website Changeset - cf59bf2174de · Conservancy Kallithea

Changeset - cf59bf2174de

Parent rev.

Child rev.

[Not reviewed]

0 0 3

Bradley M. Kuhn - 14 months ago 2023-02-07 21:53:20
bkuhn@sfconservancy.org

Add vtt subtitle/closed captioning for recent videos.

3 files changed with 4859 insertions and 0 deletions:

www/conservancy/static/docs/2023-01-31_KU-Lueven_Sandler-Karen_Software-Rights-Accountability-and-Autonomy-in-Our-Technology.txt

4437

www/conservancy/static/docs/2023-02-02_Sandler-Karen_KU-Leuven_Honorary-Doctorate.en.txt

205

www/conservancy/static/docs/2023-02-02_Sandler-Karen_KU-Leuven_Honorary-Doctorate.nl.txt

217

0 comments (0 inline, 0 general)

www/conservancy/static/docs/2023-01-31_KU-Lueven_Sandler-Karen_Software-Rights-Accountability-and-Autonomy-in-Our-Technology.txt

➞

Show inline comments

 new file 100644
 WEBVTT
 Kind: captions
 Language: en
 :00:03.300 --> 00:00:25.740
 foreign
 :00:25.740 --> 00:00:27.840
 good afternoon ladies and gentlemen
 :00:27.840 --> 00:00:30.660
 welcome to this lecture which is somehow
 :00:30.660 --> 00:00:33.420
 a warming up for the big official
 :00:33.420 --> 00:00:36.540
 celebration of patterns Saints Day next
 :00:36.540 --> 00:00:38.160
 Thursday
 :00:38.160 --> 00:00:41.219
 since some time we know the names of
 :00:41.219 --> 00:00:43.739
 five people who will be awarded an
 :00:43.739 --> 00:00:46.260
 honorary doctorate because they are
 :00:46.260 --> 00:00:49.620
 considered really as front-runners in
 :00:49.620 --> 00:00:52.260
 their field as well as advocates of
 :00:52.260 --> 00:00:55.260
 society on different issues and one of
 :00:55.260 --> 00:00:58.500
 these names is and that's thanks to the
 :00:58.500 --> 00:01:01.980
 nomination by the students delegation Dr
 :01:01.980 --> 00:01:05.400
 Karen Sandler sitting here
 :01:05.400 --> 00:01:08.760
 it was the vice Rector of research that
 :01:08.760 --> 00:01:12.000
 asked me to do this introduction and I
 :01:12.000 --> 00:01:14.820
 do this with great pleasure because also
 :01:14.820 --> 00:01:17.280
 the topic is something I'm really
 :01:17.280 --> 00:01:18.799
 interested in
 :01:18.799 --> 00:01:22.680
 Karen is a firm believer of software
 :01:22.680 --> 00:01:25.799
 freedom and in my own research field I
 :01:25.799 --> 00:01:27.619
 should also maybe
 :01:27.619 --> 00:01:31.140
 give some information on myself I am a
 :01:31.140 --> 00:01:33.000
 professor of intellectual property law
 :01:33.000 --> 00:01:36.119
 so I teach students about the legal
 :01:36.119 --> 00:01:38.759
 protection of amongst other things
 :01:38.759 --> 00:01:41.880
 software and I also have some parts on
 :01:41.880 --> 00:01:44.520
 OPEC explaining the difference between
 :01:44.520 --> 00:01:47.400
 proprietary software and open source
 :01:47.400 --> 00:01:51.000
 software I'm also head of ctip ctip is
 :01:51.000 --> 00:01:53.520
 the center for I.T and IRP rights and
 :01:53.520 --> 00:01:56.220
 the law faculty and we do a lot of
 :01:56.220 --> 00:01:58.740
 research not only on open source but
 :01:58.740 --> 00:02:01.079
 also the data issues property of data
 :02:01.079 --> 00:02:03.899
 and so on personal non-personal data
 :02:03.899 --> 00:02:07.200
 especially in relation to health and I
 :02:07.200 --> 00:02:09.539
 already admitted to Karen that our
 :02:09.539 --> 00:02:11.640
 researchers or many of them have signed
 :02:11.640 --> 00:02:14.280
 a letter to the I.T responsibles at this
 :02:14.280 --> 00:02:17.340
 University that we should switch to big
 :02:17.340 --> 00:02:21.720
 blue button but uh and I read in your uh
 :02:21.720 --> 00:02:25.099
 article that that is also one of your
 :02:25.099 --> 00:02:28.200
 favorite programs
 :02:28.200 --> 00:02:31.200
 so as you all I am eagerly looking
 :02:31.200 --> 00:02:33.900
 forward to hearing the insights of Karen
 :02:33.900 --> 00:02:36.420
 but before giving her the microphone I
 :02:36.420 --> 00:02:39.239
 should say a few words on her career I
 :02:39.239 --> 00:02:41.580
 will be brief because otherwise I risk
 :02:41.580 --> 00:02:44.400
 using up the field lecture time and that
 :02:44.400 --> 00:02:46.860
 is not something I want to do Karen
 :02:46.860 --> 00:02:50.760
 begin her career as a lawyer after
 :02:50.760 --> 00:02:52.620
 having received a law degree from
 :02:52.620 --> 00:02:56.400
 Columbia Law School she also holds a
 :02:56.400 --> 00:02:59.160
 Bachelor of Science in engineering from
 :02:59.160 --> 00:03:01.019
 the Cooper Union
 :03:01.019 --> 00:03:03.959
 amongst many other things she currently
 :03:03.959 --> 00:03:06.720
 is executive director of the software
 :03:06.720 --> 00:03:10.080
 Freedom Conservancy which is a
 :03:10.080 --> 00:03:12.120
 non-profit organization that supports
 :03:12.120 --> 00:03:14.700
 initiatives that make technology more
 :03:14.700 --> 00:03:17.760
 inclusive and promotes free and open
 :03:17.760 --> 00:03:20.099
 source software false
 :03:20.099 --> 00:03:23.760
 a mouthful of words but it in essence
 :03:23.760 --> 00:03:27.060
 all boils down to two big words software
 :03:27.060 --> 00:03:29.220
 freedom
 :03:29.220 --> 00:03:32.159
 Karen has earned numerous Awards and
 :03:32.159 --> 00:03:35.640
 recognitions but I invite you to check
 :03:35.640 --> 00:03:38.879
 her website and explore these things
 :03:38.879 --> 00:03:39.959
 yourself
 :03:39.959 --> 00:03:42.360
 Karen it is truly an honor to have you
 :03:42.360 --> 00:03:44.459
 with us today and without a further Ado
 :03:44.459 --> 00:03:48.840
 uh gladly invite you to to take the
 :03:48.840 --> 00:03:53.760
 floor
 :03:53.760 --> 00:03:55.200
 Professor that was such a wonderful
 :03:55.200 --> 00:03:56.400
 introduction
 :03:56.400 --> 00:03:58.980
 I I would like to hear you give this
 :03:58.980 --> 00:03:59.840
 talk
 :03:59.840 --> 00:04:02.879
 maybe some other time we'll we should
 :04:02.879 --> 00:04:04.440
 jointly do one
 :04:04.440 --> 00:04:07.440
 um so I'm so happy to be here um with
 :04:07.440 --> 00:04:11.519
 you today I'm I'm going to give you a um
 :04:11.519 --> 00:04:15.299
 a story about myself and my work and how
 :04:15.299 --> 00:04:17.820
 I got involved in software freedom and
 :04:17.820 --> 00:04:21.959
 how that impacts our my view of how
 :04:21.959 --> 00:04:25.259
 technology is in our society and where
 :04:25.259 --> 00:04:27.360
 we should go from here
 :04:27.360 --> 00:04:31.259
 so to start I need to tell you something
 :04:31.259 --> 00:04:34.680
 about myself that I still to this day
 :04:34.680 --> 00:04:38.100
 even though I have done probably 15
 :04:38.100 --> 00:04:40.199
 years worth of advocacy on this
 :04:40.199 --> 00:04:42.780
 particular Point uh always talking about
 :04:42.780 --> 00:04:45.660
 my medical condition is is always a
 :04:45.660 --> 00:04:47.880
 little stressful but I have a heart
 :04:47.880 --> 00:04:50.699
 condition I literally have a big heart
 :04:50.699 --> 00:04:53.100
 it's called hypertrophic cardiomyopathy
 :04:53.100 --> 00:04:55.620
 and my heart isn't just
 :04:55.620 --> 00:04:57.960
 um big it's really thick and so it's
 :04:57.960 --> 00:04:59.880
 really stiff when it meets and what that
 :04:59.880 --> 00:05:02.580
 means is that I am at a very high risk
 :05:02.580 --> 00:05:05.580
 of suddenly dying the medical term is
 :05:05.580 --> 00:05:07.400
 actually sudden death
 :05:07.400 --> 00:05:11.759
 so that's okay because I have a
 :05:11.759 --> 00:05:13.380
 pacemaker defibrillator that is
 :05:13.380 --> 00:05:16.199
 implanted in my body this picture is
 :05:16.199 --> 00:05:18.660
 actually the pacemaker defibrillator
 :05:18.660 --> 00:05:21.000
 that I used to have that you can see
 :05:21.000 --> 00:05:24.180
 kind of a dent in it that's because it
 :05:24.180 --> 00:05:27.720
 was where it was kind of pried out
 :05:27.720 --> 00:05:30.360
 um and I have one here if anyone is
 :05:30.360 --> 00:05:32.880
 curious can see it after this is the
 :05:32.880 --> 00:05:35.220
 model I have now which is a different
 :05:35.220 --> 00:05:37.199
 device
 :05:37.199 --> 00:05:41.759
 um so when I got this device I was
 :05:41.759 --> 00:05:45.720
 astounded by how little the doctors knew
 :05:45.720 --> 00:05:47.580
 about the technology that they were
 :05:47.580 --> 00:05:50.880
 plant and planting into patients bodies
 :05:50.880 --> 00:05:54.419
 they had not for one minute thought
 :05:54.419 --> 00:05:56.039
 about the fact that there was software
 :05:56.039 --> 00:05:58.199
 on those devices
 :05:58.199 --> 00:06:01.259
 and it had not even occurred to them
 :06:01.259 --> 00:06:03.240
 that you could
 :06:03.240 --> 00:06:05.460
 interact with that technology and that
 :06:05.460 --> 00:06:07.039
 anyone other than the medical device
 :06:07.039 --> 00:06:10.020
 manufacturers could have any control
 :06:10.020 --> 00:06:11.160
 over it
 :06:11.160 --> 00:06:13.680
 because I was an engineer turned lawyer
 :06:13.680 --> 00:06:16.560
 my first questions were about you know
 :06:16.560 --> 00:06:18.960
 can I see the software on my device I
 :06:18.960 --> 00:06:20.460
 mean I wanted to know about the safety
 :06:20.460 --> 00:06:22.919
 and efficacy and to do that what better
 :06:22.919 --> 00:06:25.620
 way than to review the software on my
 :06:25.620 --> 00:06:27.960
 device in addition to whatever other
 :06:27.960 --> 00:06:30.000
 materials that I could find and of
 :06:30.000 --> 00:06:32.460
 course what I found which won't surprise
 :06:32.460 --> 00:06:34.800
 anybody oh let's take a poll how many
 :06:34.800 --> 00:06:38.100
 people here are engineering or computer
 :06:38.100 --> 00:06:40.080
 science students
 :06:40.080 --> 00:06:42.660
 so that's like I'd say like a third
 :06:42.660 --> 00:06:44.639
 maybe even more
 :06:44.639 --> 00:06:47.400
 um anybody here studying law
 :06:47.400 --> 00:06:50.460
 oh amazing that's like a quarter
 :06:50.460 --> 00:06:52.020
 um what else should I ask
 :06:52.020 --> 00:06:54.840
 to know who else is here
 :06:54.840 --> 00:06:57.660
 uh students raise your hand
 :06:57.660 --> 00:07:00.479
 and that's like a third and uh any
 :07:00.479 --> 00:07:02.280
 faculty members
 :07:02.280 --> 00:07:04.500
 so like a few okay this is amazing
 :07:04.500 --> 00:07:05.639
 welcome
 :07:05.639 --> 00:07:08.580
 um so normally uh audiences kind of
 :07:08.580 --> 00:07:10.080
 cluster in one area or another and this
 :07:10.080 --> 00:07:11.639
 is really cool because you're all here
 :07:11.639 --> 00:07:13.680
 in one place
 :07:13.680 --> 00:07:17.220
 um and so it with with my background
 :07:17.220 --> 00:07:19.319
 um you know this launched me into a
 :07:19.319 --> 00:07:21.780
 whole research area and because I was a
 :07:21.780 --> 00:07:23.460
 I brought the legal skills I decided
 :07:23.460 --> 00:07:26.699
 that um well first my inner engineer
 :07:26.699 --> 00:07:29.639
 took over and so I asked the company for
 :07:29.639 --> 00:07:31.680
 the source code of course with no avail
 :07:31.680 --> 00:07:34.199
 going through phone trees talking to
 :07:34.199 --> 00:07:35.940
 people the all of my medical
 :07:35.940 --> 00:07:37.800
 professionals the doctors that I worked
 :07:37.800 --> 00:07:40.919
 with and the nurse practitioners
 :07:40.919 --> 00:07:42.720
 um couldn't really understand why I was
 :07:42.720 --> 00:07:44.340
 asking these questions or even what my
 :07:44.340 --> 00:07:47.880
 questions meant and ultimately I kept
 :07:47.880 --> 00:07:50.340
 getting shoved into various phone trees
 :07:50.340 --> 00:07:52.380
 to no avail and being told that someone
 :07:52.380 --> 00:07:55.919
 would get back to me and nobody ever did
 :07:55.919 --> 00:07:58.319
 um so I decided to file a bunch of
 :07:58.319 --> 00:08:00.240
 Freedom of Information Act requests in
 :08:00.240 --> 00:08:01.740
 the United States to see what I could
 :08:01.740 --> 00:08:04.440
 find about the FDA process in the United
 :08:04.440 --> 00:08:05.880
 States the Food and Drug Administration
 :08:05.880 --> 00:08:09.120
 process about these devices and what I
 :08:09.120 --> 00:08:11.340
 found was that there really wasn't very
 :08:11.340 --> 00:08:13.680
 much review at all on the software that
 :08:13.680 --> 00:08:16.259
 in fact in the United States we relied
 :08:16.259 --> 00:08:18.780
 on the companies who test these devices
 :08:18.780 --> 00:08:21.240
 to provide the reports about the safety
 :08:21.240 --> 00:08:23.940
 of the software on the devices
 :08:23.940 --> 00:08:26.879
 um and so this launched me into an
 :08:26.879 --> 00:08:28.740
 existential
 :08:28.740 --> 00:08:34.800
 crisis about my body the night before I
 :08:34.800 --> 00:08:37.080
 became I but before my surgery where I
 :08:37.080 --> 00:08:40.260
 got the defibrillator I had a party
 :08:40.260 --> 00:08:43.500
 which was a cyborg becoming party
 :08:43.500 --> 00:08:45.839
 I thought well if this is going to
 :08:45.839 --> 00:08:49.680
 happen we're gonna do it right and I
 :08:49.680 --> 00:08:51.660
 realized that as this software was
 :08:51.660 --> 00:08:54.480
 becoming a part of my life and my body
 :08:54.480 --> 00:08:56.720
 it also had to become a part of my work
 :08:56.720 --> 00:09:01.800
 and so I started I I used to think that
 :09:01.800 --> 00:09:04.140
 open source was really cool
 :09:04.140 --> 00:09:06.839
 um raise your hand if you are familiar
 :09:06.839 --> 00:09:08.820
 with the term open source
 :09:08.820 --> 00:09:10.920
 that is almost everybody raise your hand
 :09:10.920 --> 00:09:12.240
 if you're familiar with the term free
 :09:12.240 --> 00:09:13.680
 software
 :09:13.680 --> 00:09:15.240
 that's
 :09:15.240 --> 00:09:17.519
 almost everybody again this is so great
 :09:17.519 --> 00:09:19.440
 I'm gonna skip this
 :09:19.440 --> 00:09:22.860
 fantastic anyway because of all of and
 :09:22.860 --> 00:09:25.260
 sorry for people in the live stream
 :09:25.260 --> 00:09:28.399
 um but there is a lot of resources go to
 :09:28.399 --> 00:09:31.019
 sfconservancy.org if you click on the um
 :09:31.019 --> 00:09:33.540
 the learn more about Vizio button you'll
 :09:33.540 --> 00:09:34.920
 see and I'll get to that later but
 :09:34.920 --> 00:09:37.620
 there's a lot of introductory resources
 :09:37.620 --> 00:09:40.560
 um so so I work at the software Freedom
 :09:40.560 --> 00:09:42.300
 Conservancy where I was a co-founder
 :09:42.300 --> 00:09:44.339
 software Freedom Conservancy is a
 :09:44.339 --> 00:09:46.620
 us-based charitable organization where
 :09:46.620 --> 00:09:49.740
 we have three major areas of our work
 :09:49.740 --> 00:09:54.000
 the first one is we we cannot expect
 :09:54.000 --> 00:09:56.700
 people to move away from proprietary
 :09:56.700 --> 00:09:58.380
 software if they do not have
 :09:58.380 --> 00:10:01.560
 alternatives to move to so we are a
 :10:01.560 --> 00:10:03.420
 fiscal sponsor and we have a lot of
 :10:03.420 --> 00:10:05.519
 member projects that are developing free
 :10:05.519 --> 00:10:07.440
 and open source solutions that we can
 :10:07.440 --> 00:10:10.260
 use instead of um
 :10:10.260 --> 00:10:13.140
 proprietary software and so that's our
 :10:13.140 --> 00:10:18.300
 first branch
 :10:18.300 --> 00:10:20.519
 our second branch is called outreachy
 :10:20.519 --> 00:10:25.260
 and um and this came about because as
 :10:25.260 --> 00:10:26.820
 um as
 :10:26.820 --> 00:10:31.440
 as people in a deeply technical field we
 :10:31.440 --> 00:10:33.660
 realize that that field was not well
 :10:33.660 --> 00:10:35.160
 represented
 :10:35.160 --> 00:10:38.640
 um it started out personally where where
 :10:38.640 --> 00:10:40.680
 folks realized that
 :10:40.680 --> 00:10:42.240
 um uh
 :10:42.240 --> 00:10:45.000
 when we ask people to apply to programs
 :10:45.000 --> 00:10:46.920
 and participate in our events there
 :10:46.920 --> 00:10:49.680
 simply were no women and personally for
 :10:49.680 --> 00:10:53.399
 me I noticed that at so many conferences
 :10:53.399 --> 00:10:56.820
 I was the only woman in really a sea of
 :10:56.820 --> 00:10:59.940
 people and it was uh it was it was
 :10:59.940 --> 00:11:01.339
 steeply surprising
 :11:01.339 --> 00:11:04.980
 and uh and often off-putting the number
 :11:04.980 --> 00:11:08.000
 of sexist comments that were made
 :11:08.000 --> 00:11:12.600
 assumptions about my capabilities were
 :11:12.600 --> 00:11:17.160
 very demoralizing I would stand next to
 :11:17.160 --> 00:11:19.320
 another executive director of a
 :11:19.320 --> 00:11:22.140
 non-profit in Tech who was a man and
 :11:22.140 --> 00:11:24.540
 people would assume that he had a
 :11:24.540 --> 00:11:26.640
 technical background and I didn't but he
 :11:26.640 --> 00:11:29.160
 was a marketer and I was an engineer it
 :11:29.160 --> 00:11:32.579
 was very surprising and so and so not
 :11:32.579 --> 00:11:34.140
 just not from my personal experiences
 :11:34.140 --> 00:11:36.120
 but but from the experiences the
 :11:36.120 --> 00:11:36.980
 community
 :11:36.980 --> 00:11:40.320
 a woman named Marina zurahin skya who
 :11:40.320 --> 00:11:43.560
 unfortunately died in June of breast
 :11:43.560 --> 00:11:46.500
 cancer after a wonderful three-year
 :11:46.500 --> 00:11:47.540
 fight
 :11:47.540 --> 00:11:50.399
 she founded this this program with the
 :11:50.399 --> 00:11:52.019
 gnome foundation and I came soon after
 :11:52.019 --> 00:11:53.940
 and we built it up together this program
 :11:53.940 --> 00:11:56.579
 provides internships to people who are
 :11:56.579 --> 00:11:58.500
 subject to systemic bias and who are
 :11:58.500 --> 00:12:00.779
 impacted by underrepresentation and the
 :12:00.779 --> 00:12:03.420
 idea is that but our experience was as
 :12:03.420 --> 00:12:06.240
 women and the dearth of women in
 :12:06.240 --> 00:12:09.079
 technology and in the field was really
 :12:09.079 --> 00:12:13.079
 Stark but the Discrimination runs deep
 :12:13.079 --> 00:12:18.420
 in technology in general and in order to
 :12:18.420 --> 00:12:21.180
 Rectify it we need to do something
 :12:21.180 --> 00:12:25.200
 actively to invite people technology not
 :12:25.200 --> 00:12:26.060
 only
 :12:26.060 --> 00:12:30.120
 has a horrible impact by reinforcing the
 :12:30.120 --> 00:12:33.540
 biases of people who make it but we know
 :12:33.540 --> 00:12:36.000
 that our technology will not serve
 :12:36.000 --> 00:12:38.399
 everyone until it is made by everyone
 :12:38.399 --> 00:12:41.040
 and so giving people a chance to
 :12:41.040 --> 00:12:42.899
 overcome the biases and discrimination
 :12:42.899 --> 00:12:45.360
 that they have experienced has become an
 :12:45.360 --> 00:12:47.339
 important part of the program that we do
 :12:47.339 --> 00:12:48.720
 so we call it outreachy it's an
 :12:48.720 --> 00:12:49.920
 internship program where we do paid
 :12:49.920 --> 00:12:53.279
 remote internships twice a year with
 :12:53.279 --> 00:12:55.980
 open source communities students are
 :12:55.980 --> 00:12:57.540
 very welcome but you don't have to be a
 :12:57.540 --> 00:12:59.940
 student to apply to it just tell us
 :12:59.940 --> 00:13:01.860
 about the systemic bias and
 :13:01.860 --> 00:13:03.300
 underrepresentation that you've
 :13:03.300 --> 00:13:05.880
 experienced and that's the eligibility
 :13:05.880 --> 00:13:08.459
 and then it's it's an amazing mentorship
 :13:08.459 --> 00:13:09.540
 program
 :13:09.540 --> 00:13:11.820
 um anyway it's uh it's been running for
 :13:11.820 --> 00:13:13.920
 over 10 years now and this summer we'll
 :13:13.920 --> 00:13:16.500
 get to a thousand interns I am really
 :13:16.500 --> 00:13:18.540
 really excited about that
 :13:18.540 --> 00:13:22.200
 um and so uh that is the second area the
 :13:22.200 --> 00:13:25.019
 third area of the work that we do at
 :13:25.019 --> 00:13:27.420
 software Freedom Conservancy is is
 :13:27.420 --> 00:13:29.880
 focusing on copy left raise your hand if
 :13:29.880 --> 00:13:31.920
 you are familiar with the with copy left
 :13:31.920 --> 00:13:33.360
 licensing
 :13:33.360 --> 00:13:35.279
 okay so that's about half of the
 :13:35.279 --> 00:13:37.920
 audience copied left licensing is a form
 :13:37.920 --> 00:13:40.019
 of free and open source software so it's
 :13:40.019 --> 00:13:43.680
 a subset of licenses that are are free
 :13:43.680 --> 00:13:47.100
 and open copy left licenses are licenses
 :13:47.100 --> 00:13:48.779
 that have a provision that people call
 :13:48.779 --> 00:13:51.660
 reciprocal detractors used to call it
 :13:51.660 --> 00:13:54.300
 viral until viral was cool
 :13:54.300 --> 00:13:56.639
 um and it basically our licenses that
 :13:56.639 --> 00:13:58.860
 say you can do whatever you want with
 :13:58.860 --> 00:14:01.380
 this software you can study it you can
 :14:01.380 --> 00:14:03.240
 share it you can make changes you can
 :14:03.240 --> 00:14:05.100
 share those changes but
 :14:05.100 --> 00:14:07.139
 if you distribute it or share those
 :14:07.139 --> 00:14:09.839
 changes you must do it under the same
 :14:09.839 --> 00:14:12.000
 license and you must give rights to
 :14:12.000 --> 00:14:15.480
 everybody who receives it and so with at
 :14:15.480 --> 00:14:18.240
 software Freedom Conservancy we are the
 :14:18.240 --> 00:14:20.459
 folks that stand up for these licenses
 :14:20.459 --> 00:14:22.740
 when companies violate them and I'll get
 :14:22.740 --> 00:14:24.959
 more to that a little bit later
 :14:24.959 --> 00:14:27.899
 and so doing this work at software
 :14:27.899 --> 00:14:30.420
 Freedom Conservancy you know it followed
 :14:30.420 --> 00:14:32.459
 on that
 :14:32.459 --> 00:14:35.940
 um what I the trying to find ways to
 :14:35.940 --> 00:14:37.200
 empower
 :14:37.200 --> 00:14:40.860
 people impacted by technology in the
 :14:40.860 --> 00:14:42.540
 face of the helplessness that I felt
 :14:42.540 --> 00:14:44.579
 about my defibrillator I just wanted to
 :14:44.579 --> 00:14:46.980
 see what was inside my own body and it
 :14:46.980 --> 00:14:49.440
 was really about the accountability of
 :14:49.440 --> 00:14:51.480
 it the auditability of it you know if
 :14:51.480 --> 00:14:53.220
 you can't review it how do you know it's
 :14:53.220 --> 00:14:55.500
 safe right if you can't test it how do
 :14:55.500 --> 00:14:57.180
 you know it's safe
 :14:57.180 --> 00:14:58.139
 um
 :14:58.139 --> 00:15:00.899
 so I for me it was all about this kind
 :15:00.899 --> 00:15:03.959
 of transparency argument and then what's
 :15:03.959 --> 00:15:05.760
 been so fascinating is that as I've
 :15:05.760 --> 00:15:08.040
 lived with my device
 :15:08.040 --> 00:15:10.139
 different things in my life have come up
 :15:10.139 --> 00:15:13.380
 from time to time that have changed my
 :15:13.380 --> 00:15:15.120
 understanding of the ways in which
 :15:15.120 --> 00:15:17.760
 technology impacts people this is a
 :15:17.760 --> 00:15:19.920
 picture of me when I was almost I think
 :15:19.920 --> 00:15:21.839
 I was nine months pregnant
 :15:21.839 --> 00:15:25.620
 um I it was a fun trip but uh but it was
 :15:25.620 --> 00:15:26.820
 the very last one
 :15:26.820 --> 00:15:30.420
 um but yeah so when I was pregnant uh
 :15:30.420 --> 00:15:32.579
 because I have a heart condition my
 :15:32.579 --> 00:15:35.220
 heart did no sorry I have a heart
 :15:35.220 --> 00:15:36.600
 condition but my heart was doing
 :15:36.600 --> 00:15:38.639
 something that normal pregnant like
 :15:38.639 --> 00:15:40.079
 people without heart condition pregnant
 :15:40.079 --> 00:15:42.480
 women normally do my heart was
 :15:42.480 --> 00:15:44.160
 palpitating which is something that
 :15:44.160 --> 00:15:46.199
 happens to a quarter to a third of all
 :15:46.199 --> 00:15:48.779
 women who have babies some people are
 :15:48.779 --> 00:15:50.519
 nodding in the audience because they've
 :15:50.519 --> 00:15:52.320
 either experience this or know people
 :15:52.320 --> 00:15:53.699
 who've experienced it it's very very
 :15:53.699 --> 00:15:57.380
 common but because I had a defibrillator
 :15:57.380 --> 00:16:01.680
 and I was palpitating my defibrillator
 :16:01.680 --> 00:16:03.660
 thought that my palpitations were a
 :16:03.660 --> 00:16:05.820
 dangerous Rhythm and that I needed to be
 :16:05.820 --> 00:16:08.639
 shocked and so my defibrillator shocked
 :16:08.639 --> 00:16:09.380
 me
 :16:09.380 --> 00:16:13.019
 unnecessarily multiple times and the
 :16:13.019 --> 00:16:16.199
 only way to stop it from unnecessarily
 :16:16.199 --> 00:16:18.240
 treating me and shocking me over and
 :16:18.240 --> 00:16:21.060
 over was to go on drugs to slow my heart
 :16:21.060 --> 00:16:22.440
 rate down
 :16:22.440 --> 00:16:25.320
 so I went on those drugs which were okay
 :16:25.320 --> 00:16:27.180
 it was tough it was hard to walk up a
 :16:27.180 --> 00:16:28.380
 flight of stairs
 :16:28.380 --> 00:16:30.899
 um during that time but it was temporary
 :16:30.899 --> 00:16:34.380
 I took those drugs it was fine and the
 :16:34.380 --> 00:16:36.060
 baby was born being pregnant as a
 :16:36.060 --> 00:16:38.940
 temporary condition and here we are but
 :16:38.940 --> 00:16:45.060
 as I thought about it I realized that
 :16:45.060 --> 00:16:46.279
 :16:46.279 --> 00:16:49.259
 of defibrillators go to people under the
 :16:49.259 --> 00:16:50.940
 age of 65.
 :16:50.940 --> 00:16:56.639
 only 15 percent and only 44 go to women
 :16:56.639 --> 00:17:00.060
 so the set of people who are pregnant
 :17:00.060 --> 00:17:03.740
 with defibrillators is teeny teeny tiny
 :17:03.740 --> 00:17:06.839
 my use case was simply not something
 :17:06.839 --> 00:17:08.280
 that was contemplated by the
 :17:08.280 --> 00:17:10.260
 manufacturers of the device
 :17:10.260 --> 00:17:13.439
 no one at the device manufacturer wanted
 :17:13.439 --> 00:17:16.559
 pregnant people getting shocked what a
 :17:16.559 --> 00:17:18.600
 nightmare right and nobody wants that
 :17:18.600 --> 00:17:20.459
 you'll make medical devices to help
 :17:20.459 --> 00:17:23.280
 people not to put them in trouble but I
 :17:23.280 --> 00:17:25.020
 was an edge case something that hadn't
 :17:25.020 --> 00:17:27.660
 been contemplated and consequently
 :17:27.660 --> 00:17:30.120
 because my use case wasn't the primary
 :17:30.120 --> 00:17:32.820
 use case I was out of luck there was
 :17:32.820 --> 00:17:35.280
 nothing I could do I couldn't get
 :17:35.280 --> 00:17:36.720
 together with all the other pregnant
 :17:36.720 --> 00:17:39.240
 people and find out if we could adjust
 :17:39.240 --> 00:17:41.460
 the algorithms on the software or take
 :17:41.460 --> 00:17:43.620
 other precautions to try to evaluate if
 :17:43.620 --> 00:17:45.299
 we could edit the software to make it
 :17:45.299 --> 00:17:46.440
 different
 :17:46.440 --> 00:17:48.900
 I just had to stick with whatever the
 :17:48.900 --> 00:17:51.720
 device manufacturer told me and that was
 :17:51.720 --> 00:17:55.500
 that and uh that helplessness made me
 :17:55.500 --> 00:17:58.020
 realize that it wasn't just about the
 :17:58.020 --> 00:18:00.419
 transparency and auditability of the
 :18:00.419 --> 00:18:04.200
 source code but it is about power it is
 :18:04.200 --> 00:18:07.679
 about control it is about the ability to
 :18:07.679 --> 00:18:10.380
 do something about your own situation
 :18:10.380 --> 00:18:13.919
 and having this having any software that
 :18:13.919 --> 00:18:16.740
 you rely on isn't about whether
 :18:16.740 --> 00:18:19.140
 something can go wrong it's about when
 :18:19.140 --> 00:18:21.120
 it will go wrong I used to give talks
 :18:21.120 --> 00:18:22.380
 about this and I used to have to give
 :18:22.380 --> 00:18:24.600
 all of these examples of you know I had
 :18:24.600 --> 00:18:26.940
 pictures of hacked cars and pictures of
 :18:26.940 --> 00:18:29.220
 you know which had funny pictures of
 :18:29.220 --> 00:18:31.320
 people who thought the car that thought
 :18:31.320 --> 00:18:32.700
 it was in park but it was going 100
 :18:32.700 --> 00:18:35.220
 miles an hour you know or whatever and
 :18:35.220 --> 00:18:37.679
 all these examples new ones every year
 :18:37.679 --> 00:18:39.480
 but I don't need to do that anymore
 :18:39.480 --> 00:18:42.539
 because there are so many examples of
 :18:42.539 --> 00:18:47.520
 software being controlled either through
 :18:47.520 --> 00:18:50.280
 um security research for studies through
 :18:50.280 --> 00:18:53.280
 actual malicious attacks or elsewhere in
 :18:53.280 --> 00:18:54.960
 our society that I don't even need to
 :18:54.960 --> 00:18:56.520
 establish it to you because we all know
 :18:56.520 --> 00:18:59.360
 how dire it is and it is not about
 :18:59.360 --> 00:19:01.440
 whether something will go wrong it's
 :19:01.440 --> 00:19:03.660
 about what it will go wrong and what
 :19:03.660 --> 00:19:05.580
 will we be able to do about it when it
 :19:05.580 --> 00:19:08.400
 does will we have to wait for the
 :19:08.400 --> 00:19:11.039
 company that has the problem to admit
 :19:11.039 --> 00:19:13.500
 that there's an error and then try to
 :19:13.500 --> 00:19:15.299
 figure out what's wrong or will we have
 :19:15.299 --> 00:19:17.820
 control over that technology ourselves
 :19:17.820 --> 00:19:20.520
 so that we can do something about it and
 :19:20.520 --> 00:19:22.500
 build organizational structures to be
 :19:22.500 --> 00:19:25.740
 able to to take action
 :19:25.740 --> 00:19:29.340
 now again so many examples that come up
 :19:29.340 --> 00:19:31.980
 every year one came up this last year
 :19:31.980 --> 00:19:33.660
 that I wanted to highlight because it
 :19:33.660 --> 00:19:35.039
 was so poignant
 :19:35.039 --> 00:19:36.780
 um these are pictures of patients who
 :19:36.780 --> 00:19:39.960
 had an implant called Second Sight
 :19:39.960 --> 00:19:43.200
 um it was a an ocular implant that
 :19:43.200 --> 00:19:45.720
 allowed people who previously had lost
 :19:45.720 --> 00:19:49.799
 Vision to see not you know to see some
 :19:49.799 --> 00:19:51.419
 range of vision
 :19:51.419 --> 00:19:56.880
 um the um the person on your right was
 :19:56.880 --> 00:20:02.100
 uh was uh was on the subway she recounts
 :20:02.100 --> 00:20:06.780
 the day when her implant stopped working
 :20:06.780 --> 00:20:09.240
 the company that made these devices
 :20:09.240 --> 00:20:11.520
 second site
 :20:11.520 --> 00:20:14.340
 had run out of funding it was a startup
 :20:14.340 --> 00:20:16.140
 it was very promising and had early
 :20:16.140 --> 00:20:19.440
 investment but ultimately it did not
 :20:19.440 --> 00:20:22.740
 have financial support and so the
 :20:22.740 --> 00:20:25.620
 software updates stopped coming and that
 :20:25.620 --> 00:20:27.539
 Hardware stopped working
 :20:27.539 --> 00:20:31.080
 people who could see could no longer see
 :20:31.080 --> 00:20:34.200
 these people have devices implanted in
 :20:34.200 --> 00:20:36.600
 their bodies they have implants in their
 :20:36.600 --> 00:20:39.900
 eyes that it is dangerous to remove that
 :20:39.900 --> 00:20:42.539
 do nothing because they can't be updated
 :20:42.539 --> 00:20:45.419
 or and can't be repaired
 :20:45.419 --> 00:20:47.640
 and what's fascinating about it is that
 :20:47.640 --> 00:20:51.120
 these devices could absolutely work if
 :20:51.120 --> 00:20:54.240
 they can only have access to the
 :20:54.240 --> 00:20:56.520
 software if they could only update it
 :20:56.520 --> 00:21:00.179
 and uh it's not just this one company's
 :21:00.179 --> 00:21:02.340
 experience the same thing has happened
 :21:02.340 --> 00:21:05.340
 in other areas Cochlear implants there
 :21:05.340 --> 00:21:07.140
 is a whole range of medical devices
 :21:07.140 --> 00:21:09.480
 where this has happened where startups
 :21:09.480 --> 00:21:11.400
 have developed exciting promising new
 :21:11.400 --> 00:21:14.940
 technology and then relied on VC and
 :21:14.940 --> 00:21:18.600
 other investment and has you know those
 :21:18.600 --> 00:21:21.240
 patients are just abandoned you could
 :21:21.240 --> 00:21:24.840
 have a whole other talk on standards and
 :21:24.840 --> 00:21:27.360
 how the the hardware component and and
 :21:27.360 --> 00:21:29.720
 other kinds of communication components
 :21:29.720 --> 00:21:32.659
 absolutely need to be standardized
 :21:32.659 --> 00:21:35.460
 but the software component is one
 :21:35.460 --> 00:21:37.860
 important piece of this and it's not
 :21:37.860 --> 00:21:40.740
 just this tremendous number of medical
 :21:40.740 --> 00:21:44.340
 devices that are in this situation it's
 :21:44.340 --> 00:21:46.679
 almost every other device I like talking
 :21:46.679 --> 00:21:48.900
 about my medical device because it's
 :21:48.900 --> 00:21:51.059
 deeply personal I can tell you my
 :21:51.059 --> 00:21:52.440
 experience and I can tell you what I
 :21:52.440 --> 00:21:54.960
 know but it's also a really easy
 :21:54.960 --> 00:21:58.140
 metaphor it's so critical to my life
 :21:58.140 --> 00:22:00.480
 it's literally sewn into my body and
 :22:00.480 --> 00:22:02.220
 screwed into my heart
 :22:02.220 --> 00:22:04.320
 but it's not the only software that I
 :22:04.320 --> 00:22:07.440
 rely on every day and the thing is that
 :22:07.440 --> 00:22:09.780
 we don't even know which software is
 :22:09.780 --> 00:22:11.460
 going to be our most critical software
 :22:11.460 --> 00:22:14.280
 we don't know what software we're going
 :22:14.280 --> 00:22:15.480
 to rely on that is going to fail because
 :22:15.480 --> 00:22:19.080
 we rely on so much software for every
 :22:19.080 --> 00:22:21.240
 part of our life lives for our most
 :22:21.240 --> 00:22:24.780
 intimate Communications for our banking
 :22:24.780 --> 00:22:27.960
 for everything and we are not in control
 :22:27.960 --> 00:22:29.520
 as
 :22:29.520 --> 00:22:34.380
 as individuals as a public of a vast
 :22:34.380 --> 00:22:37.440
 majority of that software
 :22:37.440 --> 00:22:40.440
 um so uh and and one of the things that
 :22:40.440 --> 00:22:43.020
 really astounds me is that a lot of
 :22:43.020 --> 00:22:45.299
 companies that are Distributing their
 :22:45.299 --> 00:22:48.299
 software are doing so without ever
 :22:48.299 --> 00:22:50.940
 having the source code of the software
 :22:50.940 --> 00:22:52.919
 that they ship themselves so they have a
 :22:52.919 --> 00:22:54.600
 vendor that gives them the software they
 :22:54.600 --> 00:22:56.580
 put it on their products they get it out
 :22:56.580 --> 00:22:58.919
 into market and
 :22:58.919 --> 00:23:00.720
 even if there's a problem those
 :23:00.720 --> 00:23:02.580
 companies can't do anything about it and
 :23:02.580 --> 00:23:05.280
 so we're left with we're we're left with
 :23:05.280 --> 00:23:06.539
 the short end of the stick we're left
 :23:06.539 --> 00:23:09.720
 with these devices that don't work and
 :23:09.720 --> 00:23:12.539
 um and with uh with software that can't
 :23:12.539 --> 00:23:14.940
 be adjusted to our use
 :23:14.940 --> 00:23:16.620
 so
 :23:16.620 --> 00:23:19.919
 free and open source software is an
 :23:19.919 --> 00:23:22.080
 alternative to this because if we had
 :23:22.080 --> 00:23:24.179
 access to the source code if we had
 :23:24.179 --> 00:23:26.340
 access to that software we would be able
 :23:26.340 --> 00:23:28.260
 to change that software we would be able
 :23:28.260 --> 00:23:31.380
 to get together even if you are not a
 :23:31.380 --> 00:23:33.240
 developer yourself even if you're not
 :23:33.240 --> 00:23:34.980
 technical you could work with other
 :23:34.980 --> 00:23:36.980
 people to do it you could hire someone
 :23:36.980 --> 00:23:40.980
 even if I wanted to hire even if I were
 :23:40.980 --> 00:23:43.320
 very wealthy and wanted to hire a
 :23:43.320 --> 00:23:45.539
 medical professional to customize my
 :23:45.539 --> 00:23:47.880
 defibrillator for me I would be unable
 :23:47.880 --> 00:23:49.320
 to do it
 :23:49.320 --> 00:23:53.700
 so with free and open source software
 :23:53.700 --> 00:23:56.159
 we have a chance free and open source
 :23:56.159 --> 00:23:57.720
 software it's funny advocating for
 :23:57.720 --> 00:24:00.299
 software freedom is tough because I
 :24:00.299 --> 00:24:02.460
 can't say that open source software is
 :24:02.460 --> 00:24:03.480
 better
 :24:03.480 --> 00:24:04.679
 can't say that free software There's
 :24:04.679 --> 00:24:06.780
 Something Magic about free software
 :24:06.780 --> 00:24:08.880
 where if you publish it it's going to be
 :24:08.880 --> 00:24:10.740
 you're going to have a better experience
 :24:10.740 --> 00:24:13.020
 it will be safer or better or faster or
 :24:13.020 --> 00:24:15.539
 more reliable but what I can say is that
 :24:15.539 --> 00:24:16.860
 with free and open source software it
 :24:16.860 --> 00:24:18.960
 has a chance we can test it and we can
 :24:18.960 --> 00:24:20.460
 do something about it when things go
 :24:20.460 --> 00:24:21.419
 wrong
 :24:21.419 --> 00:24:25.260
 and so uh
 :24:25.260 --> 00:24:27.440
 copy lifted software
 :24:27.440 --> 00:24:30.539
 in particular where
 :24:30.539 --> 00:24:34.380
 we have this this snowballing nature
 :24:34.380 --> 00:24:36.960
 right copy left at software is software
 :24:36.960 --> 00:24:38.700
 where if you're if companies are
 :24:38.700 --> 00:24:40.620
 Distributing that software they have to
 :24:40.620 --> 00:24:43.640
 provide this the source code when asked
 :24:43.640 --> 00:24:46.500
 and those rights
 :24:46.500 --> 00:24:50.360
 um uh travel with the software and so
 :24:50.360 --> 00:24:53.940
 there's copy lifted software in actually
 :24:53.940 --> 00:24:56.460
 a ton of devices that are in the market
 :24:56.460 --> 00:24:58.980
 you basically can't go anywhere or do
 :24:58.980 --> 00:25:01.080
 anything without encountering something
 :25:01.080 --> 00:25:04.140
 that has Linux in it right like raise
 :25:04.140 --> 00:25:07.500
 your hand if you have an Android phone
 :25:07.500 --> 00:25:10.140
 it's like three quarters of the audience
 :25:10.140 --> 00:25:12.419
 all right I want out the Apple people
 :25:12.419 --> 00:25:14.640
 but you know who you are
 :25:14.640 --> 00:25:18.659
 um so uh uh and again it's not
 :25:18.659 --> 00:25:20.880
 necessarily that one is is better than
 :25:20.880 --> 00:25:23.100
 the other like some devices that are
 :25:23.100 --> 00:25:25.620
 proprietary may be more secure right now
 :25:25.620 --> 00:25:28.380
 they may be you know they they may have
 :25:28.380 --> 00:25:30.900
 features that um that products that are
 :25:30.900 --> 00:25:32.940
 based with more free and open source
 :25:32.940 --> 00:25:35.520
 software products don't have but over
 :25:35.520 --> 00:25:36.720
 time
 :25:36.720 --> 00:25:39.299
 we are stuck not being able to make them
 :25:39.299 --> 00:25:41.760
 the way we want them to be because they
 :25:41.760 --> 00:25:43.620
 are proprietary and they're a complete
 :25:43.620 --> 00:25:45.179
 Black Box to us
 :25:45.179 --> 00:25:48.720
 so the Linux kernel and other free and
 :25:48.720 --> 00:25:50.220
 open source software products are
 :25:50.220 --> 00:25:52.679
 software is on more than 80 of mobile
 :25:52.679 --> 00:25:54.299
 devices if you count the Android market
 :25:54.299 --> 00:25:56.820
 and 90 of super computers in New York
 :25:56.820 --> 00:25:59.640
 Stock Exchange runs on it it's basically
 :25:59.640 --> 00:26:03.000
 and everywhere it's also in TVs and um
 :26:03.000 --> 00:26:05.059
 every product if you go into a lot of
 :26:05.059 --> 00:26:07.740
 kitchens and homes you'll find lots and
 :26:07.740 --> 00:26:10.080
 lots of devices now I mentioned TVs
 :26:10.080 --> 00:26:11.580
 because
 :26:11.580 --> 00:26:14.580
 um this is a Vizio TV
 :26:14.580 --> 00:26:16.799
 um and uh
 :26:16.799 --> 00:26:18.860
 software Freedom Conservancy sued them
 :26:18.860 --> 00:26:21.720
 and the reason that we sued them was
 :26:21.720 --> 00:26:24.779
 because we wanted to use
 :26:24.779 --> 00:26:28.440
 some Vizio TVs and they have copy left
 :26:28.440 --> 00:26:31.200
 it software in it so we wanted to use
 :26:31.200 --> 00:26:33.360
 those TVs for a variety of things we
 :26:33.360 --> 00:26:34.320
 have a few
 :26:34.320 --> 00:26:35.600
 um uh
 :26:35.600 --> 00:26:37.620
 some grants that we had written that
 :26:37.620 --> 00:26:39.779
 we'd hope to be able to use these these
 :26:39.779 --> 00:26:44.539
 TVs for but when we when we got the TVs
 :26:44.539 --> 00:26:48.480
 we uh well we first got TV
 :26:48.480 --> 00:26:50.520
 well we've got the original we were just
 :26:50.520 --> 00:26:53.039
 like got some Vizio TVs and they had no
 :26:53.039 --> 00:26:55.620
 um no uh no Source or an offer for
 :26:55.620 --> 00:26:57.360
 source and we worked with Vizio to try
 :26:57.360 --> 00:26:59.100
 to get into compliance
 :26:59.100 --> 00:27:01.980
 um and uh after years of talking to them
 :27:01.980 --> 00:27:04.080
 um they had provided some incomplete
 :27:04.080 --> 00:27:05.520
 source code but had not come into
 :27:05.520 --> 00:27:07.799
 compliance yet and years later when we
 :27:07.799 --> 00:27:09.659
 went to buy some more TVs to do the
 :27:09.659 --> 00:27:12.360
 product project we wanted to do they had
 :27:12.360 --> 00:27:13.380
 no
 :27:13.380 --> 00:27:15.720
 Source or offer for source so copyleft
 :27:15.720 --> 00:27:17.640
 licenses require that you either have to
 :27:17.640 --> 00:27:19.440
 provide the source code along with the
 :27:19.440 --> 00:27:21.000
 distribution so if you buy a TV it's got
 :27:21.000 --> 00:27:23.159
 to have the source code on it and if it
 :27:23.159 --> 00:27:24.779
 doesn't have the source code then you
 :27:24.779 --> 00:27:26.220
 have to at least provide an offer you
 :27:26.220 --> 00:27:27.960
 have to tell people that it's there and
 :27:27.960 --> 00:27:29.159
 you have to tell them how they can get
 :27:29.159 --> 00:27:30.480
 it
 :27:30.480 --> 00:27:33.419
 um and these TVs didn't have
 :27:33.419 --> 00:27:35.220
 either
 :27:35.220 --> 00:27:38.039
 um so even after us having talked to
 :27:38.039 --> 00:27:39.779
 them they were just flagrantly ignoring
 :27:39.779 --> 00:27:42.179
 their obligations and so we at software
 :27:42.179 --> 00:27:44.580
 Freedom Conservancy filed a lawsuit
 :27:44.580 --> 00:27:46.799
 but this lawsuit that we filed was a
 :27:46.799 --> 00:27:49.020
 consumer rights lawsuit
 :27:49.020 --> 00:27:52.320
 the lawsuit was basically uh we we filed
 :27:52.320 --> 00:27:55.860
 it as a purchaser of televisions which
 :27:55.860 --> 00:27:58.919
 uh with respect to copy left licensing I
 :27:58.919 --> 00:28:00.960
 think has never been done before and we
 :28:00.960 --> 00:28:05.700
 said that because the license the um the
 :28:05.700 --> 00:28:09.059
 licenses of the software on the TVs
 :28:09.059 --> 00:28:11.460
 gives rights to third parties it says
 :28:11.460 --> 00:28:15.539
 that the um uh that all third parties
 :28:15.539 --> 00:28:18.000
 will have a have a right where you have
 :28:18.000 --> 00:28:19.740
 to make sure that they receive or can
 :28:19.740 --> 00:28:21.960
 get the source code and that you must
 :28:21.960 --> 00:28:24.480
 show them the um these terms so that
 :28:24.480 --> 00:28:26.640
 they know that they have this right
 :28:26.640 --> 00:28:30.539
 um and so our lawsuit says that um that
 :28:30.539 --> 00:28:32.460
 because we have this right they have to
 :28:32.460 --> 00:28:35.760
 give us the source code which is also a
 :28:35.760 --> 00:28:37.320
 a third it's called third party
 :28:37.320 --> 00:28:39.960
 beneficiary in in the United States and
 :28:39.960 --> 00:28:42.000
 it's a contract law claim rather than a
 :28:42.000 --> 00:28:43.679
 copyright claim
 :28:43.679 --> 00:28:46.200
 um and we uh we asked for what we call
 :28:46.200 --> 00:28:49.559
 specific performance which is uh when
 :28:49.559 --> 00:28:52.200
 you bring a lawsuit you can ask for
 :28:52.200 --> 00:28:54.240
 um for money usually you can say look
 :28:54.240 --> 00:28:56.760
 I've been injured here somebody wronged
 :28:56.760 --> 00:28:59.760
 me and uh and the way to handle it is
 :28:59.760 --> 00:29:01.620
 that they need to compensate me and most
 :29:01.620 --> 00:29:03.779
 consumer rights lawsuits that you hear
 :29:03.779 --> 00:29:05.760
 about are class actions where they get
 :29:05.760 --> 00:29:07.500
 settlements and everybody gets a payout
 :29:07.500 --> 00:29:10.380
 of ten dollars or whatever but the
 :29:10.380 --> 00:29:12.659
 amount in whole is great because it it's
 :29:12.659 --> 00:29:14.340
 a big penalty overall and it gets
 :29:14.340 --> 00:29:16.620
 companies to change but what we're
 :29:16.620 --> 00:29:18.720
 asking for is a little bit different in
 :29:18.720 --> 00:29:20.700
 this case it's a contract case and what
 :29:20.700 --> 00:29:23.399
 we're asking for is the actual excuse me
 :29:23.399 --> 00:29:25.740
 the actual software itself
 :29:25.740 --> 00:29:26.580
 um
 :29:26.580 --> 00:29:28.679
 so uh so we want the complete and
 :29:28.679 --> 00:29:30.299
 corresponding source code which is what
 :29:30.299 --> 00:29:31.860
 the license says that we're able to do
 :29:31.860 --> 00:29:33.779
 and the script we should be able to get
 :29:33.779 --> 00:29:35.580
 and the scripts to control compilation
 :29:35.580 --> 00:29:38.159
 and installation so we should be able to
 :29:38.159 --> 00:29:39.840
 replace the software on the TV the
 :29:39.840 --> 00:29:42.299
 license says so and we want to do it and
 :29:42.299 --> 00:29:45.179
 Vizio didn't even provide any offer for
 :29:45.179 --> 00:29:46.799
 Source or the source itself
 :29:46.799 --> 00:29:51.059
 and so uh Vizio tried to try to get rid
 :29:51.059 --> 00:29:52.559
 of it by saying oh these people at
 :29:52.559 --> 00:29:54.360
 software Freedom Conservancy they're
 :29:54.360 --> 00:29:56.039
 really bringing a copyright case but
 :29:56.039 --> 00:29:58.320
 they're doing all this tap dancing to
 :29:58.320 --> 00:30:01.440
 make it seem like a contract case but so
 :30:01.440 --> 00:30:03.179
 they removed it to
 :30:03.179 --> 00:30:04.860
 um to federal court in the United States
 :30:04.860 --> 00:30:07.200
 and the federal judge said actually
 :30:07.200 --> 00:30:09.419
 these people have a claim this is cut
 :30:09.419 --> 00:30:12.059
 this this sounds reasonable so it's been
 :30:12.059 --> 00:30:13.860
 romantic back to State Court this stuff
 :30:13.860 --> 00:30:16.200
 takes forever it'll probably be a long
 :30:16.200 --> 00:30:17.940
 time before there's any resolution or
 :30:17.940 --> 00:30:19.620
 movement in it but I wanted to talk
 :30:19.620 --> 00:30:21.539
 about it because we're bringing these
 :30:21.539 --> 00:30:25.200
 novel actions to connect the fact that
 :30:25.200 --> 00:30:27.899
 um that people have to think about their
 :30:27.899 --> 00:30:30.360
 technology in terms of how it impacts
 :30:30.360 --> 00:30:32.580
 them and their lives that we have to
 :30:32.580 --> 00:30:34.860
 recognize that for millions of devices
 :30:34.860 --> 00:30:37.799
 we already have a right to see the
 :30:37.799 --> 00:30:40.080
 source code on those devices it's there
 :30:40.080 --> 00:30:43.200
 it's already there we just have to ask
 :30:43.200 --> 00:30:46.500
 for it and we just have to use it and
 :30:46.500 --> 00:30:48.360
 it's you know we used to have this is
 :30:48.360 --> 00:30:51.299
 like a real like old school I like this
 :30:51.299 --> 00:30:52.860
 picture because it reminds me of like an
 :30:52.860 --> 00:30:55.260
 old America you know right like and it's
 :30:55.260 --> 00:30:58.260
 like this dilapidated TV repair shop I
 :30:58.260 --> 00:31:00.720
 remember when there were TV repair shops
 :31:00.720 --> 00:31:03.240
 like in every couple of blocks in New
 :31:03.240 --> 00:31:05.340
 York I remember where people you'd have
 :31:05.340 --> 00:31:07.200
 to have it close because TVs were heavy
 :31:07.200 --> 00:31:08.880
 and there were so many people who needed
 :31:08.880 --> 00:31:10.260
 their TVs repaired that you would see
 :31:10.260 --> 00:31:12.360
 these all over now you don't see TV
 :31:12.360 --> 00:31:14.940
 repair shops at all and the reason is is
 :31:14.940 --> 00:31:16.559
 that when they break it's often the
 :31:16.559 --> 00:31:19.080
 software that isn't working and people
 :31:19.080 --> 00:31:22.440
 say uh it's dead
 :31:22.440 --> 00:31:24.179
 we need a new TV
 :31:24.179 --> 00:31:26.159
 uh my phone stopped working I need a new
 :31:26.159 --> 00:31:28.919
 phone and so we're throwing all of these
 :31:28.919 --> 00:31:30.899
 devices that are perfectly serviceable
 :31:30.899 --> 00:31:32.279
 if we could just
 :31:32.279 --> 00:31:36.059
 update the software into landfill
 :31:36.059 --> 00:31:38.760
 and companies are often deliberately not
 :31:38.760 --> 00:31:41.640
 updating their old devices to get us to
 :31:41.640 --> 00:31:44.520
 buy new devices when the old devices
 :31:44.520 --> 00:31:46.860
 work great we just don't have any right
 :31:46.860 --> 00:31:48.720
 to replace the software that came on
 :31:48.720 --> 00:31:50.399
 them but
 :31:50.399 --> 00:31:53.159
 the trick is that for the vast majority
 :31:53.159 --> 00:31:55.380
 of these devices we actually do have a
 :31:55.380 --> 00:31:57.360
 right we just don't know about it and we
 :31:57.360 --> 00:31:59.880
 just don't exercise it
 :31:59.880 --> 00:32:02.399
 now it can be different this is a
 :32:02.399 --> 00:32:05.220
 picture of a um of a router because
 :32:05.220 --> 00:32:07.980
 there's a project called open wrt and
 :32:07.980 --> 00:32:10.799
 that project was a result it's a it's a
 :32:10.799 --> 00:32:12.240
 free and open source software project
 :32:12.240 --> 00:32:14.220
 and that project came out of oh open
 :32:14.220 --> 00:32:15.659
 writ people
 :32:15.659 --> 00:32:16.799
 um fans
 :32:16.799 --> 00:32:22.200
 um so uh that that project came out of a
 :32:22.200 --> 00:32:23.159
 um
 :32:23.159 --> 00:32:26.700
 uh a lawsuit seeking the source code and
 :32:26.700 --> 00:32:28.740
 when the source code it was it was a
 :32:28.740 --> 00:32:30.360
 product of a settle of a settlement and
 :32:30.360 --> 00:32:33.059
 when the source code came out a whole
 :32:33.059 --> 00:32:33.899
 product
 :32:33.899 --> 00:32:37.140
 uh was born and now loads and loads of
 :32:37.140 --> 00:32:38.580
 people can replace the software on their
 :32:38.580 --> 00:32:39.899
 routers and there's a really Vibrant
 :32:39.899 --> 00:32:42.059
 Community and in fact it's been good for
 :32:42.059 --> 00:32:44.460
 some router manufacturers to make sure
 :32:44.460 --> 00:32:48.360
 that their routers are are able to have
 :32:48.360 --> 00:32:50.940
 uh are compatible with open wrt because
 :32:50.940 --> 00:32:52.620
 people seek it out and so there's a
 :32:52.620 --> 00:32:54.179
 there's a business case for it in
 :32:54.179 --> 00:32:56.100
 addition and there are other projects
 :32:56.100 --> 00:32:58.140
 like this um open wrt is a software
 :32:58.140 --> 00:32:59.760
 Freedom Conservancy member project so I
 :32:59.760 --> 00:33:01.320
 had to highlight them but there are
 :33:01.320 --> 00:33:03.059
 other projects as well that are like
 :33:03.059 --> 00:33:04.020
 this
 :33:04.020 --> 00:33:04.980
 um
 :33:04.980 --> 00:33:08.640
 so it's you know it's it we don't
 :33:08.640 --> 00:33:11.940
 necessarily have to just rely on the
 :33:11.940 --> 00:33:13.919
 device manufacturers to be the source of
 :33:13.919 --> 00:33:16.080
 the software that runs on them raise
 :33:16.080 --> 00:33:17.340
 your hand if you've replaced the
 :33:17.340 --> 00:33:19.500
 software on a device with a free and
 :33:19.500 --> 00:33:21.720
 open source software operating system or
 :33:21.720 --> 00:33:23.820
 software of any kind yeah it's like a
 :33:23.820 --> 00:33:25.440
 third of the uh like a quarter or a
 :33:25.440 --> 00:33:27.059
 third of the audience which is really
 :33:27.059 --> 00:33:28.380
 exciting
 :33:28.380 --> 00:33:31.140
 um and it's so exciting and Powerful to
 :33:31.140 --> 00:33:32.760
 do that because
 :33:32.760 --> 00:33:37.140
 well it changes everything often at the
 :33:37.140 --> 00:33:39.419
 point where you're in now you're trading
 :33:39.419 --> 00:33:41.399
 off some features you might not be able
 :33:41.399 --> 00:33:42.840
 to do everything that you could do
 :33:42.840 --> 00:33:45.539
 before but you get to decide what
 :33:45.539 --> 00:33:47.159
 software you put on it you get to decide
 :33:47.159 --> 00:33:48.179
 if you're going to put some of the
 :33:48.179 --> 00:33:50.640
 proprietary stuff on it or you decide if
 :33:50.640 --> 00:33:51.960
 you're going to keep you know try to
 :33:51.960 --> 00:33:53.940
 make as much free and open as you
 :33:53.940 --> 00:33:56.820
 possibly can and you decide when and how
 :33:56.820 --> 00:33:58.500
 it gets updated some of these projects
 :33:58.500 --> 00:34:00.120
 automatically update and that's really
 :34:00.120 --> 00:34:03.299
 wonderful for security updates
 :34:03.299 --> 00:34:06.299
 um now I I wanted to talk a go back to
 :34:06.299 --> 00:34:08.940
 my medical device situation a little bit
 :34:08.940 --> 00:34:10.320
 um this is a picture of me it's an old
 :34:10.320 --> 00:34:13.020
 picture of me getting my old device
 :34:13.020 --> 00:34:15.000
 interrogated
 :34:15.000 --> 00:34:17.639
 um and uh and interrogated is basically
 :34:17.639 --> 00:34:19.679
 the word they use which is actually it
 :34:19.679 --> 00:34:22.379
 sounds very like old spy movie like I'm
 :34:22.379 --> 00:34:25.080
 going to interrogate your device but um
 :34:25.080 --> 00:34:27.599
 it it just means that it's the reading
 :34:27.599 --> 00:34:29.639
 of the device by a piece of equipment
 :34:29.639 --> 00:34:32.460
 called a programmer the terminology is
 :34:32.460 --> 00:34:34.619
 so confusing but uh but the device that
 :34:34.619 --> 00:34:37.080
 reads it is called a programmer and the
 :34:37.080 --> 00:34:39.599
 programmer gets the information those
 :34:39.599 --> 00:34:41.580
 are have shown to be totally insecure
 :34:41.580 --> 00:34:44.040
 also where people have sold programmers
 :34:44.040 --> 00:34:46.080
 to the like into the market from
 :34:46.080 --> 00:34:48.659
 hospitals that had thousands of patients
 :34:48.659 --> 00:34:53.159
 data on them um fascinating stuff but in
 :34:53.159 --> 00:34:54.659
 in this instance
 :34:54.659 --> 00:34:57.180
 um I wanted to highlight the fact that
 :34:57.180 --> 00:35:00.240
 um that my medical saga continues and
 :35:00.240 --> 00:35:02.580
 that every time that I have something
 :35:02.580 --> 00:35:04.560
 new in my life I realize there are a
 :35:04.560 --> 00:35:06.119
 whole aspects of this that need to be
 :35:06.119 --> 00:35:09.560
 explored so this week before I came here
 :35:09.560 --> 00:35:12.240
 I realized that I needed to find out
 :35:12.240 --> 00:35:13.440
 something urgently about my
 :35:13.440 --> 00:35:14.839
 defibrillator
 :35:14.839 --> 00:35:16.859
 and so I needed to get my device
 :35:16.859 --> 00:35:19.740
 interrogated but when I got my device
 :35:19.740 --> 00:35:22.500
 replaced the last time which is right
 :35:22.500 --> 00:35:25.440
 when this picture was taken I was really
 :35:25.440 --> 00:35:27.839
 concerned with the possibility that my
 :35:27.839 --> 00:35:29.820
 device would be maliciously hacked I
 :35:29.820 --> 00:35:33.000
 told you about my work on outreachy
 :35:33.000 --> 00:35:35.400
 a lot of people don't like work on
 :35:35.400 --> 00:35:39.420
 diversity programs they they think that
 :35:39.420 --> 00:35:43.140
 they are misguided and despite the fact
 :35:43.140 --> 00:35:47.300
 that that the
 :35:47.300 --> 00:35:51.839
 studies show the impact that um that
 :35:51.839 --> 00:35:53.940
 underrepresentation has in the field and
 :35:53.940 --> 00:35:56.640
 despite the fact that the tech industry
 :35:56.640 --> 00:36:00.240
 is very obviously misrepresented
 :36:00.240 --> 00:36:03.420
 um the people are it's a very polarizing
 :36:03.420 --> 00:36:05.820
 issue and so I I've actually had a lot
 :36:05.820 --> 00:36:07.980
 of threats related to my work on this
 :36:07.980 --> 00:36:12.480
 including rape and death threat
 :36:12.480 --> 00:36:14.040
 um and I'd like to not think about it
 :36:14.040 --> 00:36:18.300
 too often but in getting a new device I
 :36:18.300 --> 00:36:21.359
 um I did not want these my device to do
 :36:21.359 --> 00:36:23.880
 what all of these devices do which is to
 :36:23.880 --> 00:36:26.900
 broadcast incessantly all of the time
 :36:26.900 --> 00:36:29.460
 and previously without very good
 :36:29.460 --> 00:36:32.280
 encryption especially earlier on and so
 :36:32.280 --> 00:36:35.339
 we're security protection and so I got
 :36:35.339 --> 00:36:38.339
 the one device that was available in the
 :36:38.339 --> 00:36:41.520
 U.S market where you could switch off
 :36:41.520 --> 00:36:43.680
 the remote Telemetry the broadcasting
 :36:43.680 --> 00:36:45.480
 component I got the only one device I
 :36:45.480 --> 00:36:47.520
 called all the device manufacturers I
 :36:47.520 --> 00:36:49.380
 had a great nurse practitioner who
 :36:49.380 --> 00:36:51.240
 helped me out she and I sat in a
 :36:51.240 --> 00:36:52.500
 conference room and we called all of the
 :36:52.500 --> 00:36:55.079
 device manufacturers biotronic was the
 :36:55.079 --> 00:36:57.599
 most hilarious because they said oh you
 :36:57.599 --> 00:36:59.280
 don't have to worry about ours our
 :36:59.280 --> 00:37:02.040
 device is hack proof and I was like
 :37:02.040 --> 00:37:04.320
 really biochronic why do you think that
 :37:04.320 --> 00:37:06.839
 you're hack proof oh because
 :37:06.839 --> 00:37:08.579
 Medtronic has been shown to be
 :37:08.579 --> 00:37:11.339
 vulnerable and uh Saint Jude has been
 :37:11.339 --> 00:37:13.320
 shown to be you know uh guidance has
 :37:13.320 --> 00:37:15.119
 been shown to be vulnerable but we've
 :37:15.119 --> 00:37:16.079
 never I was like well that's because
 :37:16.079 --> 00:37:18.180
 you're the fourth size and when people
 :37:18.180 --> 00:37:20.880
 are showing the vulnerability of these
 :37:20.880 --> 00:37:22.200
 devices they're not going to go with the
 :37:22.200 --> 00:37:23.460
 fourth most popular they're going to go
 :37:23.460 --> 00:37:25.440
 with the most popular could you send me
 :37:25.440 --> 00:37:28.020
 some devices and I'll I'll get some
 :37:28.020 --> 00:37:29.760
 volunteers and we'll test it I'm still
 :37:29.760 --> 00:37:31.380
 waiting
 :37:31.380 --> 00:37:33.540
 um but uh but I didn't get a biotronic
 :37:33.540 --> 00:37:35.579
 device I got a device manufacturer that
 :37:35.579 --> 00:37:37.680
 that I could switch off the radio
 :37:37.680 --> 00:37:39.839
 telemetry so my device is not
 :37:39.839 --> 00:37:41.640
 broadcasting which means that I can't
 :37:41.640 --> 00:37:44.579
 use like um uh like they have a lot of
 :37:44.579 --> 00:37:45.960
 black boxes that people can have in
 :37:45.960 --> 00:37:47.700
 their homes that will monitor their
 :37:47.700 --> 00:37:49.020
 devices
 :37:49.020 --> 00:37:50.820
 um but it also means that when I got
 :37:50.820 --> 00:37:53.280
 this device that company is a very large
 :37:53.280 --> 00:37:55.079
 European company with a very small
 :37:55.079 --> 00:37:56.760
 presence in the United States but they
 :37:56.760 --> 00:37:58.320
 were very present in the United States
 :37:58.320 --> 00:38:00.359
 when I got my device
 :38:00.359 --> 00:38:02.160
 um and it was great because it's a very
 :38:02.160 --> 00:38:05.400
 high quality device and when I got it uh
 :38:05.400 --> 00:38:07.980
 I got it years ago and it still has
 :38:07.980 --> 00:38:10.460
 enough battery life for 10 to 15 years
 :38:10.460 --> 00:38:13.500
 which is a very long time and it's very
 :38:13.500 --> 00:38:15.359
 exciting because it means I won't need
 :38:15.359 --> 00:38:17.760
 surgery for that period of time so that
 :38:17.760 --> 00:38:20.880
 would be just wonderful however when I
 :38:20.880 --> 00:38:23.040
 needed to get my device interrogated I
 :38:23.040 --> 00:38:26.119
 found out that the device
 :38:26.119 --> 00:38:29.400
 manufacturer representative who is the
 :38:29.400 --> 00:38:33.119
 one who has this programmer in New York
 :38:33.119 --> 00:38:35.220
 had gone out of the country
 :38:35.220 --> 00:38:38.880
 and guess what there was no backup rep
 :38:38.880 --> 00:38:41.280
 no one there was literally nowhere I
 :38:41.280 --> 00:38:43.740
 could go in New York City some hospitals
 :38:43.740 --> 00:38:45.300
 have the devices but none of them were
 :38:45.300 --> 00:38:47.400
 available for me to go to
 :38:47.400 --> 00:38:50.099
 I could not get the information off of
 :38:50.099 --> 00:38:53.160
 my defibrillator I just was out of luck
 :38:53.160 --> 00:38:55.440
 and I was just suddenly put in that same
 :38:55.440 --> 00:38:57.900
 position as those Vision patients I
 :38:57.900 --> 00:38:59.520
 could really feel I mean it's very
 :38:59.520 --> 00:39:01.200
 different situation I'm still functional
 :39:01.200 --> 00:39:04.680
 it's a or I mean I still my heart is
 :39:04.680 --> 00:39:06.900
 still is not completely reliant on this
 :39:06.900 --> 00:39:09.300
 defibrillator it's preventative but I I
 :39:09.300 --> 00:39:12.060
 could unders I could taste that how how
 :39:12.060 --> 00:39:15.420
 hard that is and the realization that I
 :39:15.420 --> 00:39:18.780
 may need to get surgery to replace a
 :39:18.780 --> 00:39:20.760
 perfectly functional device simply
 :39:20.760 --> 00:39:23.160
 because this manufacturer has decreased
 :39:23.160 --> 00:39:24.960
 their presence what good is a
 :39:24.960 --> 00:39:28.320
 defibrillator if if it can't be if you
 :39:28.320 --> 00:39:29.760
 can't get the information you need when
 :39:29.760 --> 00:39:32.339
 you need it it's not um it's not all
 :39:32.339 --> 00:39:33.720
 Bleak it's really fascinating there's
 :39:33.720 --> 00:39:35.040
 some really excellent work that's been
 :39:35.040 --> 00:39:36.980
 happening in the insulin pump space
 :39:36.980 --> 00:39:40.680
 where people have actually exploited old
 :39:40.680 --> 00:39:42.960
 insulin pumps and the fact that they
 :39:42.960 --> 00:39:45.300
 have a security vulnerability and they
 :39:45.300 --> 00:39:47.880
 use it to create another device that
 :39:47.880 --> 00:39:50.099
 talks to their insulin pump to deliver
 :39:50.099 --> 00:39:52.740
 insulin in a much more precise Way open
 :39:52.740 --> 00:39:55.079
 API yes and it's a really amazing
 :39:55.079 --> 00:39:58.760
 movement and so I want to like you know
 :39:58.760 --> 00:40:01.140
 amazing things happen when you let
 :40:01.140 --> 00:40:03.240
 patients actually take control of their
 :40:03.240 --> 00:40:05.700
 devices the stories in the insulin Pub
 :40:05.700 --> 00:40:09.000
 space are amazing because there are kids
 :40:09.000 --> 00:40:11.460
 that have insulin pumps whose parents
 :40:11.460 --> 00:40:13.859
 are Technical and are able to precisely
 :40:13.859 --> 00:40:16.560
 monitor their insulin delivery one story
 :40:16.560 --> 00:40:20.760
 that I heard was a kid who uh who had
 :40:20.760 --> 00:40:23.400
 gone to the nurse's office at school
 :40:23.400 --> 00:40:25.980
 almost every day for a whole Academic
 :40:25.980 --> 00:40:29.460
 Year and then after using this was only
 :40:29.460 --> 00:40:31.680
 in the nurse's office like three or four
 :40:31.680 --> 00:40:34.680
 times it's the amazing stuff and it this
 :40:34.680 --> 00:40:36.480
 is life life changing right and this is
 :40:36.480 --> 00:40:38.339
 what happens when we allow patients to
 :40:38.339 --> 00:40:40.619
 engage in their care and allow people to
 :40:40.619 --> 00:40:42.780
 control their technology and as I said
 :40:42.780 --> 00:40:44.400
 it's not just medical devices medical
 :40:44.400 --> 00:40:46.560
 devices are poignant but we have all of
 :40:46.560 --> 00:40:49.200
 these ways that we can take control of
 :40:49.200 --> 00:40:50.339
 our technology if we have the
 :40:50.339 --> 00:40:52.980
 opportunity we can get together and we
 :40:52.980 --> 00:40:56.220
 can form the um the organizations that
 :40:56.220 --> 00:40:58.500
 can do this work we don't have to rely
 :40:58.500 --> 00:41:00.839
 on these particular companies who like
 :41:00.839 --> 00:41:03.060
 my medical medical device manufacturer
 :41:03.060 --> 00:41:06.480
 may just not be tuned into are concern
 :41:06.480 --> 00:41:08.880
 we may be in a part of the world where
 :41:08.880 --> 00:41:10.500
 that company doesn't really have an
 :41:10.500 --> 00:41:12.599
 interest or doesn't have expertise
 :41:12.599 --> 00:41:15.180
 we may that company may not have a very
 :41:15.180 --> 00:41:18.119
 diverse team the um if you've heard the
 :41:18.119 --> 00:41:19.680
 an amazing
 :41:19.680 --> 00:41:23.579
 um there's an amazing uh story about the
 :41:23.579 --> 00:41:25.079
 that was all over Twitter a few years
 :41:25.079 --> 00:41:27.540
 ago of a um
 :41:27.540 --> 00:41:29.220
 soap soap dispensers and there are
 :41:29.220 --> 00:41:30.420
 actually multiple brands of soap
 :41:30.420 --> 00:41:32.940
 dispensers where if someone with light
 :41:32.940 --> 00:41:34.920
 skin puts their hand under the soap
 :41:34.920 --> 00:41:37.920
 dispenser it works great but if someone
 :41:37.920 --> 00:41:40.140
 with dark skin puts their hand under the
 :41:40.140 --> 00:41:41.880
 same soap dispenser nothing happens
 :41:41.880 --> 00:41:43.680
 because they were relied on light
 :41:43.680 --> 00:41:45.900
 reflection in order to determine whether
 :41:45.900 --> 00:41:48.260
 to dispense soap and they're just
 :41:48.260 --> 00:41:50.700
 obviously it was known with dark skin on
 :41:50.700 --> 00:41:52.740
 that testing team otherwise they would
 :41:52.740 --> 00:41:55.740
 have known right so we need to make sure
 :41:55.740 --> 00:41:57.900
 that we are engaged with the creation of
 :41:57.900 --> 00:41:59.520
 our technology that our technology has
 :41:59.520 --> 00:42:01.200
 created diversely and that we don't
 :42:01.200 --> 00:42:03.599
 leave it up to these companies who are
 :42:03.599 --> 00:42:06.240
 only interested in their profit margins
 :42:06.240 --> 00:42:07.859
 you know like
 :42:07.859 --> 00:42:09.359
 they don't want disasters to happen
 :42:09.359 --> 00:42:10.920
 because their profit margins are often
 :42:10.920 --> 00:42:13.740
 aligned with public health but their
 :42:13.740 --> 00:42:18.119
 goal is their profits so what can you do
 :42:18.119 --> 00:42:21.300
 first of all please you're here so I
 :42:21.300 --> 00:42:22.560
 think you're probably doing this already
 :42:22.560 --> 00:42:24.780
 but have a dialogue about the big
 :42:24.780 --> 00:42:26.880
 solutions that are possible I am
 :42:26.880 --> 00:42:30.359
 astounded still as an American that gdpr
 :42:30.359 --> 00:42:34.079
 happened and filled with gratitude for
 :42:34.079 --> 00:42:35.820
 the protection that it is spilled over
 :42:35.820 --> 00:42:38.280
 to the United States and if you would
 :42:38.280 --> 00:42:40.320
 ask many people prior to it we would
 :42:40.320 --> 00:42:43.020
 have said it was not possible there is a
 :42:43.020 --> 00:42:45.240
 possibility for Mass reform if we look
 :42:45.240 --> 00:42:48.300
 in every selection every way right if we
 :42:48.300 --> 00:42:50.160
 look towards advocating for better
 :42:50.160 --> 00:42:54.300
 legislation requiring the publication of
 :42:54.300 --> 00:42:57.000
 of source code and giving users rights
 :42:57.000 --> 00:42:59.460
 we can talk about making sure that we as
 :42:59.460 --> 00:43:02.460
 consumers buy copy left of products we
 :43:02.460 --> 00:43:05.400
 can talk about how we can we can create
 :43:05.400 --> 00:43:08.400
 solutions that we can rely on and none
 :43:08.400 --> 00:43:10.740
 of the solutions that will move us to a
 :43:10.740 --> 00:43:12.599
 world with software Freedom will happen
 :43:12.599 --> 00:43:15.420
 overnight none of them are easy they are
 :43:15.420 --> 00:43:17.460
 all hard I was talking to somebody about
 :43:17.460 --> 00:43:21.240
 this recently and I I said ah yes it's
 :43:21.240 --> 00:43:23.280
 like trying to ask everyone to give up
 :43:23.280 --> 00:43:25.859
 Amazon how do we do that now right none
 :43:25.859 --> 00:43:28.380
 of these things are easy but they are
 :43:28.380 --> 00:43:29.940
 important and they are Broad and
 :43:29.940 --> 00:43:31.319
 sweeping and they are only going to
 :43:31.319 --> 00:43:33.960
 happen with coordinated dialogue
 :43:33.960 --> 00:43:36.960
 you everyone here in this room and
 :43:36.960 --> 00:43:40.740
 listening on the live stream you are the
 :43:40.740 --> 00:43:44.160
 tech savvy population you are the top
 :43:44.160 --> 00:43:47.160
 knowledgeable people it is time for all
 :43:47.160 --> 00:43:49.740
 of us technologists to stop relying on
 :43:49.740 --> 00:43:52.619
 big tech for our Solutions I was in a
 :43:52.619 --> 00:43:54.619
 meeting with some of the most
 :43:54.619 --> 00:43:58.079
 influential Tech rights organizations in
 :43:58.079 --> 00:44:00.060
 the world and they are advocating
 :44:00.060 --> 00:44:02.760
 against Google by using Google Docs and
 :44:02.760 --> 00:44:06.420
 Google infrastructure we are using all
 :44:06.420 --> 00:44:07.740
 of these solutions that big tech
 :44:07.740 --> 00:44:09.420
 provides us because they are convenient
 :44:09.420 --> 00:44:11.099
 but they are not in our long-term
 :44:11.099 --> 00:44:13.260
 interests and we have Alternatives that
 :44:13.260 --> 00:44:15.540
 are ready now if you want to collaborate
 :44:15.540 --> 00:44:17.460
 on a document we at software Freedom
 :44:17.460 --> 00:44:19.020
 Conservancy maintain an ether pad which
 :44:19.020 --> 00:44:20.700
 etherpad is also a software Freedom
 :44:20.700 --> 00:44:23.339
 Conservancy member project you can use
 :44:23.339 --> 00:44:27.380
 video chat using uh jitsi this is the
 :44:27.380 --> 00:44:29.400
 meat.jit.c is the link
 :44:29.400 --> 00:44:31.079
 um I really have to give a plug for a
 :44:31.079 --> 00:44:32.339
 big blue button because it's designed
 :44:32.339 --> 00:44:34.680
 for academic use and I think you should
 :44:34.680 --> 00:44:37.920
 all join the charge to get this
 :44:37.920 --> 00:44:40.079
 University to switch to big blue button
 :44:40.079 --> 00:44:42.720
 it is perfect for that solution I have
 :44:42.720 --> 00:44:44.460
 loved teaching classes on it and I think
 :44:44.460 --> 00:44:46.940
 it works great and it's very stable
 :44:46.940 --> 00:44:48.720
 and then
 :44:48.720 --> 00:44:50.760
 go ahead and if you have old devices
 :44:50.760 --> 00:44:52.619
 just play and put an alternate
 :44:52.619 --> 00:44:54.660
 Distribution on it as many of you have
 :44:54.660 --> 00:44:56.460
 if you have a phone try putting lineage
 :44:56.460 --> 00:44:58.740
 or something else on it if you've got a
 :44:58.740 --> 00:45:00.540
 laptop if you're just trying it out for
 :45:00.540 --> 00:45:02.760
 the first time Ubuntu or Debian is
 :45:02.760 --> 00:45:04.500
 really really great and you can save old
 :45:04.500 --> 00:45:06.599
 equipment from going into landfills and
 :45:06.599 --> 00:45:08.940
 make them perfectly useful if more
 :45:08.940 --> 00:45:11.280
 people use it we have this like amazing
 :45:11.280 --> 00:45:14.880
 spiraling situation where we don't have
 :45:14.880 --> 00:45:16.740
 the buy-in for a software Freedom
 :45:16.740 --> 00:45:18.599
 Solutions and so those Solutions
 :45:18.599 --> 00:45:21.780
 continue to degrade and they get a
 :45:21.780 --> 00:45:23.099
 little bit worse and a little bit worse
 :45:23.099 --> 00:45:25.319
 over time because people say oh it's
 :45:25.319 --> 00:45:27.540
 just so convenient I'm going to use you
 :45:27.540 --> 00:45:29.220
 know I'm gonna I'm gonna use the the
 :45:29.220 --> 00:45:31.440
 Apple product or I'm going to use um you
 :45:31.440 --> 00:45:34.920
 know the the Google suite and over time
 :45:34.920 --> 00:45:37.920
 we're just making more of that happen so
 :45:37.920 --> 00:45:40.859
 we have to we have to buy into it the
 :45:40.859 --> 00:45:42.420
 other thing I have to ask each and every
 :45:42.420 --> 00:45:44.579
 one of you to do
 :45:44.579 --> 00:45:47.160
 when you buy something if you see a
 :45:47.160 --> 00:45:49.560
 license notice in it that says you have
 :45:49.560 --> 00:45:50.819
 rights with respect to some of the
 :45:50.819 --> 00:45:52.680
 software in this device and you get the
 :45:52.680 --> 00:45:55.800
 manual that has the licenses in it if it
 :45:55.800 --> 00:45:57.180
 says
 :45:57.180 --> 00:45:59.880
 if it says ask for the source code by
 :45:59.880 --> 00:46:02.940
 emailing this address please do it ask
 :46:02.940 --> 00:46:05.520
 for it because right now only people who
 :46:05.520 --> 00:46:07.500
 are really interested in modifying their
 :46:07.500 --> 00:46:09.660
 software in a very intent way will ask
 :46:09.660 --> 00:46:11.520
 and then companies it's very easy for
 :46:11.520 --> 00:46:13.680
 them to ignore it even though the people
 :46:13.680 --> 00:46:15.599
 who are asking are the ones who are
 :46:15.599 --> 00:46:16.740
 going to make software that everyone
 :46:16.740 --> 00:46:18.540
 else is going to use
 :46:18.540 --> 00:46:20.460
 because only one person or a few people
 :46:20.460 --> 00:46:22.319
 a handful of people asks the company
 :46:22.319 --> 00:46:23.819
 thinks nobody cares and they're not
 :46:23.819 --> 00:46:25.560
 taking it seriously and that's one of
 :46:25.560 --> 00:46:26.579
 the things that we see over and over
 :46:26.579 --> 00:46:29.760
 again until uh we contact them being the
 :46:29.760 --> 00:46:30.960
 software Freedom conservancy and they
 :46:30.960 --> 00:46:32.520
 get nervous that we might take action if
 :46:32.520 --> 00:46:34.800
 they don't listen to us nothing nothing
 :46:34.800 --> 00:46:36.540
 happens and the reason why we file that
 :46:36.540 --> 00:46:39.420
 consumer rights suit was basically so
 :46:39.420 --> 00:46:41.400
 that anyone who asked for the source
 :46:41.400 --> 00:46:43.740
 code will be taken seriously
 :46:43.740 --> 00:46:45.839
 um and then please support and engage in
 :46:45.839 --> 00:46:47.339
 the organizations that are trying to
 :46:47.339 --> 00:46:49.500
 make these changes possible
 :46:49.500 --> 00:46:51.599
 um there's Ulysses on this you know
 :46:51.599 --> 00:46:54.480
 that's active here and I understand they
 :46:54.480 --> 00:46:56.819
 have a like an open source job fair that
 :46:56.819 --> 00:46:58.740
 happens in this very building
 :46:58.740 --> 00:47:00.119
 um like engage in these local
 :47:00.119 --> 00:47:01.560
 organizations because this is how we're
 :47:01.560 --> 00:47:02.940
 going to build the infrastructure that
 :47:02.940 --> 00:47:05.220
 will make a change it's funny because
 :47:05.220 --> 00:47:08.339
 when I was a student there was software
 :47:08.339 --> 00:47:10.339
 Freedom like you could easily replace
 :47:10.339 --> 00:47:12.599
 your the software on any of your devices
 :47:12.599 --> 00:47:15.359
 and it was super easy you had a fully
 :47:15.359 --> 00:47:17.099
 free device that you had complete
 :47:17.099 --> 00:47:18.300
 control over
 :47:18.300 --> 00:47:20.339
 um but it was it was it was kind of hard
 :47:20.339 --> 00:47:21.900
 to do and it was kind of a niche thing
 :47:21.900 --> 00:47:24.960
 and now free and open source software is
 :47:24.960 --> 00:47:27.540
 everywhere and in everything but we
 :47:27.540 --> 00:47:29.160
 actually have far less software freedom
 :47:29.160 --> 00:47:31.079
 than we ever had before because we can't
 :47:31.079 --> 00:47:33.300
 do anything with any of our devices it's
 :47:33.300 --> 00:47:34.859
 the lower layers that are free and open
 :47:34.859 --> 00:47:36.119
 and the only way we're going to change
 :47:36.119 --> 00:47:38.220
 that is by banding together and
 :47:38.220 --> 00:47:40.319
 supporting these organizations so I
 :47:40.319 --> 00:47:41.520
 think I've gone a little bit long but I
 :47:41.520 --> 00:47:44.160
 think we have time for questions
 :47:44.160 --> 00:47:46.980
 um great so thank you so much and I
 :47:46.980 --> 00:47:49.560
 would love to hear your questions please
 :47:49.560 --> 00:47:52.140
 are you moderating the questions
 :47:52.140 --> 00:47:59.780
 okay thank you
 :47:59.780 --> 00:48:04.079
 no you might have to just come here
 :48:04.079 --> 00:48:07.200
 let's open something it's collaborative
 :48:07.200 --> 00:48:09.839
 collaborative okay I don't have a
 :48:09.839 --> 00:48:12.599
 microphone so if you would like to ask a
 :48:12.599 --> 00:48:13.980
 question please
 :48:13.980 --> 00:48:15.300
 um
 :48:15.300 --> 00:48:17.660
 speak very loudly
 :48:17.660 --> 00:48:21.540
 yes floor is open there please go ahead
 :48:21.540 --> 00:48:28.940
 Shout
 :48:28.940 --> 00:48:41.400
 your Hardware security researcher
 :48:41.400 --> 00:48:42.839
 yes
 :48:42.839 --> 00:48:45.420
 please all Hardware security researchers
 :48:45.420 --> 00:48:49.760
 please email compliance at
 :48:49.760 --> 00:48:52.079
 sfconservancy.org we have a lot of work
 :48:52.079 --> 00:48:54.599
 that we would love for you to do
 :48:54.599 --> 00:48:56.880
 um yeah there's I mean there's there's
 :48:56.880 --> 00:48:59.700
 so much there's so much and um you know
 :48:59.700 --> 00:49:02.220
 we are we are a tiny organization we
 :49:02.220 --> 00:49:05.099
 have uh six people on staff
 :49:05.099 --> 00:49:06.540
 um and we run our internship program
 :49:06.540 --> 00:49:10.079
 that has 130 people every year we have
 :49:10.079 --> 00:49:13.020
 our 50 member projects that are building
 :49:13.020 --> 00:49:15.300
 Alternatives and we're we do the
 :49:15.300 --> 00:49:17.339
 lawsuits and protect copy left and we do
 :49:17.339 --> 00:49:19.079
 all that with a really small staff and
 :49:19.079 --> 00:49:20.819
 we rely on a lot of volunteers and
 :49:20.819 --> 00:49:22.859
 that's really important because we're
 :49:22.859 --> 00:49:25.440
 funded by the public primarily and
 :49:25.440 --> 00:49:28.079
 grants and um and and a huge amount of
 :49:28.079 --> 00:49:29.700
 our work is done by volunteers and
 :49:29.700 --> 00:49:31.980
 that's important not just because
 :49:31.980 --> 00:49:34.020
 um it gets the work done but it's also
 :49:34.020 --> 00:49:35.579
 because it shows us that this work is
 :49:35.579 --> 00:49:38.220
 important it's not enough that I think
 :49:38.220 --> 00:49:41.460
 it's important it's it it has to be that
 :49:41.460 --> 00:49:43.560
 we as a community think that this is
 :49:43.560 --> 00:49:45.000
 important and can work together so I'd
 :49:45.000 --> 00:49:49.619
 love to talk to you about that
 :49:49.619 --> 00:49:52.200
 someone else question
 :49:52.200 --> 00:50:00.540
 of time these
 :50:00.540 --> 00:50:03.839
 how
 :50:03.839 --> 00:50:05.819
 how can company
 :50:05.819 --> 00:50:07.319
 thank you how can companies be
 :50:07.319 --> 00:50:09.599
 incentivized to um to publish their
 :50:09.599 --> 00:50:10.920
 source code
 :50:10.920 --> 00:50:13.680
 um and how can we get them to do it
 :50:13.680 --> 00:50:15.300
 um you know on their own and I've been
 :50:15.300 --> 00:50:18.060
 wondering this for forever I thought I
 :50:18.060 --> 00:50:19.740
 you know honestly I was so naive when I
 :50:19.740 --> 00:50:21.359
 started this work I really thought that
 :50:21.359 --> 00:50:24.180
 this is one of those areas where the
 :50:24.180 --> 00:50:26.880
 corporate interests and the public good
 :50:26.880 --> 00:50:29.220
 were aligned I really thought that the
 :50:29.220 --> 00:50:32.119
 business case for open source
 :50:32.119 --> 00:50:36.119
 would carry the day and that in fact and
 :50:36.119 --> 00:50:38.880
 I think I think that The Originators of
 :50:38.880 --> 00:50:41.700
 the software Freedom ideology also
 :50:41.700 --> 00:50:43.740
 thought that and so many of the early
 :50:43.740 --> 00:50:46.079
 developers especially for example the
 :50:46.079 --> 00:50:47.760
 Linux kernel developers and other
 :50:47.760 --> 00:50:50.099
 original projects like that that were so
 :50:50.099 --> 00:50:52.859
 ideological and so forward-thinking were
 :50:52.859 --> 00:50:55.319
 so excited when they started when their
 :50:55.319 --> 00:50:57.720
 collaboration yield amazing results and
 :50:57.720 --> 00:50:59.760
 those results started getting adopted by
 :50:59.760 --> 00:51:01.920
 technology companies they it was
 :51:01.920 --> 00:51:03.960
 suddenly like we've made this like we've
 :51:03.960 --> 00:51:06.540
 this has happened because we've created
 :51:06.540 --> 00:51:08.099
 something so useful that companies want
 :51:08.099 --> 00:51:10.559
 to use it and then companies hired all
 :51:10.559 --> 00:51:12.900
 of those people and now a very high
 :51:12.900 --> 00:51:16.200
 percentage of those developers work at
 :51:16.200 --> 00:51:18.059
 companies to work on those products and
 :51:18.059 --> 00:51:20.160
 many of them work on things that they
 :51:20.160 --> 00:51:21.480
 think are important to improve the
 :51:21.480 --> 00:51:22.800
 software and many of them are still
 :51:22.800 --> 00:51:25.140
 ideological but the idea that we could
 :51:25.140 --> 00:51:28.680
 do well by doing good was flawed because
 :51:28.680 --> 00:51:31.859
 we have put so many of our resources in
 :51:31.859 --> 00:51:36.300
 into into corporate interest into into
 :51:36.300 --> 00:51:38.220
 things that companies find either
 :51:38.220 --> 00:51:42.059
 palatable or profitable and what becomes
 :51:42.059 --> 00:51:45.420
 overlooked is our ability as a public to
 :51:45.420 --> 00:51:48.059
 do with our devices what we want to our
 :51:48.059 --> 00:51:50.040
 ability to stay free from surveillance
 :51:50.040 --> 00:51:52.500
 our ability to make sure that you know
 :51:52.500 --> 00:51:54.960
 we're not only not being spied on but
 :51:54.960 --> 00:51:58.440
 that we can use our devices not only for
 :51:58.440 --> 00:52:00.540
 their intended purpose or other purposes
 :52:00.540 --> 00:52:04.380
 right I it's currently difficult to find
 :52:04.380 --> 00:52:06.000
 a product on the market that doesn't
 :52:06.000 --> 00:52:08.400
 phone home like there are smart
 :52:08.400 --> 00:52:10.619
 toothbrushes where they're taking video
 :52:10.619 --> 00:52:12.839
 of your teeth to send back to a
 :52:12.839 --> 00:52:15.180
 centralized company and then also taking
 :52:15.180 --> 00:52:17.280
 video of everything else in your house
 :52:17.280 --> 00:52:19.800
 and these companies are trying to
 :52:19.800 --> 00:52:21.420
 collect as much information as they can
 :52:21.420 --> 00:52:23.160
 because they want to be able to Pivot
 :52:23.160 --> 00:52:24.540
 whatever business model that they can
 :52:24.540 --> 00:52:26.880
 and this is so Insidious that it's very
 :52:26.880 --> 00:52:28.680
 hard to predict what the interests will
 :52:28.680 --> 00:52:30.059
 be of those companies in the long run
 :52:30.059 --> 00:52:31.800
 and what we have found is that without
 :52:31.800 --> 00:52:35.160
 text checks and balances the free and
 :52:35.160 --> 00:52:36.839
 open source software is just exploited
 :52:36.839 --> 00:52:40.319
 and what we need is to have a public
 :52:40.319 --> 00:52:42.960
 focused component of it there we used to
 :52:42.960 --> 00:52:44.880
 people used to say
 :52:44.880 --> 00:52:46.859
 from like the old days and I know that
 :52:46.859 --> 00:52:48.839
 some of you here are have been involved
 :52:48.839 --> 00:52:50.520
 in the community for a long time and
 :52:50.520 --> 00:52:52.440
 some of you are new and haven't
 :52:52.440 --> 00:52:54.240
 experienced it a lot but in the old days
 :52:54.240 --> 00:52:56.640
 people would say free software is an
 :52:56.640 --> 00:52:59.460
 ideological movement and open source is
 :52:59.460 --> 00:53:01.680
 commercial and I used to fight so hard
 :53:01.680 --> 00:53:05.040
 to say that's not true because open
 :53:05.040 --> 00:53:07.859
 source sounds like it's just about
 :53:07.859 --> 00:53:10.800
 seeing the code but everyone would tell
 :53:10.800 --> 00:53:12.240
 you that it's not open source if you
 :53:12.240 --> 00:53:14.339
 don't have the ability to modify it and
 :53:14.339 --> 00:53:15.900
 free software it sounds like it's just
 :53:15.900 --> 00:53:17.040
 about price
 :53:17.040 --> 00:53:19.140
 but it is about rights and it's really
 :53:19.140 --> 00:53:21.119
 about the same thing if you look at the
 :53:21.119 --> 00:53:23.819
 definitions they're they effectively say
 :53:23.819 --> 00:53:26.940
 the same things in the end but what was
 :53:26.940 --> 00:53:30.599
 true about that that I missed is that is
 :53:30.599 --> 00:53:33.859
 that we can't have it all we have to
 :53:33.859 --> 00:53:36.420
 prioritize the public good we have to
 :53:36.420 --> 00:53:38.280
 prioritize our ability to take control
 :53:38.280 --> 00:53:40.380
 of our of our technology
 :53:40.380 --> 00:53:44.040
 and I don't know I I guess I'd say that
 :53:44.040 --> 00:53:46.440
 we've tried that experiment of trying to
 :53:46.440 --> 00:53:48.599
 make it interesting and exciting for
 :53:48.599 --> 00:53:50.220
 companies and what happens is they
 :53:50.220 --> 00:53:52.319
 engage only as much as they have to they
 :53:52.319 --> 00:53:53.940
 give up only as much as they absolutely
 :53:53.940 --> 00:53:56.040
 have to so the only way to incentivize
 :53:56.040 --> 00:53:58.260
 them is to legislate it so that they
 :53:58.260 --> 00:53:59.760
 must do it
 :53:59.760 --> 00:54:02.940
 or we incentivize them by every single
 :54:02.940 --> 00:54:05.640
 one of us only buys products that have
 :54:05.640 --> 00:54:07.619
 copy left it software in them and we
 :54:07.619 --> 00:54:09.300
 tell companies that we're doing it we
 :54:09.300 --> 00:54:11.040
 asked for the source code when they
 :54:11.040 --> 00:54:13.079
 don't provide it we say well I'm never
 :54:13.079 --> 00:54:14.640
 going to buy your device again
 :54:14.640 --> 00:54:16.200
 and I'm telling everybody else I'm
 :54:16.200 --> 00:54:18.300
 writing an article to my local paper I'm
 :54:18.300 --> 00:54:19.980
 going to find an alternative where I can
 :54:19.980 --> 00:54:21.180
 get the source code and I'm going to
 :54:21.180 --> 00:54:22.680
 support it I think I think it's the only
 :54:22.680 --> 00:54:25.020
 way because otherwise we're just kidding
 :54:25.020 --> 00:54:29.059
 ourselves
 :54:29.059 --> 00:54:31.500
 okay I think there's time for one more
 :54:31.500 --> 00:54:32.819
 question
 :54:32.819 --> 00:54:40.800
 please
 :54:40.800 --> 00:54:43.500
 oh this is such a great question how do
 :54:43.500 --> 00:54:45.900
 you manage the risks and liability what
 :54:45.900 --> 00:54:47.099
 if somebody working on your
 :54:47.099 --> 00:54:49.980
 defibrillator gets it wrong and the
 :54:49.980 --> 00:54:52.380
 secret answer like the real answer to
 :54:52.380 --> 00:54:55.260
 this question is that software is full
 :54:55.260 --> 00:54:57.180
 of liability because software is
 :54:57.180 --> 00:54:59.520
 vulnerable and just because something is
 :54:59.520 --> 00:55:02.819
 free and open source doesn't mean that
 :55:02.819 --> 00:55:05.579
 it is any any more vulnerable in fact
 :55:05.579 --> 00:55:07.440
 it's the opposite way around and
 :55:07.440 --> 00:55:10.319
 security researchers have found that
 :55:10.319 --> 00:55:12.180
 devices that have free and open source
 :55:12.180 --> 00:55:14.640
 software there's like a more complicated
 :55:14.640 --> 00:55:15.900
 answer to this that I'm going to skip
 :55:15.900 --> 00:55:17.819
 but uh but they call what you're talking
 :55:17.819 --> 00:55:20.460
 about security through obscurity so if
 :55:20.460 --> 00:55:22.380
 you don't publish the source code then
 :55:22.380 --> 00:55:24.720
 you're safe but in fact that's not the
 :55:24.720 --> 00:55:27.240
 only like there are many ways to you can
 :55:27.240 --> 00:55:28.800
 talk to the general in the back there
 :55:28.800 --> 00:55:32.160
 are so many ways to or I'm sorry for
 :55:32.160 --> 00:55:33.540
 generating the person in the back I
 :55:33.540 --> 00:55:35.280
 don't know why I did that I apologize uh
 :55:35.280 --> 00:55:37.319
 but um but there are so many ways that
 :55:37.319 --> 00:55:40.440
 you can that you can you can show a
 :55:40.440 --> 00:55:42.599
 device be vulnerable and exploited and
 :55:42.599 --> 00:55:45.059
 so having real Security on devices
 :55:45.059 --> 00:55:46.740
 having
 :55:46.740 --> 00:55:48.900
 um you know having encryption having
 :55:48.900 --> 00:55:51.660
 real security not this not security
 :55:51.660 --> 00:55:53.760
 theater I mean that's really where it's
 :55:53.760 --> 00:55:56.819
 at I for example I want the software on
 :55:56.819 --> 00:55:58.680
 my device to be published and available
 :55:58.680 --> 00:56:01.440
 for review but I want there to be I
 :56:01.440 --> 00:56:03.660
 don't want any I want there to be either
 :56:03.660 --> 00:56:06.000
 a password or encryption or some way
 :56:06.000 --> 00:56:07.920
 that only my device can tell and that
 :56:07.920 --> 00:56:09.540
 and that's and that's real because
 :56:09.540 --> 00:56:12.420
 previously these devices had no had none
 :56:12.420 --> 00:56:13.920
 of that before but this device the
 :56:13.920 --> 00:56:15.660
 software wasn't published and so
 :56:15.660 --> 00:56:17.579
 researchers show that you could just
 :56:17.579 --> 00:56:19.859
 cause them to shock people unnecessarily
 :56:19.859 --> 00:56:21.540
 you could get information off of those
 :56:21.540 --> 00:56:23.819
 devices so
 :56:23.819 --> 00:56:25.859
 the question is like how do we manage
 :56:25.859 --> 00:56:28.380
 our software liability and it's scary
 :56:28.380 --> 00:56:31.079
 stuff but having the software public
 :56:31.079 --> 00:56:32.819
 means that it can be reviewed and it can
 :56:32.819 --> 00:56:34.500
 be tested and yes there might be times
 :56:34.500 --> 00:56:35.819
 where
 :56:35.819 --> 00:56:37.920
 um where folks who are malicious may be
 :56:37.920 --> 00:56:40.079
 able to find an exploit by Examining The
 :56:40.079 --> 00:56:41.940
 Source Code but because there are so
 :56:41.940 --> 00:56:43.619
 many exploits available without access
 :56:43.619 --> 00:56:45.059
 to the source code
 :56:45.059 --> 00:56:47.579
 it's just one of the benefits vastly
 :56:47.579 --> 00:56:49.079
 outweigh the
 :56:49.079 --> 00:56:52.020
 um you know the risks in my in my view
 :56:52.020 --> 00:56:54.540
 and as we develop more infrastructure
 :56:54.540 --> 00:56:56.040
 around free and open source software
 :56:56.040 --> 00:56:57.180
 projects we'll find that to be the case
 :56:57.180 --> 00:56:59.099
 an example perfect example of this is
 :56:59.099 --> 00:57:00.660
 the Linux kernel which is considered to
 :57:00.660 --> 00:57:04.740
 be one of the most secure kernels and
 :57:04.740 --> 00:57:08.339
 that has been free and open for
 :57:08.339 --> 00:57:12.059
 about 30 years
 :57:12.059 --> 00:57:14.520
 oh I said well I I did we said one more
 :57:14.520 --> 00:57:16.319
 can I do more okay one more before but
 :57:16.319 --> 00:57:20.760
 yeah okay
 :57:20.760 --> 00:57:22.859
 how does right to repair ah how does
 :57:22.859 --> 00:57:24.180
 right to repair fit into the goals of
 :57:24.180 --> 00:57:25.800
 the software Freedom Conservancy if it
 :57:25.800 --> 00:57:28.859
 were not abundant yet from my talk
 :57:28.859 --> 00:57:30.960
 software freedom is the software right
 :57:30.960 --> 00:57:32.220
 to repair
 :57:32.220 --> 00:57:33.599
 so
 :57:33.599 --> 00:57:36.359
 in order to be able to repair any modern
 :57:36.359 --> 00:57:40.260
 equipment we need software Freedom you
 :57:40.260 --> 00:57:42.480
 cannot effectively repair anything
 :57:42.480 --> 00:57:45.000
 without being able to have the software
 :57:45.000 --> 00:57:47.400
 right to repair and what's cool about
 :57:47.400 --> 00:57:49.319
 copy left licensing and why I spent so
 :57:49.319 --> 00:57:52.200
 much time on the Vizio suit is that we
 :57:52.200 --> 00:57:54.180
 have a right to repair in all of these
 :57:54.180 --> 00:57:55.619
 Linux devices
 :57:55.619 --> 00:57:58.619
 I mean the Vizio TVs had I forget how
 :57:58.619 --> 00:57:59.400
 many
 :57:59.400 --> 00:58:01.260
 um different kinds of software on it I
 :58:01.260 --> 00:58:04.859
 think 22 22 copy lifted projects on it
 :58:04.859 --> 00:58:06.960
 it wasn't just the Linux kernel loads of
 :58:06.960 --> 00:58:09.359
 software that give us these rights the
 :58:09.359 --> 00:58:11.280
 rights to get complete and corresponding
 :58:11.280 --> 00:58:12.720
 source code and the scripts to control
 :58:12.720 --> 00:58:15.420
 installation so we should be able to do
 :58:15.420 --> 00:58:17.520
 something about this but we haven't been
 :58:17.520 --> 00:58:19.079
 able to yet in part because companies
 :58:19.079 --> 00:58:20.819
 just don't do the right thing they don't
 :58:20.819 --> 00:58:22.980
 they don't think about the fact that
 :58:22.980 --> 00:58:25.619
 they have to publish their source code
 :58:25.619 --> 00:58:27.839
 before they go to market then they go to
 :58:27.839 --> 00:58:30.540
 market and they scramble in general we
 :58:30.540 --> 00:58:33.059
 we've talked to loads and loads of
 :58:33.059 --> 00:58:35.099
 companies about their non-compliance and
 :58:35.099 --> 00:58:37.020
 what turns out is that often as I said
 :58:37.020 --> 00:58:38.220
 they don't even have the software
 :58:38.220 --> 00:58:40.020
 themselves because they never ask for it
 :58:40.020 --> 00:58:41.700
 from their vendors to begin with and
 :58:41.700 --> 00:58:43.140
 they didn't put if they developed it
 :58:43.140 --> 00:58:45.119
 in-house they did put the process in
 :58:45.119 --> 00:58:46.920
 place to begin with so they don't have
 :58:46.920 --> 00:58:50.339
 the infrastructure in place they don't
 :58:50.339 --> 00:58:52.559
 even employ the employees that worked on
 :58:52.559 --> 00:58:53.940
 the developers that worked on that
 :58:53.940 --> 00:58:56.579
 software back then those people have
 :58:56.579 --> 00:58:58.559
 often left the company and moved on to
 :58:58.559 --> 00:59:00.839
 other projects and so they just don't
 :59:00.839 --> 00:59:03.000
 even have the resources to be able to
 :59:03.000 --> 00:59:04.859
 find that software later which is
 :59:04.859 --> 00:59:06.240
 terrifying because it means that if
 :59:06.240 --> 00:59:07.680
 there's a problem with their products
 :59:07.680 --> 00:59:09.540
 they basically have to recall them
 :59:09.540 --> 00:59:11.220
 there's nothing left that that can be
 :59:11.220 --> 00:59:13.260
 done so in order for us to make sure
 :59:13.260 --> 00:59:15.240
 that that changes we have to be louder
 :59:15.240 --> 00:59:17.339
 about it and we have to make these
 :59:17.339 --> 00:59:18.720
 companies realize that there is
 :59:18.720 --> 00:59:20.119
 liability
 :59:20.119 --> 00:59:22.740
 for their you know for their
 :59:22.740 --> 00:59:24.359
 non-compliance because that will
 :59:24.359 --> 00:59:27.240
 incentivize them to comply
 :59:27.240 --> 00:59:35.960
 foreign
 :59:35.960 --> 00:59:40.079
 are evoking but I was told that yeah we
 :59:40.079 --> 00:59:41.819
 should close the session after one hour
 :59:41.819 --> 00:59:43.619
 maybe there are students that are still
 :59:43.619 --> 00:59:45.960
 having to do some exams I don't know
 :59:45.960 --> 00:59:48.119
 wishing them good luck in that case of
 :59:48.119 --> 00:59:51.480
 course but uh most of all I would like
 :59:51.480 --> 00:59:54.540
 you to invite you to share with me the
 :59:54.540 --> 01:00:02.339
 Applause for Aaron once more
 :00:02.339 --> 01:00:04.980
 and you know you still have to put four
 :00:04.980 --> 01:00:06.180
 more
 :00:06.180 --> 01:00:08.460
 uh in two days I think the second yeah
 :00:08.460 --> 01:00:11.579
 two days from now when you will get this
 :00:11.579 --> 01:00:14.760
 Armory uh award from our University
 :00:14.760 --> 01:00:16.980
 someone else will give it to you I would
 :00:16.980 --> 01:00:18.900
 love to do it but that's uh we
 :00:18.900 --> 01:00:23.880
 definitely
 :00:23.880 --> 01:00:25.200
 um
 :00:25.200 --> 01:00:28.380
 being here with Ken thanks so much
 :00:28.380 --> 01:00:31.380
 foreign

www/conservancy/static/docs/2023-02-02_Sandler-Karen_KU-Leuven_Honorary-Doctorate.en.txt

➞

Show inline comments

 new file 100644
 WEBVTT
 Kind: captions
 Language: en
 :00:01.560 --> 00:00:03.720
 Karen Sandler is a lawyer
 :00:03.720 --> 00:00:07.520
 and Executive Director
 of the Software Freedom Conservancy,
 :00:07.520 --> 00:00:11.720
 a non-profit organisation
 devoted to ethical technology
 :00:11.720 --> 00:00:14.840
 and free and open source software.
 :00:14.840 --> 00:00:20.480
 Karen Sandler is an adjunct lecturer
 at Colombia Law School, where she studied,
 :00:20.480 --> 00:00:21.640
 and is a visiting professor
 :00:21.640 --> 00:00:24.400
 at the University of California,
 Santa Cruz.
 :00:24.400 --> 00:00:29.280
 In addition to her law degree, she holds
 a Bachelor of Science in Engineering
 :00:29.280 --> 00:00:40.840
 from the Cooper Union
 for the Advancement of Science and Art.
 :00:40.840 --> 00:00:45.400
 Karen Sandler is an American lawyer
 and software expert
 :00:45.400 --> 00:00:49.800
 who promotes
 free and open source software.
 :00:49.800 --> 00:00:53.760
 That's software whose source code
 is freely available to consult,
 :00:53.760 --> 00:00:58.640
 adapt and disseminate.
 :00:58.640 --> 00:01:02.160
 If the coronavirus crisis
 made one thing clear,
 :01:02.160 --> 00:01:06.440
 it’s that software is fundamental
 to our society.
 :01:06.440 --> 00:01:11.120
 We really need it,
 certainly in the past few years.
 :01:11.120 --> 00:01:14.720
 That goes even more for medical software,
 :01:14.720 --> 00:01:18.240
 which gives people the opportunity
 to lead a normal life,
 :01:18.240 --> 00:01:21.640
 even if they have a certain illness
 or condition.
 :01:21.640 --> 00:01:24.240
 For example, Karen Sandler's pacemaker.
 :01:24.240 --> 00:01:26.880
 If she didn’t have one,
 she’d be at greater risk,
 :01:26.880 --> 00:01:30.640
 and she would never have been able
 to do what she's doing now.
 :01:30.640 --> 00:01:32.600
 And she's certainly not alone.
 :01:32.600 --> 00:01:37.040
 There are others in similar situations.
 :01:37.040 --> 00:01:39.840
 She had a pacemaker put in,
 :01:39.840 --> 00:01:44.200
 and when she wanted to find out
 if it was safe and secure,
 :01:44.200 --> 00:01:47.280
 she also wanted to see its source code.
 :01:47.280 --> 00:01:49.320
 Unfortunately, that wasn’t possible,
 :01:49.320 --> 00:01:58.400
 which demonstrates the importance
 of free and open source software.
 :01:58.400 --> 00:02:03.440
 If the source code for software
 is in the hands of one company,
 :02:03.440 --> 00:02:07.400
 then we're all dependent
 on that company's goodwill.
 :02:07.400 --> 00:02:10.800
 They can say of their own accord:
 we'll solve this, not that.
 :02:10.800 --> 00:02:13.680
 We have the means to do this,
 but not that.
 :02:13.680 --> 00:02:17.480
 A company can always go bankrupt,
 the source code then disappears,
 :02:17.480 --> 00:02:19.920
 and society can no longer use it.
 :02:19.920 --> 00:02:23.240
 That’s what open and free software is all about.
 :02:23.240 --> 00:02:27.440
 Anyone can access the source code,
 and everyone can disseminate it.
 :02:27.440 --> 00:02:33.640
 And that's what Karen Sandler stands for.
 :02:33.640 --> 00:02:40.560
 Karen Sandler also fights discrimination
 in the world of technology
 :02:40.560 --> 00:02:43.560
 and pushes for more inclusivity
 :02:43.560 --> 00:02:46.800
 through the programme Outreachy,
 amongst other efforts.
 :02:46.800 --> 00:02:51.600
 Outreachy organises internships
 for minorities or women,
 :02:51.600 --> 00:02:57.120
 to help them get more involved in the world
 of technology and software.
 :02:57.120 --> 00:03:01.120
 Karen Sandler inspires us, as students,
 because she is ambitious
 :03:01.120 --> 00:03:03.640
 and fights passionately for her cause.
 :03:03.640 --> 00:03:06.880
 Her personal story about the pacemaker
 :03:06.880 --> 00:03:11.160
 actually serves as a metaphor
 for all the technology and software
 :03:11.160 --> 00:03:15.560
 we rely on in modern society.
 :03:15.560 --> 00:03:19.280
 Its safety is of major importance.
 :03:19.280 --> 00:03:23.920
 It’s essential for software
 to be free and open source,
 :03:23.920 --> 00:03:27.320
 so we can check whether it's safe
 :03:27.320 --> 00:03:33.520
 and see whether there is
 any room for improvement.
 :03:33.520 --> 00:03:35.600
 For all of these reasons, Rector,
 :03:35.600 --> 00:03:38.680
 on behalf of the Academic Council,
 we request
 :03:38.680 --> 00:03:44.200
 that you grant Karen Sandler
 the KU Leuven honorary doctorate.

www/conservancy/static/docs/2023-02-02_Sandler-Karen_KU-Leuven_Honorary-Doctorate.nl.txt

➞

Show inline comments

 new file 100644
 WEBVTT
 Kind: captions
 Language: nl
 :00:01.560 --> 00:00:03.720
 Karen Sandler is advocaat
 :00:03.720 --> 00:00:07.520
 en executive director
 van de Software Freedom Conservancy,
 :00:07.520 --> 00:00:11.720
 een non-profitorganisatie
 die ijvert voor ethische technologie
 :00:11.720 --> 00:00:14.840
 en voor vrije en opensourcesoftware.
 :00:14.840 --> 00:00:18.640
 Karen Sandler is adjunct-lector
 aan Colombia Law School,
 :00:18.640 --> 00:00:20.480
 waar ze ook zelf studeerde,
 :00:20.480 --> 00:00:24.400
 en gastprofessor aan
 de University of California, Santa Cruz.
 :00:24.400 --> 00:00:29.280
 Ze behaalde naast haar rechtendiploma
 ook een Bachelor of Science in Engineering
 :00:29.280 --> 00:00:40.840
 aan de Cooper Union
 for the Advancement of Science and Art.
 :00:40.840 --> 00:00:45.400
 Karen Sandler is een Amerikaanse juriste
 en software-experte
 :00:45.400 --> 00:00:49.800
 die zich inzet
 voor vrije en opensourcesoftware.
 :00:49.800 --> 00:00:53.760
 Dat is software waarvan je de broncode
 vrij kan raadplegen,
 :00:53.760 --> 00:00:58.640
 aanpassen en verspreiden.
 :00:58.640 --> 00:01:02.160
 Als er één iets duidelijk is geworden
 door heel de coronacrisis,
 :01:02.160 --> 00:01:06.440
 is het wel dat software heel
 fundamenteel is voor onze maatschappij.
 :01:06.440 --> 00:01:11.120
 We hebben dat echt nodig,
 zeker de afgelopen paar jaren.
 :01:11.120 --> 00:01:14.720
 Dat geldt des te meer
 voor bijvoorbeeld medische software,
 :01:14.720 --> 00:01:18.240
 die mensen de kans geeft
 om een normaal leven te leiden,
 :01:18.240 --> 00:01:21.640
 ook al lijden zij aan een bepaalde ziekte,
 een bepaalde aandoening.
 :01:21.640 --> 00:01:24.240
 Bijvoorbeeld de pacemaker
 van Karen Sandler.
 :01:24.240 --> 00:01:26.880
 Als zij die niet had,
 dan was er veel meer risico voor haar
 :01:26.880 --> 00:01:30.640
 en had ze ook nooit kunnen doen
 wat ze nu allemaal aan het doen is.
 :01:30.640 --> 00:01:32.600
 En zij is zeker geen geïsoleerd geval.
 :01:32.600 --> 00:01:37.040
 Er zijn nog meer mensen
 die in zulke situaties zitten.
 :01:37.040 --> 00:01:39.840
 Zij heeft een pacemaker laten installeren
 :01:39.840 --> 00:01:44.200
 en toen zij wou nagaan
 of die wel veilig en goed was,
 :01:44.200 --> 00:01:47.280
 wou zij ook de broncode daarvan bekijken.
 :01:47.280 --> 00:01:49.320
 Helaas bleek dat niet mogelijk,
 :01:49.320 --> 00:01:58.400
 wat wel wijst op het belang van
 vrije en opensourcesoftware.
 :01:58.400 --> 00:02:03.440
 Als die software dan, die broncode
 bij één bepaald bedrijf zit,
 :02:03.440 --> 00:02:07.400
 dan hangen wij allemaal een beetje af
 van de goodwill van dat bedrijf.
 :02:07.400 --> 00:02:10.800
 Die kunnen dan eigenlijk eigenhandig
 gaan zeggen: dit lossen we op, dit niet.
 :02:10.800 --> 00:02:13.680
 Hiervoor hebben we de middelen,
 hiervoor niet.
 :02:13.680 --> 00:02:17.480
 En een bedrijf kan ook altijd failliet
 gaan en dan is die broncode weg
 :02:17.480 --> 00:02:19.920
 en hebben we daar niks meer aan
 als maatschappij.
 :02:19.920 --> 00:02:23.240
 En dat is waar open en free software
 voor staat.
 :02:23.240 --> 00:02:27.440
 Iedereen kan aan die broncode,
 iedereen kan die ook verspreiden.
 :02:27.440 --> 00:02:33.640
 Dat is ook waar Karen Sandler
 heel hard voor staat.
 :02:33.640 --> 00:02:36.800
 Karen Sandler zet zich daarnaast ook in
 :02:36.800 --> 00:02:40.560
 om discriminatie tegen te gaan
 in de technologiewereld
 :02:40.560 --> 00:02:43.560
 en voor meer inclusiviteit te zorgen.
 :02:43.560 --> 00:02:46.800
 Dat doet zij onder andere
 via het programma Outreachy
 :02:46.800 --> 00:02:51.600
 dat stages organiseert
 voor minderheden of voor vrouwen
 :02:51.600 --> 00:02:57.120
 en hen op die manier meer betrekt in
 de technologie- en in de softwarewereld.
 :02:57.120 --> 00:03:01.120
 Karen Sandler inspireert ons als studenten
 omdat zij gedreven is
 :03:01.120 --> 00:03:03.640
 en vol passie strijdt voor haar zaak.
 :03:03.640 --> 00:03:06.880
 Haar persoonlijke verhaal
 over de pacemaker
 :03:06.880 --> 00:03:11.160
 geldt eigenlijk als metafoor
 voor alle technologie en software
 :03:11.160 --> 00:03:15.560
 waar wij mee te maken krijgen
 in onze hedendaagse maatschappij.
 :03:15.560 --> 00:03:19.280
 De veiligheid daarvan is van groot belang.
 :03:19.280 --> 00:03:22.720
 Daarom is
 vrije en opensourcesoftware
 :03:22.720 --> 00:03:27.320
 erg belangrijk: om te controleren
 of die wel veilig is,
 :03:27.320 --> 00:03:33.520
 en of er geen verbeterpunten
 aangebracht kunnen worden.
 :03:33.520 --> 00:03:35.600
 Om al deze redenen, mijnheer de rector,
 :03:35.600 --> 00:03:38.680
 verzoeken wij u,
 op voordracht van de Academische Raad,
 :03:38.680 --> 00:03:44.200
 het eredoctoraat van de KU Leuven
 te verlenen aan mevrouw Karen Sandler.

0 comments (0 inline, 0 general)