[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.59,0:00:07.51,Default,,0000,0000,0000,,It's really awkward to talk directly into a camera. I spend most of my life trying to avoid surveillance, so...
Dialogue: 0,0:00:07.51,0:00:12.29,Default,,0000,0000,0000,,I'm sorry to say I can't be with you in person, so we'll have to do with this video feed.
Dialogue: 0,0:00:12.29,0:00:17.59,Default,,0000,0000,0000,,Basically, I guess if John has given a good intro, and I suspect that he has,
Dialogue: 0,0:00:17.61,0:00:21.31,Default,,0000,0000,0000,,then you understand that the situation is a little precarious for me,
Dialogue: 0,0:00:21.31,0:00:26.62,Default,,0000,0000,0000,,and returning to the U.S. at the moment for me due to my journalistic work with Der Speigel is a little difficult.
Dialogue: 0,0:00:26.62,0:00:29.42,Default,,0000,0000,0000,,So I split my life into two basic parts.
Dialogue: 0,0:00:29.44,0:00:35.84,Default,,0000,0000,0000,,One is that I work as a free software developer, and generally as a free software advocate, with the Tor project.
Dialogue: 0,0:00:35.87,0:00:40.58,Default,,0000,0000,0000,,It's also the case that I work with Der Spiegel, and also as a freelance journalist with several other
Dialogue: 0,0:00:40.60,0:00:45.04,Default,,0000,0000,0000,,publications, and lately I've spent my time doing research into the NSA's surveillance.
Dialogue: 0,0:00:45.04,0:00:49.82,Default,,0000,0000,0000,,I've interviewed Edward Snowden, and I've published basically a bunch of information.
Dialogue: 0,0:00:49.84,0:00:55.77,Default,,0000,0000,0000,,Stuff that previously we used to think was paranoid crazy-talk, and now we learned that the paranoid crazy-talkers
Dialogue: 0,0:00:55.77,0:01:03.98,Default,,0000,0000,0000,,were not paranoid enough. So I guess for me the goal of this conversation, if we could call it that
Dialogue: 0,0:01:03.99,0:01:10.69,Default,,0000,0000,0000,,when I'm just talking directly into a camera awkwardly, is that I wanted to say that the people that are writing free software
Dialogue: 0,0:01:10.71,0:01:16.38,Default,,0000,0000,0000,,are actually writing the future. It's a little awkward to say that, but it's true.
Dialogue: 0,0:01:16.41,0:01:21.35,Default,,0000,0000,0000,,As an example, I use a free software laptop. It's an X60
Dialogue: 0,0:01:21.37,0:01:26.90,Default,,0000,0000,0000,,and this laptop is, as far as I can tell, about as free as you can get a laptop.
Dialogue: 0,0:01:26.93,0:01:32.83,Default,,0000,0000,0000,,It has coreboot, it has Debian GNU/Linux, it is not using any binary blobs,
Dialogue: 0,0:01:32.84,0:01:38.05,Default,,0000,0000,0000,,it is, to the best of my ability, liberated from proprietary software.
Dialogue: 0,0:01:38.06,0:01:44.26,Default,,0000,0000,0000,,It's pretty good, but it's also many years old, and it's also the case that it's very difficult to
Dialogue: 0,0:01:44.26,0:01:48.87,Default,,0000,0000,0000,,do forensics on a machine like this to know if it has been compromised.
Dialogue: 0,0:01:48.89,0:01:52.36,Default,,0000,0000,0000,,It is the case, though, that I can do that at all because of free software.
Dialogue: 0,0:01:52.41,0:01:57.69,Default,,0000,0000,0000,,It's possible to begin to build something secure with free software, where I can verify
Dialogue: 0,0:01:57.69,0:02:03.21,Default,,0000,0000,0000,,and build things from source, where I can look at the source to see exactly what an attacker might try to do
Dialogue: 0,0:02:03.27,0:02:05.68,Default,,0000,0000,0000,,with the programs that are running on my computer.
Dialogue: 0,0:02:05.70,0:02:10.32,Default,,0000,0000,0000,,So the four freedoms here are incredibly important, especially for the work that I'm doing.
Dialogue: 0,0:02:10.37,0:02:14.91,Default,,0000,0000,0000,,Now, given the difficulty of setting up this webstream, I think it's clear that I've done a pretty good
Dialogue: 0,0:02:14.91,0:02:19.06,Default,,0000,0000,0000,,job of making sure there's no microphones. I removed the microphone from this laptop for example,
Dialogue: 0,0:02:19.07,0:02:23.64,Default,,0000,0000,0000,,until I plugged another one in. I've done a pretty good job of that. But it turns out that
Dialogue: 0,0:02:23.71,0:02:28.77,Default,,0000,0000,0000,,this is actually really hard for people who have never programmed in C,
Dialogue: 0,0:02:28.79,0:02:33.10,Default,,0000,0000,0000,,or for people that do not really understand how to program their home computer
Dialogue: 0,0:02:33.18,0:02:39.98,Default,,0000,0000,0000,,and beam themselves into the future. So, part of what I wanted to do was to inspire some people today to think about
Dialogue: 0,0:02:39.98,0:02:46.78,Default,,0000,0000,0000,,what they can do to make this problem of mass surveillance, for example, something that
Dialogue: 0,0:02:46.80,0:02:50.94,Default,,0000,0000,0000,,is different. That is, something where there isn't so much hopelessness.
Dialogue: 0,0:02:50.94,0:03:02.26,Default,,0000,0000,0000,,It's a little strange, because I feel like, for many years, the free software community is the only one that has really cared about privacy.
Dialogue: 0,0:03:02.28,0:03:08.58,Default,,0000,0000,0000,,The free software community builds decentralized or federated solutions and works really on
Dialogue: 0,0:03:08.58,0:03:14.00,Default,,0000,0000,0000,,solving problems of the four freedoms, but how those four freedoms touch the rest of our lives.
Dialogue: 0,0:03:14.00,0:03:21.39,Default,,0000,0000,0000,,And so, when I think about what's possible, I think the main problem right now is usability.
Dialogue: 0,0:03:21.39,0:03:27.74,Default,,0000,0000,0000,,So, in this regard, to set up this stream, which is broadcasting over Tor, or if you connect to the Tor hidden service
Dialogue: 0,0:03:27.75,0:03:34.04,Default,,0000,0000,0000,,which I've also set up, you can watch this video directly, without knowing my location.
Dialogue: 0,0:03:34.04,0:03:42.30,Default,,0000,0000,0000,,That was so difficult to set up that it took me the better part of the day to actually accomplish that.
Dialogue: 0,0:03:42.35,0:03:47.06,Default,,0000,0000,0000,,It's not that GStreamer is a bad piece of software, it's just that it's extremely complicated.
Dialogue: 0,0:03:47.06,0:03:54.00,Default,,0000,0000,0000,,A simple user interface, for example, would have made a world of difference, such that people who are using other
Dialogue: 0,0:03:54.01,0:03:58.84,Default,,0000,0000,0000,,video streaming solutions, such as proprietary solutions like the NSA PRISM partner Skype,
Dialogue: 0,0:03:58.88,0:04:03.63,Default,,0000,0000,0000,,those people might choose something else. If this was integrated into Debian GNU/Linux,
Dialogue: 0,0:04:03.64,0:04:10.47,Default,,0000,0000,0000,,and all you needed to do was download Tails or to install Debian, then it would be the case that you could very easily
Dialogue: 0,0:04:10.50,0:04:15.61,Default,,0000,0000,0000,,convince people to do it securely, in a decentralized fashion. That's something that at the moment,
Dialogue: 0,0:04:15.63,0:04:22.70,Default,,0000,0000,0000,,I think, is very far away. If it takes me the better part of the day, that means that it will take Glenn Greenwald an infinite amount of time.
Dialogue: 0,0:04:22.70,0:04:29.24,Default,,0000,0000,0000,,It will probably never happen, actually, with all due respect to Glenn. When the software is so complicated, it turns out
Dialogue: 0,0:04:29.26,0:04:34.64,Default,,0000,0000,0000,,that he'll choose something that's less complicated. And so usability is a fundamentally important way
Dialogue: 0,0:04:34.72,0:04:39.77,Default,,0000,0000,0000,,that we can ensure that users will basically care about the four freedoms, because once everything
Dialogue: 0,0:04:39.77,0:04:44.23,Default,,0000,0000,0000,,they do is working well in free software, why would they choose proprietary software?
Dialogue: 0,0:04:44.27,0:04:50.84,Default,,0000,0000,0000,,Usually it is the case that they won't. In fact, there are many people who are Tails users, but they have to switch to
Dialogue: 0,0:04:50.91,0:04:54.94,Default,,0000,0000,0000,,proprietary systems, they feel, for the usability of something like Skype.
Dialogue: 0,0:04:54.96,0:05:00.69,Default,,0000,0000,0000,,So, I mean, why? What's going on that all of these things are necessary?
Dialogue: 0,0:05:00.69,0:05:04.12,Default,,0000,0000,0000,,I suppose you've all heard the bad news.
Dialogue: 0,0:05:04.13,0:05:10.22,Default,,0000,0000,0000,,And the bad news is that the Internet is under, essentially, total surveillance.
Dialogue: 0,0:05:10.24,0:05:15.14,Default,,0000,0000,0000,,And what I mean by that is not, let's say, the traditional version of surveillance,
Dialogue: 0,0:05:15.14,0:05:19.43,Default,,0000,0000,0000,,where you have a person, and the person is inspecting things, it's looking at things, it's taking notes.
Dialogue: 0,0:05:19.46,0:05:25.77,Default,,0000,0000,0000,,Rather, the mass surveillance that is happening now is in the form of deep packet inspection.
Dialogue: 0,0:05:25.82,0:05:31.37,Default,,0000,0000,0000,,Now, all around the world, there exists a series of systems that are run by the National Security Agency,
Dialogue: 0,0:05:31.37,0:05:38.27,Default,,0000,0000,0000,,GCHQ, CSE, DSD, and other agencies. Those are just the ones we could call "friendly" agencies,
Dialogue: 0,0:05:38.28,0:05:43.18,Default,,0000,0000,0000,,if you can call mass surveillance friendly, but you could say it's a kind of social concern, so let's say
Dialogue: 0,0:05:43.18,0:05:48.76,Default,,0000,0000,0000,,that they're friendly. Then there's the rest of the world, and what's happening with those systems.
Dialogue: 0,0:05:48.76,0:05:52.88,Default,,0000,0000,0000,,We don't know a lot about the rest of the world's systems, but thanks to the courage of Edward Snowden,
Dialogue: 0,0:05:52.88,0:05:56.42,Default,,0000,0000,0000,,we do, for example, understand a great deal about the NSA's surveillance.
Dialogue: 0,0:05:56.42,0:06:00.01,Default,,0000,0000,0000,,And one of the things that we understand is that it violates the Fourth Amendment.
Dialogue: 0,0:06:00.02,0:06:05.35,Default,,0000,0000,0000,,At least on its face it seems clear that it is an unreasonable search and a seizure.
Dialogue: 0,0:06:05.35,0:06:11.02,Default,,0000,0000,0000,,That is, it takes data from the Internet, sometimes through fiber optic splitters, things like Glimmerglass-related devices,
Dialogue: 0,0:06:11.02,0:06:16.95,Default,,0000,0000,0000,,where they copy information from fiber optic lines onto another line. It then inspects the data,
Dialogue: 0,0:06:16.95,0:06:22.71,Default,,0000,0000,0000,,that is, it has seized the data and then it, I believe, unreasonably searches through the data.
Dialogue: 0,0:06:22.71,0:06:29.70,Default,,0000,0000,0000,,It does this looking for selectors. So, for example, if you happen to be Chancellor Merkel, that is the German Chancellor,
Dialogue: 0,0:06:29.70,0:06:36.09,Default,,0000,0000,0000,,you would have had your phone number as one of those selectors, and anytime any flow of traffic passed by one of these
Dialogue: 0,0:06:36.09,0:06:44.31,Default,,0000,0000,0000,,sensors—that is the turbine, turmoil, turbulence architecture of sensors—your data would be selected,
Dialogue: 0,0:06:44.31,0:06:50.57,Default,,0000,0000,0000,,and that selection would ensure that your data flows that are associated with that would be recorded forever.
Dialogue: 0,0:06:50.57,0:06:54.98,Default,,0000,0000,0000,,So if you know about the Bluffdale, Utah complex, you'll know for example that
Dialogue: 0,0:06:54.98,0:07:00.56,Default,,0000,0000,0000,,the NSA is building very large computation centers, not just for attacking cryptographic systems,
Dialogue: 0,0:07:00.56,0:07:06.83,Default,,0000,0000,0000,,but also for recording data that they cannot currently attack, in hopes that when that encrypted data
Dialogue: 0,0:07:06.83,0:07:12.93,Default,,0000,0000,0000,,is interesting to them, or when they have a cryptographic breakthrough, they'll be able to do something
Dialogue: 0,0:07:12.94,0:07:17.20,Default,,0000,0000,0000,,with data that previously was just noise to them. So this tells us a couple things.
Dialogue: 0,0:07:17.20,0:07:20.95,Default,,0000,0000,0000,,One of the things that it tells us is that we are in a lot of trouble.
Dialogue: 0,0:07:20.95,0:07:26.64,Default,,0000,0000,0000,,There are proprietary software solutions which, according to some of the documents leaked by Edward Snowden
Dialogue: 0,0:07:26.64,0:07:30.53,Default,,0000,0000,0000,,and published by Glenn Greenwald, there are proprietary software companies that are
Dialogue: 0,0:07:30.56,0:07:36.13,Default,,0000,0000,0000,,what are called SIGINT enabled. That is to say that they believe that when they sell you a security product
Dialogue: 0,0:07:36.13,0:07:40.32,Default,,0000,0000,0000,,that it's somehow not false advertising to have willingly broken the system.
Dialogue: 0,0:07:40.32,0:07:46.72,Default,,0000,0000,0000,,So that's a really serious problem. It tells us, for example, that proprietary software definitely has backdoors.
Dialogue: 0,0:07:46.75,0:07:51.93,Default,,0000,0000,0000,,Unfortunately Glenn did not release the name of that company, or the companies that are involved,
Dialogue: 0,0:07:51.96,0:07:58.43,Default,,0000,0000,0000,,but it should be extremely obvious that, if you were to guess, you probably wouldn't guess incorrectly.
Dialogue: 0,0:07:58.44,0:08:03.07,Default,,0000,0000,0000,,And if you were to guess, you would probably understand that it's not a free software product.
Dialogue: 0,0:08:03.08,0:08:09.22,Default,,0000,0000,0000,,That is, if you look at free software, you can find the problems. If someone were to add a backdoor,
Dialogue: 0,0:08:09.22,0:08:14.68,Default,,0000,0000,0000,,while it might not always be obvious if they're very sneaky about it, it is significantly more difficult
Dialogue: 0,0:08:14.68,0:08:20.90,Default,,0000,0000,0000,,to add a backdoor to a free software project than it is to add one to a proprietary hardware or software device.
Dialogue: 0,0:08:20.90,0:08:28.23,Default,,0000,0000,0000,,So, when we start to see that our security solutions are actually not security solutions overall,
Dialogue: 0,0:08:28.23,0:08:34.17,Default,,0000,0000,0000,,one of the things we'll notice is that it's not just the NSA or GCHQ that will be exploiting these systems.
Dialogue: 0,0:08:34.17,0:08:41.16,Default,,0000,0000,0000,,It's actually lots of different people. So for example, now that you guys know about the Dual EC DRBG backdoor,
Dialogue: 0,0:08:41.16,0:08:46.00,Default,,0000,0000,0000,,there is a very good chance that someone in the audience is working on attacking it and breaking it.
Dialogue: 0,0:08:46.00,0:08:53.73,Default,,0000,0000,0000,,And if you happen to have, for example, copies of traffic that were encrypted with that, as the seed for
Dialogue: 0,0:08:53.76,0:08:57.06,Default,,0000,0000,0000,,the random number generator, you may be able to exploit it.
Dialogue: 0,0:08:57.07,0:09:02.45,Default,,0000,0000,0000,,So this is ultimately a kind of security by obscurity, in hopes that by adding this backdoor, only the good guys,
Dialogue: 0,0:09:02.45,0:09:08.44,Default,,0000,0000,0000,,allegedly, they will be the only ones to break it. In reality, it doesn't work that way.
Dialogue: 0,0:09:08.44,0:09:12.99,Default,,0000,0000,0000,,So we have a sort of tension here between signals intelligence and communication security.
Dialogue: 0,0:09:12.99,0:09:17.58,Default,,0000,0000,0000,,On the one hand, we have signals intelligence collecting as much data as we can
Dialogue: 0,0:09:17.58,0:09:21.86,Default,,0000,0000,0000,,from those aforementioned deep packet inspection systems. And on the other side, we have
Dialogue: 0,0:09:21.86,0:09:27.89,Default,,0000,0000,0000,,communications security tools which allegedly are protecting us, but it turns out some of them are SIGINT-enabled.
Dialogue: 0,0:09:27.89,0:09:34.54,Default,,0000,0000,0000,,So what is there to be done about this? It seems quite clear to me that free software and free hardware,
Dialogue: 0,0:09:34.54,0:09:40.68,Default,,0000,0000,0000,,that is free and open hardware, where things are freely specified, where it's possible for you to fab your own hardware
Dialogue: 0,0:09:40.68,0:09:45.10,Default,,0000,0000,0000,,in a factory of your choosing, in a country of your choosing, with parts of your choosing,
Dialogue: 0,0:09:45.10,0:09:49.62,Default,,0000,0000,0000,,where you can verify them, that is clearly the right direction to go.
Dialogue: 0,0:09:49.62,0:09:55.15,Default,,0000,0000,0000,,Because it is not just, let's say, again, so-called legitimate authorities that are doing this.
Dialogue: 0,0:09:55.15,0:10:02.00,Default,,0000,0000,0000,,It's probably a lot of other people as well. We just happen to know there is absolutely, for certain, one set of people
Dialogue: 0,0:10:02.00,0:10:08.26,Default,,0000,0000,0000,,that are doing it. And so free software in particular has given, I would say, some leverage.
Dialogue: 0,0:10:08.26,0:10:13.51,Default,,0000,0000,0000,,That is, it has allowed regular people to be able to communicate securely in a time of
Dialogue: 0,0:10:13.51,0:10:19.90,Default,,0000,0000,0000,,complete and total mass surveillance. So, for example, things that work: cryptography does
Dialogue: 0,0:10:19.90,0:10:24.76,Default,,0000,0000,0000,,actually work. If it is not signals intelligence-enabled, that is SIGINT-enabled,
Dialogue: 0,0:10:24.76,0:10:33.43,Default,,0000,0000,0000,,it is the case that the mathematics behind DSA, RSA, Diffie–Hellman, those seem to not be broken when you
Dialogue: 0,0:10:33.43,0:10:38.23,Default,,0000,0000,0000,,use appropriate key sizes. That's very good news, because in an age of mass surveillance,
Dialogue: 0,0:10:38.23,0:10:46.97,Default,,0000,0000,0000,,the only thing that stops the surveillance is making the surveillance worthwhile. That is, if it's extremely
Dialogue: 0,0:10:46.97,0:10:54.03,Default,,0000,0000,0000,,valuable for everyone to spy, they will spy. If it's a lot of noise, if the searching for selectors doesn't work,
Dialogue: 0,0:10:54.03,0:11:01.76,Default,,0000,0000,0000,,it changes the game significantly. At the moment, not every single byte of data is recorded forever.
Dialogue: 0,0:11:01.76,0:11:07.63,Default,,0000,0000,0000,,There is clearly some attempts to do that, and that is something that we need to cope with.
Dialogue: 0,0:11:07.63,0:11:12.37,Default,,0000,0000,0000,,From a cryptographic perspective, we need to think about it, I think, on the hundred-year crypto timeline.
Dialogue: 0,0:11:12.37,0:11:16.23,Default,,0000,0000,0000,,This is something that Zooko has been working on and I think is a really good idea.
Dialogue: 0,0:11:16.31,0:11:23.73,Default,,0000,0000,0000,,But we have to imagine that all of the things we do are being recorded for all time, and with that, we need to react appropriately.
Dialogue: 0,0:11:23.73,0:11:29.50,Default,,0000,0000,0000,,So if you, for example, work on a free software chat client, it should have off-the-record messaging built into it.
Dialogue: 0,0:11:29.50,0:11:34.93,Default,,0000,0000,0000,,If, for example, you build a web browser, it should be compatible with the Tor network. It should not be
Dialogue: 0,0:11:34.93,0:11:41.10,Default,,0000,0000,0000,,compatible, for example, with the proprietary Flash player first. Unfortunately, on balance, what we see
Dialogue: 0,0:11:41.10,0:11:46.60,Default,,0000,0000,0000,,is that people are often more concerned with making things work with Flash than with allegedly
Dialogue: 0,0:11:46.60,0:11:53.13,Default,,0000,0000,0000,,paranoic tools like the Tor project and all of its software, like the Tor network. This, I think, is
Dialogue: 0,0:11:53.13,0:11:58.33,Default,,0000,0000,0000,,kind of sad, but I think that we can turn this around and change it, and we need to look at the crypto
Dialogue: 0,0:11:58.33,0:12:03.90,Default,,0000,0000,0000,,that we actually use. So, for example, for a Jabber server, it should be using forward secret crypto.
Dialogue: 0,0:12:03.90,0:12:09.30,Default,,0000,0000,0000,,So, if you have TLS, it should be used in a forward secret mode. Because it isn't just passive surveillance,
Dialogue: 0,0:12:09.30,0:12:15.46,Default,,0000,0000,0000,,though that is a very core and serious thing, it's also active surveillance. The turbulence architecture that
Dialogue: 0,0:12:15.46,0:12:21.50,Default,,0000,0000,0000,,I mentioned, I detailed a little bit in my reporting at the 30C3 and also in Der Spiegel at the end of last year.
Dialogue: 0,0:12:21.50,0:12:27.00,Default,,0000,0000,0000,,And what we see is those selectors that I mentioned before, let's say your phone number or your email
Dialogue: 0,0:12:27.00,0:12:31.10,Default,,0000,0000,0000,,address... I wish I could see the audience because I'd ask you to raise your hand, and say "how many
Dialogue: 0,0:12:31.10,0:12:37.73,Default,,0000,0000,0000,,of you are sysadmins?" Obviously some of you are, someone raised their hand. So the NSA is probably
Dialogue: 0,0:12:37.73,0:12:41.63,Default,,0000,0000,0000,,targetting you, if you're a system administrator for any system that is interesting.
Dialogue: 0,0:12:41.63,0:12:48.89,Default,,0000,0000,0000,,And it is the case that if you were to have some credentials for an interesting network, and you are
Dialogue: 0,0:12:48.89,0:12:55.04,Default,,0000,0000,0000,,being targeted, one of the ways that you will be targeted is that you will be targeted by an analyst who looks
Dialogue: 0,0:12:55.04,0:12:59.90,Default,,0000,0000,0000,,for selectors. They look for your federated logins, they look for your centralized logins, they look for
Dialogue: 0,0:12:59.90,0:13:06.13,Default,,0000,0000,0000,,all kinds of information, and it is the case that they program this, essentially, into a targeting system.
Dialogue: 0,0:13:06.13,0:13:10.13,Default,,0000,0000,0000,,And that targeting system will automatically attack you. It will do man-in-the-middle attacks,
Dialogue: 0,0:13:10.13,0:13:15.13,Default,,0000,0000,0000,,it will do man-on-the-side attacks. It appears that they have certificate authority resources so that
Dialogue: 0,0:13:15.13,0:13:19.33,Default,,0000,0000,0000,,they can do man-in-the-middle attacks on SSL, which tells us that we really need to work on things like
Dialogue: 0,0:13:19.33,0:13:27.60,Default,,0000,0000,0000,,TACK and SSL cert pinning, that's very important. If, for example, we notice though, crypto changes
Dialogue: 0,0:13:27.60,0:13:32.73,Default,,0000,0000,0000,,the way the selector-based surveillance can even function. If, for example, you note that all of my traffic
Dialogue: 0,0:13:32.73,0:13:37.97,Default,,0000,0000,0000,,right now is going through the Tor network, and in many cases people, three people at the moment, are connected
Dialogue: 0,0:13:37.97,0:13:43.90,Default,,0000,0000,0000,,to the Tor hidden service for this video feed, there is no possibility for selector-based injection.
Dialogue: 0,0:13:43.90,0:13:50.00,Default,,0000,0000,0000,,That is, it's just TLS traffic, the network distinguisher is pretty close to normalized across
Dialogue: 0,0:13:50.00,0:13:55.10,Default,,0000,0000,0000,,all Debian Tor users that are doing what I'm doing, which I admit, there's probably five of us in the world,
Dialogue: 0,0:13:55.10,0:14:02.40,Default,,0000,0000,0000,,but, you know, that changes the fundamental trade-off. That is, doing the selector-based surveillance
Dialogue: 0,0:14:02.40,0:14:08.20,Default,,0000,0000,0000,,will have less of a return than it previously did, or will require more targeting. And this is where anonymity comes into play.
Dialogue: 0,0:14:08.20,0:14:13.26,Default,,0000,0000,0000,,If you have anonymity, it becomes significantly more difficult for someone to target you.
Dialogue: 0,0:14:13.26,0:14:18.83,Default,,0000,0000,0000,,It's not impossible, of course, but it's... Well okay, maybe it's more than five people.
Dialogue: 0,0:14:18.83,0:14:23.97,Default,,0000,0000,0000,,I've got a little lag here from the IRC channel, but apparently there are a few Debian users that route
Dialogue: 0,0:14:23.97,0:14:34.66,Default,,0000,0000,0000,,their traffic over Tor in the audience, I hope? But if we see the anonymity benefit there, there's of course
Dialogue: 0,0:14:34.66,0:14:42.26,Default,,0000,0000,0000,,a downside, you know? When you have these systems, they're laggy sometimes, they're not always really seamless to work together,
Dialogue: 0,0:14:42.26,0:14:48.67,Default,,0000,0000,0000,,it takes a lot of specialized knowledge, again. And this returns me sort of to the key point, which is about usability.
Dialogue: 0,0:14:48.67,0:14:54.20,Default,,0000,0000,0000,,So one of the things that I've seen when looking through documents for this research is that
Dialogue: 0,0:14:54.20,0:14:59.86,Default,,0000,0000,0000,,usability and security is the worst nightmare of a signals intelligence agency. So for example,
Dialogue: 0,0:14:59.88,0:15:07.93,Default,,0000,0000,0000,,Tech Secure and RedPhone, by Moxie Marlinspike, those pieces of software really make the life of
Dialogue: 0,0:15:07.93,0:15:14.50,Default,,0000,0000,0000,,someone doing these kinds of attacks hell. At the very least, it means that they have to take what was once a passive thing,
Dialogue: 0,0:15:14.50,0:15:20.43,Default,,0000,0000,0000,,where they could silently record data on everyone, and they can essentially now no longer do that.
Dialogue: 0,0:15:20.43,0:15:24.60,Default,,0000,0000,0000,,They have to either attack his systems, which they probably will at some point, if they haven't already,
Dialogue: 0,0:15:24.60,0:15:31.00,Default,,0000,0000,0000,,or they have to attack each end user's system. So this means that once we start to deploy this widely,
Dialogue: 0,0:15:31.00,0:15:38.53,Default,,0000,0000,0000,,for everyone, it changes the balance, where mass surveillance becomes less and less economically useful for these attackers.
Dialogue: 0,0:15:38.53,0:15:44.50,Default,,0000,0000,0000,,And that's important, because again, even if you think the NSA is sent from heaven, if you believe in heaven,
Dialogue: 0,0:15:44.50,0:15:49.86,Default,,0000,0000,0000,,you have to understand that they're not the only people out there, doing these kinds of things.
Dialogue: 0,0:15:49.93,0:15:55.81,Default,,0000,0000,0000,,So every time, for example, an American businessman or -woman goes traveling somewhere,
Dialogue: 0,0:15:55.81,0:16:02.60,Default,,0000,0000,0000,,that person is effectively targeted for signals intelligence collection. Now sometimes it's not always
Dialogue: 0,0:16:02.60,0:16:07.13,Default,,0000,0000,0000,,targeted in the literal selector sense, but they're using systems that are SIGINT-enabled.
Dialogue: 0,0:16:07.13,0:16:12.42,Default,,0000,0000,0000,,Now whether or not the phone companies know is an interesting discussion. Most of them do. Most of them
Dialogue: 0,0:16:12.42,0:16:19.73,Default,,0000,0000,0000,,go along willingly, but the key thing is that, on balance, when you travel abroad, you basically are
Dialogue: 0,0:16:19.83,0:16:23.50,Default,,0000,0000,0000,,subject to the whims of all the countries where you are traveling, obviously.
Dialogue: 0,0:16:23.50,0:16:27.64,Default,,0000,0000,0000,,Those whims may be significantly more harsh, they may have different economic interests,
Dialogue: 0,0:16:27.64,0:16:33.43,Default,,0000,0000,0000,,they almost certainly have different political and legal and economic interests than what you might like.
Dialogue: 0,0:16:33.43,0:16:39.83,Default,,0000,0000,0000,,If you're a free software developer, and you're not an American citizen, for example, you are a target, almost certainly.
Dialogue: 0,0:16:39.83,0:16:43.56,Default,,0000,0000,0000,,If you are a system administrator, you are a target, almost certainly.
Dialogue: 0,0:16:43.56,0:16:48.62,Default,,0000,0000,0000,,And it doesn't even matter if you're an American citizen, really, though there is a slight distinction about that.
Dialogue: 0,0:16:48.62,0:16:53.72,Default,,0000,0000,0000,,I think that in the near future, we'll learn that that distinction is largely bogus.
Dialogue: 0,0:16:53.72,0:17:00.03,Default,,0000,0000,0000,,Sorry for the bad news, but... I guess it's sort of important to tie these things together.
Dialogue: 0,0:17:00.03,0:17:06.23,Default,,0000,0000,0000,,So, free software and free hardware, they can potentially bring some solutions into play, but it's
Dialogue: 0,0:17:06.23,0:17:11.93,Default,,0000,0000,0000,,not exactly clear how we get there. So for example, if you're a system administrator, you probably have a SIM card in your phone.
Dialogue: 0,0:17:11.93,0:17:16.76,Default,,0000,0000,0000,,This SIM card is, without a doubt, a piece of proprietary software and proprietary hardware
Dialogue: 0,0:17:16.76,0:17:24.24,Default,,0000,0000,0000,,that then plugs into another piece of proprietary hardware, almost always, and that runs proprietary software.
Dialogue: 0,0:17:24.24,0:17:30.30,Default,,0000,0000,0000,,And those are actually described, some of those cell phone systems are actually described as master and slave systems,
Dialogue: 0,0:17:30.30,0:17:37.70,Default,,0000,0000,0000,,where the master CPU is in fact the proprietary one and it enslaves the free software CPU, which is often Android, which is not always
Dialogue: 0,0:17:37.70,0:17:42.23,Default,,0000,0000,0000,,free to begin with. But if we were to say that in an ideal world you had the most free cell phone,
Dialogue: 0,0:17:42.23,0:17:48.86,Default,,0000,0000,0000,,you'll probably still have a baseband, which is proprietary software, with a SIM card that is proprietary software and proprietary hardware.
Dialogue: 0,0:17:48.86,0:17:55.93,Default,,0000,0000,0000,,So as you're doing your job, even if you have all free software for your laptop, for example, you have this
Dialogue: 0,0:17:55.93,0:18:02.13,Default,,0000,0000,0000,,unfortunate conundrum where, to do the basic work that you need to do, you are completely surrounded
Dialogue: 0,0:18:02.13,0:18:07.33,Default,,0000,0000,0000,,by proprietary hardware and proprietary software. Now, the NSA has toolkits that they can deploy
Dialogue: 0,0:18:07.33,0:18:14.12,Default,,0000,0000,0000,,into those SIM cards, and into the basebands, not just as a matter of exploitation but actually in some cases by design.
Dialogue: 0,0:18:14.12,0:18:19.10,Default,,0000,0000,0000,,Some SIM cards, for example, allow you to add an app to the SIM card without even having
Dialogue: 0,0:18:19.10,0:18:25.00,Default,,0000,0000,0000,,a cryptographic key or even exploiting the device, just sending a well-formed message will actually do this.
Dialogue: 0,0:18:25.00,0:18:30.13,Default,,0000,0000,0000,,Carson Noll, without realizing it, rediscovered this and he showed this at the CCC.
Dialogue: 0,0:18:30.13,0:18:38.63,Default,,0000,0000,0000,,It's almost identical to things that we showed in the Der Spiegel reporting from last year that I discussed at the 30C3.
Dialogue: 0,0:18:38.63,0:18:44.83,Default,,0000,0000,0000,,I gave a talk there that was called "To Protect and Infect, Part 2," and I don't want to rehash too much
Dialogue: 0,0:18:44.83,0:18:50.20,Default,,0000,0000,0000,,of that talk, but I would really encourage all of you to watch it, because I basically talk about the technical details.
Dialogue: 0,0:18:50.20,0:18:55.40,Default,,0000,0000,0000,,And the technical details are important, because in a democracy, for us to be able to understand what it is
Dialogue: 0,0:18:55.40,0:18:59.40,Default,,0000,0000,0000,,that we're consenting to, we need to have some concept of what it is we're talking about.
Dialogue: 0,0:18:59.40,0:19:05.37,Default,,0000,0000,0000,,Unfortunately the laws are not so great, and from what I can tell, some people have even called
Dialogue: 0,0:19:05.37,0:19:08.80,Default,,0000,0000,0000,,for my prosecution as a result of showing and discussing these things.
Dialogue: 0,0:19:08.80,0:19:13.36,Default,,0000,0000,0000,,Now, that went through very careful editorial control at {\i1}Der Spiegel{\i0}, so I don't feel too threatened by it,
Dialogue: 0,0:19:13.39,0:19:18.13,Default,,0000,0000,0000,,but it's an important point that people don't want you to understand how the machines that control you and
Dialogue: 0,0:19:18.14,0:19:22.46,Default,,0000,0000,0000,,surveil you work. They don't want you to be able to change the way that those things work,
Dialogue: 0,0:19:22.46,0:19:27.93,Default,,0000,0000,0000,,because it is about power. It's about controlling you, it's about controlling your machines, and it's about
Dialogue: 0,0:19:27.93,0:19:32.83,Default,,0000,0000,0000,,ensuring that those people stay in control over you and your devices, should they wish it.
Dialogue: 0,0:19:32.83,0:19:37.93,Default,,0000,0000,0000,,So, in a democracy I think it's fundamentally important for us to understand how the machines work,
Dialogue: 0,0:19:37.93,0:19:43.77,Default,,0000,0000,0000,,to understand how the power works, to understand what the dynamics are, to make sure that these
Dialogue: 0,0:19:43.77,0:19:47.37,Default,,0000,0000,0000,,devices, for example, how they're being subverted, that we understand it.
Dialogue: 0,0:19:47.37,0:19:54.30,Default,,0000,0000,0000,,For example, when we understand that exploitation often leads to hoarding of bugs, that means we understand
Dialogue: 0,0:19:54.30,0:20:00.53,Default,,0000,0000,0000,,that people are letting us stay in a vulnerable state so as to be able to exploit us.
Dialogue: 0,0:20:00.53,0:20:06.63,Default,,0000,0000,0000,,But many people may find those bugs and exploit us, so it is not nearly a simple thing where we say
Dialogue: 0,0:20:06.63,0:20:13.96,Default,,0000,0000,0000,,we cede some of our autonomy so that people will be able to do their job. You know, the local policeman needs
Dialogue: 0,0:20:13.96,0:20:18.60,Default,,0000,0000,0000,,to do their job, cooperate with them, for example. Because it is every local policeman on the planet.
Dialogue: 0,0:20:18.60,0:20:22.80,Default,,0000,0000,0000,,It is every intelligence officer on the planet, with enough of a budget or the technical know-how,
Dialogue: 0,0:20:22.80,0:20:28.83,Default,,0000,0000,0000,,who will be able to exploit those things. So on balance, it seems very clear that we want to build secure systems
Dialogue: 0,0:20:28.83,0:20:35.13,Default,,0000,0000,0000,,and not make that trade-off, because we can never actually ensure that the people who are doing this
Dialogue: 0,0:20:35.13,0:20:40.57,Default,,0000,0000,0000,,are acting in our best interest, are democratically in a position of authority that is legitimate,
Dialogue: 0,0:20:40.57,0:20:46.37,Default,,0000,0000,0000,,if, you know, you bear with me here and we say there is some authority that is legitimate...
Dialogue: 0,0:20:46.37,0:20:51.63,Default,,0000,0000,0000,,I know it's a free software crowd, so I like to think that some of you there apt-get install anarchism
Dialogue: 0,0:20:51.63,0:20:56.80,Default,,0000,0000,0000,,from time to time. But it's very important to understand that that balance is something which is not
Dialogue: 0,0:20:56.80,0:21:02.77,Default,,0000,0000,0000,,a part of the discussion, and a big part of ensuring that it's not a part of the discussion is to try to hide the details.
Dialogue: 0,0:21:02.77,0:21:07.93,Default,,0000,0000,0000,,And so for me, I think it's very important to bring out the details. It's very important to show that they use
Dialogue: 0,0:21:07.93,0:21:13.53,Default,,0000,0000,0000,,continuous wave generators bounced against reflectors that they've installed after stealing your mail.
Dialogue: 0,0:21:13.53,0:21:19.33,Default,,0000,0000,0000,,Do we want to live in a world where these people steal our mail? And where they take our laptops
Dialogue: 0,0:21:19.33,0:21:24.49,Default,,0000,0000,0000,,when we buy them online and add devices to them? I don't want to live in that world.
Dialogue: 0,0:21:24.49,0:21:29.53,Default,,0000,0000,0000,,I like to think that people that work on free software not only don't want to live in that world, they are actively
Dialogue: 0,0:21:29.53,0:21:34.09,Default,,0000,0000,0000,,working to ensure that everyone on the planet can choose to live in a different world.
Dialogue: 0,0:21:34.09,0:21:46.36,Default,,0000,0000,0000,,To get back to the point, things like the Milkymist, Novena, coreboot, these are on a spectrum of free
Dialogue: 0,0:21:46.36,0:21:53.37,Default,,0000,0000,0000,,hardware to, as we go down the line, free software-enabled proprietary hardware.
Dialogue: 0,0:21:53.37,0:21:59.82,Default,,0000,0000,0000,,Now, I use an X60 with coreboot and I removed almost all of the hardware I don't need.
Dialogue: 0,0:21:59.82,0:22:04.70,Default,,0000,0000,0000,,I try, for example, to get rid of anything that would need a binary blob. I think I've done that.
Dialogue: 0,0:22:04.70,0:22:10.87,Default,,0000,0000,0000,,This laptop, I think, only has one binary blob left, and that's in the embedded controller for the keyboard.
Dialogue: 0,0:22:10.87,0:22:15.96,Default,,0000,0000,0000,,I sometimes use an external keyboard that doesn't have that, although obviously that keyboard has some
Dialogue: 0,0:22:15.96,0:22:23.12,Default,,0000,0000,0000,,binary firmware device inside of it. Hopefully not remotely flashable. As far as I can tell, that's the case.
Dialogue: 0,0:22:23.12,0:22:31.03,Default,,0000,0000,0000,,Systems like the Novena, made by Bunnie, I think, are the future. That is, he has built almost entirely,
Dialogue: 0,0:22:31.03,0:22:37.10,Default,,0000,0000,0000,,as much as is possible at the moment, an open hardware device based on an ARM CPU, where you can fab this
Dialogue: 0,0:22:37.10,0:22:45.88,Default,,0000,0000,0000,,device, where you can very easily, if you are a hardware person, modify it, and you can fab this
Dialogue: 0,0:22:45.88,0:22:52.33,Default,,0000,0000,0000,,changed device. So that, I think, is critical. There's still a proprietary CPU, but there's a trade-off to be
Dialogue: 0,0:22:52.33,0:22:59.57,Default,,0000,0000,0000,,made here. So in this case, the Freescale CPU that he included is pretty fast, it's a quad-core CPU, and it
Dialogue: 0,0:22:59.57,0:23:03.68,Default,,0000,0000,0000,,has a hardware random number generator. Who knows if it's SIGINT-enabled, hopefully not.
Dialogue: 0,0:23:03.68,0:23:09.23,Default,,0000,0000,0000,,If we see this, we see that it is significantly better than, for example, the ThinkPad that's sitting in front
Dialogue: 0,0:23:09.23,0:23:13.00,Default,,0000,0000,0000,,of me where we don't know the designer, we don't know their intentions, we don't know for example if
Dialogue: 0,0:23:13.00,0:23:19.80,Default,,0000,0000,0000,,the Intel microcode, if it can be updated remotely by someone who has the key that isn't Intel.
Dialogue: 0,0:23:19.80,0:23:25.16,Default,,0000,0000,0000,,Probably, would be my guess, if they understand the format, if they can add backdoors, which, if they understand
Dialogue: 0,0:23:25.16,0:23:29.60,Default,,0000,0000,0000,,the way the microcode works and they have the key, then of course they can do all of those things.
Dialogue: 0,0:23:29.60,0:23:35.03,Default,,0000,0000,0000,,So there are some architectural changes in the Novena which I think are pretty spectacular for that.
Dialogue: 0,0:23:35.03,0:23:41.17,Default,,0000,0000,0000,,If we go all the way, I see something like the Milkymist, which for a time I used instead of as a video mixer
Dialogue: 0,0:23:41.17,0:23:52.77,Default,,0000,0000,0000,,but as a machine for running screen and irssi. And it actually is a FPGA device where the CPU itself is
Dialogue: 0,0:23:52.77,0:24:03.03,Default,,0000,0000,0000,,free software. Unfortunately the tools for synthesizing the FPGA, those are not free. We lack free software tools
Dialogue: 0,0:24:03.03,0:24:08.90,Default,,0000,0000,0000,,for those things, as well. And we really, really, really need free software tools for all of these things,
Dialogue: 0,0:24:08.90,0:24:16.72,Default,,0000,0000,0000,,and we need free hardware platforms to build on top of. Without that, it's very difficult for us to secure our systems.
Dialogue: 0,0:24:16.72,0:24:21.80,Default,,0000,0000,0000,,I think that it's critical to do that. And there are some people that are doing that.
Dialogue: 0,0:24:21.80,0:24:27.06,Default,,0000,0000,0000,,So lekernel, the guy who's working on the Milkymist, and some of these other free hardware devices,
Dialogue: 0,0:24:27.06,0:24:32.60,Default,,0000,0000,0000,,I think he really needs support, and I think it would be great, because his devices are the kinds of devices
Dialogue: 0,0:24:32.60,0:24:37.14,Default,,0000,0000,0000,,where you can do forensics on it, but you can also prevent adversarial forensics.
Dialogue: 0,0:24:37.14,0:24:42.40,Default,,0000,0000,0000,,That is, you can program your device to self-destruct, but you can also check to see if someone has changed
Dialogue: 0,0:24:42.40,0:24:49.20,Default,,0000,0000,0000,,the bootloader, if someone has changed the VHDL output, you can actually verify these things.
Dialogue: 0,0:24:49.20,0:24:55.13,Default,,0000,0000,0000,,Novena is much the same. I've been working on making Debian GNU/Linux run really well on it.
Dialogue: 0,0:24:55.13,0:25:05.17,Default,,0000,0000,0000,,I actually have a Novena here in front of me, with the little helpful Intel sticker, but that's just as a joke,
Dialogue: 0,0:25:05.17,0:25:11.48,Default,,0000,0000,0000,,because there's no intel inside with free hardware and free software, if we do our jobs correctly.
Dialogue: 0,0:25:11.48,0:25:19.50,Default,,0000,0000,0000,,So, I'd like to think that this is a good start, but the only thing that makes this useful is, of course, the free software on top of it.
Dialogue: 0,0:25:19.50,0:25:25.93,Default,,0000,0000,0000,,So in this sense, I think that Debian GNU/Linux is very important. I think lots of things, like Trisquel, for example,
Dialogue: 0,0:25:25.93,0:25:31.56,Default,,0000,0000,0000,,are very important. And we need to work on making those systems usable. I think the GNOME project
Dialogue: 0,0:25:31.56,0:25:37.30,Default,,0000,0000,0000,,has done a very excellent job with that. There are a few things about it that drive me crazy, but mostly
Dialogue: 0,0:25:37.30,0:25:44.83,Default,,0000,0000,0000,,just because I've been using computers long enough to have bad habits, so I think that that's a sort of humbling experience.
Dialogue: 0,0:25:44.83,0:25:52.60,Default,,0000,0000,0000,,The Tails operating system, which is a derivative of Debian, is set up in such a way that you don't
Dialogue: 0,0:25:52.60,0:25:57.63,Default,,0000,0000,0000,,need to understand anything about anonymity, you don't need to understand anything about security and privacy.
Dialogue: 0,0:25:57.63,0:26:02.70,Default,,0000,0000,0000,,It comes with a chat client that has off-the-record messaging by default. Everything is configured
Dialogue: 0,0:26:02.70,0:26:11.13,Default,,0000,0000,0000,,to work over Tor by default. This is great. This helps us with this paradigm shift of privacy by policy to privacy by design.
Dialogue: 0,0:26:11.13,0:26:16.10,Default,,0000,0000,0000,,Now, there are a couple of problems that still exist. Even if you have Tails, even if you find it usable,
Dialogue: 0,0:26:16.11,0:26:21.50,Default,,0000,0000,0000,,which it isn't, in my opinion... It's much more usable than all of these things were before Tails, but it's
Dialogue: 0,0:26:21.50,0:26:28.56,Default,,0000,0000,0000,,a progression. If we take a step and we go further and further down the line, one of the things we'll note
Dialogue: 0,0:26:28.56,0:26:34.16,Default,,0000,0000,0000,,is that there isn't an easy wizard for setting up, for example, a chat account that just works.
Dialogue: 0,0:26:34.16,0:26:42.30,Default,,0000,0000,0000,,Where you can just easily send a message. Where it's not hard. As an example, I installed Jitsi on this laptop,
Dialogue: 0,0:26:42.30,0:26:47.96,Default,,0000,0000,0000,,and at the bottom of the screen you see "surveillance_target@jit.si". You can, of course,
Dialogue: 0,0:26:47.96,0:26:55.97,Default,,0000,0000,0000,,ask me questions via OTR if you want here, and if you'd like to, you'll note that it is, of course,
Dialogue: 0,0:26:55.97,0:27:03.88,Default,,0000,0000,0000,,using OTR, it is also using SSL/TLS... well, it's TLS 1.0, I think, to connect there.
Dialogue: 0,0:27:03.88,0:27:12.40,Default,,0000,0000,0000,,You'll note that it's essentially... it's like an email address. That is pretty good, and I think we may have
Dialogue: 0,0:27:12.40,0:27:17.28,Default,,0000,0000,0000,,to sit with that for a while, while we work on coming up with different naming systems.
Dialogue: 0,0:27:17.28,0:27:22.00,Default,,0000,0000,0000,,Zooko's triangle, if you haven't heard of it, I would recommend you look it up on the Wikipedia,
Dialogue: 0,0:27:22.00,0:27:27.40,Default,,0000,0000,0000,,it's definitely the case that we have some hard problems to try to tackle.
Dialogue: 0,0:27:27.40,0:27:35.00,Default,,0000,0000,0000,,Skype, for example, is really easy for people to use, and they do use it because they have probably purchased
Dialogue: 0,0:27:35.00,0:27:40.16,Default,,0000,0000,0000,,every webcam in the world, and then they've made it work with every piece of software and hardware
Dialogue: 0,0:27:40.16,0:27:46.30,Default,,0000,0000,0000,,combination that they could get their hands on. And they also solved the problem of making it as simple
Dialogue: 0,0:27:46.30,0:27:59.73,Default,,0000,0000,0000,,as adding, for example, one username and password, and then forever just keeping that identifier.
Dialogue: 0,0:27:59.73,0:28:06.26,Default,,0000,0000,0000,,And then you just have to simply say, "Hey, I'm Alice at, I'm Bob at" and it's really easy to use.
Dialogue: 0,0:28:06.26,0:28:12.50,Default,,0000,0000,0000,,For example, if Jitsi had a setup wizard, where it automatically generated your OTR keys and it
Dialogue: 0,0:28:12.50,0:28:17.37,Default,,0000,0000,0000,,automatically did everything that needed to be done and it added you to their server, but it also allowed
Dialogue: 0,0:28:17.37,0:28:23.26,Default,,0000,0000,0000,,you to configure a secondary server, that would be fantastic. It would mean that you could just download
Dialogue: 0,0:28:23.26,0:28:29.50,Default,,0000,0000,0000,,Jitsi and it would work. If it forced OTR, even better. Those kinds of things are really simple changes
Dialogue: 0,0:28:29.50,0:28:35.16,Default,,0000,0000,0000,,that really would make a world of difference. And since Jitsi works on other platforms other than pure
Dialogue: 0,0:28:35.16,0:28:39.80,Default,,0000,0000,0000,,free software platforms, it can even be used as a kind of gateway crypto system.
Dialogue: 0,0:28:39.80,0:28:45.70,Default,,0000,0000,0000,,So, I think that kind of stuff becomes very important, because once you have something like Tails
Dialogue: 0,0:28:45.70,0:28:50.00,Default,,0000,0000,0000,,and you have something like Jitsi and you put them together, you still have that last step.
Dialogue: 0,0:28:50.00,0:28:57.78,Default,,0000,0000,0000,,And that last step is a hard one. But we're really close. In looking through and understanding some of
Dialogue: 0,0:28:57.78,0:29:03.48,Default,,0000,0000,0000,,the things that I've been looking at and studying with regard to the technology, and I said this before,
Dialogue: 0,0:29:03.48,0:29:09.100,Default,,0000,0000,0000,,usability and security are absolutely critical. But I also mentioned before the active attackers.
Dialogue: 0,0:29:09.100,0:29:19.33,Default,,0000,0000,0000,,So one of the issues that we see is that these active attackers are actually pretty good, right?
Dialogue: 0,0:29:19.33,0:29:24.30,Default,,0000,0000,0000,,So if you have a longterm cryptographic key but you don't use it correctly, that is, you encrypt all your
Dialogue: 0,0:29:24.30,0:29:29.88,Default,,0000,0000,0000,,traffic in a non-forward secret way, you have a pretty serious problem, which is that these people will
Dialogue: 0,0:29:29.88,0:29:36.00,Default,,0000,0000,0000,,break into the computer and actually take the key so that they can decrypt traffic, or to impersonate you.
Dialogue: 0,0:29:36.00,0:29:40.36,Default,,0000,0000,0000,,So we do need to come up with some notions about, for example, ratcheting.
Dialogue: 0,0:29:40.36,0:29:45.96,Default,,0000,0000,0000,,So Tech Secure, which Moxie Marlinspike has been working on for many years now, it has this notion
Dialogue: 0,0:29:45.96,0:29:52.24,Default,,0000,0000,0000,,of forward secrecy as well as future secrecy. I think that we need to think about some of the stuff that he's
Dialogue: 0,0:29:52.24,0:30:00.00,Default,,0000,0000,0000,,been working on to make this kind of system usable. Adam Langley, who is probably, I would say, one of the
Dialogue: 0,0:30:00.00,0:30:06.03,Default,,0000,0000,0000,,great living cypherpunks right now, he has written a system called Pond. I've worked a little bit on the key
Dialogue: 0,0:30:06.03,0:30:11.11,Default,,0000,0000,0000,,agreement system PANDA, where we dynamically meet by using a shared secret.
Dialogue: 0,0:30:11.11,0:30:16.93,Default,,0000,0000,0000,,That kind of a system is really important. It changes the game from "you're totally surveilled, but maybe
Dialogue: 0,0:30:16.93,0:30:21.63,Default,,0000,0000,0000,,you have PGP email if you're lucky," or "you're totally surveilled, but maybe you have OTR if you've had
Dialogue: 0,0:30:21.63,0:30:32.03,Default,,0000,0000,0000,,a proper chat client for it." And basically it switches it, so everything goes over Tor, everything goes to a server,
Dialogue: 0,0:30:32.03,0:30:39.96,Default,,0000,0000,0000,,that server only sees a delayed set of messages. That kind of system is really a significantly different way of
Dialogue: 0,0:30:39.96,0:30:45.12,Default,,0000,0000,0000,,doing communications, and it's not so different from email in some ways. But it's different in the ways that
Dialogue: 0,0:30:45.12,0:30:50.90,Default,,0000,0000,0000,,are really important. So that, however, is completely useless without a usable interface,
Dialogue: 0,0:30:50.90,0:30:57.57,Default,,0000,0000,0000,,without having it be deployed, without teaching people things. So as an example, when you teach
Dialogue: 0,0:30:57.57,0:31:02.13,Default,,0000,0000,0000,,a journalist something—one of the things that I've found is almost impossible to do is to teach journalists—
Dialogue: 0,0:31:02.13,0:31:07.33,Default,,0000,0000,0000,,but if you teach journalists something, you want to teach them one or two things that you absolutely
Dialogue: 0,0:31:07.33,0:31:12.50,Default,,0000,0000,0000,,impress on them that they must do. So for example, verifying an OTR fingerprint is one of the things
Dialogue: 0,0:31:12.50,0:31:16.76,Default,,0000,0000,0000,,that I impress on every journalist that I work with. And that's actually my litmus test.
Dialogue: 0,0:31:16.76,0:31:23.60,Default,,0000,0000,0000,,If they cannot use Tor and OTR and Jabber together, I don't work with them, because they can't maintain
Dialogue: 0,0:31:23.60,0:31:33.23,Default,,0000,0000,0000,,confidentiality, authenticity, any kind of integrity in a digital sense. And that, for me, is important.
Dialogue: 0,0:31:33.23,0:31:37.93,Default,,0000,0000,0000,,But it's also the case that I spend a lot of time teaching people how to build Tails disks, or building
Dialogue: 0,0:31:37.93,0:31:43.83,Default,,0000,0000,0000,,Tails disks for them, or getting a special laptop and then setting that up for them and then adding Tails to
Dialogue: 0,0:31:43.83,0:31:51.73,Default,,0000,0000,0000,,that system, or a Debian GNU/Linux setup. And it would be nice if it was as simple as "just use Trisquel."
Dialogue: 0,0:31:51.73,0:31:58.57,Default,,0000,0000,0000,,If it was as simple as "buy a laptop from this vendor and it's all free software enabled."
Dialogue: 0,0:31:58.57,0:32:02.23,Default,,0000,0000,0000,,Now there are some vendors that do it, and the problem of interdiction, which I mentioned before,
Dialogue: 0,0:32:02.23,0:32:07.10,Default,,0000,0000,0000,,where they steal mail and change things, that's a serious problem. So we really need to make sure
Dialogue: 0,0:32:07.10,0:32:14.37,Default,,0000,0000,0000,,that these things are available in regular stores where regular people go. That makes targeting, again, much harder.
Dialogue: 0,0:32:14.37,0:32:22.10,Default,,0000,0000,0000,,I have a couple of other things before I start to take questions, but I think that the real key stuff that
Dialogue: 0,0:32:22.10,0:32:28.40,Default,,0000,0000,0000,,we need to consider is that we need verifiability. So for example, reproducible builds, things like Gitian,
Dialogue: 0,0:32:28.40,0:32:34.40,Default,,0000,0000,0000,,which is what we're doing for the Tor browser, that's very critical because anytime you build software for
Dialogue: 0,0:32:34.40,0:32:40.43,Default,,0000,0000,0000,,anyone, you are a target. Especially if the person you build software for is themselves a target.
Dialogue: 0,0:32:40.43,0:32:48.06,Default,,0000,0000,0000,,So, for example, we can imagine that with this three- or two-hop-out idea of targeting, we know that it's possible
Dialogue: 0,0:32:48.06,0:32:53.20,Default,,0000,0000,0000,,for someone to target a sysadmin because the sysadmin is interesting, but it follows that if the
Dialogue: 0,0:32:53.20,0:32:57.83,Default,,0000,0000,0000,,sysadmin is really good, and a lot of people in the free software community are really good with securing
Dialogue: 0,0:32:57.83,0:33:03.00,Default,,0000,0000,0000,,their systems, those people will be targeted by targeting their operating system vendor.
Dialogue: 0,0:33:03.00,0:33:09.13,Default,,0000,0000,0000,,So, for example, we know that Debian has been compromised in the past. We have to make it so that
Dialogue: 0,0:33:09.13,0:33:15.20,Default,,0000,0000,0000,,compromising Debian is not only detected, but that it doesn't make sense to do that.
Dialogue: 0,0:33:15.20,0:33:22.26,Default,,0000,0000,0000,,So if, for example, you were to think about this from the Gitian perspective, if we have anonymized
Dialogue: 0,0:33:22.26,0:33:28.96,Default,,0000,0000,0000,,builders that are regularly building packages and reporting those results, it will allow us to see if
Dialogue: 0,0:33:28.96,0:33:35.03,Default,,0000,0000,0000,,someone has changed a package on the server, it'll allow us to tell if that piece of software has been tampered with.
Dialogue: 0,0:33:35.03,0:33:39.63,Default,,0000,0000,0000,,We need to have a kind of binary verification process which, at the moment, we don't really have a
Dialogue: 0,0:33:39.63,0:33:45.46,Default,,0000,0000,0000,,binary verification process. Some people use proprietary software like IDA Pro to reverse engineer
Dialogue: 0,0:33:45.46,0:33:52.40,Default,,0000,0000,0000,,this, some people try to disassemble or decompile the software to see if it matches what they thought,
Dialogue: 0,0:33:52.40,0:33:57.03,Default,,0000,0000,0000,,but that's usually a hand process. We need to automate some of those things, and we need to
Dialogue: 0,0:33:57.03,0:34:01.87,Default,,0000,0000,0000,,do it in a way where people are able to report back to the community anything that they see, basically in
Dialogue: 0,0:34:01.87,0:34:08.36,Default,,0000,0000,0000,,real time, that is problematic. So for the Tor browser, I actually have a machine that builds with Gitian,
Dialogue: 0,0:34:08.36,0:34:14.66,Default,,0000,0000,0000,,and if it ever builds a hash that doesn't match what I would expect, then it alerts me.
Dialogue: 0,0:34:14.66,0:34:20.00,Default,,0000,0000,0000,,And it alerts me in a way such that it just looks like any other person downloading the source code,
Dialogue: 0,0:34:20.00,0:34:26.83,Default,,0000,0000,0000,,so it's harder to target, and it is the case that it verifies signatures where I've verified the keys in person.
Dialogue: 0,0:34:26.83,0:34:33.03,Default,,0000,0000,0000,,So I think that's pretty good, I think it works relatively well, but that doesn't scale.
Dialogue: 0,0:34:33.03,0:34:40.06,Default,,0000,0000,0000,,And right now, it's a one-off. So we really, really need to consider this as a reality.
Dialogue: 0,0:34:40.06,0:34:47.36,Default,,0000,0000,0000,,We need that also for devices. For example, if I buy a hardware device and the NSA adds something to it,
Dialogue: 0,0:34:47.36,0:34:54.33,Default,,0000,0000,0000,,what has happened? Right? Well, usually, they've won. That's a really serious problem.
Dialogue: 0,0:34:54.33,0:35:00.10,Default,,0000,0000,0000,,And it's not just the NSA, it's anybody who can steal mail, and especially at scale. Right?
Dialogue: 0,0:35:00.10,0:35:04.80,Default,,0000,0000,0000,,Computers go through customs. Free software might not always go through customs, but computers do.
Dialogue: 0,0:35:04.80,0:35:09.34,Default,,0000,0000,0000,,And that's where the state's advantage is often used against people in a way that they don't understand
Dialogue: 0,0:35:09.34,0:35:16.27,Default,,0000,0000,0000,,and certainly wouldn't consent to. And so we need to have a way, really, and this sounds kind of outlandish,
Dialogue: 0,0:35:16.27,0:35:20.13,Default,,0000,0000,0000,,but let's go for outlandish. We need a way to be able to X-ray our hardware and compare it with
Dialogue: 0,0:35:20.13,0:35:27.73,Default,,0000,0000,0000,,a known good state. And with no binary blobs, it becomes a little bit possible. A little more possible for
Dialogue: 0,0:35:27.73,0:35:32.36,Default,,0000,0000,0000,,us to make sure that the systems we're carrying around are not just bugs for an oppressor.
Dialogue: 0,0:35:32.36,0:35:39.44,Default,,0000,0000,0000,,They're not just systems to be used against us. Now, I know that that's a tall order, but the GNU project itself
Dialogue: 0,0:35:39.44,0:35:46.36,Default,,0000,0000,0000,,is a tall order. And so we need to move towards free systems: free hardware and free software systems for freedom.
Dialogue: 0,0:35:46.36,0:35:50.60,Default,,0000,0000,0000,,Because really, it would be very difficult to maintain freedom and liberty in the future,
Dialogue: 0,0:35:50.60,0:35:56.59,Default,,0000,0000,0000,,and even, I think, to keep our democracies in a world of mass surveillance. Especially if all of our devices
Dialogue: 0,0:35:56.59,0:36:01.50,Default,,0000,0000,0000,,are the thing that is oppressing us, or that are acting as an oppressor.
Dialogue: 0,0:36:01.50,0:36:05.53,Default,,0000,0000,0000,,In the past it was the case that you had a neighbor, and the neighbor maybe received some benefits.
Dialogue: 0,0:36:05.53,0:36:10.53,Default,,0000,0000,0000,,Now the changes are different. Now people report on each other as a matter of, you know, fun.
Dialogue: 0,0:36:10.53,0:36:15.80,Default,,0000,0000,0000,,For society. With Facebook, for example. Well, what happens when the Philip K. Dick nightmare is not
Dialogue: 0,0:36:15.80,0:36:22.63,Default,,0000,0000,0000,,just worrying about every person spying on you, but what if it becomes every thing that's spying on you?
Dialogue: 0,0:36:22.63,0:36:27.16,Default,,0000,0000,0000,,Part of the way that I deal with this is I literally remove the physical microphones from my computers,
Dialogue: 0,0:36:27.16,0:36:33.36,Default,,0000,0000,0000,,because I know that it is almost impossible to secure machines such that a really powerful, well-funded
Dialogue: 0,0:36:33.36,0:36:39.36,Default,,0000,0000,0000,,adversary could enable them again. So that is not really something that scales.
Dialogue: 0,0:36:39.36,0:36:43.90,Default,,0000,0000,0000,,But we can think about it when we build free software laptops, we should make sure that there is an LED
Dialogue: 0,0:36:43.90,0:36:49.50,Default,,0000,0000,0000,,that if the microphone is powered up, the LED is on. Just the same way with a camera, but not as badly-designed
Dialogue: 0,0:36:49.50,0:37:00.00,Default,,0000,0000,0000,,as most cameras. I guess probably now, we should probably take some questions, given the timing.
Dialogue: 0,0:37:00.00,0:37:09.13,Default,,0000,0000,0000,,Is there anybody that wants to ask a question? If so, we're in #libreplanet on OFTC, because OFTC allows
Dialogue: 0,0:37:09.13,0:37:12.53,Default,,0000,0000,0000,,me to use Tor to connect to their IRC network, which I'm very thankful for.
Dialogue: 0,0:37:12.53,0:37:17.47,Default,,0000,0000,0000,,I would be happy to take some questions, and I know that some of you have contacted me on Jabber.
Dialogue: 0,0:37:17.47,0:37:26.73,Default,,0000,0000,0000,,So you can of course, you can of course ask me questions. The first question says, "What is, in your opinion,
Dialogue: 0,0:37:26.73,0:37:33.77,Default,,0000,0000,0000,,the most important technology for journalists to learn?" You know, it depends on what kind of journalist.
Dialogue: 0,0:37:33.77,0:37:39.56,Default,,0000,0000,0000,,I tend to think that the key technology for people to understand is not a specific technology,
Dialogue: 0,0:37:39.56,0:37:47.34,Default,,0000,0000,0000,,but rather the philosophy of free software. I mean, Richard Stallman, who is one of the most brilliant people to have ever lived,
Dialogue: 0,0:37:47.34,0:37:53.50,Default,,0000,0000,0000,,really hit the nail on the head when he talks about free software not as a matter of cost but as a matter of freedom.
Dialogue: 0,0:37:53.50,0:38:00.03,Default,,0000,0000,0000,,And I think that when people understand that power dynamic, when they understand the tradeoffs they're really making,
Dialogue: 0,0:38:00.03,0:38:05.13,Default,,0000,0000,0000,,they'll change the pieces of software that they use. And hopefully, by the time they make that choice,
Dialogue: 0,0:38:05.13,0:38:12.00,Default,,0000,0000,0000,,that software will be usable, so that when you use Jitsi, for example, it does not allow non-OTR conversations.
Dialogue: 0,0:38:12.00,0:38:18.57,Default,,0000,0000,0000,,Or when you make a video call, it doesn't allow the user, basically, to make an unencrypted stream
Dialogue: 0,0:38:18.57,0:38:22.90,Default,,0000,0000,0000,,without jumping through hoops. By default it is secure. By default is privacy by design.
Dialogue: 0,0:38:22.90,0:38:29.60,Default,,0000,0000,0000,,And so, if people are going to learn one specific tool, I feel like we're sort of failing.
Dialogue: 0,0:38:29.60,0:38:37.23,Default,,0000,0000,0000,,I think, as Schneier is often quoted as saying, privacy and security is a process, not a product.
Dialogue: 0,0:38:37.23,0:38:43.60,Default,,0000,0000,0000,,Maybe he only said that about security, but let's modify it a little bit. Right? Liberty is also a process,
Dialogue: 0,0:38:43.60,0:38:50.20,Default,,0000,0000,0000,,it's not a product. So journalists need to learn about the world around them, but that's for every person as well.
Dialogue: 0,0:38:50.20,0:38:54.43,Default,,0000,0000,0000,,And so when we want every person to have this, we need to make sure that the devices and the software that we use
Dialogue: 0,0:38:54.53,0:39:00.66,Default,,0000,0000,0000,,actually enable that by default. The next question is, "How useful is a SHA-256 sum
Dialogue: 0,0:39:00.66,0:39:10.87,Default,,0000,0000,0000,,for checking software binary zip integrity checking?" My feeling is that hash functions are not going to be the weakest point.
Dialogue: 0,0:39:10.87,0:39:19.77,Default,,0000,0000,0000,,But if you would like, you can take the approach that Debian takes. When you upload a package, it has MD5, SHA-1, and SHA-256,
Dialogue: 0,0:39:19.77,0:39:26.50,Default,,0000,0000,0000,,and then you do a GnuPG signature over that. Now I use, because of the fact that I'm certain there are
Dialogue: 0,0:39:26.50,0:39:34.77,Default,,0000,0000,0000,,people that are trying to attack my systems, I use this, which is unfortunately not completely free. But it is a GnuPG smart card.
Dialogue: 0,0:39:34.77,0:39:42.27,Default,,0000,0000,0000,,And that GnuPG smart card, I also don't leave it plugged into my system very often, and I usually use it on an offline machine
Dialogue: 0,0:39:42.27,0:39:46.40,Default,,0000,0000,0000,,so someone has to break into my house to be able to even begin to mount an attack on the smart card.
Dialogue: 0,0:39:46.40,0:39:53.76,Default,,0000,0000,0000,,But that, I think, is really the way to go about it. It's not just about hashing, it's also about ensuring that you compose
Dialogue: 0,0:39:53.76,0:39:58.80,Default,,0000,0000,0000,,those hashes into a system that makes some kind of sense. But again, in this case with Debian,
Dialogue: 0,0:39:58.80,0:40:04.36,Default,,0000,0000,0000,,when you hash the files and you upload them, the binaries I built on my system are the ones that Debian gives out to users.
Dialogue: 0,0:40:04.36,0:40:10.56,Default,,0000,0000,0000,,Is that really what we want? I think that's a bad idea. What if my system has been compromised, right?
Dialogue: 0,0:40:10.56,0:40:16.80,Default,,0000,0000,0000,,We don't want that binary going out. And there's some work on changing that. But if we think about it just in terms of hash functions,
Dialogue: 0,0:40:16.80,0:40:22.40,Default,,0000,0000,0000,,I think we'll rarely find the hash function is the issue. Obviously there are some things, like MD5, that are just hopelessly broken,
Dialogue: 0,0:40:22.40,0:40:29.35,Default,,0000,0000,0000,,so we should be moving towards things that are not hopelessly broken, but it's difficult, because a lot of our standardization agencies,
Dialogue: 0,0:40:29.35,0:40:37.73,Default,,0000,0000,0000,,they're not very good at their job, in my opinion. Right? When NIST collaborates with the NSA willingly or unwillingly,
Dialogue: 0,0:40:37.73,0:40:44.70,Default,,0000,0000,0000,,wittingly or unwittingly, I think we have a problem. So we should look for diversity in this, and not just choose one thing,
Dialogue: 0,0:40:44.70,0:40:48.87,Default,,0000,0000,0000,,but choose a few things that make it significantly harder for someone to attack any single thing.
Dialogue: 0,0:40:48.87,0:40:56.80,Default,,0000,0000,0000,,And as far as average users being able to verify software, I think this is a really tough problem.
Dialogue: 0,0:40:56.80,0:41:04.14,Default,,0000,0000,0000,,Basically, the real issue is a bootstrapping problem. We need to make sure that operating systems have some notion
Dialogue: 0,0:41:04.14,0:41:10.80,Default,,0000,0000,0000,,about actual integrity of packages. And that's a really difficult problem to solve because many people start with a
Dialogue: 0,0:41:10.80,0:41:17.73,Default,,0000,0000,0000,,proprietary software platform, like Microsoft Windows or Mac OSX, and those platforms, they do not respect peoples' liberty.
Dialogue: 0,0:41:17.73,0:41:22.63,Default,,0000,0000,0000,,And naturally, they don't want to help you to move to a new platform that respects your liberty.
Dialogue: 0,0:41:22.63,0:41:31.23,Default,,0000,0000,0000,,So, in a free software world though, we should be able to have packages that do have verifiability in the operating system,
Dialogue: 0,0:41:31.23,0:41:36.53,Default,,0000,0000,0000,,as well as in the packages. That is, that are signed, that are hashed properly, that have some notion of the web of trust,
Dialogue: 0,0:41:36.53,0:41:43.40,Default,,0000,0000,0000,,or something that replaces it, plus a user interface that makes sense. And that's a really difficult one.
Dialogue: 0,0:41:43.40,0:41:51.45,Default,,0000,0000,0000,,Snowden calls it the "Greenwald test". And I think that that's a good test, actually. As someone who actually
Dialogue: 0,0:41:51.45,0:41:58.20,Default,,0000,0000,0000,,asked Glenn to use a bash shell on Tails and showed him how to use a bunch of command line tools,
Dialogue: 0,0:41:58.20,0:42:06.80,Default,,0000,0000,0000,,allow me to elucidate how important that test is. Jesus Christ, that is a serious test. It's really, really, really hard to get
Dialogue: 0,0:42:06.80,0:42:13.20,Default,,0000,0000,0000,,Glenn to use those tools securely. But it shouldn't be. In fact, every time that a user can't figure something out,
Dialogue: 0,0:42:13.20,0:42:19.00,Default,,0000,0000,0000,,we should say to ourselves that we have failed. Not seriously, but we should say to ourselves that we have failed,
Dialogue: 0,0:42:19.00,0:42:22.00,Default,,0000,0000,0000,,and we should try to succeed where we have failed before.
Dialogue: 0,0:42:22.00,0:42:27.50,Default,,0000,0000,0000,,I have another question here: "What are the bare minimum fundamentals we should teach the general public
Dialogue: 0,0:42:27.50,0:42:35.13,Default,,0000,0000,0000,,when advocating privacy?" Well, I tend to think that the bare fundamental is that we're not talking about privacy, actually.
Dialogue: 0,0:42:35.13,0:42:39.54,Default,,0000,0000,0000,,We're talking about autonomy, we're talking about dignity, and we're talking about our liberty.
Dialogue: 0,0:42:39.54,0:42:45.93,Default,,0000,0000,0000,,Privacy is merely one of the manifestations of this. So, for example, when people say that they don't have anything to hide,
Dialogue: 0,0:42:45.93,0:42:53.33,Default,,0000,0000,0000,,it's not about hiding things. It's about having a private sphere in which to think about things before you reveal what you have decided.
Dialogue: 0,0:42:53.33,0:42:58.67,Default,,0000,0000,0000,,Where you don't have to reveal the process by which you make a decision. But also, where you get to choose.
Dialogue: 0,0:42:58.67,0:43:04.40,Default,,0000,0000,0000,,It's not that, for example, I have nothing to hide underneath this great Cyberpeace t-shirt,
Dialogue: 0,0:43:04.40,0:43:10.06,Default,,0000,0000,0000,,but it should be me that actually chooses if I should take it off. And so, for example, right now since I understand
Dialogue: 0,0:43:10.06,0:43:15.51,Default,,0000,0000,0000,,there are sixty people watching this webstream, I'm going to keep it on. And that is, when we talk about privacy,
Dialogue: 0,0:43:15.51,0:43:23.10,Default,,0000,0000,0000,,in a sense when we say that privacy is dead, what we're hearing is our modern generation saying that liberty is dead.
Dialogue: 0,0:43:23.10,0:43:28.10,Default,,0000,0000,0000,,And I don't like that. So I refuse to say that privacy is dead when people really mean liberty.
Dialogue: 0,0:43:28.10,0:43:32.76,Default,,0000,0000,0000,,And I think it is important that we reject that notion, and we should talk about how we should have a right to autonomy,
Dialogue: 0,0:43:32.76,0:43:39.60,Default,,0000,0000,0000,,we should have a right to express solidarity, we should have the ability to be able to, in the case of free software and free hardware,
Dialogue: 0,0:43:39.60,0:43:46.23,Default,,0000,0000,0000,,have devices that actually empower us and that we understand how they work. And we should be able to be secure, end-to-end secure.
Dialogue: 0,0:43:46.23,0:43:57.50,Default,,0000,0000,0000,,So, I've got a couple other ones. Oh, wow, joeyh! One of my favorite Debian developers of all time, that's incredible.
Dialogue: 0,0:43:57.50,0:44:01.93,Default,,0000,0000,0000,,I feel honored that you're asking me a question. "Should Debian work towards integrating Tor more?"
Dialogue: 0,0:44:01.93,0:44:09.73,Default,,0000,0000,0000,,Yes. So I'm a new Debian developer, it took me ten years, because I'm slow at becoming a Debian developer.
Dialogue: 0,0:44:09.73,0:44:18.33,Default,,0000,0000,0000,,But I'm error@debian.org, and I'm super happy to help anybody to be able to integrate Tor and anonymity software
Dialogue: 0,0:44:18.33,0:44:26.26,Default,,0000,0000,0000,,by default into Debian. As an example, I have a transparent Tor network that I use to be able to ensure that I can
Dialogue: 0,0:44:26.26,0:44:31.86,Default,,0000,0000,0000,,install Debian on new machines without my Internet service provider being targeted by the NSA or other people.
Dialogue: 0,0:44:31.86,0:44:38.93,Default,,0000,0000,0000,,I also run a Tor mirror on the Tor hidden service, as well, and a Debian mirror on the Tor hidden service as well,
Dialogue: 0,0:44:38.93,0:44:44.30,Default,,0000,0000,0000,,so that I can install packages on these systems without having to worry about basically being attacked.
Dialogue: 0,0:44:44.30,0:44:51.33,Default,,0000,0000,0000,,Even if a Debian developer FTP Master's key is compromised. So that a targeted attack is significantly harder.
Dialogue: 0,0:44:51.33,0:44:57.60,Default,,0000,0000,0000,,As you can imagine, that's not very usable for regular people, and as you can also imagine, it probably doesn't work very well.
Dialogue: 0,0:44:57.60,0:45:05.26,Default,,0000,0000,0000,,So yeah, we should make it so that a Debian user can say, "help! I'm a target of surveillance, and I'd like to be
Dialogue: 0,0:45:05.26,0:45:09.50,Default,,0000,0000,0000,,able to use free software without being tampered with." And that would be great if we could make Debian,
Dialogue: 0,0:45:09.54,0:45:16.14,Default,,0000,0000,0000,,if we could make Debian more friendly to that. Because basically we, for a long time, have lived in a world of privilege,
Dialogue: 0,0:45:16.23,0:45:21.87,Default,,0000,0000,0000,,where we thought we were exempt from the power dynamics of the world. And I think one of the things we will learn,
Dialogue: 0,0:45:21.87,0:45:27.27,Default,,0000,0000,0000,,especially with Debian, is that that isn't the case. And the more international a team is, the more the legal authorities
Dialogue: 0,0:45:27.27,0:45:35.03,Default,,0000,0000,0000,,of intelligence agencies suggest that they are fair targets. So, that also extends to the users. So I'd love to make that happen.
Dialogue: 0,0:45:35.03,0:45:46.03,Default,,0000,0000,0000,,And, yeah, wow. It's incredible to be able to talk to you guys here. Probably the only group of people that really can make these changes, right?
Dialogue: 0,0:45:46.03,0:45:51.73,Default,,0000,0000,0000,,I mean, there are other free software people around the world other than the ones in this room, but it's really critical to understand the role
Dialogue: 0,0:45:51.73,0:45:55.14,Default,,0000,0000,0000,,that you guys play. And that all of us play, together.
Dialogue: 0,0:45:55.14,0:46:13.83,Default,,0000,0000,0000,,I have a couple of other questions here. Helican asks, "Do you think the time is right for a free hardware FreedomBox
Dialogue: 0,0:46:13.83,0:46:22.03,Default,,0000,0000,0000,,with Tor built in, and do you have any news on the FreedomBox front?" Well, I was very depressed about some of the discussions
Dialogue: 0,0:46:22.03,0:46:31.30,Default,,0000,0000,0000,,around FreedomBox for a while, where I felt like people were taking anonymity as a sort of, like a luxury good.
Dialogue: 0,0:46:31.30,0:46:37.10,Default,,0000,0000,0000,,And they felt like we didn't need Tor, or something like that. Now, obviously, I work on Tor and I'm paid to work on Tor,
Dialogue: 0,0:46:37.10,0:46:43.40,Default,,0000,0000,0000,,so I feel like it's a conflict of interest for me to say this, but yeah, I think we of course need to do that.
Dialogue: 0,0:46:43.40,0:46:49.21,Default,,0000,0000,0000,,At the same time, the reason that I work on Tor is because I really believe it. I think Tor has probably saved my life a couple of times
Dialogue: 0,0:46:49.24,0:46:55.76,Default,,0000,0000,0000,,every month for the last several years, from military dictatorships to other places where I've traveled.
Dialogue: 0,0:46:55.80,0:47:02.43,Default,,0000,0000,0000,,So I think it's critical to make that possible. So as an example, this device I held up here, this Novena board,
Dialogue: 0,0:47:02.43,0:47:15.03,Default,,0000,0000,0000,,well, as you can tell, the basic idea is to have a device that is free hardware and free software that, you know, gives you
Dialogue: 0,0:47:15.03,0:47:21.27,Default,,0000,0000,0000,,exactly what you've just asked for. And that's in fact what I have. That device, when I plug it in, it sets up a wireless network
Dialogue: 0,0:47:21.27,0:47:30.86,Default,,0000,0000,0000,,that transparently routes people through Tor, and it also sets up a Tor relay so that it will relay traffic for the rest of the network.
Dialogue: 0,0:47:30.86,0:47:38.03,Default,,0000,0000,0000,,And it's entirely powered by free software with no proprietary software at all. I think that that is, yeah,
Dialogue: 0,0:47:38.03,0:47:42.13,Default,,0000,0000,0000,,I think that's a good thing to do, and that's what I've been spending my time doing lately. If you want to help with that, it would be great.
Dialogue: 0,0:47:42.13,0:47:47.30,Default,,0000,0000,0000,,And if we can get the FreedomBox to adopt the Novena board, I think that that is great. I think we should try to raise
Dialogue: 0,0:47:47.30,0:47:55.30,Default,,0000,0000,0000,,a million dollars for Bunnie so that we have a free hardware solution, or open hardware solution, that actually is usable,
Dialogue: 0,0:47:55.30,0:48:00.27,Default,,0000,0000,0000,,that's fast, that doesn't support a company that doesn't care about our liberty, but instead supports a developer
Dialogue: 0,0:48:00.27,0:48:03.50,Default,,0000,0000,0000,,who really does care about our liberty and about our freedom.
Dialogue: 0,0:48:03.50,0:48:11.90,Default,,0000,0000,0000,,The next question from Malapart is, "Is .onion today what SSL was in the mid-90s?"
Dialogue: 0,0:48:11.90,0:48:26.40,Default,,0000,0000,0000,,I really hope not for a whole bunch of reasons. So the next question... ah. So someone in the audience wants me to elucidate
Dialogue: 0,0:48:26.40,0:48:32.63,Default,,0000,0000,0000,,on the link between anarchism and free software ideology and goals. I think that it's important
Dialogue: 0,0:48:32.63,0:48:39.28,Default,,0000,0000,0000,,to not focus too much on that, in particular because I think that sometimes talking about anarchist philosophy alienates people,
Dialogue: 0,0:48:39.28,0:48:45.53,Default,,0000,0000,0000,,because they think that anarchism is the same as complete chaos, or synonymous with violence.
Dialogue: 0,0:48:45.53,0:48:50.70,Default,,0000,0000,0000,,And so I'd like to sidestep that and say if you apt-get install anarchism, literally, that's the Debian package,
Dialogue: 0,0:48:50.70,0:48:56.33,Default,,0000,0000,0000,,you can read about the philosophical texts of anarchism. But the basic idea of anarchism is about mutual aid,
Dialogue: 0,0:48:56.33,0:49:02.53,Default,,0000,0000,0000,,it's about solidarity, it's about respect for human rights, it's about the same things that the free software movement are about.
Dialogue: 0,0:49:02.53,0:49:08.37,Default,,0000,0000,0000,,But there's a lot of propaganda out there about the notion of democracy, in fact, in the form of anarchy.
Dialogue: 0,0:49:08.37,0:49:15.23,Default,,0000,0000,0000,,And that's unfortunate, actually. And I think we can change that. One of the ways that we can change that
Dialogue: 0,0:49:15.23,0:49:21.43,Default,,0000,0000,0000,,is to actually have propaganda of the deed. In this case, making free software and free software available
Dialogue: 0,0:49:21.43,0:49:25.60,Default,,0000,0000,0000,,to everyone means that people understand the fundamental tenets of anarchist philosophy
Dialogue: 0,0:49:25.60,0:49:29.26,Default,,0000,0000,0000,,in their everyday life, and they don't have to learn about the philosophy too much
Dialogue: 0,0:49:29.26,0:49:34.43,Default,,0000,0000,0000,,to be enabled by it. And if they want to, they can learn about it. I think that's a very powerful way
Dialogue: 0,0:49:34.43,0:49:38.83,Default,,0000,0000,0000,,to make that happen, because it's very easy, for example, to talk about it philosophically,
Dialogue: 0,0:49:38.83,0:49:44.54,Default,,0000,0000,0000,,but until you have a tangible thing, it's not really clear. That is, when we didn't have an anonymity network,
Dialogue: 0,0:49:44.54,0:49:49.73,Default,,0000,0000,0000,,and people said, "Well, do you really need anonymity?" you would make a different choice than
Dialogue: 0,0:49:49.73,0:49:54.87,Default,,0000,0000,0000,,if you have an anonymity network and it will be taken away from you if someone says "do you need anonymity?"
Dialogue: 0,0:49:54.87,0:50:00.37,Default,,0000,0000,0000,,and you say no. So when you say yes, and it's there, and it's tangible, it changes it.
Dialogue: 0,0:50:00.37,0:50:05.53,Default,,0000,0000,0000,,And the same is true for anarchist philosophy, and the same is true, I think, for free software and free hardware.
Dialogue: 0,0:50:05.53,0:50:10.16,Default,,0000,0000,0000,,And especially when these things work together, they actually help us to build autonomous communities,
Dialogue: 0,0:50:10.16,0:50:16.10,Default,,0000,0000,0000,,they help us to build secure systems across hostile networks. I think that that's very powerful,
Dialogue: 0,0:50:16.10,0:50:20.70,Default,,0000,0000,0000,,and I think that the way to get people to care about that is actually to show them that.
Dialogue: 0,0:50:20.70,0:50:25.67,Default,,0000,0000,0000,,People care a lot more about connecting now that it's easy to do. It wouldn't have been a relevant question
Dialogue: 0,0:50:25.67,0:50:29.97,Default,,0000,0000,0000,,thirty years ago in the way that it is a relevant question now. So the freedom to connect,
Dialogue: 0,0:50:29.97,0:50:33.60,Default,,0000,0000,0000,,the freedom of free hardware and free software, these tie fundamentally into anarchist goals.
Dialogue: 0,0:50:33.60,0:50:37.40,Default,,0000,0000,0000,,I'd really encourage people to look up the works of Emma Goldman, for example.
Dialogue: 0,0:50:37.40,0:50:42.76,Default,,0000,0000,0000,,I think she's one of the greatest feminists to have ever lived, though most people don't know who she is.
Dialogue: 0,0:50:42.76,0:50:49.60,Default,,0000,0000,0000,,And if you looked at the Wikipedia page, for a time there was no mention of her on "Important feminists of the twentieth century",
Dialogue: 0,0:50:49.60,0:50:55.93,Default,,0000,0000,0000,,I think is the page I was looking at. I think that is a bit of a shame, but I also think that that's, you know,
Dialogue: 0,0:50:55.93,0:51:01.06,Default,,0000,0000,0000,,an easy thing to reconcile with reality if people go and they look it up and they study about it.
Dialogue: 0,0:51:01.06,0:51:08.03,Default,,0000,0000,0000,,So hopefully people will install that Debian package and otherwise learn about that if they are interested in it,
Dialogue: 0,0:51:08.03,0:51:14.13,Default,,0000,0000,0000,,but really, I think, getting people to have the values that are embodied in that is just as important if not more important.
Dialogue: 0,0:51:14.13,0:51:20.10,Default,,0000,0000,0000,,The next question is "What about those countries that are completely blocking projects like Tor?
Dialogue: 0,0:51:20.10,0:51:27.06,Default,,0000,0000,0000,,What should we do to help people in those countries?" I tend to think not in terms of charity,
Dialogue: 0,0:51:27.06,0:51:32.45,Default,,0000,0000,0000,,or helping people, but rather in terms of solidarity. So, the Tor project, for example,
Dialogue: 0,0:51:32.45,0:51:38.60,Default,,0000,0000,0000,,is not having a war with China, right? China often does not respect its citizens' autonomy,
Dialogue: 0,0:51:38.60,0:51:42.83,Default,,0000,0000,0000,,and blocks its access to the Tor network. One thing that would be helpful would be to
Dialogue: 0,0:51:42.83,0:51:49.00,Default,,0000,0000,0000,,make it so that, by default, a lot of applications use Tor so that the so-called collateral damage,
Dialogue: 0,0:51:49.00,0:51:52.80,Default,,0000,0000,0000,,though I'm loathe to use that term, becomes higher and higher, becomes more difficult.
Dialogue: 0,0:51:52.80,0:51:58.60,Default,,0000,0000,0000,,And also, such that people start to use what are called pluggable transports, like the obfuscated proxy obfs3.
Dialogue: 0,0:51:58.60,0:52:04.90,Default,,0000,0000,0000,,The proxy actually, right now, is not blocked in China. It becomes a sort of cat and mouse game,
Dialogue: 0,0:52:04.90,0:52:11.03,Default,,0000,0000,0000,,but it may be the case that as we build more difficult-to-classify protocols, as applications understand
Dialogue: 0,0:52:11.03,0:52:14.70,Default,,0000,0000,0000,,that sometimes the Internet does not respect your autonomy and wants to tamper with it,
Dialogue: 0,0:52:14.70,0:52:21.73,Default,,0000,0000,0000,,that will be something that will change the dynamic about how that blocking and that arms race works.
Dialogue: 0,0:52:21.73,0:52:29.73,Default,,0000,0000,0000,,We have another project, ooni.torproject.org, that's the Open Observatory of Network Interference,
Dialogue: 0,0:52:29.73,0:52:35.50,Default,,0000,0000,0000,,or we used to call it Open Open Net. That is a free software tool that we've been working on
Dialogue: 0,0:52:35.50,0:52:39.96,Default,,0000,0000,0000,,for several years now, to be able to look at censorship and surveillance. You know,
Dialogue: 0,0:52:39.96,0:52:45.70,Default,,0000,0000,0000,,censorship is a second-order effect of surveillance, so this tool, while at the moment not the most usable tool,
Dialogue: 0,0:52:45.70,0:52:51.20,Default,,0000,0000,0000,,it actually allows you to diagnose, understand, and share the data. So one thing that can really make a big difference
Dialogue: 0,0:52:51.20,0:52:58.03,Default,,0000,0000,0000,,in these topics is to actually share the data. Right? Once we start to study and understand these things,
Dialogue: 0,0:52:58.03,0:53:03.10,Default,,0000,0000,0000,,especially the techniques of censorship and surveillance, it allows us to change not only how the networks work,
Dialogue: 0,0:53:03.10,0:53:08.30,Default,,0000,0000,0000,,but how societies work around those networks. So, I think studying that can be useful.
Dialogue: 0,0:53:08.30,0:53:12.53,Default,,0000,0000,0000,,If you want to be a Google Summer of Code, I know that's kind of ironic, but if you want to be a
Dialogue: 0,0:53:12.53,0:53:15.57,Default,,0000,0000,0000,,Google Summer of Code student to work on one of these projects with the Tor project,
Dialogue: 0,0:53:15.57,0:53:21.53,Default,,0000,0000,0000,,I think we still have another day to apply for that, though I'm not totally sure about that deadline.
Dialogue: 0,0:53:21.53,0:53:27.63,Default,,0000,0000,0000,,If you just want to come hack on free software with us at the Tor project, we have a bunch of projects that are like that.
Dialogue: 0,0:53:27.63,0:53:37.96,Default,,0000,0000,0000,,Some other questions. It looks like... Yes, the Novena router does not have AMT, that's right,
Dialogue: 0,0:53:37.96,0:53:43.86,Default,,0000,0000,0000,,so it does not have a built-in backdoor, which is, I think, nice. At least not one that we know about.
Dialogue: 0,0:53:50.57,0:53:57.100,Default,,0000,0000,0000,,Any other questions here? Ah, I see, there's like twenty. Alright.
Dialogue: 0,0:54:01.03,0:54:06.47,Default,,0000,0000,0000,,"Could you please elaborate on the idea or concept that it is required a critical mass of privacy-minded users
Dialogue: 0,0:54:06.47,0:54:12.37,Default,,0000,0000,0000,,to create enough obfuscation for making discovery schemes like Tor network node spying to be unlikely?"
Dialogue: 0,0:54:12.37,0:54:17.93,Default,,0000,0000,0000,,I don't think we're going to make it unlikely for spying to take place. What we need to do is change
Dialogue: 0,0:54:17.93,0:54:25.80,Default,,0000,0000,0000,,the economic balance, and that may allow us to move into a world where mass surveillance of our intentional communications
Dialogue: 0,0:54:25.80,0:54:33.50,Default,,0000,0000,0000,,are much too expensive to do for everyone. And this is important, because if you have a phone,
Dialogue: 0,0:54:33.50,0:54:41.33,Default,,0000,0000,0000,,and you make a phone call, people think of surveillance and conceptualize surveillance as surveilling your call,
Dialogue: 0,0:54:41.33,0:54:45.13,Default,,0000,0000,0000,,but there's all the unintentional data that you leave behind. All the towers you visit, and so on.
Dialogue: 0,0:54:45.13,0:54:52.46,Default,,0000,0000,0000,,That stuff is also, unfortunately, a huge target of mass surveillance. So even if everyone's using
Dialogue: 0,0:54:52.46,0:54:56.50,Default,,0000,0000,0000,,something like RedPhone, we still have these little spy devices in our pockets.
Dialogue: 0,0:54:56.50,0:54:59.93,Default,,0000,0000,0000,,Even if it's free software enabled, the networks themselves are harmful to privacy.
Dialogue: 0,0:54:59.93,0:55:05.36,Default,,0000,0000,0000,,That said, we do need a lot of people using this stuff, because the more people that are using it,
Dialogue: 0,0:55:05.36,0:55:10.73,Default,,0000,0000,0000,,the more likely it is that it will stick around. If it's just people like Edward Snowden, Julian Assange,
Dialogue: 0,0:55:10.73,0:55:15.43,Default,,0000,0000,0000,,Glenn Greenwald, Laura Poitras, or myself using it, yeah, I mean, that's a problem.
Dialogue: 0,0:55:15.43,0:55:21.66,Default,,0000,0000,0000,,Not only do we stick out on the network, we have, well, basically it makes it much easier to target,
Dialogue: 0,0:55:21.66,0:55:28.63,Default,,0000,0000,0000,,and it also makes it possible for people to try to ban that technology, whether that's by DPI or by legal methods.
Dialogue: 0,0:55:28.63,0:55:39.26,Default,,0000,0000,0000,,That is a really serious problem. Okay, I think that we should wrap up here soon, it sounds like.
Dialogue: 0,0:55:39.26,0:55:48.53,Default,,0000,0000,0000,,If there are any other questions, I will take them, but otherwise I think I'm going to end the stream.
Dialogue: 0,0:55:48.53,0:55:55.24,Default,,0000,0000,0000,,If you'd like to hack on free software with us, and anonymity-related stuff, I'd be happy to talk with you.
Dialogue: 0,0:55:55.24,0:56:01.86,Default,,0000,0000,0000,,I will never use this Jabber address again, so that your social graph is not tainted by mine.
Dialogue: 0,0:56:01.86,0:56:07.66,Default,,0000,0000,0000,,If anybody wants to send me an email, you can send a mail to jacob@torproject.org,
Dialogue: 0,0:56:07.66,0:56:14.73,Default,,0000,0000,0000,,or if you'd like to, for example, chat with me on IRC, I'm ioerror in #libreplanet for now.
Dialogue: 0,0:56:14.73,0:56:20.33,Default,,0000,0000,0000,,Thank you so much for the honor and privilege of speaking with you, I'm really sorry that I cannot
Dialogue: 0,0:56:20.33,0:56:24.30,Default,,0000,0000,0000,,set foot in my own country right now, to be able to speak with you in person. But thanks to
Dialogue: 0,0:56:24.30,0:56:29.90,Default,,0000,0000,0000,,free software, I am able to speak with you. So, thank you so much for making that possible,
Dialogue: 0,0:56:29.90,0:56:33.71,Default,,0000,0000,0000,,especially to all of the free software developers in the room that actually made that possible.
Dialogue: 0,0:56:33.71,0:56:40.33,Default,,0000,0000,0000,,Thank you, very much for your time, and I hope to meet some of you again, someday, in real life.
Dialogue: 0,0:56:40.33,0:56:42.65,Default,,0000,0000,0000,,And remember: if not, it was murder.