BSidesSF 2016 - Ask the EFF (Kurt Opsahl Eva Galperin Andrew Crocker Shahid Buttar Cooper Quintin)

[Applause] the defender of our civil light civil rights online um and and uh what we'd like to do is to provide an opportunity for different people to ask different questions and go through so I'm not sure if you have some things to kick it off with uh sure so uh thank you thank you everybody Welcome we're very glad to be here for another year at bsides with the ask the eff panel uh my name is Kurt opsol I'm the uh Deputy executive director and general counsel of the electronic tier Foundation uh and this is a Q&A format we only have a half hour so we're going to get pretty uh quickly into your questions uh I just want to

say just a couple of quick ground rules uh one of the things that we do is we represent people we give them legal advice about their situations uh we we enjoy doing that for this community but this is not the place for that if you have a attorney client privilege communication let's have that in private so if it's a question about your specific legal situation we should talk talk at another time um so with with with that important uh warning uh let me just uh uh ask the panel to introduce themselves hi there my name is Eva gal and I'm a global policy analyst for the Electronic Frontier Foundation I work on E's international team I'm Cooper

Quinton I work on E Tech projects team on things like https everywhere privacy Badger and let's encrypt I'm Andrew Crocker I'm a Staff attorney on the civil liberties team I'm shait bhar I'm on the activism team one of the newest additions to that part of the organization all right thank you so uh since we have a short time uh we're we're going to get uh I guess straight into your questions um do we have a roving mic we do all right we have a question here in the in the center would it beho us to take some um probably just one at a time where do you think the Apple FBI think will end up all right Apple FBI uh I think uh oh

that's the next 30 minutes the question was where is it going to go what so I think that one thing that's really interesting about this is that it's kind of a win-win for the FBI if they win this case that's great and if they lose they can take it to Congress and say hey here's a you know story where we couldn't get access to something that we needed access to let's try to pass a law so we see this as a you know a battle on two fronts right we have to win in this court case in particular and we have to make sure that Congress doesn't pass really bad law mandating access to encrypted

Communications and I think that's it's kind of a long it's kind of a long game on both sides can I jump in there the the one thing I just say is that as Congress considers these issues one thing that's very different than it times in the past is that there is a major corporation holding the line on values that matter to all of us ironically paying better heed to the Constitutional values than the officials who swear Oaths to defend those values um In This Moment where there is a great deal of attention to that controversy in particular this is especially ripe time for elected representatives to be educated about particularly the way that in the digital Arena the analogies to

the Past no longer hold true and so to the extent you either have those relationships or if you don't now is a great excuse to develop them uh and if you do if you do now is a great opportunity to take advantage of those to make sure that the factual premises of the debate are understood widely and and I think the the most important among them is that security for one is security for all that is effectively how it works and that is not widely understood on Capital Hill certainly so the spin correction of the Intel agencies among members of Congress and editorial boards is especially important right now and we can do a lot of that

but it's much more effective when coming from many nodes so we're excited to see you

here question the B hi thank you guys for your activism and your support for our rights and I have a question regarding the transpacific partnership um I was wondering if you could explain how it affects us as Security Professionals and how it affects the individual rights of Internet users in the United States well this is actually kind of a tough one because the three people we have in the office who work on TPP full-time are not on this panel um but I can tell you that one of the biggest problems with the transpacific partnership uh has to do with uh with copyright which is that the transpacific partnership much like ACTA is trying to export all of the worst things about us

copyright law um like uh very very long terms of copyright uh without exporting any of the things that make us copyright law kind of okay like fair use um and they're trying to pretend that this wouldn't actually be a change to uh US law uh which is the reason why it wouldn't have to you know go through a legislative process and furthermore they want to pretend that uh this is entirely in line with law all around the world and so this is usually framed as uh normalizing copyright law uh but the way that this normalization process works is it works like a ratchet which is to say that you propose a a very limited kind

of draconian copyright maximalist law in TPP and then you make everybody kind of contort their copyright law in order to uh in order to fit into that box and then afterwards you say well this is the copyright law that everybody has because it's been normalized um this is definitely a problem for anybody who who uh who cares about fair use uh who cares about uh other countries in which they have considerably laxer copyright laws uh who cares about creativity for the most part uh the the way that creative uh that that art gets made is is standing on the shoulders of giants and the more difficult that this is for people to do uh the sort of sadder the and more

limited the Creative Commons will become think I think we had a question in the front so I haven't seen this issue get a lot of news but uh as some people might know there's been a supreme court vacancy recently and that seems to be really important for rights online in terms of the Fourth Amendment and privacy protections but the times people get to interact with that is rare is there anything we can do for changing the legal landscape for protecting privacy with out going to the Supreme Court and through that uh slow political process the question is what can we do uh without going to the Supreme Court or exactly um there so the Fourth Amendment

but the that states basically that you needed a um warrant to search someone's information has gained a very restrictive interpretation in that as soon as you give your data to a third party say the cloud it's not private anymore so uh yeah couple of couple of notes on that I mean there there are a number of important issues which will probably eventually get before The Supreme Court on the fourth amendment I mean you know so we have our case against the National Security Agency about whether the fourth amendment protects against the warrantless surveillance program uh there's the question of the third party Doctrine which the government contends means that anything that is operating in the cloud

using a third party Service uh detrimentally affects your your Fourth Amendment rights and these are also important uh questions uh with uh with Scalia gone it remains to be be seen how that will affect uh the court uh Scalia actually was pretty good on Fourth Amendment issues um he uh had a number of important decisions like I was part of the the majority on determining that uh you know you a warrant for for cell phones uh but he was not perfect on that but you know pretty solid uh we won't know until we see some nominations see how that plays out uh but your question was what can we do other than going to the Supreme Court court and I think that

that that uh you know we work within the law but we also work with uh technology and we work with activism so I think Cooper and Shad yeah I was going to say that uh one way that you can you know affect change without going through the legislative or judicial process is with technology right if you don't like that the NSA is able to read traffic right you can encrypt all the traffic um you know and and there are ways to force constitutional protection via the technology that we Implement right so if we encrypt all of the internet then you know we we have really uh you know kneecapped the nsa's ability to massively collect data thanks so that's

I think that you know the that's a really actually super effective way uh and obviously much faster than trying to go through the legislative process and just to a couple pieces to that you're you're totally right to note that the fourth amendment is very much in flux and this answer and the question about the TPP sort of bridging across these two these are both issues where the public Consciousness is still getting molded and as the fourth amendment's Norms get applied to emerging technology the courts at least have yet to be very definitive about how the principles play out which is to say we have opportunities across the three lay branches of government and the three

layers of government which is to say executive judicial legislative I'm going to back to that federal state which I'm going to come back to and local to essentially push the ball your courts are inherently reactive institutions legislatures can be proactive especially when pushed by diverse communities of their constituents California very recently adopted one of the nation's very uh most the uh Advanced Digital privacy laws this is Cal Cala the California Electronic Communications Privacy Act and it doesn't create a federal Fourth Amendment right but what it does is by creating a state analog these inform what a federal judge's construction of a reasonable expectation of privacy might be in the Jones case this is the GPS case before the court

what two three terms ago alos 2012 so four years ago Alo in his uh I guess was a concurring opinion talks about how the the ubiquity of cell phones under the prevailing terms of use indicate what people's expectations of privacy are so by by adopting privacy uh promoting Technologies by pushing state level laws and local laws like one that's in play in Santa Clara County at the moment that better enshrine privacy standards you can shift the course through these other channels too you might describe it as like popular constitutionalism that's my shtick and I'm happy to talk to anybody about it later all right thank you um I have a question um how closely should we be tracking the wnar security

export controls I got this uh how closely should we be tracking the sort of progress of the uh 2013 changes to the vasar arrangement uh in my opinion uh this is very inside baseball uh but like all people who are deep inside baseball I believe everyone should be tracking this very closely uh especially a room full of security researchers for those of us who have not been playing along since 2013 um in about 2011 2012 a whole lot of research came out um which demonstrated that European companies were selling surveillance malware to authoritarian regimes that were then using it to spy on activists and journalists and this is a very bad thing so the European countries were involved

in the vasar arrangement uh which is a sort of it's it's not even a treaty it's basically an agreement between I I think 40 countries um which normally uh governs weapons so landmines machine guns this sort of thing and they decided that they were going to add uh surveillance software as a thing which the vasar arrangement uh would uh would cover so each country that had signed on to vasar needed to change its export control laws to control uh surveillance malware now the way in which these um the way in which this stuff was written into vasar was actually super vague because it turns out that the difference between surveillance malware and the stuff that

you use to watch your network because it's your goddamn Network and you would like to not see people breaking into it um is kind of vague um and so Not only was this stuff all written very poorly and could be used to stop the uh communication between um uh between uh sorry security researchers across borders um but then the way in which the United States first proposed to uh to implement vasar uh included a uh export control on zero days which were not even mentioned in vasar they just kind of threw them in at the last minute nothing could possibly go wrong with this plan um now security companies of the sort that you will be

seeing all week at RSA uh immediately went up in arms and said how the hell are we supposed to go about our business uh if you implement the the vasar arrangement in this way uh so the good news is it looks like uh the US will not be implementing the vasar arrangement in this way um now the next step is we need to wait until uh I think early this spring or this summer when all of the vasar countries meet to talk about the language in the vasar arrangement and we will have the opportunity to suggest rolling the vasar arrangement back basically saying this suggested language was a terrible idea it was not going to

work for example the uh export controls uh went into effect but did not in fact stop uh hacking team which which was one of the companies that was found uh selling to authoritarian regimes did not SE stop them from selling to a single authoritarian regime so this is basically you know badly written badly thought out junk and should be rolled back um this spring and this summer we're going to be looking at an opportunity to do that and what everybody here can do is they can get in touch uh with their uh congressional representative and they can let them know that it's important for them to talk to the state department and the Department of Commerce and the

Department of Homeland Security and let them know that it is time to roll back the vasar arrangement so yes you should totally be watching this very closely hello um earlier y shelman talked about Librarians and their role of teaching patrons about privacy and security so I'm asking because I don't know because I've never worked in the public library but what what initiatives do you already have in place or resources do you have to help Librarians communicate better with their patrons about privacy and security do you have any Arrangements already or is that something that you're looking at in the future we we are at least setting up crypto trainings and oh yeah sorry uh the question was um for librarians what

resources and materials we might have to help Librarians engage their patrons and help support their uh privacy and digital rights and I'm not sure about the materials we have available I will certainly affirm your point that Librarians have been some of the leading on the Leading Edge really of privacy activism dating back to when the Patriot Act was first introduced over a decade ago we are setting up uh crypto trainings and digital security workshops around the country including in Partnership uh this isn't we well we're talking to the New York City Public Library about some events there serving their patrons um it's a great idea we'd love to puts more time into it one thing that

libraries can do and that several around the country have done is uh um host tour relays and those have become controversial in some places and I can think of it at least one case though the place escapes me I think it might have been Philadelphia was it New Hampshire last Fall New Hampshire right you want to talk about it I think you know more than me well I'll just say this is something that interests me I I am a librarian um so I did actually send a survey out on my Twitter feed earlier and I asked Librarians if they had to speak to their patrons about privacy and security could they and the answers were yes

somewhat or absolutely not and I'm still waiting for more results to come in and about six months ago I was approached by a hacker who was very much interested in helping libraries and he wanted to get uh raspberry pies into libraries and help with exit nodes and things like that um so he but he wanted me to help him get into the library world so there's definitely a need and there's interest and it's something that I've been trying to work on as well and and also Library freedom project obviously everything all the amazing work that Alison mccre has been doing um so yeah I just think that's a great opportunity to really get out there because the public

Librarians are right on the front lines helping people and oftentimes I mean you won't believe the crazy questions Librarians get from from people and this is really a great way to help move your mission is because the Librarians are right there dealing with people every day with stuff like this if you can hang out after would I'd love to have a chat with you yeah all right um so the primary the primary thing that we have done at eff which is helpful for teaching people about privacy and security whether they are Librarians or people who are unfortunate not to be Librarians um is surveillance self-defense which you can find at SSD do.org and this is our

privacy and security guide um I've actually done a lot of work with the library Freedom project uh to and I have I've given trainings to Librarians and I very recently did a podcast with uh Alis and macrina uh which which was all about uh privacy and security threat modeling for uh for people in libraries and museums uh to think about sort of the needs of their users um and we also on the legal side have filed some briefs on behalf of libraries in our NSA case we filed an brief on behalf of the Ala and some other Library organizations uh trying to trying to make the case that libraries have this special role in protecting privacy um just so that it's

sort of clear amongst the other privacy rights that courts are considering as well all right so my question is what is the esfs current stance on coder's rights and do you do you support my right to sell exploits to my like hitting on the wner ACT Etc all right um so uh thank you for that that question this has come up in in a variety of context what oh repeat the question um so uh what is our stance on coder's rights and do you support the right to sell exploits to whom I like to whom you like all right so as initial matter so yeah we work with a uh coder's rights project Andrew and myself are lawyers who work

on that project and we represent uh researchers defending their right to conduct research and then to uh speak about that research afterwards especially in the in the face of uh threats um and we we do believe that code is speech and so you have a first Amendment right to speak your code uh to whom you please now we might not want you to uh uh you know sell it to a repressive regime so it can be used against uh you know innocent people that that might not be a you know the best way to go about it but this you know that that's the thing about uh freedom of expression is sometimes uh part of

freedom of expression is that somebody is going to express something that uh you might not agree with but you still have to have the right to be able to express it do that answer your your question does that I mean how does that break into the wasin our Arrangement and are zero Day sales going to be restricted or have we backed away from that and where are we at now to be absolutely clear um zero Day sales are not restricted under the vasar arrangement uh there was a proposal by bis in the United States to restrict the sale of zero days under our implementation of the vasar arrangement um this proposal is not final and in

fact it was made entirely clear by both bis and the Department of Commerce and the Department of Homeland Security and the the Department of State uh that the final version of this implementation will not include any of this crazy pants language about OD

days hello hi I was wondering what some of the issues surrounding the eagle ey system the drones that fly over cities for long periods of time and capture pretty much everything what what are some of the issues and and legal precedents surrounding that anyone up on drones yeah I could talk about the the legal legal side of things um so in general in the past you know in the pre digital era there was this idea that you didn't have expectation of privacy when you were walking around in public um that's really started to change the Jones case that CH was talking about is about monitoring GPS in in in public over a long period of time and the

Supreme Court has said in fact you do have an expectation of privacy in that at least five justices on the Supreme Court said that so when you have a drone F flying overhead and the ability to monitor people's locations in public that actually starts to implicate their fourth amendment rights even though they're in public the whole time um so any any sort of government operated system where you have drones flying over uh for long periods is going to start to implicate people's expectations of privacy so you know even though that's a new application of of of drones and of you know monitoring people's locations it will have Fourth Amendment implications um I'm not familiar with it

you know any work that we've done on that particular system we've done other work on uh cell phone tracking uh the flying of dirt boxes which are cell phone trackers in Planes um I'm working on a foyer case where we suing the FBI and the US Marshals to get more information about that um anyone else just a few pieces you know the front edge of surveillance drones as opposed to being federal agencies tends to be state and local law enforcement the FBI flies drones Customs and Border Protection uh fly drones but the where drones really um I was going to say hit the ground but that's an inapt image I suppose are Sheriff's departments and

police departments and this is another area where local activism has a huge impact on the state of play on the ground Seattle for instance was forced to to ground its drones and send them to LA because of public appropri over the launch of their program here in the Bay Area Alam County last uh uh in the East Bay uh made a decision about a year and a half ago similarly um uh restraining though it didn't en entirely shut down the Drone program there uh these are areas and and the last thing I want to say here is that when we talk about the militarization of local police the uh procurement of essentially military surveillance tools are one leading

Vector of it surveillance drones especially when you couple them with devices like facial recognition technology on highdef cameras exercising persistent surveillance you know think about the ways that this impacts the First Amendment if for instance let's say there were a social movement uh a month from now or a year from now that uh did prolific things in the manner of the Occupy Movement perhaps the black lives matter Movement we know that those movements were monitored to what extent could aerial drones be used not only to offend the privacy of people participating but map the associations among them in a way that would be independently violating of a whole other set of constitutional Norms these are

some of the issues and just like on the TPP just like on the battle around encryption these are areas where your voices matter a great deal could I ask people just take the Indulgence of a question back how many people here have have communicated in any way with your any one of your representatives in elected government over the last year I am so excited to see that if you have not take a lead from your neighbors here it can really make a difference especially when you do it in

groups hi as somebody who actually works security defense at a corporate level trying to protect sensitive data I often find that trying to find the balance between the private rights of the employees versus trying to protect that sensitive data is often a challenge and it's also very challenging to try to communicate and get across to Executive teams who want no risk to their sensitive data but yet at the same time I really can't break the encryption of everything that everybody is doing and prevent all data loss do you guys provide any sort of guidance like that for people working in corporations to help to do that kind of communication to executive staff or security managers

don't have experience in Security Management so I we we don't have any specific programs designed for for corporate environments uh though I mean on on the whole we're we try to encourage people to uh increase security measures and and to have uh quality uh uh security uh the surveillance self-defense guide that that Eva mentioned uh is pretty good and it's aim towards activists but actually the uh the structure of it is designed to help anybody because it it starts out with uh questions about what your threat model is and you just answer that threat model a bit differently than than an activist would but it still is a different threat model for the corporate environment um and then Cooper I I guess

that the like Kurt said we don't have anything specifically on that um and I mean I guess the tactic that I would take is that you know people don't want people generally don't like being surveilled uh and and it decreases morale a lot right and I mean I think that this is the sort of thing where you have to have sort of the uh system administrator's code of ethics right where even though you can read all of the emails and even though you can look at all of the packets you don't necessarily right and you need to codify that with your management right by you know talking about employee morale Maybe by talking about how um you know if it's

done wrong it could actually be detrimental to people's personal security right by talking about um what compartmentalization right um so I I I I think that those sorts of appeals to their bottom line always work really well on managers and un unhappy employees people that don't want to innovate because they're scared that management is reading all of their emails right is not going to be good for their numbers so that would be my suggestion all right thank you uh so Joiner on to the last question have you encountered any sane Frameworks for businesses to share information for security and anti frud purposes that also don't compromise on end users rights um and if not what do you think

that framework would look like well there's bad news and there's bad news and the bad news is uh that uh no sane uh Frameworks matter anymore uh because the uh cyber security bill has passed and now no matter how it was that you were sharing threat Intel with other private uh companies in the past now the US government gets to be in the room and it looks very much as if the final version of the bill will not have any of the safety measures that would have minimized uh what the US government could do with this data in any way uh so I wish I had something more cheerful to tell you um but everything is

awful well on that cherry note yeah I had a question that was uh kind of related to the to the Drone question which was uh that recent uh case from four years ago about the GPS uh that came out of the Supreme Court that was so heartening at the same time I think even at the time it was obvious it was kind kind of quaint and dated because of license plate reading systems uh and I was wondering you know do you have uh a strategy for for how to attack that and especially considering the concern that I have that what's going to happen is if we simply say the government can't collect this data that they will simply

pay third parties to do it uh and and how how can that fit into our current constitutional framework of of how all of those privacy rights work um and also just if I can I meant to say this at the beginning thank you all for you know your great work over the years protecting our our freedoms and privacy thanks thank you much thank you for supporting e thanks for making it possible uh so that was a multi-part question uh the first was you know is this sort of idea of expectation of privacy in public in the GPS case the Jones case sort of dated at the time of inception because of things like license pay readers you know is the is the

government going to sort of just find more and more sophisticated ways of tracking people and then the second question I think was you know in license place readers in particular how do we attack that because they might just buy data from from third parties um so the the the first one is one thing that's nice about how our system of legal precedent works is that you can apply old precedents in new situations and um so I I don't think that you know saying that GPS monitoring uh implicates a fourth amendment you might need a warrant for it is you know a dead letter when it comes to licens by readers if that's a way to track people in public

then that precedent actually applies very nicely so um I think at least looking at the five justices who who looked at the the GPS case that way it would apply pretty pretty directly to licens PL readers if at least as as far as mapping you know instances of license plates being in a specific place over time I would add that we're litigating a license plate reader case in front of the California Supreme Court case uh right now and we're trying to make sure that the California uh open records act doesn't doesn't bar us from getting access to that data that the California you know law enforcement in California is using right now um your other

question is is a good one um you know private companies arguably have a First Amendment right to collect license plate data um there's you know there's some precent on that but when the government buys or pays you know a third party to do things uh surveillance for instance um as an agent as their agent they are they are acting as an agent of the government and they are you know at least at least in some cases uh subject of the Fourth Amendment as well this came up in our NSA cases where our theory was that AT&T and the other telecoms were acting as agents of the government and that's a pretty solid legal Theory so you know how that plays

out in the license plate case it's sort of license plate readers uh remains to be seen but there's it's not that the fourth amendment has nothing to say about um the government involving private parties so one other thing that uh security researchers can do uh is a thing that we did which was me and a colleague Dave Moss uh found did some research on alpr devices automatic license plate readers and found using showan that several of them all over the country had a huge vulnerability where they had a terminal open to the public with no password uh so you could log into any alpr from anywhere see license you could theoretically see license plate data uh

and do a number of things we wrote a report on this sent it to and uh sent it to Louisiana where Governor Bobby jindel was about to pass a law bying spending uh a few million dollars on buying a new APR system for Louisiana based on that research jindel vetoed the law and Louisiana did not get new alpr readers so you can research find these Technologies find flaws in these technologies that lead to horrible violations of people's uh privacy and uh get um you know people uh in government aware of these things similar story one in California one in Texas so California recently two bills in the last legislative session uh imposed essentially transparency and process

reporting requirements both over alprs and MC catchers those are the cell site simulators that I think came up earlier when Andrew was talking about dirt boxes um those laws can also be replicated in other places in Texas you were describing the sort of corporate Outsourcing as the whole in the Constitutional bucket right great question in Texas there's almost like an inversion of that Dynamic where uh our same colleague Dave Moss and I'll close with another story involving Dave and something he's working on next um he found that Vigilant Solutions it's a company that essentially collects and then sells data from alpr devices had agreements with law enforcement agencies across Texas through which the departments were getting free gear free

surveillance gear on the condition that then when they served warrant absconders they would add 20 to 25% that would go straight to vigilance so there you have corporations essentially conscripting the state as you know debt collectors Revenue centers I mean it's incredibly gross and then just the last piece here Dave one of Dave's next projects uh we're going to either on the 26th or 27th of March host here in the Bay Area and in LA and in San Diego a one-day Sprint collecting people concerned about alprs in particular and we're going to research to what extent the law enforcement agencies across the state that we know are using alprs are complying with the state law recently

passed that requires them to publicly disclose a privacy policy so that's a very tactical opportunity and we would love to have any of you participate thanks all right we we only have a little bit of time left we have a couple more questions we're going to try to get very short answers to very quick questions so please uh hi first of all thank you I applaud you for all the work you're doing and I I was wondering if you're doing any work on spoko case and if you do can you comment on it Sor I say that again spoko uh we filed an amikas brief in the Supreme Court um which and it was argued in the fall I believe and so

we'll we'll see what how the Supreme Court rules on that the question is is a pretty technical legal one it's um Can Congress create a cause of action under the under the article article three of the Constitution and um you know we strongly feel that it it should be it should be able to do that because there's lots of things Freedom of Information Act other sorts of things where you know there's no uh monetary harm necessarily that is incurred which is what one of the arguments should be you know on the other side that you have to have suffer some sort of damage in order to sue under the Constitution uh we feel that it's very important to

preserve that right okay and last question please hi over here um does uh eff uh keep track of uh the reach I guess in social media of various of these stories like I'm watching the carousel behind you on the FF homepage and I'm wondering which of these had the best reach into like sort of Middle America it's a little hard to hear from that Mike could you could you uh repeat is this better yeah so which of these stories on the carousel behind you does eff know had the best reach into social media into like Middle America has reached the heart of America is that important and do you have any tips for us and for the general public

for engaging our friends and our peers in social media like which how should we contextualize the stories yeah okay so at the moment among the stories up right now I think it's safe to say that apple versus FBI has the nation's attention um and I would say among the many values at stake the one we and we to answer your question discreetly um and the question was about uh how um do we recommend that you engage your neighbors on social media when discussing digital rights and maybe the encryption issues in apple versus FBI in particular there are a lot of values at stake privacy international human rights security is one that tends to Trump others perhaps because in human

consciousness fear is an overriding emotion but when communicating with people about that case impressing upon them the way that the FBI's demands would undermine security for everyone I think is a particularly compelling uh at least first point um and I would encourage you to not rest with social media writing op ads commenting on news articles can be an influential way to raise your perspective uh raise your voice you know the stuff we're writing on the blog you can always drop a link in a comment on a news article with a on line introduction if you like like that's part of why we do it so please you know leverage our work and uh help Supply it to your neighbors to the

extent you might find it persuasive all right thank you thank you all for coming uh it's been wonderful to be back here uh it's happy hour now so please en enjoy that