BSidesSF 2026 - "Ask the EFF" Panel (Panel)

All right, good evening Bside San Francisco 2026. My name is Nicolina and I'm your host. We have this fabulous pan panel prepared for you and the topic is ask us anything from EFF. Um, so what we're going to do is we're going to open this up. They're not they didn't come prepared with questions because they want you to participate. Um, who here knows what Slido is? Anybody? Awesome. So, if you log into Slido, sli.com, you can actually ask and type out your own questions. If you see a question you love, you can favorite it as well, and that'll make it go to the top. So, if one question has 15 favorites, it's going to go all the way to the top when

some when the next one has 10. Does that make sense? Okay. So, your login is going to be Bsides SF2026. Bides SF206. and we're in theater 12. Everyone good with that? So, as soon as you start rolling in questions, we're going to introduce our panel and then we'll take it from there. All right. Thanks so much. >> All right. Uh, thanks everybody for coming out tonight. Appreciate you all being here. My name is Cooper Quinton and this is Ask EFF. Um, give a I can't see you for hands, so uh give a little shout if you've never heard a VF before. Uh, okay. Well, I uh uh I you haven't. So, I will >> do it the other way. Just

>> give a shout if you have heard of EFF before. >> Great. >> Amazing. Amazing. Amazing. For anybody who is embarrassed to not admit it, we are a nonprofit that defends civil liberties and human rights and privacy in the digital world. And we've been doing this for 30 years. We are members supported and over 30. What? >> 30. It was 1990 Cooper. So, it's 36. >> Okay. What? Good god. Uh 36 years. We are member supported uh through donations from folks like you. Uh so we appreciate you being out here and we wanted to give you a chance to ask us anything you want about any topic you want. Um so I am Cooper Quinton. I am a

senior staff technologist at EFF. I have been at EFF for 12 years now. Uh much to my surprise my slides earlier said 10 years. Um I work on many things. I started out at EFF working on our privacy badger project, which is a browser add-on to block the trackers that follow you around online. Um, I have since worked on many other things, including a nation state malware, which was targeting some of our clients. In fact, uh, which turned out to be a cyber mercenary we called Dark Caracall that was working for many different countries, uh, whoever would hire him really. and uh last we know now they are in league with one of the ransomware

gangs. Um I have also worked on other projects such as our threat lab which is a project to act as sort of a cyber security research division for people who the cyber security industry often ignores. People like sex workers, undocumented folks, people in abusive relationships um and that sort of thing. my uh uh so so as part of that team um we've uncovered malware on low-end children's tablets we have uh done lots of research and put a stop to a lot of the uh spouseware industry which is spyw wear specifically for spying on your spouse or a girlfriend or boyfriend um and we've done many other interesting things now my primary focus is law enforcement surveillance tools um I have

a project right now that some of you may have heard of called Ray Hunter. Um, this is a, if you haven't heard of it, this is a project to look for cell site simulators, MC catchers, fake cell towers in the wild. Um, and it's a free software that runs on a $20 mobile hotspot that, uh, lets folks see in real time if something suspicious is going on on the cellular network. Um, I'm also doing some new research on Celbrite, uh, and phone cloning. That should come out later. Um, and I've looked at license plate readers and many other things. Uh, so this is where my head is at and I'm happy to talk about many of those things

and more. And now I'll let the rest of my colleagues introduce themselves starting with Sam. >> Hi, I am Samantha Baldwin. I am a policy and research staff technologist on the public interest technology team at EFF. Um, primarily I review legislation that our activist teams have uh and legislative teams have sent to us. So both legislation at the federal level and at the state and sometimes municipal level um we try to make sure that lawmakers pass laws that are good for your privacy, good for your digital rights and try to prevent them from making gigantic mistakes that have you know farreaching effects. A lot of the people drafting these bills do not have a technologist staffing um for them. So,

it's very important that uh groups like us get a chance to make our voice heard um and and ensure that you know the legislative landscape uh looks looks good for the future. Um I also I sometimes work with Cooper on the Ray Hunter project. Um mostly doing some reverse engineering and device porting. Um that's mainly what I do at EFF. So, I'll leave it there and let David go for it. >> Hi, I'm uh David Green. I'm EFF's senior counsel. Uh, I've been at EFF since the summer of 2013. And so since you all are really good at math, I'll let you figure that one out. Uh, and I'm here representing uh, EFF's entire legal team

uh, on this panel. Uh, and and can talk broadly. Yeah, thank you. Uh, if you've heard of the legal team, you should shout. Yeah. Um, you've heard of a lawyer. >> If you've ever heard of a lawyer. Um and so um uh and uh so I've been a DFF again for for that number of years and and uh the primary our legal team does a lot of things. Uh our our main focus is on litigating uh in in uh US courts on uh the issues at the intersection of human rights and technology. And I'm happy to answer questions about about what that looks like. Uh we have now about um I think I counted uh 14 active pieces of

litigation going on right now. Uh there's one that's like just about to wrap up, but I included that one also. And um and then in addition to that work, we also do a lot of work of filing uh friend of the court briefs. Uh so where we're not a party, but there's litigation that's raising really important issues and we think that we have uh expertise or insight that will be really valuable to the court. We do we do quite a bit of that work uh as well. And then we also have a function where at EFF we as the lawyers actually uh are the lawyers for our colleagues uh for our technologist colleagues who are

building tools uh and um and and devising policy around around technology and for our activist colleagues who are planning campaigns and writing a ton of things like that. My individual focus as a lawyer is my my expert my expertise is in freedom of speech and so I do a lot of uh lead a lot of EF work EFF's work um on uh on first amendment issues in US courts uh we do do some work in international courts uh as well uh um but mo the focus of our litigation is in US courts and that will be my introduction I'll pass on to Katherine >> uh hi I'm Katherine Chundcasta my current title is I believe the director

of policy and advocacy at the electronic frontier foundation. I that means that I am one of the senior members of the activism team. One of the as you've seen these are the sort of three branches of EFF technology uh legal and activism. Our job is sort of a combo. We are all subject matter experts but we are also generalists in messaging, generalists in grassroots organizing in also uh like a some of us work on things like um the surveillance self-defense guide which teaches you how to go through your devices and enable the most secure settings etc etc. So we all do that. My particular focus is in federal legislation. Um the people who I work

with uh generally work in areas that are federal laws here in the United States. My areas of specialty where I am a subject matter expert are copyright, net neutrality, um free speech, generally competition and uh and for my sins AI. Um, so those are the areas that I generally work on, but I also work with a lot of people in the advis team who work across the board on on issues. >> Awesome. All right. Well, we have some uh fantastic questions here. Thanks to you all uh for figuring out Slideio on such short notice. Um, and uh, Katherine, for your sins, I'm going to throw the first question to you. >> It's going to be AI.

>> It is. It is. Um, so what privacy and digital rights concerns are exacerbated by the AI evolution? >> So AI in the same way as the internet at large uh is does all of the all of the concerns that already existed continue to exist. It's speed and its uh volume. That is the thing that AI tends to do. It's the same thing that happened with the internet. Um the when people talk about like concerns about hate speech, it's not the internet that made people do hate speech, it's the speed and volume of hate speech. And AI is very similar in that when it comes to concerns about surveillance, concerns about how much data private companies have and what

they're doing with it, all of that stuff is um exacerbated by the the evolution of AI as a technology. But the concerns themselves largely stay the same. It's again speed, volume, and in some cases how much more interested people have become in those issues, which for us is very good because I always um talk about a lot of people have heard recently about automated license plate readers. A a pretty niche interest of um these cameras that track where your car is going by reading your license plate. And many people at EFF have been working on it for a very long time, but it has recently become something the average person is concerned about partially because it's being fed into these large

language models or just these sort of like government surveillance AIs. Um, so the speed and volume is it, but the the what we often say at EFF is it's not the technology, it's the use. We were always against surveillance and it doesn't matter what new technology pops up if it's being used by the government to uh impinge on your rights. We don't really care what the new technology is, we'll still be against it. Wanted to tack on just everything Katherine said is absolutely correct, but also ALPRs. We're in California. A lot of motorcyclists aren't necessarily running a plate, but they can still identify your car or your vehicle even if you're not running a plate because

they can just say like, "Oh, it's a green Honda, etc." very small technical aside but I thought important to add. >> Yeah. And the other the other issue that I see with AI that I'm concerned about is AI use in policing. Right. So there's two two things two of the things we know about AI. One are it hallucinates and two we don't really have any idea how it comes to its conclusions but we know that the data in informs the data out and we know garbage in garbage out right. So AI has and and to exactly what Katherine said, um bad policing already existed, over policing already existed, AI stands to increase the speed and

scale at which bad policing and overpolicing happens, right? You might and so if you have crime AI crime prediction software, right, it's going to predict that there will be crime where there was already crime. Crime normally happens in low-income neighborhoods. This is going to overp police >> where it's normally reported. I was say it's police file reports in certain neighborhoods. >> This is why we have lawyers and activists. Otherwise, I'll stay stupid crap. But yeah, crime is reported more in low-income neighborhoods. And they're already overpoliced. So, they will this will cause them to be further overpoliced. Maybe we'll put somebody in jail and we won't even know why. It's because the AI said so, right? So

there's or or the AI will will use AI facial recognition and it will say that I am actually DB Cooper uh when I am definitely not and you shouldn't ask any further questions about that. >> So it it is it is bad when when police or you know it's bad when we rely on AI and get it wrong but that just means that our code is buggy. when police do it, it means that somebody's life is ruined. >> And and no one has asked the question yet, but just to anticipate it, I the answer from the lawyers is largely the same as what you heard from activism is that um there's really very few situations where the fact that the bad

thing was created by AI changes the legal question at all. And so we might have more of these legal questions coming up because there's a lot more of this happening at a consumer level. But the fact that that that the you know that the harm was caused by AI rare I mean not all the times but rarely rarely changes the legal question. And just just as an example I think it was about six years ago now um when sort of in the first week of deep fakes like being a word. Uh, and a lot of the talk was around um, well, should deep fake technology be banned? And and so we wrote we at I was doing all these

interviews about that and we at EFF wrote this blog post that essentially said um, no, like we don't like banning technologies and to the extent it's causing harm, here's like the, you know, 10 different ways the law deals with harm caused by false information. And none of that has to change because it was created by deep fakes instead of created by just by a human being or by some other by some other tool. And that that's largely the same. Now that was also a very unsatisfying answer for most people. Uh but it it remains true and I think the it's the same thing with AI. There are some questions and we have a whole team of people who really think

about the intersection of of AI and the law and where it might matter. But you the the vast majority of situations uh the fact that how the harmful speech was created it doesn't really the tool that was used doesn't really matter. The one thing that is a little bit different with AI is just something I want to highlight is what I call like sort of civil rights uh laundering where they say no, we didn't do it. The AI did it and the AI is objective. Therefore, it's it's not what it seems to be. You can't say the AI is racist the way you can say a cop is racist because it's just looking at data, which we all know is

functionally wrong. If the data you gave it is every data of what the cops have done in the past, it's going to replicate what the cops have done in the past. So that's more of it's not like a harm caused by AI, but it is a way that it's being used by people to sort of like I don't know like AI wash what they're doing in the same way people do greenwashing. That's that's the thing that is a little bit different, but it's you've seen that in other >> This is more AI absolution, right? like like I'm absolved of any any responsibility because this this >> can't have intense >> sensient tool made the decision and

>> all right uh next question. Uh now is the scare the crap out of everybody around. What keeps you up at night? Uh who wants to who wants to start with what keeps you up at night? I mean what kept me up I can start if you're all thinking what kept me up most recently was anxiety about all the wrong decisions I made in my 20s. But I don't think I don't think that's the spirit of the question. Um what what >> I can start on this one. >> Yeah, go ahead. >> Yeah, I mean I mean I I there's the practical level that's not relevant to this panel. A lot there's a lot of

things that our current federal government is doing and the fact that we have I'll have to deal with it tomorrow tends to keep me up at night. But I I think in terms of EFF topics, I do think and may and this might be true, the single biggest uh existential threat I've seen to a free and open internet uh is the tremendous momentum behind uh mandated age restrictions online that is spreading around the world. And um and uh it it metaphorically keeps me up all night because I just feel like it has such momentum behind it. and uh and I think it's such a dangerous and awful idea, but it's spreading all over the world and and and and there's it's it's

a very different it's a very difficult political issue. It's tremendously popular political thing to do and I and and there's lots of reasons why we oppose it and we have if you really want to dig in, we have a whole >> resource hub. >> That's the next question >> on it. But but anyway, I to me that's the that's the one issue that I feel like is would really fundamentally change uh the nature of the free and open internet. Um and also where I feel like we're losing on it. >> Um similar to David, I have many things that keep me up at night and there are many things the government does that are not areas of my expertise. So I just

have to focus on the things I can affect. The thing that keeps me up at night is how few tech companies are allowed to exist right now and the severe choke points that creates and the ways in which those companies have chosen to act in the past. Um, and the conflation of a free and open internet with five companies versus the wonderful and weird world that it used to be. Um I there there are like whenever people ask me like well how do you fix this thing? It almost always comes down to to privacy law and competition law. Like for me it's the well if we had privacy laws that we just had, you wouldn't have

to worry whatever new technology popped up that protected your privacy. They'd have to protect your privacy. And in the same way, if companies, if we had functional antitrust law in this country, companies wouldn't be incentivized to just try to be the monopoly. And that's kind of the the business model. And it's kind of what leads to a lot of things. And then we have only a few companies. They're really easy to influence. and they have their own things they want to do and they make choices and they're much it's much harder to influence them than a free and open societ like not influence it's much harder to fight one giant company than it is to like find the

company that's doing the thing you want and just use their stuff and so it drives me crazy. Yeah, I can go. I'm almost hesitant to say this because it's almost an endorsement of these technologies um the the things that bother me um since the you know the government's goal seems to be terrorism but um you know the fact that there are tools produced by companies like Palunteer and Anthropic that the government uses to hallucinate facts that they then use to murder people on our streets and abroad um really bo deeply bothers me. >> Yeah. Um I mean my my answer is pretty similar. The the thing about my job that keeps me up at night is the concern that

they have done a pretty good story. I'm sorry. A pretty good job of telling people the story and convincing the story that ubiquitous surveillance is needed and is happening and and that it works, that they are able to uh you know catch people with this, that they are able to catch the bad guys uh or whatever, which is a [ __ ] phrase, but um that that people will become so convinced of this that they won't that they will believe in the panopticon and that security and privacy nihilism will take hold and nobody will want to speak freely or oppose the terrible things that our government is doing um because they are afraid for their lives legitimately or otherwise.

And that is that is what concerns me is just the the privacy nihilism completely taking hold. Um that's what that's what keeps me up at night related to my job. Well, that was fun. Um, the next question back to um age verification. Uh, what security and privacy problems will be created by age verification in the operating system and what do we do about it? >> Do you want to answer the tech question? >> I mean, the loss of privacy is pretty obvious, right? um that you now have a you know something integrated into the operating system that has demographic information about you something that was not otherwise like you know something you'd provide to um provide to the

operating system that's now available to application developers. So um you know tons of code runs on your computer um you obviously can't audit all of it and um watching you know these the you know these projects uh you know willfully include this stuff is disappointing instead of um fighting back. I I don't know if that's answering it exactly but um you know >> well I think I one of the questions I always get Sam is like well is it better they have this at the operating system because then only one like you know you're reducing the number of like so at least it's not every service it's the operating system but like does that does that matter

given well first of all how monopolized operating systems are and also like what a honeypot of information that is yeah >> no it doesn't it seems like it's making it available to more, right? If it's one application you run and like you're running the Discord application and it asks you for, you know, some kind of age verification. Um, you know, that's limited to just Discord. If you provide it to the operating system and then it's available to every application running on your computer, um, it's easy for that information to leak out otherwise. So, um, it's just creating, you know, it's more attack surface. I mean, a big issue with it is that the law, as far as I

understand, doesn't really specify an implementation, which usually, like, you don't want to specify an implementation in a tech law that will always go badly. Um, but in this case, it's going to be up to OS manufacturers uh how to implement this to a large degree. I'm I'm correct about that. Right. Well, those laws are different and there's there's one particular one in California that we're all really concerned about because it's unclear whether or not how it seems to define operating system quite broadly. >> Right. Right. And so this will like and so it's there's a question of like well are you going to have to upload your ID to Microsoft or Apple now? How are they

going to do this? And then can is is that store of IDs going to get breached eventually? Yes, 100% it will. Of course it will. It always does. Um it already has for Discord. Discord already had their store of IDs get breached and and leaked on the internet, right? So like but the the the end of you know if this signals the end of being able to speak anonymously online and be anonymous online that is very bad. But it also has bad effects for open source because the way the California law is written, I don't want to get over my skis here, but it's it's very unclear what this means for open source. Does this mean that

Linux has to put in age verification or it's illegal? Um we don't David does it we don't know >> we don't the law is not written well uh I think the other thing I wonder there's also I think I I under there's two things I always I always say with these questions one is that um people share devices and um and in and these laws also aren't just about like telephones they're usually about any interactive device that has an operating system so that usually will include things like smart TVs, um like you know an iPad or you know video game consoles um I think some of the it could even it can even include like the smart

appliance like the smart refrigerator you know whoever whatever crazy person has cars yeah so it um >> so a lot of people share these things and there actually are a lot of multi-generational households where people of different ages is share devices and the response. So there's a practical issue of okay so the way this works everyone will have to set up a like their own account and everything. Uh but you're you're just getting to a point where um the the what'sever we've seen things like this happen is that everyone will just use the same account because nobody wants to go through the trouble of having to sign out and then resign into the refrigerator or whatever

it is. um or even ingest to like the smart the smart TV and um and so ultimately this the operating system level age targeting it as as the being the holder of the age information I think isn't ultimately going to satisfy regulators who really want to deny kids their rights. Most the the express purpose of age restrictions is to not is to deny young people access to information they have a legal right to have access to. Um and once the oper once the operating system uh targeting starts failing because people share devices and they and they don't want to have to you know have their kids sign in separately or they don't want to have to

sign themsel it's more probably the kids probably don't care as much as the adults do but um you know that we're just going to have the targets that's going to move uh someplace else and in the meantime the tremendous harm has been done is that we've normalized this idea of of you know having to having to you know provide this type of information uh to use an online service. >> I often say sort of about age verification and other sort of um young people targeted things is a lot of these laws assume a lot of things that are just not true. They assume everyone's parents are good parents and are not abusive. That is not the case. They assume everyone

has a driver's license or some form of government ID on them at all times. Also not the case. Uh they assume everyone has their own device rather than sharing devices. They make a lot of assumptions that are both bad from a technical implementation level and bad from a like what kind of world do we want to live in level. And it goes all the way down. And I I it's and the reason it's so hard and it's sort of always been talked about is you know for many things and historically this has been the case when people say it's for the children it's very hard to have those kinds of conversations because rightly people have really strong feelings about the

safety of children. Um and they don't like to be told their ideas are wrong and they also think that anyone who thinks their ideas are wrong hates children. Um and that just becomes very difficult especially when you're just even if you're just trying to say there's a privacy problem. >> Yeah. And you know from we we we can move on to the next question but from you know from a from a human rights framing what we see is espe shared devices you know and that how that will disproportionately affect multi-generational households. Um this is just really typical where these laws tend to hurt the most vulnerable pe. This is the human rights frame. I mean, you tend to

uh tend to harm the most vulnerable people uh much more than they do other people. So, uh so uh poorer families that are that have you know several generations living in a household uh kids who are kids who are not in supportive households or maybe in foster care or maybe in refugee camps or whatever, you know, who don't have parents around who can sort of just help them get around these things. There's a lot of ways. There's a ton of a lot of the purpose of these systems is to build friction into the system just to make it harder for young people. Um, and the easiest way to get around that friction is just by throwing money at it. And

again, that's not available to a lot of kids. >> I also would love to see a law written by people who are often much older than any child can't figure out the technology around. >> I mean, also, don't tell me the Epstein class gives a [ __ ] about child. This is about keeping queer children from finding out information about how to be safe and healthy >> explicitly. >> All right. Uh uh next >> light cheery questions. >> Yeah. >> Can you all up vote? >> Really bringing up the mood here. I'm >> I'm gonna need a drink ticket from each asked a question tonight. Um >> yeah, my favorite food is French fries. >> All right. Uh next question and I I'll

start this one out. What is one of the best ways to support activists who are worried about operational security in the face of the Trump administration? Um, so I'm I am uh pitch for my talk tomorrow at 2 o'clock. I'm going to talk about how hackers can fight back against ICE. And this is going to be in the IMAX theater um around 2 o'clock. The talk times here are weird. It's like probably 1:55 or 2:10 or something. Um but 2010. Yes. Uh generally speaking though, I think that the best thing you can do is to understand the technologies that ICE has and understand what their limits are and how they're using them and that they are

not magic. A lot of activists, a lot of our activist friends think that the panopticon is perfect, that ICE is spying on everything all the time. All the time I hear, "Ah, signal is broken. we can't use signal cuz signal got hacked. We can't uh you know every ICE got malware so everybody's phones are going to be hacked all the time and there's nothing you can do about it. And this is not true. This is not actually reflective of the real situation on the ground. So you all being people who understand technology a bit better than the average bear can help your friends threat model help your friends understand what risks they are willing to take what risks they are

okay with taking and how likely those risks actually are and help them understand what the technological realities actually are what they have to worry about what they don't have to worry about and what they can do about that. Um, and again, I'll be I'll be talking about this more in depth tomorrow. Um, but I think that that is the most helpful thing we can do because when we start to spread rumors like that signal is broken or that uh, you know, ICE can hack anywhere, any anybody anywhere, anytime or that ICE is breaking into people's cars with flippers, which is one that I really heard. >> Um, which is insane. Like that is so not

true. That um it's it it doesn't help us. It helps ICE because it makes people and it helps fascists because it makes people afraid to go out. It makes people afraid to speak up. It makes people live in fear and that that means that people aren't going out and protesting and being with their neighbors and being in their community and that makes us far less effective. So, this is, I think, the best thing you can do to help activists with their opsec. >> Um, I'm going to throw something in there, Cooper, because it's not just what technology ICE has, right? >> The other thing that's incredibly useful, cuz it's the thing that most people on the ground don't know. It

isn't something most people think about. I don't think about it. I'm on the activism team. I usually just show my phone to Cooper and be like, "Make it better. Make the phone safe." Um but it is it's it's helping people understand the tools they are also using and what are available to them and what the tradeoffs are in using something like a signal or a secure drop or any of those sorts of things and which works for what situation. So it's both what the technology um the technology that the government has at at its hands and understanding its flaws. I think one of the good things to come out of Minnesota, uh, is to see just the fact

that it's clear they're not good at this. Um, and then the other part is what tools are available to you and how to properly use them. Um, we have, again, as I mentioned before, surveillance self-defense is a thing. We also have a a couple other projects that we're scaling up to get that information out. I you know I find when I talk to um like like groups that are planning protests just to like answer some legal questions I end up the most helpful thing I end up saying isn't a legal thing at all but just like walking them through how to set disappearing messages >> you know like and and the legal hook being that you know if if it's on

someone's is awesome that was end to end encrypted in transit but like if it's sitting on someone's phone and their phone gets used by the police you know it's it's there so >> turning off biometric >> yeah I was going to if you're going to tell them we Got 10 minutes left, y'all. >> Uh, if you're going to tell them two things or if you're going to tell them one thing, uh, turn on disappearing messages on Signal on all your signal chats. If you're going to tell them two things, turn off your biometric unlocks face fingerprint when you're going to a protest. Um, if you're going to tell them three things, check out SSD. Get

>> We have our >> We'll tell you how to do those other things. >> SSD.F.org. If you're not familiar, we have our surveillance self-defense guides at ssd.eff.org. We have a full-time member of our staff whose job is to keep these up to date and make sure that we are correct. Like one of our technologist jobs is to make sure that we are technologically correct and have the latest and you know best known advice. Um so these are really good guides. It's an amazing resource. One of the only continuously updated security guides on the internet and I highly recommend checking it out. Um and I had a correction. My talk is at 12:15 tomorrow in the theater.

It was it was it it is titled uh how hackers can defrost democracy. It was a bit of a dog whistle. So, um but not the racist kind, the cool kind. >> Um all right. Uh so, let's see. Oh, yeah. Oh, this is a this is a fun one to to uh wrap things up on. What are some of your favorite wins in the last year? >> Don't everybody speak at once.

It's not been a great year for winning. >> I know my my bigger It's not even that it's that we don't have them. It's that my brain is broken and I can't remember what was the last year versus any other year. Like that is that is consistently a problem I have. >> 2026 has been a hell of a two decades. >> So I I I just I'll do the lawyer. I'll do the the lawyer. We've actually been doing really well as a legal team um in in some way. So, um you know, historically when you litigate against the US Department of Justice, you're facing some of the best attorneys, you know, in the country. Um because, um and

you know, it's not that way anymore. Uh and so uh and it's and it's really actually it's quite tragic and it's awful for our country that the lawyers representing uh the country are are are just not as like are several steps down from from what they have always been in my 35 years of practicing law. Um and so um so there we've you we tend to be winning our our cases. We had this really great and and even on the and I'm going to talk about a cases on the state level. We had this great victory um against the Sacramento Municipal Utility District um which was spying on people by through their smart meters. Um and so

so it was really great. But I I I the one I and I'm going to actually answer the question though I just come back to because to me it was such it was so fundamental to just sort of the rule of law um in in the US is that um when the Trump administration started going after law firms uh for um well for not kissing his ring uh and and try and I don't know if people remember there were there were uh four major law firms in Trump administration said we're going to pull the security clearances from all your lawyers. We're going to not we're going to uh not allow government agencies to hire you. Um and many of these firms

have very big government contract uh uh practices. That's a big economic hit for them. Um and this was either to punish them for representing sort of lefty causes or because they had on their staff a lawyer who used to work like in the Biden administration or the Obama administration. Um, and I remember thinking and and I I we had heard I knew that one of the well the first firm that was going to challenge these things was about to file something and I remember thinking, oh well, we need to put our statement out supporting the US legal profession and its independence. Um, and and we need to rush and get it out when this we were hoping to file an AMA brief

but reason. Anyway, we and I we have to get out because everyone else is going to be putting out these statements and so we put out this statement and we were the only ones who put out a statement. And um but I remember how quickly that changed and and within a few days like uh a lot of other firms were pretty outstanding around the legal profession and there was a loss also a lot of finger wagging at the 12 big law firms that completely caved and capitulated um to the government and then when the cases from the firms that that challenged this went to the courts they all won resoundingly and and the reason I think that's so important is because

it's just so fundamental to every other piece of impact litigation going on that we have that we have an independent uh legal profession that's not uh beholden to the to the executive branch. um a good answer >> from the activist point of view. What I will say in the last year is I'll bring up the ALPR things again is we've had a lot of success getting local um local governments and people in local areas to say to their local governments, "Turn the cameras off. Just turn them off. We don't want them anymore. You're coming up for a contract renewal. Don't renew it. don't do it and we're going to show like um I I often I said this on

blue sky and a bunch of people liked it. It's activism is being just slightly annoying. Never underestimate how being slightly annoying how far being slightly annoying can take you. That is in fact, no offense David, that is in fact the entire thing that the legal profession is is lawyers have a have a of a level of a being annoying that cannot for background both my parents are lawyers and I also have a law degree. >> Uh there are levels of of annoying that the legal profession can unlock that that can that introduces a lot of friction to attempts to take your rights away that make it harder for them to do that. And in the same way showing up to

a we put out information and we help people show up to their local governments and say turn the cameras off. Duff people do that. They'll turn the cameras off. >> Reverse engineering is also a great way to be slightly annoying because you can take the claims that companies make and say I I looked at it and and no, it doesn't it doesn't do that thing that you said it did. Also, it does these bad things. I looked at it. Here's the code. I can prove it. Yeah, Katherine's answer was largely my answer, but um it's very satisfying to see a bunch of bad bills die in committee. Honestly, I don't have specific examples, but there's a lot of

privacy, non-preserving, invasive bills that get introduced and just end up going nowhere, thankfully. And sometimes that's due to the work of my amazing colleagues who do lobbying. So, >> um, my favorite wins in the last year, I don't know if it's really in the last year, but I'm I am very excited about the redeeentralization of the internet. Boy, that's a mouthful. Um, but there's some really, you know, uh, uh, um, you know, Masttodon and, uh, to a to a to a degree, Blue Sky, um, getting off of large corporations and, getting off of large platforms, things like Meshtastic and Meshcore, right? Um, and just generally like there's a lot of uh cool thought going into how we

rebuild the internet in a way that is not owned by, you know, three or four giant companies and how we can how we can sort of bring back, you know, like a a thing I've been thinking about a lot lately is I, you know, I was a tech utopian or at least a tech optimist, right, back in way back in the Hey, right. I really thought that the internet could bring about, you know, an amazing and better world. Um, and now I don't. Right now, I'm very pessimistic about where things are going. And it's looking bad out there, y'all. Um, but I think that we should be tech optimists again, but not naive optimists, right? I

think we should be building the better world and better internet that we want to see, right? There's an awesome project like Veil is a really amazing project where they're trying to just build a framework for being able to build secure peer-to-peer applications that don't rely on servers or any sort of corporate infrastructure and I think it's amazing right so like I want us to be optimists again and I want us to build a better future an internet that is not controlled by large corporations and that is happening and that's what makes me very hopeful. I'm still an optimist Cooper. Well, >> that was a mistake. No, I still again I'm just uh you know I

I I still think and and I don't look at it like through completely rosecolored glasses but I still think uh there are uh people uh throughout the world who are despite the corporate controls and despite the monopolization and despite governments trying to prevent it, there are still people out there who are finding community in a way that they would not otherwise be able to find. And um again, it's not working as it's not as accessible to them as it should be and it's not as uncontrolled to them as it should be, but it's it's still it's still happening and it's still such a valuable thing that's worth preserving and and defending. >> Uh yeah, I I the internet is a mistake

is my uh is usually my slogan, which which is not true. I've spent my entire career working on the internet. I was a journalist at a digital news outlet before this. I've my entire career only exists because the internet exists. But similar to Cooper, one of the things that because of my previous uh experience, one of the things I do highlight is we're seeing a lot more like the rebirth of independent journalism in sort of these journalistic co-ops where the journalists own and produce it. Um even things like Substack. Um, but just sort of not just that these things are being thrown out, but people know to access them and are trying to. And that to me

is sort of a refragmentation of the internet that I do like to see. >> Shout out to EFF award winners, 404 media. And also check out the Coyote. They're the local Bay Area one and they're doing really awesome independent reporting here >> and the Southlander in LA. >> And that is all the time we have. Uh, thank you all so much for coming and thank you for being here. >> Big round of applause. Amazing. amazing panel. >> Real quick things, if you want to find out more, if you want to ask the other many, many e excellent questions that we didn't get to, or if you want to support EFF, we have a table up on the

mezzanine, come check us out. Like I said, we're member supported. The the the biggest part of our income comes from member donations from folks like you. So, please come check it out. Thank you so much. >> Fantastic. As an OSENT practitioner, I'm absolutely fascinated. It's amazing. Second, I want to acknowledge the audience. This is the last panel of the day and we had 45 questions. That's the most of the whole day and two were like 17 times then 15 then 13. You really participated and we appreciate that feedback. And third I want to acknowledge Fee and Sunny our um speaker liaison as well as Tater who's on camera and also Marco on audio and visual. We

could not do this without all of our volunteers. Thank you so much for being here.