Speaker 0
0:10 – 0:14
Welcome to Tech Talk. Bye. CT. Tea.
Speaker 1
0:16 – 1:46
Welcome to CDT's Tech Talk, where we dish on tech and Internet policy, while also explaining what these policies mean to our daily lives. I'm Brian Wasilowski, and it's time to talk tech. Today, we talk about the fact and fiction of Russia's hacking of the twenty sixteen US election. What do we know? And what can be done to make our elections more cybersecure in the future? And we also talk about taking control of your own cybersecurity, specifically about VPNs. Sales of VPNs in The US have skyrocketed since the election as more citizens worry about their personal information being compromised. Are VPNs still only for paranoid techies, or should we all be using one? So Russia definitely hacked into America's twenty sixteen election at this stage that is pretty much indisputable regardless of how you feel about the outcome as more details and stories emerge about Russia hacking more questions also arise. Our chief technologist, Joseph Lorenzo Hall, who happens to be one of the leading experts on elections and cybersecurity, joins us today to talk about the very latest, and he's gonna help us separate myth from fact. Welcome, Joe. Thank you. So you, as you were looking at, you know, what I was gonna say, you encouraged me to get you to define hacking. Why are we saying this election was hacked as opposed to other words that people have been using? Yes. This is really important. Hacking and hack in general
Speaker 2
1:47 – 2:39
is an umbrella term under which we can put so many different kinds of concepts. All the way from, simple kinds of things that happen to all of us every day. For example, if you have a computer that's attached to the Internet, it's probably getting scanned, which means means someone's sending little things at it all the time from all over the world, but it your computer's smart enough to know not to respond to those things. Those aren't attacks or hacks. It's just someone sort of jiggling the doorknob on your door and seeing if the door's locked. However, we did see cases like in in Illinois, the state voter registration database was actually penetrated. They got in. They exfiltrated. They downloaded 90,000 voter records, and they tried to delete data and, do some other nefarious things. That is much more a hack hack. Right? And so we tend to jump jump all those things under one thing, but I just wanna be a little more precise. And so you may hear me
Speaker 1
2:39 – 3:13
try not to use the word hack. Alright. Right. So when I when I mess up, correct me and do the wonderful thing and make sure make sure we're all smarter from this. So we're gonna talk about two really big recent developments, in terms of Russian election hacking. There we go. I just said it again. First, it was the leak from Reality Winner, and then the major Bloomberg article that got lots of headlines, on the scale of this. Why don't we start off with Reality Winner? What what was the information that she shared exactly? What did it reveal about Russia's activities? Yeah. So Reality Winner,
Speaker 2
3:15 – 4:11
printed a top secret classified NSA document that that discussed some of the the Russian military intelligence unit that was trying to hack our elections. See, I said it. This document basically explained a certain a certain, aspect of one of their campaigns that was seeking to get access to certain voting machine and and service vendors. And so she sent this document to The Intercept and within an hour was arrested. And it's it's unfortunate, but, apparently, what happened was that the the paper looked like it had a crease in it, that is as it had been printed and folded out. And because they keep records of everyone who prints everything at the end of the day, as you would expect them to, they figured out that in Georgia, where the, document was sent from, only, six people had printed this file at all, and, they went to her house and she confessed. So
Speaker 1
4:11 – 4:27
okay. So what what did it exactly reveal? I mean, VR Systems was the company, that apparently was targeted and what she shared, at least the company named and what she shared. How big of a player is VR Systems? How big of a deal was this information that she shared? Yeah. So,
Speaker 2
4:28 – 6:36
there's a variety of ways to look at this, but VR systems is a voting registration service provider. And so they do a variety of things around helping you manage your voting registration information. One thing they do that is extremely sensitive, that we haven't spent a lot of time thinking about in the technical community are, they they, usually when you go to a polling place, you check-in and there's a spiral brown piece of paper that has your name on it and you sign it and they cross your name off. Increasingly, those are being being put into computers and tablets, like an iPad and stuff like that. When I worked the DC election, I used an iPad tablet to check people in. Cool. It was probably very usable, very It was. Hard to make mistakes. This is why we have technology in elections at all. It's because it really does help us do things. And so what had happened there was the Russian military intelligence unit called the GRU had broken in, it appears, to one particular account. And so they had sent a bunch of phishing emails, you know, fake emails, and someone had clicked on one person had clicked on one of these emails in such a way that they were able to then log in as that person to the VR systems, you know, network, so to speak. And then that person sub subsequently this hacker this attacker sub subsequently sent a 122 election officials their own phishing emails that had malware embedded in an attachment. So if you clicked on it, it would completely take over your system. We have no idea who those 122 election officials are. We have no idea if they clicked on things. And what we do know is a lot of people click on things, and it and it sort of correlates with your sense of, you know, your security hygiene, your digital hygiene sense. And, unfortunately, election officials, they're not their primary task. No one's primary task, unless you're someone like me, is to think about security all the time. So I suspect some fraction, more than one of those 122 people clicked on that. Mhmm. We don't know enough. And this is part of the frustration here is that, you know, this is the only way we know about this is because, this woman sent that to Intercept.
Speaker 1
6:36 – 7:00
So let's talk about the other one that I alluded to, the Bloomberg article. And, you know, the big piece of that was saying that, you know, there are even people knew that Russia had interfered. And now that one was all about the scale of Russia's cyber hacks and saying it was far wider wider than previously reported. But there seems to be some questions about, you know, the validity of this article somewhat. Why is that? What's what's coming out
Speaker 2
7:01 – 9:20
that may not have been accurate in there? Yeah. So it's unclear. This was a so many stories these days are. So it's an anonymously sourced story from three anonymous, either intelligence community individuals or people that were working with the DHS. And I know some of these people, so they could have been I I could know some of these anonymous. There's a lot of them, so it's hard to tell them. Right. I have heard, in back channels that there that the reality winner thing is not the only case like this. In fact, there's another case in that document, which is a different vendor, which wasn't easy as easy to figure out as VR systems was. But the Bloomberg article, claimed 39 states had, been subject to quote unquote incursions into their system, which makes me think that 39 states had their some system penetrated Sure. And and infiltrated whatever That's what I would think. Adjective is, but it turns out that was like I was talking before. For most of those cases, it was scanning. And even then, DHS on the record says they are only aware of 21 states that that either they detected or the states reported anomalous activity that seemed to be coming from known GRU. I mean, 21 still seems pretty high to me. Yes. So by no means does that make this not a major major issue. And this is all stuff that we can detect and, you know, the smart, attackers do stuff you can't detect or when you can detect it, it looks like a normal kind of error. That's how they you know, if you see anything, it looks like something you've seen many times before. And so there's not a we don't know what the truth is here. It seems that the Bloomberg article is is going a little farther than anyone's claiming in the public domain that Okay. That we've done. But we might get there? We might get there. And not only that, but the Bloomberg did have some interesting, stuff that was confirmed. So for example, we didn't know that in Illinois that they had actually tried to delete some of the voter registration database, and that was revealed there. And then the Illinois, election officials confirmed that. So there is stuff in the Bloomberg article that has been confirmed, but there's other stuff that hasn't been. So I would take the thirty nine state attack with a grain of salt, but understand that that election officials are on notice that they're now on the front lines of cybersecurity. Well, I mean, you delete voter data. That's that could be potentially huge, especially in states that don't have same day registration, which, we're seeing a lot of voter ID laws that are making that impossible.
Speaker 1
9:21 – 9:38
So that is very scary. Former FBI director Comey certainly has been in the news a lot, and he suggested during his fairly recent testimony that Russia's attempts to hack this election, were really just the beginning and that there's more to come. Do you think that's probably the case? Oh, yeah. I mean, you know,
Speaker 2
9:40 – 10:59
you should take some heart in people saying that no votes were were attacked or altered. That's really important. That's the core of democracy. There's so many other things that that you could, quote, unquote, attack that would be very useful. And the simplest thing is if you were to break into these systems and just observe, you know, what do people do? You know, are they using, passwords you can tell are really simple passwords? You know, can you get access to voting machine software that isn't on a voting machine, right? If it's, if it's ready to be set for an update, you may download that software, then you have access to this software and you can do what's called disassembly, turn the binary computer bits back into source code and and then look for bugs and keep them in your pocket for later. Right? And having been part of hacking projects on voting machines, they are not very well designed to resist these kinds of threats. And so even just collecting information in Matt Blaze, another storied election hacker pointed out that the easiest way to hack elections is to break in, don't do anything, not even observing, and they just tell someone you did it later, and then you cast enough doubt Yeah. On this that it becomes problematic. And this is something that we all struggle with now as technologists is you you wanna make sure we're upfront about the concerns here, but that we don't talk about them in in such a way that, it discourages people from actually voting, which is something we have to do. Absolutely.
Speaker 1
10:59 – 11:31
Everyone should get out there and vote regardless of this. Absolutely. So you were one of, 100 cybersecurity experts and, I guess it was election experts that sent a letter to, I forget who you exactly sent it to. Congress. There you go. Basically saying this is what people should what government should be doing to make our elections more cybersecure. What are some of those things that you recommended? You know, it seemed like pretty straightforward stuff, a lot of it. Could you share those? So three main things. The first one is a paper trail. You know, these
Speaker 2
11:31 – 12:25
you have to have what we call a software independent record of the vote, which means if the software gets corrupted or broken or something that, the paper is still there and you're able to check it. The other one is if you're gonna have these paper trails, you wanna count them. You don't wanna just put them in a box and save them for later. You really wanna actually like, methods that we developed in my post doctoral position, these things called risk limiting audits, which are designed to make sure that you, correct any, outcome that may be wrong. So if if if you announce the wrong winner, these things are designed to correct that, which is kind of cool. It doesn't matter if it's fraud or error or whatever. And then the final thing is a little more pedestrian in the sense that we really have to sort of cowboy up local election officials and state election officials to better deal with nation state threats. I mean, these guys are the lowest resourced, people we face, which are nation states.
Speaker 1
12:25 – 13:46
Yeah. Well, that's great. Let's hope congress is, listening, in fact, reads that letter and take some action on that. And funds elections. And funds elections. Yes. Absolutely. Joe, thank you so much for joining. I always learn something when you're on the show. Thank you. Thank you, guys. Once just something only for the super techie or people living under authoritarian regimes, virtual private networks or VPNs are now going mainstream. In The United States, for some odd reason, there was a surge after the twenty sixteen presidential election. Shocking. There was also a surge in VPN usage after Republicans in congress voted to eliminate privacy protections for broadband Internet users. And while I know our listeners are rather tech savvy, my hunch is that there are still plenty of you waiting to jump on the VPN train. Perhaps this episode of Tech Talk will encourage you to make that leap. Joining us today to talk about how you can take more control of your digital privacy and security is Sundae Yocobaitis, the president of Golden Frog, one of the leading VPN companies out there. They have a full range of security and privacy services beyond the standard VPN as well. Welcome, Sunday. Hi. So first, you know, tell us what a VPN really is, and then tell us why people should be using it.
Speaker 0
13:47 – 14:56
So VPN stands for the acronym is virtual private network, which doesn't really help you understand it. Right? Not at all. And it's so it's basic level, it encrypts your Internet connection. And I don't, you know, some people understand what encryption is, but generally, it's going to secure your Internet connection so other people cannot see what you're doing, can't see, the content of your traffic and really effectively creates an encrypted tunnel between you and the endpoint. So there's obviously a lot of use cases why people use VPNs, but that's generally what it is. I think that, you know, we're seeing today, there's about really, I call, three use cases that we were seeing less people using VPNs. First of all, it's just for privacy. Right? Yep. A lot of people, whether on their mobile phone or at home, they feel like their ISP is snooping them, whether they're collecting, you know, what websites you're going to. There's an uncertainty there. There is things going on that they should be concerned about. You know, your ISP can see the websites you're going to. People don't realize that through DNS, which is another acronym. Right?
Speaker 1
14:56 – 14:58
Lots of acronyms when we talk VPNs.
Speaker 0
14:59 – 17:25
That's right. These darn three letter acronyms. A telephone book to look up websites, right, and IP addresses and translates them. But, you know, so there's a lot of things your ISP can see that people don't want them to see. And I call it, you know, an expectation isn't really like, hey. I'm gonna make myself completely anonymous, but I want to be private in the same way that I, you know, I draw the shades at my house. People know I live there, but they can't see what I'm doing. Right. People that they have nothing to hide. Well, that's, that's a bit ridiculous when when people say that I think that people are using it on the first use case for privacy. But then the second big use case is security, and that's kinda related to privacy, but it is different. Security really is I wanna protect what's mine from someone that would look to exploit it. It. So one of the biggest use cases we have is for, you know, people that travel quite a bit. You're connecting all different kind of Wi Fi networks. And I don't think people really realize that if that Wi Fi network is you're not using a password and it's not encrypted, then people can see all your your data and information. I think there was a big I think about a year ago, I think our Buzzfeed reporter was on a a a go go Wi Fi, in flight Wi Fi on airplane, and and someone said, hey. I can see what you're doing. I can see all your images. It was very Yikes. About it. So there's been more awareness of, hey. I need to protect what's mine from others. And so that's the second use case is is just, trying to use encryption and use protect, the entry points to what is mine is is a big use case. And really, the third use case is, it doesn't necessarily apply here in The United States, but it's a it's a more of a global trend is, I'm in a country such as China, and I cannot access the Internet. The Internet is restricted. I can't get to the real Internet. My government, whether it's Iran or Turkey in some instances, it will block Twitter or the great firewall just blocks almost everything that they don't want you to see. Right. People use VPN to really tunnel through that. And so we spend a lot of time fighting with the, great firewall and, you know, spy versus spy kind of game here to try and, to help a lot of people in China. So we have we have a variety of of users that use it, but those are really the three big use cases that I see why people are using VPNs today. Yeah. No. I started to, use a VPN when I was living, abroad in Qatar, actually. And there was,
Speaker 1
17:25 – 17:55
a fair number of restrictions on the Internet that they shared with citizens there or residents there. You know, so I I've become a fairly savvy VPN user and also traveled quite a bit. But we do, here at CDT, hear from a lot of folks and, you know, some will still complain that VPNs are not the easiest to use if you're not a super tech savvy person. Is that starting to change? Are there any tips that you have for someone who maybe isn't super tech savvy but wants to, you know, enhance their privacy and and security.
Speaker 0
17:57 – 20:01
I I totally agree. And I think when we started building Frog and and really started building VyprVPN, a big focus of ours was the user experience that, you know, you shouldn't have to sacrifice ease of use for security, and that was happening too much because people are busy, and if they can't understand, they won't use it. So we said, hey. We need to make it as easy as possible for people to protect themselves. Right? We don't wanna have any barriers between that. And I think, you know, the VPNs have become much easier. I think we've been one of the market leaders to, you know, have a design team and focus on UX UI and make it where you just click a button and connect. And so I think that I would encourage people that are trying VPNs to really expect it to be easy to use. If it's hard to use, trust someone else. It should not be hard to use in this day and age and it should be modern. And also I think if you look for a really good VPN, doing things like we're doing where it automatically connects to the fastest server, you're not even thinking about what a server is used for the or if you hit one of those unsecure Wi Fi that I talked about earlier Oh, yes. It connects automatically. It says, hey. Oh, you know, I'm not at home. I'm on the road. It just connects for you. And so features like that Oh, that's great. Where you can configure it to just kinda set up and run like you want it, and you're not really pulling the phone out of your pocket or pressing the button in your laptop too much to connect. And it really works like like the Internet works where, you know, if you remember way back early Internet, you have to click a button and dial up and connect and all. It was very manual, and now the Internet just kinda works like a utility. Right? Yeah. And that we're trying to get VPNs that way. It's just it's just on for you. Right? And so the bar should be higher, and and I think they have come a long way, from where they were even five years ago. So they that maybe its perception is not reality, and I just encourage people to try them out and see if it meets their expectations and and and and try ours, obviously, or try others, and and it should feel modern and easy to use. Yeah. No. That's good advice. And what about across devices? A lot of folks wonder if they can have you know, can they install it across cell phones, tablets,
Speaker 1
20:01 – 20:12
you know, laptops? Is that something that that's easier now too? It used to be you kinda had different versions of everything, and it was difficult to kind of maintain one account across those platforms.
Speaker 0
20:13 – 22:21
Platforms. Yeah. So, there's a variety of VPN apps. I think it it can be a maze for people where there's some apps that just work on some VPN apps that just are mobile apps. There's some desktop. I think you need to look at a comprehensive VPN that protects all your devices. And so, like, for ours example, we're we're on the major desktop platforms, Windows, Mac, Linux, iOS, Android as a minimum. But, you know, the the VPNs are doing really well, are doing things where they work with Android TV or they work with, you know, routers so your your home can be protected. So there's, a we have a router app that can you know, people can use to to protect their home. And so, really, your expectation when you're buying a VPN is I'm gonna have to have the ability to encrypt all my Internet connections on all my devices, and that's where you're really looking for a full feature VPN. And I will say this, I mean, there's a cautionary tale here on on VPNs. Right? So you can charge a lot of free VPNs out there. There's a lot of free trials. I think I even saw on the news yesterday, there was a an app on the iOS store that was, scanned people over million bucks. So we're like, oh, yikes. And, you know, it's it's, they scan people and got them to convince them to buy something they didn't really realize. So I think people when they try these VPN apps, there's a lot of free ones. You really gotta look at the company behind it because the cautionary tale is it may be free, but when you use a VPN, all your traffic goes to that provider, all of it. So if they wanna read it, they can. Right? We don't do that. We don't we don't access the content in your communications. We're very strict privacy policy. But when you're dealing with all the VPNs and you're saying, oh, I just need it on mobile. I'll try a free one. You know, buyer beware. You really need to look at the business model and what people are doing because this is more than just a regular service. You're saying I'm going to supplant my Internet connection to my mobile carrier or my home to another person and you need to or another company and you really understand that company is. So while you're trying these VPNs, be real sensitive to, you know, the best ones are actually paid. I mean,
Speaker 1
22:23 – 23:33
the price of free is too high when it comes to security. And I think people, when they're trying these out, we have free trials, ours does. But, ultimately, if it's if it's not a it's not a paid business model, you should be very suspicious of the VPN. Yeah. I think and your point about, you know, especially broader Internet connected devices, you know, with the Internet of things really taking taking hold now, it's no longer just just a concept. But, you know, those there's so much traffic, not even just going through, you know, what most people think of their phones or their laptops. So that's that's really important. And there was a report that came out that I I forget who did it, but it was a very recent report, maybe the same one you were just referencing, that really did show that, a lot of people were not getting what they expected from from more of the the free VPN services. So definitely good advice to do your homework, before before you download any of these apps and not just to assume that because you have an app that says VPN that it's actually doing what it's telling you it's doing. So let's go beyond a VPN. You I know you guys have other, you know, products and you work with with your clients. What are other ways that you suggest, both individuals and businesses protect their privacy?
Speaker 0
23:35 – 27:11
Well, in in there's yes. There's a lot of other tools, and I'll go over them. But no matter what the tool, you know, how you try the tool, the first thing you should always do is understand the business model of service you're you're using. So security products, if it's free, and you're a product, and they're selling your information. So it's not really a a very private or secure service. So that's the form of there is there is, I think one of the, using HTTPS on every every time you browse online and watching for sites that use that is just a good basic, tenant. But I think email, encrypted email, encrypted storage is a good start. I love Spyder Oak. It's a it's a genealogy encryption, storage product. I think trying to be sensitive to who can access your data. You can store things in Dropbox. You can store things in other security or other storage services, but they're not as secure as maybe zero knowledge, which means even even Spydero can't read your your your data. So try to use storage like that would be good. I think also encrypted email as well. The same concepts apply. The email provider can't even read your email. Now but in a world, I mean, I'm talking about things that, you know, really protect you, but we're living in a world where I'm just using Gmail and they're fine with everyone reading their email just so they can that's free. So but if you really are really concerned about these things, look at zero knowledge, types of services because that means you don't have to, you know, the service provider can't even read it. Only you can read it. And that's, that is is really a fundamental tenant if you're gonna sort things up in the cloud and things that aren't stored locally. But I will have seen a trend and I'm starting to do use this more on this more private storage at home. Oh, interesting. Yeah. Network attacks, storage devices, they're called NASs. Synology is a big player. QNAP is a big player. It's a couple of names and we recently put our VPN app on the QNAP device. And the reason why these NASs are interesting is because you can store things locally. Right? You don't have to put them in the cloud. So someone wants your data, they need to come knock on your door, get a warrant and do some things versus go to some third party without your knowledge and all of a sudden your photos or someone else has them or some hacker has access to them. So storing things locally is becoming more of a trend, that that I'm seeing, that I'm doing at home is storing things locally as opposed to storing them to the cloud. Yeah. So that's something you can start thinking about is, like, hey, how can I not rely on these other services and just keep it at home? And they made it a lot easier, to these matters to do that. So that I think those are some of the things I'm seeing that people are doing. Obviously, you know, people don't do this enough, and I feel like it's just going through the settings of each app and trying to understand it a little bit better and just spend the time. I'm not saying it's difficult for people to read the terms of service or read all the legal leave, but just go through the apps and and look in their settings and say, can I opt out of any, you know, anonymized information? Can I opt out of, you know, the things that they're sharing information more than I have to? And just look through those, and it can take you thirty, sixty seconds. That's pretty valuable. So I think just no matter what products you use that maybe aren't even security products, just going through some of the apps you use a lot and try to understand it better and dial back and kinda decrease your your online footprint effectively. Right? Just kinda try to shrink it down a little bit and just spend a little time. But, you know, we're all we're all living in this in a distracted world, so it's hard to find that time. But I think that, those are kind of the things that I do personally.
Speaker 1
27:12 – 28:04
Yeah. No. That is great advice. And I've actually, you know, done exactly that with some of my apps. And I'm I'm often surprised by, you know, just talking mobile apps here, what what access I've given them without knowing. And and a lot of them, you can still have a majority of the features of that app and opt out of a lot of that access. So that's really good advice. And usually, it doesn't take too too long. So, you know, carving out a little bit of that commute time or something like that to do that would be wonderful. So really helpful advice. And shifting just a bit, you know, part of the reason we really wanted you on Sunday was also because Golden Frog as a company is incredibly vocal about, issues beyond privacy and security and very committed, to the free and open Internet, which is great. You know, certainly at CDT, we love when companies are vocal and involved on broader issues. Why why do issues around the open Internet matter to you all? And why why have you chosen to be so vocal on it?
Speaker 0
28:05 – 29:54
Well, I think, step back and understand history a little bit. Golden Frog's response was was founded in response to government's surveillance, the Implement Room 641 A in San Francisco where the NSA was working with AT and T to surveil the fiber link in that room. And that was alarming to us. We have been in the Internet business going back to 1994 as a dial up, Internet provider called texas.net. So our genesis is really in the Internet. I mean, privacy and security is important, but we are Internet people. We have also run a business called DataFoundry, which is co location. We store people servers and we have another sister business called Giga News, which is using that old school, news group. So we've been around in the Internet for a long time. When we saw this, this was like, woah. This was, I think, 02/1976, I forget, in that time frame. And so we immediately came along that we filed paperwork. FCC said, you know, complaining about this and ignored it. And so we said at that moment, you know, this is a problem. We need to build some to protect people. So we started prototyping a VPN and that was how it all started for us. So Golden Frog Genesys is rooted in policy and rooted in response to basically feeling like our government is letting us down. And so instead of waiting on them to do something to protect us, we need to build something to protect the folks out there. And so that's really where we started. So that sort of Genesis led to much more policy work. We were doing policy work even before then, of course, fighting for Internet issues and and particularly what we call open Internet and open access more recently. So we're really founded in policy and do a lot in that area. So that's kind of what is shaped a little bit of
Speaker 1
29:54 – 30:14
of of who Golden Frog is is that and I'd love to talk about some issues we track, but that's kinda really if you say why we're so involved, that's really the why. Yeah. No. Tell us some of the ones you track. I mean, we have a couple more another minute or two. So maybe if you wanna highlight one or two, because I mean, we're thrilled that you're you're so vocal because some companies don't, take such a proactive stance.
Speaker 0
30:16 – 31:33
Well, I think the first the first issue is is net neutrality is is everyone's talking about it. Oh, gosh. And it's a big issue. And I do agree it's a big issue. But we feel like, the net neutrality debate is just a 10% of teapot right now because it's not solving whether we win the debt neutrality debate or not, or whether it goes away, it's not solving the lack of competition for all the Americans across The US because we live in a duopoly situation, which means Americans have 95% of them have a choice of one ISP or two at most at maximum. And a lot of these issues that we're dealing with, if we have a more competitive marketplace and more ISPs that we're delivering service, we would have privacy issues go away. I think we would have some of these throttling the filtering issues go away. So when it's fighting for the hydraulic, we're really starting to turn our attention to fighting for open access. And open access means that the physical line will be more open and open to a variety of ISVs ISVs that sell into the home. And it's, the lack of competition is really killing, obviously, the speed and the price. But we're starting to see is is the big telcos, they wanna snoop on you. Right?
Speaker 1
31:34 – 31:37
And now they legally can or they can again, I guess.
Speaker 0
31:38 – 36:01
Yeah. And they but they they wanna monetize that. They wanna be Facebook and Google. They're saying, hey, that's not fair. We should be able to do that too. But here's the difference. It's like, they're they're in a national monopoly. There's nothing to have checked or reign on that. And I feel I feel like if we had a competitive marketplace, imagine if you could say, hey, listen. I'm gonna choose this ISP that respects my privacy and maybe because the email to other services, you don't get anything like that from ISPs today. And and and let let people vote with their wallet and pick the winners and losers in this area for the IPs that will respect the data that won't throttle it. They'll say, hey, listen, we'll give you Netflix as fast as you want it. Things like that, that's not where we're headed. And Net Neutrality is not really solving that issue. And I think that that's what really turning our attention is really fighting for more of an open access to the line and getting more competition there. So, it's disappointing to see, but I will say that we saw, which the one thing that is encouraging or discourage in how you look at it is we had the ISP snooping bill about two or three months ago that went through congress. Yeah. We had we we had never seen that many people sign for a VPN in our six year history. We had the most amount of people. So it's like, wow. Good for you guys. That's why I said it's kind of discouraging too that that's the reaction of fear, right? That's the reaction from Americans. I am really concerned about what's happening with my data. And that avalanche of really sign ups of VPN usage is continuing today. And I don't, you know, that's not a good thing. I don't I don't think. I mean, even though this was happening, we wanna shred the DC and we're we're talking to the congress folks about this. This is not good and give them that data point. And so you have a lot of fear out there about what what your ISP can see and do about do with your connection. And I think that if we had a more competitive marketplace and we had more competition, we would we would get rid of the ISP that's in point. I would say here in Austin. Here in Austin, we had Google Fiber come in. Everyone was like, yay, one gig, fiber to the home. Well, of course, AT and T has been here forever. This is their home state. Yep. And all of a sudden they started building out fiber. Imagine that. Go figure. But I AT and T T's the point with ISB snipping, though AT and T already tried this. They they had two plans. It'd be a $100 for the Internet or the $80 or nothing was no. It'd be $70 if they where they were allowed to snoop on you. Right? Oh, yikes. No one signed up for their $70 plan, I assume, and it went away. But they basically put the price on your project fee at $30 right? They're saying $100 if we don't snoop on you, 70 if we do. And that's what Congress just gave away for every American with a $30 value just gave it to them. Right? And that's what they were lobbying for and that's what they got. And so you shouldn't have to pay for that. Right? You should be able to go pick an ISP that doesn't sync on you. Right? And encrypts it anyway. So don't trust that. We'll encrypt it for you. Things like that, we need more of that. And that's where we're gonna turn our attention. And so everyone's talking about net neutrality, which means basically, don't filter my content. Don't do some other things. But, we it's not it's not attacking the core issue of the lack of competition that do operate that Americans are doing with. And, you know, in with this, what's going on here, but there's other countries that have a model for this. In The UK, they have open access to the lines and they have five or six ISPs that provide you service to your home. It's much faster in The US, it's cheaper. Right? And so this model exists in other parts throughout the world, but Americans just aren't aware of it and aware how bad it's become. And there are privacy implications for this, right? And that is really in terms of the head. So it's going to get worse, if we keep going on this road. So we're going to be talk a lot about really what I view as a goal to have five ISPs in every city in America in five years, five or ten years. I mean, we've got to start thinking that way and get that message out that we need to get rid of the big telco and the Duolto's and get get some folks like us that would give you some good Internet service and and do it right and, probably, you know, respond to support requests and live chat and things like that. You never gonna get your ISP these days. Well, that sounds like a whole different world there. Yeah. Like, you know, you know, a real competitive,
Speaker 1
36:01 – 36:22
you know, marketplace. Wouldn't be so bad. Wouldn't be so bad. So Well, Sunday Yeah. That month that is. Right? Yeah. It's quite a spot. Well, Sunday, thank you so much. That was very insightful, and thank you for sharing all the, the earlier tips that you had. That was very helpful. Really appreciate all the work you're doing and appreciate you coming on Tech Talk. Hope to have you on again sometime.
Speaker 0
36:23 – 36:25
Appreciate it. Thank you. Thank you.
Speaker 1
36:30 – 36:54
That's it for this episode of Tech Talk. If you're interested in taking control of your personal cybersecurity, be sure to check out our self assessment quiz at cdt.org. And if you'd like to get updates on all of CDTs advocacy work straight to your inbox, subscribe to our e newsletter through the CDT website. We send it twice a month, and I promise you it is well worth worth your read. I'm Brian Wasilowski. Thanks so much for listening.