000000	AUDIENCE QUESTION:  I have a thought about -- I've worked with a lot of companies here in the valley, some of them startup, some of them bigger.
000009	And the default position of a lot of companies is, if we can't figure out a business model we'll sell data -- user data.
000017	I mean, that's just kind of the default position.
000019	And I think that part of the reason for that is that that's what VCs expect.
000026	So I was wondering if you've had any outreach, any  discussions with some of these VCs,
000030	because, I mean, the company that I worked for this summer, I had an internship with them and they were doing a lot of great stuff,
000038	but ultimately when they go to the meetings with the board and with the VCs, they have to change their tune in order to do what the VCs want them to do.
000049	So I've just been wondering if you've been trying to educate the VCs, because the people with the money are the ones that really...
000055	NICHOLE: And do you mean in terms of, if they can't find a particular business model for a component of something new that they want to do or for their entire business?
000104	AUDIENCE QUESTION:  Usually for their entire -- I mean, a lot of times for their entire business.
000108	I mean, there are many cases of companies that started off sort of as legitimate businesses providing something wonderful and people paying for it.
000120	And then they basically, their business got commoditized and they had to come up with another option, so they started selling user data, spamming people.
000130	I still get spam from this one company that's a software vendor that used to be great, and they spam me daily.
000137	And it's just because they've got a hold of my data.
000140	And if they could get more data from me and sell it, they would.
000144	So it's tricky if you're a startup and you have an assumption about how you're going to make money and that doesn't work out because the VTs are going to say,
000153	we need that money, we need to recoup our investment, so you need to go out and get data -- user data.
000159	NICHOLE: No, I think that's a great suggestion.
000203	The business primer we're definitely targeting to startups and to venture capitalists for them to sort of internalize the cost of privacy and free speech earlier on in the process.
000215	And as they're looking at new products that they're looking at new businesses to invest in.
000220	But I think that on the backend that's a really good suggestion to say that selling user data is not the default.
000228	And to also, I think, there could be some good publicity about companies that started out a legitimate and now have slid,
000237	and which VCs are supporting those companies still when there's really no legitimate reason for them to continue to exist.
000246	So I think that could also be a good research.
000250	AUDIENCE COMMENT:  Sort of the morality tale of a company that went bad.
000254	NICHOLE: Exactly.
000256	It would also be interesting to look at in terms of, what are the impact of sort of the bad actors, because everyone likes to blame it on a bad actor.
000306	That it isn't all the companies, it's a couple of bad actors.
000310	And to look at sort of what percentage of privacy risks are being created by what kind of companies and who's supporting those companies.
000325	AUDIENCE COMMENT:  Anecdotally I think that the smaller the company is the closer it is to the customer and the less likely they are, in general, to --
000335	because they're much more dependent on their -- their margins are much slimmer.
000342	They're much more dependent on their customers immediately right here and now so they can't afford to annoy them.
000347	But when you have a publicly traded company, for example, the customer is not who they're working for.
000356	They're working for the shareholders, so they have an entirely different calculus when they're thinking about these things.
000402	NICHOLE: Well, I would also think that the larger the company the more overhead the company has as well, so they're not as flexible to be able to move quickly when a new opportunity arises.
000414	They sort of get stuck in their business plan of spamming.
000418	AUDIENCE COMMENT:  Right.
000420	NICHOLE: So other thoughts?
000422	And I also, with things that you guys are thinking about, writing about, or things that you're working on, I can give insight into as well.
000436	AUDIENCE COMMENT:  I have a hard time seeing the problem with giving up my personal data, by and large, and I don't think I'm atypical in that regard.
000447	I mean, saying the customer should pay attention and realize the costs involved in letting people know your data, but I don't really see the costs.
000454	I have a hard time envisioning it.
000456	And I think that if you really want consumer responsibility you've got to really explain to them why it's a problem.
000502	NICHOLE: Right, and part of the problem is that it isn't people like the ACLU that usually are the ones giving notice to customers.
000511	So there's a law in California that every company needs to have a privacy policy and actually needs to follow that privacy policy.
000520	But there's no law or standards for what the privacy policy has to say and how clearly it actually has to be articulated to people.
000529	So if you're an attorney who is advising a company and you're writing a privacy policy, your incentive is for the company to say as little as possible, as confusing as possible,
000545	and in as broad a way as possible so that they never can be liable.
000550	So there's a real disincentive for customers to have, and for consumers to have information about what the implications really are of the data that they have.
000600	So like, for example, when's the last time you signed up for something and you actually considered whether the product or the service was worth the information that you were giving up?
000620	AUDIENCE COMMENT:  I mean, I'm very much an informationist free kind of person as a basic concept.
000627	I mean, if I had a privacy policy with somebody and they said, everything that is not your password and a credit card number is going to be posted on a web page
000634	and anybody who wants it can see it, I'm not sure that would dissuade me from using it.
000639	I mean, I really don't see the problem with everybody knowing everything about me.
000644	NICHOLE: Well, there's definitely some people who have a concern.
000647	Like, for example, on the RFID context.
000651	I'm working a lot in the RFID context, the Radio Frequency Identification Technology.
000657	Little computer chips, they can be encoded with any kind of information and then can be read at a distance for the reader without you knowing it.
000704	If that's in your driver's license and I can read whatever information is on the face of your driver's license without you knowing it,
000713	there is some problems there in terms of if you were at a political rally.
000721	And, A, you might not want everyone to know or the government to know, to be able to just scan a crowd and know everyone who is there.
000731	Secondly, there's a free speech problem in that the Constitution sort of case law that's come down about the First Amendment,
000742	that you don't have to identify yourself before you engage in political speech.
000746	You don't have to identify yourself before you go leaflet or pass out things at an event.
000754	And so by requiring you to be in a position where your identity is going to be known if you're at a rally, major problem.
000802	If you're a woman or a victim of domestic violence, or anyone who doesn't -- or a judge or somebody who doesn't necessarily want their identity and where they live to be known.
000818	If that information can be read at a distance and someone -- I mean, I'm an ACLU lawyer.
000823	I don't necessarily want everyone to know my address.
000827	So from an RFID context, also from an information context, you know, if that is public information and people can find out my address, which they can,
000838	that's concerning to me because there might be people that would want to know that information.
000844	And from an identity theft standpoint, from a financial security standpoint, you know, there's a lot of information -- there are a lot of companies that will give out a lot of information about you --
000857	we saw this whole pre-texting scandal -- without knowing a lot about you.
000901	Chris Hoofnagle, who was formally at Epic and now at the Samuelson Clinic says that generally you can call --
000909	he has found that you can call up companies and garble whatever number you're supposed to give to them and they'll turn over your information.
000919	They'll say, oh, what's your account number.
000920	Blah, blah, blah, blah, blah.
000921	And it's some faraway call center and they don't want to take the time to then ask you again, and they'll say,
000927	okay, well, here's your account information, or, here, we'll change your credit card number.
000933	So the more information that there is about somebody that's out there, the easier it is to fill in the hole that you need to get a lot more information about somebody.
000946	And there is a point -- I don't know what your point is -- but there's a point in every single individual, and it varies between all of us, that piece of information you don't want somebody to know.
000959	So whenever you are putting in information or thinking about that, you should think in your mind the one piece of information that you wouldn't want everyone to know about
001009	and to have on every single Internet site, and that's what you're protecting.
001014	It's not about the information that you're giving in, it's about that one piece within you that you wouldn't want out.
001020	Because whatever information is out there can be pieced together to then get at that information.
001027	AUDIENCE COMMENT:  And I think that that's a really good point.
001028	But most consumers, I think, think of themselves, I'm an honest, good person.
001033	I don't care what people know about me.
001034	And if you're really looking for consumer responsibility, that other side has to be pointed out more clearly.
001040	NICHOLE: Absolutely, and that's one of the challenges, in that everyone has a different point.
001048	Everyone cares about a different thing.
001051	Even within the ACLU, even within the people that work on these issues, there are some people that use FasTrack, there's some people who wouldn't be caught dead using FasTrack -- me.
001103	For example, you think you're using it to get through the tolls.
001108	Any of you who have driven on the freeways around here know that now they're saying 16 minutes to here, 22 minutes to there.
001116	Those are reading people's FasTracks.
001118	That's how they're getting those times, and almost nobody knows that.
001123	They all buy FasTrack to get across the bridge.
001127	They don't realize because it's RFID technology it can be read without you knowing it.
001133	So it's being read at those places, goodness knows where else it's being read.
001137	I've had people tell me that their FasTrack is beeping as they get into the airport.
001144	I don't know, haven't investigated that.
001147	But it's very possible that that information is being read.
001151	But that's the problem, some people, their gut is FasTrack.
001158	Some people, their gut is TiVo when it told how many people had watched Janet Jackson at the Super Bowl.
001210	Some people's gut is RFID technology, some people's gut is social security number, but they don't care about the last four digits
001220	even though everyone is now only asking for the last four digits, and the first three digits are just where you were born.
001226	So, you know, most people don't realize that.
001231	And actually I found that out because a college decided to assign people in dorms by their social security number,
001239	and everyone was confused as to why everyone was from the same state on a certain floor.
001244	It's like, oh, it's like all the people from Maryland on this floor.
001249	So I actually didn't know that either.
001252	So, a question, and you need a mike.
001300	AUDIENCE QUESTION:  You just mentioned the RFID system and FasTrack.
001303	And I just know, because there's a professor here at this university that helped design that system,
001308	that they tried very hard to ensure that when they use that information for purposes of checking speed on the highway, that it's not stored in any way.
001318	And you also mentioned earlier that Gmail has bots that scan our emails to provide advertising.
001324	And I'm wondering, when there are bots that are scanning our communications or are monitoring our FasTrack, but it's a bot it's not a person.
001334	And in both cases assuming -- assuming that the information isn't saved, besides what you mentioned that there's an issue that might eliminate the reasonableness in privacy,
001347	are there other concerns with those sorts of bots that...
001350	NICHOLE: Yes, this is a discussion that really started to get a lot of attention after the NSA spying case because it was, at least alleged and discussed, that all the information was just being --
001407	all of our call information was being put into a huge database and then it was being mined, but by a computer.
001414	And then it was only the people who had certain flags come up that were then being wiretapped.
001420	So I think it was Posner that came up with a big article saying, well, if it's a computer or a machine that's doing that initial search then the Fourth Amendment isn't implicated.
001432	That is isn't a search when it's a machine doing it because then the machine finds out you've done something wrong, and then there's a probable cause to then do the wiretapping.
001444	So it was like, anything with a machine or a bot wasn't a search.
001448	Well, I think that is just complete hogwash.
001451	If we look at all the things, you know, a breathalyzer is a machine.
001457	A breathalyzer is still a search.
001502	For example, think about if you were going to the airport and they decided that machines were going to search you rather than an individual.
001512	It's still a search.
001513	So if all of us had to go through and they actually took a whole machine and patted us down, and then they said,
001520	oh, but only the people that we found something on, only then we then have probable cause and then we actually --
001527	it's a search and implicates the Fourth Amendment but we can't stop it because we have probable cause.
001532	And that is just a complete destruction of the whole basis of the Fourth Amendment.
001541	And so I just don't buy that one iota, because it just means that nothing will implicate the Fourth Amendment,
001551	because increasingly everything will be done by a computer or by a machine that now an individual does.
001559	So I guess my question to you is, yes, how could we justify that a computer or a machine doesn't implicate the Fourth Amendment?
001613	How is it not a search, would be my question back, because it absolutely is, in my estimation.
001621	And if it isn't then we're in real trouble.
001623	We might as well just get rid of the Fourth Amendment.
001629	In the back, you have to come up and visit us with the microphone.
001634	AUDIENCE QUESTION:  (Inaudible)
001636	NICHOLE: Not for the Podcast.
001637	AUDIENCE QUESTION:  Oh, I didn't realize...
001640	I was wondering if, and maybe this is part of some class that I've just never taken yet, or whatever.
001646	But if you guys ever run into issues of standing or ripeness?
001650	NICHOLE: Absolutely.
001651	In the AT&T -- not AT&T.
001654	In our case against the National Security Agency, which we filed in the Eastern District of Michigan which the ACLU actually just won in District Court,
001705	and the NSA warrantless wiretapping was done illegal and unconstitutional.
001710	One of the issues was standing, in that we had to find plaintiffs that could say, who had standing, that they were affected by the warrantless wiretapping.
001725	That's hard when you're dealing with a state secret with a national program where people aren't supposed to know that they're the ones that are being wiretapped.
001736	So whenever you're dealing with surveillance issues that standing is always an issue.
001742	And we very specifically picked plaintiffs that could say there was a very high probability that they were being targeted because of the work that they did.
001757	For example, Larry Diamond at Stanford who does a lot of work in other countries.
001806	People who work with Muslim communities, people who do a lot of long distance calls to Iraq and other places in the world.
001815	And so I would say to encourage you, if you're interested in any of these standing arguments, all of our briefs are online at ACLU.org.
001824	And we have a long section on sort of standing and those arguments.
001830	Yes?
001832	AUDIENCE QUESTION:  I have kind of a comment.
001833	Wasn't there also a guy who the government accidentally sent him a transcript of a call that they had wiretapped?
001844	NICHOLE: Yes, the government -- sometimes the government gives us some gifts.
001850	Not often, but sometimes things come to light, and often sometimes they're good whistleblowers.
001856	And this government, this administration, has been one of the most secretive administrations in terms of being able to get information,
001904	and punishing people who try and come forward when things are not right.
001911	And so that has been definitely a challenge in these issues.
001916	So I guess, are we till 11:30 or 11:45?
001919	AUDIENCE COMMENT:  (Inaudible).
001920	NICHOLE: Okay, so there's just a couple of minutes left.
001922	But I did want to say, in addition to the communications privacy work that we're doing,
001926	I've been doing a lot of work on RFID technology on drafted legislation the past two years to have privacy and security protections on the use of RFID tags in California identification documents.
001940	All that work is online at our site, ACLUNC.org.
001945	We're currently litigating the AT&T/Verizon case about the NSA spying.
001951	I'm working on video surveillance, the proliferation of video surveillance cameras in California and what that means in terms of privacy and free speech.
002002	You know, if there are video cameras everywhere, we're carrying national IDs with digital photos that have RFID tags in it.
002012	The combination of video surveillance, facial recognition, RFID readers, sort of in terms of tracking and monitoring, is really quite chilling.
002024	I don't want to think about it.
002025	I'm fighting it hard, but it's definitely proliferating.
002029	I was just in Chicago, and Mayor Daley said he wants a camera on every corner by 2016 in Chicago.
002038	And money, billions of dollars just coming down from the Department of Homeland Security for this type of infrastructure.
002045	And sort of the work I'm doing in communications privacy is linked to all that.
002051	Because the Department of Homeland Security and the government wants to have as much information about all of us as quickly as possible.
002059	And so don't be fooled that this isn't part of sort of a broader goal in terms of video surveillance, RFID, getting companies to get more data about you to then be able to disclose that data.
002116	So it's all connected to my work which is in the next generation surveillance area, 
002123	and to try and ensure that innocent people like us are able to go about our daily lives without worrying that the government is looking over our shoulder.
002135	And whether you think you have something to hide now, down the line it might be something to hide.
002143	You know, being who you are and doing the things that you do and wanting -- 
002148	speaking out against the government or whatever it is, might -- when you have Republicans coming out saying we're approaching tyranny, it's a bad situation.
002159	But the ACLU doesn't have to say it anymore because they have the Republicans saying it.
002204	And the one last thing I wanted to say is that, the ACLU both in Northern California to our San Francisco and San Jose office and nationally 
002214	has internships every semester and every summer for law students, both for credit and for work study funding.
002223	So that's on my website at ACLUNC.org as well.
002229	I want to let you guys out on time, but if you have questions, you're welcome to come up and talk to me later.
002236	So, thank you.