Around fraudulent fraudulent draws, not around the technology of the use of the credit card itself. I was going to add, we talked about security and confidentiality. We didnt mention the availability part. People talk about the triad that comes up a lot and this is a case of availability, people are dependent on a system in order to eat and this is not having that secured against an attack is a place where the security failed a group of very Vulnerable People and again, nothing to do with confidentiality but availability, we have to think about that, as well. One of the sayings in communities that are focused on Economic Justice or Community Development is that systems for the poor are poor systems. And hopefully well see that changing in the future. I saw a hand go up here. Yes, this gentleman in the green. My question is about the like the topography or the geography of how the Digital World actually appears. Just thinking about the weather these days and about that weather doesnt follow along county lines and the internet obviously doesnt fit necessarily in National Borders so how should we look at the internet and how we connect to it and how we interact with it, perhaps just markers with which we change our behavior, when we get online, when we use our phones and things, what are some things to understand based upon how you would describe what the internet is actually how its actually designed and then how we should interact with it. Can you be more specific . How we should interact with the internet is a big question. Well, ok. To be on the more technical but also brief. I guess on the more technical side. Ive used servers to watch bbc internet videos that i cant see because im in the u. S. But my Digital Identity can be copied and i can fake it. So how do we i guess thats what im more curious about. If this can be done all over the world and i can appear anywhere in the world instantaneously, how do we if we dont understand it as well go about protecting ourselves or interacting. Just things to keep in mind. Well come back to that. Great panel. Im learning what you guys make of the trend of providers charging for the privilege of not to be tracked. At t, enrolling in its gigabit service, will allow you to opt out of super cookie tracking for 29 a month although the answer is fairly obvious. What do you think this means for lowincome users for privacy and security and do you see this to be a growing trend . Its clearly a growing trend and its not just at t doing this. Another situation with a similar consequence is the facebook zero style plans. For folks unaware of how this works. Facebook zero is when facebook toss your mobile provider, well cover the connectivity costs as long as youre talking to facebook so what if you could get your mobile phone plan and your mobile phone plan was free as long as the only parties you were talking to was facebook so facebook becomes your mobile phone and thats your network and theyre sitting at a Central Point for Data Collection and surveillance. The answer to your question, maybe its a leading question, but the answer is that for communities without funds, that is the only way that theyre the answer to your question, maybe its a leading question, but the answer is that for communities without funds, that is the only way that theyre going to get initial access. And the longterm view of that is that actual access, what we currently think of as the internet to the, like, whole world, could become the domain of just the people with the ability to pay for it and i think thats a tragic outcome if that continues in that direction. We have time for one or two more questions. I see this gentleman here. My question has to do with existing infrastructure already in place affecting everyday cyberSecurity Issues for everyday people. What would the proliferation of the use of the tour browser have to do with Security Issues affecting everyday people . Do you think thats a good solution . Thank you. I would love to see more people using the tour browser. I dont think its a solution to all the problems we face. The tour browser provides a specific set of bounded anonymity preservation but it would be great to see more people using it. Again it doesnt solve all the problems. I was happy to see Facebook Open a tour hidden service, not because i have a particular stake in facebook. I dont actually use it but i am happy to see that thats there because it points out that the use of tour is a fundamental its an activity that many people would want to do simply because theyre blocked from the Network Services that they want, whether thats by their government or by their employer or by their by their Home Internet provider. So so i want to end with a question that will hopefully get us thinking through the connection between this conversation and the rest of the conversations that well have throughout the day. So throughout the day, well have well see this concept of cybersecurity in all of its permutations and i get the sense that the conversations and some of the ideas that we have been talking about in terms of accessibility availability, now affordability, protocols and standards setting what do you hope of these issues that weve been talking about this morning and this session travel or intersect with some of the conversations that are happening later today . Maybe i can follow up on two questions. The anonymity question. I think there are a lot of times in what we call real life or the flesh world where we rely on anonymity and the Digital World, the way it is designed right now, makes it very difficult to enact these things in the real world anonymously. Crisis lines have been an example. And i think its very important that we think that the digital and real world are enmeshed that we have to make sure that certain basic cultural and societal practices like anonymous speech or anonymous access to Services Also remain available in this new enmeshed environment. Im not saying online. This new environment. And the gentleman who was talking about afghanistan and syria, those are some of the most surveilled countries not only by the u. S. But by virtue of making that available, were enabling parties in those countries to surveille on their own populations. In the case of syria, they have massive amounts of deep pocket software from companies in the west and theyve been using that to surveille their population which is endangers any of the populations of minorities or disenfranchised People Living in those societies so while we can always look at the security and privacy of the tools that we develop, they are only as secure and as private in the general environment in which they exist and if we go for an environment based on surveillance because we think thats a good strategy, were endangering the existence of these tools and therefore anonymity and privacy in this new enmeshed world. So lets think of things as an interacting system. That is correct. I want a word or two from tara and daniel. Its hard to add on to what seda said. I liked the discussion of the Virtual World and physical world. We spend so much time in the digital, we tend to forget that we have broader communities and social systems that we interact with so i would like to hear more discussion about our larger social and interpersonal systems in our continuing discussions throughout the day and beyond. Quickly, daniel . To add to what they said, i just wanted to reinforce the idea that as policy proposals are made, they often have technological components and if you ask for a policy proposal that allows the kind of deep surveillance that we have been sort of warning about here that surveillance is not just going to ultimately be used by the parties that you think will have access to it and i think we just want i just want to make sure that proposals like that are understood in the risks they pose to the network as a whole and everyone involved in it. Great, thank you. Please join me in thanking our panel. [applause] before i announce our next speaker, i wanted to let people in the back who might not have seats know we have plenty of seats in front so please feel free to move up here, especially here to your left, to my right right here. Our next speaker is dr. Heather ross and im particularly pleased to welcome her here today. Dr. Ross is a visiting speaker from the university of denver and she will talk about new and old ethics and what Immanuel Kant can teach us. Thank you for inviting me. I am a weird individual for an academic. Im trained as a political scientist but i do law and ethics and political philosophy so i like to merge these together to think about new technologist so today my job is to tell you how we can look back 200 years to somebody who can help us find information to help us in the future. So this is how political scientists think about war. This is a bargaining model and what it assumes is two rational actors making rational decisions and this is literally how political scientists think about war but this is how and this is how they think about cyber war but this isnt how it works. We dont really face off in cyberspace with our adversaries. We dont look them square in the face like this. For those of you who dont know, this is gigi ping. We dont square off in the face. We dont even do good battles, like fun battles in cyberspace. We hit below the belt, we do it just enough to be irritating but not enough to trigger what we consider an act of war, right . And this is really telling so how do we figure out when all of these below the belt issues are coming out. It would be really nice if we had Something Like a dark mark from harry potter that told us that when our networks were insecure, that we were owned that all of our data would pop up on the screen, right, youre owned, the dark lord is coming but we dont have any of this stuff and its hard to enforce our rights claims in cyberspace. This is where i think Immanuel Kant comes to the rescue. I think when we think about cyberspace and think about rights claims and enforcing our claims of justice and making sure that we can the state can protect us or protect our data or different types of things, right, kant tells us a couple of things. One, he says that the state needs to have the monopoly on coercive force in order to protect our rights. And to do this, right, you have jurisdictions, you have borders, you have laws, everythings great. In cyberspace, we dont have the monopoly on coercive force and jurisdiction is a problem and he says when thats a problem, you fight with other states and thats how you prosecute your rights when you dont have the jurisdictional claims that you need. Ok, you go to your army, you go to your navy. They help you enforce your rights but this is a problem in this completely insecure and its not a good bet so he says then you need to create a Free Federation of states for a defensive community much like nato, right. So we have nato, i call this social contract nato style, if you know any of the people in the back that i sort of shot faces in, kudos to you and if you can point out who hobbs is you know where hes sitting, more kudos to you. What i really think is happening here is that we need our friends. We need our allies, we need to get together and have cooperation, right . Thats what we learned from kant. We need trust. We need allies to trust. But when this happens, when we have these defensive communities and we have allies and we have trust, we cant do certain things, he says. In fact, we cant spy on our allies and he makes a really, really big claim about not involve what he calls dishonorable stratagems and to be involved in spying is to be engaging in a dishonorable stratagem so we know all these reports that come out over and over again about spying and different types of things breaking down trust, right . We have all of the different leaders of states saying that they are breaking bonds of trust necessary for allies and this is huge, right, when we think about cybersecurity because the claims of justice that we want to enforce, our rights that we want to protect require our allies and it requires we trust our allies but now were kind of not doing so who the that, right . In fact, googles executive chairman eric schmidt famously said were going to break the internet if we keep doing what were doing, right . So we have to bring it back down to building trust. We cant be what kant would call an unjust enemy, that is, someone who is engaging in dishonorable stratagems and threatening the fragile bonds between allies and peace so to be an unjust enemy, to square off, to fight against another unjust enemy, is ultimately to go back to a state of war, right, what he would call a state of war. And this is huge, right, because all of the International Agreements we have, all of the International Wall we have all the cooperation that we have so we dont involve ourselves in interstate war is based on very basic rules of trust but if we keep breaking those bonds of trust, we will undo the great thing that weve created, this great thing, the internet, that has given us communication, shopping. He was a big fan of shopping and commerce. He thought it would create bonds of trust. He said if you go visit somebody elses shores, youll learn about their culture so we need to continue to engage in the sharing of ideas and commerce and we have to stop, i think he would say, we have to stop thinking about shortterm goals of militarizing cyberspace, spying on our enemies and breaking down the very basic relationships we have to enforce our rights claims. He defended president obamas security and its 35 minutes. Thanks, tim. I have the honor and privilege of introducing our next speaker, john carlin, whos the assistant attorney general for National Security. He runs the National Security division which is about 350 federal employees who basically are responsible for prosecuting cases of terrorism, espionage, cyber issues and National Security in general. Previously he was chief of staff and Senior Council to f. B. I. Director robert mueller. Hes a graduate of harvard law schoo, and im going to engage him in conversation and then open it up to you. So, john, what is the role of the National Security division when it comes to cyber . Thanks, peter. The National Security division is the first new litigating division in the department of justice in 50 years. And relatively new. We were founded in 2006. It was one of the reforms from post9 11, and the recommendation was relatively simple. Prior to its existence at the department of justice, spy cases, terrorism cases, applications for intelligence before the foreign Intelligence Surveillance court, and cyber cases, all reported through different chains at the department of justice. So the idea was to set up a onestop shop at the department of justice that would have the sole responsibility for the National Security portfolio and thus be a bridge to the Intelligence Community and Law Enforcement. And in particular, one of the founding reasons for our creation was to tear down the wall that had existed prior to 9 11 both legally and culturally between Law Enforcement and National Security. And based on the fact that we were formed in response to 9 11 and terrorism events, in the beginning we were really focused on the terrorism portfolio. But with time it became clear that the National Security cyber threat was growing, both a threat thats here in terms of the theft of economic information by nation state actors and growing intelligence and the growing threat of the future which would be to use a cyber attack for destructive means. Starting in 2012, we really started to apply the lessons we learned from terrorism to cyberspace and that meant engaging and developing in every u. S. Attorneys office across the country, from the 93, 94 offices, specially trained officers trained to handle the electronic evidence in cyber cases and on the other hand how to handle classified sources and methods and to learn the patterns and practices and the intelligence about terrorist groups and nation states. That network is called the National Security cyber Specialist Network and we administer is through the National Security division and as part of it we make sure we have our criminal colleagues because at the beginning of a cyber case, it can be difficult to determine who the actor is. That approach and change in 2012, i think, simultaneously, the f. B. I. Put out an edict to the field that said were going to start sharing what were formally on the intelligence side of our house with these new specially trained prosecutors just like we did in terrorism cases and were going to use this new approach to make sure were bringing all tools to the fight against those who would harm our nation through cyber enabled means. It was a direct result of that approach that led to first ever indictment of state actors in the case against the five p. L. A. Officers in the spring of last year. I think last year was a significant sea change where you saw the results of this new approach and i think it also led to the ability to very very quickly have attribution in the case of the sony hack which we were able to do, from the beginning treat as a National Security matter. You mentioned the case, the cases against the five Peoples LiberationArmy Officers th