1 00:00:00,000 --> 00:00:09,830 *silent 31C3 preroll* 2 00:00:09,830 --> 00:00:12,990 *Laura and Jacob silently on stage* *audio/video playback starts* 3 00:00:12,990 --> 00:00:16,220 Announcing person in video: Give a warm welcome to General Alexander! 4 00:00:16,220 --> 00:00:20,940 *video starts all over again, now at its titles* 5 00:00:20,940 --> 00:00:24,165 Announcing person in video: Give a warm welcome to General Alexander! 6 00:00:24,165 --> 00:00:29,925 *video:**applause* 7 00:00:29,925 --> 00:00:34,535 Alexander: Thanks! Can you hear me? 8 00:00:34,535 --> 00:00:37,045 Question: So does the NSA really keep a file on everyone? 9 00:00:37,045 --> 00:00:39,425 Alexander: So many things you could say are funny but I think this requires 10 00:00:39,425 --> 00:00:43,829 a very serious answer. First: No, we don’t, absolutely not. 11 00:00:43,829 --> 00:00:46,670 And anybody who’d tell you that we’re keeping files or dossiers 12 00:00:46,670 --> 00:00:49,760 on the American people: No, that’s not true. 13 00:00:49,760 --> 00:00:54,300 And I will tell you that those who would want to weave the story, that we have 14 00:00:54,300 --> 00:00:59,220 millions or hundreds of millions of dossiers on people is absolutely false. 15 00:00:59,220 --> 00:01:09,680 *title with music “Reconstructing Narratives”* 16 00:01:09,680 --> 00:01:20,770 *audio/video playback stops* 17 00:01:20,770 --> 00:01:23,680 Jacob Appelbaum: That’s the first time I can remember not being wiretapped! 18 00:01:23,680 --> 00:01:33,740 *Laura laughs* *laughter and applause* 19 00:01:33,740 --> 00:01:38,820 Okay, well, it’s really a great honor to be back, and it’s 20 00:01:38,820 --> 00:01:41,420 really one of the greatest pleasures of my life to be on stage with Laura, 21 00:01:41,420 --> 00:01:45,819 who is one of the most fearless, fantastic journalists… 22 00:01:45,819 --> 00:01:54,319 *applause* 23 00:01:54,319 --> 00:01:58,829 …and we are here today to tell you a few things. 24 00:01:58,829 --> 00:02:03,740 I am an American by birth and post-nationalist, I suppose, 25 00:02:03,740 --> 00:02:08,419 by an accident of history. I’m here now working as a journalist 26 00:02:08,419 --> 00:02:12,550 and Laura is working as a journalist. And I’ll let her introduce herself. 27 00:02:12,550 --> 00:02:16,140 Laura Poitras: So, I’ve been working the last years, trying to document 28 00:02:16,140 --> 00:02:20,170 the “War on Terror” and to understand it from a human perspective 29 00:02:20,170 --> 00:02:25,080 and how we can understand it differently, if we understand its impact on people. 30 00:02:25,080 --> 00:02:28,510 And today, what Jacob and I want to do is to talk about 31 00:02:28,510 --> 00:02:33,330 how the narratives that we’ve been told are false, 32 00:02:33,330 --> 00:02:37,790 and how we can construct new narratives that are based on objective facts. 33 00:02:37,790 --> 00:02:40,780 Jacob: I think in some way some of the things we are saying will be 34 00:02:40,780 --> 00:02:44,250 ‘preaching to the choir’, because it is through this community, that we have, 35 00:02:44,250 --> 00:02:48,280 in fact, found some of the truths, that we will talk about today. 36 00:02:48,280 --> 00:02:54,540 And the CCC to me is like home, so… 37 00:02:54,540 --> 00:03:00,680 *laughter and applause* 38 00:03:00,680 --> 00:03:05,250 And so, if it wasn’t for the CCC and your material support I don’t believe 39 00:03:05,250 --> 00:03:08,510 that it would be possible for us to be here today. So, thank you all very much 40 00:03:08,510 --> 00:03:12,160 for the large conspiracy that the German people and the international community 41 00:03:12,160 --> 00:03:15,020 have brought. *some laughter in the audience* 42 00:03:15,020 --> 00:03:19,070 We have just now simultaneously published on DER SPIEGEL’s website 43 00:03:19,070 --> 00:03:23,260 two very large stories which we think will be of great interest, which we will take 44 00:03:23,260 --> 00:03:27,010 a little bit of time to explain. But if you go to spiegel.de 45 00:03:27,010 --> 00:03:31,370 you will see two stories. One is about cryptography 46 00:03:31,370 --> 00:03:37,560 and one is about… the CIA. And about JPEL and NATO. 47 00:03:37,560 --> 00:03:40,790 And this is very important, these stories being published at the same time, 48 00:03:40,790 --> 00:03:45,020 we very much want to thank DER SPIEGEL and the colleagues who are in this room, 49 00:03:45,020 --> 00:03:48,250 Andy Müller-Maguhn, Aaron Gibson and a number of other people, 50 00:03:48,250 --> 00:03:50,740 Marcel Rosenberg and Holger Stark… 51 00:03:50,740 --> 00:03:58,730 *applause* 52 00:03:58,730 --> 00:04:02,440 We, as some background, have been working on these stories 53 00:04:02,440 --> 00:04:06,460 really for a long time. The crypto story, I would say, 54 00:04:06,460 --> 00:04:10,180 it’s something we’ve wanted to do for almost a year and a half, if not more. 55 00:04:10,180 --> 00:04:13,150 And really, if you think about the investigations in the Cypherpunks movement 56 00:04:13,150 --> 00:04:17,649 we’ve really wanted to have some of these answers for about 15 or 20 years. 57 00:04:17,649 --> 00:04:20,608 Some of the answers are good and some of the answers are not so fantastic. 58 00:04:20,608 --> 00:04:24,910 I guess, it depends on where you stand. But we hope that, by bringing this to you, 59 00:04:24,910 --> 00:04:28,190 that it is really in the public interest. And that the public here is interested 60 00:04:28,190 --> 00:04:32,190 and that you will take it to other places. That you will really take action, based on 61 00:04:32,190 --> 00:04:37,030 what you see. Whether it is traditional action, whether it is civil disobedience, 62 00:04:37,030 --> 00:04:40,940 whether it’s FOIAs, whether it’s something else, who knows, we hope 63 00:04:40,940 --> 00:04:44,070 that you will feel empowered by the end of this talk. 64 00:04:44,070 --> 00:04:46,880 Laura: And I’d just like to say that if anyone wants to open up 65 00:04:46,880 --> 00:04:49,770 their laptops and look at some of the documents that we’ve published 66 00:04:49,770 --> 00:04:53,160 we won’t be offended at all and, in fact, will be happy. I think it will 67 00:04:53,160 --> 00:04:55,680 contribute to your experience of the talk today. 68 00:04:55,680 --> 00:04:59,860 Voice from audience: Laura, it’s ‘/international’ on spiegel.de 69 00:04:59,860 --> 00:05:04,450 Jacob: Great, ‘spiegel.de/international’ And for everyone who can’t be here, 70 00:05:04,450 --> 00:05:08,389 streaming, remember if the stream cuts out and you never see us again, it was murder! 71 00:05:08,389 --> 00:05:14,010 *Laura and audience laughing, some applause* 72 00:05:14,010 --> 00:05:17,960 Laura: So, one of the ways that the ‘War on Terror’ works 73 00:05:17,960 --> 00:05:21,850 – and the way that war works in general – is how people are de-humanized 74 00:05:21,850 --> 00:05:31,500 and reduced to numbers. This is a short video that I filmed about Guantanamo. 75 00:05:31,500 --> 00:06:38,400 *video with serious music* 76 00:06:38,400 --> 00:06:42,680 Laura: That was a video that I made about a former prisoner of Guantanamo. 77 00:06:42,680 --> 00:06:49,500 His name was Adnan Latif. He was sent to Guantanamo in 2012. 78 00:06:49,500 --> 00:06:54,930 And this is how he came home. He was on hunger strike for many years 79 00:06:54,930 --> 00:06:59,220 before he died. And what was most shocking to me 80 00:06:59,220 --> 00:07:05,650 is watching what happens when he returns home and that he’s listed as a number. 81 00:07:05,650 --> 00:07:09,900 And that his family had to witness that. That that was a person who they were 82 00:07:09,900 --> 00:07:13,919 seeing for the first time in many years, who is reduced to a number. 83 00:07:13,919 --> 00:07:17,740 So today, what we’re publishing with DER SPIEGEL is looking at 84 00:07:17,740 --> 00:07:23,139 how that process works. And it involves NATO’s JPEL kill list 85 00:07:23,139 --> 00:07:30,199 that is being used in Afghanistan to target people for targeted killings. 86 00:07:30,199 --> 00:07:34,680 We’re publishing along that some narratives of particular people 87 00:07:34,680 --> 00:07:39,650 who are on the kill list. One particular case was a man 88 00:07:39,650 --> 00:07:45,510 who was given the code name “Object Doody”. 89 00:07:45,510 --> 00:07:50,560 He was targeted for killing, or for assassination. 90 00:07:50,560 --> 00:07:55,800 A British Apache helicopter that was code named “Ugly 50” 91 00:07:55,800 --> 00:08:01,420 was sent to kill him. This was on a day that the visibility was poor, 92 00:08:01,420 --> 00:08:04,759 and they missed him and they shot a child and his father. 93 00:08:04,759 --> 00:08:08,820 The child was killed immediately, the father was wounded. 94 00:08:08,820 --> 00:08:16,240 The helicopter looped back around and killed its target. 95 00:08:16,240 --> 00:08:20,440 Jacob: Right. So, part of what we are hoping to do here, just to make it 96 00:08:20,440 --> 00:08:26,211 perfectly clear, is to expose information that people say doesn’t exist, with 97 00:08:26,211 --> 00:08:30,860 a couple of goals. And one of those goals, to be very clear about it, 98 00:08:30,860 --> 00:08:34,429 – even though this, I suppose, tilts me a little bit on the activist side 99 00:08:34,429 --> 00:08:38,599 of journalism – is to stop the killing. That is an explicit goal 100 00:08:38,599 --> 00:08:43,220 with this publication. The British Government and the American Government 101 00:08:43,220 --> 00:08:46,520 – in various different ways NATO as well – they say, that these kind of things 102 00:08:46,520 --> 00:08:50,120 really don’t exist. That they don’t happen this way. Any they talk about 103 00:08:50,120 --> 00:08:56,680 the killing of people in a very… let’s say ‘mechanical fashion’. 104 00:08:56,680 --> 00:08:59,930 Usually they say this evidence doesn’t exist, but the evidence does exist. 105 00:08:59,930 --> 00:09:05,640 And, in fact, there are lists with names, just endless names. 106 00:09:05,640 --> 00:09:09,180 And those people, in various different ways, are graded. They’re graded 107 00:09:09,180 --> 00:09:13,180 with regard to the political consequence of those people being killed. As well as 108 00:09:13,180 --> 00:09:18,140 some very small spreadsheet and on that spreadsheet, there’s a small box, 109 00:09:18,140 --> 00:09:25,010 and that box explains their crimes. Next to that, there’s a Dollar figure 110 00:09:25,010 --> 00:09:28,670 for a potential reward. And maybe there’s a restriction. Sometimes it says something 111 00:09:28,670 --> 00:09:34,180 like “kinetic action prohibited”. For example. That’s because, by default, 112 00:09:34,180 --> 00:09:38,920 “kinetic action” is not prohibited. That is because these are lists of names 113 00:09:38,920 --> 00:09:44,100 of people to be found and to be murdered. And so of these lists… 114 00:09:44,100 --> 00:09:48,230 we have an excerpt of these lists, being published today. 115 00:09:48,230 --> 00:09:53,770 And the goal of publishing this is to show what needs to be done. 116 00:09:53,770 --> 00:09:58,000 So these lists have redactions and the goal is that SPIEGEL, 117 00:09:58,000 --> 00:10:03,500 along with hopefully others, will help us to continue to work to uncover 118 00:10:03,500 --> 00:10:07,550 not only the fate of these people on these lists whose names are redacted, but also 119 00:10:07,550 --> 00:10:11,720 the fate of people who are not yet on these kinds of lists. Maybe to move 120 00:10:11,720 --> 00:10:16,240 to a world in which we don’t have lists for, what I would call, assassinations. 121 00:10:16,240 --> 00:10:20,480 And that’s what SPIEGEL calls it as well. This is not, as some people would say, 122 00:10:20,480 --> 00:10:28,890 a “Joint Prioritized Effects List”. This is an assassination program. And I think, 123 00:10:28,890 --> 00:10:32,600 personally, that it is inappropriate for democratic societies to have them and 124 00:10:32,600 --> 00:10:37,100 when they deny that they have them, we’d like to prove them wrong and publish them. 125 00:10:37,100 --> 00:10:39,560 And so that is, what we have done today. 126 00:10:39,560 --> 00:10:52,900 *applause* 127 00:10:52,900 --> 00:10:58,270 Now, an important detail of this is: In the story, 128 00:10:58,270 --> 00:11:03,330 the very specific story that is told in the SPIEGEL piece, as Laura mentioned, 129 00:11:03,330 --> 00:11:06,810 there is an Apache helicopter. And that helicopter attempted to engage 130 00:11:06,810 --> 00:11:10,800 with a so-called “legitimate target”. And part of what we hope to drive home 131 00:11:10,800 --> 00:11:16,180 is this notion of legitimacy and targeting. In this case, 132 00:11:16,180 --> 00:11:20,580 there is a value, that is assigned to a person. And that value is a number, 133 00:11:20,580 --> 00:11:26,000 which includes the number of people who are not the target, that can be killed 134 00:11:26,000 --> 00:11:29,360 in service of killing that person! That is completely innocent people, 135 00:11:29,360 --> 00:11:33,420 who are allowed to be killed entirely. And 136 00:11:33,420 --> 00:11:38,350 depending on the number there may be a call back to base or to a higher command. 137 00:11:38,350 --> 00:11:43,560 But the number isn’t 1 before they have to make that call. They have discretion. 138 00:11:43,560 --> 00:11:49,350 And in this case a child was killed with a Hellfire missile. And why is that? 139 00:11:49,350 --> 00:11:52,890 Because technology mediates this type of killing and that technology is 140 00:11:52,890 --> 00:11:57,820 not as precise as people would say. And so we have today published 141 00:11:57,820 --> 00:12:05,670 the storyboard of this objective “Doody”, which is the name, D-O-O-D-Y. 142 00:12:05,670 --> 00:12:09,149 That storyboard tells this and explains that a child was killed 143 00:12:09,149 --> 00:12:12,489 with a Hellfire missile in service of killing someone else. And Laura 144 00:12:12,489 --> 00:12:21,010 can explain what this person did to ‘deserve’ to be killed. 145 00:12:21,010 --> 00:12:25,209 Laura: I mean, actually, what I wanted to transition to is looking at 146 00:12:25,209 --> 00:12:29,180 actually the fact… the narrative is, that the government or governments are 147 00:12:29,180 --> 00:12:33,720 targeting people, who are suspected of something. And in fact 148 00:12:33,720 --> 00:12:38,430 what we learned, is that they’re targeting people based on as little information 149 00:12:38,430 --> 00:12:43,180 as their telephone number, or a voice recognition. And they’re using those 150 00:12:43,180 --> 00:12:48,720 as methods to target and kill people. One of the things, that we’ve learned 151 00:12:48,720 --> 00:12:53,340 through the disclosures by Edward Snowden is that they’re targeting people 152 00:12:53,340 --> 00:12:57,950 not just in war zones but internationally. They’re targeting us for surveillance 153 00:12:57,950 --> 00:13:04,830 all over the world. And… this is a video of a target. 154 00:13:04,830 --> 00:13:13,150 *audio/video playback starts* Man: This is the highest level! (in German) 155 00:13:13,150 --> 00:13:17,260 Ali Fares: Mh-mh! 156 00:13:17,260 --> 00:13:20,430 Netcologne, [inaudible], Teliast… 157 00:13:20,430 --> 00:13:27,200 Oh my god, it’s so good documented! 158 00:13:27,200 --> 00:13:31,730 That are most of the routers that I actually know. 159 00:13:31,730 --> 00:13:41,850 Office, plied sky (?), and… 160 00:13:41,850 --> 00:13:44,240 Man: This is an engineer? Ali: Yes. 161 00:13:44,240 --> 00:13:47,530 Man: Engineer, engineer, engineer, engineer… Ali: Oh, yeah. 162 00:13:47,530 --> 00:13:53,490 Man: …engineer, engineer. This is you? 163 00:13:53,490 --> 00:14:03,810 Ali: Yes. *audio/video playback stops* 164 00:14:03,810 --> 00:14:08,550 Jacob: So what you just saw there was “Engineers from Stellar”, and 165 00:14:08,550 --> 00:14:13,690 that is a fantastic name for a company that gets compromised. It is important 166 00:14:13,690 --> 00:14:19,839 to understand the notion of targeting with regard to why a target 167 00:14:19,839 --> 00:14:25,390 considered legitimate in some cases can have this notion of collateral damage. 168 00:14:25,390 --> 00:14:29,640 Now in the case of Stellar or in the case of Belgacom, which Laura revealed 169 00:14:29,640 --> 00:14:35,100 with DER SPIEGEL, what we learn is that it isn’t actually the case 170 00:14:35,100 --> 00:14:39,580 that a terrorist is involved with Belgacom or with Stellar. 171 00:14:39,580 --> 00:14:44,600 It is that a kind of neo-colonialism is taking place in the digital era, 172 00:14:44,600 --> 00:14:49,480 wherein the colonies, the networks, that they do not have through coercion 173 00:14:49,480 --> 00:14:54,910 of the state or through other surveillance practices, they have to be compromised. 174 00:14:54,910 --> 00:14:59,839 And those become targets and they become legitimate targets in theory 175 00:14:59,839 --> 00:15:04,589 and in actuality, because of it’s usefulness. Because of the leverage 176 00:15:04,589 --> 00:15:10,050 that it provides against a speculative target, someday in the future. That is, 177 00:15:10,050 --> 00:15:13,570 these networks become compromised in service of being able to compromise 178 00:15:13,570 --> 00:15:19,630 future networks and other people, just because they can. They set out to do that. 179 00:15:19,630 --> 00:15:23,649 And so Stellar is an example of such a thing. And to be able to confront victims 180 00:15:23,649 --> 00:15:29,279 this way, to show them that they’re compromised helps us to understand, 181 00:15:29,279 --> 00:15:34,089 helps us to show that in fact we are directly, and indirectly impacted 182 00:15:34,089 --> 00:15:39,640 by these types of activities. And when we think about this kind of targeting 183 00:15:39,640 --> 00:15:45,890 we have to understand the scale. And this scale is sort of incredible. 184 00:15:45,890 --> 00:15:52,220 The budget for targeted exploitation, for the NSA, 185 00:15:52,220 --> 00:15:57,180 not speaking at all about the GCHQ, or the Defense Signals Directorate folks 186 00:15:57,180 --> 00:16:02,589 over in Australia, there’s so much money, 187 00:16:02,589 --> 00:16:06,769 when you look at the offensive warfare, that for 2013 alone there was 188 00:16:06,769 --> 00:16:12,209 650 million Dollars spent on the GENIE program. 189 00:16:12,209 --> 00:16:15,430 And the GENIE program is their offensive Cyber War program, 190 00:16:15,430 --> 00:16:20,050 as they call it themselves, in which they build backdoors, like UNITEDRAKE 191 00:16:20,050 --> 00:16:25,639 and STRAITBIZZARE and other tools like Regin, which you know as one of the tools, 192 00:16:25,639 --> 00:16:29,860 I hope, that has been used in Belgacom and in other places. 193 00:16:29,860 --> 00:16:33,930 So they target places like Stellar and Belgacom, but they also target places 194 00:16:33,930 --> 00:16:39,300 like the European Union. In that case, the EU takes the place 195 00:16:39,300 --> 00:16:42,940 of a terrorist. That is: they are the goal. They aren’t compromising 196 00:16:42,940 --> 00:16:46,899 the EU’s networks just because someone interesting might show up, 197 00:16:46,899 --> 00:16:51,710 they are compromising the EU’s networks, because the EU is 198 00:16:51,710 --> 00:16:55,800 the equivalent to a terrorist to them. And they wish to have leverage and control. 199 00:16:55,800 --> 00:16:59,320 Because that’s what surveillance is in this context. It’s exploitation of systems, 200 00:16:59,320 --> 00:17:03,080 where they leverage access to that system, or whichever systems that they 201 00:17:03,080 --> 00:17:07,720 have access to, to get more access, to have more control. Either politically 202 00:17:07,720 --> 00:17:13,469 or technologically or both. Which ties of course into economics. 203 00:17:13,469 --> 00:17:20,099 Now, in the case of GENIE 650 million Dollars is quite a great deal of money. 204 00:17:20,099 --> 00:17:26,230 But for 2017 the projected budget for GENIE is a billion Dollars. 205 00:17:26,230 --> 00:17:31,059 This is just the beginning of what we see. And these civilian targets 206 00:17:31,059 --> 00:17:34,730 or these governmental targets that are being targeted in continental Europe, 207 00:17:34,730 --> 00:17:38,570 they’re not alone. It is actually happening all around the world. 208 00:17:38,570 --> 00:17:42,309 And these compromises, they happen in service of mass surveillance. 209 00:17:42,309 --> 00:17:46,740 Whenever they don’t have the ability to mass-surveil a system they implant systems 210 00:17:46,740 --> 00:17:51,020 along the way in order to surveil what goes in and out of them. 211 00:17:51,020 --> 00:17:56,500 Systems are even used as what are called ‘Diodes’. And Diodes are essentially 212 00:17:56,500 --> 00:18:02,590 another term which we see the Canadians use. Operational Relay Boxes or ORBs. 213 00:18:02,590 --> 00:18:06,179 Anybody here that used to be a black hat, I know there are no more black hats here, 214 00:18:06,179 --> 00:18:12,040 it’s all legitimate, but… except for that guy, in the front… 215 00:18:12,040 --> 00:18:16,450 Everybody knows what you use those boxes for: You use them to jump from one network 216 00:18:16,450 --> 00:18:20,080 to another network, so that when something is traced back it traces back 217 00:18:20,080 --> 00:18:23,170 to that machine. In the case of the Canadian Service they themselves 218 00:18:23,170 --> 00:18:26,980 talk about, a couple of times a year, compromising as many systems as they can 219 00:18:26,980 --> 00:18:31,020 in non-Five-Eyes countries, in order to ensure that they have as many operational 220 00:18:31,020 --> 00:18:37,040 relay boxes as they need for the coming year. These diodes mean 221 00:18:37,040 --> 00:18:42,049 that when a system does a thing, it is absolutely not the case that we can say 222 00:18:42,049 --> 00:18:45,350 the person who has purchased that system is responsible for it. 223 00:18:45,350 --> 00:18:49,110 It is their official doctrine, in fact, to use other people’s computers 224 00:18:49,110 --> 00:18:53,809 for their hacking. And that’s important, when we now consider, that they have 225 00:18:53,809 --> 00:18:59,660 – in 2017 projected – a goal of having a billion Dollars to do that. 226 00:18:59,660 --> 00:19:04,530 When we look at how that bounces out with Defense that is – not at all – balanced. 227 00:19:04,530 --> 00:19:10,980 In fact, it is tilted entirely towards Offensive Warfare. 228 00:19:10,980 --> 00:19:14,700 Laura: I was wondering, how many people in the room have gone online 229 00:19:14,700 --> 00:19:17,239 to look at some of the documents that we released. 230 00:19:17,239 --> 00:19:20,559 Jacob: Anyone? Hey, nice. Laura: Alright. 231 00:19:20,559 --> 00:19:25,020 Jacob: Fantastic! So in the future, that is to say 232 00:19:25,020 --> 00:19:30,150 in approximately 3 weeks, we plan to release, along with some of our colleagues 233 00:19:30,150 --> 00:19:34,090 at SPIEGEL, and other people who are helping out, more information 234 00:19:34,090 --> 00:19:38,549 about specific malware, specific cases in which it’s used 235 00:19:38,549 --> 00:19:42,240 and details about information sharing with regard to the malware in terms of 236 00:19:42,240 --> 00:19:45,320 how it’s harvested. We’re thinking probably in the second week of January 237 00:19:45,320 --> 00:19:49,230 for that malware story. And we wanted to make sure to get it right 238 00:19:49,230 --> 00:19:54,549 and we wanted people to focus on the specifics of the NATO kill lists 239 00:19:54,549 --> 00:19:59,780 and to focus on cryptography. We thought, well, people here 240 00:19:59,780 --> 00:20:03,480 in the audience would be able to handle all three, the rest of the world just 241 00:20:03,480 --> 00:20:07,760 isn’t ready for it yet. So we had to take a little bit of a pause. So 242 00:20:07,760 --> 00:20:13,940 more of the malware details will be released in about 3 weeks. Now for me, 243 00:20:13,940 --> 00:20:17,860 one of the things that has, I would say for my entire adult life been 244 00:20:17,860 --> 00:20:21,500 very interesting to me and before my adult life started, was a system 245 00:20:21,500 --> 00:20:23,830 known as Echelon. Anybody here remember that system? 246 00:20:23,830 --> 00:20:26,350 *‘Woohoow’, and laughter* 247 00:20:26,350 --> 00:20:29,080 *jokingly:* That’s the guy that built it! *more laughter* 248 00:20:29,080 --> 00:20:33,510 I would guess… maybe not, sorry, I don’t want to… trying to 249 00:20:33,510 --> 00:20:37,549 snitch jacket you there… But 250 00:20:37,549 --> 00:20:42,180 I think it’s to me extremely important to hear about these 251 00:20:42,180 --> 00:20:46,799 kinds of things, that sound totally crazy. Like the CIA torture report, for example. 252 00:20:46,799 --> 00:20:50,900 That started out as a conspiracy [theory]. And now we know, that America’s 253 00:20:50,900 --> 00:20:56,439 official policy with the CIA was rape, anal rehydration. Those were 254 00:20:56,439 --> 00:21:01,380 conspiracy theories which we now know to be facts. 255 00:21:01,380 --> 00:21:06,630 So Echelon, the rumour of Echelon was this notion of planetary surveillance. 256 00:21:06,630 --> 00:21:11,400 And of course it was Duncan Campbell who brought this forward in an European Union 257 00:21:11,400 --> 00:21:17,390 report. He, in fact, very clearly outlined the interception capabilities 258 00:21:17,390 --> 00:21:23,880 of the U.S. Government and others. Now, it is hard to actually imagine 259 00:21:23,880 --> 00:21:29,620 planetary surveillance, on a scale, let’s say, your home, and how your home 260 00:21:29,620 --> 00:21:34,410 fits into your city, and your city how it fits into a country, and the whole world. 261 00:21:34,410 --> 00:21:38,860 And all of that being monitored. But what we found is that 262 00:21:38,860 --> 00:21:42,850 during the Crypto Wars we thought that we had won. We thought that we had a way, 263 00:21:42,850 --> 00:21:46,970 really, to change things. We thought that with cryptography we would be able 264 00:21:46,970 --> 00:21:52,260 to change the entire balance. Even if something like planetary surveillance 265 00:21:52,260 --> 00:21:55,510 would have come about. And so when Duncan Campbell released his reports 266 00:21:55,510 --> 00:21:59,750 about Echelon in the very early 21st century I think a lot of people weren’t 267 00:21:59,750 --> 00:22:03,950 as concerned about it as they should have been. And shortly after that 268 00:22:03,950 --> 00:22:09,230 the ‘War on Terror’ really got off to a very, very big start. 269 00:22:09,230 --> 00:22:13,970 It turns out that we weren’t as concerned as we should have been in the right areas. 270 00:22:13,970 --> 00:22:18,270 And we I think can say now, that the first Crypto Wars were not won and in fact 271 00:22:18,270 --> 00:22:22,710 the first Crypto Wars were probably – if anything – lost, or they’re still 272 00:22:22,710 --> 00:22:29,720 going on now. If we were to delineate that and we were to talk about as an example, 273 00:22:29,720 --> 00:22:33,220 the second Crypto Wars, what we would find is what has actually been happening 274 00:22:33,220 --> 00:22:38,590 behind the scenes, and, thanks to Edward Snowden we actually have a great deal 275 00:22:38,590 --> 00:22:43,530 of answers that we would probably not have otherwise. 276 00:22:43,530 --> 00:22:55,730 *applause* 277 00:22:55,730 --> 00:23:01,280 Now, it is important to understand that the context of this 278 00:23:01,280 --> 00:23:08,519 is the notion that everyone is suspicious. That we live now in a world of total, 279 00:23:08,519 --> 00:23:12,820 absolute surveillance which sometimes misses a thing, here or there. 280 00:23:12,820 --> 00:23:15,940 But this is the goal: Collect it all! That’s General Alexander’s notion. 281 00:23:15,940 --> 00:23:20,759 When he talks about his notion e.g. about dossiers it’s a trick. 282 00:23:20,759 --> 00:23:24,730 It’s a rhetorical trick. Because what he means to say is that now dossiers 283 00:23:24,730 --> 00:23:29,919 are dynamic. And that this information is not stored on lists, written down like in, 284 00:23:29,919 --> 00:23:33,250 let’s say, the 50s. Rather they’re stored in databases that dynamically 285 00:23:33,250 --> 00:23:37,700 will generate a list based on a query from an analyst. “Give me every person 286 00:23:37,700 --> 00:23:42,770 that went to this website at this time”. And it of course expands, the notion is 287 00:23:42,770 --> 00:23:47,020 that somehow this will only be used against terrorists. But what is a terrorist, 288 00:23:47,020 --> 00:23:52,060 in this case? In some cases it actually includes people who are merely involved 289 00:23:52,060 --> 00:23:57,980 in drugs, and part of that has been published as part of the JPEL kill lists. 290 00:23:57,980 --> 00:24:02,660 That is to say: people who are definitely not terrorists, but who are otherwise 291 00:24:02,660 --> 00:24:07,850 interesting targets, so there’s a sort of “bleed over”, and so we see the same thing 292 00:24:07,850 --> 00:24:11,580 with surveillance and cryptography: It was for exceptional targets and now it is 293 00:24:11,580 --> 00:24:18,340 for everyone. And so cryptography came as a liberator. And that was the idea. 294 00:24:18,340 --> 00:24:22,880 But just as we showed a little bit ago, with STELLAR where they targeted engineers 295 00:24:22,880 --> 00:24:28,179 specifically to have access to the infrastructure, so, too, we find 296 00:24:28,179 --> 00:24:34,130 that for cryptography they sabotage critical infrastructure. We found, in fact, 297 00:24:34,130 --> 00:24:37,309 so many different interesting things that 298 00:24:37,309 --> 00:24:41,710 it’s actually hard to talk about it in only half an hour of time. 299 00:24:41,710 --> 00:24:45,690 Laura: I’d like to just say, as one of the journalists who’s been publishing 300 00:24:45,690 --> 00:24:49,560 on the documents I think that one of the most both important stories and the 301 00:24:49,560 --> 00:24:53,700 most unsatisfying stories was the BULLRUN story that was published 302 00:24:53,700 --> 00:24:57,530 by The New York Times, and the Guardian, and ProPublica. Because it did warn us 303 00:24:57,530 --> 00:25:01,510 of how the NSA was attacking critical infrastructure 304 00:25:01,510 --> 00:25:06,169 to make the internet insecure, and yet it didn’t tell us any specifics of 305 00:25:06,169 --> 00:25:09,020 what they meant by that. And this is something that I think frustrated 306 00:25:09,020 --> 00:25:12,080 many people in the audience, and so… 307 00:25:12,080 --> 00:25:16,159 *applause* 308 00:25:16,159 --> 00:25:19,419 And so the reporting that Jake’s been doing 309 00:25:19,419 --> 00:25:21,950 along with Aaron Gibson and other people… 310 00:25:21,950 --> 00:25:24,770 Jacob: Christian (?)… there in the audience. 311 00:25:24,770 --> 00:25:28,130 Laura: … is to dig in and to find out what those specifics are so that we can 312 00:25:28,130 --> 00:25:33,580 actually warn people about what is safe and what’s not safe in cryptography. 313 00:25:33,580 --> 00:25:37,750 Jacob: So, we have, let’s say, a little free time we’re gonna talk about this… 314 00:25:37,750 --> 00:25:41,880 but I’d like to do some surveys: Who here uses PPTP? And don’t laugh at them 315 00:25:41,880 --> 00:25:45,620 when they raise their hand, let them be honest… who uses it? 316 00:25:45,620 --> 00:25:47,220 One guy! *laughter* 317 00:25:47,220 --> 00:25:50,299 Ok, well, good news to this audience… stop doing that, we’re gonna tell you why 318 00:25:50,299 --> 00:25:55,530 in a second. *Laura laughs* Who here uses IPSEC? 319 00:25:55,530 --> 00:26:00,380 With a pre-shared key? Fantastic… 320 00:26:00,380 --> 00:26:03,260 Stop doing that too… *laughter* 321 00:26:03,260 --> 00:26:06,730 Raise your hand if you use SSH! 322 00:26:06,730 --> 00:26:08,960 *even louder laughter* *Laura laughs* 323 00:26:08,960 --> 00:26:14,490 Guess what… *laughter, slight applause* 324 00:26:14,490 --> 00:26:19,049 In the documents that we’re publishing today we are showing in fact a series 325 00:26:19,049 --> 00:26:24,560 of systems that, if we understand them correctly… 326 00:26:24,560 --> 00:26:29,659 I wonder if I should say my next sentence… I say this only as myself and not as Laura. 327 00:26:29,659 --> 00:26:34,750 I’d be surprised if some building weren’t burning, frankly. But… the NSA claims 328 00:26:34,750 --> 00:26:40,289 to have databases for decryption, or an attack orchestration for PPTP and IPSEC, 329 00:26:40,289 --> 00:26:48,710 which is not so surprising at all, but also for SSL and TLS, and… for SSH. 330 00:26:48,710 --> 00:26:53,330 They have specific slides where they talk about the Debian weak number generation. 331 00:26:53,330 --> 00:26:59,549 This is not that. For what we can tell they have separate programs for that. 332 00:26:59,549 --> 00:27:03,880 So they of course have a way through the cryptographic exploitation services, 333 00:27:03,880 --> 00:27:07,960 crypto-analysis exploitation services, to do certain decrypts. Now, they say: 334 00:27:07,960 --> 00:27:13,460 “We stress: potential!”. It seems to be there’s a pattern. And the pattern is 335 00:27:13,460 --> 00:27:19,190 things that are done entirely in software, in particular, those things as long as 336 00:27:19,190 --> 00:27:23,690 there’s a good random number generator, and especially if it is Free Software, 337 00:27:23,690 --> 00:27:28,820 what we find is that it seems to stand the test of time. That doesn’t mean 338 00:27:28,820 --> 00:27:33,340 that it always will, because we found a couple of things. One of the things 339 00:27:33,340 --> 00:27:37,460 is that we found that they log the cipher texts, and that they wait. 340 00:27:37,460 --> 00:27:42,230 Sometimes to break it with brute-force, so we are also revealing today the location 341 00:27:42,230 --> 00:27:46,610 of the two large supercomputers: That is at Oak Ridge National Laboratories and at 342 00:27:46,610 --> 00:27:52,419 Fort Meade, for a program called LONGHAUL. The LONGHAUL I suppose as they 343 00:27:52,419 --> 00:27:58,980 have named it appropriately, is for their long haul approach. Combined with things 344 00:27:58,980 --> 00:28:03,370 like the massive data repository, or the Mission Data Center, the Mission Data 345 00:28:03,370 --> 00:28:08,610 repository in places like Bluffdale, Utah. They plan and do store the cipher texts 346 00:28:08,610 --> 00:28:12,679 of an unbelievable number of connections. When you make an SSL / TLS connection 347 00:28:12,679 --> 00:28:19,480 the GCHQ keeps statistics. The Canadian CSE keeps statistics. They seem to log 348 00:28:19,480 --> 00:28:25,440 metadata about the handshake in terms of TCP/IP, but also in terms of SSL and TLS 349 00:28:25,440 --> 00:28:29,730 for the actual protocols. That is to say, they store the cryptographic handshakes, 350 00:28:29,730 --> 00:28:35,390 and in some cases for specific selected data they take the entire flow. Now, 351 00:28:35,390 --> 00:28:40,070 we have found claims that are kind of amazing: in the case of BULLRUN 352 00:28:40,070 --> 00:28:43,480 the New York Times and the Guardian, and the rest of the collaborating 353 00:28:43,480 --> 00:28:48,120 news organizations have often left out important details. 354 00:28:48,120 --> 00:28:51,700 One of the important details which I find to be the most shocking and upsetting 355 00:28:51,700 --> 00:28:57,670 is that the British alone by 2010 – was it? – had 832 people 356 00:28:57,670 --> 00:29:04,620 right into their BULLRUN program. That is 832 people knew about their backdooring 357 00:29:04,620 --> 00:29:09,529 and sabotage of crypto, just in the British Service alone. 358 00:29:09,529 --> 00:29:13,590 And each of the Five-Eyes countries runs a similar program, like that. 359 00:29:13,590 --> 00:29:17,679 With potentially similar numbers of people right into those programs. 360 00:29:17,679 --> 00:29:21,780 They say something like: “3 people can keep a secret if 2 are dead”. 361 00:29:21,780 --> 00:29:27,159 How about 832 British men? I’m not sure that that’s a really good bet. 362 00:29:27,159 --> 00:29:31,550 And these guys have bet the farm on it. That is to say, they have slides and 363 00:29:31,550 --> 00:29:35,640 presentations and intercepts where they decrypt SSL, where they discuss 364 00:29:35,640 --> 00:29:39,550 decrypting SSL at a scale starting in the tens of thousands, moving into the 365 00:29:39,550 --> 00:29:43,590 hundreds and millions of thousands. Hundreds of thousands, and millions, and 366 00:29:43,590 --> 00:29:48,110 then into billions, actually. For TLS and SSL they actually have statistics 367 00:29:48,110 --> 00:29:53,460 on the order of billions. Of all the major websites that everyone here 368 00:29:53,460 --> 00:29:58,210 probably has used at one point or another in their life. 369 00:29:58,210 --> 00:30:04,010 So, in the case of the Canadian Services they even monitored ‘Hockeytalk’, 370 00:30:04,010 --> 00:30:07,439 to give you and idea about this. And they talk about it in terms of ‘warranted’ 371 00:30:07,439 --> 00:30:11,860 collection, and special source collection, and encrypted traffic 372 00:30:11,860 --> 00:30:16,950 indeed does stand out. They have programs like QUICKANT, which is a 373 00:30:16,950 --> 00:30:21,450 specific way of interfacing with a program called FLYING PIG. 374 00:30:21,450 --> 00:30:25,870 FLYING PIG is an SSL/TLS database, it’s a knowledge database, 375 00:30:25,870 --> 00:30:30,040 and QUICKANT seems to be what’s called a “Query Focused Data Set”. They try 376 00:30:30,040 --> 00:30:35,529 to use that, from what we can tell, for doing low latency de-anonymization. 377 00:30:35,529 --> 00:30:40,199 Some of the documents we’re releasing today will explain some of their failures. 378 00:30:40,199 --> 00:30:43,570 Now, I think it’s important to be cautious about this because they have 379 00:30:43,570 --> 00:30:48,740 many compartments for their data, that is to say they very clearly 380 00:30:48,740 --> 00:30:52,970 have ways of keeping secrets even from themselves. But one of the things we found, 381 00:30:52,970 --> 00:30:56,960 and that we’re publishing today also, is a FISA intercept. And to the best 382 00:30:56,960 --> 00:31:01,260 of my knowledge, and I think that this is true, no one has ever published one 383 00:31:01,260 --> 00:31:05,740 of these before. So, this is the basis for what you would call ‘parallel construction’, 384 00:31:05,740 --> 00:31:09,030 actually, where they gather Intelligence and then they say, “whatever you do, 385 00:31:09,030 --> 00:31:12,880 don’t use this in lawful investigation, don’t use this in a court, 386 00:31:12,880 --> 00:31:18,080 it’s not evidence. But by the way, here it is”. So we’re publishing 387 00:31:18,080 --> 00:31:23,250 one of those today and we have some, well, moderately good news. 388 00:31:23,250 --> 00:31:27,350 In looking at these, what we have found is that they consistently break 389 00:31:27,350 --> 00:31:31,130 various different types of encryption. So if you’re mailing around a Microsoft 390 00:31:31,130 --> 00:31:34,970 .doc document that’s password protected there’s a good chance that they 391 00:31:34,970 --> 00:31:40,040 send it to LONGHAUL using a thing called ISLANDTRANSPORT and then that, 392 00:31:40,040 --> 00:31:45,549 if it can, through brute-force, is decrypted. And it is the case 393 00:31:45,549 --> 00:31:49,490 that, when they do this decryption, they send it back and they include 394 00:31:49,490 --> 00:31:53,820 the decrypted information in the FISA transcript. They do this for .rar files, 395 00:31:53,820 --> 00:31:58,100 they do this for .doc files, they do this for a bunch of different systems. But we 396 00:31:58,100 --> 00:32:01,179 don’t want to focus on what’s broken because The New York Times and 397 00:32:01,179 --> 00:32:04,920 The Guardian and other places have already sort of said “everything is fucked”. 398 00:32:04,920 --> 00:32:08,280 We wanted to try to make it a positive talk! 399 00:32:08,280 --> 00:32:17,760 *laughter and applause* 400 00:32:17,760 --> 00:32:23,930 And… so I think Laura here is just going to be able to show you in fact… 401 00:32:23,930 --> 00:32:26,810 Laura: If it will play… 402 00:32:26,810 --> 00:32:34,670 Jacob: Just drag it over… the other way… 403 00:32:34,670 --> 00:32:39,570 So we wanted to show you… who here has heard about PRISM? Everyone? 404 00:32:39,570 --> 00:32:42,220 What does that mean to you? It doesn’t mean anything, right? We just know 405 00:32:42,220 --> 00:32:45,620 that it’s some massive surveillance program. We wanted to show you what 406 00:32:45,620 --> 00:32:53,520 one of those PRISM records actually looks like which, in itself is, I think… 407 00:32:53,520 --> 00:32:56,470 Laura: Sorry. Jacob: It’s okay. 408 00:32:56,470 --> 00:33:00,659 …it’s a rather unexciting document, except for the fact that we get to show it to you. 409 00:33:00,659 --> 00:33:04,920 Which is great. [to Laura:] I think if you escape for the… 410 00:33:04,920 --> 00:33:14,890 Laura: …escape out of here? 411 00:33:14,890 --> 00:33:18,950 Jacob: There it is. Hey FBI, fuck you! 412 00:33:18,950 --> 00:33:29,780 *laughter and applause* 413 00:33:29,780 --> 00:33:33,270 So I take great pleasure in being able to say that this couldn’t have happened 414 00:33:33,270 --> 00:33:42,630 without Laura! *cheers and applause* 415 00:33:42,630 --> 00:33:48,049 But if you look here you see ‘SIGAD US-984XN’. That’s PRISM! 416 00:33:48,049 --> 00:33:53,620 And this is your dossier for PRISM. *some shouts from audience* 417 00:33:53,620 --> 00:33:57,409 From audience: “O3”, “Larger!” Laura: Yeah. 418 00:33:57,409 --> 00:34:00,470 *audience laughs* *document on screen is zoomed in* 419 00:34:00,470 --> 00:34:05,140 *audience goes: “Aaaah!”* *cheers and applause* 420 00:34:05,140 --> 00:34:08,480 And if you’re wondering about the redactions, it’s all Andy Müller-Maguhn. 421 00:34:08,480 --> 00:34:12,730 *slight laughter* Shouted from audience: Fuck you!! 422 00:34:12,730 --> 00:34:15,289 *Jacob laughs* 423 00:34:15,289 --> 00:34:19,659 Jacob: Here’s the good news! The FBI regularly lies to the American Public. 424 00:34:19,659 --> 00:34:22,289 And to the rest of the world. Then they say they’re ‘going dark’. 425 00:34:22,289 --> 00:34:25,899 What we found in the study of these FISA intercepts is that basically 426 00:34:25,899 --> 00:34:31,059 no one uses cryptography. And basically everyone that uses cryptography is broken, 427 00:34:31,059 --> 00:34:37,629 except for – well, let’s say – 2 things. Thing No.1 is OTR. 428 00:34:37,629 --> 00:34:48,819 *big applause and cheers* 429 00:34:48,819 --> 00:34:51,599 Very important to go with it is you’ll notice that there’s some metadata. 430 00:34:51,599 --> 00:34:54,989 And it’s just metadata. But as the U.S. Government has said in public, they 431 00:34:54,989 --> 00:35:00,700 kill people with metadata. So up there you’ll see that, I believe this was Yahoo, 432 00:35:00,700 --> 00:35:03,500 is that right, Andy? *Andy M.-M. answers from audience* 433 00:35:03,500 --> 00:35:07,880 Yeah, I think… it could be Gmail, or could be Yahoo, I forgot which one this one is. 434 00:35:07,880 --> 00:35:11,349 We’re releasing, you know, enough for you to figure it out on your own. 435 00:35:11,349 --> 00:35:15,119 Hopefully this isn’t you, if so, I’m sorry we redacted your information. 436 00:35:15,119 --> 00:35:18,999 Cause if it was me I wouldn’t want it to be redacted. But you’ll see that it’s 437 00:35:18,999 --> 00:35:24,170 a user name, IP address as well as a time and a date. And you also see 438 00:35:24,170 --> 00:35:28,650 other IP addresses associated with it. Those are used for selector-based surveillance. 439 00:35:28,650 --> 00:35:32,569 Which if you haven’t been following along at home it means that they can take 440 00:35:32,569 --> 00:35:35,769 that information, put it into other databases, and the things like XKeyscore, 441 00:35:35,769 --> 00:35:40,900 and pull up other information that will be related. But most importantly here is, 442 00:35:40,900 --> 00:35:45,619 you see what is essentially a chat log. As if it had been created on your computer. 443 00:35:45,619 --> 00:35:50,979 Now, don’t log – it’s rude. They did it for you anyway. And what you see is 444 00:35:50,979 --> 00:35:55,449 “OC – No decrypt available for this OTR encrypted message”. 445 00:35:55,449 --> 00:36:00,459 In other documents we see them saying “cryptographic exploitation services”. 446 00:36:00,459 --> 00:36:06,589 “We can’t decrypt it, it’s off the record”. Quite a nice endorsement! 447 00:36:06,589 --> 00:36:12,840 And what we have also found is that they do the same thing for PGP. 448 00:36:12,840 --> 00:36:23,719 *applause* 449 00:36:23,719 --> 00:36:28,220 Now in other cases they do decrypt the messages. So instead of telling you 450 00:36:28,220 --> 00:36:32,950 about everything “It’s broken!” what we wanted to do is to suggest: 451 00:36:32,950 --> 00:36:37,770 “Look at the composition of OTR, find Ian Goldberg who’s here somewhere, 452 00:36:37,770 --> 00:36:41,569 ask him to review your cryptographic protocol”. Maybe don’t – he’s probably 453 00:36:41,569 --> 00:36:47,819 already overwhelmed. But Snowden said this in the very beginning. He said: 454 00:36:47,819 --> 00:36:50,849 “Cryptography, when properly implemented, is one of the few things that you can 455 00:36:50,849 --> 00:36:56,549 rely upon”. And he’s right. And we see this. This is the message. 456 00:36:56,549 --> 00:37:01,319 These things are not to be used in legal proceedings. And yet here we see them 457 00:37:01,319 --> 00:37:06,039 anyway. And what we see is that even there, in the most illegal of settings, 458 00:37:06,039 --> 00:37:11,499 essentially, they can’t decrypt it. Now the sad part is that not everyone is using it. 459 00:37:11,499 --> 00:37:14,719 But the good news is that when you use it, it appears to work. When you verify 460 00:37:14,719 --> 00:37:18,569 the fingerprint, e.g. We didn’t find evidence of them doing active attacks 461 00:37:18,569 --> 00:37:22,709 to do man-in-the-middle attacks. But that’s easy to solve. OTR allows you 462 00:37:22,709 --> 00:37:28,220 to authenticate. PGP and Gnu-PG allow you to verify the fingerprint. We did find 463 00:37:28,220 --> 00:37:32,380 evidence of them having databases, filled with cryptographic keys, that were pilfered 464 00:37:32,380 --> 00:37:37,940 from routers, and compromising machines. So rotate your keys frequently, 465 00:37:37,940 --> 00:37:42,869 use protocols that are ephemeral. They themselves find that they are blinded 466 00:37:42,869 --> 00:37:47,729 when you use properly implemented cryptography. So Gnu-PG 467 00:37:47,729 --> 00:37:53,190 – Werner Koch I think is in the audience – Gnu-PG and OTR are 2 things that 468 00:37:53,190 --> 00:37:57,722 actually stop the spies from spying on you, with PRISM. 469 00:37:57,722 --> 00:38:01,912 *applause, some cheers* 470 00:38:01,912 --> 00:38:09,699 Laura: *to Jake* Would you mind if I ask… for a volunteer to … computers …? 471 00:38:09,699 --> 00:38:13,950 Jacob: So, we have some other really good news. And that good news 472 00:38:13,950 --> 00:38:21,139 is this: There are… in some of the slides that are being released 473 00:38:21,139 --> 00:38:24,119 a matrix – not ‘the Matrix’ that you’re hoping for – 474 00:38:24,119 --> 00:38:26,170 *laughter* 475 00:38:26,170 --> 00:38:31,860 but we can talk about that program later *laughter* 476 00:38:31,860 --> 00:38:39,000 I’m not even joking. But… *laughter* 477 00:38:39,000 --> 00:38:43,339 There are some other things. One of the things that they talk about in this matrix 478 00:38:43,339 --> 00:38:48,510 is, what’s hard, and what’s easy. And in the case of ‘Hard’ 479 00:38:48,510 --> 00:38:55,180 they describe Redphone, and that means Signal, the program by Christine Corbett 480 00:38:55,180 --> 00:39:02,829 and Moxy Marlinspike as ‘catastrophic’. *applause* 481 00:39:02,829 --> 00:39:07,129 They say: “Tails and Tor – catastrophic”. 482 00:39:07,129 --> 00:39:15,680 *cheers and applause* 483 00:39:15,680 --> 00:39:19,079 So what that really means is that we now understand some things that 484 00:39:19,079 --> 00:39:24,119 they have trouble with. And how they will take action to try to sabotage it 485 00:39:24,119 --> 00:39:27,299 is clear. They will try to sabotage the Random Number Generators like they did 486 00:39:27,299 --> 00:39:31,789 with Dual_EC_DRBG. They will try to sabotage the platforms. 487 00:39:31,789 --> 00:39:35,900 They will try to force companies to be complicit. I think the German word is 488 00:39:35,900 --> 00:39:40,390 ‘Gleichschaltung’. You’re all familiar: with that? That is the process that is 489 00:39:40,390 --> 00:39:45,430 happening now in America. With these crypto programs. That’s what PRISM is. 490 00:39:45,430 --> 00:39:49,410 PRISM is when companies would like to fight against it. And that’s not to 491 00:39:49,410 --> 00:39:53,369 call them ‘victims’, most of them are willing. This is still what they’re 492 00:39:53,369 --> 00:39:56,640 forced into. That is the legal regime. And it is when you take responsibility 493 00:39:56,640 --> 00:40:00,200 using the strong crypto that you can set that in a different direction. 494 00:40:00,200 --> 00:40:04,170 Those companies actually can’t really protect you. They are, in fact, 495 00:40:04,170 --> 00:40:11,109 secretly in some cases, and sometimes willingly, complicit in that. And, so 496 00:40:11,109 --> 00:40:15,569 if you use Redphone and Signal, if you use something like Tor, and Gnu-PG 497 00:40:15,569 --> 00:40:20,269 with a properly sized key – don’t use like a 768 bit RSA key 498 00:40:20,269 --> 00:40:24,280 or something stupid like that… If you use OTR, 499 00:40:24,280 --> 00:40:29,829 if you use jabber.ccc.de – buy that guy who runs that a beer, by the way – 500 00:40:29,829 --> 00:40:30,769 *applause* 501 00:40:30,769 --> 00:40:35,390 if you use these things in concert together, you blind them. 502 00:40:35,390 --> 00:40:37,880 So this is the good news. And the documents that support this 503 00:40:37,880 --> 00:40:42,499 are online. We have some other bad news, though. There exists a program 504 00:40:42,499 --> 00:40:47,119 which they call ‘TUNDRA’. TUNDRA – it’s not exactly clear what the details are. 505 00:40:47,119 --> 00:40:52,859 But they say that they have a handful of crypto-analytic attacks on AES. 506 00:40:52,859 --> 00:40:56,949 Obviously they can’t break AES, or they would be able to break OTR. 507 00:40:56,949 --> 00:41:01,039 But what it suggests is that they have a conflict of interest. 508 00:41:01,039 --> 00:41:04,509 Well, they’re both supposed to protect our information 509 00:41:04,509 --> 00:41:08,859 and, of course, to exploit it. If they have attacks against AES, much like 510 00:41:08,859 --> 00:41:12,479 if they have attacks against SSH as they claim in the Caprius database, 511 00:41:12,479 --> 00:41:16,679 in that program then it shows that conflict of interest runs very deep. 512 00:41:16,679 --> 00:41:19,690 Against our critical infrastructure. Against the most important systems 513 00:41:19,690 --> 00:41:25,150 that exist. Protect our data. And it shows a sort of hegemonic arrogance. 514 00:41:25,150 --> 00:41:28,669 And that arrogance is to suggest that they’ll always be on top. I had 515 00:41:28,669 --> 00:41:32,640 the misfortune of meeting General Alexander, quite recently. In Germany. 516 00:41:32,640 --> 00:41:39,279 And after failing to have him arrested, which was a funny story in itself, 517 00:41:39,279 --> 00:41:43,769 I asked him what he thought he was doing. Another person there stood up and said: 518 00:41:43,769 --> 00:41:48,549 “What about who comes after you next?” And he didn’t quite understand the question. 519 00:41:48,549 --> 00:41:53,130 But his answer was pretty eerie: He said: “Nobody comes after us next”. 520 00:41:53,130 --> 00:41:56,529 *faint laughter* 521 00:41:56,529 --> 00:42:00,349 “Thousand-year Reich”. That is exactly what he was saying. And 522 00:42:00,349 --> 00:42:03,920 when I confronted him about accountability for things like kill lists, and crypto 523 00:42:03,920 --> 00:42:07,849 he said that he was just following orders. Literately. 524 00:42:07,849 --> 00:42:11,829 *laughter and some applause* 525 00:42:11,829 --> 00:42:16,559 So. Now we know what blinds them. And we understand 526 00:42:16,559 --> 00:42:20,450 what they do with things when they’re not blinded. Their politics include 527 00:42:20,450 --> 00:42:24,660 assassinations but it doesn’t just end there. It includes torture, 528 00:42:24,660 --> 00:42:29,650 it includes kidnapping. It includes buying people. And then sending their bodies home 529 00:42:29,650 --> 00:42:35,319 with a number. Instead of a name. It includes de-humanizing them. 530 00:42:35,319 --> 00:42:39,359 So we want to encourage everyone here to feel empowered with this knowledge, 531 00:42:39,359 --> 00:42:45,280 which is a little difficult. But, Werner Koch, are you in the room? 532 00:42:45,280 --> 00:42:47,710 *positive* Could you stand up? 533 00:42:47,710 --> 00:42:53,090 *applause* 534 00:42:53,090 --> 00:42:56,860 Stay, stand there, just stay, stand there! 535 00:42:56,860 --> 00:43:01,509 Laura: Stay up, stand up! Jacob: And Ian Goldberg, 536 00:43:01,509 --> 00:43:03,509 are you in the room? I’m sorry to do this… 537 00:43:03,509 --> 00:43:11,979 There is Ian! *ongoing applause* 538 00:43:11,979 --> 00:43:15,410 …and Christine Corbett… Christine Corbett, are you in the room? 539 00:43:15,410 --> 00:43:18,669 From Signal? Laura: Stay… keep standing! 540 00:43:18,669 --> 00:43:23,930 Jacob: Stand up! Stand up! *applause* 541 00:43:23,930 --> 00:43:29,719 These people, without even knowing it, without even trying, they beat them! 542 00:43:29,719 --> 00:43:47,219 *cheers and strong applause* 543 00:43:47,219 --> 00:43:56,499 Laura: So,… 544 00:43:56,499 --> 00:44:00,470 don’t sit down guys! So, last night I screened my film 545 00:44:00,470 --> 00:44:03,499 “Citizenfour” here, and there were some questions, and somebody asked 546 00:44:03,499 --> 00:44:10,219 what can they do to support the work that Snowden has done, and the journalists. 547 00:44:10,219 --> 00:44:13,219 And actually what I should have said and I didn’t say in the moment is that 548 00:44:13,219 --> 00:44:17,910 actually everybody should fund the work that you guys do. And I mean that, 549 00:44:17,910 --> 00:44:22,630 because, literally, my work would not be possible without the work that you do. 550 00:44:22,630 --> 00:44:27,589 So I would like it if everybody in this room when they leave here in the next week 551 00:44:27,589 --> 00:44:31,039 to reach out and fund these projects. Because without these projects 552 00:44:31,039 --> 00:44:38,259 the journalism that Glenn and I, and Jake have done would literally not be possible. 553 00:44:38,259 --> 00:44:49,529 *strong applause, some cheers* 554 00:44:49,529 --> 00:44:58,509 And… 555 00:44:58,509 --> 00:45:02,130 Jacob: Just to be clear, since this video will definitely be played at a grand jury 556 00:45:02,130 --> 00:45:06,009 against the both of us, I wanna make it perfectly clear that defense 557 00:45:06,009 --> 00:45:10,410 of the U.S. Constitution is the Supreme defense, your honor! And, secondly, 558 00:45:10,410 --> 00:45:13,420 that those gentlemen had nothing to do with any of this at all! 559 00:45:13,420 --> 00:45:16,479 *laughter, some applause* 560 00:45:16,479 --> 00:45:21,020 So, now, hold your applause, I’m sorry. I mean – they deserve it forever. 561 00:45:21,020 --> 00:45:24,819 If it wasn’t for them we definitely would not have made it here today. So it is 562 00:45:24,819 --> 00:45:29,029 Free Software. For freedom, literately, as Richard Stallman talks about it. 563 00:45:29,029 --> 00:45:32,699 Empowered, with strong mathematics, properly implemented 564 00:45:32,699 --> 00:45:37,319 that made this possible. It is not hopeless. It is, in fact, the case 565 00:45:37,319 --> 00:45:40,939 that resistance is possible. And, in fact, I think the CCC… If I have learned 566 00:45:40,939 --> 00:45:45,299 one lesson from the Chaos Computer Club and this community – 567 00:45:45,299 --> 00:45:50,380 it’s that it’s mandatory. That we have a duty to do something about these things. 568 00:45:50,380 --> 00:45:54,589 And we can do something about it. So what we need to recognize, 569 00:45:54,589 --> 00:45:58,740 and what I hope that we can bring to you is that there is great risk, 570 00:45:58,740 --> 00:46:02,180 for Laura, in particular. In making these kinds of things possible. 571 00:46:02,180 --> 00:46:05,559 But that we are in it together. When Julian and I gave a talk 572 00:46:05,559 --> 00:46:08,909 with Sarah Harrison last year, and we talked about “Sysadmins of the world, 573 00:46:08,909 --> 00:46:13,409 uniting” we didn’t just mean sysadmins. We meant: 574 00:46:13,409 --> 00:46:17,819 recognize your class interests, and understand that this is the community 575 00:46:17,819 --> 00:46:22,979 that you are a part of. At least a small part of. And that we’re in it together. 576 00:46:22,979 --> 00:46:27,890 We need people like Christine Corbett, working on Signal. We need people 577 00:46:27,890 --> 00:46:32,569 like Ian Goldberg breaking protocols and building things like OTR. And Werner Koch. 578 00:46:32,569 --> 00:46:36,769 We need Adam Langley building things like Pond. But we need everybody to do 579 00:46:36,769 --> 00:46:41,009 whatever they can to help with these things. It requires everyone; and 580 00:46:41,009 --> 00:46:45,200 every skill is valuable to contribute to that. From all the people that work on Tor 581 00:46:45,200 --> 00:46:50,259 to people that work on Debian. That work on free software, for freedom, literately. 582 00:46:50,259 --> 00:46:55,329 So what we wanted to do was to say that we should align with these class interests. 583 00:46:55,329 --> 00:46:58,920 And that we should recognize them. And that we should work together to do that. 584 00:46:58,920 --> 00:47:03,339 And it is this community who can help to really change things in the rest 585 00:47:03,339 --> 00:47:06,640 of the world. Because it is in fact only this community and some of the people 586 00:47:06,640 --> 00:47:11,529 in this room, and around the world to tie in to it, that have blinded these people! 587 00:47:11,529 --> 00:47:15,849 Everyone else seems to have either gone complicitly; 588 00:47:15,849 --> 00:47:19,559 or they have designed it incompetently and broken, 589 00:47:19,559 --> 00:47:23,869 and it is not good. So that is important to recognize. 590 00:47:23,869 --> 00:47:28,049 Every person, if you are here you are out of a small set of people in the world, 591 00:47:28,049 --> 00:47:32,249 use that power wisely. Help these people to do that. And that will help us all 592 00:47:32,249 --> 00:47:35,999 to continue. Not only to reveal these things but to fundamentally shift 593 00:47:35,999 --> 00:47:41,140 and change that. For everyone, for the whole planet. Without any exception. 594 00:47:41,140 --> 00:47:44,770 So, on that note we’d like to take some questions!? 595 00:47:44,770 --> 00:47:46,290 Laura: Yeah! 596 00:47:46,290 --> 00:48:01,739 *strong applause and cheers* 597 00:48:01,739 --> 00:48:05,129 *Herald waving at the speakers to approach stage center* 598 00:48:05,129 --> 00:48:16,949 *standing ovations* 599 00:48:16,949 --> 00:48:22,049 *Herald gently pushing the speakers to stage center* 600 00:48:22,049 --> 00:48:48,379 *continued standing ovations* 601 00:48:48,379 --> 00:49:01,739 Laura: Thank you! *continued standing ovations* 602 00:49:01,739 --> 00:49:04,739 Jacob: Wow! Herald: So, everybody who has a question 603 00:49:04,739 --> 00:49:09,599 please stand in front of one of the 6 microphones 604 00:49:09,599 --> 00:49:14,299 that are in this room, and, Signal Angel? Are you there? 605 00:49:14,299 --> 00:49:18,519 Signal Angel: Yeah, I’m here! Herald: Are there questions from the internet? 606 00:49:18,519 --> 00:49:22,510 Signal Angel: Yeah, so the first one would be: What should we do about SSH now? 607 00:49:22,510 --> 00:49:25,819 *laughter* *Laura laughs* 608 00:49:25,819 --> 00:49:28,069 Jacob: Well, *to Laura:* shall I? 609 00:49:28,069 --> 00:49:32,119 Laura: Yeah. Jacob: I wanna be clear. 610 00:49:32,119 --> 00:49:36,859 We don’t understand, we only know what they claim. And I don’t wanna hide that 611 00:49:36,859 --> 00:49:41,199 and say that they didn’t claim anything. But they do have claim. They claim 612 00:49:41,199 --> 00:49:46,259 it as potential. What I would say is: what about these NIST curves? 613 00:49:46,259 --> 00:49:51,430 What about NIST-anything? The documents that we’ve released specifically talk 614 00:49:51,430 --> 00:49:55,079 about something that’s very scary. They say that it is Top Secret, 615 00:49:55,079 --> 00:49:59,119 in a classification guide, that the NSA and the CIA work together 616 00:49:59,119 --> 00:50:02,869 to subvert standards. And we even released as part of the story an example of them 617 00:50:02,869 --> 00:50:08,180 going – the NSA, that is – to an IETF meeting 618 00:50:08,180 --> 00:50:12,359 to enhance surveillance with regard to Voice-over-IP. 619 00:50:12,359 --> 00:50:16,949 They’re literally amongst us. So what do we do? First, find them. 620 00:50:16,949 --> 00:50:20,009 Second, stop them! *mumbles and faint applause* 621 00:50:20,009 --> 00:50:23,539 Question: Thank you! Herald: Microphone 2, please! 622 00:50:23,539 --> 00:50:26,180 Question: Can you talk about, do you plan on releasing the source material, 623 00:50:26,180 --> 00:50:29,239 eventually? Or will it always be redacted? 624 00:50:29,239 --> 00:50:33,999 Jacob: Well, some of this is already out right now, without redactions. 625 00:50:33,999 --> 00:50:37,720 With the exception of very few sets of redactions. 626 00:50:37,720 --> 00:50:41,480 For agent’s names, and things where legally… we will go to prison. I mean, 627 00:50:41,480 --> 00:50:43,630 I’m not adverse to that. But I’d like to wait a while. 628 00:50:43,630 --> 00:50:46,440 *laughter* 629 00:50:46,440 --> 00:50:48,519 Question: What about in 15..20 year’s time? 630 00:50:48,519 --> 00:50:51,509 Laura: Yeah, I mean, I think there are 2 questions there as how to… 631 00:50:51,509 --> 00:50:54,390 scaling (?) the reporting. But I agree, it needs to happen. And I think 632 00:50:54,390 --> 00:50:57,710 it’s a valid criticism. I need to do more of it. I think certain things, I think, 633 00:50:57,710 --> 00:51:01,450 will… I would say should continue to be redacted, at least for the short term. 634 00:51:01,450 --> 00:51:03,959 Which I think is like there are a lot of names, you know, e-mail addresses, 635 00:51:03,959 --> 00:51:07,150 phone numbers. All these kinds of specifics, I think, we’ll continue to redact. 636 00:51:07,150 --> 00:51:10,910 And then we’re working on scaling. I haven’t really had time to think about 637 00:51:10,910 --> 00:51:14,440 15 years from now. So, but of course, I think at some point 638 00:51:14,440 --> 00:51:18,299 this questions-of-names becomes less of an issue. But I do here 639 00:51:18,299 --> 00:51:20,890 the criticism that we need to be doing more publishing! 640 00:51:20,890 --> 00:51:25,439 Jacob: If we live that long! I hope you’ll help us! *Laura laughs* 641 00:51:25,439 --> 00:51:28,769 Next question? Herald: Next question from the internet, please! 642 00:51:28,769 --> 00:51:32,119 Signal Angel: So how reliable is this source on OTR, 643 00:51:32,119 --> 00:51:35,560 can that be verified with a second source, somehow? 644 00:51:35,560 --> 00:51:38,869 Jacob: Well, I think that’s a really good question. 645 00:51:38,869 --> 00:51:42,559 From what we know, cryptographically, OTR which has been analyzed 646 00:51:42,559 --> 00:51:46,400 by a number of people hasn’t been broken. 647 00:51:46,400 --> 00:51:49,700 And what it appears to be the case in these FISA intercepts, 648 00:51:49,700 --> 00:51:54,180 alone, that is one set of things. Where they produce one set of evidence 649 00:51:54,180 --> 00:51:58,699 from one set of people. And there are other documents, from a different section, 650 00:51:58,699 --> 00:52:03,519 from different agencies, that essentially say something completely the same. 651 00:52:03,519 --> 00:52:09,390 That is: Everything we see seems to support that. And I would say 652 00:52:09,390 --> 00:52:13,180 maybe Julian is not the best example of how great OTR is. 653 00:52:13,180 --> 00:52:17,599 But I think I am. I rely on it every day for almost all of my communications. 654 00:52:17,599 --> 00:52:22,049 And I feel pretty confident, combined with this, as well as talking with people 655 00:52:22,049 --> 00:52:26,209 in the Intelligence community who actually use OTR, and PGP, 656 00:52:26,209 --> 00:52:30,409 amazingly enough. So I feel pretty good about it. And 657 00:52:30,409 --> 00:52:34,959 the most important part is that they don’t have super powers. They have backdoors. 658 00:52:34,959 --> 00:52:39,590 E.g. I really would encourage people to look at the Cavium (?) hardware. 659 00:52:39,590 --> 00:52:43,460 I don’t really know why. But it seems to be that they’re obsessed with this. 660 00:52:43,460 --> 00:52:46,920 And you can look at the documents and you can see that. Look at the hardware. 661 00:52:46,920 --> 00:52:51,059 Crypto hardware. And imagine that it’s compromised. They spend tens of millions 662 00:52:51,059 --> 00:52:54,739 of Dollars to backdoor these things. And they work with agencies around the world 663 00:52:54,739 --> 00:52:59,329 to make that happen. So, would make sense that OTR would be safe, actually. 664 00:52:59,329 --> 00:53:02,519 It doesn’t interface with any hardware. And it would make sense because the math 665 00:53:02,519 --> 00:53:08,859 seems to be good. And it seems to be vetted. And that seems to be their weakness. 666 00:53:08,859 --> 00:53:13,539 Question: Thanks. Herald: Number 4, please! 667 00:53:13,539 --> 00:53:16,469 Question: Hello. I have… actually, it may be a little odd question. But I wanted 668 00:53:16,469 --> 00:53:22,009 to ask it anyway. Regarding the term ‘War on Terror’ in general. 669 00:53:22,009 --> 00:53:26,769 Because all of these things, the Torture Report, the NSA spying, 670 00:53:26,769 --> 00:53:31,469 is all being done in the name of the ‘War on Terror’. Even though 671 00:53:31,469 --> 00:53:35,319 we know a number of the people who were tortured were innocent and were in no way 672 00:53:35,319 --> 00:53:41,619 terrorists. We know torture does not work as an interrogation method. 673 00:53:41,619 --> 00:53:45,380 And we know a vast majority of the people who are being spied on are completely 674 00:53:45,380 --> 00:53:50,329 innocent and did nothing wrong. And I wanted to know whether maybe we might 675 00:53:50,329 --> 00:53:54,689 actually be inadvertently lending (?) an amount of credibility to the whole thing 676 00:53:54,689 --> 00:53:59,759 by using the term ‘War on Terror’ in the first place. 677 00:53:59,759 --> 00:54:02,560 Laura: Yeah, I mean, actually, I think… Right, we’re talking about ‘Reconstructing 678 00:54:02,560 --> 00:54:05,579 Narratives’, and that’s maybe one we should binoc (?). This is really the 679 00:54:05,579 --> 00:54:09,969 ‘War on pretty much Everyone’. And so, I agree with that. 680 00:54:09,969 --> 00:54:13,740 I think… and I stopped using it for a long time. I think that I began 681 00:54:13,740 --> 00:54:17,699 re-using it, I think, when nothing changed. 682 00:54:17,699 --> 00:54:20,400 And, in fact, I think I was one of those people who thought things were changed 683 00:54:20,400 --> 00:54:23,299 under Obama. And there would be some accountability, like if you torture people 684 00:54:23,299 --> 00:54:27,500 you’re held accountable for torturing people. And then there didn’t. So, 685 00:54:27,500 --> 00:54:30,710 yeah, I agree, we need a new term for that to describe… Mainly, (?) some people are 686 00:54:30,710 --> 00:54:35,509 calling it the ‘Endless War’, which I hope is that isn’t actually true. 687 00:54:35,509 --> 00:54:39,049 But I do think that that’s a term that 688 00:54:39,049 --> 00:54:44,159 comes with the narrative of the Government. 689 00:54:44,159 --> 00:54:47,349 Jacob: I think, because I’ve been living in Germany for a while I actually don’t use 690 00:54:47,349 --> 00:54:50,999 the ‘War on Terror’ as a sentence, ever. I say ‘Imperialist War’. 691 00:54:50,999 --> 00:54:54,359 Because that’s what it is. It’s Imperialist war. And it’s an Imperialist war on you, 692 00:54:54,359 --> 00:54:58,449 as a person, your liberties. It’s not about privacy. It’s about choice. 693 00:54:58,449 --> 00:55:02,349 It’s about dignity. It’s about agency. And of course, I mean these guys 694 00:55:02,349 --> 00:55:06,519 are murderers and rapists. We shouldn’t dignify them. I mean they’re 695 00:55:06,519 --> 00:55:10,299 absolutely awful. The Torture Report really shows that. But it doesn’t matter 696 00:55:10,299 --> 00:55:15,359 that torture doesn’t work. That’s like – as is often said – you know this notion 697 00:55:15,359 --> 00:55:20,540 like, what (?) is slavery economically viable? Who fucking cares? It’s slavery! 698 00:55:20,540 --> 00:55:29,710 *applause* Question: Thank you! 699 00:55:29,710 --> 00:55:32,290 Herald: Number 1, please! 700 00:55:32,290 --> 00:55:35,890 Question: Do you think, since it’s kind of obvious, that we should reject, 701 00:55:35,890 --> 00:55:41,130 or mostly reject, the projects that are influenced by Governmental Institutions 702 00:55:41,130 --> 00:55:45,859 like NIST? Do you have any information to how they react 703 00:55:45,859 --> 00:55:50,329 when they see that you use smaller projects like e.g. Paths (?) 704 00:55:50,329 --> 00:55:56,769 to encrypt your harddrive, and some odd crypto scheme? 705 00:55:56,769 --> 00:56:00,049 Jacob: Well, one of the things we found is that Truecrypt, e.g. 706 00:56:00,049 --> 00:56:04,179 withstands what they’re trying to do. And they don’t like it. I really wonder 707 00:56:04,179 --> 00:56:08,739 if someone could figure out why Truecrypt shut down. That would be really interesting. 708 00:56:08,739 --> 00:56:15,850 *applause* 709 00:56:15,850 --> 00:56:19,880 I can also tell you that after I met General Alexander, and I told him 710 00:56:19,880 --> 00:56:23,589 to go fuck himself as hard as possible with a chainsaw… 711 00:56:23,589 --> 00:56:29,470 *whoohoo’s, cheers and applause* 712 00:56:29,470 --> 00:56:32,190 I hope he’s watching this video! *laughter* 713 00:56:32,190 --> 00:56:37,449 He actually went to, let’s say my employer who shall remain anonymous 714 00:56:37,449 --> 00:56:42,659 *someone in the audience laughs* and, … sorry Roger! 715 00:56:42,659 --> 00:56:45,779 *laughter* …and my understanding is they also 716 00:56:45,779 --> 00:56:49,929 went to our funders, and said: “What’s this guy? What’s he doing?”, 717 00:56:49,929 --> 00:56:54,740 you know, and they tried to pressure. And my employer, who shall remain anonymous, 718 00:56:54,740 --> 00:56:59,050 did not cave. But, yeah, they exert pressure! 719 00:56:59,050 --> 00:57:07,460 *applause* 720 00:57:07,460 --> 00:57:10,479 Herald: Another question from the internet, please! 721 00:57:10,479 --> 00:57:16,609 Signal Angel: Yeah, so, these files are pretty shocking, or revealing. 722 00:57:16,609 --> 00:57:19,400 Were they part of the stuff that came out in summer last year? 723 00:57:19,400 --> 00:57:24,629 And where was the bottleneck? Why do they come out now? 724 00:57:24,629 --> 00:57:26,150 Jacob: Oh that’s a question for you! 725 00:57:26,150 --> 00:57:29,670 Laura: Yeah! So in this case 726 00:57:29,670 --> 00:57:33,990 this was a number of reasons. One is 727 00:57:33,990 --> 00:57:37,360 that we’ve been slowed to scale the reporting. 728 00:57:37,360 --> 00:57:40,509 And it was also the case that some of the files 729 00:57:40,509 --> 00:57:43,600 I personally didn’t have access to, during that time 730 00:57:43,600 --> 00:57:47,539 when the story actually first came out. And then also 731 00:57:47,539 --> 00:57:54,489 just the time of reporting and researching the documents. 732 00:57:54,489 --> 00:57:57,239 Herald: Number 3, please! 733 00:57:57,239 --> 00:58:01,069 Question: Thanks for the talk! It was great! I support totally the idea that 734 00:58:01,069 --> 00:58:06,519 we need strong crypto. And I think that 735 00:58:06,519 --> 00:58:08,840 strong crypto needs also support, and we should all use it. But I think 736 00:58:08,840 --> 00:58:12,390 strong crypto is not the whole answer to the political situation 737 00:58:12,390 --> 00:58:15,229 that we have. And I think… 738 00:58:15,229 --> 00:58:21,259 *applause* 739 00:58:21,259 --> 00:58:25,859 …I think that this community of hackers and nerds needs to build 740 00:58:25,859 --> 00:58:29,650 stronger ties with political movements and be part of political movements. 741 00:58:29,650 --> 00:58:33,809 I know you are, and I think that we can’t solve the political dilemma 742 00:58:33,809 --> 00:58:37,329 with just strong crypto. So we need both. 743 00:58:37,329 --> 00:58:45,539 *applause* 744 00:58:45,539 --> 00:58:47,660 Herald: And another question from the internet! 745 00:58:47,660 --> 00:58:50,949 No more questions from the internet. So, number 3, please! 746 00:58:50,949 --> 00:58:54,830 Question: Yes, thank you also very much for the talk. I want to ask a question 747 00:58:54,830 --> 00:58:58,880 about Citizenfour, and especially the ending, of Citizenfour, where there’s 748 00:58:58,880 --> 00:59:05,079 a strong suggestion that army base here in Germany, called Ramstein is essential 749 00:59:05,079 --> 00:59:10,710 in these killings that you addressed tonight. What would be your… like, 750 00:59:10,710 --> 00:59:15,520 are you gonna give more information that’s not just suggestional? And 751 00:59:15,520 --> 00:59:20,319 what would you want, like, especially this audience to engage in? 752 00:59:20,319 --> 00:59:24,470 Laura: I mean, so, there is gonna be more reporting on that topic 753 00:59:24,470 --> 00:59:29,220 that I’m working with, and my colleague Jeremy Scahill, at the Intercept. 754 00:59:29,220 --> 00:59:32,740 And unfortunately I can’t say more than that, other than, we will be 755 00:59:32,740 --> 00:59:36,440 coming out with more information that will go beyond what you see in the film. 756 00:59:36,440 --> 00:59:41,549 So, for sure. And it deals with how Ramstein is part of the 757 00:59:41,549 --> 00:59:44,709 infrastructure and architecture of communication. 758 00:59:44,709 --> 00:59:47,149 Jacob: Shut it down! Shut it down! 759 00:59:47,149 --> 00:59:53,259 *applause* 760 00:59:53,259 --> 00:59:56,179 Herald: Number 5, please! 761 00:59:56,179 --> 01:00:00,339 Question: Is there a minimum key length that you would consider unsafe? 762 01:00:00,339 --> 01:00:03,009 Jacob: Yeah, so, actually I’m glad you asked that question. I was sort of hoping 763 01:00:03,009 --> 01:00:06,259 someone will do that. Okay. So. There are some documents from the GCHQ 764 01:00:06,259 --> 01:00:09,769 where they talk about their super computing resources. And, 765 01:00:09,769 --> 01:00:15,929 about 3 years ago they were talking about 640 bit keys 766 01:00:15,929 --> 01:00:20,079 being something that they sort of casually take care of. Now at the same time that 767 01:00:20,079 --> 01:00:24,499 that was happening Arjen Lenstra had, I think, factored 768 bit, 768 01:00:24,499 --> 01:00:29,119 and it took, what was it, Alex? 3 years? On a bunch… 769 01:00:29,119 --> 01:00:32,880 *listens to answer from audience* Year and a half! So, I think pretty much 770 01:00:32,880 --> 01:00:37,040 anything less than 1024 [bit] is a bad idea. There are other documents 771 01:00:37,040 --> 01:00:41,349 where they specifically say, if it’s 1024 bit RSA, it’s a problem. 772 01:00:41,349 --> 01:00:44,619 But you need to think about it, not about what they can do today. 773 01:00:44,619 --> 01:00:47,259 First of all they have different compartments. One of those compartments 774 01:00:47,259 --> 01:00:51,289 obviously is dedicated to any maths that they’ve got that speed that up. 775 01:00:51,289 --> 01:00:54,680 But another point is that because of things like the massive data repository 776 01:00:54,680 --> 01:00:58,089 – the mission data repository of Bluffdale, Utah – you’re not encrypting 777 01:00:58,089 --> 01:01:03,229 for today. I mean, you are! But you’re also encrypting for 50 years from today. 778 01:01:03,229 --> 01:01:07,049 So, personally, I use 4096 bit RSA keys, and I store them 779 01:01:07,049 --> 01:01:10,329 on a hardware token, which hopefully doesn’t have a backdoor. 780 01:01:10,329 --> 01:01:14,530 But I trust Werner [Koch]. That’s the best I can do, unfortunately. 781 01:01:14,530 --> 01:01:17,030 Which is pretty good. But… *laughter* 782 01:01:17,030 --> 01:01:22,009 But I think e.g. that the best key sizes, 783 01:01:22,009 --> 01:01:25,109 you need to think about them in terms of what you’re actually doing; and how long. 784 01:01:25,109 --> 01:01:29,309 And then think about composition. That is… it’s not just about encrypting something 785 01:01:29,309 --> 01:01:32,869 with, like, a 4096 bit RSA key. Also make it hard for them to target you 786 01:01:32,869 --> 01:01:36,670 for surveillance in the first place. So, e.g. 787 01:01:36,670 --> 01:01:39,939 when you can, use systems where you can composite (?) with Tor. Use things 788 01:01:39,939 --> 01:01:42,890 that are totally ephemerally keyed. So they can’t break in, steal the key and 789 01:01:42,890 --> 01:01:47,279 decrypt things in retrospect. Make it really hard for them to make it valuable. 790 01:01:47,279 --> 01:01:51,319 There’s an economic point to that collection as well as a mathematical point. 791 01:01:51,319 --> 01:01:54,589 Actually they sort of balance each other out. So anyway, don’t use small key lengths. 792 01:01:54,589 --> 01:01:59,710 And maybe also consider looking at the work that DJB and Tanja have been doing, 793 01:01:59,710 --> 01:02:04,910 about Elliptic Curves stuff. And I think, really look to them! 794 01:02:04,910 --> 01:02:07,930 But these guys [=NSA] aren’t special. They don’t have super powers. 795 01:02:07,930 --> 01:02:10,879 But when you use things that are closed-source software… 796 01:02:10,879 --> 01:02:14,470 I mean, Richard Stallman was really right. I mean, I know that it pains some of you 797 01:02:14,470 --> 01:02:17,470 to know that. But he was really right. *laughter* 798 01:02:17,470 --> 01:02:20,010 And he deserves a lot of love for that! 799 01:02:20,010 --> 01:02:29,509 *applause* 800 01:02:29,509 --> 01:02:32,339 Free software, with software implementations with large keys. 801 01:02:32,339 --> 01:02:35,959 That’s what you want. And when you can: protocols that allow for ephemeral keying, 802 01:02:35,959 --> 01:02:39,119 or where they have forward secrecy. Things like Pond, things like OTR, 803 01:02:39,119 --> 01:02:43,420 things like Redphone and Signal. And GnuPG. GnuPG has the caveat (?) that 804 01:02:43,420 --> 01:02:46,150 if they ever get into your system later they can of course decrypt other messages. 805 01:02:46,150 --> 01:02:51,569 So you have to consider all that. Not just key size. And GnuPG has safe defaults. 806 01:02:51,569 --> 01:02:54,740 So if you’re choosing key sizes, hopefully you’re using that. 807 01:02:54,740 --> 01:02:58,209 Libraries like Salt also make safe choices. So, 808 01:02:58,209 --> 01:03:02,609 hopefully that answers your question and you use strong crypto in the future. 809 01:03:02,609 --> 01:03:05,839 Herald: So thank you very much for the talk. Thank you! 810 01:03:05,839 --> 01:03:08,999 I saw a lot of people being shocked in that room. 811 01:03:08,999 --> 01:03:13,919 A lot of tears of, I think, proudness and hope. 812 01:03:13,919 --> 01:03:18,469 I saw… that gives me a really good feeling. So thank you for the talk. 813 01:03:18,469 --> 01:03:20,839 Give them a very warm applause! 814 01:03:20,839 --> 01:03:34,499 *applause* 815 01:03:34,499 --> 01:03:37,569 *silent postroll titles* 816 01:03:37,569 --> 01:03:45,821 *Subtitles created by c3subtitles.de in the year 2017. Join, and help us!*