WEBVTT Kind: captions Language: en 00:00:03.300 --> 00:00:25.740 foreign 00:00:25.740 --> 00:00:27.840 good afternoon ladies and gentlemen 00:00:27.840 --> 00:00:30.660 welcome to this lecture which is somehow 00:00:30.660 --> 00:00:33.420 a warming up for the big official 00:00:33.420 --> 00:00:36.540 celebration of patterns Saints Day next 00:00:36.540 --> 00:00:38.160 Thursday 00:00:38.160 --> 00:00:41.219 since some time we know the names of 00:00:41.219 --> 00:00:43.739 five people who will be awarded an 00:00:43.739 --> 00:00:46.260 honorary doctorate because they are 00:00:46.260 --> 00:00:49.620 considered really as front-runners in 00:00:49.620 --> 00:00:52.260 their field as well as advocates of 00:00:52.260 --> 00:00:55.260 society on different issues and one of 00:00:55.260 --> 00:00:58.500 these names is and that's thanks to the 00:00:58.500 --> 00:01:01.980 nomination by the students delegation Dr 00:01:01.980 --> 00:01:05.400 Karen Sandler sitting here 00:01:05.400 --> 00:01:08.760 it was the vice Rector of research that 00:01:08.760 --> 00:01:12.000 asked me to do this introduction and I 00:01:12.000 --> 00:01:14.820 do this with great pleasure because also 00:01:14.820 --> 00:01:17.280 the topic is something I'm really 00:01:17.280 --> 00:01:18.799 interested in 00:01:18.799 --> 00:01:22.680 Karen is a firm believer of software 00:01:22.680 --> 00:01:25.799 freedom and in my own research field I 00:01:25.799 --> 00:01:27.619 should also maybe 00:01:27.619 --> 00:01:31.140 give some information on myself I am a 00:01:31.140 --> 00:01:33.000 professor of intellectual property law 00:01:33.000 --> 00:01:36.119 so I teach students about the legal 00:01:36.119 --> 00:01:38.759 protection of amongst other things 00:01:38.759 --> 00:01:41.880 software and I also have some parts on 00:01:41.880 --> 00:01:44.520 OPEC explaining the difference between 00:01:44.520 --> 00:01:47.400 proprietary software and open source 00:01:47.400 --> 00:01:51.000 software I'm also head of ctip ctip is 00:01:51.000 --> 00:01:53.520 the center for I.T and IRP rights and 00:01:53.520 --> 00:01:56.220 the law faculty and we do a lot of 00:01:56.220 --> 00:01:58.740 research not only on open source but 00:01:58.740 --> 00:02:01.079 also the data issues property of data 00:02:01.079 --> 00:02:03.899 and so on personal non-personal data 00:02:03.899 --> 00:02:07.200 especially in relation to health and I 00:02:07.200 --> 00:02:09.539 already admitted to Karen that our 00:02:09.539 --> 00:02:11.640 researchers or many of them have signed 00:02:11.640 --> 00:02:14.280 a letter to the I.T responsibles at this 00:02:14.280 --> 00:02:17.340 University that we should switch to big 00:02:17.340 --> 00:02:21.720 blue button but uh and I read in your uh 00:02:21.720 --> 00:02:25.099 article that that is also one of your 00:02:25.099 --> 00:02:28.200 favorite programs 00:02:28.200 --> 00:02:31.200 so as you all I am eagerly looking 00:02:31.200 --> 00:02:33.900 forward to hearing the insights of Karen 00:02:33.900 --> 00:02:36.420 but before giving her the microphone I 00:02:36.420 --> 00:02:39.239 should say a few words on her career I 00:02:39.239 --> 00:02:41.580 will be brief because otherwise I risk 00:02:41.580 --> 00:02:44.400 using up the field lecture time and that 00:02:44.400 --> 00:02:46.860 is not something I want to do Karen 00:02:46.860 --> 00:02:50.760 begin her career as a lawyer after 00:02:50.760 --> 00:02:52.620 having received a law degree from 00:02:52.620 --> 00:02:56.400 Columbia Law School she also holds a 00:02:56.400 --> 00:02:59.160 Bachelor of Science in engineering from 00:02:59.160 --> 00:03:01.019 the Cooper Union 00:03:01.019 --> 00:03:03.959 amongst many other things she currently 00:03:03.959 --> 00:03:06.720 is executive director of the software 00:03:06.720 --> 00:03:10.080 Freedom Conservancy which is a 00:03:10.080 --> 00:03:12.120 non-profit organization that supports 00:03:12.120 --> 00:03:14.700 initiatives that make technology more 00:03:14.700 --> 00:03:17.760 inclusive and promotes free and open 00:03:17.760 --> 00:03:20.099 source software false 00:03:20.099 --> 00:03:23.760 a mouthful of words but it in essence 00:03:23.760 --> 00:03:27.060 all boils down to two big words software 00:03:27.060 --> 00:03:29.220 freedom 00:03:29.220 --> 00:03:32.159 Karen has earned numerous Awards and 00:03:32.159 --> 00:03:35.640 recognitions but I invite you to check 00:03:35.640 --> 00:03:38.879 her website and explore these things 00:03:38.879 --> 00:03:39.959 yourself 00:03:39.959 --> 00:03:42.360 Karen it is truly an honor to have you 00:03:42.360 --> 00:03:44.459 with us today and without a further Ado 00:03:44.459 --> 00:03:48.840 uh gladly invite you to to take the 00:03:48.840 --> 00:03:53.760 floor 00:03:53.760 --> 00:03:55.200 Professor that was such a wonderful 00:03:55.200 --> 00:03:56.400 introduction 00:03:56.400 --> 00:03:58.980 I I would like to hear you give this 00:03:58.980 --> 00:03:59.840 talk 00:03:59.840 --> 00:04:02.879 maybe some other time we'll we should 00:04:02.879 --> 00:04:04.440 jointly do one 00:04:04.440 --> 00:04:07.440 um so I'm so happy to be here um with 00:04:07.440 --> 00:04:11.519 you today I'm I'm going to give you a um 00:04:11.519 --> 00:04:15.299 a story about myself and my work and how 00:04:15.299 --> 00:04:17.820 I got involved in software freedom and 00:04:17.820 --> 00:04:21.959 how that impacts our my view of how 00:04:21.959 --> 00:04:25.259 technology is in our society and where 00:04:25.259 --> 00:04:27.360 we should go from here 00:04:27.360 --> 00:04:31.259 so to start I need to tell you something 00:04:31.259 --> 00:04:34.680 about myself that I still to this day 00:04:34.680 --> 00:04:38.100 even though I have done probably 15 00:04:38.100 --> 00:04:40.199 years worth of advocacy on this 00:04:40.199 --> 00:04:42.780 particular Point uh always talking about 00:04:42.780 --> 00:04:45.660 my medical condition is is always a 00:04:45.660 --> 00:04:47.880 little stressful but I have a heart 00:04:47.880 --> 00:04:50.699 condition I literally have a big heart 00:04:50.699 --> 00:04:53.100 it's called hypertrophic cardiomyopathy 00:04:53.100 --> 00:04:55.620 and my heart isn't just 00:04:55.620 --> 00:04:57.960 um big it's really thick and so it's 00:04:57.960 --> 00:04:59.880 really stiff when it meets and what that 00:04:59.880 --> 00:05:02.580 means is that I am at a very high risk 00:05:02.580 --> 00:05:05.580 of suddenly dying the medical term is 00:05:05.580 --> 00:05:07.400 actually sudden death 00:05:07.400 --> 00:05:11.759 so that's okay because I have a 00:05:11.759 --> 00:05:13.380 pacemaker defibrillator that is 00:05:13.380 --> 00:05:16.199 implanted in my body this picture is 00:05:16.199 --> 00:05:18.660 actually the pacemaker defibrillator 00:05:18.660 --> 00:05:21.000 that I used to have that you can see 00:05:21.000 --> 00:05:24.180 kind of a dent in it that's because it 00:05:24.180 --> 00:05:27.720 was where it was kind of pried out 00:05:27.720 --> 00:05:30.360 um and I have one here if anyone is 00:05:30.360 --> 00:05:32.880 curious can see it after this is the 00:05:32.880 --> 00:05:35.220 model I have now which is a different 00:05:35.220 --> 00:05:37.199 device 00:05:37.199 --> 00:05:41.759 um so when I got this device I was 00:05:41.759 --> 00:05:45.720 astounded by how little the doctors knew 00:05:45.720 --> 00:05:47.580 about the technology that they were 00:05:47.580 --> 00:05:50.880 plant and planting into patients bodies 00:05:50.880 --> 00:05:54.419 they had not for one minute thought 00:05:54.419 --> 00:05:56.039 about the fact that there was software 00:05:56.039 --> 00:05:58.199 on those devices 00:05:58.199 --> 00:06:01.259 and it had not even occurred to them 00:06:01.259 --> 00:06:03.240 that you could 00:06:03.240 --> 00:06:05.460 interact with that technology and that 00:06:05.460 --> 00:06:07.039 anyone other than the medical device 00:06:07.039 --> 00:06:10.020 manufacturers could have any control 00:06:10.020 --> 00:06:11.160 over it 00:06:11.160 --> 00:06:13.680 because I was an engineer turned lawyer 00:06:13.680 --> 00:06:16.560 my first questions were about you know 00:06:16.560 --> 00:06:18.960 can I see the software on my device I 00:06:18.960 --> 00:06:20.460 mean I wanted to know about the safety 00:06:20.460 --> 00:06:22.919 and efficacy and to do that what better 00:06:22.919 --> 00:06:25.620 way than to review the software on my 00:06:25.620 --> 00:06:27.960 device in addition to whatever other 00:06:27.960 --> 00:06:30.000 materials that I could find and of 00:06:30.000 --> 00:06:32.460 course what I found which won't surprise 00:06:32.460 --> 00:06:34.800 anybody oh let's take a poll how many 00:06:34.800 --> 00:06:38.100 people here are engineering or computer 00:06:38.100 --> 00:06:40.080 science students 00:06:40.080 --> 00:06:42.660 so that's like I'd say like a third 00:06:42.660 --> 00:06:44.639 maybe even more 00:06:44.639 --> 00:06:47.400 um anybody here studying law 00:06:47.400 --> 00:06:50.460 oh amazing that's like a quarter 00:06:50.460 --> 00:06:52.020 um what else should I ask 00:06:52.020 --> 00:06:54.840 to know who else is here 00:06:54.840 --> 00:06:57.660 uh students raise your hand 00:06:57.660 --> 00:07:00.479 and that's like a third and uh any 00:07:00.479 --> 00:07:02.280 faculty members 00:07:02.280 --> 00:07:04.500 so like a few okay this is amazing 00:07:04.500 --> 00:07:05.639 welcome 00:07:05.639 --> 00:07:08.580 um so normally uh audiences kind of 00:07:08.580 --> 00:07:10.080 cluster in one area or another and this 00:07:10.080 --> 00:07:11.639 is really cool because you're all here 00:07:11.639 --> 00:07:13.680 in one place 00:07:13.680 --> 00:07:17.220 um and so it with with my background 00:07:17.220 --> 00:07:19.319 um you know this launched me into a 00:07:19.319 --> 00:07:21.780 whole research area and because I was a 00:07:21.780 --> 00:07:23.460 I brought the legal skills I decided 00:07:23.460 --> 00:07:26.699 that um well first my inner engineer 00:07:26.699 --> 00:07:29.639 took over and so I asked the company for 00:07:29.639 --> 00:07:31.680 the source code of course with no avail 00:07:31.680 --> 00:07:34.199 going through phone trees talking to 00:07:34.199 --> 00:07:35.940 people the all of my medical 00:07:35.940 --> 00:07:37.800 professionals the doctors that I worked 00:07:37.800 --> 00:07:40.919 with and the nurse practitioners 00:07:40.919 --> 00:07:42.720 um couldn't really understand why I was 00:07:42.720 --> 00:07:44.340 asking these questions or even what my 00:07:44.340 --> 00:07:47.880 questions meant and ultimately I kept 00:07:47.880 --> 00:07:50.340 getting shoved into various phone trees 00:07:50.340 --> 00:07:52.380 to no avail and being told that someone 00:07:52.380 --> 00:07:55.919 would get back to me and nobody ever did 00:07:55.919 --> 00:07:58.319 um so I decided to file a bunch of 00:07:58.319 --> 00:08:00.240 Freedom of Information Act requests in 00:08:00.240 --> 00:08:01.740 the United States to see what I could 00:08:01.740 --> 00:08:04.440 find about the FDA process in the United 00:08:04.440 --> 00:08:05.880 States the Food and Drug Administration 00:08:05.880 --> 00:08:09.120 process about these devices and what I 00:08:09.120 --> 00:08:11.340 found was that there really wasn't very 00:08:11.340 --> 00:08:13.680 much review at all on the software that 00:08:13.680 --> 00:08:16.259 in fact in the United States we relied 00:08:16.259 --> 00:08:18.780 on the companies who test these devices 00:08:18.780 --> 00:08:21.240 to provide the reports about the safety 00:08:21.240 --> 00:08:23.940 of the software on the devices 00:08:23.940 --> 00:08:26.879 um and so this launched me into an 00:08:26.879 --> 00:08:28.740 existential 00:08:28.740 --> 00:08:34.800 crisis about my body the night before I 00:08:34.800 --> 00:08:37.080 became I but before my surgery where I 00:08:37.080 --> 00:08:40.260 got the defibrillator I had a party 00:08:40.260 --> 00:08:43.500 which was a cyborg becoming party 00:08:43.500 --> 00:08:45.839 I thought well if this is going to 00:08:45.839 --> 00:08:49.680 happen we're gonna do it right and I 00:08:49.680 --> 00:08:51.660 realized that as this software was 00:08:51.660 --> 00:08:54.480 becoming a part of my life and my body 00:08:54.480 --> 00:08:56.720 it also had to become a part of my work 00:08:56.720 --> 00:09:01.800 and so I started I I used to think that 00:09:01.800 --> 00:09:04.140 open source was really cool 00:09:04.140 --> 00:09:06.839 um raise your hand if you are familiar 00:09:06.839 --> 00:09:08.820 with the term open source 00:09:08.820 --> 00:09:10.920 that is almost everybody raise your hand 00:09:10.920 --> 00:09:12.240 if you're familiar with the term free 00:09:12.240 --> 00:09:13.680 software 00:09:13.680 --> 00:09:15.240 that's 00:09:15.240 --> 00:09:17.519 almost everybody again this is so great 00:09:17.519 --> 00:09:19.440 I'm gonna skip this 00:09:19.440 --> 00:09:22.860 fantastic anyway because of all of and 00:09:22.860 --> 00:09:25.260 sorry for people in the live stream 00:09:25.260 --> 00:09:28.399 um but there is a lot of resources go to 00:09:28.399 --> 00:09:31.019 sfconservancy.org if you click on the um 00:09:31.019 --> 00:09:33.540 the learn more about Vizio button you'll 00:09:33.540 --> 00:09:34.920 see and I'll get to that later but 00:09:34.920 --> 00:09:37.620 there's a lot of introductory resources 00:09:37.620 --> 00:09:40.560 um so so I work at the software Freedom 00:09:40.560 --> 00:09:42.300 Conservancy where I was a co-founder 00:09:42.300 --> 00:09:44.339 software Freedom Conservancy is a 00:09:44.339 --> 00:09:46.620 us-based charitable organization where 00:09:46.620 --> 00:09:49.740 we have three major areas of our work 00:09:49.740 --> 00:09:54.000 the first one is we we cannot expect 00:09:54.000 --> 00:09:56.700 people to move away from proprietary 00:09:56.700 --> 00:09:58.380 software if they do not have 00:09:58.380 --> 00:10:01.560 alternatives to move to so we are a 00:10:01.560 --> 00:10:03.420 fiscal sponsor and we have a lot of 00:10:03.420 --> 00:10:05.519 member projects that are developing free 00:10:05.519 --> 00:10:07.440 and open source solutions that we can 00:10:07.440 --> 00:10:10.260 use instead of um 00:10:10.260 --> 00:10:13.140 proprietary software and so that's our 00:10:13.140 --> 00:10:18.300 first branch 00:10:18.300 --> 00:10:20.519 our second branch is called outreachy 00:10:20.519 --> 00:10:25.260 and um and this came about because as 00:10:25.260 --> 00:10:26.820 um as 00:10:26.820 --> 00:10:31.440 as people in a deeply technical field we 00:10:31.440 --> 00:10:33.660 realize that that field was not well 00:10:33.660 --> 00:10:35.160 represented 00:10:35.160 --> 00:10:38.640 um it started out personally where where 00:10:38.640 --> 00:10:40.680 folks realized that 00:10:40.680 --> 00:10:42.240 um uh 00:10:42.240 --> 00:10:45.000 when we ask people to apply to programs 00:10:45.000 --> 00:10:46.920 and participate in our events there 00:10:46.920 --> 00:10:49.680 simply were no women and personally for 00:10:49.680 --> 00:10:53.399 me I noticed that at so many conferences 00:10:53.399 --> 00:10:56.820 I was the only woman in really a sea of 00:10:56.820 --> 00:10:59.940 people and it was uh it was it was 00:10:59.940 --> 00:11:01.339 steeply surprising 00:11:01.339 --> 00:11:04.980 and uh and often off-putting the number 00:11:04.980 --> 00:11:08.000 of sexist comments that were made 00:11:08.000 --> 00:11:12.600 assumptions about my capabilities were 00:11:12.600 --> 00:11:17.160 very demoralizing I would stand next to 00:11:17.160 --> 00:11:19.320 another executive director of a 00:11:19.320 --> 00:11:22.140 non-profit in Tech who was a man and 00:11:22.140 --> 00:11:24.540 people would assume that he had a 00:11:24.540 --> 00:11:26.640 technical background and I didn't but he 00:11:26.640 --> 00:11:29.160 was a marketer and I was an engineer it 00:11:29.160 --> 00:11:32.579 was very surprising and so and so not 00:11:32.579 --> 00:11:34.140 just not from my personal experiences 00:11:34.140 --> 00:11:36.120 but but from the experiences the 00:11:36.120 --> 00:11:36.980 community 00:11:36.980 --> 00:11:40.320 a woman named Marina zurahin skya who 00:11:40.320 --> 00:11:43.560 unfortunately died in June of breast 00:11:43.560 --> 00:11:46.500 cancer after a wonderful three-year 00:11:46.500 --> 00:11:47.540 fight 00:11:47.540 --> 00:11:50.399 she founded this this program with the 00:11:50.399 --> 00:11:52.019 gnome foundation and I came soon after 00:11:52.019 --> 00:11:53.940 and we built it up together this program 00:11:53.940 --> 00:11:56.579 provides internships to people who are 00:11:56.579 --> 00:11:58.500 subject to systemic bias and who are 00:11:58.500 --> 00:12:00.779 impacted by underrepresentation and the 00:12:00.779 --> 00:12:03.420 idea is that but our experience was as 00:12:03.420 --> 00:12:06.240 women and the dearth of women in 00:12:06.240 --> 00:12:09.079 technology and in the field was really 00:12:09.079 --> 00:12:13.079 Stark but the Discrimination runs deep 00:12:13.079 --> 00:12:18.420 in technology in general and in order to 00:12:18.420 --> 00:12:21.180 Rectify it we need to do something 00:12:21.180 --> 00:12:25.200 actively to invite people technology not 00:12:25.200 --> 00:12:26.060 only 00:12:26.060 --> 00:12:30.120 has a horrible impact by reinforcing the 00:12:30.120 --> 00:12:33.540 biases of people who make it but we know 00:12:33.540 --> 00:12:36.000 that our technology will not serve 00:12:36.000 --> 00:12:38.399 everyone until it is made by everyone 00:12:38.399 --> 00:12:41.040 and so giving people a chance to 00:12:41.040 --> 00:12:42.899 overcome the biases and discrimination 00:12:42.899 --> 00:12:45.360 that they have experienced has become an 00:12:45.360 --> 00:12:47.339 important part of the program that we do 00:12:47.339 --> 00:12:48.720 so we call it outreachy it's an 00:12:48.720 --> 00:12:49.920 internship program where we do paid 00:12:49.920 --> 00:12:53.279 remote internships twice a year with 00:12:53.279 --> 00:12:55.980 open source communities students are 00:12:55.980 --> 00:12:57.540 very welcome but you don't have to be a 00:12:57.540 --> 00:12:59.940 student to apply to it just tell us 00:12:59.940 --> 00:13:01.860 about the systemic bias and 00:13:01.860 --> 00:13:03.300 underrepresentation that you've 00:13:03.300 --> 00:13:05.880 experienced and that's the eligibility 00:13:05.880 --> 00:13:08.459 and then it's it's an amazing mentorship 00:13:08.459 --> 00:13:09.540 program 00:13:09.540 --> 00:13:11.820 um anyway it's uh it's been running for 00:13:11.820 --> 00:13:13.920 over 10 years now and this summer we'll 00:13:13.920 --> 00:13:16.500 get to a thousand interns I am really 00:13:16.500 --> 00:13:18.540 really excited about that 00:13:18.540 --> 00:13:22.200 um and so uh that is the second area the 00:13:22.200 --> 00:13:25.019 third area of the work that we do at 00:13:25.019 --> 00:13:27.420 software Freedom Conservancy is is 00:13:27.420 --> 00:13:29.880 focusing on copy left raise your hand if 00:13:29.880 --> 00:13:31.920 you are familiar with the with copy left 00:13:31.920 --> 00:13:33.360 licensing 00:13:33.360 --> 00:13:35.279 okay so that's about half of the 00:13:35.279 --> 00:13:37.920 audience copied left licensing is a form 00:13:37.920 --> 00:13:40.019 of free and open source software so it's 00:13:40.019 --> 00:13:43.680 a subset of licenses that are are free 00:13:43.680 --> 00:13:47.100 and open copy left licenses are licenses 00:13:47.100 --> 00:13:48.779 that have a provision that people call 00:13:48.779 --> 00:13:51.660 reciprocal detractors used to call it 00:13:51.660 --> 00:13:54.300 viral until viral was cool 00:13:54.300 --> 00:13:56.639 um and it basically our licenses that 00:13:56.639 --> 00:13:58.860 say you can do whatever you want with 00:13:58.860 --> 00:14:01.380 this software you can study it you can 00:14:01.380 --> 00:14:03.240 share it you can make changes you can 00:14:03.240 --> 00:14:05.100 share those changes but 00:14:05.100 --> 00:14:07.139 if you distribute it or share those 00:14:07.139 --> 00:14:09.839 changes you must do it under the same 00:14:09.839 --> 00:14:12.000 license and you must give rights to 00:14:12.000 --> 00:14:15.480 everybody who receives it and so with at 00:14:15.480 --> 00:14:18.240 software Freedom Conservancy we are the 00:14:18.240 --> 00:14:20.459 folks that stand up for these licenses 00:14:20.459 --> 00:14:22.740 when companies violate them and I'll get 00:14:22.740 --> 00:14:24.959 more to that a little bit later 00:14:24.959 --> 00:14:27.899 and so doing this work at software 00:14:27.899 --> 00:14:30.420 Freedom Conservancy you know it followed 00:14:30.420 --> 00:14:32.459 on that 00:14:32.459 --> 00:14:35.940 um what I the trying to find ways to 00:14:35.940 --> 00:14:37.200 empower 00:14:37.200 --> 00:14:40.860 people impacted by technology in the 00:14:40.860 --> 00:14:42.540 face of the helplessness that I felt 00:14:42.540 --> 00:14:44.579 about my defibrillator I just wanted to 00:14:44.579 --> 00:14:46.980 see what was inside my own body and it 00:14:46.980 --> 00:14:49.440 was really about the accountability of 00:14:49.440 --> 00:14:51.480 it the auditability of it you know if 00:14:51.480 --> 00:14:53.220 you can't review it how do you know it's 00:14:53.220 --> 00:14:55.500 safe right if you can't test it how do 00:14:55.500 --> 00:14:57.180 you know it's safe 00:14:57.180 --> 00:14:58.139 um 00:14:58.139 --> 00:15:00.899 so I for me it was all about this kind 00:15:00.899 --> 00:15:03.959 of transparency argument and then what's 00:15:03.959 --> 00:15:05.760 been so fascinating is that as I've 00:15:05.760 --> 00:15:08.040 lived with my device 00:15:08.040 --> 00:15:10.139 different things in my life have come up 00:15:10.139 --> 00:15:13.380 from time to time that have changed my 00:15:13.380 --> 00:15:15.120 understanding of the ways in which 00:15:15.120 --> 00:15:17.760 technology impacts people this is a 00:15:17.760 --> 00:15:19.920 picture of me when I was almost I think 00:15:19.920 --> 00:15:21.839 I was nine months pregnant 00:15:21.839 --> 00:15:25.620 um I it was a fun trip but uh but it was 00:15:25.620 --> 00:15:26.820 the very last one 00:15:26.820 --> 00:15:30.420 um but yeah so when I was pregnant uh 00:15:30.420 --> 00:15:32.579 because I have a heart condition my 00:15:32.579 --> 00:15:35.220 heart did no sorry I have a heart 00:15:35.220 --> 00:15:36.600 condition but my heart was doing 00:15:36.600 --> 00:15:38.639 something that normal pregnant like 00:15:38.639 --> 00:15:40.079 people without heart condition pregnant 00:15:40.079 --> 00:15:42.480 women normally do my heart was 00:15:42.480 --> 00:15:44.160 palpitating which is something that 00:15:44.160 --> 00:15:46.199 happens to a quarter to a third of all 00:15:46.199 --> 00:15:48.779 women who have babies some people are 00:15:48.779 --> 00:15:50.519 nodding in the audience because they've 00:15:50.519 --> 00:15:52.320 either experience this or know people 00:15:52.320 --> 00:15:53.699 who've experienced it it's very very 00:15:53.699 --> 00:15:57.380 common but because I had a defibrillator 00:15:57.380 --> 00:16:01.680 and I was palpitating my defibrillator 00:16:01.680 --> 00:16:03.660 thought that my palpitations were a 00:16:03.660 --> 00:16:05.820 dangerous Rhythm and that I needed to be 00:16:05.820 --> 00:16:08.639 shocked and so my defibrillator shocked 00:16:08.639 --> 00:16:09.380 me 00:16:09.380 --> 00:16:13.019 unnecessarily multiple times and the 00:16:13.019 --> 00:16:16.199 only way to stop it from unnecessarily 00:16:16.199 --> 00:16:18.240 treating me and shocking me over and 00:16:18.240 --> 00:16:21.060 over was to go on drugs to slow my heart 00:16:21.060 --> 00:16:22.440 rate down 00:16:22.440 --> 00:16:25.320 so I went on those drugs which were okay 00:16:25.320 --> 00:16:27.180 it was tough it was hard to walk up a 00:16:27.180 --> 00:16:28.380 flight of stairs 00:16:28.380 --> 00:16:30.899 um during that time but it was temporary 00:16:30.899 --> 00:16:34.380 I took those drugs it was fine and the 00:16:34.380 --> 00:16:36.060 baby was born being pregnant as a 00:16:36.060 --> 00:16:38.940 temporary condition and here we are but 00:16:38.940 --> 00:16:45.060 as I thought about it I realized that 00:16:45.060 --> 00:16:46.279 15 00:16:46.279 --> 00:16:49.259 of defibrillators go to people under the 00:16:49.259 --> 00:16:50.940 age of 65. 00:16:50.940 --> 00:16:56.639 only 15 percent and only 44 go to women 00:16:56.639 --> 00:17:00.060 so the set of people who are pregnant 00:17:00.060 --> 00:17:03.740 with defibrillators is teeny teeny tiny 00:17:03.740 --> 00:17:06.839 my use case was simply not something 00:17:06.839 --> 00:17:08.280 that was contemplated by the 00:17:08.280 --> 00:17:10.260 manufacturers of the device 00:17:10.260 --> 00:17:13.439 no one at the device manufacturer wanted 00:17:13.439 --> 00:17:16.559 pregnant people getting shocked what a 00:17:16.559 --> 00:17:18.600 nightmare right and nobody wants that 00:17:18.600 --> 00:17:20.459 you'll make medical devices to help 00:17:20.459 --> 00:17:23.280 people not to put them in trouble but I 00:17:23.280 --> 00:17:25.020 was an edge case something that hadn't 00:17:25.020 --> 00:17:27.660 been contemplated and consequently 00:17:27.660 --> 00:17:30.120 because my use case wasn't the primary 00:17:30.120 --> 00:17:32.820 use case I was out of luck there was 00:17:32.820 --> 00:17:35.280 nothing I could do I couldn't get 00:17:35.280 --> 00:17:36.720 together with all the other pregnant 00:17:36.720 --> 00:17:39.240 people and find out if we could adjust 00:17:39.240 --> 00:17:41.460 the algorithms on the software or take 00:17:41.460 --> 00:17:43.620 other precautions to try to evaluate if 00:17:43.620 --> 00:17:45.299 we could edit the software to make it 00:17:45.299 --> 00:17:46.440 different 00:17:46.440 --> 00:17:48.900 I just had to stick with whatever the 00:17:48.900 --> 00:17:51.720 device manufacturer told me and that was 00:17:51.720 --> 00:17:55.500 that and uh that helplessness made me 00:17:55.500 --> 00:17:58.020 realize that it wasn't just about the 00:17:58.020 --> 00:18:00.419 transparency and auditability of the 00:18:00.419 --> 00:18:04.200 source code but it is about power it is 00:18:04.200 --> 00:18:07.679 about control it is about the ability to 00:18:07.679 --> 00:18:10.380 do something about your own situation 00:18:10.380 --> 00:18:13.919 and having this having any software that 00:18:13.919 --> 00:18:16.740 you rely on isn't about whether 00:18:16.740 --> 00:18:19.140 something can go wrong it's about when 00:18:19.140 --> 00:18:21.120 it will go wrong I used to give talks 00:18:21.120 --> 00:18:22.380 about this and I used to have to give 00:18:22.380 --> 00:18:24.600 all of these examples of you know I had 00:18:24.600 --> 00:18:26.940 pictures of hacked cars and pictures of 00:18:26.940 --> 00:18:29.220 you know which had funny pictures of 00:18:29.220 --> 00:18:31.320 people who thought the car that thought 00:18:31.320 --> 00:18:32.700 it was in park but it was going 100 00:18:32.700 --> 00:18:35.220 miles an hour you know or whatever and 00:18:35.220 --> 00:18:37.679 all these examples new ones every year 00:18:37.679 --> 00:18:39.480 but I don't need to do that anymore 00:18:39.480 --> 00:18:42.539 because there are so many examples of 00:18:42.539 --> 00:18:47.520 software being controlled either through 00:18:47.520 --> 00:18:50.280 um security research for studies through 00:18:50.280 --> 00:18:53.280 actual malicious attacks or elsewhere in 00:18:53.280 --> 00:18:54.960 our society that I don't even need to 00:18:54.960 --> 00:18:56.520 establish it to you because we all know 00:18:56.520 --> 00:18:59.360 how dire it is and it is not about 00:18:59.360 --> 00:19:01.440 whether something will go wrong it's 00:19:01.440 --> 00:19:03.660 about what it will go wrong and what 00:19:03.660 --> 00:19:05.580 will we be able to do about it when it 00:19:05.580 --> 00:19:08.400 does will we have to wait for the 00:19:08.400 --> 00:19:11.039 company that has the problem to admit 00:19:11.039 --> 00:19:13.500 that there's an error and then try to 00:19:13.500 --> 00:19:15.299 figure out what's wrong or will we have 00:19:15.299 --> 00:19:17.820 control over that technology ourselves 00:19:17.820 --> 00:19:20.520 so that we can do something about it and 00:19:20.520 --> 00:19:22.500 build organizational structures to be 00:19:22.500 --> 00:19:25.740 able to to take action 00:19:25.740 --> 00:19:29.340 now again so many examples that come up 00:19:29.340 --> 00:19:31.980 every year one came up this last year 00:19:31.980 --> 00:19:33.660 that I wanted to highlight because it 00:19:33.660 --> 00:19:35.039 was so poignant 00:19:35.039 --> 00:19:36.780 um these are pictures of patients who 00:19:36.780 --> 00:19:39.960 had an implant called Second Sight 00:19:39.960 --> 00:19:43.200 um it was a an ocular implant that 00:19:43.200 --> 00:19:45.720 allowed people who previously had lost 00:19:45.720 --> 00:19:49.799 Vision to see not you know to see some 00:19:49.799 --> 00:19:51.419 range of vision 00:19:51.419 --> 00:19:56.880 um the um the person on your right was 00:19:56.880 --> 00:20:02.100 uh was uh was on the subway she recounts 00:20:02.100 --> 00:20:06.780 the day when her implant stopped working 00:20:06.780 --> 00:20:09.240 the company that made these devices 00:20:09.240 --> 00:20:11.520 second site 00:20:11.520 --> 00:20:14.340 had run out of funding it was a startup 00:20:14.340 --> 00:20:16.140 it was very promising and had early 00:20:16.140 --> 00:20:19.440 investment but ultimately it did not 00:20:19.440 --> 00:20:22.740 have financial support and so the 00:20:22.740 --> 00:20:25.620 software updates stopped coming and that 00:20:25.620 --> 00:20:27.539 Hardware stopped working 00:20:27.539 --> 00:20:31.080 people who could see could no longer see 00:20:31.080 --> 00:20:34.200 these people have devices implanted in 00:20:34.200 --> 00:20:36.600 their bodies they have implants in their 00:20:36.600 --> 00:20:39.900 eyes that it is dangerous to remove that 00:20:39.900 --> 00:20:42.539 do nothing because they can't be updated 00:20:42.539 --> 00:20:45.419 or and can't be repaired 00:20:45.419 --> 00:20:47.640 and what's fascinating about it is that 00:20:47.640 --> 00:20:51.120 these devices could absolutely work if 00:20:51.120 --> 00:20:54.240 they can only have access to the 00:20:54.240 --> 00:20:56.520 software if they could only update it 00:20:56.520 --> 00:21:00.179 and uh it's not just this one company's 00:21:00.179 --> 00:21:02.340 experience the same thing has happened 00:21:02.340 --> 00:21:05.340 in other areas Cochlear implants there 00:21:05.340 --> 00:21:07.140 is a whole range of medical devices 00:21:07.140 --> 00:21:09.480 where this has happened where startups 00:21:09.480 --> 00:21:11.400 have developed exciting promising new 00:21:11.400 --> 00:21:14.940 technology and then relied on VC and 00:21:14.940 --> 00:21:18.600 other investment and has you know those 00:21:18.600 --> 00:21:21.240 patients are just abandoned you could 00:21:21.240 --> 00:21:24.840 have a whole other talk on standards and 00:21:24.840 --> 00:21:27.360 how the the hardware component and and 00:21:27.360 --> 00:21:29.720 other kinds of communication components 00:21:29.720 --> 00:21:32.659 absolutely need to be standardized 00:21:32.659 --> 00:21:35.460 but the software component is one 00:21:35.460 --> 00:21:37.860 important piece of this and it's not 00:21:37.860 --> 00:21:40.740 just this tremendous number of medical 00:21:40.740 --> 00:21:44.340 devices that are in this situation it's 00:21:44.340 --> 00:21:46.679 almost every other device I like talking 00:21:46.679 --> 00:21:48.900 about my medical device because it's 00:21:48.900 --> 00:21:51.059 deeply personal I can tell you my 00:21:51.059 --> 00:21:52.440 experience and I can tell you what I 00:21:52.440 --> 00:21:54.960 know but it's also a really easy 00:21:54.960 --> 00:21:58.140 metaphor it's so critical to my life 00:21:58.140 --> 00:22:00.480 it's literally sewn into my body and 00:22:00.480 --> 00:22:02.220 screwed into my heart 00:22:02.220 --> 00:22:04.320 but it's not the only software that I 00:22:04.320 --> 00:22:07.440 rely on every day and the thing is that 00:22:07.440 --> 00:22:09.780 we don't even know which software is 00:22:09.780 --> 00:22:11.460 going to be our most critical software 00:22:11.460 --> 00:22:14.280 we don't know what software we're going 00:22:14.280 --> 00:22:15.480 to rely on that is going to fail because 00:22:15.480 --> 00:22:19.080 we rely on so much software for every 00:22:19.080 --> 00:22:21.240 part of our life lives for our most 00:22:21.240 --> 00:22:24.780 intimate Communications for our banking 00:22:24.780 --> 00:22:27.960 for everything and we are not in control 00:22:27.960 --> 00:22:29.520 as 00:22:29.520 --> 00:22:34.380 as individuals as a public of a vast 00:22:34.380 --> 00:22:37.440 majority of that software 00:22:37.440 --> 00:22:40.440 um so uh and and one of the things that 00:22:40.440 --> 00:22:43.020 really astounds me is that a lot of 00:22:43.020 --> 00:22:45.299 companies that are Distributing their 00:22:45.299 --> 00:22:48.299 software are doing so without ever 00:22:48.299 --> 00:22:50.940 having the source code of the software 00:22:50.940 --> 00:22:52.919 that they ship themselves so they have a 00:22:52.919 --> 00:22:54.600 vendor that gives them the software they 00:22:54.600 --> 00:22:56.580 put it on their products they get it out 00:22:56.580 --> 00:22:58.919 into market and 00:22:58.919 --> 00:23:00.720 even if there's a problem those 00:23:00.720 --> 00:23:02.580 companies can't do anything about it and 00:23:02.580 --> 00:23:05.280 so we're left with we're we're left with 00:23:05.280 --> 00:23:06.539 the short end of the stick we're left 00:23:06.539 --> 00:23:09.720 with these devices that don't work and 00:23:09.720 --> 00:23:12.539 um and with uh with software that can't 00:23:12.539 --> 00:23:14.940 be adjusted to our use 00:23:14.940 --> 00:23:16.620 so 00:23:16.620 --> 00:23:19.919 free and open source software is an 00:23:19.919 --> 00:23:22.080 alternative to this because if we had 00:23:22.080 --> 00:23:24.179 access to the source code if we had 00:23:24.179 --> 00:23:26.340 access to that software we would be able 00:23:26.340 --> 00:23:28.260 to change that software we would be able 00:23:28.260 --> 00:23:31.380 to get together even if you are not a 00:23:31.380 --> 00:23:33.240 developer yourself even if you're not 00:23:33.240 --> 00:23:34.980 technical you could work with other 00:23:34.980 --> 00:23:36.980 people to do it you could hire someone 00:23:36.980 --> 00:23:40.980 even if I wanted to hire even if I were 00:23:40.980 --> 00:23:43.320 very wealthy and wanted to hire a 00:23:43.320 --> 00:23:45.539 medical professional to customize my 00:23:45.539 --> 00:23:47.880 defibrillator for me I would be unable 00:23:47.880 --> 00:23:49.320 to do it 00:23:49.320 --> 00:23:53.700 so with free and open source software 00:23:53.700 --> 00:23:56.159 we have a chance free and open source 00:23:56.159 --> 00:23:57.720 software it's funny advocating for 00:23:57.720 --> 00:24:00.299 software freedom is tough because I 00:24:00.299 --> 00:24:02.460 can't say that open source software is 00:24:02.460 --> 00:24:03.480 better 00:24:03.480 --> 00:24:04.679 can't say that free software There's 00:24:04.679 --> 00:24:06.780 Something Magic about free software 00:24:06.780 --> 00:24:08.880 where if you publish it it's going to be 00:24:08.880 --> 00:24:10.740 you're going to have a better experience 00:24:10.740 --> 00:24:13.020 it will be safer or better or faster or 00:24:13.020 --> 00:24:15.539 more reliable but what I can say is that 00:24:15.539 --> 00:24:16.860 with free and open source software it 00:24:16.860 --> 00:24:18.960 has a chance we can test it and we can 00:24:18.960 --> 00:24:20.460 do something about it when things go 00:24:20.460 --> 00:24:21.419 wrong 00:24:21.419 --> 00:24:25.260 and so uh 00:24:25.260 --> 00:24:27.440 copy lifted software 00:24:27.440 --> 00:24:30.539 in particular where 00:24:30.539 --> 00:24:34.380 we have this this snowballing nature 00:24:34.380 --> 00:24:36.960 right copy left at software is software 00:24:36.960 --> 00:24:38.700 where if you're if companies are 00:24:38.700 --> 00:24:40.620 Distributing that software they have to 00:24:40.620 --> 00:24:43.640 provide this the source code when asked 00:24:43.640 --> 00:24:46.500 and those rights 00:24:46.500 --> 00:24:50.360 um uh travel with the software and so 00:24:50.360 --> 00:24:53.940 there's copy lifted software in actually 00:24:53.940 --> 00:24:56.460 a ton of devices that are in the market 00:24:56.460 --> 00:24:58.980 you basically can't go anywhere or do 00:24:58.980 --> 00:25:01.080 anything without encountering something 00:25:01.080 --> 00:25:04.140 that has Linux in it right like raise 00:25:04.140 --> 00:25:07.500 your hand if you have an Android phone 00:25:07.500 --> 00:25:10.140 it's like three quarters of the audience 00:25:10.140 --> 00:25:12.419 all right I want out the Apple people 00:25:12.419 --> 00:25:14.640 but you know who you are 00:25:14.640 --> 00:25:18.659 um so uh uh and again it's not 00:25:18.659 --> 00:25:20.880 necessarily that one is is better than 00:25:20.880 --> 00:25:23.100 the other like some devices that are 00:25:23.100 --> 00:25:25.620 proprietary may be more secure right now 00:25:25.620 --> 00:25:28.380 they may be you know they they may have 00:25:28.380 --> 00:25:30.900 features that um that products that are 00:25:30.900 --> 00:25:32.940 based with more free and open source 00:25:32.940 --> 00:25:35.520 software products don't have but over 00:25:35.520 --> 00:25:36.720 time 00:25:36.720 --> 00:25:39.299 we are stuck not being able to make them 00:25:39.299 --> 00:25:41.760 the way we want them to be because they 00:25:41.760 --> 00:25:43.620 are proprietary and they're a complete 00:25:43.620 --> 00:25:45.179 Black Box to us 00:25:45.179 --> 00:25:48.720 so the Linux kernel and other free and 00:25:48.720 --> 00:25:50.220 open source software products are 00:25:50.220 --> 00:25:52.679 software is on more than 80 of mobile 00:25:52.679 --> 00:25:54.299 devices if you count the Android market 00:25:54.299 --> 00:25:56.820 and 90 of super computers in New York 00:25:56.820 --> 00:25:59.640 Stock Exchange runs on it it's basically 00:25:59.640 --> 00:26:03.000 and everywhere it's also in TVs and um 00:26:03.000 --> 00:26:05.059 every product if you go into a lot of 00:26:05.059 --> 00:26:07.740 kitchens and homes you'll find lots and 00:26:07.740 --> 00:26:10.080 lots of devices now I mentioned TVs 00:26:10.080 --> 00:26:11.580 because 00:26:11.580 --> 00:26:14.580 um this is a Vizio TV 00:26:14.580 --> 00:26:16.799 um and uh 00:26:16.799 --> 00:26:18.860 software Freedom Conservancy sued them 00:26:18.860 --> 00:26:21.720 and the reason that we sued them was 00:26:21.720 --> 00:26:24.779 because we wanted to use 00:26:24.779 --> 00:26:28.440 some Vizio TVs and they have copy left 00:26:28.440 --> 00:26:31.200 it software in it so we wanted to use 00:26:31.200 --> 00:26:33.360 those TVs for a variety of things we 00:26:33.360 --> 00:26:34.320 have a few 00:26:34.320 --> 00:26:35.600 um uh 00:26:35.600 --> 00:26:37.620 some grants that we had written that 00:26:37.620 --> 00:26:39.779 we'd hope to be able to use these these 00:26:39.779 --> 00:26:44.539 TVs for but when we when we got the TVs 00:26:44.539 --> 00:26:48.480 we uh well we first got TV 00:26:48.480 --> 00:26:50.520 well we've got the original we were just 00:26:50.520 --> 00:26:53.039 like got some Vizio TVs and they had no 00:26:53.039 --> 00:26:55.620 um no uh no Source or an offer for 00:26:55.620 --> 00:26:57.360 source and we worked with Vizio to try 00:26:57.360 --> 00:26:59.100 to get into compliance 00:26:59.100 --> 00:27:01.980 um and uh after years of talking to them 00:27:01.980 --> 00:27:04.080 um they had provided some incomplete 00:27:04.080 --> 00:27:05.520 source code but had not come into 00:27:05.520 --> 00:27:07.799 compliance yet and years later when we 00:27:07.799 --> 00:27:09.659 went to buy some more TVs to do the 00:27:09.659 --> 00:27:12.360 product project we wanted to do they had 00:27:12.360 --> 00:27:13.380 no 00:27:13.380 --> 00:27:15.720 Source or offer for source so copyleft 00:27:15.720 --> 00:27:17.640 licenses require that you either have to 00:27:17.640 --> 00:27:19.440 provide the source code along with the 00:27:19.440 --> 00:27:21.000 distribution so if you buy a TV it's got 00:27:21.000 --> 00:27:23.159 to have the source code on it and if it 00:27:23.159 --> 00:27:24.779 doesn't have the source code then you 00:27:24.779 --> 00:27:26.220 have to at least provide an offer you 00:27:26.220 --> 00:27:27.960 have to tell people that it's there and 00:27:27.960 --> 00:27:29.159 you have to tell them how they can get 00:27:29.159 --> 00:27:30.480 it 00:27:30.480 --> 00:27:33.419 um and these TVs didn't have 00:27:33.419 --> 00:27:35.220 either 00:27:35.220 --> 00:27:38.039 um so even after us having talked to 00:27:38.039 --> 00:27:39.779 them they were just flagrantly ignoring 00:27:39.779 --> 00:27:42.179 their obligations and so we at software 00:27:42.179 --> 00:27:44.580 Freedom Conservancy filed a lawsuit 00:27:44.580 --> 00:27:46.799 but this lawsuit that we filed was a 00:27:46.799 --> 00:27:49.020 consumer rights lawsuit 00:27:49.020 --> 00:27:52.320 the lawsuit was basically uh we we filed 00:27:52.320 --> 00:27:55.860 it as a purchaser of televisions which 00:27:55.860 --> 00:27:58.919 uh with respect to copy left licensing I 00:27:58.919 --> 00:28:00.960 think has never been done before and we 00:28:00.960 --> 00:28:05.700 said that because the license the um the 00:28:05.700 --> 00:28:09.059 licenses of the software on the TVs 00:28:09.059 --> 00:28:11.460 gives rights to third parties it says 00:28:11.460 --> 00:28:15.539 that the um uh that all third parties 00:28:15.539 --> 00:28:18.000 will have a have a right where you have 00:28:18.000 --> 00:28:19.740 to make sure that they receive or can 00:28:19.740 --> 00:28:21.960 get the source code and that you must 00:28:21.960 --> 00:28:24.480 show them the um these terms so that 00:28:24.480 --> 00:28:26.640 they know that they have this right 00:28:26.640 --> 00:28:30.539 um and so our lawsuit says that um that 00:28:30.539 --> 00:28:32.460 because we have this right they have to 00:28:32.460 --> 00:28:35.760 give us the source code which is also a 00:28:35.760 --> 00:28:37.320 a third it's called third party 00:28:37.320 --> 00:28:39.960 beneficiary in in the United States and 00:28:39.960 --> 00:28:42.000 it's a contract law claim rather than a 00:28:42.000 --> 00:28:43.679 copyright claim 00:28:43.679 --> 00:28:46.200 um and we uh we asked for what we call 00:28:46.200 --> 00:28:49.559 specific performance which is uh when 00:28:49.559 --> 00:28:52.200 you bring a lawsuit you can ask for 00:28:52.200 --> 00:28:54.240 um for money usually you can say look 00:28:54.240 --> 00:28:56.760 I've been injured here somebody wronged 00:28:56.760 --> 00:28:59.760 me and uh and the way to handle it is 00:28:59.760 --> 00:29:01.620 that they need to compensate me and most 00:29:01.620 --> 00:29:03.779 consumer rights lawsuits that you hear 00:29:03.779 --> 00:29:05.760 about are class actions where they get 00:29:05.760 --> 00:29:07.500 settlements and everybody gets a payout 00:29:07.500 --> 00:29:10.380 of ten dollars or whatever but the 00:29:10.380 --> 00:29:12.659 amount in whole is great because it it's 00:29:12.659 --> 00:29:14.340 a big penalty overall and it gets 00:29:14.340 --> 00:29:16.620 companies to change but what we're 00:29:16.620 --> 00:29:18.720 asking for is a little bit different in 00:29:18.720 --> 00:29:20.700 this case it's a contract case and what 00:29:20.700 --> 00:29:23.399 we're asking for is the actual excuse me 00:29:23.399 --> 00:29:25.740 the actual software itself 00:29:25.740 --> 00:29:26.580 um 00:29:26.580 --> 00:29:28.679 so uh so we want the complete and 00:29:28.679 --> 00:29:30.299 corresponding source code which is what 00:29:30.299 --> 00:29:31.860 the license says that we're able to do 00:29:31.860 --> 00:29:33.779 and the script we should be able to get 00:29:33.779 --> 00:29:35.580 and the scripts to control compilation 00:29:35.580 --> 00:29:38.159 and installation so we should be able to 00:29:38.159 --> 00:29:39.840 replace the software on the TV the 00:29:39.840 --> 00:29:42.299 license says so and we want to do it and 00:29:42.299 --> 00:29:45.179 Vizio didn't even provide any offer for 00:29:45.179 --> 00:29:46.799 Source or the source itself 00:29:46.799 --> 00:29:51.059 and so uh Vizio tried to try to get rid 00:29:51.059 --> 00:29:52.559 of it by saying oh these people at 00:29:52.559 --> 00:29:54.360 software Freedom Conservancy they're 00:29:54.360 --> 00:29:56.039 really bringing a copyright case but 00:29:56.039 --> 00:29:58.320 they're doing all this tap dancing to 00:29:58.320 --> 00:30:01.440 make it seem like a contract case but so 00:30:01.440 --> 00:30:03.179 they removed it to 00:30:03.179 --> 00:30:04.860 um to federal court in the United States 00:30:04.860 --> 00:30:07.200 and the federal judge said actually 00:30:07.200 --> 00:30:09.419 these people have a claim this is cut 00:30:09.419 --> 00:30:12.059 this this sounds reasonable so it's been 00:30:12.059 --> 00:30:13.860 romantic back to State Court this stuff 00:30:13.860 --> 00:30:16.200 takes forever it'll probably be a long 00:30:16.200 --> 00:30:17.940 time before there's any resolution or 00:30:17.940 --> 00:30:19.620 movement in it but I wanted to talk 00:30:19.620 --> 00:30:21.539 about it because we're bringing these 00:30:21.539 --> 00:30:25.200 novel actions to connect the fact that 00:30:25.200 --> 00:30:27.899 um that people have to think about their 00:30:27.899 --> 00:30:30.360 technology in terms of how it impacts 00:30:30.360 --> 00:30:32.580 them and their lives that we have to 00:30:32.580 --> 00:30:34.860 recognize that for millions of devices 00:30:34.860 --> 00:30:37.799 we already have a right to see the 00:30:37.799 --> 00:30:40.080 source code on those devices it's there 00:30:40.080 --> 00:30:43.200 it's already there we just have to ask 00:30:43.200 --> 00:30:46.500 for it and we just have to use it and 00:30:46.500 --> 00:30:48.360 it's you know we used to have this is 00:30:48.360 --> 00:30:51.299 like a real like old school I like this 00:30:51.299 --> 00:30:52.860 picture because it reminds me of like an 00:30:52.860 --> 00:30:55.260 old America you know right like and it's 00:30:55.260 --> 00:30:58.260 like this dilapidated TV repair shop I 00:30:58.260 --> 00:31:00.720 remember when there were TV repair shops 00:31:00.720 --> 00:31:03.240 like in every couple of blocks in New 00:31:03.240 --> 00:31:05.340 York I remember where people you'd have 00:31:05.340 --> 00:31:07.200 to have it close because TVs were heavy 00:31:07.200 --> 00:31:08.880 and there were so many people who needed 00:31:08.880 --> 00:31:10.260 their TVs repaired that you would see 00:31:10.260 --> 00:31:12.360 these all over now you don't see TV 00:31:12.360 --> 00:31:14.940 repair shops at all and the reason is is 00:31:14.940 --> 00:31:16.559 that when they break it's often the 00:31:16.559 --> 00:31:19.080 software that isn't working and people 00:31:19.080 --> 00:31:22.440 say uh it's dead 00:31:22.440 --> 00:31:24.179 we need a new TV 00:31:24.179 --> 00:31:26.159 uh my phone stopped working I need a new 00:31:26.159 --> 00:31:28.919 phone and so we're throwing all of these 00:31:28.919 --> 00:31:30.899 devices that are perfectly serviceable 00:31:30.899 --> 00:31:32.279 if we could just 00:31:32.279 --> 00:31:36.059 update the software into landfill 00:31:36.059 --> 00:31:38.760 and companies are often deliberately not 00:31:38.760 --> 00:31:41.640 updating their old devices to get us to 00:31:41.640 --> 00:31:44.520 buy new devices when the old devices 00:31:44.520 --> 00:31:46.860 work great we just don't have any right 00:31:46.860 --> 00:31:48.720 to replace the software that came on 00:31:48.720 --> 00:31:50.399 them but 00:31:50.399 --> 00:31:53.159 the trick is that for the vast majority 00:31:53.159 --> 00:31:55.380 of these devices we actually do have a 00:31:55.380 --> 00:31:57.360 right we just don't know about it and we 00:31:57.360 --> 00:31:59.880 just don't exercise it 00:31:59.880 --> 00:32:02.399 now it can be different this is a 00:32:02.399 --> 00:32:05.220 picture of a um of a router because 00:32:05.220 --> 00:32:07.980 there's a project called open wrt and 00:32:07.980 --> 00:32:10.799 that project was a result it's a it's a 00:32:10.799 --> 00:32:12.240 free and open source software project 00:32:12.240 --> 00:32:14.220 and that project came out of oh open 00:32:14.220 --> 00:32:15.659 writ people 00:32:15.659 --> 00:32:16.799 um fans 00:32:16.799 --> 00:32:22.200 um so uh that that project came out of a 00:32:22.200 --> 00:32:23.159 um 00:32:23.159 --> 00:32:26.700 uh a lawsuit seeking the source code and 00:32:26.700 --> 00:32:28.740 when the source code it was it was a 00:32:28.740 --> 00:32:30.360 product of a settle of a settlement and 00:32:30.360 --> 00:32:33.059 when the source code came out a whole 00:32:33.059 --> 00:32:33.899 product 00:32:33.899 --> 00:32:37.140 uh was born and now loads and loads of 00:32:37.140 --> 00:32:38.580 people can replace the software on their 00:32:38.580 --> 00:32:39.899 routers and there's a really Vibrant 00:32:39.899 --> 00:32:42.059 Community and in fact it's been good for 00:32:42.059 --> 00:32:44.460 some router manufacturers to make sure 00:32:44.460 --> 00:32:48.360 that their routers are are able to have 00:32:48.360 --> 00:32:50.940 uh are compatible with open wrt because 00:32:50.940 --> 00:32:52.620 people seek it out and so there's a 00:32:52.620 --> 00:32:54.179 there's a business case for it in 00:32:54.179 --> 00:32:56.100 addition and there are other projects 00:32:56.100 --> 00:32:58.140 like this um open wrt is a software 00:32:58.140 --> 00:32:59.760 Freedom Conservancy member project so I 00:32:59.760 --> 00:33:01.320 had to highlight them but there are 00:33:01.320 --> 00:33:03.059 other projects as well that are like 00:33:03.059 --> 00:33:04.020 this 00:33:04.020 --> 00:33:04.980 um 00:33:04.980 --> 00:33:08.640 so it's you know it's it we don't 00:33:08.640 --> 00:33:11.940 necessarily have to just rely on the 00:33:11.940 --> 00:33:13.919 device manufacturers to be the source of 00:33:13.919 --> 00:33:16.080 the software that runs on them raise 00:33:16.080 --> 00:33:17.340 your hand if you've replaced the 00:33:17.340 --> 00:33:19.500 software on a device with a free and 00:33:19.500 --> 00:33:21.720 open source software operating system or 00:33:21.720 --> 00:33:23.820 software of any kind yeah it's like a 00:33:23.820 --> 00:33:25.440 third of the uh like a quarter or a 00:33:25.440 --> 00:33:27.059 third of the audience which is really 00:33:27.059 --> 00:33:28.380 exciting 00:33:28.380 --> 00:33:31.140 um and it's so exciting and Powerful to 00:33:31.140 --> 00:33:32.760 do that because 00:33:32.760 --> 00:33:37.140 well it changes everything often at the 00:33:37.140 --> 00:33:39.419 point where you're in now you're trading 00:33:39.419 --> 00:33:41.399 off some features you might not be able 00:33:41.399 --> 00:33:42.840 to do everything that you could do 00:33:42.840 --> 00:33:45.539 before but you get to decide what 00:33:45.539 --> 00:33:47.159 software you put on it you get to decide 00:33:47.159 --> 00:33:48.179 if you're going to put some of the 00:33:48.179 --> 00:33:50.640 proprietary stuff on it or you decide if 00:33:50.640 --> 00:33:51.960 you're going to keep you know try to 00:33:51.960 --> 00:33:53.940 make as much free and open as you 00:33:53.940 --> 00:33:56.820 possibly can and you decide when and how 00:33:56.820 --> 00:33:58.500 it gets updated some of these projects 00:33:58.500 --> 00:34:00.120 automatically update and that's really 00:34:00.120 --> 00:34:03.299 wonderful for security updates 00:34:03.299 --> 00:34:06.299 um now I I wanted to talk a go back to 00:34:06.299 --> 00:34:08.940 my medical device situation a little bit 00:34:08.940 --> 00:34:10.320 um this is a picture of me it's an old 00:34:10.320 --> 00:34:13.020 picture of me getting my old device 00:34:13.020 --> 00:34:15.000 interrogated 00:34:15.000 --> 00:34:17.639 um and uh and interrogated is basically 00:34:17.639 --> 00:34:19.679 the word they use which is actually it 00:34:19.679 --> 00:34:22.379 sounds very like old spy movie like I'm 00:34:22.379 --> 00:34:25.080 going to interrogate your device but um 00:34:25.080 --> 00:34:27.599 it it just means that it's the reading 00:34:27.599 --> 00:34:29.639 of the device by a piece of equipment 00:34:29.639 --> 00:34:32.460 called a programmer the terminology is 00:34:32.460 --> 00:34:34.619 so confusing but uh but the device that 00:34:34.619 --> 00:34:37.080 reads it is called a programmer and the 00:34:37.080 --> 00:34:39.599 programmer gets the information those 00:34:39.599 --> 00:34:41.580 are have shown to be totally insecure 00:34:41.580 --> 00:34:44.040 also where people have sold programmers 00:34:44.040 --> 00:34:46.080 to the like into the market from 00:34:46.080 --> 00:34:48.659 hospitals that had thousands of patients 00:34:48.659 --> 00:34:53.159 data on them um fascinating stuff but in 00:34:53.159 --> 00:34:54.659 in this instance 00:34:54.659 --> 00:34:57.180 um I wanted to highlight the fact that 00:34:57.180 --> 00:35:00.240 um that my medical saga continues and 00:35:00.240 --> 00:35:02.580 that every time that I have something 00:35:02.580 --> 00:35:04.560 new in my life I realize there are a 00:35:04.560 --> 00:35:06.119 whole aspects of this that need to be 00:35:06.119 --> 00:35:09.560 explored so this week before I came here 00:35:09.560 --> 00:35:12.240 I realized that I needed to find out 00:35:12.240 --> 00:35:13.440 something urgently about my 00:35:13.440 --> 00:35:14.839 defibrillator 00:35:14.839 --> 00:35:16.859 and so I needed to get my device 00:35:16.859 --> 00:35:19.740 interrogated but when I got my device 00:35:19.740 --> 00:35:22.500 replaced the last time which is right 00:35:22.500 --> 00:35:25.440 when this picture was taken I was really 00:35:25.440 --> 00:35:27.839 concerned with the possibility that my 00:35:27.839 --> 00:35:29.820 device would be maliciously hacked I 00:35:29.820 --> 00:35:33.000 told you about my work on outreachy 00:35:33.000 --> 00:35:35.400 a lot of people don't like work on 00:35:35.400 --> 00:35:39.420 diversity programs they they think that 00:35:39.420 --> 00:35:43.140 they are misguided and despite the fact 00:35:43.140 --> 00:35:47.300 that that the 00:35:47.300 --> 00:35:51.839 studies show the impact that um that 00:35:51.839 --> 00:35:53.940 underrepresentation has in the field and 00:35:53.940 --> 00:35:56.640 despite the fact that the tech industry 00:35:56.640 --> 00:36:00.240 is very obviously misrepresented 00:36:00.240 --> 00:36:03.420 um the people are it's a very polarizing 00:36:03.420 --> 00:36:05.820 issue and so I I've actually had a lot 00:36:05.820 --> 00:36:07.980 of threats related to my work on this 00:36:07.980 --> 00:36:12.480 including rape and death threat 00:36:12.480 --> 00:36:14.040 um and I'd like to not think about it 00:36:14.040 --> 00:36:18.300 too often but in getting a new device I 00:36:18.300 --> 00:36:21.359 um I did not want these my device to do 00:36:21.359 --> 00:36:23.880 what all of these devices do which is to 00:36:23.880 --> 00:36:26.900 broadcast incessantly all of the time 00:36:26.900 --> 00:36:29.460 and previously without very good 00:36:29.460 --> 00:36:32.280 encryption especially earlier on and so 00:36:32.280 --> 00:36:35.339 we're security protection and so I got 00:36:35.339 --> 00:36:38.339 the one device that was available in the 00:36:38.339 --> 00:36:41.520 U.S market where you could switch off 00:36:41.520 --> 00:36:43.680 the remote Telemetry the broadcasting 00:36:43.680 --> 00:36:45.480 component I got the only one device I 00:36:45.480 --> 00:36:47.520 called all the device manufacturers I 00:36:47.520 --> 00:36:49.380 had a great nurse practitioner who 00:36:49.380 --> 00:36:51.240 helped me out she and I sat in a 00:36:51.240 --> 00:36:52.500 conference room and we called all of the 00:36:52.500 --> 00:36:55.079 device manufacturers biotronic was the 00:36:55.079 --> 00:36:57.599 most hilarious because they said oh you 00:36:57.599 --> 00:36:59.280 don't have to worry about ours our 00:36:59.280 --> 00:37:02.040 device is hack proof and I was like 00:37:02.040 --> 00:37:04.320 really biochronic why do you think that 00:37:04.320 --> 00:37:06.839 you're hack proof oh because 00:37:06.839 --> 00:37:08.579 Medtronic has been shown to be 00:37:08.579 --> 00:37:11.339 vulnerable and uh Saint Jude has been 00:37:11.339 --> 00:37:13.320 shown to be you know uh guidance has 00:37:13.320 --> 00:37:15.119 been shown to be vulnerable but we've 00:37:15.119 --> 00:37:16.079 never I was like well that's because 00:37:16.079 --> 00:37:18.180 you're the fourth size and when people 00:37:18.180 --> 00:37:20.880 are showing the vulnerability of these 00:37:20.880 --> 00:37:22.200 devices they're not going to go with the 00:37:22.200 --> 00:37:23.460 fourth most popular they're going to go 00:37:23.460 --> 00:37:25.440 with the most popular could you send me 00:37:25.440 --> 00:37:28.020 some devices and I'll I'll get some 00:37:28.020 --> 00:37:29.760 volunteers and we'll test it I'm still 00:37:29.760 --> 00:37:31.380 waiting 00:37:31.380 --> 00:37:33.540 um but uh but I didn't get a biotronic 00:37:33.540 --> 00:37:35.579 device I got a device manufacturer that 00:37:35.579 --> 00:37:37.680 that I could switch off the radio 00:37:37.680 --> 00:37:39.839 telemetry so my device is not 00:37:39.839 --> 00:37:41.640 broadcasting which means that I can't 00:37:41.640 --> 00:37:44.579 use like um uh like they have a lot of 00:37:44.579 --> 00:37:45.960 black boxes that people can have in 00:37:45.960 --> 00:37:47.700 their homes that will monitor their 00:37:47.700 --> 00:37:49.020 devices 00:37:49.020 --> 00:37:50.820 um but it also means that when I got 00:37:50.820 --> 00:37:53.280 this device that company is a very large 00:37:53.280 --> 00:37:55.079 European company with a very small 00:37:55.079 --> 00:37:56.760 presence in the United States but they 00:37:56.760 --> 00:37:58.320 were very present in the United States 00:37:58.320 --> 00:38:00.359 when I got my device 00:38:00.359 --> 00:38:02.160 um and it was great because it's a very 00:38:02.160 --> 00:38:05.400 high quality device and when I got it uh 00:38:05.400 --> 00:38:07.980 I got it years ago and it still has 00:38:07.980 --> 00:38:10.460 enough battery life for 10 to 15 years 00:38:10.460 --> 00:38:13.500 which is a very long time and it's very 00:38:13.500 --> 00:38:15.359 exciting because it means I won't need 00:38:15.359 --> 00:38:17.760 surgery for that period of time so that 00:38:17.760 --> 00:38:20.880 would be just wonderful however when I 00:38:20.880 --> 00:38:23.040 needed to get my device interrogated I 00:38:23.040 --> 00:38:26.119 found out that the device 00:38:26.119 --> 00:38:29.400 manufacturer representative who is the 00:38:29.400 --> 00:38:33.119 one who has this programmer in New York 00:38:33.119 --> 00:38:35.220 had gone out of the country 00:38:35.220 --> 00:38:38.880 and guess what there was no backup rep 00:38:38.880 --> 00:38:41.280 no one there was literally nowhere I 00:38:41.280 --> 00:38:43.740 could go in New York City some hospitals 00:38:43.740 --> 00:38:45.300 have the devices but none of them were 00:38:45.300 --> 00:38:47.400 available for me to go to 00:38:47.400 --> 00:38:50.099 I could not get the information off of 00:38:50.099 --> 00:38:53.160 my defibrillator I just was out of luck 00:38:53.160 --> 00:38:55.440 and I was just suddenly put in that same 00:38:55.440 --> 00:38:57.900 position as those Vision patients I 00:38:57.900 --> 00:38:59.520 could really feel I mean it's very 00:38:59.520 --> 00:39:01.200 different situation I'm still functional 00:39:01.200 --> 00:39:04.680 it's a or I mean I still my heart is 00:39:04.680 --> 00:39:06.900 still is not completely reliant on this 00:39:06.900 --> 00:39:09.300 defibrillator it's preventative but I I 00:39:09.300 --> 00:39:12.060 could unders I could taste that how how 00:39:12.060 --> 00:39:15.420 hard that is and the realization that I 00:39:15.420 --> 00:39:18.780 may need to get surgery to replace a 00:39:18.780 --> 00:39:20.760 perfectly functional device simply 00:39:20.760 --> 00:39:23.160 because this manufacturer has decreased 00:39:23.160 --> 00:39:24.960 their presence what good is a 00:39:24.960 --> 00:39:28.320 defibrillator if if it can't be if you 00:39:28.320 --> 00:39:29.760 can't get the information you need when 00:39:29.760 --> 00:39:32.339 you need it it's not um it's not all 00:39:32.339 --> 00:39:33.720 Bleak it's really fascinating there's 00:39:33.720 --> 00:39:35.040 some really excellent work that's been 00:39:35.040 --> 00:39:36.980 happening in the insulin pump space 00:39:36.980 --> 00:39:40.680 where people have actually exploited old 00:39:40.680 --> 00:39:42.960 insulin pumps and the fact that they 00:39:42.960 --> 00:39:45.300 have a security vulnerability and they 00:39:45.300 --> 00:39:47.880 use it to create another device that 00:39:47.880 --> 00:39:50.099 talks to their insulin pump to deliver 00:39:50.099 --> 00:39:52.740 insulin in a much more precise Way open 00:39:52.740 --> 00:39:55.079 API yes and it's a really amazing 00:39:55.079 --> 00:39:58.760 movement and so I want to like you know 00:39:58.760 --> 00:40:01.140 amazing things happen when you let 00:40:01.140 --> 00:40:03.240 patients actually take control of their 00:40:03.240 --> 00:40:05.700 devices the stories in the insulin Pub 00:40:05.700 --> 00:40:09.000 space are amazing because there are kids 00:40:09.000 --> 00:40:11.460 that have insulin pumps whose parents 00:40:11.460 --> 00:40:13.859 are Technical and are able to precisely 00:40:13.859 --> 00:40:16.560 monitor their insulin delivery one story 00:40:16.560 --> 00:40:20.760 that I heard was a kid who uh who had 00:40:20.760 --> 00:40:23.400 gone to the nurse's office at school 00:40:23.400 --> 00:40:25.980 almost every day for a whole Academic 00:40:25.980 --> 00:40:29.460 Year and then after using this was only 00:40:29.460 --> 00:40:31.680 in the nurse's office like three or four 00:40:31.680 --> 00:40:34.680 times it's the amazing stuff and it this 00:40:34.680 --> 00:40:36.480 is life life changing right and this is 00:40:36.480 --> 00:40:38.339 what happens when we allow patients to 00:40:38.339 --> 00:40:40.619 engage in their care and allow people to 00:40:40.619 --> 00:40:42.780 control their technology and as I said 00:40:42.780 --> 00:40:44.400 it's not just medical devices medical 00:40:44.400 --> 00:40:46.560 devices are poignant but we have all of 00:40:46.560 --> 00:40:49.200 these ways that we can take control of 00:40:49.200 --> 00:40:50.339 our technology if we have the 00:40:50.339 --> 00:40:52.980 opportunity we can get together and we 00:40:52.980 --> 00:40:56.220 can form the um the organizations that 00:40:56.220 --> 00:40:58.500 can do this work we don't have to rely 00:40:58.500 --> 00:41:00.839 on these particular companies who like 00:41:00.839 --> 00:41:03.060 my medical medical device manufacturer 00:41:03.060 --> 00:41:06.480 may just not be tuned into are concern 00:41:06.480 --> 00:41:08.880 we may be in a part of the world where 00:41:08.880 --> 00:41:10.500 that company doesn't really have an 00:41:10.500 --> 00:41:12.599 interest or doesn't have expertise 00:41:12.599 --> 00:41:15.180 we may that company may not have a very 00:41:15.180 --> 00:41:18.119 diverse team the um if you've heard the 00:41:18.119 --> 00:41:19.680 an amazing 00:41:19.680 --> 00:41:23.579 um there's an amazing uh story about the 00:41:23.579 --> 00:41:25.079 that was all over Twitter a few years 00:41:25.079 --> 00:41:27.540 ago of a um 00:41:27.540 --> 00:41:29.220 soap soap dispensers and there are 00:41:29.220 --> 00:41:30.420 actually multiple brands of soap 00:41:30.420 --> 00:41:32.940 dispensers where if someone with light 00:41:32.940 --> 00:41:34.920 skin puts their hand under the soap 00:41:34.920 --> 00:41:37.920 dispenser it works great but if someone 00:41:37.920 --> 00:41:40.140 with dark skin puts their hand under the 00:41:40.140 --> 00:41:41.880 same soap dispenser nothing happens 00:41:41.880 --> 00:41:43.680 because they were relied on light 00:41:43.680 --> 00:41:45.900 reflection in order to determine whether 00:41:45.900 --> 00:41:48.260 to dispense soap and they're just 00:41:48.260 --> 00:41:50.700 obviously it was known with dark skin on 00:41:50.700 --> 00:41:52.740 that testing team otherwise they would 00:41:52.740 --> 00:41:55.740 have known right so we need to make sure 00:41:55.740 --> 00:41:57.900 that we are engaged with the creation of 00:41:57.900 --> 00:41:59.520 our technology that our technology has 00:41:59.520 --> 00:42:01.200 created diversely and that we don't 00:42:01.200 --> 00:42:03.599 leave it up to these companies who are 00:42:03.599 --> 00:42:06.240 only interested in their profit margins 00:42:06.240 --> 00:42:07.859 you know like 00:42:07.859 --> 00:42:09.359 they don't want disasters to happen 00:42:09.359 --> 00:42:10.920 because their profit margins are often 00:42:10.920 --> 00:42:13.740 aligned with public health but their 00:42:13.740 --> 00:42:18.119 goal is their profits so what can you do 00:42:18.119 --> 00:42:21.300 first of all please you're here so I 00:42:21.300 --> 00:42:22.560 think you're probably doing this already 00:42:22.560 --> 00:42:24.780 but have a dialogue about the big 00:42:24.780 --> 00:42:26.880 solutions that are possible I am 00:42:26.880 --> 00:42:30.359 astounded still as an American that gdpr 00:42:30.359 --> 00:42:34.079 happened and filled with gratitude for 00:42:34.079 --> 00:42:35.820 the protection that it is spilled over 00:42:35.820 --> 00:42:38.280 to the United States and if you would 00:42:38.280 --> 00:42:40.320 ask many people prior to it we would 00:42:40.320 --> 00:42:43.020 have said it was not possible there is a 00:42:43.020 --> 00:42:45.240 possibility for Mass reform if we look 00:42:45.240 --> 00:42:48.300 in every selection every way right if we 00:42:48.300 --> 00:42:50.160 look towards advocating for better 00:42:50.160 --> 00:42:54.300 legislation requiring the publication of 00:42:54.300 --> 00:42:57.000 of source code and giving users rights 00:42:57.000 --> 00:42:59.460 we can talk about making sure that we as 00:42:59.460 --> 00:43:02.460 consumers buy copy left of products we 00:43:02.460 --> 00:43:05.400 can talk about how we can we can create 00:43:05.400 --> 00:43:08.400 solutions that we can rely on and none 00:43:08.400 --> 00:43:10.740 of the solutions that will move us to a 00:43:10.740 --> 00:43:12.599 world with software Freedom will happen 00:43:12.599 --> 00:43:15.420 overnight none of them are easy they are 00:43:15.420 --> 00:43:17.460 all hard I was talking to somebody about 00:43:17.460 --> 00:43:21.240 this recently and I I said ah yes it's 00:43:21.240 --> 00:43:23.280 like trying to ask everyone to give up 00:43:23.280 --> 00:43:25.859 Amazon how do we do that now right none 00:43:25.859 --> 00:43:28.380 of these things are easy but they are 00:43:28.380 --> 00:43:29.940 important and they are Broad and 00:43:29.940 --> 00:43:31.319 sweeping and they are only going to 00:43:31.319 --> 00:43:33.960 happen with coordinated dialogue 00:43:33.960 --> 00:43:36.960 you everyone here in this room and 00:43:36.960 --> 00:43:40.740 listening on the live stream you are the 00:43:40.740 --> 00:43:44.160 tech savvy population you are the top 00:43:44.160 --> 00:43:47.160 knowledgeable people it is time for all 00:43:47.160 --> 00:43:49.740 of us technologists to stop relying on 00:43:49.740 --> 00:43:52.619 big tech for our Solutions I was in a 00:43:52.619 --> 00:43:54.619 meeting with some of the most 00:43:54.619 --> 00:43:58.079 influential Tech rights organizations in 00:43:58.079 --> 00:44:00.060 the world and they are advocating 00:44:00.060 --> 00:44:02.760 against Google by using Google Docs and 00:44:02.760 --> 00:44:06.420 Google infrastructure we are using all 00:44:06.420 --> 00:44:07.740 of these solutions that big tech 00:44:07.740 --> 00:44:09.420 provides us because they are convenient 00:44:09.420 --> 00:44:11.099 but they are not in our long-term 00:44:11.099 --> 00:44:13.260 interests and we have Alternatives that 00:44:13.260 --> 00:44:15.540 are ready now if you want to collaborate 00:44:15.540 --> 00:44:17.460 on a document we at software Freedom 00:44:17.460 --> 00:44:19.020 Conservancy maintain an ether pad which 00:44:19.020 --> 00:44:20.700 etherpad is also a software Freedom 00:44:20.700 --> 00:44:23.339 Conservancy member project you can use 00:44:23.339 --> 00:44:27.380 video chat using uh jitsi this is the 00:44:27.380 --> 00:44:29.400 meat.jit.c is the link 00:44:29.400 --> 00:44:31.079 um I really have to give a plug for a 00:44:31.079 --> 00:44:32.339 big blue button because it's designed 00:44:32.339 --> 00:44:34.680 for academic use and I think you should 00:44:34.680 --> 00:44:37.920 all join the charge to get this 00:44:37.920 --> 00:44:40.079 University to switch to big blue button 00:44:40.079 --> 00:44:42.720 it is perfect for that solution I have 00:44:42.720 --> 00:44:44.460 loved teaching classes on it and I think 00:44:44.460 --> 00:44:46.940 it works great and it's very stable 00:44:46.940 --> 00:44:48.720 and then 00:44:48.720 --> 00:44:50.760 go ahead and if you have old devices 00:44:50.760 --> 00:44:52.619 just play and put an alternate 00:44:52.619 --> 00:44:54.660 Distribution on it as many of you have 00:44:54.660 --> 00:44:56.460 if you have a phone try putting lineage 00:44:56.460 --> 00:44:58.740 or something else on it if you've got a 00:44:58.740 --> 00:45:00.540 laptop if you're just trying it out for 00:45:00.540 --> 00:45:02.760 the first time Ubuntu or Debian is 00:45:02.760 --> 00:45:04.500 really really great and you can save old 00:45:04.500 --> 00:45:06.599 equipment from going into landfills and 00:45:06.599 --> 00:45:08.940 make them perfectly useful if more 00:45:08.940 --> 00:45:11.280 people use it we have this like amazing 00:45:11.280 --> 00:45:14.880 spiraling situation where we don't have 00:45:14.880 --> 00:45:16.740 the buy-in for a software Freedom 00:45:16.740 --> 00:45:18.599 Solutions and so those Solutions 00:45:18.599 --> 00:45:21.780 continue to degrade and they get a 00:45:21.780 --> 00:45:23.099 little bit worse and a little bit worse 00:45:23.099 --> 00:45:25.319 over time because people say oh it's 00:45:25.319 --> 00:45:27.540 just so convenient I'm going to use you 00:45:27.540 --> 00:45:29.220 know I'm gonna I'm gonna use the the 00:45:29.220 --> 00:45:31.440 Apple product or I'm going to use um you 00:45:31.440 --> 00:45:34.920 know the the Google suite and over time 00:45:34.920 --> 00:45:37.920 we're just making more of that happen so 00:45:37.920 --> 00:45:40.859 we have to we have to buy into it the 00:45:40.859 --> 00:45:42.420 other thing I have to ask each and every 00:45:42.420 --> 00:45:44.579 one of you to do 00:45:44.579 --> 00:45:47.160 when you buy something if you see a 00:45:47.160 --> 00:45:49.560 license notice in it that says you have 00:45:49.560 --> 00:45:50.819 rights with respect to some of the 00:45:50.819 --> 00:45:52.680 software in this device and you get the 00:45:52.680 --> 00:45:55.800 manual that has the licenses in it if it 00:45:55.800 --> 00:45:57.180 says 00:45:57.180 --> 00:45:59.880 if it says ask for the source code by 00:45:59.880 --> 00:46:02.940 emailing this address please do it ask 00:46:02.940 --> 00:46:05.520 for it because right now only people who 00:46:05.520 --> 00:46:07.500 are really interested in modifying their 00:46:07.500 --> 00:46:09.660 software in a very intent way will ask 00:46:09.660 --> 00:46:11.520 and then companies it's very easy for 00:46:11.520 --> 00:46:13.680 them to ignore it even though the people 00:46:13.680 --> 00:46:15.599 who are asking are the ones who are 00:46:15.599 --> 00:46:16.740 going to make software that everyone 00:46:16.740 --> 00:46:18.540 else is going to use 00:46:18.540 --> 00:46:20.460 because only one person or a few people 00:46:20.460 --> 00:46:22.319 a handful of people asks the company 00:46:22.319 --> 00:46:23.819 thinks nobody cares and they're not 00:46:23.819 --> 00:46:25.560 taking it seriously and that's one of 00:46:25.560 --> 00:46:26.579 the things that we see over and over 00:46:26.579 --> 00:46:29.760 again until uh we contact them being the 00:46:29.760 --> 00:46:30.960 software Freedom conservancy and they 00:46:30.960 --> 00:46:32.520 get nervous that we might take action if 00:46:32.520 --> 00:46:34.800 they don't listen to us nothing nothing 00:46:34.800 --> 00:46:36.540 happens and the reason why we file that 00:46:36.540 --> 00:46:39.420 consumer rights suit was basically so 00:46:39.420 --> 00:46:41.400 that anyone who asked for the source 00:46:41.400 --> 00:46:43.740 code will be taken seriously 00:46:43.740 --> 00:46:45.839 um and then please support and engage in 00:46:45.839 --> 00:46:47.339 the organizations that are trying to 00:46:47.339 --> 00:46:49.500 make these changes possible 00:46:49.500 --> 00:46:51.599 um there's Ulysses on this you know 00:46:51.599 --> 00:46:54.480 that's active here and I understand they 00:46:54.480 --> 00:46:56.819 have a like an open source job fair that 00:46:56.819 --> 00:46:58.740 happens in this very building 00:46:58.740 --> 00:47:00.119 um like engage in these local 00:47:00.119 --> 00:47:01.560 organizations because this is how we're 00:47:01.560 --> 00:47:02.940 going to build the infrastructure that 00:47:02.940 --> 00:47:05.220 will make a change it's funny because 00:47:05.220 --> 00:47:08.339 when I was a student there was software 00:47:08.339 --> 00:47:10.339 Freedom like you could easily replace 00:47:10.339 --> 00:47:12.599 your the software on any of your devices 00:47:12.599 --> 00:47:15.359 and it was super easy you had a fully 00:47:15.359 --> 00:47:17.099 free device that you had complete 00:47:17.099 --> 00:47:18.300 control over 00:47:18.300 --> 00:47:20.339 um but it was it was it was kind of hard 00:47:20.339 --> 00:47:21.900 to do and it was kind of a niche thing 00:47:21.900 --> 00:47:24.960 and now free and open source software is 00:47:24.960 --> 00:47:27.540 everywhere and in everything but we 00:47:27.540 --> 00:47:29.160 actually have far less software freedom 00:47:29.160 --> 00:47:31.079 than we ever had before because we can't 00:47:31.079 --> 00:47:33.300 do anything with any of our devices it's 00:47:33.300 --> 00:47:34.859 the lower layers that are free and open 00:47:34.859 --> 00:47:36.119 and the only way we're going to change 00:47:36.119 --> 00:47:38.220 that is by banding together and 00:47:38.220 --> 00:47:40.319 supporting these organizations so I 00:47:40.319 --> 00:47:41.520 think I've gone a little bit long but I 00:47:41.520 --> 00:47:44.160 think we have time for questions 00:47:44.160 --> 00:47:46.980 um great so thank you so much and I 00:47:46.980 --> 00:47:49.560 would love to hear your questions please 00:47:49.560 --> 00:47:52.140 are you moderating the questions 00:47:52.140 --> 00:47:59.780 okay thank you 00:47:59.780 --> 00:48:04.079 no you might have to just come here 00:48:04.079 --> 00:48:07.200 let's open something it's collaborative 00:48:07.200 --> 00:48:09.839 collaborative okay I don't have a 00:48:09.839 --> 00:48:12.599 microphone so if you would like to ask a 00:48:12.599 --> 00:48:13.980 question please 00:48:13.980 --> 00:48:15.300 um 00:48:15.300 --> 00:48:17.660 speak very loudly 00:48:17.660 --> 00:48:21.540 yes floor is open there please go ahead 00:48:21.540 --> 00:48:28.940 Shout 00:48:28.940 --> 00:48:41.400 your Hardware security researcher 00:48:41.400 --> 00:48:42.839 yes 00:48:42.839 --> 00:48:45.420 please all Hardware security researchers 00:48:45.420 --> 00:48:49.760 please email compliance at 00:48:49.760 --> 00:48:52.079 sfconservancy.org we have a lot of work 00:48:52.079 --> 00:48:54.599 that we would love for you to do 00:48:54.599 --> 00:48:56.880 um yeah there's I mean there's there's 00:48:56.880 --> 00:48:59.700 so much there's so much and um you know 00:48:59.700 --> 00:49:02.220 we are we are a tiny organization we 00:49:02.220 --> 00:49:05.099 have uh six people on staff 00:49:05.099 --> 00:49:06.540 um and we run our internship program 00:49:06.540 --> 00:49:10.079 that has 130 people every year we have 00:49:10.079 --> 00:49:13.020 our 50 member projects that are building 00:49:13.020 --> 00:49:15.300 Alternatives and we're we do the 00:49:15.300 --> 00:49:17.339 lawsuits and protect copy left and we do 00:49:17.339 --> 00:49:19.079 all that with a really small staff and 00:49:19.079 --> 00:49:20.819 we rely on a lot of volunteers and 00:49:20.819 --> 00:49:22.859 that's really important because we're 00:49:22.859 --> 00:49:25.440 funded by the public primarily and 00:49:25.440 --> 00:49:28.079 grants and um and and a huge amount of 00:49:28.079 --> 00:49:29.700 our work is done by volunteers and 00:49:29.700 --> 00:49:31.980 that's important not just because 00:49:31.980 --> 00:49:34.020 um it gets the work done but it's also 00:49:34.020 --> 00:49:35.579 because it shows us that this work is 00:49:35.579 --> 00:49:38.220 important it's not enough that I think 00:49:38.220 --> 00:49:41.460 it's important it's it it has to be that 00:49:41.460 --> 00:49:43.560 we as a community think that this is 00:49:43.560 --> 00:49:45.000 important and can work together so I'd 00:49:45.000 --> 00:49:49.619 love to talk to you about that 00:49:49.619 --> 00:49:52.200 someone else question 00:49:52.200 --> 00:50:00.540 of time these 00:50:00.540 --> 00:50:03.839 how 00:50:03.839 --> 00:50:05.819 how can company 00:50:05.819 --> 00:50:07.319 thank you how can companies be 00:50:07.319 --> 00:50:09.599 incentivized to um to publish their 00:50:09.599 --> 00:50:10.920 source code 00:50:10.920 --> 00:50:13.680 um and how can we get them to do it 00:50:13.680 --> 00:50:15.300 um you know on their own and I've been 00:50:15.300 --> 00:50:18.060 wondering this for forever I thought I 00:50:18.060 --> 00:50:19.740 you know honestly I was so naive when I 00:50:19.740 --> 00:50:21.359 started this work I really thought that 00:50:21.359 --> 00:50:24.180 this is one of those areas where the 00:50:24.180 --> 00:50:26.880 corporate interests and the public good 00:50:26.880 --> 00:50:29.220 were aligned I really thought that the 00:50:29.220 --> 00:50:32.119 business case for open source 00:50:32.119 --> 00:50:36.119 would carry the day and that in fact and 00:50:36.119 --> 00:50:38.880 I think I think that The Originators of 00:50:38.880 --> 00:50:41.700 the software Freedom ideology also 00:50:41.700 --> 00:50:43.740 thought that and so many of the early 00:50:43.740 --> 00:50:46.079 developers especially for example the 00:50:46.079 --> 00:50:47.760 Linux kernel developers and other 00:50:47.760 --> 00:50:50.099 original projects like that that were so 00:50:50.099 --> 00:50:52.859 ideological and so forward-thinking were 00:50:52.859 --> 00:50:55.319 so excited when they started when their 00:50:55.319 --> 00:50:57.720 collaboration yield amazing results and 00:50:57.720 --> 00:50:59.760 those results started getting adopted by 00:50:59.760 --> 00:51:01.920 technology companies they it was 00:51:01.920 --> 00:51:03.960 suddenly like we've made this like we've 00:51:03.960 --> 00:51:06.540 this has happened because we've created 00:51:06.540 --> 00:51:08.099 something so useful that companies want 00:51:08.099 --> 00:51:10.559 to use it and then companies hired all 00:51:10.559 --> 00:51:12.900 of those people and now a very high 00:51:12.900 --> 00:51:16.200 percentage of those developers work at 00:51:16.200 --> 00:51:18.059 companies to work on those products and 00:51:18.059 --> 00:51:20.160 many of them work on things that they 00:51:20.160 --> 00:51:21.480 think are important to improve the 00:51:21.480 --> 00:51:22.800 software and many of them are still 00:51:22.800 --> 00:51:25.140 ideological but the idea that we could 00:51:25.140 --> 00:51:28.680 do well by doing good was flawed because 00:51:28.680 --> 00:51:31.859 we have put so many of our resources in 00:51:31.859 --> 00:51:36.300 into into corporate interest into into 00:51:36.300 --> 00:51:38.220 things that companies find either 00:51:38.220 --> 00:51:42.059 palatable or profitable and what becomes 00:51:42.059 --> 00:51:45.420 overlooked is our ability as a public to 00:51:45.420 --> 00:51:48.059 do with our devices what we want to our 00:51:48.059 --> 00:51:50.040 ability to stay free from surveillance 00:51:50.040 --> 00:51:52.500 our ability to make sure that you know 00:51:52.500 --> 00:51:54.960 we're not only not being spied on but 00:51:54.960 --> 00:51:58.440 that we can use our devices not only for 00:51:58.440 --> 00:52:00.540 their intended purpose or other purposes 00:52:00.540 --> 00:52:04.380 right I it's currently difficult to find 00:52:04.380 --> 00:52:06.000 a product on the market that doesn't 00:52:06.000 --> 00:52:08.400 phone home like there are smart 00:52:08.400 --> 00:52:10.619 toothbrushes where they're taking video 00:52:10.619 --> 00:52:12.839 of your teeth to send back to a 00:52:12.839 --> 00:52:15.180 centralized company and then also taking 00:52:15.180 --> 00:52:17.280 video of everything else in your house 00:52:17.280 --> 00:52:19.800 and these companies are trying to 00:52:19.800 --> 00:52:21.420 collect as much information as they can 00:52:21.420 --> 00:52:23.160 because they want to be able to Pivot 00:52:23.160 --> 00:52:24.540 whatever business model that they can 00:52:24.540 --> 00:52:26.880 and this is so Insidious that it's very 00:52:26.880 --> 00:52:28.680 hard to predict what the interests will 00:52:28.680 --> 00:52:30.059 be of those companies in the long run 00:52:30.059 --> 00:52:31.800 and what we have found is that without 00:52:31.800 --> 00:52:35.160 text checks and balances the free and 00:52:35.160 --> 00:52:36.839 open source software is just exploited 00:52:36.839 --> 00:52:40.319 and what we need is to have a public 00:52:40.319 --> 00:52:42.960 focused component of it there we used to 00:52:42.960 --> 00:52:44.880 people used to say 00:52:44.880 --> 00:52:46.859 from like the old days and I know that 00:52:46.859 --> 00:52:48.839 some of you here are have been involved 00:52:48.839 --> 00:52:50.520 in the community for a long time and 00:52:50.520 --> 00:52:52.440 some of you are new and haven't 00:52:52.440 --> 00:52:54.240 experienced it a lot but in the old days 00:52:54.240 --> 00:52:56.640 people would say free software is an 00:52:56.640 --> 00:52:59.460 ideological movement and open source is 00:52:59.460 --> 00:53:01.680 commercial and I used to fight so hard 00:53:01.680 --> 00:53:05.040 to say that's not true because open 00:53:05.040 --> 00:53:07.859 source sounds like it's just about 00:53:07.859 --> 00:53:10.800 seeing the code but everyone would tell 00:53:10.800 --> 00:53:12.240 you that it's not open source if you 00:53:12.240 --> 00:53:14.339 don't have the ability to modify it and 00:53:14.339 --> 00:53:15.900 free software it sounds like it's just 00:53:15.900 --> 00:53:17.040 about price 00:53:17.040 --> 00:53:19.140 but it is about rights and it's really 00:53:19.140 --> 00:53:21.119 about the same thing if you look at the 00:53:21.119 --> 00:53:23.819 definitions they're they effectively say 00:53:23.819 --> 00:53:26.940 the same things in the end but what was 00:53:26.940 --> 00:53:30.599 true about that that I missed is that is 00:53:30.599 --> 00:53:33.859 that we can't have it all we have to 00:53:33.859 --> 00:53:36.420 prioritize the public good we have to 00:53:36.420 --> 00:53:38.280 prioritize our ability to take control 00:53:38.280 --> 00:53:40.380 of our of our technology 00:53:40.380 --> 00:53:44.040 and I don't know I I guess I'd say that 00:53:44.040 --> 00:53:46.440 we've tried that experiment of trying to 00:53:46.440 --> 00:53:48.599 make it interesting and exciting for 00:53:48.599 --> 00:53:50.220 companies and what happens is they 00:53:50.220 --> 00:53:52.319 engage only as much as they have to they 00:53:52.319 --> 00:53:53.940 give up only as much as they absolutely 00:53:53.940 --> 00:53:56.040 have to so the only way to incentivize 00:53:56.040 --> 00:53:58.260 them is to legislate it so that they 00:53:58.260 --> 00:53:59.760 must do it 00:53:59.760 --> 00:54:02.940 or we incentivize them by every single 00:54:02.940 --> 00:54:05.640 one of us only buys products that have 00:54:05.640 --> 00:54:07.619 copy left it software in them and we 00:54:07.619 --> 00:54:09.300 tell companies that we're doing it we 00:54:09.300 --> 00:54:11.040 asked for the source code when they 00:54:11.040 --> 00:54:13.079 don't provide it we say well I'm never 00:54:13.079 --> 00:54:14.640 going to buy your device again 00:54:14.640 --> 00:54:16.200 and I'm telling everybody else I'm 00:54:16.200 --> 00:54:18.300 writing an article to my local paper I'm 00:54:18.300 --> 00:54:19.980 going to find an alternative where I can 00:54:19.980 --> 00:54:21.180 get the source code and I'm going to 00:54:21.180 --> 00:54:22.680 support it I think I think it's the only 00:54:22.680 --> 00:54:25.020 way because otherwise we're just kidding 00:54:25.020 --> 00:54:29.059 ourselves 00:54:29.059 --> 00:54:31.500 okay I think there's time for one more 00:54:31.500 --> 00:54:32.819 question 00:54:32.819 --> 00:54:40.800 please 00:54:40.800 --> 00:54:43.500 oh this is such a great question how do 00:54:43.500 --> 00:54:45.900 you manage the risks and liability what 00:54:45.900 --> 00:54:47.099 if somebody working on your 00:54:47.099 --> 00:54:49.980 defibrillator gets it wrong and the 00:54:49.980 --> 00:54:52.380 secret answer like the real answer to 00:54:52.380 --> 00:54:55.260 this question is that software is full 00:54:55.260 --> 00:54:57.180 of liability because software is 00:54:57.180 --> 00:54:59.520 vulnerable and just because something is 00:54:59.520 --> 00:55:02.819 free and open source doesn't mean that 00:55:02.819 --> 00:55:05.579 it is any any more vulnerable in fact 00:55:05.579 --> 00:55:07.440 it's the opposite way around and 00:55:07.440 --> 00:55:10.319 security researchers have found that 00:55:10.319 --> 00:55:12.180 devices that have free and open source 00:55:12.180 --> 00:55:14.640 software there's like a more complicated 00:55:14.640 --> 00:55:15.900 answer to this that I'm going to skip 00:55:15.900 --> 00:55:17.819 but uh but they call what you're talking 00:55:17.819 --> 00:55:20.460 about security through obscurity so if 00:55:20.460 --> 00:55:22.380 you don't publish the source code then 00:55:22.380 --> 00:55:24.720 you're safe but in fact that's not the 00:55:24.720 --> 00:55:27.240 only like there are many ways to you can 00:55:27.240 --> 00:55:28.800 talk to the general in the back there 00:55:28.800 --> 00:55:32.160 are so many ways to or I'm sorry for 00:55:32.160 --> 00:55:33.540 generating the person in the back I 00:55:33.540 --> 00:55:35.280 don't know why I did that I apologize uh 00:55:35.280 --> 00:55:37.319 but um but there are so many ways that 00:55:37.319 --> 00:55:40.440 you can that you can you can show a 00:55:40.440 --> 00:55:42.599 device be vulnerable and exploited and 00:55:42.599 --> 00:55:45.059 so having real Security on devices 00:55:45.059 --> 00:55:46.740 having 00:55:46.740 --> 00:55:48.900 um you know having encryption having 00:55:48.900 --> 00:55:51.660 real security not this not security 00:55:51.660 --> 00:55:53.760 theater I mean that's really where it's 00:55:53.760 --> 00:55:56.819 at I for example I want the software on 00:55:56.819 --> 00:55:58.680 my device to be published and available 00:55:58.680 --> 00:56:01.440 for review but I want there to be I 00:56:01.440 --> 00:56:03.660 don't want any I want there to be either 00:56:03.660 --> 00:56:06.000 a password or encryption or some way 00:56:06.000 --> 00:56:07.920 that only my device can tell and that 00:56:07.920 --> 00:56:09.540 and that's and that's real because 00:56:09.540 --> 00:56:12.420 previously these devices had no had none 00:56:12.420 --> 00:56:13.920 of that before but this device the 00:56:13.920 --> 00:56:15.660 software wasn't published and so 00:56:15.660 --> 00:56:17.579 researchers show that you could just 00:56:17.579 --> 00:56:19.859 cause them to shock people unnecessarily 00:56:19.859 --> 00:56:21.540 you could get information off of those 00:56:21.540 --> 00:56:23.819 devices so 00:56:23.819 --> 00:56:25.859 the question is like how do we manage 00:56:25.859 --> 00:56:28.380 our software liability and it's scary 00:56:28.380 --> 00:56:31.079 stuff but having the software public 00:56:31.079 --> 00:56:32.819 means that it can be reviewed and it can 00:56:32.819 --> 00:56:34.500 be tested and yes there might be times 00:56:34.500 --> 00:56:35.819 where 00:56:35.819 --> 00:56:37.920 um where folks who are malicious may be 00:56:37.920 --> 00:56:40.079 able to find an exploit by Examining The 00:56:40.079 --> 00:56:41.940 Source Code but because there are so 00:56:41.940 --> 00:56:43.619 many exploits available without access 00:56:43.619 --> 00:56:45.059 to the source code 00:56:45.059 --> 00:56:47.579 it's just one of the benefits vastly 00:56:47.579 --> 00:56:49.079 outweigh the 00:56:49.079 --> 00:56:52.020 um you know the risks in my in my view 00:56:52.020 --> 00:56:54.540 and as we develop more infrastructure 00:56:54.540 --> 00:56:56.040 around free and open source software 00:56:56.040 --> 00:56:57.180 projects we'll find that to be the case 00:56:57.180 --> 00:56:59.099 an example perfect example of this is 00:56:59.099 --> 00:57:00.660 the Linux kernel which is considered to 00:57:00.660 --> 00:57:04.740 be one of the most secure kernels and 00:57:04.740 --> 00:57:08.339 that has been free and open for 00:57:08.339 --> 00:57:12.059 about 30 years 00:57:12.059 --> 00:57:14.520 oh I said well I I did we said one more 00:57:14.520 --> 00:57:16.319 can I do more okay one more before but 00:57:16.319 --> 00:57:20.760 yeah okay 00:57:20.760 --> 00:57:22.859 how does right to repair ah how does 00:57:22.859 --> 00:57:24.180 right to repair fit into the goals of 00:57:24.180 --> 00:57:25.800 the software Freedom Conservancy if it 00:57:25.800 --> 00:57:28.859 were not abundant yet from my talk 00:57:28.859 --> 00:57:30.960 software freedom is the software right 00:57:30.960 --> 00:57:32.220 to repair 00:57:32.220 --> 00:57:33.599 so 00:57:33.599 --> 00:57:36.359 in order to be able to repair any modern 00:57:36.359 --> 00:57:40.260 equipment we need software Freedom you 00:57:40.260 --> 00:57:42.480 cannot effectively repair anything 00:57:42.480 --> 00:57:45.000 without being able to have the software 00:57:45.000 --> 00:57:47.400 right to repair and what's cool about 00:57:47.400 --> 00:57:49.319 copy left licensing and why I spent so 00:57:49.319 --> 00:57:52.200 much time on the Vizio suit is that we 00:57:52.200 --> 00:57:54.180 have a right to repair in all of these 00:57:54.180 --> 00:57:55.619 Linux devices 00:57:55.619 --> 00:57:58.619 I mean the Vizio TVs had I forget how 00:57:58.619 --> 00:57:59.400 many 00:57:59.400 --> 00:58:01.260 um different kinds of software on it I 00:58:01.260 --> 00:58:04.859 think 22 22 copy lifted projects on it 00:58:04.859 --> 00:58:06.960 it wasn't just the Linux kernel loads of 00:58:06.960 --> 00:58:09.359 software that give us these rights the 00:58:09.359 --> 00:58:11.280 rights to get complete and corresponding 00:58:11.280 --> 00:58:12.720 source code and the scripts to control 00:58:12.720 --> 00:58:15.420 installation so we should be able to do 00:58:15.420 --> 00:58:17.520 something about this but we haven't been 00:58:17.520 --> 00:58:19.079 able to yet in part because companies 00:58:19.079 --> 00:58:20.819 just don't do the right thing they don't 00:58:20.819 --> 00:58:22.980 they don't think about the fact that 00:58:22.980 --> 00:58:25.619 they have to publish their source code 00:58:25.619 --> 00:58:27.839 before they go to market then they go to 00:58:27.839 --> 00:58:30.540 market and they scramble in general we 00:58:30.540 --> 00:58:33.059 we've talked to loads and loads of 00:58:33.059 --> 00:58:35.099 companies about their non-compliance and 00:58:35.099 --> 00:58:37.020 what turns out is that often as I said 00:58:37.020 --> 00:58:38.220 they don't even have the software 00:58:38.220 --> 00:58:40.020 themselves because they never ask for it 00:58:40.020 --> 00:58:41.700 from their vendors to begin with and 00:58:41.700 --> 00:58:43.140 they didn't put if they developed it 00:58:43.140 --> 00:58:45.119 in-house they did put the process in 00:58:45.119 --> 00:58:46.920 place to begin with so they don't have 00:58:46.920 --> 00:58:50.339 the infrastructure in place they don't 00:58:50.339 --> 00:58:52.559 even employ the employees that worked on 00:58:52.559 --> 00:58:53.940 the developers that worked on that 00:58:53.940 --> 00:58:56.579 software back then those people have 00:58:56.579 --> 00:58:58.559 often left the company and moved on to 00:58:58.559 --> 00:59:00.839 other projects and so they just don't 00:59:00.839 --> 00:59:03.000 even have the resources to be able to 00:59:03.000 --> 00:59:04.859 find that software later which is 00:59:04.859 --> 00:59:06.240 terrifying because it means that if 00:59:06.240 --> 00:59:07.680 there's a problem with their products 00:59:07.680 --> 00:59:09.540 they basically have to recall them 00:59:09.540 --> 00:59:11.220 there's nothing left that that can be 00:59:11.220 --> 00:59:13.260 done so in order for us to make sure 00:59:13.260 --> 00:59:15.240 that that changes we have to be louder 00:59:15.240 --> 00:59:17.339 about it and we have to make these 00:59:17.339 --> 00:59:18.720 companies realize that there is 00:59:18.720 --> 00:59:20.119 liability 00:59:20.119 --> 00:59:22.740 for their you know for their 00:59:22.740 --> 00:59:24.359 non-compliance because that will 00:59:24.359 --> 00:59:27.240 incentivize them to comply 00:59:27.240 --> 00:59:35.960 foreign 00:59:35.960 --> 00:59:40.079 are evoking but I was told that yeah we 00:59:40.079 --> 00:59:41.819 should close the session after one hour 00:59:41.819 --> 00:59:43.619 maybe there are students that are still 00:59:43.619 --> 00:59:45.960 having to do some exams I don't know 00:59:45.960 --> 00:59:48.119 wishing them good luck in that case of 00:59:48.119 --> 00:59:51.480 course but uh most of all I would like 00:59:51.480 --> 00:59:54.540 you to invite you to share with me the 00:59:54.540 --> 01:00:02.339 Applause for Aaron once more 01:00:02.339 --> 01:00:04.980 and you know you still have to put four 01:00:04.980 --> 01:00:06.180 more 01:00:06.180 --> 01:00:08.460 uh in two days I think the second yeah 01:00:08.460 --> 01:00:11.579 two days from now when you will get this 01:00:11.579 --> 01:00:14.760 Armory uh award from our University 01:00:14.760 --> 01:00:16.980 someone else will give it to you I would 01:00:16.980 --> 01:00:18.900 love to do it but that's uh we 01:00:18.900 --> 01:00:23.880 definitely 01:00:23.880 --> 01:00:25.200 um 01:00:25.200 --> 01:00:28.380 being here with Ken thanks so much 01:00:28.380 --> 01:00:31.380 foreign