WEBVTT
00:00:00.000 --> 00:00:09.830
silent 31C3 preroll
00:00:09.830 --> 00:00:12.990
Laura and Jacob silently on stage
audio/video playback starts
00:00:12.990 --> 00:00:16.220
Announcing person in video: Give
a warm welcome to General Alexander!
00:00:16.220 --> 00:00:20.940
video starts all over again,
now at its titles
00:00:20.940 --> 00:00:24.165
Announcing person in video: Give
a warm welcome to General Alexander!
00:00:24.165 --> 00:00:29.925
video:applause
00:00:29.925 --> 00:00:34.535
Alexander: Thanks!
Can you hear me?
00:00:34.535 --> 00:00:37.045
Question: So does the NSA
really keep a file on everyone?
00:00:37.045 --> 00:00:39.425
Alexander: So many things you could
say are funny but I think this requires
00:00:39.425 --> 00:00:43.829
a very serious answer. First:
No, we don’t, absolutely not.
00:00:43.829 --> 00:00:46.670
And anybody who’d tell you that
we’re keeping files or dossiers
00:00:46.670 --> 00:00:49.760
on the American people:
No, that’s not true.
00:00:49.760 --> 00:00:54.300
And I will tell you that those who would
want to weave the story, that we have
00:00:54.300 --> 00:00:59.220
millions or hundreds of millions of
dossiers on people is absolutely false.
00:00:59.220 --> 00:01:09.680
title with music
“Reconstructing Narratives”
00:01:09.680 --> 00:01:20.770
audio/video playback stops
00:01:20.770 --> 00:01:23.680
Jacob Appelbaum: That’s the first time
I can remember not being wiretapped!
00:01:23.680 --> 00:01:33.740
Laura laughs
laughter and applause
00:01:33.740 --> 00:01:38.820
Okay, well, it’s really a great
honor to be back, and it’s
00:01:38.820 --> 00:01:41.420
really one of the greatest pleasures
of my life to be on stage with Laura,
00:01:41.420 --> 00:01:45.819
who is one of the most fearless,
fantastic journalists…
00:01:45.819 --> 00:01:54.319
applause
00:01:54.319 --> 00:01:58.829
…and we are here today
to tell you a few things.
00:01:58.829 --> 00:02:03.740
I am an American by birth
and post-nationalist, I suppose,
00:02:03.740 --> 00:02:08.419
by an accident of history. I’m
here now working as a journalist
00:02:08.419 --> 00:02:12.550
and Laura is working as a journalist.
And I’ll let her introduce herself.
00:02:12.550 --> 00:02:16.140
Laura Poitras: So, I’ve been working
the last years, trying to document
00:02:16.140 --> 00:02:20.170
the “War on Terror” and to understand
it from a human perspective
00:02:20.170 --> 00:02:25.080
and how we can understand it differently,
if we understand its impact on people.
00:02:25.080 --> 00:02:28.510
And today, what Jacob and
I want to do is to talk about
00:02:28.510 --> 00:02:33.330
how the narratives that
we’ve been told are false,
00:02:33.330 --> 00:02:37.790
and how we can construct new narratives
that are based on objective facts.
00:02:37.790 --> 00:02:40.780
Jacob: I think in some way some of
the things we are saying will be
00:02:40.780 --> 00:02:44.250
‘preaching to the choir’, because it is
through this community, that we have,
00:02:44.250 --> 00:02:48.280
in fact, found some of the truths,
that we will talk about today.
00:02:48.280 --> 00:02:54.540
And the CCC to me is like home, so…
00:02:54.540 --> 00:03:00.680
laughter and applause
00:03:00.680 --> 00:03:05.250
And so, if it wasn’t for the CCC and
your material support I don’t believe
00:03:05.250 --> 00:03:08.510
that it would be possible for us to be
here today. So, thank you all very much
00:03:08.510 --> 00:03:12.160
for the large conspiracy that the German
people and the international community
00:03:12.160 --> 00:03:15.020
have brought.
some laughter in the audience
00:03:15.020 --> 00:03:19.070
We have just now simultaneously
published on DER SPIEGEL’s website
00:03:19.070 --> 00:03:23.260
two very large stories which we think will
be of great interest, which we will take
00:03:23.260 --> 00:03:27.010
a little bit of time to explain.
But if you go to spiegel.de
00:03:27.010 --> 00:03:31.370
you will see two stories.
One is about cryptography
00:03:31.370 --> 00:03:37.560
and one is about… the CIA.
And about JPEL and NATO.
00:03:37.560 --> 00:03:40.790
And this is very important, these stories
being published at the same time,
00:03:40.790 --> 00:03:45.020
we very much want to thank DER SPIEGEL
and the colleagues who are in this room,
00:03:45.020 --> 00:03:48.250
Andy Müller-Maguhn, Aaron Gibson
and a number of other people,
00:03:48.250 --> 00:03:50.740
Marcel Rosenberg and Holger Stark…
00:03:50.740 --> 00:03:58.730
applause
00:03:58.730 --> 00:04:02.440
We, as some background, have
been working on these stories
00:04:02.440 --> 00:04:06.460
really for a long time.
The crypto story, I would say,
00:04:06.460 --> 00:04:10.180
it’s something we’ve wanted to do for
almost a year and a half, if not more.
00:04:10.180 --> 00:04:13.150
And really, if you think about the
investigations in the Cypherpunks movement
00:04:13.150 --> 00:04:17.649
we’ve really wanted to have some of
these answers for about 15 or 20 years.
00:04:17.649 --> 00:04:20.608
Some of the answers are good and some
of the answers are not so fantastic.
00:04:20.608 --> 00:04:24.910
I guess, it depends on where you stand.
But we hope that, by bringing this to you,
00:04:24.910 --> 00:04:28.190
that it is really in the public interest.
And that the public here is interested
00:04:28.190 --> 00:04:32.190
and that you will take it to other places.
That you will really take action, based on
00:04:32.190 --> 00:04:37.030
what you see. Whether it is traditional
action, whether it is civil disobedience,
00:04:37.030 --> 00:04:40.940
whether it’s FOIAs, whether it’s
something else, who knows, we hope
00:04:40.940 --> 00:04:44.070
that you will feel empowered
by the end of this talk.
00:04:44.070 --> 00:04:46.880
Laura: And I’d just like to say
that if anyone wants to open up
00:04:46.880 --> 00:04:49.770
their laptops and look at some of
the documents that we’ve published
00:04:49.770 --> 00:04:53.160
we won’t be offended at all and,
in fact, will be happy. I think it will
00:04:53.160 --> 00:04:55.680
contribute to your experience
of the talk today.
00:04:55.680 --> 00:04:59.860
Voice from audience: Laura,
it’s ‘/international’ on spiegel.de
00:04:59.860 --> 00:05:04.450
Jacob: Great, ‘spiegel.de/international’
And for everyone who can’t be here,
00:05:04.450 --> 00:05:08.389
streaming, remember if the stream cuts out
and you never see us again, it was murder!
00:05:08.389 --> 00:05:14.010
Laura and audience laughing, some applause
00:05:14.010 --> 00:05:17.960
Laura: So, one of the ways
that the ‘War on Terror’ works
00:05:17.960 --> 00:05:21.850
– and the way that war works in general –
is how people are de-humanized
00:05:21.850 --> 00:05:31.500
and reduced to numbers. This is a short
video that I filmed about Guantanamo.
00:05:31.500 --> 00:06:38.400
video with serious music
00:06:38.400 --> 00:06:42.680
Laura: That was a video that I made
about a former prisoner of Guantanamo.
00:06:42.680 --> 00:06:49.500
His name was Adnan Latif. He
was sent to Guantanamo in 2012.
00:06:49.500 --> 00:06:54.930
And this is how he came home. He
was on hunger strike for many years
00:06:54.930 --> 00:06:59.220
before he died. And what
was most shocking to me
00:06:59.220 --> 00:07:05.650
is watching what happens when he returns
home and that he’s listed as a number.
00:07:05.650 --> 00:07:09.900
And that his family had to witness that.
That that was a person who they were
00:07:09.900 --> 00:07:13.919
seeing for the first time in many
years, who is reduced to a number.
00:07:13.919 --> 00:07:17.740
So today, what we’re publishing
with DER SPIEGEL is looking at
00:07:17.740 --> 00:07:23.139
how that process works.
And it involves NATO’s JPEL kill list
00:07:23.139 --> 00:07:30.199
that is being used in Afghanistan
to target people for targeted killings.
00:07:30.199 --> 00:07:34.680
We’re publishing along that some
narratives of particular people
00:07:34.680 --> 00:07:39.650
who are on the kill list. One
particular case was a man
00:07:39.650 --> 00:07:45.510
who was given the code
name “Object Doody”.
00:07:45.510 --> 00:07:50.560
He was targeted for killing,
or for assassination.
00:07:50.560 --> 00:07:55.800
A British Apache helicopter
that was code named “Ugly 50”
00:07:55.800 --> 00:08:01.420
was sent to kill him. This was on
a day that the visibility was poor,
00:08:01.420 --> 00:08:04.759
and they missed him and they
shot a child and his father.
00:08:04.759 --> 00:08:08.820
The child was killed immediately,
the father was wounded.
00:08:08.820 --> 00:08:16.240
The helicopter looped back
around and killed its target.
00:08:16.240 --> 00:08:20.440
Jacob: Right. So, part of what we are
hoping to do here, just to make it
00:08:20.440 --> 00:08:26.211
perfectly clear, is to expose information
that people say doesn’t exist, with
00:08:26.211 --> 00:08:30.860
a couple of goals. And one of those
goals, to be very clear about it,
00:08:30.860 --> 00:08:34.429
– even though this, I suppose, tilts
me a little bit on the activist side
00:08:34.429 --> 00:08:38.599
of journalism – is to stop the
killing. That is an explicit goal
00:08:38.599 --> 00:08:43.220
with this publication. The British
Government and the American Government
00:08:43.220 --> 00:08:46.520
– in various different ways NATO as well –
they say, that these kind of things
00:08:46.520 --> 00:08:50.120
really don’t exist. That they don’t
happen this way. Any they talk about
00:08:50.120 --> 00:08:56.680
the killing of people in a very…
let’s say ‘mechanical fashion’.
00:08:56.680 --> 00:08:59.930
Usually they say this evidence doesn’t
exist, but the evidence does exist.
00:08:59.930 --> 00:09:05.640
And, in fact, there are lists with
names, just endless names.
00:09:05.640 --> 00:09:09.180
And those people, in various different
ways, are graded. They’re graded
00:09:09.180 --> 00:09:13.180
with regard to the political consequence
of those people being killed. As well as
00:09:13.180 --> 00:09:18.140
some very small spreadsheet and on
that spreadsheet, there’s a small box,
00:09:18.140 --> 00:09:25.010
and that box explains their crimes.
Next to that, there’s a Dollar figure
00:09:25.010 --> 00:09:28.670
for a potential reward. And maybe there’s
a restriction. Sometimes it says something
00:09:28.670 --> 00:09:34.180
like “kinetic action prohibited”. For
example. That’s because, by default,
00:09:34.180 --> 00:09:38.920
“kinetic action” is not prohibited.
That is because these are lists of names
00:09:38.920 --> 00:09:44.100
of people to be found and to be
murdered. And so of these lists…
00:09:44.100 --> 00:09:48.230
we have an excerpt of these
lists, being published today.
00:09:48.230 --> 00:09:53.770
And the goal of publishing this is
to show what needs to be done.
00:09:53.770 --> 00:09:58.000
So these lists have redactions
and the goal is that SPIEGEL,
00:09:58.000 --> 00:10:03.500
along with hopefully others, will help
us to continue to work to uncover
00:10:03.500 --> 00:10:07.550
not only the fate of these people on these
lists whose names are redacted, but also
00:10:07.550 --> 00:10:11.720
the fate of people who are not yet on
these kinds of lists. Maybe to move
00:10:11.720 --> 00:10:16.240
to a world in which we don’t have lists
for, what I would call, assassinations.
00:10:16.240 --> 00:10:20.480
And that’s what SPIEGEL calls it as well.
This is not, as some people would say,
00:10:20.480 --> 00:10:28.890
a “Joint Prioritized Effects List”. This
is an assassination program. And I think,
00:10:28.890 --> 00:10:32.600
personally, that it is inappropriate for
democratic societies to have them and
00:10:32.600 --> 00:10:37.100
when they deny that they have them, we’d
like to prove them wrong and publish them.
00:10:37.100 --> 00:10:39.560
And so that is, what we have done today.
00:10:39.560 --> 00:10:52.900
applause
00:10:52.900 --> 00:10:58.270
Now, an important detail
of this is: In the story,
00:10:58.270 --> 00:11:03.330
the very specific story that is told in
the SPIEGEL piece, as Laura mentioned,
00:11:03.330 --> 00:11:06.810
there is an Apache helicopter. And
that helicopter attempted to engage
00:11:06.810 --> 00:11:10.800
with a so-called “legitimate target”. And
part of what we hope to drive home
00:11:10.800 --> 00:11:16.180
is this notion of legitimacy
and targeting. In this case,
00:11:16.180 --> 00:11:20.580
there is a value, that is assigned to
a person. And that value is a number,
00:11:20.580 --> 00:11:26.000
which includes the number of people who
are not the target, that can be killed
00:11:26.000 --> 00:11:29.360
in service of killing that person!
That is completely innocent people,
00:11:29.360 --> 00:11:33.420
who are allowed to be killed entirely. And
00:11:33.420 --> 00:11:38.350
depending on the number there may be
a call back to base or to a higher command.
00:11:38.350 --> 00:11:43.560
But the number isn’t 1 before they have
to make that call. They have discretion.
00:11:43.560 --> 00:11:49.350
And in this case a child was killed with
a Hellfire missile. And why is that?
00:11:49.350 --> 00:11:52.890
Because technology mediates this
type of killing and that technology is
00:11:52.890 --> 00:11:57.820
not as precise as people would say.
And so we have today published
00:11:57.820 --> 00:12:05.670
the storyboard of this objective “Doody”,
which is the name, D-O-O-D-Y.
00:12:05.670 --> 00:12:09.149
That storyboard tells this and
explains that a child was killed
00:12:09.149 --> 00:12:12.489
with a Hellfire missile in service of
killing someone else. And Laura
00:12:12.489 --> 00:12:21.010
can explain what this person
did to ‘deserve’ to be killed.
00:12:21.010 --> 00:12:25.209
Laura: I mean, actually, what I wanted
to transition to is looking at
00:12:25.209 --> 00:12:29.180
actually the fact… the narrative is, that
the government or governments are
00:12:29.180 --> 00:12:33.720
targeting people, who are suspected
of something. And in fact
00:12:33.720 --> 00:12:38.430
what we learned, is that they’re targeting
people based on as little information
00:12:38.430 --> 00:12:43.180
as their telephone number, or a voice
recognition. And they’re using those
00:12:43.180 --> 00:12:48.720
as methods to target and kill people.
One of the things, that we’ve learned
00:12:48.720 --> 00:12:53.340
through the disclosures by Edward
Snowden is that they’re targeting people
00:12:53.340 --> 00:12:57.950
not just in war zones but internationally.
They’re targeting us for surveillance
00:12:57.950 --> 00:13:04.830
all over the world. And…
this is a video of a target.
00:13:04.830 --> 00:13:13.150
audio/video playback starts
Man: This is the highest level! (in German)
00:13:13.150 --> 00:13:17.260
Ali Fares: Mh-mh!
00:13:17.260 --> 00:13:20.430
Netcologne, [inaudible], Teliast…
00:13:20.430 --> 00:13:27.200
Oh my god, it’s so good documented!
00:13:27.200 --> 00:13:31.730
That are most of the
routers that I actually know.
00:13:31.730 --> 00:13:41.850
Office, plied sky (?), and…
00:13:41.850 --> 00:13:44.240
Man: This is an engineer?
Ali: Yes.
00:13:44.240 --> 00:13:47.530
Man: Engineer, engineer, engineer, engineer…
Ali: Oh, yeah.
00:13:47.530 --> 00:13:53.490
Man: …engineer, engineer.
This is you?
00:13:53.490 --> 00:14:03.810
Ali: Yes.
audio/video playback stops
00:14:03.810 --> 00:14:08.550
Jacob: So what you just saw there
was “Engineers from Stellar”, and
00:14:08.550 --> 00:14:13.690
that is a fantastic name for a company
that gets compromised. It is important
00:14:13.690 --> 00:14:19.839
to understand the notion of targeting
with regard to why a target
00:14:19.839 --> 00:14:25.390
considered legitimate in some cases can
have this notion of collateral damage.
00:14:25.390 --> 00:14:29.640
Now in the case of Stellar or in the case
of Belgacom, which Laura revealed
00:14:29.640 --> 00:14:35.100
with DER SPIEGEL, what we learn
is that it isn’t actually the case
00:14:35.100 --> 00:14:39.580
that a terrorist is involved
with Belgacom or with Stellar.
00:14:39.580 --> 00:14:44.600
It is that a kind of neo-colonialism
is taking place in the digital era,
00:14:44.600 --> 00:14:49.480
wherein the colonies, the networks,
that they do not have through coercion
00:14:49.480 --> 00:14:54.910
of the state or through other surveillance
practices, they have to be compromised.
00:14:54.910 --> 00:14:59.839
And those become targets and they
become legitimate targets in theory
00:14:59.839 --> 00:15:04.589
and in actuality, because of it’s
usefulness. Because of the leverage
00:15:04.589 --> 00:15:10.050
that it provides against a speculative
target, someday in the future. That is,
00:15:10.050 --> 00:15:13.570
these networks become compromised
in service of being able to compromise
00:15:13.570 --> 00:15:19.630
future networks and other people, just
because they can. They set out to do that.
00:15:19.630 --> 00:15:23.649
And so Stellar is an example of such a
thing. And to be able to confront victims
00:15:23.649 --> 00:15:29.279
this way, to show them that they’re
compromised helps us to understand,
00:15:29.279 --> 00:15:34.089
helps us to show that in fact we are
directly, and indirectly impacted
00:15:34.089 --> 00:15:39.640
by these types of activities. And when
we think about this kind of targeting
00:15:39.640 --> 00:15:45.890
we have to understand the scale.
And this scale is sort of incredible.
00:15:45.890 --> 00:15:52.220
The budget for targeted
exploitation, for the NSA,
00:15:52.220 --> 00:15:57.180
not speaking at all about the GCHQ,
or the Defense Signals Directorate folks
00:15:57.180 --> 00:16:02.589
over in Australia,
there’s so much money,
00:16:02.589 --> 00:16:06.769
when you look at the offensive warfare,
that for 2013 alone there was
00:16:06.769 --> 00:16:12.209
650 million Dollars spent
on the GENIE program.
00:16:12.209 --> 00:16:15.430
And the GENIE program is their
offensive Cyber War program,
00:16:15.430 --> 00:16:20.050
as they call it themselves, in which they
build backdoors, like UNITEDRAKE
00:16:20.050 --> 00:16:25.639
and STRAITBIZZARE and other tools like
Regin, which you know as one of the tools,
00:16:25.639 --> 00:16:29.860
I hope, that has been used in
Belgacom and in other places.
00:16:29.860 --> 00:16:33.930
So they target places like Stellar and
Belgacom, but they also target places
00:16:33.930 --> 00:16:39.300
like the European Union. In that
case, the EU takes the place
00:16:39.300 --> 00:16:42.940
of a terrorist. That is: they are the
goal. They aren’t compromising
00:16:42.940 --> 00:16:46.899
the EU’s networks just because
someone interesting might show up,
00:16:46.899 --> 00:16:51.710
they are compromising the EU’s
networks, because the EU is
00:16:51.710 --> 00:16:55.800
the equivalent to a terrorist to them. And
they wish to have leverage and control.
00:16:55.800 --> 00:16:59.320
Because that’s what surveillance is in
this context. It’s exploitation of systems,
00:16:59.320 --> 00:17:03.080
where they leverage access to that
system, or whichever systems that they
00:17:03.080 --> 00:17:07.720
have access to, to get more access,
to have more control. Either politically
00:17:07.720 --> 00:17:13.469
or technologically or both.
Which ties of course into economics.
00:17:13.469 --> 00:17:20.099
Now, in the case of GENIE 650 million
Dollars is quite a great deal of money.
00:17:20.099 --> 00:17:26.230
But for 2017 the projected budget
for GENIE is a billion Dollars.
00:17:26.230 --> 00:17:31.059
This is just the beginning of what
we see. And these civilian targets
00:17:31.059 --> 00:17:34.730
or these governmental targets that are
being targeted in continental Europe,
00:17:34.730 --> 00:17:38.570
they’re not alone. It is actually
happening all around the world.
00:17:38.570 --> 00:17:42.309
And these compromises, they happen
in service of mass surveillance.
00:17:42.309 --> 00:17:46.740
Whenever they don’t have the ability to
mass-surveil a system they implant systems
00:17:46.740 --> 00:17:51.020
along the way in order to surveil
what goes in and out of them.
00:17:51.020 --> 00:17:56.500
Systems are even used as what are called
‘Diodes’. And Diodes are essentially
00:17:56.500 --> 00:18:02.590
another term which we see the Canadians
use. Operational Relay Boxes or ORBs.
00:18:02.590 --> 00:18:06.179
Anybody here that used to be a black hat,
I know there are no more black hats here,
00:18:06.179 --> 00:18:12.040
it’s all legitimate, but… except
for that guy, in the front…
00:18:12.040 --> 00:18:16.450
Everybody knows what you use those boxes
for: You use them to jump from one network
00:18:16.450 --> 00:18:20.080
to another network, so that when
something is traced back it traces back
00:18:20.080 --> 00:18:23.170
to that machine. In the case of the
Canadian Service they themselves
00:18:23.170 --> 00:18:26.980
talk about, a couple of times a year,
compromising as many systems as they can
00:18:26.980 --> 00:18:31.020
in non-Five-Eyes countries, in order to
ensure that they have as many operational
00:18:31.020 --> 00:18:37.040
relay boxes as they need for the
coming year. These diodes mean
00:18:37.040 --> 00:18:42.049
that when a system does a thing, it is
absolutely not the case that we can say
00:18:42.049 --> 00:18:45.350
the person who has purchased
that system is responsible for it.
00:18:45.350 --> 00:18:49.110
It is their official doctrine, in fact,
to use other people’s computers
00:18:49.110 --> 00:18:53.809
for their hacking. And that’s important,
when we now consider, that they have
00:18:53.809 --> 00:18:59.660
– in 2017 projected – a goal of
having a billion Dollars to do that.
00:18:59.660 --> 00:19:04.530
When we look at how that bounces out with
Defense that is – not at all – balanced.
00:19:04.530 --> 00:19:10.980
In fact, it is tilted entirely
towards Offensive Warfare.
00:19:10.980 --> 00:19:14.700
Laura: I was wondering, how many
people in the room have gone online
00:19:14.700 --> 00:19:17.239
to look at some of the
documents that we released.
00:19:17.239 --> 00:19:20.559
Jacob: Anyone? Hey, nice.
Laura: Alright.
00:19:20.559 --> 00:19:25.020
Jacob: Fantastic! So in
the future, that is to say
00:19:25.020 --> 00:19:30.150
in approximately 3 weeks, we plan to
release, along with some of our colleagues
00:19:30.150 --> 00:19:34.090
at SPIEGEL, and other people who
are helping out, more information
00:19:34.090 --> 00:19:38.549
about specific malware, specific
cases in which it’s used
00:19:38.549 --> 00:19:42.240
and details about information sharing
with regard to the malware in terms of
00:19:42.240 --> 00:19:45.320
how it’s harvested. We’re thinking
probably in the second week of January
00:19:45.320 --> 00:19:49.230
for that malware story. And we
wanted to make sure to get it right
00:19:49.230 --> 00:19:54.549
and we wanted people to focus on
the specifics of the NATO kill lists
00:19:54.549 --> 00:19:59.780
and to focus on cryptography.
We thought, well, people here
00:19:59.780 --> 00:20:03.480
in the audience would be able to handle
all three, the rest of the world just
00:20:03.480 --> 00:20:07.760
isn’t ready for it yet. So we had
to take a little bit of a pause. So
00:20:07.760 --> 00:20:13.940
more of the malware details will be
released in about 3 weeks. Now for me,
00:20:13.940 --> 00:20:17.860
one of the things that has, I would
say for my entire adult life been
00:20:17.860 --> 00:20:21.500
very interesting to me and before
my adult life started, was a system
00:20:21.500 --> 00:20:23.830
known as Echelon. Anybody
here remember that system?
00:20:23.830 --> 00:20:26.350
‘Woohoow’, and laughter
00:20:26.350 --> 00:20:29.080
jokingly: That’s the guy that built it!
more laughter
00:20:29.080 --> 00:20:33.510
I would guess… maybe not,
sorry, I don’t want to… trying to
00:20:33.510 --> 00:20:37.549
snitch jacket you there… But
00:20:37.549 --> 00:20:42.180
I think it’s to me extremely
important to hear about these
00:20:42.180 --> 00:20:46.799
kinds of things, that sound totally crazy.
Like the CIA torture report, for example.
00:20:46.799 --> 00:20:50.900
That started out as a conspiracy [theory].
And now we know, that America’s
00:20:50.900 --> 00:20:56.439
official policy with the CIA was rape,
anal rehydration. Those were
00:20:56.439 --> 00:21:01.380
conspiracy theories which
we now know to be facts.
00:21:01.380 --> 00:21:06.630
So Echelon, the rumour of Echelon was
this notion of planetary surveillance.
00:21:06.630 --> 00:21:11.400
And of course it was Duncan Campbell who
brought this forward in an European Union
00:21:11.400 --> 00:21:17.390
report. He, in fact, very clearly outlined
the interception capabilities
00:21:17.390 --> 00:21:23.880
of the U.S. Government and others.
Now, it is hard to actually imagine
00:21:23.880 --> 00:21:29.620
planetary surveillance, on a scale, let’s
say, your home, and how your home
00:21:29.620 --> 00:21:34.410
fits into your city, and your city how it
fits into a country, and the whole world.
00:21:34.410 --> 00:21:38.860
And all of that being monitored.
But what we found is that
00:21:38.860 --> 00:21:42.850
during the Crypto Wars we thought that we
had won. We thought that we had a way,
00:21:42.850 --> 00:21:46.970
really, to change things. We thought that
with cryptography we would be able
00:21:46.970 --> 00:21:52.260
to change the entire balance. Even if
something like planetary surveillance
00:21:52.260 --> 00:21:55.510
would have come about. And so when
Duncan Campbell released his reports
00:21:55.510 --> 00:21:59.750
about Echelon in the very early 21st
century I think a lot of people weren’t
00:21:59.750 --> 00:22:03.950
as concerned about it as they should
have been. And shortly after that
00:22:03.950 --> 00:22:09.230
the ‘War on Terror’ really got
off to a very, very big start.
00:22:09.230 --> 00:22:13.970
It turns out that we weren’t as concerned
as we should have been in the right areas.
00:22:13.970 --> 00:22:18.270
And we I think can say now, that the first
Crypto Wars were not won and in fact
00:22:18.270 --> 00:22:22.710
the first Crypto Wars were probably
– if anything – lost, or they’re still
00:22:22.710 --> 00:22:29.720
going on now. If we were to delineate that
and we were to talk about as an example,
00:22:29.720 --> 00:22:33.220
the second Crypto Wars, what we would
find is what has actually been happening
00:22:33.220 --> 00:22:38.590
behind the scenes, and, thanks to Edward
Snowden we actually have a great deal
00:22:38.590 --> 00:22:43.530
of answers that we would
probably not have otherwise.
00:22:43.530 --> 00:22:55.730
applause
00:22:55.730 --> 00:23:01.280
Now, it is important to understand
that the context of this
00:23:01.280 --> 00:23:08.519
is the notion that everyone is suspicious.
That we live now in a world of total,
00:23:08.519 --> 00:23:12.820
absolute surveillance which sometimes
misses a thing, here or there.
00:23:12.820 --> 00:23:15.940
But this is the goal: Collect it all!
That’s General Alexander’s notion.
00:23:15.940 --> 00:23:20.759
When he talks about his notion
e.g. about dossiers it’s a trick.
00:23:20.759 --> 00:23:24.730
It’s a rhetorical trick. Because what he
means to say is that now dossiers
00:23:24.730 --> 00:23:29.919
are dynamic. And that this information is
not stored on lists, written down like in,
00:23:29.919 --> 00:23:33.250
let’s say, the 50s. Rather they’re
stored in databases that dynamically
00:23:33.250 --> 00:23:37.700
will generate a list based on a query
from an analyst. “Give me every person
00:23:37.700 --> 00:23:42.770
that went to this website at this time”.
And it of course expands, the notion is
00:23:42.770 --> 00:23:47.020
that somehow this will only be used
against terrorists. But what is a terrorist,
00:23:47.020 --> 00:23:52.060
in this case? In some cases it actually
includes people who are merely involved
00:23:52.060 --> 00:23:57.980
in drugs, and part of that has been
published as part of the JPEL kill lists.
00:23:57.980 --> 00:24:02.660
That is to say: people who are definitely
not terrorists, but who are otherwise
00:24:02.660 --> 00:24:07.850
interesting targets, so there’s a sort of
“bleed over”, and so we see the same thing
00:24:07.850 --> 00:24:11.580
with surveillance and cryptography: It
was for exceptional targets and now it is
00:24:11.580 --> 00:24:18.340
for everyone. And so cryptography came
as a liberator. And that was the idea.
00:24:18.340 --> 00:24:22.880
But just as we showed a little bit ago,
with STELLAR where they targeted engineers
00:24:22.880 --> 00:24:28.179
specifically to have access to the
infrastructure, so, too, we find
00:24:28.179 --> 00:24:34.130
that for cryptography they sabotage
critical infrastructure. We found, in fact,
00:24:34.130 --> 00:24:37.309
so many different interesting things that
00:24:37.309 --> 00:24:41.710
it’s actually hard to talk about
it in only half an hour of time.
00:24:41.710 --> 00:24:45.690
Laura: I’d like to just say, as one of
the journalists who’s been publishing
00:24:45.690 --> 00:24:49.560
on the documents I think that one of the
most both important stories and the
00:24:49.560 --> 00:24:53.700
most unsatisfying stories was the
BULLRUN story that was published
00:24:53.700 --> 00:24:57.530
by The New York Times, and the Guardian,
and ProPublica. Because it did warn us
00:24:57.530 --> 00:25:01.510
of how the NSA was
attacking critical infrastructure
00:25:01.510 --> 00:25:06.169
to make the internet insecure, and
yet it didn’t tell us any specifics of
00:25:06.169 --> 00:25:09.020
what they meant by that. And this is
something that I think frustrated
00:25:09.020 --> 00:25:12.080
many people in the audience, and so…
00:25:12.080 --> 00:25:16.159
applause
00:25:16.159 --> 00:25:19.419
And so the reporting
that Jake’s been doing
00:25:19.419 --> 00:25:21.950
along with Aaron Gibson
and other people…
00:25:21.950 --> 00:25:24.770
Jacob: Christian (?)…
there in the audience.
00:25:24.770 --> 00:25:28.130
Laura: … is to dig in and to find out
what those specifics are so that we can
00:25:28.130 --> 00:25:33.580
actually warn people about what is safe
and what’s not safe in cryptography.
00:25:33.580 --> 00:25:37.750
Jacob: So, we have, let’s say, a little
free time we’re gonna talk about this…
00:25:37.750 --> 00:25:41.880
but I’d like to do some surveys: Who here
uses PPTP? And don’t laugh at them
00:25:41.880 --> 00:25:45.620
when they raise their hand, let
them be honest… who uses it?
00:25:45.620 --> 00:25:47.220
One guy!
laughter
00:25:47.220 --> 00:25:50.299
Ok, well, good news to this audience…
stop doing that, we’re gonna tell you why
00:25:50.299 --> 00:25:55.530
in a second. Laura laughs
Who here uses IPSEC?
00:25:55.530 --> 00:26:00.380
With a pre-shared key?
Fantastic…
00:26:00.380 --> 00:26:03.260
Stop doing that too…
laughter
00:26:03.260 --> 00:26:06.730
Raise your hand if you use SSH!
00:26:06.730 --> 00:26:08.960
even louder laughter
Laura laughs
00:26:08.960 --> 00:26:14.490
Guess what…
laughter, slight applause
00:26:14.490 --> 00:26:19.049
In the documents that we’re publishing
today we are showing in fact a series
00:26:19.049 --> 00:26:24.560
of systems that, if we
understand them correctly…
00:26:24.560 --> 00:26:29.659
I wonder if I should say my next sentence…
I say this only as myself and not as Laura.
00:26:29.659 --> 00:26:34.750
I’d be surprised if some building weren’t
burning, frankly. But… the NSA claims
00:26:34.750 --> 00:26:40.289
to have databases for decryption, or an
attack orchestration for PPTP and IPSEC,
00:26:40.289 --> 00:26:48.710
which is not so surprising at all, but
also for SSL and TLS, and… for SSH.
00:26:48.710 --> 00:26:53.330
They have specific slides where they talk
about the Debian weak number generation.
00:26:53.330 --> 00:26:59.549
This is not that. For what we can tell
they have separate programs for that.
00:26:59.549 --> 00:27:03.880
So they of course have a way through the
cryptographic exploitation services,
00:27:03.880 --> 00:27:07.960
crypto-analysis exploitation services, to
do certain decrypts. Now, they say:
00:27:07.960 --> 00:27:13.460
“We stress: potential!”. It seems to be
there’s a pattern. And the pattern is
00:27:13.460 --> 00:27:19.190
things that are done entirely in software,
in particular, those things as long as
00:27:19.190 --> 00:27:23.690
there’s a good random number generator,
and especially if it is Free Software,
00:27:23.690 --> 00:27:28.820
what we find is that it seems to stand
the test of time. That doesn’t mean
00:27:28.820 --> 00:27:33.340
that it always will, because we found
a couple of things. One of the things
00:27:33.340 --> 00:27:37.460
is that we found that they log the
cipher texts, and that they wait.
00:27:37.460 --> 00:27:42.230
Sometimes to break it with brute-force, so
we are also revealing today the location
00:27:42.230 --> 00:27:46.610
of the two large supercomputers: That is
at Oak Ridge National Laboratories and at
00:27:46.610 --> 00:27:52.419
Fort Meade, for a program called LONGHAUL.
The LONGHAUL I suppose as they
00:27:52.419 --> 00:27:58.980
have named it appropriately, is for their
long haul approach. Combined with things
00:27:58.980 --> 00:28:03.370
like the massive data repository, or the
Mission Data Center, the Mission Data
00:28:03.370 --> 00:28:08.610
repository in places like Bluffdale, Utah.
They plan and do store the cipher texts
00:28:08.610 --> 00:28:12.679
of an unbelievable number of connections.
When you make an SSL / TLS connection
00:28:12.679 --> 00:28:19.480
the GCHQ keeps statistics. The Canadian
CSE keeps statistics. They seem to log
00:28:19.480 --> 00:28:25.440
metadata about the handshake in terms of
TCP/IP, but also in terms of SSL and TLS
00:28:25.440 --> 00:28:29.730
for the actual protocols. That is to say,
they store the cryptographic handshakes,
00:28:29.730 --> 00:28:35.390
and in some cases for specific selected
data they take the entire flow. Now,
00:28:35.390 --> 00:28:40.070
we have found claims that are kind
of amazing: in the case of BULLRUN
00:28:40.070 --> 00:28:43.480
the New York Times and the Guardian,
and the rest of the collaborating
00:28:43.480 --> 00:28:48.120
news organizations have often
left out important details.
00:28:48.120 --> 00:28:51.700
One of the important details which I find
to be the most shocking and upsetting
00:28:51.700 --> 00:28:57.670
is that the British alone by
2010 – was it? – had 832 people
00:28:57.670 --> 00:29:04.620
right into their BULLRUN program. That is
832 people knew about their backdooring
00:29:04.620 --> 00:29:09.529
and sabotage of crypto, just
in the British Service alone.
00:29:09.529 --> 00:29:13.590
And each of the Five-Eyes countries
runs a similar program, like that.
00:29:13.590 --> 00:29:17.679
With potentially similar numbers of
people right into those programs.
00:29:17.679 --> 00:29:21.780
They say something like: “3 people
can keep a secret if 2 are dead”.
00:29:21.780 --> 00:29:27.159
How about 832 British men? I’m not
sure that that’s a really good bet.
00:29:27.159 --> 00:29:31.550
And these guys have bet the farm on it.
That is to say, they have slides and
00:29:31.550 --> 00:29:35.640
presentations and intercepts where
they decrypt SSL, where they discuss
00:29:35.640 --> 00:29:39.550
decrypting SSL at a scale starting in
the tens of thousands, moving into the
00:29:39.550 --> 00:29:43.590
hundreds and millions of thousands.
Hundreds of thousands, and millions, and
00:29:43.590 --> 00:29:48.110
then into billions, actually. For TLS
and SSL they actually have statistics
00:29:48.110 --> 00:29:53.460
on the order of billions. Of all the
major websites that everyone here
00:29:53.460 --> 00:29:58.210
probably has used at one
point or another in their life.
00:29:58.210 --> 00:30:04.010
So, in the case of the Canadian Services
they even monitored ‘Hockeytalk’,
00:30:04.010 --> 00:30:07.439
to give you and idea about this. And they
talk about it in terms of ‘warranted’
00:30:07.439 --> 00:30:11.860
collection, and special source
collection, and encrypted traffic
00:30:11.860 --> 00:30:16.950
indeed does stand out. They have
programs like QUICKANT, which is a
00:30:16.950 --> 00:30:21.450
specific way of interfacing with
a program called FLYING PIG.
00:30:21.450 --> 00:30:25.870
FLYING PIG is an SSL/TLS database,
it’s a knowledge database,
00:30:25.870 --> 00:30:30.040
and QUICKANT seems to be what’s called
a “Query Focused Data Set”. They try
00:30:30.040 --> 00:30:35.529
to use that, from what we can tell,
for doing low latency de-anonymization.
00:30:35.529 --> 00:30:40.199
Some of the documents we’re releasing
today will explain some of their failures.
00:30:40.199 --> 00:30:43.570
Now, I think it’s important to be
cautious about this because they have
00:30:43.570 --> 00:30:48.740
many compartments for their data,
that is to say they very clearly
00:30:48.740 --> 00:30:52.970
have ways of keeping secrets even from
themselves. But one of the things we found,
00:30:52.970 --> 00:30:56.960
and that we’re publishing today also,
is a FISA intercept. And to the best
00:30:56.960 --> 00:31:01.260
of my knowledge, and I think that this is
true, no one has ever published one
00:31:01.260 --> 00:31:05.740
of these before. So, this is the basis for
what you would call ‘parallel construction’,
00:31:05.740 --> 00:31:09.030
actually, where they gather Intelligence
and then they say, “whatever you do,
00:31:09.030 --> 00:31:12.880
don’t use this in lawful investigation,
don’t use this in a court,
00:31:12.880 --> 00:31:18.080
it’s not evidence. But by the way,
here it is”. So we’re publishing
00:31:18.080 --> 00:31:23.250
one of those today and we have
some, well, moderately good news.
00:31:23.250 --> 00:31:27.350
In looking at these, what we have
found is that they consistently break
00:31:27.350 --> 00:31:31.130
various different types of encryption.
So if you’re mailing around a Microsoft
00:31:31.130 --> 00:31:34.970
.doc document that’s password protected
there’s a good chance that they
00:31:34.970 --> 00:31:40.040
send it to LONGHAUL using a thing
called ISLANDTRANSPORT and then that,
00:31:40.040 --> 00:31:45.549
if it can, through brute-force, is
decrypted. And it is the case
00:31:45.549 --> 00:31:49.490
that, when they do this decryption,
they send it back and they include
00:31:49.490 --> 00:31:53.820
the decrypted information in the FISA
transcript. They do this for .rar files,
00:31:53.820 --> 00:31:58.100
they do this for .doc files, they do this
for a bunch of different systems. But we
00:31:58.100 --> 00:32:01.179
don’t want to focus on what’s broken
because The New York Times and
00:32:01.179 --> 00:32:04.920
The Guardian and other places have
already sort of said “everything is fucked”.
00:32:04.920 --> 00:32:08.280
We wanted to try to
make it a positive talk!
00:32:08.280 --> 00:32:17.760
laughter and applause
00:32:17.760 --> 00:32:23.930
And… so I think Laura here is just
going to be able to show you in fact…
00:32:23.930 --> 00:32:26.810
Laura: If it will play…
00:32:26.810 --> 00:32:34.670
Jacob: Just drag it over… the other way…
00:32:34.670 --> 00:32:39.570
So we wanted to show you… who here
has heard about PRISM? Everyone?
00:32:39.570 --> 00:32:42.220
What does that mean to you? It doesn’t
mean anything, right? We just know
00:32:42.220 --> 00:32:45.620
that it’s some massive surveillance
program. We wanted to show you what
00:32:45.620 --> 00:32:53.520
one of those PRISM records actually
looks like which, in itself is, I think…
00:32:53.520 --> 00:32:56.470
Laura: Sorry.
Jacob: It’s okay.
00:32:56.470 --> 00:33:00.659
…it’s a rather unexciting document, except
for the fact that we get to show it to you.
00:33:00.659 --> 00:33:04.920
Which is great. [to Laura:]
I think if you escape for the…
00:33:04.920 --> 00:33:14.890
Laura: …escape out of here?
00:33:14.890 --> 00:33:18.950
Jacob: There it is. Hey FBI, fuck you!
00:33:18.950 --> 00:33:29.780
laughter and applause
00:33:29.780 --> 00:33:33.270
So I take great pleasure in being able to
say that this couldn’t have happened
00:33:33.270 --> 00:33:42.630
without Laura!
cheers and applause
00:33:42.630 --> 00:33:48.049
But if you look here you see
‘SIGAD US-984XN’. That’s PRISM!
00:33:48.049 --> 00:33:53.620
And this is your dossier for PRISM.
some shouts from audience
00:33:53.620 --> 00:33:57.409
From audience: “O3”, “Larger!”
Laura: Yeah.
00:33:57.409 --> 00:34:00.470
audience laughs
document on screen is zoomed in
00:34:00.470 --> 00:34:05.140
audience goes: “Aaaah!”
cheers and applause
00:34:05.140 --> 00:34:08.480
And if you’re wondering about the
redactions, it’s all Andy Müller-Maguhn.
00:34:08.480 --> 00:34:12.730
slight laughter
Shouted from audience: Fuck you!!
00:34:12.730 --> 00:34:15.289
Jacob laughs
00:34:15.289 --> 00:34:19.659
Jacob: Here’s the good news! The FBI
regularly lies to the American Public.
00:34:19.659 --> 00:34:22.289
And to the rest of the world.
Then they say they’re ‘going dark’.
00:34:22.289 --> 00:34:25.899
What we found in the study of these
FISA intercepts is that basically
00:34:25.899 --> 00:34:31.059
no one uses cryptography. And basically
everyone that uses cryptography is broken,
00:34:31.059 --> 00:34:37.629
except for – well, let’s say –
2 things. Thing No.1 is OTR.
00:34:37.629 --> 00:34:48.819
big applause and cheers
00:34:48.819 --> 00:34:51.599
Very important to go with it is you’ll
notice that there’s some metadata.
00:34:51.599 --> 00:34:54.989
And it’s just metadata. But as the U.S.
Government has said in public, they
00:34:54.989 --> 00:35:00.700
kill people with metadata. So up there
you’ll see that, I believe this was Yahoo,
00:35:00.700 --> 00:35:03.500
is that right, Andy?
Andy M.-M. answers from audience
00:35:03.500 --> 00:35:07.880
Yeah, I think… it could be Gmail, or could
be Yahoo, I forgot which one this one is.
00:35:07.880 --> 00:35:11.349
We’re releasing, you know, enough
for you to figure it out on your own.
00:35:11.349 --> 00:35:15.119
Hopefully this isn’t you, if so, I’m
sorry we redacted your information.
00:35:15.119 --> 00:35:18.999
Cause if it was me I wouldn’t want it to
be redacted. But you’ll see that it’s
00:35:18.999 --> 00:35:24.170
a user name, IP address as well as
a time and a date. And you also see
00:35:24.170 --> 00:35:28.650
other IP addresses associated with it. Those
are used for selector-based surveillance.
00:35:28.650 --> 00:35:32.569
Which if you haven’t been following along
at home it means that they can take
00:35:32.569 --> 00:35:35.769
that information, put it into other
databases, and the things like XKeyscore,
00:35:35.769 --> 00:35:40.900
and pull up other information that will be
related. But most importantly here is,
00:35:40.900 --> 00:35:45.619
you see what is essentially a chat log. As
if it had been created on your computer.
00:35:45.619 --> 00:35:50.979
Now, don’t log – it’s rude. They did it
for you anyway. And what you see is
00:35:50.979 --> 00:35:55.449
“OC – No decrypt available for
this OTR encrypted message”.
00:35:55.449 --> 00:36:00.459
In other documents we see them saying
“cryptographic exploitation services”.
00:36:00.459 --> 00:36:06.589
“We can’t decrypt it, it’s off the
record”. Quite a nice endorsement!
00:36:06.589 --> 00:36:12.840
And what we have also found is
that they do the same thing for PGP.
00:36:12.840 --> 00:36:23.719
applause
00:36:23.719 --> 00:36:28.220
Now in other cases they do decrypt the
messages. So instead of telling you
00:36:28.220 --> 00:36:32.950
about everything “It’s broken!”
what we wanted to do is to suggest:
00:36:32.950 --> 00:36:37.770
“Look at the composition of OTR, find
Ian Goldberg who’s here somewhere,
00:36:37.770 --> 00:36:41.569
ask him to review your cryptographic
protocol”. Maybe don’t – he’s probably
00:36:41.569 --> 00:36:47.819
already overwhelmed. But Snowden said
this in the very beginning. He said:
00:36:47.819 --> 00:36:50.849
“Cryptography, when properly implemented,
is one of the few things that you can
00:36:50.849 --> 00:36:56.549
rely upon”. And he’s right. And we
see this. This is the message.
00:36:56.549 --> 00:37:01.319
These things are not to be used in legal
proceedings. And yet here we see them
00:37:01.319 --> 00:37:06.039
anyway. And what we see is that even
there, in the most illegal of settings,
00:37:06.039 --> 00:37:11.499
essentially, they can’t decrypt it. Now the
sad part is that not everyone is using it.
00:37:11.499 --> 00:37:14.719
But the good news is that when you use it,
it appears to work. When you verify
00:37:14.719 --> 00:37:18.569
the fingerprint, e.g. We didn’t find
evidence of them doing active attacks
00:37:18.569 --> 00:37:22.709
to do man-in-the-middle attacks. But
that’s easy to solve. OTR allows you
00:37:22.709 --> 00:37:28.220
to authenticate. PGP and Gnu-PG allow
you to verify the fingerprint. We did find
00:37:28.220 --> 00:37:32.380
evidence of them having databases, filled
with cryptographic keys, that were pilfered
00:37:32.380 --> 00:37:37.940
from routers, and compromising machines.
So rotate your keys frequently,
00:37:37.940 --> 00:37:42.869
use protocols that are ephemeral. They
themselves find that they are blinded
00:37:42.869 --> 00:37:47.729
when you use properly implemented
cryptography. So Gnu-PG
00:37:47.729 --> 00:37:53.190
– Werner Koch I think is in the audience –
Gnu-PG and OTR are 2 things that
00:37:53.190 --> 00:37:57.722
actually stop the spies from
spying on you, with PRISM.
00:37:57.722 --> 00:38:01.912
applause, some cheers
00:38:01.912 --> 00:38:09.699
Laura: to Jake Would you mind if I ask…
for a volunteer to … computers …?
00:38:09.699 --> 00:38:13.950
Jacob: So, we have some other really
good news. And that good news
00:38:13.950 --> 00:38:21.139
is this: There are… in some of the
slides that are being released
00:38:21.139 --> 00:38:24.119
a matrix – not ‘the Matrix’
that you’re hoping for –
00:38:24.119 --> 00:38:26.170
laughter
00:38:26.170 --> 00:38:31.860
but we can talk about that program later
laughter
00:38:31.860 --> 00:38:39.000
I’m not even joking. But…
laughter
00:38:39.000 --> 00:38:43.339
There are some other things. One of the
things that they talk about in this matrix
00:38:43.339 --> 00:38:48.510
is, what’s hard, and what’s easy.
And in the case of ‘Hard’
00:38:48.510 --> 00:38:55.180
they describe Redphone, and that means
Signal, the program by Christine Corbett
00:38:55.180 --> 00:39:02.829
and Moxy Marlinspike as ‘catastrophic’.
applause
00:39:02.829 --> 00:39:07.129
They say: “Tails and Tor – catastrophic”.
00:39:07.129 --> 00:39:15.680
cheers and applause
00:39:15.680 --> 00:39:19.079
So what that really means is that we
now understand some things that
00:39:19.079 --> 00:39:24.119
they have trouble with. And how they
will take action to try to sabotage it
00:39:24.119 --> 00:39:27.299
is clear. They will try to sabotage the
Random Number Generators like they did
00:39:27.299 --> 00:39:31.789
with Dual_EC_DRBG. They will
try to sabotage the platforms.
00:39:31.789 --> 00:39:35.900
They will try to force companies to be
complicit. I think the German word is
00:39:35.900 --> 00:39:40.390
‘Gleichschaltung’. You’re all familiar:
with that? That is the process that is
00:39:40.390 --> 00:39:45.430
happening now in America. With these
crypto programs. That’s what PRISM is.
00:39:45.430 --> 00:39:49.410
PRISM is when companies would like
to fight against it. And that’s not to
00:39:49.410 --> 00:39:53.369
call them ‘victims’, most of them are
willing. This is still what they’re
00:39:53.369 --> 00:39:56.640
forced into. That is the legal regime.
And it is when you take responsibility
00:39:56.640 --> 00:40:00.200
using the strong crypto that you can
set that in a different direction.
00:40:00.200 --> 00:40:04.170
Those companies actually can’t really
protect you. They are, in fact,
00:40:04.170 --> 00:40:11.109
secretly in some cases, and sometimes
willingly, complicit in that. And, so
00:40:11.109 --> 00:40:15.569
if you use Redphone and Signal, if you
use something like Tor, and Gnu-PG
00:40:15.569 --> 00:40:20.269
with a properly sized key – don’t
use like a 768 bit RSA key
00:40:20.269 --> 00:40:24.280
or something stupid like that…
If you use OTR,
00:40:24.280 --> 00:40:29.829
if you use jabber.ccc.de – buy that guy
who runs that a beer, by the way –
00:40:29.829 --> 00:40:30.769
applause
00:40:30.769 --> 00:40:35.390
if you use these things in concert
together, you blind them.
00:40:35.390 --> 00:40:37.880
So this is the good news. And the
documents that support this
00:40:37.880 --> 00:40:42.499
are online. We have some other bad
news, though. There exists a program
00:40:42.499 --> 00:40:47.119
which they call ‘TUNDRA’. TUNDRA – it’s
not exactly clear what the details are.
00:40:47.119 --> 00:40:52.859
But they say that they have a handful
of crypto-analytic attacks on AES.
00:40:52.859 --> 00:40:56.949
Obviously they can’t break AES, or
they would be able to break OTR.
00:40:56.949 --> 00:41:01.039
But what it suggests is that they
have a conflict of interest.
00:41:01.039 --> 00:41:04.509
Well, they’re both supposed
to protect our information
00:41:04.509 --> 00:41:08.859
and, of course, to exploit it. If they
have attacks against AES, much like
00:41:08.859 --> 00:41:12.479
if they have attacks against SSH as they
claim in the Caprius database,
00:41:12.479 --> 00:41:16.679
in that program then it shows that
conflict of interest runs very deep.
00:41:16.679 --> 00:41:19.690
Against our critical infrastructure.
Against the most important systems
00:41:19.690 --> 00:41:25.150
that exist. Protect our data. And it
shows a sort of hegemonic arrogance.
00:41:25.150 --> 00:41:28.669
And that arrogance is to suggest that
they’ll always be on top. I had
00:41:28.669 --> 00:41:32.640
the misfortune of meeting General
Alexander, quite recently. In Germany.
00:41:32.640 --> 00:41:39.279
And after failing to have him arrested,
which was a funny story in itself,
00:41:39.279 --> 00:41:43.769
I asked him what he thought he was doing.
Another person there stood up and said:
00:41:43.769 --> 00:41:48.549
“What about who comes after you next?” And
he didn’t quite understand the question.
00:41:48.549 --> 00:41:53.130
But his answer was pretty eerie: He
said: “Nobody comes after us next”.
00:41:53.130 --> 00:41:56.529
faint laughter
00:41:56.529 --> 00:42:00.349
“Thousand-year Reich”. That is
exactly what he was saying. And
00:42:00.349 --> 00:42:03.920
when I confronted him about accountability
for things like kill lists, and crypto
00:42:03.920 --> 00:42:07.849
he said that he was just
following orders. Literately.
00:42:07.849 --> 00:42:11.829
laughter and some applause
00:42:11.829 --> 00:42:16.559
So. Now we know what blinds
them. And we understand
00:42:16.559 --> 00:42:20.450
what they do with things when they’re
not blinded. Their politics include
00:42:20.450 --> 00:42:24.660
assassinations but it doesn’t just
end there. It includes torture,
00:42:24.660 --> 00:42:29.650
it includes kidnapping. It includes buying
people. And then sending their bodies home
00:42:29.650 --> 00:42:35.319
with a number. Instead of a name.
It includes de-humanizing them.
00:42:35.319 --> 00:42:39.359
So we want to encourage everyone here to
feel empowered with this knowledge,
00:42:39.359 --> 00:42:45.280
which is a little difficult. But, Werner
Koch, are you in the room?
00:42:45.280 --> 00:42:47.710
positive
Could you stand up?
00:42:47.710 --> 00:42:53.090
applause
00:42:53.090 --> 00:42:56.860
Stay, stand there, just
stay, stand there!
00:42:56.860 --> 00:43:01.509
Laura: Stay up, stand up!
Jacob: And Ian Goldberg,
00:43:01.509 --> 00:43:03.509
are you in the room?
I’m sorry to do this…
00:43:03.509 --> 00:43:11.979
There is Ian!
ongoing applause
00:43:11.979 --> 00:43:15.410
…and Christine Corbett…
Christine Corbett, are you in the room?
00:43:15.410 --> 00:43:18.669
From Signal?
Laura: Stay… keep standing!
00:43:18.669 --> 00:43:23.930
Jacob: Stand up! Stand up!
applause
00:43:23.930 --> 00:43:29.719
These people, without even knowing it,
without even trying, they beat them!
00:43:29.719 --> 00:43:47.219
cheers and strong applause
00:43:47.219 --> 00:43:56.499
Laura: So,…
00:43:56.499 --> 00:44:00.470
don’t sit down guys! So,
last night I screened my film
00:44:00.470 --> 00:44:03.499
“Citizenfour” here, and there were some
questions, and somebody asked
00:44:03.499 --> 00:44:10.219
what can they do to support the work that
Snowden has done, and the journalists.
00:44:10.219 --> 00:44:13.219
And actually what I should have said
and I didn’t say in the moment is that
00:44:13.219 --> 00:44:17.910
actually everybody should fund the work
that you guys do. And I mean that,
00:44:17.910 --> 00:44:22.630
because, literally, my work would not be
possible without the work that you do.
00:44:22.630 --> 00:44:27.589
So I would like it if everybody in this
room when they leave here in the next week
00:44:27.589 --> 00:44:31.039
to reach out and fund these projects.
Because without these projects
00:44:31.039 --> 00:44:38.259
the journalism that Glenn and I, and Jake
have done would literally not be possible.
00:44:38.259 --> 00:44:49.529
strong applause, some cheers
00:44:49.529 --> 00:44:58.509
And…
00:44:58.509 --> 00:45:02.130
Jacob: Just to be clear, since this video
will definitely be played at a grand jury
00:45:02.130 --> 00:45:06.009
against the both of us, I wanna make
it perfectly clear that defense
00:45:06.009 --> 00:45:10.410
of the U.S. Constitution is the Supreme
defense, your honor! And, secondly,
00:45:10.410 --> 00:45:13.420
that those gentlemen had nothing
to do with any of this at all!
00:45:13.420 --> 00:45:16.479
laughter, some applause
00:45:16.479 --> 00:45:21.020
So, now, hold your applause, I’m sorry.
I mean – they deserve it forever.
00:45:21.020 --> 00:45:24.819
If it wasn’t for them we definitely would
not have made it here today. So it is
00:45:24.819 --> 00:45:29.029
Free Software. For freedom, literately,
as Richard Stallman talks about it.
00:45:29.029 --> 00:45:32.699
Empowered, with strong mathematics,
properly implemented
00:45:32.699 --> 00:45:37.319
that made this possible. It is not
hopeless. It is, in fact, the case
00:45:37.319 --> 00:45:40.939
that resistance is possible. And, in fact,
I think the CCC… If I have learned
00:45:40.939 --> 00:45:45.299
one lesson from the Chaos
Computer Club and this community –
00:45:45.299 --> 00:45:50.380
it’s that it’s mandatory. That we have
a duty to do something about these things.
00:45:50.380 --> 00:45:54.589
And we can do something about it.
So what we need to recognize,
00:45:54.589 --> 00:45:58.740
and what I hope that we can bring
to you is that there is great risk,
00:45:58.740 --> 00:46:02.180
for Laura, in particular. In making
these kinds of things possible.
00:46:02.180 --> 00:46:05.559
But that we are in it together.
When Julian and I gave a talk
00:46:05.559 --> 00:46:08.909
with Sarah Harrison last year, and we
talked about “Sysadmins of the world,
00:46:08.909 --> 00:46:13.409
uniting” we didn’t just mean
sysadmins. We meant:
00:46:13.409 --> 00:46:17.819
recognize your class interests, and
understand that this is the community
00:46:17.819 --> 00:46:22.979
that you are a part of. At least a small
part of. And that we’re in it together.
00:46:22.979 --> 00:46:27.890
We need people like Christine Corbett,
working on Signal. We need people
00:46:27.890 --> 00:46:32.569
like Ian Goldberg breaking protocols and
building things like OTR. And Werner Koch.
00:46:32.569 --> 00:46:36.769
We need Adam Langley building things
like Pond. But we need everybody to do
00:46:36.769 --> 00:46:41.009
whatever they can to help with these
things. It requires everyone; and
00:46:41.009 --> 00:46:45.200
every skill is valuable to contribute to
that. From all the people that work on Tor
00:46:45.200 --> 00:46:50.259
to people that work on Debian. That work
on free software, for freedom, literately.
00:46:50.259 --> 00:46:55.329
So what we wanted to do was to say that we
should align with these class interests.
00:46:55.329 --> 00:46:58.920
And that we should recognize them. And
that we should work together to do that.
00:46:58.920 --> 00:47:03.339
And it is this community who can help
to really change things in the rest
00:47:03.339 --> 00:47:06.640
of the world. Because it is in fact only
this community and some of the people
00:47:06.640 --> 00:47:11.529
in this room, and around the world to tie
in to it, that have blinded these people!
00:47:11.529 --> 00:47:15.849
Everyone else seems to have
either gone complicitly;
00:47:15.849 --> 00:47:19.559
or they have designed it
incompetently and broken,
00:47:19.559 --> 00:47:23.869
and it is not good. So that
is important to recognize.
00:47:23.869 --> 00:47:28.049
Every person, if you are here you are
out of a small set of people in the world,
00:47:28.049 --> 00:47:32.249
use that power wisely. Help these people
to do that. And that will help us all
00:47:32.249 --> 00:47:35.999
to continue. Not only to reveal these
things but to fundamentally shift
00:47:35.999 --> 00:47:41.140
and change that. For everyone, for the
whole planet. Without any exception.
00:47:41.140 --> 00:47:44.770
So, on that note we’d like
to take some questions!?
00:47:44.770 --> 00:47:46.290
Laura: Yeah!
00:47:46.290 --> 00:48:01.739
strong applause and cheers
00:48:01.739 --> 00:48:05.129
Herald waving at the speakers
to approach stage center
00:48:05.129 --> 00:48:16.949
standing ovations
00:48:16.949 --> 00:48:22.049
Herald gently pushing the
speakers to stage center
00:48:22.049 --> 00:48:48.379
continued standing ovations
00:48:48.379 --> 00:49:01.739
Laura: Thank you!
continued standing ovations
00:49:01.739 --> 00:49:04.739
Jacob: Wow!
Herald: So, everybody who has a question
00:49:04.739 --> 00:49:09.599
please stand in front of
one of the 6 microphones
00:49:09.599 --> 00:49:14.299
that are in this room, and,
Signal Angel? Are you there?
00:49:14.299 --> 00:49:18.519
Signal Angel: Yeah, I’m here!
Herald: Are there questions from the internet?
00:49:18.519 --> 00:49:22.510
Signal Angel: Yeah, so the first one would
be: What should we do about SSH now?
00:49:22.510 --> 00:49:25.819
laughter
Laura laughs
00:49:25.819 --> 00:49:28.069
Jacob: Well,
to Laura: shall I?
00:49:28.069 --> 00:49:32.119
Laura: Yeah.
Jacob: I wanna be clear.
00:49:32.119 --> 00:49:36.859
We don’t understand, we only know what
they claim. And I don’t wanna hide that
00:49:36.859 --> 00:49:41.199
and say that they didn’t claim anything.
But they do have claim. They claim
00:49:41.199 --> 00:49:46.259
it as potential. What I would say is:
what about these NIST curves?
00:49:46.259 --> 00:49:51.430
What about NIST-anything? The documents
that we’ve released specifically talk
00:49:51.430 --> 00:49:55.079
about something that’s very scary.
They say that it is Top Secret,
00:49:55.079 --> 00:49:59.119
in a classification guide, that the
NSA and the CIA work together
00:49:59.119 --> 00:50:02.869
to subvert standards. And we even released
as part of the story an example of them
00:50:02.869 --> 00:50:08.180
going – the NSA, that is –
to an IETF meeting
00:50:08.180 --> 00:50:12.359
to enhance surveillance
with regard to Voice-over-IP.
00:50:12.359 --> 00:50:16.949
They’re literally amongst us. So
what do we do? First, find them.
00:50:16.949 --> 00:50:20.009
Second, stop them!
mumbles and faint applause
00:50:20.009 --> 00:50:23.539
Question: Thank you!
Herald: Microphone 2, please!
00:50:23.539 --> 00:50:26.180
Question: Can you talk about, do you
plan on releasing the source material,
00:50:26.180 --> 00:50:29.239
eventually? Or will it always be redacted?
00:50:29.239 --> 00:50:33.999
Jacob: Well, some of this is already
out right now, without redactions.
00:50:33.999 --> 00:50:37.720
With the exception of
very few sets of redactions.
00:50:37.720 --> 00:50:41.480
For agent’s names, and things where
legally… we will go to prison. I mean,
00:50:41.480 --> 00:50:43.630
I’m not adverse to that.
But I’d like to wait a while.
00:50:43.630 --> 00:50:46.440
laughter
00:50:46.440 --> 00:50:48.519
Question: What about
in 15..20 year’s time?
00:50:48.519 --> 00:50:51.509
Laura: Yeah, I mean, I think there
are 2 questions there as how to…
00:50:51.509 --> 00:50:54.390
scaling (?) the reporting. But I agree,
it needs to happen. And I think
00:50:54.390 --> 00:50:57.710
it’s a valid criticism. I need to do more
of it. I think certain things, I think,
00:50:57.710 --> 00:51:01.450
will… I would say should continue to
be redacted, at least for the short term.
00:51:01.450 --> 00:51:03.959
Which I think is like there are a lot of
names, you know, e-mail addresses,
00:51:03.959 --> 00:51:07.150
phone numbers. All these kinds of
specifics, I think, we’ll continue to redact.
00:51:07.150 --> 00:51:10.910
And then we’re working on scaling.
I haven’t really had time to think about
00:51:10.910 --> 00:51:14.440
15 years from now. So, but of
course, I think at some point
00:51:14.440 --> 00:51:18.299
this questions-of-names becomes
less of an issue. But I do here
00:51:18.299 --> 00:51:20.890
the criticism that we need
to be doing more publishing!
00:51:20.890 --> 00:51:25.439
Jacob: If we live that long! I hope
you’ll help us! Laura laughs
00:51:25.439 --> 00:51:28.769
Next question?
Herald: Next question from the internet, please!
00:51:28.769 --> 00:51:32.119
Signal Angel: So how reliable
is this source on OTR,
00:51:32.119 --> 00:51:35.560
can that be verified with
a second source, somehow?
00:51:35.560 --> 00:51:38.869
Jacob: Well, I think that’s
a really good question.
00:51:38.869 --> 00:51:42.559
From what we know, cryptographically,
OTR which has been analyzed
00:51:42.559 --> 00:51:46.400
by a number of people hasn’t been broken.
00:51:46.400 --> 00:51:49.700
And what it appears to be the
case in these FISA intercepts,
00:51:49.700 --> 00:51:54.180
alone, that is one set of things. Where
they produce one set of evidence
00:51:54.180 --> 00:51:58.699
from one set of people. And there are
other documents, from a different section,
00:51:58.699 --> 00:52:03.519
from different agencies, that essentially
say something completely the same.
00:52:03.519 --> 00:52:09.390
That is: Everything we see seems
to support that. And I would say
00:52:09.390 --> 00:52:13.180
maybe Julian is not the best
example of how great OTR is.
00:52:13.180 --> 00:52:17.599
But I think I am. I rely on it every day
for almost all of my communications.
00:52:17.599 --> 00:52:22.049
And I feel pretty confident, combined
with this, as well as talking with people
00:52:22.049 --> 00:52:26.209
in the Intelligence community
who actually use OTR, and PGP,
00:52:26.209 --> 00:52:30.409
amazingly enough. So I feel
pretty good about it. And
00:52:30.409 --> 00:52:34.959
the most important part is that they don’t
have super powers. They have backdoors.
00:52:34.959 --> 00:52:39.590
E.g. I really would encourage people
to look at the Cavium (?) hardware.
00:52:39.590 --> 00:52:43.460
I don’t really know why. But it seems
to be that they’re obsessed with this.
00:52:43.460 --> 00:52:46.920
And you can look at the documents and
you can see that. Look at the hardware.
00:52:46.920 --> 00:52:51.059
Crypto hardware. And imagine that it’s
compromised. They spend tens of millions
00:52:51.059 --> 00:52:54.739
of Dollars to backdoor these things. And
they work with agencies around the world
00:52:54.739 --> 00:52:59.329
to make that happen. So, would make
sense that OTR would be safe, actually.
00:52:59.329 --> 00:53:02.519
It doesn’t interface with any hardware.
And it would make sense because the math
00:53:02.519 --> 00:53:08.859
seems to be good. And it seems to be vetted.
And that seems to be their weakness.
00:53:08.859 --> 00:53:13.539
Question: Thanks.
Herald: Number 4, please!
00:53:13.539 --> 00:53:16.469
Question: Hello. I have… actually, it may
be a little odd question. But I wanted
00:53:16.469 --> 00:53:22.009
to ask it anyway. Regarding the
term ‘War on Terror’ in general.
00:53:22.009 --> 00:53:26.769
Because all of these things, the
Torture Report, the NSA spying,
00:53:26.769 --> 00:53:31.469
is all being done in the name of
the ‘War on Terror’. Even though
00:53:31.469 --> 00:53:35.319
we know a number of the people who were
tortured were innocent and were in no way
00:53:35.319 --> 00:53:41.619
terrorists. We know torture does not
work as an interrogation method.
00:53:41.619 --> 00:53:45.380
And we know a vast majority of the people
who are being spied on are completely
00:53:45.380 --> 00:53:50.329
innocent and did nothing wrong. And
I wanted to know whether maybe we might
00:53:50.329 --> 00:53:54.689
actually be inadvertently lending (?) an
amount of credibility to the whole thing
00:53:54.689 --> 00:53:59.759
by using the term
‘War on Terror’ in the first place.
00:53:59.759 --> 00:54:02.560
Laura: Yeah, I mean, actually, I think…
Right, we’re talking about ‘Reconstructing
00:54:02.560 --> 00:54:05.579
Narratives’, and that’s maybe one we
should binoc (?). This is really the
00:54:05.579 --> 00:54:09.969
‘War on pretty much Everyone’.
And so, I agree with that.
00:54:09.969 --> 00:54:13.740
I think… and I stopped using it for
a long time. I think that I began
00:54:13.740 --> 00:54:17.699
re-using it, I think,
when nothing changed.
00:54:17.699 --> 00:54:20.400
And, in fact, I think I was one of those
people who thought things were changed
00:54:20.400 --> 00:54:23.299
under Obama. And there would be some
accountability, like if you torture people
00:54:23.299 --> 00:54:27.500
you’re held accountable for torturing
people. And then there didn’t. So,
00:54:27.500 --> 00:54:30.710
yeah, I agree, we need a new term for that
to describe… Mainly, (?) some people are
00:54:30.710 --> 00:54:35.509
calling it the ‘Endless War’, which
I hope is that isn’t actually true.
00:54:35.509 --> 00:54:39.049
But I do think that that’s a term that
00:54:39.049 --> 00:54:44.159
comes with the narrative
of the Government.
00:54:44.159 --> 00:54:47.349
Jacob: I think, because I’ve been living in
Germany for a while I actually don’t use
00:54:47.349 --> 00:54:50.999
the ‘War on Terror’ as a sentence,
ever. I say ‘Imperialist War’.
00:54:50.999 --> 00:54:54.359
Because that’s what it is. It’s Imperialist
war. And it’s an Imperialist war on you,
00:54:54.359 --> 00:54:58.449
as a person, your liberties. It’s not
about privacy. It’s about choice.
00:54:58.449 --> 00:55:02.349
It’s about dignity. It’s about agency.
And of course, I mean these guys
00:55:02.349 --> 00:55:06.519
are murderers and rapists. We
shouldn’t dignify them. I mean they’re
00:55:06.519 --> 00:55:10.299
absolutely awful. The Torture Report
really shows that. But it doesn’t matter
00:55:10.299 --> 00:55:15.359
that torture doesn’t work. That’s like
– as is often said – you know this notion
00:55:15.359 --> 00:55:20.540
like, what (?) is slavery economically
viable? Who fucking cares? It’s slavery!
00:55:20.540 --> 00:55:29.710
applause
Question: Thank you!
00:55:29.710 --> 00:55:32.290
Herald: Number 1, please!
00:55:32.290 --> 00:55:35.890
Question: Do you think, since it’s
kind of obvious, that we should reject,
00:55:35.890 --> 00:55:41.130
or mostly reject, the projects that are
influenced by Governmental Institutions
00:55:41.130 --> 00:55:45.859
like NIST? Do you have any
information to how they react
00:55:45.859 --> 00:55:50.329
when they see that you use
smaller projects like e.g. Paths (?)
00:55:50.329 --> 00:55:56.769
to encrypt your harddrive,
and some odd crypto scheme?
00:55:56.769 --> 00:56:00.049
Jacob: Well, one of the things
we found is that Truecrypt, e.g.
00:56:00.049 --> 00:56:04.179
withstands what they’re trying to do.
And they don’t like it. I really wonder
00:56:04.179 --> 00:56:08.739
if someone could figure out why Truecrypt
shut down. That would be really interesting.
00:56:08.739 --> 00:56:15.850
applause
00:56:15.850 --> 00:56:19.880
I can also tell you that after I met
General Alexander, and I told him
00:56:19.880 --> 00:56:23.589
to go fuck himself as hard as
possible with a chainsaw…
00:56:23.589 --> 00:56:29.470
whoohoo’s, cheers and applause
00:56:29.470 --> 00:56:32.190
I hope he’s watching this video!
laughter
00:56:32.190 --> 00:56:37.449
He actually went to, let’s say my
employer who shall remain anonymous
00:56:37.449 --> 00:56:42.659
someone in the audience laughs
and, … sorry Roger!
00:56:42.659 --> 00:56:45.779
laughter
…and my understanding is they also
00:56:45.779 --> 00:56:49.929
went to our funders, and said:
“What’s this guy? What’s he doing?”,
00:56:49.929 --> 00:56:54.740
you know, and they tried to pressure. And
my employer, who shall remain anonymous,
00:56:54.740 --> 00:56:59.050
did not cave. But, yeah,
they exert pressure!
00:56:59.050 --> 00:57:07.460
applause
00:57:07.460 --> 00:57:10.479
Herald: Another question
from the internet, please!
00:57:10.479 --> 00:57:16.609
Signal Angel: Yeah, so, these files
are pretty shocking, or revealing.
00:57:16.609 --> 00:57:19.400
Were they part of the stuff that
came out in summer last year?
00:57:19.400 --> 00:57:24.629
And where was the bottleneck?
Why do they come out now?
00:57:24.629 --> 00:57:26.150
Jacob: Oh that’s a question for you!
00:57:26.150 --> 00:57:29.670
Laura: Yeah! So in this case
00:57:29.670 --> 00:57:33.990
this was a number of reasons. One is
00:57:33.990 --> 00:57:37.360
that we’ve been slowed
to scale the reporting.
00:57:37.360 --> 00:57:40.509
And it was also the case
that some of the files
00:57:40.509 --> 00:57:43.600
I personally didn’t have
access to, during that time
00:57:43.600 --> 00:57:47.539
when the story actually first
came out. And then also
00:57:47.539 --> 00:57:54.489
just the time of reporting and
researching the documents.
00:57:54.489 --> 00:57:57.239
Herald: Number 3, please!
00:57:57.239 --> 00:58:01.069
Question: Thanks for the talk! It was
great! I support totally the idea that
00:58:01.069 --> 00:58:06.519
we need strong crypto. And I think that
00:58:06.519 --> 00:58:08.840
strong crypto needs also support,
and we should all use it. But I think
00:58:08.840 --> 00:58:12.390
strong crypto is not the whole
answer to the political situation
00:58:12.390 --> 00:58:15.229
that we have. And I think…
00:58:15.229 --> 00:58:21.259
applause
00:58:21.259 --> 00:58:25.859
…I think that this community of
hackers and nerds needs to build
00:58:25.859 --> 00:58:29.650
stronger ties with political movements
and be part of political movements.
00:58:29.650 --> 00:58:33.809
I know you are, and I think that
we can’t solve the political dilemma
00:58:33.809 --> 00:58:37.329
with just strong crypto. So we need both.
00:58:37.329 --> 00:58:45.539
applause
00:58:45.539 --> 00:58:47.660
Herald: And another
question from the internet!
00:58:47.660 --> 00:58:50.949
No more questions from the
internet. So, number 3, please!
00:58:50.949 --> 00:58:54.830
Question: Yes, thank you also very much
for the talk. I want to ask a question
00:58:54.830 --> 00:58:58.880
about Citizenfour, and especially the
ending, of Citizenfour, where there’s
00:58:58.880 --> 00:59:05.079
a strong suggestion that army base here
in Germany, called Ramstein is essential
00:59:05.079 --> 00:59:10.710
in these killings that you addressed
tonight. What would be your… like,
00:59:10.710 --> 00:59:15.520
are you gonna give more information
that’s not just suggestional? And
00:59:15.520 --> 00:59:20.319
what would you want, like, especially
this audience to engage in?
00:59:20.319 --> 00:59:24.470
Laura: I mean, so, there is gonna
be more reporting on that topic
00:59:24.470 --> 00:59:29.220
that I’m working with, and my colleague
Jeremy Scahill, at the Intercept.
00:59:29.220 --> 00:59:32.740
And unfortunately I can’t say more
than that, other than, we will be
00:59:32.740 --> 00:59:36.440
coming out with more information that
will go beyond what you see in the film.
00:59:36.440 --> 00:59:41.549
So, for sure. And it deals with
how Ramstein is part of the
00:59:41.549 --> 00:59:44.709
infrastructure and architecture
of communication.
00:59:44.709 --> 00:59:47.149
Jacob: Shut it down! Shut it down!
00:59:47.149 --> 00:59:53.259
applause
00:59:53.259 --> 00:59:56.179
Herald: Number 5, please!
00:59:56.179 --> 01:00:00.339
Question: Is there a minimum key length
that you would consider unsafe?
01:00:00.339 --> 01:00:03.009
Jacob: Yeah, so, actually I’m glad you
asked that question. I was sort of hoping
01:00:03.009 --> 01:00:06.259
someone will do that. Okay. So. There are
some documents from the GCHQ
01:00:06.259 --> 01:00:09.769
where they talk about their super
computing resources. And,
01:00:09.769 --> 01:00:15.929
about 3 years ago they were
talking about 640 bit keys
01:00:15.929 --> 01:00:20.079
being something that they sort of casually
take care of. Now at the same time that
01:00:20.079 --> 01:00:24.499
that was happening Arjen Lenstra
had, I think, factored 768 bit,
01:00:24.499 --> 01:00:29.119
and it took, what was it, Alex?
3 years? On a bunch…
01:00:29.119 --> 01:00:32.880
listens to answer from audience
Year and a half! So, I think pretty much
01:00:32.880 --> 01:00:37.040
anything less than 1024 [bit] is a bad
idea. There are other documents
01:00:37.040 --> 01:00:41.349
where they specifically say, if
it’s 1024 bit RSA, it’s a problem.
01:00:41.349 --> 01:00:44.619
But you need to think about it,
not about what they can do today.
01:00:44.619 --> 01:00:47.259
First of all they have different
compartments. One of those compartments
01:00:47.259 --> 01:00:51.289
obviously is dedicated to any maths
that they’ve got that speed that up.
01:00:51.289 --> 01:00:54.680
But another point is that because of
things like the massive data repository
01:00:54.680 --> 01:00:58.089
– the mission data repository of
Bluffdale, Utah – you’re not encrypting
01:00:58.089 --> 01:01:03.229
for today. I mean, you are! But you’re
also encrypting for 50 years from today.
01:01:03.229 --> 01:01:07.049
So, personally, I use 4096 bit
RSA keys, and I store them
01:01:07.049 --> 01:01:10.329
on a hardware token, which
hopefully doesn’t have a backdoor.
01:01:10.329 --> 01:01:14.530
But I trust Werner [Koch]. That’s
the best I can do, unfortunately.
01:01:14.530 --> 01:01:17.030
Which is pretty good. But…
laughter
01:01:17.030 --> 01:01:22.009
But I think e.g. that the best key sizes,
01:01:22.009 --> 01:01:25.109
you need to think about them in terms of
what you’re actually doing; and how long.
01:01:25.109 --> 01:01:29.309
And then think about composition. That is…
it’s not just about encrypting something
01:01:29.309 --> 01:01:32.869
with, like, a 4096 bit RSA key.
Also make it hard for them to target you
01:01:32.869 --> 01:01:36.670
for surveillance in the
first place. So, e.g.
01:01:36.670 --> 01:01:39.939
when you can, use systems where
you can composite (?) with Tor. Use things
01:01:39.939 --> 01:01:42.890
that are totally ephemerally keyed. So
they can’t break in, steal the key and
01:01:42.890 --> 01:01:47.279
decrypt things in retrospect. Make it
really hard for them to make it valuable.
01:01:47.279 --> 01:01:51.319
There’s an economic point to that
collection as well as a mathematical point.
01:01:51.319 --> 01:01:54.589
Actually they sort of balance each other
out. So anyway, don’t use small key lengths.
01:01:54.589 --> 01:01:59.710
And maybe also consider looking at the
work that DJB and Tanja have been doing,
01:01:59.710 --> 01:02:04.910
about Elliptic Curves stuff.
And I think, really look to them!
01:02:04.910 --> 01:02:07.930
But these guys [=NSA] aren’t special.
They don’t have super powers.
01:02:07.930 --> 01:02:10.879
But when you use things that
are closed-source software…
01:02:10.879 --> 01:02:14.470
I mean, Richard Stallman was really right.
I mean, I know that it pains some of you
01:02:14.470 --> 01:02:17.470
to know that. But he was really right.
laughter
01:02:17.470 --> 01:02:20.010
And he deserves a lot of love for that!
01:02:20.010 --> 01:02:29.509
applause
01:02:29.509 --> 01:02:32.339
Free software, with software
implementations with large keys.
01:02:32.339 --> 01:02:35.959
That’s what you want. And when you can:
protocols that allow for ephemeral keying,
01:02:35.959 --> 01:02:39.119
or where they have forward secrecy.
Things like Pond, things like OTR,
01:02:39.119 --> 01:02:43.420
things like Redphone and Signal.
And GnuPG. GnuPG has the caveat (?) that
01:02:43.420 --> 01:02:46.150
if they ever get into your system later
they can of course decrypt other messages.
01:02:46.150 --> 01:02:51.569
So you have to consider all that. Not just
key size. And GnuPG has safe defaults.
01:02:51.569 --> 01:02:54.740
So if you’re choosing key sizes,
hopefully you’re using that.
01:02:54.740 --> 01:02:58.209
Libraries like Salt also
make safe choices. So,
01:02:58.209 --> 01:03:02.609
hopefully that answers your question and
you use strong crypto in the future.
01:03:02.609 --> 01:03:05.839
Herald: So thank you very
much for the talk. Thank you!
01:03:05.839 --> 01:03:08.999
I saw a lot of people being
shocked in that room.
01:03:08.999 --> 01:03:13.919
A lot of tears of, I think,
proudness and hope.
01:03:13.919 --> 01:03:18.469
I saw… that gives me a really good
feeling. So thank you for the talk.
01:03:18.469 --> 01:03:20.839
Give them a very warm applause!
01:03:20.839 --> 01:03:34.499
applause
01:03:34.499 --> 01:03:37.569
silent postroll titles
01:03:37.569 --> 01:03:45.821
Subtitles created by c3subtitles.de
in the year 2017. Join, and help us!