Ask EFF: The Year in Digital Civil Liberties
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 122 | |
| Author | ||
| License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/40612 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
00:00
Einstein field equationsElectronic data interchangeState of matterFAQEncryptionPlanningArchaeological field surveyStandard deviationCASE <Informatik>Set (mathematics)Mobile appPhysical systemRule of inferenceAreaBitTraffic reportingExpert systemSoftwarePhysical lawAuthorizationFigurate numberStack (abstract data type)Order (biology)Decision theoryFreewareInformation privacySpeech synthesisMixed realityProcess (computing)Band matrixType theoryLine (geometry)Moment (mathematics)Active contour modelWeightInstance (computer science)Router (computing)Incidence algebraNumberLimit of a functionWeb-DesignerComputer crimeElectronic mailing listDirection (geometry)Coordinate systemWave packetArithmetic meanOpen sourceExtension (kinesiology)BlogDifferent (Kate Ryan album)Projective planeIP addressWebsiteRow (database)Data transmissionOffice suiteException handlingStatistical hypothesis testingPublic domainBulletin board systemSystem administratorShooting methodMessage passingGoodness of fitSocial engineering (security)VideoconferencingMultiplication signInternetworkingQuicksortBoss CorporationInformationComputer configurationInformation securityDigitizingStudent's t-testCategory of beingCivil engineeringCausalityNeuroinformatikRevision controlPasswordLaptopComputer fileSound effectLevel (video gaming)Game controllerRight angleData conversionFocus (optics)StatuteMaxima and minimaChainVideo gameParallel portPrisoner's dilemmaNumbering schemeParameter (computer programming)Point (geometry)DivisorFamilyHill differential equationMetropolitan area networkCybersexLattice (order)Source codeAssociative propertyFerry CorstenBackupObservational studyDatabaseAddress spaceState observerTwitterLoginDependent and independent variables1 (number)Staff (military)PressureFormal languagePlastikkarteVirtual machineEvent horizonHacker (term)Cartesian closed categoryAxiom of choiceBootingStress (mechanics)TouchscreenUniqueness quantificationVotingTerm (mathematics)SphereFile formatWordView (database)Connected spaceExpected valueSuite (music)PentagonOnline helpInternet forumTelecommunicationWeb pageFlow separationTouch typingExpressionPattern recognitionSelf-organizationPublic key certificateElement (mathematics)FacebookConnectivity (graph theory)Selectivity (electronic)Group actionCombinational logicQueue (abstract data type)Context awarenessForm (programming)Computer forensicsSmartphoneCryptographyPredictabilityScaling (geometry)MereologyoutputInterior (topology)Cellular automatonDigital electronicsEmailMassRoutingContent (media)Service (economics)Perspective (visual)Arithmetic progressionRandomizationTime seriesWhiteboardPosition operatorSoftware developerWater vaporTransportation theory (mathematics)Data miningLikelihood functionOpen setTable (information)HorizonAbsolute valueSinc functionComputer virus2 (number)Independence (probability theory)Link (knot theory)Elektronische WahlGoogolMeeting/Interview
Transcript: English(auto-generated)
00:00
And thank you all for coming to what has become an annual tradition here at Def Con, which is the Ask the EFF panel. We are a selection of EFF employees from all aspects of our organization, and we're here to answer your questions. So, first of all, I guess I should say a little bit about the EFF, and let me just quickly find out how many of you are EFF members.
00:25
All right, well, thank you. Thank you, each one of you. We rely on our membership to do what we do, and we really appreciate it. For those who might not be familiar with the EFF, we are a nonprofit organization that is dedicated to defending your civil liberties online.
00:41
So we fight for free speech, we fight for your right to privacy, we fight for innovation rights so you can make fair uses, so if you own a device, you can do with it as you will, and shouldn't have to worry as much about things being locked down,
01:01
so you have your freedom to tinker with toys and have yourself a good time when you're hacking with them. So, briefly, before we get to this, what we're going to do is we're going to have each of the people here give a little introduction. My name is Kurt Opsahl. I'm a senior staff attorney at EFF. I've been there about eight years. I've been coming to DEF CON for most of that time.
01:26
I specialize in civil liberties and focus a lot on free speech issues, whether that comes up in the form of your rights of freedom of expression, or of privacy when you're trying to make anonymous speech and keep your anonymity online,
01:42
or it comes up in the context of, say, copyright, where somebody is trying to stop you from speaking by putting forth a bogus copyright claim. And then a couple other things before we head down the panel here. First, a brief announcement about EFF's e-voting process.
02:03
So we have a AccuVote TSX e-voting machine here, and we were going to have Professor Alex Haldeman come by, who did some of the seminal work in hacking e-voting machines, and work with that to produce a hackable election. Unfortunately, he was not able to make it today. There's been some complications.
02:24
So we're going to do a little bit of a revision to that, where it's what is the coolest thing you can do with access to an e-voting machine. And we've got one. It's over by the Hackers with Guns booth in the contest area. And so if you're interested in trying to play around with an AccuVote e-voting machine, see what can be done with an LCD screen,
02:45
and have yourself a good time with it, come by that booth, talk to us, and let's try and make something really fun out of it. Brief word about the format here. So this is going to be a Q&A session after we give brief introductions. Just line up in front of the microphone as soon as we're done introducing ourselves. We'll get to each person in order.
03:05
Please keep it to one question apiece, and then just go back to the line if you have another question. When you are asking your question, please don't tell us about your particular legal situation. Confidentiality is something we consider to be very important, trying to keep communications privileged,
03:23
and this is not a confidential or privileged forum. So this is not the place to talk about something. You're wondering if it was legal or not. If you do have a specific question and need our help with it, Rebecca Regan, she is our intake coordinator, sort of like a traffic cop to make sure that things go to the right place.
03:46
She is the right person to talk to, and she will help put you in touch with the right people. She'll say a little bit more about that in a second. When we give our answers, please understand that we are not giving you legal advice. This is, again, not the forum for doing that, but we will give some legal information
04:04
and just talk about more generalities, information about the law as opposed to things which are specific to your situation. And one other last note. Sometimes we may not be able to comment on something. For example, if it was something that we are involved in working on or we have a duty of confidentiality.
04:24
So from time to time, something may come up. If you have a question about a specific legal situation where we're just not in a position to comment and we will say so, we apologize if that, hopefully that won't come up too much, but just to prepare you for it. So without further ado, let me pass it down to Marcia.
04:44
So we're all just going to very briefly introduce ourselves and give you a sense of the things that we tend to work on so that you know what types of issues might be up for discussion. So I'm Marcia Hoffman. I'm a senior staff attorney at EFF. I am part of EFF's Coders Rights Project, which is a project we introduced here at DEF CON a few years ago
05:05
that works to help researchers and developers navigate the sometimes confusing legal waters that apply to their work. I also work on privacy, freedom of expression issues, computer crime, and security.
05:21
Traditionally, I've also done quite a bit of Freedom of Information Act work, and so if you have open government questions, I'm happy to take those too. Hey, everybody. My name is Hani Fakhouri. I am a staff attorney with EFF. I'm the newest staff attorney. This is my first time at DEF CON. I'm very happy to be here.
05:41
I also work with Marcia in the Coders Rights Project, and my focus is on criminal law. Before coming to EFF, I was a federal public defender for three and a half years and have quite a bit of criminal litigation experience, and I hope to use that to help all you fine people in this room. Hi, everyone. I'm Kevin Bankston. I'm a senior staff attorney at EFF,
06:01
celebrating my eighth year at EFF and my seventh year at DEF CON. I focus on the government surveillance beat, so in the past year I've focused on convincing the Third Circuit that courts can require the government to get a warrant before they can seize cell site data about where your phone's been, convince the Sixth Circuit that your email stored at Google or Yahoo or wherever else
06:22
is protected by the Fourth Amendment such that the government has to get a warrant if it wants to seize it, and hopefully—thank you. Thank you very much. And hopefully on August 31 in Seattle in front of the Ninth Circuit, we'll be convincing them that our lawsuit against the NSA for its warrantless wiretapping should proceed.
06:40
So if you could send positive vibes to Seattle on August 31, I'd appreciate it. My name is Abigail Phillips. I'm a senior staff attorney at EFF. I focus on copyright and other online content issues, do some net neutrality work too. That means a lot of intermediary issues, DMCA, circumvention-type questions, legislation in Congress, so forth. Thanks.
07:07
Hi, I'm Rebecca Regan. I'm the legal intake coordinator at EFF, which means if you want something and you're not a journalist, you have to talk to me first. I love to help people find the right information. I do a lot of traffic directing, not only to our various attorneys,
07:23
but also referring people to attorneys who cooperate with EFF. We have a large list of attorneys who come to us because they work in the same area. They love the work we do. I actually just talked to a new one today who's really into what we do and wanted to help out. So people whom we can't assist directly, we like to try to refer them.
07:41
And we also have, as you probably know, an amazingly vast and thorough website, and I often help people find what they're looking for there. I'm Micah Lee. I'm a web developer at EFF, and I also work on several of our many tech projects. So a couple of those are HTTPS Everywhere.
08:03
It's a Firefox extension that uses a large list of rules to enforce HTTPS on websites you visit. And version 1.0 was just released yesterday with over a thousand rules. You should get it. It's pretty awesome.
08:21
There's also the SSL Observatory, which is a project that we did by scanning every IPv4 address on the Internet for the HTTPS port, and gathered a ton of information about it. And it's a giant database that people can do research with. And soon, HTTPS Everywhere will include a decentralized observatory component
08:44
so that if you opt in, you can choose to send certificates that you see to us. And let's see, there's the open wireless movement, where we are trying to convince people to keep wireless networks open, and we're trying to help the community come up with guidelines for new standards
09:08
that let you have wireless networks that are encrypted and open at the same time, and other such things like that. And soon we will be releasing a piece of software called Cryptolog,
09:20
which is a filter that you can use with Apache or other software that basically lets you log IP addresses in an encrypted fashion that you can't decrypt so that you could tell the difference between unique views and pages. And we have other projects as well.
09:44
Hi, my name is Eva Galperin. I'm an activist with the Electronic Frontier Foundation. I focus primarily in intellectual property, privacy, and freedom of expression. I am also, I think, the only person here who does international work.
10:02
So if you have questions about digital civil liberties issues that are focused outside of the United States, you can aim them at me. Okay, thank you very much. So that's our panel, and now let's turn it over to you with the questions. So please line up here in front of the microphone if you have a question,
10:23
and we would love to hear from you. Let's start right now. Bill from Los Angeles. There's a bill working its way through Congress now. It's nicknamed the Internet Kill Switch. Could you just fill us in on the progress of that bill? Sure. There are a number of different cybersecurity initiatives
10:43
being pushed in Congress right now. In fact, so many that there's kind of a traffic mess. The administration put out a proposal. There are several bills. There was a Lieberman-Collins bill in the Senate that did have a component that would have given the president an emergency authority to, pardon me,
11:04
I'm trying to remember the exact language, but it would have given the president emergency authority to basically cut off systems from the Internet when there was a threat posed to critical infrastructure. In response to a lot of public blowback and pressure
11:21
and the frightening example of what Mr. Mubarak did in Egypt, Lieberman and Collins did remove that language from their bill and actually put in an explicit thing that said, nothing in this bill shall be construed to allow the president to shut down the Internet, which was kind of funny. So the White House's proposal itself does not include
11:43
any new emergency authority for the president, which I think was the right political choice for them. But right now the cybersecurity situation on the Hill is very confused and I'd be surprised if anything passed this year, even though a lot of people would like to see something pass this year.
12:02
Hey, guys. Thanks for being here. I've heard it claimed that being responsible for an open wireless makes you or gives you plausible deniability as to the usage if you have no logs. What's the reality of this? So if you have an open wireless, so this is something that I've heard a fair amount of
12:23
and say is the notion that if I have an open wireless, well, then it's not provable whether it was me or not who did a particular thing. And the reality of the situation is oftentimes there are a lot of other factors other than the open wireless, such as things that are on your computer itself
12:41
or other indicia that will be used in combination with it. On the whole, it is actually a fairly rare circumstance in which somebody has been able to get out of an accusation because they said that their neighbor did it or somebody got onto my Wi-Fi and it wasn't me.
13:02
And more often than not, under those circumstances, further investigation forensics on their computer and other indicia have shown that it really wasn't the neighbor. There have been a couple of scary entrances. I mean, there was one that happened in the last couple of months where it really was a neighbor who got onto somebody's Wi-Fi and did some evil things.
13:21
And in that case, the investigation of looking at the situation showed that it was unlikely that it was that person's computer. Further investigation led it to the neighbor. So there's a lot of things that are going to go into an investigation. And if you're going to be relying upon the notion that I have an open Wi-Fi so it wasn't me,
13:43
make sure that that's true because they'll be looking at things other than just the question of whether or not you have an open Wi-Fi. So a quick follow-up. So you guys overall would say that having an open Wi-Fi is not a danger to being falsely accused of something.
14:02
I didn't hear you say that. Well, so having an open Wi-Fi, there are a lot of things that could happen. How frequent they are is a question that you have to consider. And if a lot of people have open Wi-Fis,
14:20
then that will make it available to a lot of people and it will make it so that the incidents of people who are using them for ill won't be concentrated. So one of the advantages of having a lot of people having open Wi-Fi and making it available is to spread around the risk and make greater availability for all.
14:43
There are some things that you might do if you want to make free Wi-Fi available to the people as a good Samaritan but still have your own system. You could also have an open Wi-Fi and plus you have your own system which is separate from that. And so you're helping the world out by allowing for connectivity
15:01
and then you have your own traffic go through a separate system. Hi. My question actually has slight connection to that. If someone has a criminal background, let's say hacking or fraud or something along those lines,
15:22
they've completed their sentencing, but they want to get involved in the community, are there specific things they should avoid, such as maybe running a Tor exit node or having open Wi-Fi because if somebody were to do something illegal over that, they may be instantly suspected as the person committing that crime.
15:43
Should they avoid things like that and get involved in other ways? So if you have a prior criminal conviction for some sort of hacking activity, I think common sense would say be very careful what you do in the future
16:02
because as you said, a person's background does matter to the government when they're trying to determine who is and who is not responsible for a crime. So if they have between two people who are doing the same exact action, if one person's got a prior record for the same exact thing and one person doesn't, obviously they're going to focus their attention onto that person.
16:22
I wouldn't say that means you should never do anything and you should live in a bunker and never touch a computer. I just think that you need to be very, very careful with what you do and take whatever necessary precautions that exist to avoid getting yourself to be the subject of scrutiny.
16:45
I would also say that if you do end up finding yourself convicted again, the penalties are going to be increased because of your prior record in a number of ways. The maximum penalties can be increased under the statute
17:01
and then under the kind of complicated sentencing scheme that is kind of parallel to the maximum penalties, your criminal record is taken into account. So you will find yourself in more trouble and so the penalties do increase. To the extent of your thinking about doing an open Wi-Fi or running a Tor exit node,
17:21
your background should be something you should absolutely keep in mind before you do something that could be potentially risky. I'd like to follow up just quickly also, particularly on the Tor exit node point. There are a number of things that you can do if you run a Tor exit node to decrease the amount of risk that you face
17:42
from being mistakenly identified as the source of traffic that comes from that node. The Tor project actually has a really excellent blog post on its website that talks about some of the things that you can do to be a little more careful. If you take a look at our legal FAQ, we link to that post,
18:01
but we have some thoughts about it too. There are certainly things that you can do to do something like support the Tor network by running an exit node or something, another type of relay, or help the community at large and take certain actions yourself
18:20
that make your behavior a little less risky than it might otherwise be. That's certainly a good idea if you have a prior criminal record. Last of all, I would add that if you're not comfortable running a Tor exit node, especially after reading our legal FAQ and the blog post on the Tor website, that you should consider running one of the middle relays instead.
18:47
Hello. First, I'd like to thank you for helping independent security researchers like myself tackle a lot of the legal issues. Your work helps a lot of us sleep at all at night. Thank you.
19:01
Second of all, I'd like to ask a little bit of information. I know that there's a case in Colorado regarding an encrypted laptop and the government seizing that laptop and trying to get the user to disclose that password and forcing them to basically unencrypt their data for the purposes of furthering their criminal investigation.
19:20
Could you tell us a little bit about that case and the work that you're doing with that case? Absolutely. And actually, I'm curious, how many people in the room are interested in that case? That's what I thought. So if it's okay with you guys, I would just like to take a few minutes to chat a little bit about this and kind of lay out the background and all of this. And this may answer some other questions that some of you may be in line to ask.
19:44
So I'm going to start with a little bit of legal background, okay? There is a Fifth Amendment right in the U.S. Constitution to not be forced to be a witness against yourself.
20:00
And basically what that means is that the government cannot compel you to testify in a manner that would incriminate you. So, you know, we're talking about three factors here. Compel testimony that's incriminating. And, you know, shorthand, sometimes we call this the right against self-incrimination, okay?
20:22
Now, one important question here is, you know, what is testimony? And basically what this is, what this means is that you can't be forced to communicate something in your mind, you know, knowledge that you have in your mind. So if it's something that already exists, like if it's something that you, you know,
20:40
a document that you wrote that's sitting on your laptop, that in and of itself does not implicate the privilege, all right? This is a privilege that only comes into play when you're being forced to communicate knowledge that you have in your mind. And, you know, another interesting question is what does it mean to incriminate, okay?
21:00
So incriminating information is information that would provide a link in a chain of evidence that the government might use to charge you with a crime in the future. So it's not even necessarily something that, you know, indicates that you committed a crime. I mean, it's something that might lead the government to charge you, all right?
21:21
So that's kind of like, that's the basic concept that we're talking about. And in the past few years there have been very few handful of cases that have come up in relatively low-level courts, dealing with the question of how this privilege applies to encryption passwords.
21:45
So basically can you be forced to turn over your password? Can you be forced to speak it? Can you be forced to type it into your computer? Can you be forced to unencrypt your data and hand it over to the government? Or does the Fifth Amendment protect you against that?
22:01
And, you know, the courts have, you know, kind of been struggling to figure out how this works. There was a case in Vermont that was the first, you know, we've talked about this at prior DEF CONs, you know, the first to talk about this issue. It involved a man who was coming over the Canadian border, and his car was searched by a border agent,
22:22
and he had a laptop in there that was on. And the border agent wanted to look at the laptop, and the guy said that he could. And so the, you know, agent, you know, with the man's consent, you know, took a look around at some of his files, and he found some stuff that he thought looked like child porn. So he seized the computer, shut it down.
22:44
Later, when he, you know, the government tried to boot the computer back up, it turned out that the drive that contained those files was encrypted. And so they asked a court to force this man to type his password into the laptop to unencrypt the data.
23:04
And, you know, a magistrate judge, a magistrate judge is kind of, you know, a fairly low-level judge, actually about as low-level as they get, said, you know what, I think that violates this guy's right against self-incrimination, because, you know, the password exists in his mind, and basically you're forcing him to perform an act
23:21
that communicates that knowledge. And when he types that password into the laptop, it's going to show that he has control over those files. Which is an incriminating fact. And so, no. So then the government comes back and says, okay, okay, okay.
23:42
But what if the court were just to compel him to decrypt his laptop, just to provide a decrypted version of the information? How about that? And the judge looked at that, actually a district court judge, a little higher level, looked at that and said, well, okay, it's not quite the same situation.
24:04
And in a situation like this, actually, like the government's already seen these files anyway, and they know exactly where they exist. They exist in a certain drive. And if he provides that unencrypted data, then the government isn't going to learn any more than they already know.
24:24
And so basically, the gap between this man's knowledge and the government's knowledge is not really, there's nothing, there's no gap there. So, you know, basically he's not really being forced to be a witness against himself. So in that case, he had to turn over the data, all right?
24:43
And then, you know, there have been a couple of other cases, you know, where judges have looked at this, and they haven't analyzed it all that carefully. You know, there was one in Michigan where, you know, the government wanted an individual to be forced to turn over his password, and the court said no. So that takes us to this most recent case. There's this case in Colorado.
25:02
It's called United States versus Vercosu. It involves a situation where two people, they used to be married to each other, so they're now ex-husband and ex-wife. They've been indicted on charges involving mortgage fraud. Before the indictment came down, the police served a search warrant to search the home where they used to live together,
25:28
and where, you know, the woman now lives with her family. And they seized several computers, including an encrypted laptop from her bedroom. And after that stuff was seized, this woman had a conversation over the phone with her ex-husband,
25:47
who at the time was in prison. And, you know, when you're in prison, they record your phone conversations. And so the government has a record of this conversation. And in this conversation, you know, she discussed the computers that had been seized
26:03
and mentioned that there was an encrypted laptop and that, you know, there might be some stuff on there that the government might be interested in. So the government went to the judge and said, we would like you to order her to enter her password into the laptop or provide an unencrypted version of the data.
26:23
And this is a situation like, you know, the one in Vermont, basically, because we have this telephone conversation where she talked about the fact that, you know, there's stuff on there that is probably of interest to us and incriminating. And so we know that it's there.
26:41
And it's just a matter of her turning it over at this point. And, you know, when we saw this case, we thought, wow, you know, that's potentially a really interesting case. And, you know, it looks better than that Vermont one. So we've gotten involved as an amicus. And what that means is that we don't represent her directly.
27:00
We don't represent any party, really. We represent EFF and we're basically saying, hey, you know, we think that there are certain issues that the judge should be careful of here because they're going to have big implications for a lot of people. And so this was our take on it. We said, you know, we think that providing the password, either typing it in
27:21
or providing an unencrypted version of the data is protected by the Fifth Amendment because it is an act with testimonial aspects. Basically, it would tend to show that she has control over those files and, you know, it would also tend to authenticate that data. Now, the government has said that they want to give her immunity for the act of typing her password into the computer.
27:45
And what the effect of that would be is, you know, they can't use it against her. And often that will actually nullify the Fifth Amendment privilege against self-incrimination because if they're not going to use it against you, it's not incriminating, okay? We think that the immunity that the government has offered her, which is to, you know, immunity for the act of typing it in, isn't enough.
28:08
You know, we think that the immunity, in order to actually, you know, be the same in scope as her privilege, would have to also extend to, you know, any derivative use of the information. So, you know, we think that the immunity covers not only the entering of the password
28:23
as an act, but would also, you know, protect the data that is stored on the computer. So, you know, that's kind of where the case stands at the moment. There was a hearing on the issue a couple of weeks ago, and a few days later the judge said that he is pretty skeptical of the government's argument.
28:44
And in fact, his big skepticism at this point is that the government has really shown that the computer that they want, that they expect her to unencrypt, is the computer that was discussed in that conversation. You know, the judge says that he wants to hear more evidence about that, and so that's going to happen in October.
29:05
And we'll see if the government, you know, has any more to say on that point, aside from what they heard her say in this conversation with her ex-husband. So, yeah, so that's the deal. And if you all have follow-up questions, you know, feel free to bring them up and we'll talk about it more.
29:24
Also, thank you for the work that you do. It's very much appreciated. A couple of years ago there was a lot of focus on frivolous software patents and the abuse of those patents to suppress open source software and things like that.
29:40
And I believe you guys were involved a little bit in that, trying to open it up a little bit. But I haven't heard anything since then, and I was just wondering if you might be able to comment on where that stands, if you've been able to gain any ground in suppressing those kinds of frivolous patents.
30:01
So software patents and business method patents, and there are some of the great concerns that have come out of the patent system. The patent system has a lot of problems because it locks up an idea. And a lot of times people are getting these patents by bringing them to the patent office, who doesn't have the time or the resources to really look at what the prior art is,
30:23
and allowing people to get legal rights into an idea that actually had been known within the industry previously to that, or is sort of not an advancement on the art, is an obvious thing to do. And some of these patents then can be used to stop innovation and say that you can't
30:44
have it be an open source software because it has to be licensed from the patent holder, or that it implements this method. So we don't have on the panel today Julie Samuels, who is our patent lead, but I can tell you just a little bit about it, and you can go to our website for more information.
31:03
So we have a patent busting project, and that is going through the process of looking at what we consider to be some of the worst patents out there, and go through the patent and trademark office to explain to them why those patents were improperly issued.
31:21
And this is called a re-examination. Now the re-examination process is actually not a particularly speedy process, it requires a lot of work, a lot of gathering information, and then you have to present that to the patent office and wait for them to deal with it. So we started this project a number of years ago with 10 patents in mind, we are working our way through them, we're not through that set left.
31:46
There's a number of them left, I'm not sure exactly how many, but if you go to our website, the patent busting project will give a nice graphic of where these various things are. And we also have been interested in patent reform ideas, that there's a lot of notion out there that maybe putting some reforms on the patent office
32:03
to make them less likely to grant bad patents, and also through the case law system by trying to explain to courts that some of these principles in how they're applying the patent law to make it a little bit better for innovation.
32:23
So to answer the question a little more directly, yes, we're working on a lot of stuff, but specifically what we are working on over the summer, and which we're hoping to launch early in the fall, is an entire campaign revolving around education about software patents, where we hope to give people tools to understand the software patent system,
32:46
give them some idea of what the problem is with patents, and what they can do if they're in various places in the innovation stack. For example, if you are an engineer, and you're working for a startup, and your boss comes to you and asks you,
33:06
hey, what are you working on, because we need to patent as much of this stuff as possible so that we can show it to our VCs. We give you a whole little worksheet that will help you understand what your options are, and what kind of suggestions you can make to the people running your company so that you don't wind up having to patent all of your work,
33:28
especially with meaningless gobbledygook patents that are essentially just being used to impress VCs and get money. We also are working on a little FAQ for students who are doing academic research,
33:45
and we're working on an FAQ for VCs who we think really need to be educated about how these patents work, and why a large portfolio of patents is actually not a good idea for startups or large companies,
34:03
and winds up hurting innovation rather than helping to foster it. Just wanted to say thank you for your work. I had an account on the Illuminati bulletin board back in the day when it was seized, so I've been following you guys for a long time. My question is on copyright law. If you tilt the mic up, it might catch you a little bit more.
34:22
My question is on copyright law. I remember back when the last set of copyright extensions went through, some of my friends were referring to them as the Steamboat Willie copyright extensions, because every time Steamboat Willie was about to go out of copyright, the law got extended. It's not quite yet, but we're coming up on that date. Do you have a sense, is there a set of lobbying coming up to try and extend copyright law some more,
34:45
or are we going to finally see some things slip into the public domain? I'm not aware of anything at the moment. I expect that we'll see it when the time comes, like you said. One thing we have seen is a study by Congress that's looking at sound recordings,
35:04
specifically in copyright for sound recordings, which pre-1972 aren't covered by federal copyright law, and that actually means that those don't fall into the public domain as a group until 2067, which is really a long time from now. One of the proposals on the table, and again, this is being studied,
35:24
and lots of folks have had input, including EFF, one of the proposals would be to bring it out of state copyright law and under federal copyright law, which would actually mean that those works would go into the public domain sooner, which would be interesting, so that's potentially a positive result on the horizon.
35:40
But as far as the general copyright term extensions, sorry, yeah, not aware of anything going on at the moment. Hi, again, thank you for your work, much appreciated. My question is about the police seizing your cell phone when you videotaped something that happened.
36:02
In particular, there was a shooting on Miami Beach a couple weeks ago, where a bystander videotaped the cops shooting some people in a car, and then they seized his phone, searched it, gave him a receipt or whatever of seizing it. My question is, if you're a bystander, can the police seize your phone as evidence?
36:24
And also on the same lines, I hope it's not too much, but with the TSA starting to do searches at train stations, Amtrak, and Metro, can you walk away if the TSA wants to search you? Is there any remedy for any, what I would consider a random search at that moment?
36:41
Because I think it's kind of the same thing. Well, I can speak to the videotaping of the arrest, and I'm not familiar with the incident you mentioned in Florida, but generally speaking, there have been attempts by the police to kind of forcefully seize cell phones
37:01
that have been used to capture arrests made on the streets, and technically speaking, that's improper. There's really no prohibition necessarily on videotaping. There are a separate set of laws and rules regarding the recording of audio transmissions,
37:22
which fall under the Wiretap Act, and Kevin's the expert on that, and I can defer to him on that issue, but with respect to videotaping, there isn't necessarily any, you know, at least there's no federal crime that I'm aware of, and every state obviously has its own set of rules, but there aren't, as far as I know, and again, I could be wrong,
37:40
but as far as I know, there aren't any laws that specifically prohibit the videotaping of what's essentially a public encounter. Now, can the police seize that cell phone as evidence? With a search warrant, absolutely. Without a search warrant, it's a little bit of a trickier question. Typically, the police, you know, obviously under the Fourth Amendment,
38:00
they need a warrant in order to seize and search any sort of item, including electronic devices, including your cell phone. There are always exceptions to that. If you consent to the search, they could search it. If they have probable cause to believe that there's evidence of a crime that is under an imminent threat of destruction,
38:22
that may be an instance where they may be able to, you know, take that phone and seize it. Now, if they take it under that pretext, they can't then decide, well, now that we found the video of the shooting, let's also go rifle through all of his text messages and see what else he's got on there. And you would have a remedy for that under, you know,
38:42
if you ultimately get, you know, charged with a crime, it would be through a suppression motion where you try to get the evidence thrown out. If you're not charged with a crime, you could have a remedy through a 1983 suit. That's basically like a lawsuit where you claim that the government has somehow violated your civil rights, so that would be your right to be free from an unreasonable search and seizure.
39:01
Now, the practical reality is oftentimes the police just take what they want to take, and then, you know, in those instances, in the heat of the moment, I think police tend to make kind of snap decisions like that. And so, you know, you would still have those same remedies I discussed in terms of like a 1983 suit. With respect to your question about TSA and walking away from a search,
39:26
you know, again, like, if, you know, if you walk away, you walk away, you're not going to get searched, but you're not going to board your train either in all likelihood. Do you have a remedy? Again, you could potentially bring a civil rights suit if you feel like the search was intrusive,
39:42
but I think, unfortunately, they probably have a hard time making that argument because the courts have generally recognized that the government has a very strong, compelling interest in requiring passengers on mass transit, you know, trains and airplanes and whatnot to be searched in order to protect the safety of everybody else.
40:03
I'll add to that. I haven't looked at this issue in a few years, I'll admit, but I do remember there was at least one case and possibly more where, actually, back up a little bit. So there is this administrative search doctrine where the government can search you for purposes other than criminal law enforcement. For example, when they stop you, you know, when they do drunk checkpoints.
40:22
That's an administrative search because the main purpose is not to catch the, it's not to give you a ticket for being drunk, it's to keep the drunks off the road and keep everyone else safe. This has turned into a very broad exception for searches. It's also used to justify searches at, for example, the airport because the purpose is not to catch criminals, it is to stop bombs and other weapons from getting onto the planes.
40:44
And the case that I recall did involve someone who had entered the security area and then decided, oh, no, wait, I don't actually want to go through this search and was like, no, that's okay, I'm not going to get on the plane. And they insisted on searching him anyway. And the court did uphold that search.
41:01
You know, once you had entered the area where the searches are occurring, you've essentially consented. They sort of mixed up the doctrines of administrative search and consent to search, but either way, they did uphold that search. In many ways, you know, as Hany says, sometimes the authority figure will make a snap decision and ultimately, you know,
41:21
unless you want to physically resist, which is not a good idea, you know, it's not really going to matter what the law is. What the law is is going to matter if and when you sue them or they prosecute you afterwards. And if you are going to be photographing or videotaping police in a situation where they might seize your phone, I think a technical solution is good
41:43
and not just relying on cops not breaking laws or anything like that. And there is a smartphone app right now called OpenWatch, which you can record audio or video and it uploads it to the internet immediately. And I think that there's other apps and cop watch type apps
42:02
getting developed for smartphones. And I think even the Google Plus app lets you upload pictures immediately. So that might be a good idea to enable so that if your device does get seized, you have a copy of it still. Thank you.
42:24
Right. Let me add one thing real fast and I'm sorry to interrupt. Like I said, you know, there is no federal law that covers the crime of videotaping an officer. Now, that doesn't mean that state laws will always have their own contours, but there can be other instances where state law can be, you know,
42:40
a different state law impeding an investigation or obstruction or, you know, any of those things can be used and try to stretch to fit into those facts. A useful resource, the Reporters Committee for Freedom of the Press, RCFP.org. They have some various FAQs and 50-state surveys where they try and provide information
43:00
to journalists about these sort of issues, whether they can tape, what the law is in a particular state. It's a valuable resource, so check it out for your own state. I second that. It's great. It's called Can I Record? So just Google or Bing or Yahoo for Can I Record and you'll find it. Actually, that was a good segue for my question.
43:21
Is your foundation doing anything to defend a journalist named Julian Assange? And do you have any general observations about WikiLeaks? Do we want to start with Twitter? I mean, so our most direct involvement in the controversy over WikiLeaks
43:47
is the government issued a court order to Twitter to obtain logs regarding a number of people related to WikiLeaks, including Mr. Assange. And we represent one of those people and are working with the lawyers
44:03
who represent several of the other targets of that order in resisting that order. Twitter did a mitzvah, did a wonderful thing in pushing the government to consent to the unsealing of that order such that we could come in and challenge it. And that case is ongoing.
44:22
In terms of general observations, I think one of our main general observations which we posted on our blog is that ultimately WikiLeaks is a publisher. The First Amendment protects publishers. Whether or not you agree with WikiLeaks tactics or politics is beside the point.
44:43
Legally speaking, the First Amendment protects the publication of true information. And the Supreme Court in the Pentagon Papers case made clear that in terms of the government wanting to exert a prior restraint on that publication, the fate of the nation would have to turn on it, basically.
45:00
They have yet to explicate a particular standard yet. The Pentagon Papers decision was somewhat fractured, but it was clear that the government would have to meet a very, very, very high standard if it wanted to try to legally compel the stoppage of publication of the WikiLeaks material.
45:20
Any other thoughts or comments? I just want to note that this is a subject that we've been watching very, very carefully. And speaking from the perspective of the legal team, we're often looking for legal disputes to arise and figure out the best way to get involved in them.
45:41
And at this point, this is an ongoing criminal investigation. And we will be very interested to see if any legal case actually ever comes of it. But at this point, we've been as involved in the criminal investigation as we've had an opportunity to be.
46:00
So it's something that we're continuing to keep an eye on, and we expect to watch very closely for developments. I was excited to hear that you're working on standards relating to having Wi-Fi networks that are both open and encrypted, because that's such a ridiculous hole in technology right now.
46:21
Can you talk a little bit more about those efforts, and most importantly, what's the current prediction for how soon we might see that wide scale in consumer equipment? At the moment, what we're trying to do is convince other people to work on these standards and maybe work on them ourselves if possible.
46:41
But some things that we want to come out of it is have open networks that you don't need a password to connect to, but that have encrypted communications. And we want to make it so that you can segment your network so that people from the public can connect to your network,
47:04
but not actually have access to not be able to create routes to your hosts so that you don't have to worry about people hacking you because you're providing open networks. And bandwidth prioritization, so that if people are using a ton of bandwidth, that your bandwidth gets priority, and all these things.
47:24
So we want to come up with new standards and hopefully sometime get them built into routers and network codes. No predictions right now? Not yet. We haven't done all that much so far, but yeah. Cool. I just want to say props to EFF and my girl Jennifer back in the day.
47:46
My question is based on some recent current events where a Middle Eastern country took a database of people of interest and ran this against a social networking site. Based on this information, they identified potential sympathizers of a controversial flotilla.
48:01
I was wondering if there was any protection under US law that may allow or prevent activity like this, and I'd cite examples such as World Trade Meetings and things like that where people are being denied entrance based on their associations rather than proven information.
48:20
Well one of the things that actually was kind of an interesting talk that occurred earlier this week was a study showing about facial recognition and using that by comparing it with social networking, and people were able to use facial recognition and look at the database of faces that were up on Facebook and other sites to find out a lot about people. This is one of the things that happens when a lot of information is made public.
48:48
We're going to keep this general legal information as opposed to specifically about a particular flotilla or not, but the issue that arises here is in the United States law,
49:00
which is a lot of where we're focused, you have some privacy rights and they're about public disclosure of private facts, but it's not a very good argument that a picture of yourself that you post on a social network is a particularly private fact. The private facts that is generally considered are the intimate details of your relationships with your significant other,
49:23
whether or not you're gay, these sort of private facts that somebody might know about you and if they publicize that, that could be the public disclosure of private facts. When it is something that is available to the public very widely, you're not going to get a lot of traction on saying that that is a private piece of information that can't be used.
49:42
This creates a lot of issues, not just in this sphere where people are using the information to ban somebody from a particular thing. It can also be used by government. One of the things that is the test for whether your Fourth Amendment rights and how they interplay is the reasonable expectation of privacy. As more things become public,
50:01
then there's sort of a different set of arguments about the reasonable expectation of privacy. One of the things that we push for with social networks is to make sure that people are doing good practices by making sure that customers, the users of the service, know what they're doing, know what information is going to be public and which information is not going to be public, so they're making informed decisions.
50:21
We don't like it when something is required to be public so that you can't put a setting that is more restrictive than public on it. But this is an ongoing battle. Sir. Good afternoon. My question is somewhat in alignment with the gentleman I think before, ahead of me,
50:40
talking about random searches at public transportation areas, but mine is about an American citizen, a U.S. citizen coming into the country from overseas or from Canada, Mexico, and being required to provide a laptop and then provide a decryption key if the laptop is encrypted.
51:00
What about the constitutional, you know, Fourth Amendment, unreasonable search and seizure protections and things like that? Thank you. So the Fourth Amendment generally protects against unreasonable government searches and seizures, and what that means is that, you know, if searches, as a general matter, the government has to get a warrant in order to do a search.
51:23
This is not the case at the border. At the border, the courts have decided that a search is reasonable because it's at the border, and so no warrant is needed. And in fact, for the most part, they can search your stuff
51:43
and most of your person without even a modicum of suspicion. You know, they need reasonable suspicion when it's an unusually intrusive search, and when I mean unusually intrusive, I mean like the interior of your body.
52:04
Now, there have been several court cases that have examined how this applies to laptops and, you know, there are lawyers who've made very valiant attempts to argue that a laptop is not like a suitcase, it's not like a briefcase,
52:21
it contains a whole lot more information, and it is a very intimate portrait of a person's life, and it is a very intrusive search, and unfortunately the courts have not agreed. And the state of the law, as sad as it is, is that the government doesn't need any suspicion of wrongdoing whatsoever
52:41
to search your laptop at the border, and in fact they could just do it randomly. In fact, if they wanted to, they could probably search everyone's, if they had the capability they might. And so, you know, I think at this point in time, the best solutions are probably technical ones and not legal ones,
53:01
or legal remedies that is, and in fact, one of my colleagues, Seth Schoen, one of our senior staff technologists and I, we're working on a white paper that we're going to introduce in the next few weeks that is a comprehensive examination of the technical solutions that are available for people who want to protect their data at the border. He's going to be discussing that at CCC in Berlin later this month,
53:27
and if any of you are going to be there, you should go check it out. And for those of you who won't be there, keep an eye out for our white paper, which we plan to post on our website soon. But technology solutions aside, what I'm hearing is that an American citizen has no rights at the border.
53:50
Unfortunately, you have very few rights at the border, even American citizens. So we are out of time. Thank you for all the great questions. We're now going to move on to the Q&A room.
54:02
Also, just one last plug of those of you who might be interested in playing around with an e-voting machine, we have one set up over at the Hackers with Guns booth in the contest area, so check that out. We will see you soon in the Q&A, and see you around the conference. So the Q&A...