silent 31C3 preroll
Laura and Jacob silently on stage
audio/video playback starts
Announcing person in video: Give
a warm welcome to General Alexander!
video starts all over again,
now at its titles
Announcing person in video: Give
a warm welcome to General Alexander!
video:applause
Alexander: Thanks!
Can you hear me?
Question: So does the NSA
really keep a file on everyone?
Alexander: So many things you could
say are funny but I think this requires
a very serious answer. First:
No, we don’t, absolutely not.
And anybody who’d tell you that
we’re keeping files or dossiers
on the American people:
No, that’s not true.
And I will tell you that those who would
want to weave the story, that we have
millions or hundreds of millions of
dossiers on people is absolutely false.
title with music
“Reconstructing Narratives”
audio/video playback stops
Jacob Appelbaum: That’s the first time
I can remember not being wiretapped!
Laura laughs
laughter and applause
Okay, well, it’s really a great
honor to be back, and it’s
really one of the greatest pleasures
of my life to be on stage with Laura,
who is one of the most fearless,
fantastic journalists…
applause
…and we are here today
to tell you a few things.
I am an American by birth
and post-nationalist, I suppose,
by an accident of history. I’m
here now working as a journalist
and Laura is working as a journalist.
And I’ll let her introduce herself.
Laura Poitras: So, I’ve been working
the last years, trying to document
the “War on Terror” and to understand
it from a human perspective
and how we can understand it differently,
if we understand its impact on people.
And today, what Jacob and
I want to do is to talk about
how the narratives that
we’ve been told are false,
and how we can construct new narratives
that are based on objective facts.
Jacob: I think in some way some of
the things we are saying will be
‘preaching to the choir’, because it is
through this community, that we have,
in fact, found some of the truths,
that we will talk about today.
And the CCC to me is like home, so…
laughter and applause
And so, if it wasn’t for the CCC and
your material support I don’t believe
that it would be possible for us to be
here today. So, thank you all very much
for the large conspiracy that the German
people and the international community
have brought.
some laughter in the audience
We have just now simultaneously
published on DER SPIEGEL’s website
two very large stories which we think will
be of great interest, which we will take
a little bit of time to explain.
But if you go to spiegel.de
you will see two stories.
One is about cryptography
and one is about… the CIA.
And about JPEL and NATO.
And this is very important, these stories
being published at the same time,
we very much want to thank DER SPIEGEL
and the colleagues who are in this room,
Andy Müller-Maguhn, Aaron Gibson
and a number of other people,
Marcel Rosenberg and Holger Stark…
applause
We, as some background, have
been working on these stories
really for a long time.
The crypto story, I would say,
it’s something we’ve wanted to do for
almost a year and a half, if not more.
And really, if you think about the
investigations in the Cypherpunks movement
we’ve really wanted to have some of
these answers for about 15 or 20 years.
Some of the answers are good and some
of the answers are not so fantastic.
I guess, it depends on where you stand.
But we hope that, by bringing this to you,
that it is really in the public interest.
And that the public here is interested
and that you will take it to other places.
That you will really take action, based on
what you see. Whether it is traditional
action, whether it is civil disobedience,
whether it’s FOIAs, whether it’s
something else, who knows, we hope
that you will feel empowered
by the end of this talk.
Laura: And I’d just like to say
that if anyone wants to open up
their laptops and look at some of
the documents that we’ve published
we won’t be offended at all and,
in fact, will be happy. I think it will
contribute to your experience
of the talk today.
Voice from audience: Laura,
it’s ‘/international’ on spiegel.de
Jacob: Great, ‘spiegel.de/international’
And for everyone who can’t be here,
streaming, remember if the stream cuts out
and you never see us again, it was murder!
Laura and audience laughing, some applause
Laura: So, one of the ways
that the ‘War on Terror’ works
– and the way that war works in general –
is how people are de-humanized
and reduced to numbers. This is a short
video that I filmed about Guantanamo.
video with serious music
Laura: That was a video that I made
about a former prisoner of Guantanamo.
His name was Adnan Latif. He
was sent to Guantanamo in 2012.
And this is how he came home. He
was on hunger strike for many years
before he died. And what
was most shocking to me
is watching what happens when he returns
home and that he’s listed as a number.
And that his family had to witness that.
That that was a person who they were
seeing for the first time in many
years, who is reduced to a number.
So today, what we’re publishing
with DER SPIEGEL is looking at
how that process works.
And it involves NATO’s JPEL kill list
that is being used in Afghanistan
to target people for targeted killings.
We’re publishing along that some
narratives of particular people
who are on the kill list. One
particular case was a man
who was given the code
name “Object Doody”.
He was targeted for killing,
or for assassination.
A British Apache helicopter
that was code named “Ugly 50”
was sent to kill him. This was on
a day that the visibility was poor,
and they missed him and they
shot a child and his father.
The child was killed immediately,
the father was wounded.
The helicopter looped back
around and killed its target.
Jacob: Right. So, part of what we are
hoping to do here, just to make it
perfectly clear, is to expose information
that people say doesn’t exist, with
a couple of goals. And one of those
goals, to be very clear about it,
– even though this, I suppose, tilts
me a little bit on the activist side
of journalism – is to stop the
killing. That is an explicit goal
with this publication. The British
Government and the American Government
– in various different ways NATO as well –
they say, that these kind of things
really don’t exist. That they don’t
happen this way. Any they talk about
the killing of people in a very…
let’s say ‘mechanical fashion’.
Usually they say this evidence doesn’t
exist, but the evidence does exist.
And, in fact, there are lists with
names, just endless names.
And those people, in various different
ways, are graded. They’re graded
with regard to the political consequence
of those people being killed. As well as
some very small spreadsheet and on
that spreadsheet, there’s a small box,
and that box explains their crimes.
Next to that, there’s a Dollar figure
for a potential reward. And maybe there’s
a restriction. Sometimes it says something
like “kinetic action prohibited”. For
example. That’s because, by default,
“kinetic action” is not prohibited.
That is because these are lists of names
of people to be found and to be
murdered. And so of these lists…
we have an excerpt of these
lists, being published today.
And the goal of publishing this is
to show what needs to be done.
So these lists have redactions
and the goal is that SPIEGEL,
along with hopefully others, will help
us to continue to work to uncover
not only the fate of these people on these
lists whose names are redacted, but also
the fate of people who are not yet on
these kinds of lists. Maybe to move
to a world in which we don’t have lists
for, what I would call, assassinations.
And that’s what SPIEGEL calls it as well.
This is not, as some people would say,
a “Joint Prioritized Effects List”. This
is an assassination program. And I think,
personally, that it is inappropriate for
democratic societies to have them and
when they deny that they have them, we’d
like to prove them wrong and publish them.
And so that is, what we have done today.
applause
Now, an important detail
of this is: In the story,
the very specific story that is told in
the SPIEGEL piece, as Laura mentioned,
there is an Apache helicopter. And
that helicopter attempted to engage
with a so-called “legitimate target”. And
part of what we hope to drive home
is this notion of legitimacy
and targeting. In this case,
there is a value, that is assigned to
a person. And that value is a number,
which includes the number of people who
are not the target, that can be killed
in service of killing that person!
That is completely innocent people,
who are allowed to be killed entirely. And
depending on the number there may be
a call back to base or to a higher command.
But the number isn’t 1 before they have
to make that call. They have discretion.
And in this case a child was killed with
a Hellfire missile. And why is that?
Because technology mediates this
type of killing and that technology is
not as precise as people would say.
And so we have today published
the storyboard of this objective “Doody”,
which is the name, D-O-O-D-Y.
That storyboard tells this and
explains that a child was killed
with a Hellfire missile in service of
killing someone else. And Laura
can explain what this person
did to ‘deserve’ to be killed.
Laura: I mean, actually, what I wanted
to transition to is looking at
actually the fact… the narrative is, that
the government or governments are
targeting people, who are suspected
of something. And in fact
what we learned, is that they’re targeting
people based on as little information
as their telephone number, or a voice
recognition. And they’re using those
as methods to target and kill people.
One of the things, that we’ve learned
through the disclosures by Edward
Snowden is that they’re targeting people
not just in war zones but internationally.
They’re targeting us for surveillance
all over the world. And…
this is a video of a target.
audio/video playback starts
Man: This is the highest level! (in German)
Ali Fares: Mh-mh!
Netcologne, [inaudible], Teliast…
Oh my god, it’s so good documented!
That are most of the
routers that I actually know.
Office, plied sky (?), and…
Man: This is an engineer?
Ali: Yes.
Man: Engineer, engineer, engineer, engineer…
Ali: Oh, yeah.
Man: …engineer, engineer.
This is you?
Ali: Yes.
audio/video playback stops
Jacob: So what you just saw there
was “Engineers from Stellar”, and
that is a fantastic name for a company
that gets compromised. It is important
to understand the notion of targeting
with regard to why a target
considered legitimate in some cases can
have this notion of collateral damage.
Now in the case of Stellar or in the case
of Belgacom, which Laura revealed
with DER SPIEGEL, what we learn
is that it isn’t actually the case
that a terrorist is involved
with Belgacom or with Stellar.
It is that a kind of neo-colonialism
is taking place in the digital era,
wherein the colonies, the networks,
that they do not have through coercion
of the state or through other surveillance
practices, they have to be compromised.
And those become targets and they
become legitimate targets in theory
and in actuality, because of it’s
usefulness. Because of the leverage
that it provides against a speculative
target, someday in the future. That is,
these networks become compromised
in service of being able to compromise
future networks and other people, just
because they can. They set out to do that.
And so Stellar is an example of such a
thing. And to be able to confront victims
this way, to show them that they’re
compromised helps us to understand,
helps us to show that in fact we are
directly, and indirectly impacted
by these types of activities. And when
we think about this kind of targeting
we have to understand the scale.
And this scale is sort of incredible.
The budget for targeted
exploitation, for the NSA,
not speaking at all about the GCHQ,
or the Defense Signals Directorate folks
over in Australia,
there’s so much money,
when you look at the offensive warfare,
that for 2013 alone there was
650 million Dollars spent
on the GENIE program.
And the GENIE program is their
offensive Cyber War program,
as they call it themselves, in which they
build backdoors, like UNITEDRAKE
and STRAITBIZZARE and other tools like
Regin, which you know as one of the tools,
I hope, that has been used in
Belgacom and in other places.
So they target places like Stellar and
Belgacom, but they also target places
like the European Union. In that
case, the EU takes the place
of a terrorist. That is: they are the
goal. They aren’t compromising
the EU’s networks just because
someone interesting might show up,
they are compromising the EU’s
networks, because the EU is
the equivalent to a terrorist to them. And
they wish to have leverage and control.
Because that’s what surveillance is in
this context. It’s exploitation of systems,
where they leverage access to that
system, or whichever systems that they
have access to, to get more access,
to have more control. Either politically
or technologically or both.
Which ties of course into economics.
Now, in the case of GENIE 650 million
Dollars is quite a great deal of money.
But for 2017 the projected budget
for GENIE is a billion Dollars.
This is just the beginning of what
we see. And these civilian targets
or these governmental targets that are
being targeted in continental Europe,
they’re not alone. It is actually
happening all around the world.
And these compromises, they happen
in service of mass surveillance.
Whenever they don’t have the ability to
mass-surveil a system they implant systems
along the way in order to surveil
what goes in and out of them.
Systems are even used as what are called
‘Diodes’. And Diodes are essentially
another term which we see the Canadians
use. Operational Relay Boxes or ORBs.
Anybody here that used to be a black hat,
I know there are no more black hats here,
it’s all legitimate, but… except
for that guy, in the front…
Everybody knows what you use those boxes
for: You use them to jump from one network
to another network, so that when
something is traced back it traces back
to that machine. In the case of the
Canadian Service they themselves
talk about, a couple of times a year,
compromising as many systems as they can
in non-Five-Eyes countries, in order to
ensure that they have as many operational
relay boxes as they need for the
coming year. These diodes mean
that when a system does a thing, it is
absolutely not the case that we can say
the person who has purchased
that system is responsible for it.
It is their official doctrine, in fact,
to use other people’s computers
for their hacking. And that’s important,
when we now consider, that they have
– in 2017 projected – a goal of
having a billion Dollars to do that.
When we look at how that bounces out with
Defense that is – not at all – balanced.
In fact, it is tilted entirely
towards Offensive Warfare.
Laura: I was wondering, how many
people in the room have gone online
to look at some of the
documents that we released.
Jacob: Anyone? Hey, nice.
Laura: Alright.
Jacob: Fantastic! So in
the future, that is to say
in approximately 3 weeks, we plan to
release, along with some of our colleagues
at SPIEGEL, and other people who
are helping out, more information
about specific malware, specific
cases in which it’s used
and details about information sharing
with regard to the malware in terms of
how it’s harvested. We’re thinking
probably in the second week of January
for that malware story. And we
wanted to make sure to get it right
and we wanted people to focus on
the specifics of the NATO kill lists
and to focus on cryptography.
We thought, well, people here
in the audience would be able to handle
all three, the rest of the world just
isn’t ready for it yet. So we had
to take a little bit of a pause. So
more of the malware details will be
released in about 3 weeks. Now for me,
one of the things that has, I would
say for my entire adult life been
very interesting to me and before
my adult life started, was a system
known as Echelon. Anybody
here remember that system?
‘Woohoow’, and laughter
jokingly: That’s the guy that built it!
more laughter
I would guess… maybe not,
sorry, I don’t want to… trying to
snitch jacket you there… But
I think it’s to me extremely
important to hear about these
kinds of things, that sound totally crazy.
Like the CIA torture report, for example.
That started out as a conspiracy [theory].
And now we know, that America’s
official policy with the CIA was rape,
anal rehydration. Those were
conspiracy theories which
we now know to be facts.
So Echelon, the rumour of Echelon was
this notion of planetary surveillance.
And of course it was Duncan Campbell who
brought this forward in an European Union
report. He, in fact, very clearly outlined
the interception capabilities
of the U.S. Government and others.
Now, it is hard to actually imagine
planetary surveillance, on a scale, let’s
say, your home, and how your home
fits into your city, and your city how it
fits into a country, and the whole world.
And all of that being monitored.
But what we found is that
during the Crypto Wars we thought that we
had won. We thought that we had a way,
really, to change things. We thought that
with cryptography we would be able
to change the entire balance. Even if
something like planetary surveillance
would have come about. And so when
Duncan Campbell released his reports
about Echelon in the very early 21st
century I think a lot of people weren’t
as concerned about it as they should
have been. And shortly after that
the ‘War on Terror’ really got
off to a very, very big start.
It turns out that we weren’t as concerned
as we should have been in the right areas.
And we I think can say now, that the first
Crypto Wars were not won and in fact
the first Crypto Wars were probably
– if anything – lost, or they’re still
going on now. If we were to delineate that
and we were to talk about as an example,
the second Crypto Wars, what we would
find is what has actually been happening
behind the scenes, and, thanks to Edward
Snowden we actually have a great deal
of answers that we would
probably not have otherwise.
applause
Now, it is important to understand
that the context of this
is the notion that everyone is suspicious.
That we live now in a world of total,
absolute surveillance which sometimes
misses a thing, here or there.
But this is the goal: Collect it all!
That’s General Alexander’s notion.
When he talks about his notion
e.g. about dossiers it’s a trick.
It’s a rhetorical trick. Because what he
means to say is that now dossiers
are dynamic. And that this information is
not stored on lists, written down like in,
let’s say, the 50s. Rather they’re
stored in databases that dynamically
will generate a list based on a query
from an analyst. “Give me every person
that went to this website at this time”.
And it of course expands, the notion is
that somehow this will only be used
against terrorists. But what is a terrorist,
in this case? In some cases it actually
includes people who are merely involved
in drugs, and part of that has been
published as part of the JPEL kill lists.
That is to say: people who are definitely
not terrorists, but who are otherwise
interesting targets, so there’s a sort of
“bleed over”, and so we see the same thing
with surveillance and cryptography: It
was for exceptional targets and now it is
for everyone. And so cryptography came
as a liberator. And that was the idea.
But just as we showed a little bit ago,
with STELLAR where they targeted engineers
specifically to have access to the
infrastructure, so, too, we find
that for cryptography they sabotage
critical infrastructure. We found, in fact,
so many different interesting things that
it’s actually hard to talk about
it in only half an hour of time.
Laura: I’d like to just say, as one of
the journalists who’s been publishing
on the documents I think that one of the
most both important stories and the
most unsatisfying stories was the
BULLRUN story that was published
by The New York Times, and the Guardian,
and ProPublica. Because it did warn us
of how the NSA was
attacking critical infrastructure
to make the internet insecure, and
yet it didn’t tell us any specifics of
what they meant by that. And this is
something that I think frustrated
many people in the audience, and so…
applause
And so the reporting
that Jake’s been doing
along with Aaron Gibson
and other people…
Jacob: Christian (?)…
there in the audience.
Laura: … is to dig in and to find out
what those specifics are so that we can
actually warn people about what is safe
and what’s not safe in cryptography.
Jacob: So, we have, let’s say, a little
free time we’re gonna talk about this…
but I’d like to do some surveys: Who here
uses PPTP? And don’t laugh at them
when they raise their hand, let
them be honest… who uses it?
One guy!
laughter
Ok, well, good news to this audience…
stop doing that, we’re gonna tell you why
in a second. Laura laughs
Who here uses IPSEC?
With a pre-shared key?
Fantastic…
Stop doing that too…
laughter
Raise your hand if you use SSH!
even louder laughter
Laura laughs
Guess what…
laughter, slight applause
In the documents that we’re publishing
today we are showing in fact a series
of systems that, if we
understand them correctly…
I wonder if I should say my next sentence…
I say this only as myself and not as Laura.
I’d be surprised if some building weren’t
burning, frankly. But… the NSA claims
to have databases for decryption, or an
attack orchestration for PPTP and IPSEC,
which is not so surprising at all, but
also for SSL and TLS, and… for SSH.
They have specific slides where they talk
about the Debian weak number generation.
This is not that. For what we can tell
they have separate programs for that.
So they of course have a way through the
cryptographic exploitation services,
crypto-analysis exploitation services, to
do certain decrypts. Now, they say:
“We stress: potential!”. It seems to be
there’s a pattern. And the pattern is
things that are done entirely in software,
in particular, those things as long as
there’s a good random number generator,
and especially if it is Free Software,
what we find is that it seems to stand
the test of time. That doesn’t mean
that it always will, because we found
a couple of things. One of the things
is that we found that they log the
cipher texts, and that they wait.
Sometimes to break it with brute-force, so
we are also revealing today the location
of the two large supercomputers: That is
at Oak Ridge National Laboratories and at
Fort Meade, for a program called LONGHAUL.
The LONGHAUL I suppose as they
have named it appropriately, is for their
long haul approach. Combined with things
like the massive data repository, or the
Mission Data Center, the Mission Data
repository in places like Bluffdale, Utah.
They plan and do store the cipher texts
of an unbelievable number of connections.
When you make an SSL / TLS connection
the GCHQ keeps statistics. The Canadian
CSE keeps statistics. They seem to log
metadata about the handshake in terms of
TCP/IP, but also in terms of SSL and TLS
for the actual protocols. That is to say,
they store the cryptographic handshakes,
and in some cases for specific selected
data they take the entire flow. Now,
we have found claims that are kind
of amazing: in the case of BULLRUN
the New York Times and the Guardian,
and the rest of the collaborating
news organizations have often
left out important details.
One of the important details which I find
to be the most shocking and upsetting
is that the British alone by
2010 – was it? – had 832 people
right into their BULLRUN program. That is
832 people knew about their backdooring
and sabotage of crypto, just
in the British Service alone.
And each of the Five-Eyes countries
runs a similar program, like that.
With potentially similar numbers of
people right into those programs.
They say something like: “3 people
can keep a secret if 2 are dead”.
How about 832 British men? I’m not
sure that that’s a really good bet.
And these guys have bet the farm on it.
That is to say, they have slides and
presentations and intercepts where
they decrypt SSL, where they discuss
decrypting SSL at a scale starting in
the tens of thousands, moving into the
hundreds and millions of thousands.
Hundreds of thousands, and millions, and
then into billions, actually. For TLS
and SSL they actually have statistics
on the order of billions. Of all the
major websites that everyone here
probably has used at one
point or another in their life.
So, in the case of the Canadian Services
they even monitored ‘Hockeytalk’,
to give you and idea about this. And they
talk about it in terms of ‘warranted’
collection, and special source
collection, and encrypted traffic
indeed does stand out. They have
programs like QUICKANT, which is a
specific way of interfacing with
a program called FLYING PIG.
FLYING PIG is an SSL/TLS database,
it’s a knowledge database,
and QUICKANT seems to be what’s called
a “Query Focused Data Set”. They try
to use that, from what we can tell,
for doing low latency de-anonymization.
Some of the documents we’re releasing
today will explain some of their failures.
Now, I think it’s important to be
cautious about this because they have
many compartments for their data,
that is to say they very clearly
have ways of keeping secrets even from
themselves. But one of the things we found,
and that we’re publishing today also,
is a FISA intercept. And to the best
of my knowledge, and I think that this is
true, no one has ever published one
of these before. So, this is the basis for
what you would call ‘parallel construction’,
actually, where they gather Intelligence
and then they say, “whatever you do,
don’t use this in lawful investigation,
don’t use this in a court,
it’s not evidence. But by the way,
here it is”. So we’re publishing
one of those today and we have
some, well, moderately good news.
In looking at these, what we have
found is that they consistently break
various different types of encryption.
So if you’re mailing around a Microsoft
.doc document that’s password protected
there’s a good chance that they
send it to LONGHAUL using a thing
called ISLANDTRANSPORT and then that,
if it can, through brute-force, is
decrypted. And it is the case
that, when they do this decryption,
they send it back and they include
the decrypted information in the FISA
transcript. They do this for .rar files,
they do this for .doc files, they do this
for a bunch of different systems. But we
don’t want to focus on what’s broken
because The New York Times and
The Guardian and other places have
already sort of said “everything is fucked”.
We wanted to try to
make it a positive talk!
laughter and applause
And… so I think Laura here is just
going to be able to show you in fact…
Laura: If it will play…
Jacob: Just drag it over… the other way…
So we wanted to show you… who here
has heard about PRISM? Everyone?
What does that mean to you? It doesn’t
mean anything, right? We just know
that it’s some massive surveillance
program. We wanted to show you what
one of those PRISM records actually
looks like which, in itself is, I think…
Laura: Sorry.
Jacob: It’s okay.
…it’s a rather unexciting document, except
for the fact that we get to show it to you.
Which is great. [to Laura:]
I think if you escape for the…
Laura: …escape out of here?
Jacob: There it is. Hey FBI, fuck you!
laughter and applause
So I take great pleasure in being able to
say that this couldn’t have happened
without Laura!
cheers and applause
But if you look here you see
‘SIGAD US-984XN’. That’s PRISM!
And this is your dossier for PRISM.
some shouts from audience
From audience: “O3”, “Larger!”
Laura: Yeah.
audience laughs
document on screen is zoomed in
audience goes: “Aaaah!”
cheers and applause
And if you’re wondering about the
redactions, it’s all Andy Müller-Maguhn.
slight laughter
Shouted from audience: Fuck you!!
Jacob laughs
Jacob: Here’s the good news! The FBI
regularly lies to the American Public.
And to the rest of the world.
Then they say they’re ‘going dark’.
What we found in the study of these
FISA intercepts is that basically
no one uses cryptography. And basically
everyone that uses cryptography is broken,
except for – well, let’s say –
2 things. Thing No.1 is OTR.
big applause and cheers
Very important to go with it is you’ll
notice that there’s some metadata.
And it’s just metadata. But as the U.S.
Government has said in public, they
kill people with metadata. So up there
you’ll see that, I believe this was Yahoo,
is that right, Andy?
Andy M.-M. answers from audience
Yeah, I think… it could be Gmail, or could
be Yahoo, I forgot which one this one is.
We’re releasing, you know, enough
for you to figure it out on your own.
Hopefully this isn’t you, if so, I’m
sorry we redacted your information.
Cause if it was me I wouldn’t want it to
be redacted. But you’ll see that it’s
a user name, IP address as well as
a time and a date. And you also see
other IP addresses associated with it. Those
are used for selector-based surveillance.
Which if you haven’t been following along
at home it means that they can take
that information, put it into other
databases, and the things like XKeyscore,
and pull up other information that will be
related. But most importantly here is,
you see what is essentially a chat log. As
if it had been created on your computer.
Now, don’t log – it’s rude. They did it
for you anyway. And what you see is
“OC – No decrypt available for
this OTR encrypted message”.
In other documents we see them saying
“cryptographic exploitation services”.
“We can’t decrypt it, it’s off the
record”. Quite a nice endorsement!
And what we have also found is
that they do the same thing for PGP.
applause
Now in other cases they do decrypt the
messages. So instead of telling you
about everything “It’s broken!”
what we wanted to do is to suggest:
“Look at the composition of OTR, find
Ian Goldberg who’s here somewhere,
ask him to review your cryptographic
protocol”. Maybe don’t – he’s probably
already overwhelmed. But Snowden said
this in the very beginning. He said:
“Cryptography, when properly implemented,
is one of the few things that you can
rely upon”. And he’s right. And we
see this. This is the message.
These things are not to be used in legal
proceedings. And yet here we see them
anyway. And what we see is that even
there, in the most illegal of settings,
essentially, they can’t decrypt it. Now the
sad part is that not everyone is using it.
But the good news is that when you use it,
it appears to work. When you verify
the fingerprint, e.g. We didn’t find
evidence of them doing active attacks
to do man-in-the-middle attacks. But
that’s easy to solve. OTR allows you
to authenticate. PGP and Gnu-PG allow
you to verify the fingerprint. We did find
evidence of them having databases, filled
with cryptographic keys, that were pilfered
from routers, and compromising machines.
So rotate your keys frequently,
use protocols that are ephemeral. They
themselves find that they are blinded
when you use properly implemented
cryptography. So Gnu-PG
– Werner Koch I think is in the audience –
Gnu-PG and OTR are 2 things that
actually stop the spies from
spying on you, with PRISM.
applause, some cheers
Laura: to Jake Would you mind if I ask…
for a volunteer to … computers …?
Jacob: So, we have some other really
good news. And that good news
is this: There are… in some of the
slides that are being released
a matrix – not ‘the Matrix’
that you’re hoping for –
laughter
but we can talk about that program later
laughter
I’m not even joking. But…
laughter
There are some other things. One of the
things that they talk about in this matrix
is, what’s hard, and what’s easy.
And in the case of ‘Hard’
they describe Redphone, and that means
Signal, the program by Christine Corbett
and Moxy Marlinspike as ‘catastrophic’.
applause
They say: “Tails and Tor – catastrophic”.
cheers and applause
So what that really means is that we
now understand some things that
they have trouble with. And how they
will take action to try to sabotage it
is clear. They will try to sabotage the
Random Number Generators like they did
with Dual_EC_DRBG. They will
try to sabotage the platforms.
They will try to force companies to be
complicit. I think the German word is
‘Gleichschaltung’. You’re all familiar:
with that? That is the process that is
happening now in America. With these
crypto programs. That’s what PRISM is.
PRISM is when companies would like
to fight against it. And that’s not to
call them ‘victims’, most of them are
willing. This is still what they’re
forced into. That is the legal regime.
And it is when you take responsibility
using the strong crypto that you can
set that in a different direction.
Those companies actually can’t really
protect you. They are, in fact,
secretly in some cases, and sometimes
willingly, complicit in that. And, so
if you use Redphone and Signal, if you
use something like Tor, and Gnu-PG
with a properly sized key – don’t
use like a 768 bit RSA key
or something stupid like that…
If you use OTR,
if you use jabber.ccc.de – buy that guy
who runs that a beer, by the way –
applause
if you use these things in concert
together, you blind them.
So this is the good news. And the
documents that support this
are online. We have some other bad
news, though. There exists a program
which they call ‘TUNDRA’. TUNDRA – it’s
not exactly clear what the details are.
But they say that they have a handful
of crypto-analytic attacks on AES.
Obviously they can’t break AES, or
they would be able to break OTR.
But what it suggests is that they
have a conflict of interest.
Well, they’re both supposed
to protect our information
and, of course, to exploit it. If they
have attacks against AES, much like
if they have attacks against SSH as they
claim in the Caprius database,
in that program then it shows that
conflict of interest runs very deep.
Against our critical infrastructure.
Against the most important systems
that exist. Protect our data. And it
shows a sort of hegemonic arrogance.
And that arrogance is to suggest that
they’ll always be on top. I had
the misfortune of meeting General
Alexander, quite recently. In Germany.
And after failing to have him arrested,
which was a funny story in itself,
I asked him what he thought he was doing.
Another person there stood up and said:
“What about who comes after you next?” And
he didn’t quite understand the question.
But his answer was pretty eerie: He
said: “Nobody comes after us next”.
faint laughter
“Thousand-year Reich”. That is
exactly what he was saying. And
when I confronted him about accountability
for things like kill lists, and crypto
he said that he was just
following orders. Literately.
laughter and some applause
So. Now we know what blinds
them. And we understand
what they do with things when they’re
not blinded. Their politics include
assassinations but it doesn’t just
end there. It includes torture,
it includes kidnapping. It includes buying
people. And then sending their bodies home
with a number. Instead of a name.
It includes de-humanizing them.
So we want to encourage everyone here to
feel empowered with this knowledge,
which is a little difficult. But, Werner
Koch, are you in the room?
positive
Could you stand up?
applause
Stay, stand there, just
stay, stand there!
Laura: Stay up, stand up!
Jacob: And Ian Goldberg,
are you in the room?
I’m sorry to do this…
There is Ian!
ongoing applause
…and Christine Corbett…
Christine Corbett, are you in the room?
From Signal?
Laura: Stay… keep standing!
Jacob: Stand up! Stand up!
applause
These people, without even knowing it,
without even trying, they beat them!
cheers and strong applause
Laura: So,…
don’t sit down guys! So,
last night I screened my film
“Citizenfour” here, and there were some
questions, and somebody asked
what can they do to support the work that
Snowden has done, and the journalists.
And actually what I should have said
and I didn’t say in the moment is that
actually everybody should fund the work
that you guys do. And I mean that,
because, literally, my work would not be
possible without the work that you do.
So I would like it if everybody in this
room when they leave here in the next week
to reach out and fund these projects.
Because without these projects
the journalism that Glenn and I, and Jake
have done would literally not be possible.
strong applause, some cheers
And…
Jacob: Just to be clear, since this video
will definitely be played at a grand jury
against the both of us, I wanna make
it perfectly clear that defense
of the U.S. Constitution is the Supreme
defense, your honor! And, secondly,
that those gentlemen had nothing
to do with any of this at all!
laughter, some applause
So, now, hold your applause, I’m sorry.
I mean – they deserve it forever.
If it wasn’t for them we definitely would
not have made it here today. So it is
Free Software. For freedom, literately,
as Richard Stallman talks about it.
Empowered, with strong mathematics,
properly implemented
that made this possible. It is not
hopeless. It is, in fact, the case
that resistance is possible. And, in fact,
I think the CCC… If I have learned
one lesson from the Chaos
Computer Club and this community –
it’s that it’s mandatory. That we have
a duty to do something about these things.
And we can do something about it.
So what we need to recognize,
and what I hope that we can bring
to you is that there is great risk,
for Laura, in particular. In making
these kinds of things possible.
But that we are in it together.
When Julian and I gave a talk
with Sarah Harrison last year, and we
talked about “Sysadmins of the world,
uniting” we didn’t just mean
sysadmins. We meant:
recognize your class interests, and
understand that this is the community
that you are a part of. At least a small
part of. And that we’re in it together.
We need people like Christine Corbett,
working on Signal. We need people
like Ian Goldberg breaking protocols and
building things like OTR. And Werner Koch.
We need Adam Langley building things
like Pond. But we need everybody to do
whatever they can to help with these
things. It requires everyone; and
every skill is valuable to contribute to
that. From all the people that work on Tor
to people that work on Debian. That work
on free software, for freedom, literately.
So what we wanted to do was to say that we
should align with these class interests.
And that we should recognize them. And
that we should work together to do that.
And it is this community who can help
to really change things in the rest
of the world. Because it is in fact only
this community and some of the people
in this room, and around the world to tie
in to it, that have blinded these people!
Everyone else seems to have
either gone complicitly;
or they have designed it
incompetently and broken,
and it is not good. So that
is important to recognize.
Every person, if you are here you are
out of a small set of people in the world,
use that power wisely. Help these people
to do that. And that will help us all
to continue. Not only to reveal these
things but to fundamentally shift
and change that. For everyone, for the
whole planet. Without any exception.
So, on that note we’d like
to take some questions!?
Laura: Yeah!
strong applause and cheers
Herald waving at the speakers
to approach stage center
standing ovations
Herald gently pushing the
speakers to stage center
continued standing ovations
Laura: Thank you!
continued standing ovations
Jacob: Wow!
Herald: So, everybody who has a question
please stand in front of
one of the 6 microphones
that are in this room, and,
Signal Angel? Are you there?
Signal Angel: Yeah, I’m here!
Herald: Are there questions from the internet?
Signal Angel: Yeah, so the first one would
be: What should we do about SSH now?
laughter
Laura laughs
Jacob: Well,
to Laura: shall I?
Laura: Yeah.
Jacob: I wanna be clear.
We don’t understand, we only know what
they claim. And I don’t wanna hide that
and say that they didn’t claim anything.
But they do have claim. They claim
it as potential. What I would say is:
what about these NIST curves?
What about NIST-anything? The documents
that we’ve released specifically talk
about something that’s very scary.
They say that it is Top Secret,
in a classification guide, that the
NSA and the CIA work together
to subvert standards. And we even released
as part of the story an example of them
going – the NSA, that is –
to an IETF meeting
to enhance surveillance
with regard to Voice-over-IP.
They’re literally amongst us. So
what do we do? First, find them.
Second, stop them!
mumbles and faint applause
Question: Thank you!
Herald: Microphone 2, please!
Question: Can you talk about, do you
plan on releasing the source material,
eventually? Or will it always be redacted?
Jacob: Well, some of this is already
out right now, without redactions.
With the exception of
very few sets of redactions.
For agent’s names, and things where
legally… we will go to prison. I mean,
I’m not adverse to that.
But I’d like to wait a while.
laughter
Question: What about
in 15..20 year’s time?
Laura: Yeah, I mean, I think there
are 2 questions there as how to…
scaling (?) the reporting. But I agree,
it needs to happen. And I think
it’s a valid criticism. I need to do more
of it. I think certain things, I think,
will… I would say should continue to
be redacted, at least for the short term.
Which I think is like there are a lot of
names, you know, e-mail addresses,
phone numbers. All these kinds of
specifics, I think, we’ll continue to redact.
And then we’re working on scaling.
I haven’t really had time to think about
15 years from now. So, but of
course, I think at some point
this questions-of-names becomes
less of an issue. But I do here
the criticism that we need
to be doing more publishing!
Jacob: If we live that long! I hope
you’ll help us! Laura laughs
Next question?
Herald: Next question from the internet, please!
Signal Angel: So how reliable
is this source on OTR,
can that be verified with
a second source, somehow?
Jacob: Well, I think that’s
a really good question.
From what we know, cryptographically,
OTR which has been analyzed
by a number of people hasn’t been broken.
And what it appears to be the
case in these FISA intercepts,
alone, that is one set of things. Where
they produce one set of evidence
from one set of people. And there are
other documents, from a different section,
from different agencies, that essentially
say something completely the same.
That is: Everything we see seems
to support that. And I would say
maybe Julian is not the best
example of how great OTR is.
But I think I am. I rely on it every day
for almost all of my communications.
And I feel pretty confident, combined
with this, as well as talking with people
in the Intelligence community
who actually use OTR, and PGP,
amazingly enough. So I feel
pretty good about it. And
the most important part is that they don’t
have super powers. They have backdoors.
E.g. I really would encourage people
to look at the Cavium (?) hardware.
I don’t really know why. But it seems
to be that they’re obsessed with this.
And you can look at the documents and
you can see that. Look at the hardware.
Crypto hardware. And imagine that it’s
compromised. They spend tens of millions
of Dollars to backdoor these things. And
they work with agencies around the world
to make that happen. So, would make
sense that OTR would be safe, actually.
It doesn’t interface with any hardware.
And it would make sense because the math
seems to be good. And it seems to be vetted.
And that seems to be their weakness.
Question: Thanks.
Herald: Number 4, please!
Question: Hello. I have… actually, it may
be a little odd question. But I wanted
to ask it anyway. Regarding the
term ‘War on Terror’ in general.
Because all of these things, the
Torture Report, the NSA spying,
is all being done in the name of
the ‘War on Terror’. Even though
we know a number of the people who were
tortured were innocent and were in no way
terrorists. We know torture does not
work as an interrogation method.
And we know a vast majority of the people
who are being spied on are completely
innocent and did nothing wrong. And
I wanted to know whether maybe we might
actually be inadvertently lending (?) an
amount of credibility to the whole thing
by using the term
‘War on Terror’ in the first place.
Laura: Yeah, I mean, actually, I think…
Right, we’re talking about ‘Reconstructing
Narratives’, and that’s maybe one we
should binoc (?). This is really the
‘War on pretty much Everyone’.
And so, I agree with that.
I think… and I stopped using it for
a long time. I think that I began
re-using it, I think,
when nothing changed.
And, in fact, I think I was one of those
people who thought things were changed
under Obama. And there would be some
accountability, like if you torture people
you’re held accountable for torturing
people. And then there didn’t. So,
yeah, I agree, we need a new term for that
to describe… Mainly, (?) some people are
calling it the ‘Endless War’, which
I hope is that isn’t actually true.
But I do think that that’s a term that
comes with the narrative
of the Government.
Jacob: I think, because I’ve been living in
Germany for a while I actually don’t use
the ‘War on Terror’ as a sentence,
ever. I say ‘Imperialist War’.
Because that’s what it is. It’s Imperialist
war. And it’s an Imperialist war on you,
as a person, your liberties. It’s not
about privacy. It’s about choice.
It’s about dignity. It’s about agency.
And of course, I mean these guys
are murderers and rapists. We
shouldn’t dignify them. I mean they’re
absolutely awful. The Torture Report
really shows that. But it doesn’t matter
that torture doesn’t work. That’s like
– as is often said – you know this notion
like, what (?) is slavery economically
viable? Who fucking cares? It’s slavery!
applause
Question: Thank you!
Herald: Number 1, please!
Question: Do you think, since it’s
kind of obvious, that we should reject,
or mostly reject, the projects that are
influenced by Governmental Institutions
like NIST? Do you have any
information to how they react
when they see that you use
smaller projects like e.g. Paths (?)
to encrypt your harddrive,
and some odd crypto scheme?
Jacob: Well, one of the things
we found is that Truecrypt, e.g.
withstands what they’re trying to do.
And they don’t like it. I really wonder
if someone could figure out why Truecrypt
shut down. That would be really interesting.
applause
I can also tell you that after I met
General Alexander, and I told him
to go fuck himself as hard as
possible with a chainsaw…
whoohoo’s, cheers and applause
I hope he’s watching this video!
laughter
He actually went to, let’s say my
employer who shall remain anonymous
someone in the audience laughs
and, … sorry Roger!
laughter
…and my understanding is they also
went to our funders, and said:
“What’s this guy? What’s he doing?”,
you know, and they tried to pressure. And
my employer, who shall remain anonymous,
did not cave. But, yeah,
they exert pressure!
applause
Herald: Another question
from the internet, please!
Signal Angel: Yeah, so, these files
are pretty shocking, or revealing.
Were they part of the stuff that
came out in summer last year?
And where was the bottleneck?
Why do they come out now?
Jacob: Oh that’s a question for you!
Laura: Yeah! So in this case
this was a number of reasons. One is
that we’ve been slowed
to scale the reporting.
And it was also the case
that some of the files
I personally didn’t have
access to, during that time
when the story actually first
came out. And then also
just the time of reporting and
researching the documents.
Herald: Number 3, please!
Question: Thanks for the talk! It was
great! I support totally the idea that
we need strong crypto. And I think that
strong crypto needs also support,
and we should all use it. But I think
strong crypto is not the whole
answer to the political situation
that we have. And I think…
applause
…I think that this community of
hackers and nerds needs to build
stronger ties with political movements
and be part of political movements.
I know you are, and I think that
we can’t solve the political dilemma
with just strong crypto. So we need both.
applause
Herald: And another
question from the internet!
No more questions from the
internet. So, number 3, please!
Question: Yes, thank you also very much
for the talk. I want to ask a question
about Citizenfour, and especially the
ending, of Citizenfour, where there’s
a strong suggestion that army base here
in Germany, called Ramstein is essential
in these killings that you addressed
tonight. What would be your… like,
are you gonna give more information
that’s not just suggestional? And
what would you want, like, especially
this audience to engage in?
Laura: I mean, so, there is gonna
be more reporting on that topic
that I’m working with, and my colleague
Jeremy Scahill, at the Intercept.
And unfortunately I can’t say more
than that, other than, we will be
coming out with more information that
will go beyond what you see in the film.
So, for sure. And it deals with
how Ramstein is part of the
infrastructure and architecture
of communication.
Jacob: Shut it down! Shut it down!
applause
Herald: Number 5, please!
Question: Is there a minimum key length
that you would consider unsafe?
Jacob: Yeah, so, actually I’m glad you
asked that question. I was sort of hoping
someone will do that. Okay. So. There are
some documents from the GCHQ
where they talk about their super
computing resources. And,
about 3 years ago they were
talking about 640 bit keys
being something that they sort of casually
take care of. Now at the same time that
that was happening Arjen Lenstra
had, I think, factored 768 bit,
and it took, what was it, Alex?
3 years? On a bunch…
listens to answer from audience
Year and a half! So, I think pretty much
anything less than 1024 [bit] is a bad
idea. There are other documents
where they specifically say, if
it’s 1024 bit RSA, it’s a problem.
But you need to think about it,
not about what they can do today.
First of all they have different
compartments. One of those compartments
obviously is dedicated to any maths
that they’ve got that speed that up.
But another point is that because of
things like the massive data repository
– the mission data repository of
Bluffdale, Utah – you’re not encrypting
for today. I mean, you are! But you’re
also encrypting for 50 years from today.
So, personally, I use 4096 bit
RSA keys, and I store them
on a hardware token, which
hopefully doesn’t have a backdoor.
But I trust Werner [Koch]. That’s
the best I can do, unfortunately.
Which is pretty good. But…
laughter
But I think e.g. that the best key sizes,
you need to think about them in terms of
what you’re actually doing; and how long.
And then think about composition. That is…
it’s not just about encrypting something
with, like, a 4096 bit RSA key.
Also make it hard for them to target you
for surveillance in the
first place. So, e.g.
when you can, use systems where
you can composite (?) with Tor. Use things
that are totally ephemerally keyed. So
they can’t break in, steal the key and
decrypt things in retrospect. Make it
really hard for them to make it valuable.
There’s an economic point to that
collection as well as a mathematical point.
Actually they sort of balance each other
out. So anyway, don’t use small key lengths.
And maybe also consider looking at the
work that DJB and Tanja have been doing,
about Elliptic Curves stuff.
And I think, really look to them!
But these guys [=NSA] aren’t special.
They don’t have super powers.
But when you use things that
are closed-source software…
I mean, Richard Stallman was really right.
I mean, I know that it pains some of you
to know that. But he was really right.
laughter
And he deserves a lot of love for that!
applause
Free software, with software
implementations with large keys.
That’s what you want. And when you can:
protocols that allow for ephemeral keying,
or where they have forward secrecy.
Things like Pond, things like OTR,
things like Redphone and Signal.
And GnuPG. GnuPG has the caveat (?) that
if they ever get into your system later
they can of course decrypt other messages.
So you have to consider all that. Not just
key size. And GnuPG has safe defaults.
So if you’re choosing key sizes,
hopefully you’re using that.
Libraries like Salt also
make safe choices. So,
hopefully that answers your question and
you use strong crypto in the future.
Herald: So thank you very
much for the talk. Thank you!
I saw a lot of people being
shocked in that room.
A lot of tears of, I think,
proudness and hope.
I saw… that gives me a really good
feeling. So thank you for the talk.
Give them a very warm applause!
applause
silent postroll titles
Subtitles created by c3subtitles.de
in the year 2017. Join, and help us!