1
00:00:00,000 --> 00:00:09,830
silent 31C3 preroll
2
00:00:09,830 --> 00:00:12,990
Laura and Jacob silently on stage
audio/video playback starts
3
00:00:12,990 --> 00:00:16,220
Announcing person in video: Give
a warm welcome to General Alexander!
4
00:00:16,220 --> 00:00:20,940
video starts all over again,
now at its titles
5
00:00:20,940 --> 00:00:24,165
Announcing person in video: Give
a warm welcome to General Alexander!
6
00:00:24,165 --> 00:00:29,925
video:applause
7
00:00:29,925 --> 00:00:34,535
Alexander: Thanks!
Can you hear me?
8
00:00:34,535 --> 00:00:37,045
Question: So does the NSA
really keep a file on everyone?
9
00:00:37,045 --> 00:00:39,425
Alexander: So many things you could
say are funny but I think this requires
10
00:00:39,425 --> 00:00:43,829
a very serious answer. First:
No, we don’t, absolutely not.
11
00:00:43,829 --> 00:00:46,670
And anybody who’d tell you that
we’re keeping files or dossiers
12
00:00:46,670 --> 00:00:49,760
on the American people:
No, that’s not true.
13
00:00:49,760 --> 00:00:54,300
And I will tell you that those who would
want to weave the story, that we have
14
00:00:54,300 --> 00:00:59,220
millions or hundreds of millions of
dossiers on people is absolutely false.
15
00:00:59,220 --> 00:01:09,680
title with music
“Reconstructing Narratives”
16
00:01:09,680 --> 00:01:20,770
audio/video playback stops
17
00:01:20,770 --> 00:01:23,680
Jacob Appelbaum: That’s the first time
I can remember not being wiretapped!
18
00:01:23,680 --> 00:01:33,740
Laura laughs
laughter and applause
19
00:01:33,740 --> 00:01:38,820
Okay, well, it’s really a great
honor to be back, and it’s
20
00:01:38,820 --> 00:01:41,420
really one of the greatest pleasures
of my life to be on stage with Laura,
21
00:01:41,420 --> 00:01:45,819
who is one of the most fearless,
fantastic journalists…
22
00:01:45,819 --> 00:01:54,319
applause
23
00:01:54,319 --> 00:01:58,829
…and we are here today
to tell you a few things.
24
00:01:58,829 --> 00:02:03,740
I am an American by birth
and post-nationalist, I suppose,
25
00:02:03,740 --> 00:02:08,419
by an accident of history. I’m
here now working as a journalist
26
00:02:08,419 --> 00:02:12,550
and Laura is working as a journalist.
And I’ll let her introduce herself.
27
00:02:12,550 --> 00:02:16,140
Laura Poitras: So, I’ve been working
the last years, trying to document
28
00:02:16,140 --> 00:02:20,170
the “War on Terror” and to understand
it from a human perspective
29
00:02:20,170 --> 00:02:25,080
and how we can understand it differently,
if we understand its impact on people.
30
00:02:25,080 --> 00:02:28,510
And today, what Jacob and
I want to do is to talk about
31
00:02:28,510 --> 00:02:33,330
how the narratives that
we’ve been told are false,
32
00:02:33,330 --> 00:02:37,790
and how we can construct new narratives
that are based on objective facts.
33
00:02:37,790 --> 00:02:40,780
Jacob: I think in some way some of
the things we are saying will be
34
00:02:40,780 --> 00:02:44,250
‘preaching to the choir’, because it is
through this community, that we have,
35
00:02:44,250 --> 00:02:48,280
in fact, found some of the truths,
that we will talk about today.
36
00:02:48,280 --> 00:02:54,540
And the CCC to me is like home, so…
37
00:02:54,540 --> 00:03:00,680
laughter and applause
38
00:03:00,680 --> 00:03:05,250
And so, if it wasn’t for the CCC and
your material support I don’t believe
39
00:03:05,250 --> 00:03:08,510
that it would be possible for us to be
here today. So, thank you all very much
40
00:03:08,510 --> 00:03:12,160
for the large conspiracy that the German
people and the international community
41
00:03:12,160 --> 00:03:15,020
have brought.
some laughter in the audience
42
00:03:15,020 --> 00:03:19,070
We have just now simultaneously
published on DER SPIEGEL’s website
43
00:03:19,070 --> 00:03:23,260
two very large stories which we think will
be of great interest, which we will take
44
00:03:23,260 --> 00:03:27,010
a little bit of time to explain.
But if you go to spiegel.de
45
00:03:27,010 --> 00:03:31,370
you will see two stories.
One is about cryptography
46
00:03:31,370 --> 00:03:37,560
and one is about… the CIA.
And about JPEL and NATO.
47
00:03:37,560 --> 00:03:40,790
And this is very important, these stories
being published at the same time,
48
00:03:40,790 --> 00:03:45,020
we very much want to thank DER SPIEGEL
and the colleagues who are in this room,
49
00:03:45,020 --> 00:03:48,250
Andy Müller-Maguhn, Aaron Gibson
and a number of other people,
50
00:03:48,250 --> 00:03:50,740
Marcel Rosenberg and Holger Stark…
51
00:03:50,740 --> 00:03:58,730
applause
52
00:03:58,730 --> 00:04:02,440
We, as some background, have
been working on these stories
53
00:04:02,440 --> 00:04:06,460
really for a long time.
The crypto story, I would say,
54
00:04:06,460 --> 00:04:10,180
it’s something we’ve wanted to do for
almost a year and a half, if not more.
55
00:04:10,180 --> 00:04:13,150
And really, if you think about the
investigations in the Cypherpunks movement
56
00:04:13,150 --> 00:04:17,649
we’ve really wanted to have some of
these answers for about 15 or 20 years.
57
00:04:17,649 --> 00:04:20,608
Some of the answers are good and some
of the answers are not so fantastic.
58
00:04:20,608 --> 00:04:24,910
I guess, it depends on where you stand.
But we hope that, by bringing this to you,
59
00:04:24,910 --> 00:04:28,190
that it is really in the public interest.
And that the public here is interested
60
00:04:28,190 --> 00:04:32,190
and that you will take it to other places.
That you will really take action, based on
61
00:04:32,190 --> 00:04:37,030
what you see. Whether it is traditional
action, whether it is civil disobedience,
62
00:04:37,030 --> 00:04:40,940
whether it’s FOIAs, whether it’s
something else, who knows, we hope
63
00:04:40,940 --> 00:04:44,070
that you will feel empowered
by the end of this talk.
64
00:04:44,070 --> 00:04:46,880
Laura: And I’d just like to say
that if anyone wants to open up
65
00:04:46,880 --> 00:04:49,770
their laptops and look at some of
the documents that we’ve published
66
00:04:49,770 --> 00:04:53,160
we won’t be offended at all and,
in fact, will be happy. I think it will
67
00:04:53,160 --> 00:04:55,680
contribute to your experience
of the talk today.
68
00:04:55,680 --> 00:04:59,860
Voice from audience: Laura,
it’s ‘/international’ on spiegel.de
69
00:04:59,860 --> 00:05:04,450
Jacob: Great, ‘spiegel.de/international’
And for everyone who can’t be here,
70
00:05:04,450 --> 00:05:08,389
streaming, remember if the stream cuts out
and you never see us again, it was murder!
71
00:05:08,389 --> 00:05:14,010
Laura and audience laughing, some applause
72
00:05:14,010 --> 00:05:17,960
Laura: So, one of the ways
that the ‘War on Terror’ works
73
00:05:17,960 --> 00:05:21,850
– and the way that war works in general –
is how people are de-humanized
74
00:05:21,850 --> 00:05:31,500
and reduced to numbers. This is a short
video that I filmed about Guantanamo.
75
00:05:31,500 --> 00:06:38,400
video with serious music
76
00:06:38,400 --> 00:06:42,680
Laura: That was a video that I made
about a former prisoner of Guantanamo.
77
00:06:42,680 --> 00:06:49,500
His name was Adnan Latif. He
was sent to Guantanamo in 2012.
78
00:06:49,500 --> 00:06:54,930
And this is how he came home. He
was on hunger strike for many years
79
00:06:54,930 --> 00:06:59,220
before he died. And what
was most shocking to me
80
00:06:59,220 --> 00:07:05,650
is watching what happens when he returns
home and that he’s listed as a number.
81
00:07:05,650 --> 00:07:09,900
And that his family had to witness that.
That that was a person who they were
82
00:07:09,900 --> 00:07:13,919
seeing for the first time in many
years, who is reduced to a number.
83
00:07:13,919 --> 00:07:17,740
So today, what we’re publishing
with DER SPIEGEL is looking at
84
00:07:17,740 --> 00:07:23,139
how that process works.
And it involves NATO’s JPEL kill list
85
00:07:23,139 --> 00:07:30,199
that is being used in Afghanistan
to target people for targeted killings.
86
00:07:30,199 --> 00:07:34,680
We’re publishing along that some
narratives of particular people
87
00:07:34,680 --> 00:07:39,650
who are on the kill list. One
particular case was a man
88
00:07:39,650 --> 00:07:45,510
who was given the code
name “Object Doody”.
89
00:07:45,510 --> 00:07:50,560
He was targeted for killing,
or for assassination.
90
00:07:50,560 --> 00:07:55,800
A British Apache helicopter
that was code named “Ugly 50”
91
00:07:55,800 --> 00:08:01,420
was sent to kill him. This was on
a day that the visibility was poor,
92
00:08:01,420 --> 00:08:04,759
and they missed him and they
shot a child and his father.
93
00:08:04,759 --> 00:08:08,820
The child was killed immediately,
the father was wounded.
94
00:08:08,820 --> 00:08:16,240
The helicopter looped back
around and killed its target.
95
00:08:16,240 --> 00:08:20,440
Jacob: Right. So, part of what we are
hoping to do here, just to make it
96
00:08:20,440 --> 00:08:26,211
perfectly clear, is to expose information
that people say doesn’t exist, with
97
00:08:26,211 --> 00:08:30,860
a couple of goals. And one of those
goals, to be very clear about it,
98
00:08:30,860 --> 00:08:34,429
– even though this, I suppose, tilts
me a little bit on the activist side
99
00:08:34,429 --> 00:08:38,599
of journalism – is to stop the
killing. That is an explicit goal
100
00:08:38,599 --> 00:08:43,220
with this publication. The British
Government and the American Government
101
00:08:43,220 --> 00:08:46,520
– in various different ways NATO as well –
they say, that these kind of things
102
00:08:46,520 --> 00:08:50,120
really don’t exist. That they don’t
happen this way. Any they talk about
103
00:08:50,120 --> 00:08:56,680
the killing of people in a very…
let’s say ‘mechanical fashion’.
104
00:08:56,680 --> 00:08:59,930
Usually they say this evidence doesn’t
exist, but the evidence does exist.
105
00:08:59,930 --> 00:09:05,640
And, in fact, there are lists with
names, just endless names.
106
00:09:05,640 --> 00:09:09,180
And those people, in various different
ways, are graded. They’re graded
107
00:09:09,180 --> 00:09:13,180
with regard to the political consequence
of those people being killed. As well as
108
00:09:13,180 --> 00:09:18,140
some very small spreadsheet and on
that spreadsheet, there’s a small box,
109
00:09:18,140 --> 00:09:25,010
and that box explains their crimes.
Next to that, there’s a Dollar figure
110
00:09:25,010 --> 00:09:28,670
for a potential reward. And maybe there’s
a restriction. Sometimes it says something
111
00:09:28,670 --> 00:09:34,180
like “kinetic action prohibited”. For
example. That’s because, by default,
112
00:09:34,180 --> 00:09:38,920
“kinetic action” is not prohibited.
That is because these are lists of names
113
00:09:38,920 --> 00:09:44,100
of people to be found and to be
murdered. And so of these lists…
114
00:09:44,100 --> 00:09:48,230
we have an excerpt of these
lists, being published today.
115
00:09:48,230 --> 00:09:53,770
And the goal of publishing this is
to show what needs to be done.
116
00:09:53,770 --> 00:09:58,000
So these lists have redactions
and the goal is that SPIEGEL,
117
00:09:58,000 --> 00:10:03,500
along with hopefully others, will help
us to continue to work to uncover
118
00:10:03,500 --> 00:10:07,550
not only the fate of these people on these
lists whose names are redacted, but also
119
00:10:07,550 --> 00:10:11,720
the fate of people who are not yet on
these kinds of lists. Maybe to move
120
00:10:11,720 --> 00:10:16,240
to a world in which we don’t have lists
for, what I would call, assassinations.
121
00:10:16,240 --> 00:10:20,480
And that’s what SPIEGEL calls it as well.
This is not, as some people would say,
122
00:10:20,480 --> 00:10:28,890
a “Joint Prioritized Effects List”. This
is an assassination program. And I think,
123
00:10:28,890 --> 00:10:32,600
personally, that it is inappropriate for
democratic societies to have them and
124
00:10:32,600 --> 00:10:37,100
when they deny that they have them, we’d
like to prove them wrong and publish them.
125
00:10:37,100 --> 00:10:39,560
And so that is, what we have done today.
126
00:10:39,560 --> 00:10:52,900
applause
127
00:10:52,900 --> 00:10:58,270
Now, an important detail
of this is: In the story,
128
00:10:58,270 --> 00:11:03,330
the very specific story that is told in
the SPIEGEL piece, as Laura mentioned,
129
00:11:03,330 --> 00:11:06,810
there is an Apache helicopter. And
that helicopter attempted to engage
130
00:11:06,810 --> 00:11:10,800
with a so-called “legitimate target”. And
part of what we hope to drive home
131
00:11:10,800 --> 00:11:16,180
is this notion of legitimacy
and targeting. In this case,
132
00:11:16,180 --> 00:11:20,580
there is a value, that is assigned to
a person. And that value is a number,
133
00:11:20,580 --> 00:11:26,000
which includes the number of people who
are not the target, that can be killed
134
00:11:26,000 --> 00:11:29,360
in service of killing that person!
That is completely innocent people,
135
00:11:29,360 --> 00:11:33,420
who are allowed to be killed entirely. And
136
00:11:33,420 --> 00:11:38,350
depending on the number there may be
a call back to base or to a higher command.
137
00:11:38,350 --> 00:11:43,560
But the number isn’t 1 before they have
to make that call. They have discretion.
138
00:11:43,560 --> 00:11:49,350
And in this case a child was killed with
a Hellfire missile. And why is that?
139
00:11:49,350 --> 00:11:52,890
Because technology mediates this
type of killing and that technology is
140
00:11:52,890 --> 00:11:57,820
not as precise as people would say.
And so we have today published
141
00:11:57,820 --> 00:12:05,670
the storyboard of this objective “Doody”,
which is the name, D-O-O-D-Y.
142
00:12:05,670 --> 00:12:09,149
That storyboard tells this and
explains that a child was killed
143
00:12:09,149 --> 00:12:12,489
with a Hellfire missile in service of
killing someone else. And Laura
144
00:12:12,489 --> 00:12:21,010
can explain what this person
did to ‘deserve’ to be killed.
145
00:12:21,010 --> 00:12:25,209
Laura: I mean, actually, what I wanted
to transition to is looking at
146
00:12:25,209 --> 00:12:29,180
actually the fact… the narrative is, that
the government or governments are
147
00:12:29,180 --> 00:12:33,720
targeting people, who are suspected
of something. And in fact
148
00:12:33,720 --> 00:12:38,430
what we learned, is that they’re targeting
people based on as little information
149
00:12:38,430 --> 00:12:43,180
as their telephone number, or a voice
recognition. And they’re using those
150
00:12:43,180 --> 00:12:48,720
as methods to target and kill people.
One of the things, that we’ve learned
151
00:12:48,720 --> 00:12:53,340
through the disclosures by Edward
Snowden is that they’re targeting people
152
00:12:53,340 --> 00:12:57,950
not just in war zones but internationally.
They’re targeting us for surveillance
153
00:12:57,950 --> 00:13:04,830
all over the world. And…
this is a video of a target.
154
00:13:04,830 --> 00:13:13,150
audio/video playback starts
Man: This is the highest level! (in German)
155
00:13:13,150 --> 00:13:17,260
Ali Fares: Mh-mh!
156
00:13:17,260 --> 00:13:20,430
Netcologne, [inaudible], Teliast…
157
00:13:20,430 --> 00:13:27,200
Oh my god, it’s so good documented!
158
00:13:27,200 --> 00:13:31,730
That are most of the
routers that I actually know.
159
00:13:31,730 --> 00:13:41,850
Office, plied sky (?), and…
160
00:13:41,850 --> 00:13:44,240
Man: This is an engineer?
Ali: Yes.
161
00:13:44,240 --> 00:13:47,530
Man: Engineer, engineer, engineer, engineer…
Ali: Oh, yeah.
162
00:13:47,530 --> 00:13:53,490
Man: …engineer, engineer.
This is you?
163
00:13:53,490 --> 00:14:03,810
Ali: Yes.
audio/video playback stops
164
00:14:03,810 --> 00:14:08,550
Jacob: So what you just saw there
was “Engineers from Stellar”, and
165
00:14:08,550 --> 00:14:13,690
that is a fantastic name for a company
that gets compromised. It is important
166
00:14:13,690 --> 00:14:19,839
to understand the notion of targeting
with regard to why a target
167
00:14:19,839 --> 00:14:25,390
considered legitimate in some cases can
have this notion of collateral damage.
168
00:14:25,390 --> 00:14:29,640
Now in the case of Stellar or in the case
of Belgacom, which Laura revealed
169
00:14:29,640 --> 00:14:35,100
with DER SPIEGEL, what we learn
is that it isn’t actually the case
170
00:14:35,100 --> 00:14:39,580
that a terrorist is involved
with Belgacom or with Stellar.
171
00:14:39,580 --> 00:14:44,600
It is that a kind of neo-colonialism
is taking place in the digital era,
172
00:14:44,600 --> 00:14:49,480
wherein the colonies, the networks,
that they do not have through coercion
173
00:14:49,480 --> 00:14:54,910
of the state or through other surveillance
practices, they have to be compromised.
174
00:14:54,910 --> 00:14:59,839
And those become targets and they
become legitimate targets in theory
175
00:14:59,839 --> 00:15:04,589
and in actuality, because of it’s
usefulness. Because of the leverage
176
00:15:04,589 --> 00:15:10,050
that it provides against a speculative
target, someday in the future. That is,
177
00:15:10,050 --> 00:15:13,570
these networks become compromised
in service of being able to compromise
178
00:15:13,570 --> 00:15:19,630
future networks and other people, just
because they can. They set out to do that.
179
00:15:19,630 --> 00:15:23,649
And so Stellar is an example of such a
thing. And to be able to confront victims
180
00:15:23,649 --> 00:15:29,279
this way, to show them that they’re
compromised helps us to understand,
181
00:15:29,279 --> 00:15:34,089
helps us to show that in fact we are
directly, and indirectly impacted
182
00:15:34,089 --> 00:15:39,640
by these types of activities. And when
we think about this kind of targeting
183
00:15:39,640 --> 00:15:45,890
we have to understand the scale.
And this scale is sort of incredible.
184
00:15:45,890 --> 00:15:52,220
The budget for targeted
exploitation, for the NSA,
185
00:15:52,220 --> 00:15:57,180
not speaking at all about the GCHQ,
or the Defense Signals Directorate folks
186
00:15:57,180 --> 00:16:02,589
over in Australia,
there’s so much money,
187
00:16:02,589 --> 00:16:06,769
when you look at the offensive warfare,
that for 2013 alone there was
188
00:16:06,769 --> 00:16:12,209
650 million Dollars spent
on the GENIE program.
189
00:16:12,209 --> 00:16:15,430
And the GENIE program is their
offensive Cyber War program,
190
00:16:15,430 --> 00:16:20,050
as they call it themselves, in which they
build backdoors, like UNITEDRAKE
191
00:16:20,050 --> 00:16:25,639
and STRAITBIZZARE and other tools like
Regin, which you know as one of the tools,
192
00:16:25,639 --> 00:16:29,860
I hope, that has been used in
Belgacom and in other places.
193
00:16:29,860 --> 00:16:33,930
So they target places like Stellar and
Belgacom, but they also target places
194
00:16:33,930 --> 00:16:39,300
like the European Union. In that
case, the EU takes the place
195
00:16:39,300 --> 00:16:42,940
of a terrorist. That is: they are the
goal. They aren’t compromising
196
00:16:42,940 --> 00:16:46,899
the EU’s networks just because
someone interesting might show up,
197
00:16:46,899 --> 00:16:51,710
they are compromising the EU’s
networks, because the EU is
198
00:16:51,710 --> 00:16:55,800
the equivalent to a terrorist to them. And
they wish to have leverage and control.
199
00:16:55,800 --> 00:16:59,320
Because that’s what surveillance is in
this context. It’s exploitation of systems,
200
00:16:59,320 --> 00:17:03,080
where they leverage access to that
system, or whichever systems that they
201
00:17:03,080 --> 00:17:07,720
have access to, to get more access,
to have more control. Either politically
202
00:17:07,720 --> 00:17:13,469
or technologically or both.
Which ties of course into economics.
203
00:17:13,469 --> 00:17:20,099
Now, in the case of GENIE 650 million
Dollars is quite a great deal of money.
204
00:17:20,099 --> 00:17:26,230
But for 2017 the projected budget
for GENIE is a billion Dollars.
205
00:17:26,230 --> 00:17:31,059
This is just the beginning of what
we see. And these civilian targets
206
00:17:31,059 --> 00:17:34,730
or these governmental targets that are
being targeted in continental Europe,
207
00:17:34,730 --> 00:17:38,570
they’re not alone. It is actually
happening all around the world.
208
00:17:38,570 --> 00:17:42,309
And these compromises, they happen
in service of mass surveillance.
209
00:17:42,309 --> 00:17:46,740
Whenever they don’t have the ability to
mass-surveil a system they implant systems
210
00:17:46,740 --> 00:17:51,020
along the way in order to surveil
what goes in and out of them.
211
00:17:51,020 --> 00:17:56,500
Systems are even used as what are called
‘Diodes’. And Diodes are essentially
212
00:17:56,500 --> 00:18:02,590
another term which we see the Canadians
use. Operational Relay Boxes or ORBs.
213
00:18:02,590 --> 00:18:06,179
Anybody here that used to be a black hat,
I know there are no more black hats here,
214
00:18:06,179 --> 00:18:12,040
it’s all legitimate, but… except
for that guy, in the front…
215
00:18:12,040 --> 00:18:16,450
Everybody knows what you use those boxes
for: You use them to jump from one network
216
00:18:16,450 --> 00:18:20,080
to another network, so that when
something is traced back it traces back
217
00:18:20,080 --> 00:18:23,170
to that machine. In the case of the
Canadian Service they themselves
218
00:18:23,170 --> 00:18:26,980
talk about, a couple of times a year,
compromising as many systems as they can
219
00:18:26,980 --> 00:18:31,020
in non-Five-Eyes countries, in order to
ensure that they have as many operational
220
00:18:31,020 --> 00:18:37,040
relay boxes as they need for the
coming year. These diodes mean
221
00:18:37,040 --> 00:18:42,049
that when a system does a thing, it is
absolutely not the case that we can say
222
00:18:42,049 --> 00:18:45,350
the person who has purchased
that system is responsible for it.
223
00:18:45,350 --> 00:18:49,110
It is their official doctrine, in fact,
to use other people’s computers
224
00:18:49,110 --> 00:18:53,809
for their hacking. And that’s important,
when we now consider, that they have
225
00:18:53,809 --> 00:18:59,660
– in 2017 projected – a goal of
having a billion Dollars to do that.
226
00:18:59,660 --> 00:19:04,530
When we look at how that bounces out with
Defense that is – not at all – balanced.
227
00:19:04,530 --> 00:19:10,980
In fact, it is tilted entirely
towards Offensive Warfare.
228
00:19:10,980 --> 00:19:14,700
Laura: I was wondering, how many
people in the room have gone online
229
00:19:14,700 --> 00:19:17,239
to look at some of the
documents that we released.
230
00:19:17,239 --> 00:19:20,559
Jacob: Anyone? Hey, nice.
Laura: Alright.
231
00:19:20,559 --> 00:19:25,020
Jacob: Fantastic! So in
the future, that is to say
232
00:19:25,020 --> 00:19:30,150
in approximately 3 weeks, we plan to
release, along with some of our colleagues
233
00:19:30,150 --> 00:19:34,090
at SPIEGEL, and other people who
are helping out, more information
234
00:19:34,090 --> 00:19:38,549
about specific malware, specific
cases in which it’s used
235
00:19:38,549 --> 00:19:42,240
and details about information sharing
with regard to the malware in terms of
236
00:19:42,240 --> 00:19:45,320
how it’s harvested. We’re thinking
probably in the second week of January
237
00:19:45,320 --> 00:19:49,230
for that malware story. And we
wanted to make sure to get it right
238
00:19:49,230 --> 00:19:54,549
and we wanted people to focus on
the specifics of the NATO kill lists
239
00:19:54,549 --> 00:19:59,780
and to focus on cryptography.
We thought, well, people here
240
00:19:59,780 --> 00:20:03,480
in the audience would be able to handle
all three, the rest of the world just
241
00:20:03,480 --> 00:20:07,760
isn’t ready for it yet. So we had
to take a little bit of a pause. So
242
00:20:07,760 --> 00:20:13,940
more of the malware details will be
released in about 3 weeks. Now for me,
243
00:20:13,940 --> 00:20:17,860
one of the things that has, I would
say for my entire adult life been
244
00:20:17,860 --> 00:20:21,500
very interesting to me and before
my adult life started, was a system
245
00:20:21,500 --> 00:20:23,830
known as Echelon. Anybody
here remember that system?
246
00:20:23,830 --> 00:20:26,350
‘Woohoow’, and laughter
247
00:20:26,350 --> 00:20:29,080
jokingly: That’s the guy that built it!
more laughter
248
00:20:29,080 --> 00:20:33,510
I would guess… maybe not,
sorry, I don’t want to… trying to
249
00:20:33,510 --> 00:20:37,549
snitch jacket you there… But
250
00:20:37,549 --> 00:20:42,180
I think it’s to me extremely
important to hear about these
251
00:20:42,180 --> 00:20:46,799
kinds of things, that sound totally crazy.
Like the CIA torture report, for example.
252
00:20:46,799 --> 00:20:50,900
That started out as a conspiracy [theory].
And now we know, that America’s
253
00:20:50,900 --> 00:20:56,439
official policy with the CIA was rape,
anal rehydration. Those were
254
00:20:56,439 --> 00:21:01,380
conspiracy theories which
we now know to be facts.
255
00:21:01,380 --> 00:21:06,630
So Echelon, the rumour of Echelon was
this notion of planetary surveillance.
256
00:21:06,630 --> 00:21:11,400
And of course it was Duncan Campbell who
brought this forward in an European Union
257
00:21:11,400 --> 00:21:17,390
report. He, in fact, very clearly outlined
the interception capabilities
258
00:21:17,390 --> 00:21:23,880
of the U.S. Government and others.
Now, it is hard to actually imagine
259
00:21:23,880 --> 00:21:29,620
planetary surveillance, on a scale, let’s
say, your home, and how your home
260
00:21:29,620 --> 00:21:34,410
fits into your city, and your city how it
fits into a country, and the whole world.
261
00:21:34,410 --> 00:21:38,860
And all of that being monitored.
But what we found is that
262
00:21:38,860 --> 00:21:42,850
during the Crypto Wars we thought that we
had won. We thought that we had a way,
263
00:21:42,850 --> 00:21:46,970
really, to change things. We thought that
with cryptography we would be able
264
00:21:46,970 --> 00:21:52,260
to change the entire balance. Even if
something like planetary surveillance
265
00:21:52,260 --> 00:21:55,510
would have come about. And so when
Duncan Campbell released his reports
266
00:21:55,510 --> 00:21:59,750
about Echelon in the very early 21st
century I think a lot of people weren’t
267
00:21:59,750 --> 00:22:03,950
as concerned about it as they should
have been. And shortly after that
268
00:22:03,950 --> 00:22:09,230
the ‘War on Terror’ really got
off to a very, very big start.
269
00:22:09,230 --> 00:22:13,970
It turns out that we weren’t as concerned
as we should have been in the right areas.
270
00:22:13,970 --> 00:22:18,270
And we I think can say now, that the first
Crypto Wars were not won and in fact
271
00:22:18,270 --> 00:22:22,710
the first Crypto Wars were probably
– if anything – lost, or they’re still
272
00:22:22,710 --> 00:22:29,720
going on now. If we were to delineate that
and we were to talk about as an example,
273
00:22:29,720 --> 00:22:33,220
the second Crypto Wars, what we would
find is what has actually been happening
274
00:22:33,220 --> 00:22:38,590
behind the scenes, and, thanks to Edward
Snowden we actually have a great deal
275
00:22:38,590 --> 00:22:43,530
of answers that we would
probably not have otherwise.
276
00:22:43,530 --> 00:22:55,730
applause
277
00:22:55,730 --> 00:23:01,280
Now, it is important to understand
that the context of this
278
00:23:01,280 --> 00:23:08,519
is the notion that everyone is suspicious.
That we live now in a world of total,
279
00:23:08,519 --> 00:23:12,820
absolute surveillance which sometimes
misses a thing, here or there.
280
00:23:12,820 --> 00:23:15,940
But this is the goal: Collect it all!
That’s General Alexander’s notion.
281
00:23:15,940 --> 00:23:20,759
When he talks about his notion
e.g. about dossiers it’s a trick.
282
00:23:20,759 --> 00:23:24,730
It’s a rhetorical trick. Because what he
means to say is that now dossiers
283
00:23:24,730 --> 00:23:29,919
are dynamic. And that this information is
not stored on lists, written down like in,
284
00:23:29,919 --> 00:23:33,250
let’s say, the 50s. Rather they’re
stored in databases that dynamically
285
00:23:33,250 --> 00:23:37,700
will generate a list based on a query
from an analyst. “Give me every person
286
00:23:37,700 --> 00:23:42,770
that went to this website at this time”.
And it of course expands, the notion is
287
00:23:42,770 --> 00:23:47,020
that somehow this will only be used
against terrorists. But what is a terrorist,
288
00:23:47,020 --> 00:23:52,060
in this case? In some cases it actually
includes people who are merely involved
289
00:23:52,060 --> 00:23:57,980
in drugs, and part of that has been
published as part of the JPEL kill lists.
290
00:23:57,980 --> 00:24:02,660
That is to say: people who are definitely
not terrorists, but who are otherwise
291
00:24:02,660 --> 00:24:07,850
interesting targets, so there’s a sort of
“bleed over”, and so we see the same thing
292
00:24:07,850 --> 00:24:11,580
with surveillance and cryptography: It
was for exceptional targets and now it is
293
00:24:11,580 --> 00:24:18,340
for everyone. And so cryptography came
as a liberator. And that was the idea.
294
00:24:18,340 --> 00:24:22,880
But just as we showed a little bit ago,
with STELLAR where they targeted engineers
295
00:24:22,880 --> 00:24:28,179
specifically to have access to the
infrastructure, so, too, we find
296
00:24:28,179 --> 00:24:34,130
that for cryptography they sabotage
critical infrastructure. We found, in fact,
297
00:24:34,130 --> 00:24:37,309
so many different interesting things that
298
00:24:37,309 --> 00:24:41,710
it’s actually hard to talk about
it in only half an hour of time.
299
00:24:41,710 --> 00:24:45,690
Laura: I’d like to just say, as one of
the journalists who’s been publishing
300
00:24:45,690 --> 00:24:49,560
on the documents I think that one of the
most both important stories and the
301
00:24:49,560 --> 00:24:53,700
most unsatisfying stories was the
BULLRUN story that was published
302
00:24:53,700 --> 00:24:57,530
by The New York Times, and the Guardian,
and ProPublica. Because it did warn us
303
00:24:57,530 --> 00:25:01,510
of how the NSA was
attacking critical infrastructure
304
00:25:01,510 --> 00:25:06,169
to make the internet insecure, and
yet it didn’t tell us any specifics of
305
00:25:06,169 --> 00:25:09,020
what they meant by that. And this is
something that I think frustrated
306
00:25:09,020 --> 00:25:12,080
many people in the audience, and so…
307
00:25:12,080 --> 00:25:16,159
applause
308
00:25:16,159 --> 00:25:19,419
And so the reporting
that Jake’s been doing
309
00:25:19,419 --> 00:25:21,950
along with Aaron Gibson
and other people…
310
00:25:21,950 --> 00:25:24,770
Jacob: Christian (?)…
there in the audience.
311
00:25:24,770 --> 00:25:28,130
Laura: … is to dig in and to find out
what those specifics are so that we can
312
00:25:28,130 --> 00:25:33,580
actually warn people about what is safe
and what’s not safe in cryptography.
313
00:25:33,580 --> 00:25:37,750
Jacob: So, we have, let’s say, a little
free time we’re gonna talk about this…
314
00:25:37,750 --> 00:25:41,880
but I’d like to do some surveys: Who here
uses PPTP? And don’t laugh at them
315
00:25:41,880 --> 00:25:45,620
when they raise their hand, let
them be honest… who uses it?
316
00:25:45,620 --> 00:25:47,220
One guy!
laughter
317
00:25:47,220 --> 00:25:50,299
Ok, well, good news to this audience…
stop doing that, we’re gonna tell you why
318
00:25:50,299 --> 00:25:55,530
in a second. Laura laughs
Who here uses IPSEC?
319
00:25:55,530 --> 00:26:00,380
With a pre-shared key?
Fantastic…
320
00:26:00,380 --> 00:26:03,260
Stop doing that too…
laughter
321
00:26:03,260 --> 00:26:06,730
Raise your hand if you use SSH!
322
00:26:06,730 --> 00:26:08,960
even louder laughter
Laura laughs
323
00:26:08,960 --> 00:26:14,490
Guess what…
laughter, slight applause
324
00:26:14,490 --> 00:26:19,049
In the documents that we’re publishing
today we are showing in fact a series
325
00:26:19,049 --> 00:26:24,560
of systems that, if we
understand them correctly…
326
00:26:24,560 --> 00:26:29,659
I wonder if I should say my next sentence…
I say this only as myself and not as Laura.
327
00:26:29,659 --> 00:26:34,750
I’d be surprised if some building weren’t
burning, frankly. But… the NSA claims
328
00:26:34,750 --> 00:26:40,289
to have databases for decryption, or an
attack orchestration for PPTP and IPSEC,
329
00:26:40,289 --> 00:26:48,710
which is not so surprising at all, but
also for SSL and TLS, and… for SSH.
330
00:26:48,710 --> 00:26:53,330
They have specific slides where they talk
about the Debian weak number generation.
331
00:26:53,330 --> 00:26:59,549
This is not that. For what we can tell
they have separate programs for that.
332
00:26:59,549 --> 00:27:03,880
So they of course have a way through the
cryptographic exploitation services,
333
00:27:03,880 --> 00:27:07,960
crypto-analysis exploitation services, to
do certain decrypts. Now, they say:
334
00:27:07,960 --> 00:27:13,460
“We stress: potential!”. It seems to be
there’s a pattern. And the pattern is
335
00:27:13,460 --> 00:27:19,190
things that are done entirely in software,
in particular, those things as long as
336
00:27:19,190 --> 00:27:23,690
there’s a good random number generator,
and especially if it is Free Software,
337
00:27:23,690 --> 00:27:28,820
what we find is that it seems to stand
the test of time. That doesn’t mean
338
00:27:28,820 --> 00:27:33,340
that it always will, because we found
a couple of things. One of the things
339
00:27:33,340 --> 00:27:37,460
is that we found that they log the
cipher texts, and that they wait.
340
00:27:37,460 --> 00:27:42,230
Sometimes to break it with brute-force, so
we are also revealing today the location
341
00:27:42,230 --> 00:27:46,610
of the two large supercomputers: That is
at Oak Ridge National Laboratories and at
342
00:27:46,610 --> 00:27:52,419
Fort Meade, for a program called LONGHAUL.
The LONGHAUL I suppose as they
343
00:27:52,419 --> 00:27:58,980
have named it appropriately, is for their
long haul approach. Combined with things
344
00:27:58,980 --> 00:28:03,370
like the massive data repository, or the
Mission Data Center, the Mission Data
345
00:28:03,370 --> 00:28:08,610
repository in places like Bluffdale, Utah.
They plan and do store the cipher texts
346
00:28:08,610 --> 00:28:12,679
of an unbelievable number of connections.
When you make an SSL / TLS connection
347
00:28:12,679 --> 00:28:19,480
the GCHQ keeps statistics. The Canadian
CSE keeps statistics. They seem to log
348
00:28:19,480 --> 00:28:25,440
metadata about the handshake in terms of
TCP/IP, but also in terms of SSL and TLS
349
00:28:25,440 --> 00:28:29,730
for the actual protocols. That is to say,
they store the cryptographic handshakes,
350
00:28:29,730 --> 00:28:35,390
and in some cases for specific selected
data they take the entire flow. Now,
351
00:28:35,390 --> 00:28:40,070
we have found claims that are kind
of amazing: in the case of BULLRUN
352
00:28:40,070 --> 00:28:43,480
the New York Times and the Guardian,
and the rest of the collaborating
353
00:28:43,480 --> 00:28:48,120
news organizations have often
left out important details.
354
00:28:48,120 --> 00:28:51,700
One of the important details which I find
to be the most shocking and upsetting
355
00:28:51,700 --> 00:28:57,670
is that the British alone by
2010 – was it? – had 832 people
356
00:28:57,670 --> 00:29:04,620
right into their BULLRUN program. That is
832 people knew about their backdooring
357
00:29:04,620 --> 00:29:09,529
and sabotage of crypto, just
in the British Service alone.
358
00:29:09,529 --> 00:29:13,590
And each of the Five-Eyes countries
runs a similar program, like that.
359
00:29:13,590 --> 00:29:17,679
With potentially similar numbers of
people right into those programs.
360
00:29:17,679 --> 00:29:21,780
They say something like: “3 people
can keep a secret if 2 are dead”.
361
00:29:21,780 --> 00:29:27,159
How about 832 British men? I’m not
sure that that’s a really good bet.
362
00:29:27,159 --> 00:29:31,550
And these guys have bet the farm on it.
That is to say, they have slides and
363
00:29:31,550 --> 00:29:35,640
presentations and intercepts where
they decrypt SSL, where they discuss
364
00:29:35,640 --> 00:29:39,550
decrypting SSL at a scale starting in
the tens of thousands, moving into the
365
00:29:39,550 --> 00:29:43,590
hundreds and millions of thousands.
Hundreds of thousands, and millions, and
366
00:29:43,590 --> 00:29:48,110
then into billions, actually. For TLS
and SSL they actually have statistics
367
00:29:48,110 --> 00:29:53,460
on the order of billions. Of all the
major websites that everyone here
368
00:29:53,460 --> 00:29:58,210
probably has used at one
point or another in their life.
369
00:29:58,210 --> 00:30:04,010
So, in the case of the Canadian Services
they even monitored ‘Hockeytalk’,
370
00:30:04,010 --> 00:30:07,439
to give you and idea about this. And they
talk about it in terms of ‘warranted’
371
00:30:07,439 --> 00:30:11,860
collection, and special source
collection, and encrypted traffic
372
00:30:11,860 --> 00:30:16,950
indeed does stand out. They have
programs like QUICKANT, which is a
373
00:30:16,950 --> 00:30:21,450
specific way of interfacing with
a program called FLYING PIG.
374
00:30:21,450 --> 00:30:25,870
FLYING PIG is an SSL/TLS database,
it’s a knowledge database,
375
00:30:25,870 --> 00:30:30,040
and QUICKANT seems to be what’s called
a “Query Focused Data Set”. They try
376
00:30:30,040 --> 00:30:35,529
to use that, from what we can tell,
for doing low latency de-anonymization.
377
00:30:35,529 --> 00:30:40,199
Some of the documents we’re releasing
today will explain some of their failures.
378
00:30:40,199 --> 00:30:43,570
Now, I think it’s important to be
cautious about this because they have
379
00:30:43,570 --> 00:30:48,740
many compartments for their data,
that is to say they very clearly
380
00:30:48,740 --> 00:30:52,970
have ways of keeping secrets even from
themselves. But one of the things we found,
381
00:30:52,970 --> 00:30:56,960
and that we’re publishing today also,
is a FISA intercept. And to the best
382
00:30:56,960 --> 00:31:01,260
of my knowledge, and I think that this is
true, no one has ever published one
383
00:31:01,260 --> 00:31:05,740
of these before. So, this is the basis for
what you would call ‘parallel construction’,
384
00:31:05,740 --> 00:31:09,030
actually, where they gather Intelligence
and then they say, “whatever you do,
385
00:31:09,030 --> 00:31:12,880
don’t use this in lawful investigation,
don’t use this in a court,
386
00:31:12,880 --> 00:31:18,080
it’s not evidence. But by the way,
here it is”. So we’re publishing
387
00:31:18,080 --> 00:31:23,250
one of those today and we have
some, well, moderately good news.
388
00:31:23,250 --> 00:31:27,350
In looking at these, what we have
found is that they consistently break
389
00:31:27,350 --> 00:31:31,130
various different types of encryption.
So if you’re mailing around a Microsoft
390
00:31:31,130 --> 00:31:34,970
.doc document that’s password protected
there’s a good chance that they
391
00:31:34,970 --> 00:31:40,040
send it to LONGHAUL using a thing
called ISLANDTRANSPORT and then that,
392
00:31:40,040 --> 00:31:45,549
if it can, through brute-force, is
decrypted. And it is the case
393
00:31:45,549 --> 00:31:49,490
that, when they do this decryption,
they send it back and they include
394
00:31:49,490 --> 00:31:53,820
the decrypted information in the FISA
transcript. They do this for .rar files,
395
00:31:53,820 --> 00:31:58,100
they do this for .doc files, they do this
for a bunch of different systems. But we
396
00:31:58,100 --> 00:32:01,179
don’t want to focus on what’s broken
because The New York Times and
397
00:32:01,179 --> 00:32:04,920
The Guardian and other places have
already sort of said “everything is fucked”.
398
00:32:04,920 --> 00:32:08,280
We wanted to try to
make it a positive talk!
399
00:32:08,280 --> 00:32:17,760
laughter and applause
400
00:32:17,760 --> 00:32:23,930
And… so I think Laura here is just
going to be able to show you in fact…
401
00:32:23,930 --> 00:32:26,810
Laura: If it will play…
402
00:32:26,810 --> 00:32:34,670
Jacob: Just drag it over… the other way…
403
00:32:34,670 --> 00:32:39,570
So we wanted to show you… who here
has heard about PRISM? Everyone?
404
00:32:39,570 --> 00:32:42,220
What does that mean to you? It doesn’t
mean anything, right? We just know
405
00:32:42,220 --> 00:32:45,620
that it’s some massive surveillance
program. We wanted to show you what
406
00:32:45,620 --> 00:32:53,520
one of those PRISM records actually
looks like which, in itself is, I think…
407
00:32:53,520 --> 00:32:56,470
Laura: Sorry.
Jacob: It’s okay.
408
00:32:56,470 --> 00:33:00,659
…it’s a rather unexciting document, except
for the fact that we get to show it to you.
409
00:33:00,659 --> 00:33:04,920
Which is great. [to Laura:]
I think if you escape for the…
410
00:33:04,920 --> 00:33:14,890
Laura: …escape out of here?
411
00:33:14,890 --> 00:33:18,950
Jacob: There it is. Hey FBI, fuck you!
412
00:33:18,950 --> 00:33:29,780
laughter and applause
413
00:33:29,780 --> 00:33:33,270
So I take great pleasure in being able to
say that this couldn’t have happened
414
00:33:33,270 --> 00:33:42,630
without Laura!
cheers and applause
415
00:33:42,630 --> 00:33:48,049
But if you look here you see
‘SIGAD US-984XN’. That’s PRISM!
416
00:33:48,049 --> 00:33:53,620
And this is your dossier for PRISM.
some shouts from audience
417
00:33:53,620 --> 00:33:57,409
From audience: “O3”, “Larger!”
Laura: Yeah.
418
00:33:57,409 --> 00:34:00,470
audience laughs
document on screen is zoomed in
419
00:34:00,470 --> 00:34:05,140
audience goes: “Aaaah!”
cheers and applause
420
00:34:05,140 --> 00:34:08,480
And if you’re wondering about the
redactions, it’s all Andy Müller-Maguhn.
421
00:34:08,480 --> 00:34:12,730
slight laughter
Shouted from audience: Fuck you!!
422
00:34:12,730 --> 00:34:15,289
Jacob laughs
423
00:34:15,289 --> 00:34:19,659
Jacob: Here’s the good news! The FBI
regularly lies to the American Public.
424
00:34:19,659 --> 00:34:22,289
And to the rest of the world.
Then they say they’re ‘going dark’.
425
00:34:22,289 --> 00:34:25,899
What we found in the study of these
FISA intercepts is that basically
426
00:34:25,899 --> 00:34:31,059
no one uses cryptography. And basically
everyone that uses cryptography is broken,
427
00:34:31,059 --> 00:34:37,629
except for – well, let’s say –
2 things. Thing No.1 is OTR.
428
00:34:37,629 --> 00:34:48,819
big applause and cheers
429
00:34:48,819 --> 00:34:51,599
Very important to go with it is you’ll
notice that there’s some metadata.
430
00:34:51,599 --> 00:34:54,989
And it’s just metadata. But as the U.S.
Government has said in public, they
431
00:34:54,989 --> 00:35:00,700
kill people with metadata. So up there
you’ll see that, I believe this was Yahoo,
432
00:35:00,700 --> 00:35:03,500
is that right, Andy?
Andy M.-M. answers from audience
433
00:35:03,500 --> 00:35:07,880
Yeah, I think… it could be Gmail, or could
be Yahoo, I forgot which one this one is.
434
00:35:07,880 --> 00:35:11,349
We’re releasing, you know, enough
for you to figure it out on your own.
435
00:35:11,349 --> 00:35:15,119
Hopefully this isn’t you, if so, I’m
sorry we redacted your information.
436
00:35:15,119 --> 00:35:18,999
Cause if it was me I wouldn’t want it to
be redacted. But you’ll see that it’s
437
00:35:18,999 --> 00:35:24,170
a user name, IP address as well as
a time and a date. And you also see
438
00:35:24,170 --> 00:35:28,650
other IP addresses associated with it. Those
are used for selector-based surveillance.
439
00:35:28,650 --> 00:35:32,569
Which if you haven’t been following along
at home it means that they can take
440
00:35:32,569 --> 00:35:35,769
that information, put it into other
databases, and the things like XKeyscore,
441
00:35:35,769 --> 00:35:40,900
and pull up other information that will be
related. But most importantly here is,
442
00:35:40,900 --> 00:35:45,619
you see what is essentially a chat log. As
if it had been created on your computer.
443
00:35:45,619 --> 00:35:50,979
Now, don’t log – it’s rude. They did it
for you anyway. And what you see is
444
00:35:50,979 --> 00:35:55,449
“OC – No decrypt available for
this OTR encrypted message”.
445
00:35:55,449 --> 00:36:00,459
In other documents we see them saying
“cryptographic exploitation services”.
446
00:36:00,459 --> 00:36:06,589
“We can’t decrypt it, it’s off the
record”. Quite a nice endorsement!
447
00:36:06,589 --> 00:36:12,840
And what we have also found is
that they do the same thing for PGP.
448
00:36:12,840 --> 00:36:23,719
applause
449
00:36:23,719 --> 00:36:28,220
Now in other cases they do decrypt the
messages. So instead of telling you
450
00:36:28,220 --> 00:36:32,950
about everything “It’s broken!”
what we wanted to do is to suggest:
451
00:36:32,950 --> 00:36:37,770
“Look at the composition of OTR, find
Ian Goldberg who’s here somewhere,
452
00:36:37,770 --> 00:36:41,569
ask him to review your cryptographic
protocol”. Maybe don’t – he’s probably
453
00:36:41,569 --> 00:36:47,819
already overwhelmed. But Snowden said
this in the very beginning. He said:
454
00:36:47,819 --> 00:36:50,849
“Cryptography, when properly implemented,
is one of the few things that you can
455
00:36:50,849 --> 00:36:56,549
rely upon”. And he’s right. And we
see this. This is the message.
456
00:36:56,549 --> 00:37:01,319
These things are not to be used in legal
proceedings. And yet here we see them
457
00:37:01,319 --> 00:37:06,039
anyway. And what we see is that even
there, in the most illegal of settings,
458
00:37:06,039 --> 00:37:11,499
essentially, they can’t decrypt it. Now the
sad part is that not everyone is using it.
459
00:37:11,499 --> 00:37:14,719
But the good news is that when you use it,
it appears to work. When you verify
460
00:37:14,719 --> 00:37:18,569
the fingerprint, e.g. We didn’t find
evidence of them doing active attacks
461
00:37:18,569 --> 00:37:22,709
to do man-in-the-middle attacks. But
that’s easy to solve. OTR allows you
462
00:37:22,709 --> 00:37:28,220
to authenticate. PGP and Gnu-PG allow
you to verify the fingerprint. We did find
463
00:37:28,220 --> 00:37:32,380
evidence of them having databases, filled
with cryptographic keys, that were pilfered
464
00:37:32,380 --> 00:37:37,940
from routers, and compromising machines.
So rotate your keys frequently,
465
00:37:37,940 --> 00:37:42,869
use protocols that are ephemeral. They
themselves find that they are blinded
466
00:37:42,869 --> 00:37:47,729
when you use properly implemented
cryptography. So Gnu-PG
467
00:37:47,729 --> 00:37:53,190
– Werner Koch I think is in the audience –
Gnu-PG and OTR are 2 things that
468
00:37:53,190 --> 00:37:57,722
actually stop the spies from
spying on you, with PRISM.
469
00:37:57,722 --> 00:38:01,912
applause, some cheers
470
00:38:01,912 --> 00:38:09,699
Laura: to Jake Would you mind if I ask…
for a volunteer to … computers …?
471
00:38:09,699 --> 00:38:13,950
Jacob: So, we have some other really
good news. And that good news
472
00:38:13,950 --> 00:38:21,139
is this: There are… in some of the
slides that are being released
473
00:38:21,139 --> 00:38:24,119
a matrix – not ‘the Matrix’
that you’re hoping for –
474
00:38:24,119 --> 00:38:26,170
laughter
475
00:38:26,170 --> 00:38:31,860
but we can talk about that program later
laughter
476
00:38:31,860 --> 00:38:39,000
I’m not even joking. But…
laughter
477
00:38:39,000 --> 00:38:43,339
There are some other things. One of the
things that they talk about in this matrix
478
00:38:43,339 --> 00:38:48,510
is, what’s hard, and what’s easy.
And in the case of ‘Hard’
479
00:38:48,510 --> 00:38:55,180
they describe Redphone, and that means
Signal, the program by Christine Corbett
480
00:38:55,180 --> 00:39:02,829
and Moxy Marlinspike as ‘catastrophic’.
applause
481
00:39:02,829 --> 00:39:07,129
They say: “Tails and Tor – catastrophic”.
482
00:39:07,129 --> 00:39:15,680
cheers and applause
483
00:39:15,680 --> 00:39:19,079
So what that really means is that we
now understand some things that
484
00:39:19,079 --> 00:39:24,119
they have trouble with. And how they
will take action to try to sabotage it
485
00:39:24,119 --> 00:39:27,299
is clear. They will try to sabotage the
Random Number Generators like they did
486
00:39:27,299 --> 00:39:31,789
with Dual_EC_DRBG. They will
try to sabotage the platforms.
487
00:39:31,789 --> 00:39:35,900
They will try to force companies to be
complicit. I think the German word is
488
00:39:35,900 --> 00:39:40,390
‘Gleichschaltung’. You’re all familiar:
with that? That is the process that is
489
00:39:40,390 --> 00:39:45,430
happening now in America. With these
crypto programs. That’s what PRISM is.
490
00:39:45,430 --> 00:39:49,410
PRISM is when companies would like
to fight against it. And that’s not to
491
00:39:49,410 --> 00:39:53,369
call them ‘victims’, most of them are
willing. This is still what they’re
492
00:39:53,369 --> 00:39:56,640
forced into. That is the legal regime.
And it is when you take responsibility
493
00:39:56,640 --> 00:40:00,200
using the strong crypto that you can
set that in a different direction.
494
00:40:00,200 --> 00:40:04,170
Those companies actually can’t really
protect you. They are, in fact,
495
00:40:04,170 --> 00:40:11,109
secretly in some cases, and sometimes
willingly, complicit in that. And, so
496
00:40:11,109 --> 00:40:15,569
if you use Redphone and Signal, if you
use something like Tor, and Gnu-PG
497
00:40:15,569 --> 00:40:20,269
with a properly sized key – don’t
use like a 768 bit RSA key
498
00:40:20,269 --> 00:40:24,280
or something stupid like that…
If you use OTR,
499
00:40:24,280 --> 00:40:29,829
if you use jabber.ccc.de – buy that guy
who runs that a beer, by the way –
500
00:40:29,829 --> 00:40:30,769
applause
501
00:40:30,769 --> 00:40:35,390
if you use these things in concert
together, you blind them.
502
00:40:35,390 --> 00:40:37,880
So this is the good news. And the
documents that support this
503
00:40:37,880 --> 00:40:42,499
are online. We have some other bad
news, though. There exists a program
504
00:40:42,499 --> 00:40:47,119
which they call ‘TUNDRA’. TUNDRA – it’s
not exactly clear what the details are.
505
00:40:47,119 --> 00:40:52,859
But they say that they have a handful
of crypto-analytic attacks on AES.
506
00:40:52,859 --> 00:40:56,949
Obviously they can’t break AES, or
they would be able to break OTR.
507
00:40:56,949 --> 00:41:01,039
But what it suggests is that they
have a conflict of interest.
508
00:41:01,039 --> 00:41:04,509
Well, they’re both supposed
to protect our information
509
00:41:04,509 --> 00:41:08,859
and, of course, to exploit it. If they
have attacks against AES, much like
510
00:41:08,859 --> 00:41:12,479
if they have attacks against SSH as they
claim in the Caprius database,
511
00:41:12,479 --> 00:41:16,679
in that program then it shows that
conflict of interest runs very deep.
512
00:41:16,679 --> 00:41:19,690
Against our critical infrastructure.
Against the most important systems
513
00:41:19,690 --> 00:41:25,150
that exist. Protect our data. And it
shows a sort of hegemonic arrogance.
514
00:41:25,150 --> 00:41:28,669
And that arrogance is to suggest that
they’ll always be on top. I had
515
00:41:28,669 --> 00:41:32,640
the misfortune of meeting General
Alexander, quite recently. In Germany.
516
00:41:32,640 --> 00:41:39,279
And after failing to have him arrested,
which was a funny story in itself,
517
00:41:39,279 --> 00:41:43,769
I asked him what he thought he was doing.
Another person there stood up and said:
518
00:41:43,769 --> 00:41:48,549
“What about who comes after you next?” And
he didn’t quite understand the question.
519
00:41:48,549 --> 00:41:53,130
But his answer was pretty eerie: He
said: “Nobody comes after us next”.
520
00:41:53,130 --> 00:41:56,529
faint laughter
521
00:41:56,529 --> 00:42:00,349
“Thousand-year Reich”. That is
exactly what he was saying. And
522
00:42:00,349 --> 00:42:03,920
when I confronted him about accountability
for things like kill lists, and crypto
523
00:42:03,920 --> 00:42:07,849
he said that he was just
following orders. Literately.
524
00:42:07,849 --> 00:42:11,829
laughter and some applause
525
00:42:11,829 --> 00:42:16,559
So. Now we know what blinds
them. And we understand
526
00:42:16,559 --> 00:42:20,450
what they do with things when they’re
not blinded. Their politics include
527
00:42:20,450 --> 00:42:24,660
assassinations but it doesn’t just
end there. It includes torture,
528
00:42:24,660 --> 00:42:29,650
it includes kidnapping. It includes buying
people. And then sending their bodies home
529
00:42:29,650 --> 00:42:35,319
with a number. Instead of a name.
It includes de-humanizing them.
530
00:42:35,319 --> 00:42:39,359
So we want to encourage everyone here to
feel empowered with this knowledge,
531
00:42:39,359 --> 00:42:45,280
which is a little difficult. But, Werner
Koch, are you in the room?
532
00:42:45,280 --> 00:42:47,710
positive
Could you stand up?
533
00:42:47,710 --> 00:42:53,090
applause
534
00:42:53,090 --> 00:42:56,860
Stay, stand there, just
stay, stand there!
535
00:42:56,860 --> 00:43:01,509
Laura: Stay up, stand up!
Jacob: And Ian Goldberg,
536
00:43:01,509 --> 00:43:03,509
are you in the room?
I’m sorry to do this…
537
00:43:03,509 --> 00:43:11,979
There is Ian!
ongoing applause
538
00:43:11,979 --> 00:43:15,410
…and Christine Corbett…
Christine Corbett, are you in the room?
539
00:43:15,410 --> 00:43:18,669
From Signal?
Laura: Stay… keep standing!
540
00:43:18,669 --> 00:43:23,930
Jacob: Stand up! Stand up!
applause
541
00:43:23,930 --> 00:43:29,719
These people, without even knowing it,
without even trying, they beat them!
542
00:43:29,719 --> 00:43:47,219
cheers and strong applause
543
00:43:47,219 --> 00:43:56,499
Laura: So,…
544
00:43:56,499 --> 00:44:00,470
don’t sit down guys! So,
last night I screened my film
545
00:44:00,470 --> 00:44:03,499
“Citizenfour” here, and there were some
questions, and somebody asked
546
00:44:03,499 --> 00:44:10,219
what can they do to support the work that
Snowden has done, and the journalists.
547
00:44:10,219 --> 00:44:13,219
And actually what I should have said
and I didn’t say in the moment is that
548
00:44:13,219 --> 00:44:17,910
actually everybody should fund the work
that you guys do. And I mean that,
549
00:44:17,910 --> 00:44:22,630
because, literally, my work would not be
possible without the work that you do.
550
00:44:22,630 --> 00:44:27,589
So I would like it if everybody in this
room when they leave here in the next week
551
00:44:27,589 --> 00:44:31,039
to reach out and fund these projects.
Because without these projects
552
00:44:31,039 --> 00:44:38,259
the journalism that Glenn and I, and Jake
have done would literally not be possible.
553
00:44:38,259 --> 00:44:49,529
strong applause, some cheers
554
00:44:49,529 --> 00:44:58,509
And…
555
00:44:58,509 --> 00:45:02,130
Jacob: Just to be clear, since this video
will definitely be played at a grand jury
556
00:45:02,130 --> 00:45:06,009
against the both of us, I wanna make
it perfectly clear that defense
557
00:45:06,009 --> 00:45:10,410
of the U.S. Constitution is the Supreme
defense, your honor! And, secondly,
558
00:45:10,410 --> 00:45:13,420
that those gentlemen had nothing
to do with any of this at all!
559
00:45:13,420 --> 00:45:16,479
laughter, some applause
560
00:45:16,479 --> 00:45:21,020
So, now, hold your applause, I’m sorry.
I mean – they deserve it forever.
561
00:45:21,020 --> 00:45:24,819
If it wasn’t for them we definitely would
not have made it here today. So it is
562
00:45:24,819 --> 00:45:29,029
Free Software. For freedom, literately,
as Richard Stallman talks about it.
563
00:45:29,029 --> 00:45:32,699
Empowered, with strong mathematics,
properly implemented
564
00:45:32,699 --> 00:45:37,319
that made this possible. It is not
hopeless. It is, in fact, the case
565
00:45:37,319 --> 00:45:40,939
that resistance is possible. And, in fact,
I think the CCC… If I have learned
566
00:45:40,939 --> 00:45:45,299
one lesson from the Chaos
Computer Club and this community –
567
00:45:45,299 --> 00:45:50,380
it’s that it’s mandatory. That we have
a duty to do something about these things.
568
00:45:50,380 --> 00:45:54,589
And we can do something about it.
So what we need to recognize,
569
00:45:54,589 --> 00:45:58,740
and what I hope that we can bring
to you is that there is great risk,
570
00:45:58,740 --> 00:46:02,180
for Laura, in particular. In making
these kinds of things possible.
571
00:46:02,180 --> 00:46:05,559
But that we are in it together.
When Julian and I gave a talk
572
00:46:05,559 --> 00:46:08,909
with Sarah Harrison last year, and we
talked about “Sysadmins of the world,
573
00:46:08,909 --> 00:46:13,409
uniting” we didn’t just mean
sysadmins. We meant:
574
00:46:13,409 --> 00:46:17,819
recognize your class interests, and
understand that this is the community
575
00:46:17,819 --> 00:46:22,979
that you are a part of. At least a small
part of. And that we’re in it together.
576
00:46:22,979 --> 00:46:27,890
We need people like Christine Corbett,
working on Signal. We need people
577
00:46:27,890 --> 00:46:32,569
like Ian Goldberg breaking protocols and
building things like OTR. And Werner Koch.
578
00:46:32,569 --> 00:46:36,769
We need Adam Langley building things
like Pond. But we need everybody to do
579
00:46:36,769 --> 00:46:41,009
whatever they can to help with these
things. It requires everyone; and
580
00:46:41,009 --> 00:46:45,200
every skill is valuable to contribute to
that. From all the people that work on Tor
581
00:46:45,200 --> 00:46:50,259
to people that work on Debian. That work
on free software, for freedom, literately.
582
00:46:50,259 --> 00:46:55,329
So what we wanted to do was to say that we
should align with these class interests.
583
00:46:55,329 --> 00:46:58,920
And that we should recognize them. And
that we should work together to do that.
584
00:46:58,920 --> 00:47:03,339
And it is this community who can help
to really change things in the rest
585
00:47:03,339 --> 00:47:06,640
of the world. Because it is in fact only
this community and some of the people
586
00:47:06,640 --> 00:47:11,529
in this room, and around the world to tie
in to it, that have blinded these people!
587
00:47:11,529 --> 00:47:15,849
Everyone else seems to have
either gone complicitly;
588
00:47:15,849 --> 00:47:19,559
or they have designed it
incompetently and broken,
589
00:47:19,559 --> 00:47:23,869
and it is not good. So that
is important to recognize.
590
00:47:23,869 --> 00:47:28,049
Every person, if you are here you are
out of a small set of people in the world,
591
00:47:28,049 --> 00:47:32,249
use that power wisely. Help these people
to do that. And that will help us all
592
00:47:32,249 --> 00:47:35,999
to continue. Not only to reveal these
things but to fundamentally shift
593
00:47:35,999 --> 00:47:41,140
and change that. For everyone, for the
whole planet. Without any exception.
594
00:47:41,140 --> 00:47:44,770
So, on that note we’d like
to take some questions!?
595
00:47:44,770 --> 00:47:46,290
Laura: Yeah!
596
00:47:46,290 --> 00:48:01,739
strong applause and cheers
597
00:48:01,739 --> 00:48:05,129
Herald waving at the speakers
to approach stage center
598
00:48:05,129 --> 00:48:16,949
standing ovations
599
00:48:16,949 --> 00:48:22,049
Herald gently pushing the
speakers to stage center
600
00:48:22,049 --> 00:48:48,379
continued standing ovations
601
00:48:48,379 --> 00:49:01,739
Laura: Thank you!
continued standing ovations
602
00:49:01,739 --> 00:49:04,739
Jacob: Wow!
Herald: So, everybody who has a question
603
00:49:04,739 --> 00:49:09,599
please stand in front of
one of the 6 microphones
604
00:49:09,599 --> 00:49:14,299
that are in this room, and,
Signal Angel? Are you there?
605
00:49:14,299 --> 00:49:18,519
Signal Angel: Yeah, I’m here!
Herald: Are there questions from the internet?
606
00:49:18,519 --> 00:49:22,510
Signal Angel: Yeah, so the first one would
be: What should we do about SSH now?
607
00:49:22,510 --> 00:49:25,819
laughter
Laura laughs
608
00:49:25,819 --> 00:49:28,069
Jacob: Well,
to Laura: shall I?
609
00:49:28,069 --> 00:49:32,119
Laura: Yeah.
Jacob: I wanna be clear.
610
00:49:32,119 --> 00:49:36,859
We don’t understand, we only know what
they claim. And I don’t wanna hide that
611
00:49:36,859 --> 00:49:41,199
and say that they didn’t claim anything.
But they do have claim. They claim
612
00:49:41,199 --> 00:49:46,259
it as potential. What I would say is:
what about these NIST curves?
613
00:49:46,259 --> 00:49:51,430
What about NIST-anything? The documents
that we’ve released specifically talk
614
00:49:51,430 --> 00:49:55,079
about something that’s very scary.
They say that it is Top Secret,
615
00:49:55,079 --> 00:49:59,119
in a classification guide, that the
NSA and the CIA work together
616
00:49:59,119 --> 00:50:02,869
to subvert standards. And we even released
as part of the story an example of them
617
00:50:02,869 --> 00:50:08,180
going – the NSA, that is –
to an IETF meeting
618
00:50:08,180 --> 00:50:12,359
to enhance surveillance
with regard to Voice-over-IP.
619
00:50:12,359 --> 00:50:16,949
They’re literally amongst us. So
what do we do? First, find them.
620
00:50:16,949 --> 00:50:20,009
Second, stop them!
mumbles and faint applause
621
00:50:20,009 --> 00:50:23,539
Question: Thank you!
Herald: Microphone 2, please!
622
00:50:23,539 --> 00:50:26,180
Question: Can you talk about, do you
plan on releasing the source material,
623
00:50:26,180 --> 00:50:29,239
eventually? Or will it always be redacted?
624
00:50:29,239 --> 00:50:33,999
Jacob: Well, some of this is already
out right now, without redactions.
625
00:50:33,999 --> 00:50:37,720
With the exception of
very few sets of redactions.
626
00:50:37,720 --> 00:50:41,480
For agent’s names, and things where
legally… we will go to prison. I mean,
627
00:50:41,480 --> 00:50:43,630
I’m not adverse to that.
But I’d like to wait a while.
628
00:50:43,630 --> 00:50:46,440
laughter
629
00:50:46,440 --> 00:50:48,519
Question: What about
in 15..20 year’s time?
630
00:50:48,519 --> 00:50:51,509
Laura: Yeah, I mean, I think there
are 2 questions there as how to…
631
00:50:51,509 --> 00:50:54,390
scaling (?) the reporting. But I agree,
it needs to happen. And I think
632
00:50:54,390 --> 00:50:57,710
it’s a valid criticism. I need to do more
of it. I think certain things, I think,
633
00:50:57,710 --> 00:51:01,450
will… I would say should continue to
be redacted, at least for the short term.
634
00:51:01,450 --> 00:51:03,959
Which I think is like there are a lot of
names, you know, e-mail addresses,
635
00:51:03,959 --> 00:51:07,150
phone numbers. All these kinds of
specifics, I think, we’ll continue to redact.
636
00:51:07,150 --> 00:51:10,910
And then we’re working on scaling.
I haven’t really had time to think about
637
00:51:10,910 --> 00:51:14,440
15 years from now. So, but of
course, I think at some point
638
00:51:14,440 --> 00:51:18,299
this questions-of-names becomes
less of an issue. But I do here
639
00:51:18,299 --> 00:51:20,890
the criticism that we need
to be doing more publishing!
640
00:51:20,890 --> 00:51:25,439
Jacob: If we live that long! I hope
you’ll help us! Laura laughs
641
00:51:25,439 --> 00:51:28,769
Next question?
Herald: Next question from the internet, please!
642
00:51:28,769 --> 00:51:32,119
Signal Angel: So how reliable
is this source on OTR,
643
00:51:32,119 --> 00:51:35,560
can that be verified with
a second source, somehow?
644
00:51:35,560 --> 00:51:38,869
Jacob: Well, I think that’s
a really good question.
645
00:51:38,869 --> 00:51:42,559
From what we know, cryptographically,
OTR which has been analyzed
646
00:51:42,559 --> 00:51:46,400
by a number of people hasn’t been broken.
647
00:51:46,400 --> 00:51:49,700
And what it appears to be the
case in these FISA intercepts,
648
00:51:49,700 --> 00:51:54,180
alone, that is one set of things. Where
they produce one set of evidence
649
00:51:54,180 --> 00:51:58,699
from one set of people. And there are
other documents, from a different section,
650
00:51:58,699 --> 00:52:03,519
from different agencies, that essentially
say something completely the same.
651
00:52:03,519 --> 00:52:09,390
That is: Everything we see seems
to support that. And I would say
652
00:52:09,390 --> 00:52:13,180
maybe Julian is not the best
example of how great OTR is.
653
00:52:13,180 --> 00:52:17,599
But I think I am. I rely on it every day
for almost all of my communications.
654
00:52:17,599 --> 00:52:22,049
And I feel pretty confident, combined
with this, as well as talking with people
655
00:52:22,049 --> 00:52:26,209
in the Intelligence community
who actually use OTR, and PGP,
656
00:52:26,209 --> 00:52:30,409
amazingly enough. So I feel
pretty good about it. And
657
00:52:30,409 --> 00:52:34,959
the most important part is that they don’t
have super powers. They have backdoors.
658
00:52:34,959 --> 00:52:39,590
E.g. I really would encourage people
to look at the Cavium (?) hardware.
659
00:52:39,590 --> 00:52:43,460
I don’t really know why. But it seems
to be that they’re obsessed with this.
660
00:52:43,460 --> 00:52:46,920
And you can look at the documents and
you can see that. Look at the hardware.
661
00:52:46,920 --> 00:52:51,059
Crypto hardware. And imagine that it’s
compromised. They spend tens of millions
662
00:52:51,059 --> 00:52:54,739
of Dollars to backdoor these things. And
they work with agencies around the world
663
00:52:54,739 --> 00:52:59,329
to make that happen. So, would make
sense that OTR would be safe, actually.
664
00:52:59,329 --> 00:53:02,519
It doesn’t interface with any hardware.
And it would make sense because the math
665
00:53:02,519 --> 00:53:08,859
seems to be good. And it seems to be vetted.
And that seems to be their weakness.
666
00:53:08,859 --> 00:53:13,539
Question: Thanks.
Herald: Number 4, please!
667
00:53:13,539 --> 00:53:16,469
Question: Hello. I have… actually, it may
be a little odd question. But I wanted
668
00:53:16,469 --> 00:53:22,009
to ask it anyway. Regarding the
term ‘War on Terror’ in general.
669
00:53:22,009 --> 00:53:26,769
Because all of these things, the
Torture Report, the NSA spying,
670
00:53:26,769 --> 00:53:31,469
is all being done in the name of
the ‘War on Terror’. Even though
671
00:53:31,469 --> 00:53:35,319
we know a number of the people who were
tortured were innocent and were in no way
672
00:53:35,319 --> 00:53:41,619
terrorists. We know torture does not
work as an interrogation method.
673
00:53:41,619 --> 00:53:45,380
And we know a vast majority of the people
who are being spied on are completely
674
00:53:45,380 --> 00:53:50,329
innocent and did nothing wrong. And
I wanted to know whether maybe we might
675
00:53:50,329 --> 00:53:54,689
actually be inadvertently lending (?) an
amount of credibility to the whole thing
676
00:53:54,689 --> 00:53:59,759
by using the term
‘War on Terror’ in the first place.
677
00:53:59,759 --> 00:54:02,560
Laura: Yeah, I mean, actually, I think…
Right, we’re talking about ‘Reconstructing
678
00:54:02,560 --> 00:54:05,579
Narratives’, and that’s maybe one we
should binoc (?). This is really the
679
00:54:05,579 --> 00:54:09,969
‘War on pretty much Everyone’.
And so, I agree with that.
680
00:54:09,969 --> 00:54:13,740
I think… and I stopped using it for
a long time. I think that I began
681
00:54:13,740 --> 00:54:17,699
re-using it, I think,
when nothing changed.
682
00:54:17,699 --> 00:54:20,400
And, in fact, I think I was one of those
people who thought things were changed
683
00:54:20,400 --> 00:54:23,299
under Obama. And there would be some
accountability, like if you torture people
684
00:54:23,299 --> 00:54:27,500
you’re held accountable for torturing
people. And then there didn’t. So,
685
00:54:27,500 --> 00:54:30,710
yeah, I agree, we need a new term for that
to describe… Mainly, (?) some people are
686
00:54:30,710 --> 00:54:35,509
calling it the ‘Endless War’, which
I hope is that isn’t actually true.
687
00:54:35,509 --> 00:54:39,049
But I do think that that’s a term that
688
00:54:39,049 --> 00:54:44,159
comes with the narrative
of the Government.
689
00:54:44,159 --> 00:54:47,349
Jacob: I think, because I’ve been living in
Germany for a while I actually don’t use
690
00:54:47,349 --> 00:54:50,999
the ‘War on Terror’ as a sentence,
ever. I say ‘Imperialist War’.
691
00:54:50,999 --> 00:54:54,359
Because that’s what it is. It’s Imperialist
war. And it’s an Imperialist war on you,
692
00:54:54,359 --> 00:54:58,449
as a person, your liberties. It’s not
about privacy. It’s about choice.
693
00:54:58,449 --> 00:55:02,349
It’s about dignity. It’s about agency.
And of course, I mean these guys
694
00:55:02,349 --> 00:55:06,519
are murderers and rapists. We
shouldn’t dignify them. I mean they’re
695
00:55:06,519 --> 00:55:10,299
absolutely awful. The Torture Report
really shows that. But it doesn’t matter
696
00:55:10,299 --> 00:55:15,359
that torture doesn’t work. That’s like
– as is often said – you know this notion
697
00:55:15,359 --> 00:55:20,540
like, what (?) is slavery economically
viable? Who fucking cares? It’s slavery!
698
00:55:20,540 --> 00:55:29,710
applause
Question: Thank you!
699
00:55:29,710 --> 00:55:32,290
Herald: Number 1, please!
700
00:55:32,290 --> 00:55:35,890
Question: Do you think, since it’s
kind of obvious, that we should reject,
701
00:55:35,890 --> 00:55:41,130
or mostly reject, the projects that are
influenced by Governmental Institutions
702
00:55:41,130 --> 00:55:45,859
like NIST? Do you have any
information to how they react
703
00:55:45,859 --> 00:55:50,329
when they see that you use
smaller projects like e.g. Paths (?)
704
00:55:50,329 --> 00:55:56,769
to encrypt your harddrive,
and some odd crypto scheme?
705
00:55:56,769 --> 00:56:00,049
Jacob: Well, one of the things
we found is that Truecrypt, e.g.
706
00:56:00,049 --> 00:56:04,179
withstands what they’re trying to do.
And they don’t like it. I really wonder
707
00:56:04,179 --> 00:56:08,739
if someone could figure out why Truecrypt
shut down. That would be really interesting.
708
00:56:08,739 --> 00:56:15,850
applause
709
00:56:15,850 --> 00:56:19,880
I can also tell you that after I met
General Alexander, and I told him
710
00:56:19,880 --> 00:56:23,589
to go fuck himself as hard as
possible with a chainsaw…
711
00:56:23,589 --> 00:56:29,470
whoohoo’s, cheers and applause
712
00:56:29,470 --> 00:56:32,190
I hope he’s watching this video!
laughter
713
00:56:32,190 --> 00:56:37,449
He actually went to, let’s say my
employer who shall remain anonymous
714
00:56:37,449 --> 00:56:42,659
someone in the audience laughs
and, … sorry Roger!
715
00:56:42,659 --> 00:56:45,779
laughter
…and my understanding is they also
716
00:56:45,779 --> 00:56:49,929
went to our funders, and said:
“What’s this guy? What’s he doing?”,
717
00:56:49,929 --> 00:56:54,740
you know, and they tried to pressure. And
my employer, who shall remain anonymous,
718
00:56:54,740 --> 00:56:59,050
did not cave. But, yeah,
they exert pressure!
719
00:56:59,050 --> 00:57:07,460
applause
720
00:57:07,460 --> 00:57:10,479
Herald: Another question
from the internet, please!
721
00:57:10,479 --> 00:57:16,609
Signal Angel: Yeah, so, these files
are pretty shocking, or revealing.
722
00:57:16,609 --> 00:57:19,400
Were they part of the stuff that
came out in summer last year?
723
00:57:19,400 --> 00:57:24,629
And where was the bottleneck?
Why do they come out now?
724
00:57:24,629 --> 00:57:26,150
Jacob: Oh that’s a question for you!
725
00:57:26,150 --> 00:57:29,670
Laura: Yeah! So in this case
726
00:57:29,670 --> 00:57:33,990
this was a number of reasons. One is
727
00:57:33,990 --> 00:57:37,360
that we’ve been slowed
to scale the reporting.
728
00:57:37,360 --> 00:57:40,509
And it was also the case
that some of the files
729
00:57:40,509 --> 00:57:43,600
I personally didn’t have
access to, during that time
730
00:57:43,600 --> 00:57:47,539
when the story actually first
came out. And then also
731
00:57:47,539 --> 00:57:54,489
just the time of reporting and
researching the documents.
732
00:57:54,489 --> 00:57:57,239
Herald: Number 3, please!
733
00:57:57,239 --> 00:58:01,069
Question: Thanks for the talk! It was
great! I support totally the idea that
734
00:58:01,069 --> 00:58:06,519
we need strong crypto. And I think that
735
00:58:06,519 --> 00:58:08,840
strong crypto needs also support,
and we should all use it. But I think
736
00:58:08,840 --> 00:58:12,390
strong crypto is not the whole
answer to the political situation
737
00:58:12,390 --> 00:58:15,229
that we have. And I think…
738
00:58:15,229 --> 00:58:21,259
applause
739
00:58:21,259 --> 00:58:25,859
…I think that this community of
hackers and nerds needs to build
740
00:58:25,859 --> 00:58:29,650
stronger ties with political movements
and be part of political movements.
741
00:58:29,650 --> 00:58:33,809
I know you are, and I think that
we can’t solve the political dilemma
742
00:58:33,809 --> 00:58:37,329
with just strong crypto. So we need both.
743
00:58:37,329 --> 00:58:45,539
applause
744
00:58:45,539 --> 00:58:47,660
Herald: And another
question from the internet!
745
00:58:47,660 --> 00:58:50,949
No more questions from the
internet. So, number 3, please!
746
00:58:50,949 --> 00:58:54,830
Question: Yes, thank you also very much
for the talk. I want to ask a question
747
00:58:54,830 --> 00:58:58,880
about Citizenfour, and especially the
ending, of Citizenfour, where there’s
748
00:58:58,880 --> 00:59:05,079
a strong suggestion that army base here
in Germany, called Ramstein is essential
749
00:59:05,079 --> 00:59:10,710
in these killings that you addressed
tonight. What would be your… like,
750
00:59:10,710 --> 00:59:15,520
are you gonna give more information
that’s not just suggestional? And
751
00:59:15,520 --> 00:59:20,319
what would you want, like, especially
this audience to engage in?
752
00:59:20,319 --> 00:59:24,470
Laura: I mean, so, there is gonna
be more reporting on that topic
753
00:59:24,470 --> 00:59:29,220
that I’m working with, and my colleague
Jeremy Scahill, at the Intercept.
754
00:59:29,220 --> 00:59:32,740
And unfortunately I can’t say more
than that, other than, we will be
755
00:59:32,740 --> 00:59:36,440
coming out with more information that
will go beyond what you see in the film.
756
00:59:36,440 --> 00:59:41,549
So, for sure. And it deals with
how Ramstein is part of the
757
00:59:41,549 --> 00:59:44,709
infrastructure and architecture
of communication.
758
00:59:44,709 --> 00:59:47,149
Jacob: Shut it down! Shut it down!
759
00:59:47,149 --> 00:59:53,259
applause
760
00:59:53,259 --> 00:59:56,179
Herald: Number 5, please!
761
00:59:56,179 --> 01:00:00,339
Question: Is there a minimum key length
that you would consider unsafe?
762
01:00:00,339 --> 01:00:03,009
Jacob: Yeah, so, actually I’m glad you
asked that question. I was sort of hoping
763
01:00:03,009 --> 01:00:06,259
someone will do that. Okay. So. There are
some documents from the GCHQ
764
01:00:06,259 --> 01:00:09,769
where they talk about their super
computing resources. And,
765
01:00:09,769 --> 01:00:15,929
about 3 years ago they were
talking about 640 bit keys
766
01:00:15,929 --> 01:00:20,079
being something that they sort of casually
take care of. Now at the same time that
767
01:00:20,079 --> 01:00:24,499
that was happening Arjen Lenstra
had, I think, factored 768 bit,
768
01:00:24,499 --> 01:00:29,119
and it took, what was it, Alex?
3 years? On a bunch…
769
01:00:29,119 --> 01:00:32,880
listens to answer from audience
Year and a half! So, I think pretty much
770
01:00:32,880 --> 01:00:37,040
anything less than 1024 [bit] is a bad
idea. There are other documents
771
01:00:37,040 --> 01:00:41,349
where they specifically say, if
it’s 1024 bit RSA, it’s a problem.
772
01:00:41,349 --> 01:00:44,619
But you need to think about it,
not about what they can do today.
773
01:00:44,619 --> 01:00:47,259
First of all they have different
compartments. One of those compartments
774
01:00:47,259 --> 01:00:51,289
obviously is dedicated to any maths
that they’ve got that speed that up.
775
01:00:51,289 --> 01:00:54,680
But another point is that because of
things like the massive data repository
776
01:00:54,680 --> 01:00:58,089
– the mission data repository of
Bluffdale, Utah – you’re not encrypting
777
01:00:58,089 --> 01:01:03,229
for today. I mean, you are! But you’re
also encrypting for 50 years from today.
778
01:01:03,229 --> 01:01:07,049
So, personally, I use 4096 bit
RSA keys, and I store them
779
01:01:07,049 --> 01:01:10,329
on a hardware token, which
hopefully doesn’t have a backdoor.
780
01:01:10,329 --> 01:01:14,530
But I trust Werner [Koch]. That’s
the best I can do, unfortunately.
781
01:01:14,530 --> 01:01:17,030
Which is pretty good. But…
laughter
782
01:01:17,030 --> 01:01:22,009
But I think e.g. that the best key sizes,
783
01:01:22,009 --> 01:01:25,109
you need to think about them in terms of
what you’re actually doing; and how long.
784
01:01:25,109 --> 01:01:29,309
And then think about composition. That is…
it’s not just about encrypting something
785
01:01:29,309 --> 01:01:32,869
with, like, a 4096 bit RSA key.
Also make it hard for them to target you
786
01:01:32,869 --> 01:01:36,670
for surveillance in the
first place. So, e.g.
787
01:01:36,670 --> 01:01:39,939
when you can, use systems where
you can composite (?) with Tor. Use things
788
01:01:39,939 --> 01:01:42,890
that are totally ephemerally keyed. So
they can’t break in, steal the key and
789
01:01:42,890 --> 01:01:47,279
decrypt things in retrospect. Make it
really hard for them to make it valuable.
790
01:01:47,279 --> 01:01:51,319
There’s an economic point to that
collection as well as a mathematical point.
791
01:01:51,319 --> 01:01:54,589
Actually they sort of balance each other
out. So anyway, don’t use small key lengths.
792
01:01:54,589 --> 01:01:59,710
And maybe also consider looking at the
work that DJB and Tanja have been doing,
793
01:01:59,710 --> 01:02:04,910
about Elliptic Curves stuff.
And I think, really look to them!
794
01:02:04,910 --> 01:02:07,930
But these guys [=NSA] aren’t special.
They don’t have super powers.
795
01:02:07,930 --> 01:02:10,879
But when you use things that
are closed-source software…
796
01:02:10,879 --> 01:02:14,470
I mean, Richard Stallman was really right.
I mean, I know that it pains some of you
797
01:02:14,470 --> 01:02:17,470
to know that. But he was really right.
laughter
798
01:02:17,470 --> 01:02:20,010
And he deserves a lot of love for that!
799
01:02:20,010 --> 01:02:29,509
applause
800
01:02:29,509 --> 01:02:32,339
Free software, with software
implementations with large keys.
801
01:02:32,339 --> 01:02:35,959
That’s what you want. And when you can:
protocols that allow for ephemeral keying,
802
01:02:35,959 --> 01:02:39,119
or where they have forward secrecy.
Things like Pond, things like OTR,
803
01:02:39,119 --> 01:02:43,420
things like Redphone and Signal.
And GnuPG. GnuPG has the caveat (?) that
804
01:02:43,420 --> 01:02:46,150
if they ever get into your system later
they can of course decrypt other messages.
805
01:02:46,150 --> 01:02:51,569
So you have to consider all that. Not just
key size. And GnuPG has safe defaults.
806
01:02:51,569 --> 01:02:54,740
So if you’re choosing key sizes,
hopefully you’re using that.
807
01:02:54,740 --> 01:02:58,209
Libraries like Salt also
make safe choices. So,
808
01:02:58,209 --> 01:03:02,609
hopefully that answers your question and
you use strong crypto in the future.
809
01:03:02,609 --> 01:03:05,839
Herald: So thank you very
much for the talk. Thank you!
810
01:03:05,839 --> 01:03:08,999
I saw a lot of people being
shocked in that room.
811
01:03:08,999 --> 01:03:13,919
A lot of tears of, I think,
proudness and hope.
812
01:03:13,919 --> 01:03:18,469
I saw… that gives me a really good
feeling. So thank you for the talk.
813
01:03:18,469 --> 01:03:20,839
Give them a very warm applause!
814
01:03:20,839 --> 01:03:34,499
applause
815
01:03:34,499 --> 01:03:37,569
silent postroll titles
816
01:03:37,569 --> 01:03:45,821
Subtitles created by c3subtitles.de
in the year 2017. Join, and help us!