.041-->00:24:38.644
human rights law in order to
defeat those bills that are in
congress, because in many

00:24:38.644-->00:24:43.649
countries outside the United
States, especially developing
countries and the European

00:24:55.561-->00:25:00.699
union. The European core
document rights and inter
American core human rights,

00:25:00.699-->00:25:08.440
uhhhhh really it helps a little,
you can sue that countries
violating human international

00:25:08.440-->00:25:15.280
rights laws. its not as powerful
as many other litigation, but
uhhh we can do, we can testify,

00:25:15.280-->00:25:20.285
we can use those laws to defeat
laws. >> Alrighty so I, uhh
unfortunately we are out of time

00:25:24.490-->00:25:28.660
now, but before we finish up I
just want to do a little public
shaming. How many of you are EFF

00:25:28.660-->00:25:33.332
members who have renewed in the
last year? [Clapping] Okay great
so for those of you who don't

00:25:33.332-->00:25:37.369
know, we are not as big as you
might think, we are a group of
70 employees who make all the

00:25:39.705-->00:25:46.478
amazing things you know EFF does
happen. And we are a member
supported nonprofit. So please

00:25:46.478-->00:25:52.017
stop by one of the booths, get
an awesome Defcon t-shirt, so we
can keep doing the awesome work

00:25:52.017-->00:25:57.256
we are doing. Uhhhhh in, we are
in the vendor's room and in the
contest room. And stick around

00:25:57.256-->00:26:03.362
because Nate is going to give an
awesome talk on the state of the
Law in respect to crypto. So

00:26:03.362-->00:26:08.367
thanks very much for coming
>>Thank you. [applause]