Well, thank you all very much. It is a sincere pleasure to be back at Republica. Thank you

for coming and thank you to the Republica organizers and especially the volunteers for the good work that they're doing. A few administrative notes. Thank you for them. A few administrative notes. There will be a brief question and answer period after my talk. When I do question and answer periods, I've noticed that they tend

to be very male-dominated and so now I alternate between people who identify as women or non-binary and people who identify as men. So I want you to think about your questions through the talk so that you'll have a chance. Thank you. I don't mean to put women on the spot but it does increase participation. The other thing I want to say is that obviously I'm an ignorant monolingual

anglophone and I'm also one of nature's fast talkers. So I am now in your country speaking English probably too fast because I've drunk enough coffee to kill a rhinoceros. And I would like to invite you when I speak too quickly to wave your hands in the air and I'll slow down. So we live in a world that

is made out of computers. And when I say that I don't mean that metaphorically. I don't mean it in the sense that someday the world will look like one of those swooshy internet of things videos where everything is kind of curved and white and looks like rollerball. I mean that today here

and now our world is increasingly made out of computers. Our bodies spend much of the day inside of very large dangerous computers. A modern building, a new office block, that's a computer that your body is inside of. It has such a high specification of insulation that without computers to control its

respiration and its temperature, that building will very quickly fill up with black mold and be permanently uninhabitable. We discovered this in Florida when all of those new built houses were seized from people who

couldn't make their mortgage payments during the financial crisis. And they turned off the power and when they went back six months later, they had to scrape those houses to the ground. And in the financial centers of the world, all of those places that have been colonized by the finance industry where you find these enormous novelty towers built by stark attacks, the way that they can build those tall willowy buildings is by using computers to

dynamically allocate the reinforcements in the buildings as wind and seismic stresses act against them. When you take the computers out of those buildings, they don't fill up with black mold, they fall over. So you spend all day with your body inside of a giant case mod that you happen to share

living space with. And when you get in a car, it's a computer that hurdles down the road at 120 kilometers an hour. Every year when you go to conferences like CCC or Def Con or Black Hat, you'll see presentations from people who have figured out how to get into the car's informatics systems,

sometimes through something as trivial as the Bluetooth interface for the sound system. And through that, they're able to control the brakes and the steering. The most important fact about your car isn't what it's made of or whether it runs on petrol or a battery. It's how the computer is programmed and how well secured it is. A Boeing 747 is a flying sun Solaris workstation in a very fancy

aluminium case connected to some very tragically badly secured SCADA controllers. And it's not just that we keep our bodies inside of computers all day. Increasingly, we have computers inside of our bodies. You may know someone who

has a cochlear implant. They're already living with an implanted hearing aid under their skin and their head. But if you grew up like me with the Walkman or if you're a little younger and you grew up with MP3 players, you will someday, if you live long enough and aren't killed by a self-driving car, someday, all of those punishing earbud hours that you have

logged will come to you and you will have to get a hearing aid. And it's really unlikely that that's going to be a beige, retro, analog, transistorized hearing aid, right? It's going to be a computer inside of your head. And depending on how that computer is configured, it will let you hear what's around you or it might prevent you from hearing some of the words that

are spoken or it might tell someone else what you're hearing or it might make you hear things that aren't there. You probably know someone who's alive today because of their implanted defibrillator. If your heart can't keep the rhythm and under normal circumstances you would fall over and die,

your doctor can implant a powerful computer connected to an even more powerful battery right in your chest cavity, connect it to your heart and it will listen to your heart beating when your heart loses the rhythm, it shocks you back to life. Now doctors want to update the firmware on these things and they want to get telemetry off of them and it's difficult and messy to

attach a USB cable to a computer that's inside of your chest cavity. So they have a wireless interface, everything has a wireless interface. We basically live inside of microwave ovens these days and it's through that wireless interface that a researcher named Barnaby Jack showed that from 10

meters away he could compromise one of those computers and cause it to deliver lethal shocks to its owner. So we have computers inside of our bodies and the way that they work matters. Now I'm a science fiction writer and I feel like when I talk about this stuff people think that I'm being futuristic but this is really rooted in the present. So like some of

you I travel a lot you know I'm changing the climate ask me how and the first rule of every traveler is ABC always be charging and so whenever I come into a room my situation awareness makes me scan the baseboards for electrical outlets because I need to charge all of my devices, your laptop is your lifeline. One day I was in an airport lounge and I was

feeling very smug because I camped out on the only electrical outlet in the room and I was charging my laptop before a long flight and a man came up to me very cheekily I thought and he said could I use that electrical outlet and I kind of looked over my glasses at him and I

said I'm charging my laptop before the flight and he rolled up his trouser leg and he showed me that his leg ended at the knee and beneath the knee he was robot he was wearing a powered prosthetic and he said I need to charge my leg before the flight. So I said all right it's all yours. So we live in a world made out of computers

inside of our bodies our bodies inside of them and this matters because computers pose entirely novel regulatory challenges that not only do our governments struggle with but our governments get terribly awfully wrong. So it's not unusual for a new

technology to cause a social problem happens all the time you look at the history of the car the telephone the television as each new technology has come along it's created new problems and one of the ways that we've solved those problems sometimes with some success is by handing down legal mandates that say you must do this and you must not do that your radio

must emit in these frequencies and must not jam air traffic control signals and that as a paradigm has worked reasonably well and it's worked reasonably well because all of these other technologies were relative to computers special purpose a car is a car is a car even if it has

one feature or lacks that feature right if if the state says you may not put an ashtray in a car or you may not put a car phone in a car and the and people are forced to remove those things from their cars and manufacturers are required not to build them in

we may argue that the government has overreached we may disagree with their conclusions but no one will say when i take the ashtray out of my car it stops being a car because that carness can be preserved even if it lacks one feature or another that we think of as a kind of mainstay of the automotive industry but computers are general purpose

computers can't have features removed from them in this way all computers can execute all instructions that we can express in symbolic logic and i'm going to talk about that a little more what that means is that this way of

solving our problems by mandating that things may do something must do something or must not do something that's not something that works when it comes to computers and these days everything we have is a computer in a fancy case so to understand this we have to talk about some of the technological innovations that produce the computer

during the the war during world war ii during world war ii it was the first war that was really an information technology war dominated by radio and codes and the allies worked very hard to figure out how to break the enigma codes that the axis powers were using and to that end a special research unit

was set up in blutchley park headed by alan touring assisted by the polish mathematicians who are in exile from occupied poland and a parallel research institute was created in america at the princeton institute with girdle on einstein and then the hungarian mathematicians in exile

particularly janis von neumann and these researchers excuse me i'm coming down with a cold here these researchers collectively built a general purpose computer and it was nothing short of a miracle because historically if you had some computing work you needed to do you needed to do some kind of maths and you wanted an electronic calculator to add

those maths up for you you would build a computer that just did that kind of computation so when you needed to calculate ballistics tables you built the ballistics table computer and when you needed to tabulate an election you built the election tabulating computer but if you wanted to calculate ballistics tables on the election tabulating computer

it was really hard you would have to do uh actually could you leave that up there for me i actually need to drink it sorry thanks um uh sorry um so in order to calculate uh you know if you wanted to calculate ballistics tables on the election tabulation computer you would uh you could technically probably

have pull it down into its bare components and then rewire it as a uh as a new kind of computer but it would be the least efficient thing you can imagine and Turing and von Neumann created this novel architecture for a universal computer that could run every program we could conceive of

and it ushered in a new era that we're still feeling the aftershocks of in fact i would argue that we're still in the first days of the new era of Turing completeness Turing completeness is not only miraculous in that it lets us do all computing with all computers and shows us that all computers are really equivalent the very oldest computers that

we have can run all the programs that our most modern computers can run albeit the modern computers are millions of times faster so if you tried to run those programs on the very old computers you might end up running up against the heat death of the universe or have to burn all the coal on earth to

power them but nevertheless given enough time and enough power all computers can compute all things that all other computers can compute this has actually turned into something of a security nightmare because there's lots of times when we want computers that can just do a few things but not all things right like maybe you want a computer that can live in your printer

and can turn instructions into uh ink on a page but you don't want it to be able to scan your network for unpatched computers install viruses on them and exfiltrate all your corporate secrets it turns out that the very powerful computers in our printers are really good at being infected with malware that will crawl your local network and exfiltrate all of your most

precious data to everywhere else and we can't figure out how to get those computers to not compute all that stuff and still be able to compute our printer pages even uh card games like magic the gathering turn out to be touring complete you can with enough time take magic the

decks and compute any any program that you name that you care to name now again you might run out of time the sun may grow cold this solar system may fly apart before you finished running a particularly sophisticated program but it is touring complete and we keep running up against it in all of these mundane security contexts like every now and again someone for some

unknown godforsaken reason will decide to make yet another social network and they'll decide that in order to give people the awesome power of self-expression they will put at the top of everyone's page a glittering uh unicorn animated gif it's pronounced jiff

uh a glittering animated unicorn jiff uh and give them the power of self-expression by uh giving them a scripting environment that they can use to make the unicorn dance across the page and it has maybe three instructions five instructions and then the next year a big security conference without fail almost someone stands up on a

stage like this and goes you know you had like five instructions and i figured out how to use them to build up all of the instructions in a touring complete computer and i wrote a virus in your dancing unicorn sparkle gif uh uh scripting environment and i've infected every page in your social language in your social network with it

so it's uh we don't know how to solve social problems that computers are part of the way that we used to by saying make a computer controlled radio that can emit as a baby monitor but not as a as a air traffic control system because really what that's saying is make a computer that can run the baby

monitor program and not the air traffic control system program we don't know how to do that it also poses some business challenges because the dominant business model of computers in the 21st century is this ecosystem walled garden model where manufacturers make a product that is very attractive and then they use

cryptography to lock that product so it only works with other products that come from the same manufacturer if you want to install your inkjet cartridges you have to buy them from the company that made your printer if you want to add more devices to your internet of things or your automated home lighting system or any other piece of of equipment that you've already spent money on you have to buy it from the

manufacturer now that's not a new thing companies have been doing this since Gillette made the disposable razor hand the the disposable razor hand blade and sold us razor handles but there's always been something that limited how much rent companies could extract from us for our

naivete and becoming their customers and thinking that they were giving us a square deal and that limit was how much it would cost us to throw away all that stuff and buy something new and that was the most rent that they could extract from us at a certain point it's cheaper to throw away your printer and buy another printer that has cheaper ink than it is to keep buying the original manufacturer's

ink for the printer even if your printer works perfectly now the way that the digital locks are used to accomplish this kind of control is really interesting and it's a kind of textbook case of how this regulation fails and how the business lessons fail as well

so in order in order to understand this you have to understand just a very little bit about cryptography and i'm going to give you a 10-minute cryptography primer with no mathematics at all that's generally speaking a good thing to know about anyway so to understand cryptography you first have to know that all cryptographers start with an example that involves three people locked in an

eternal triangle of rivalry alice bob and carol alice and bob are in love with each other and they trust each other and they want to communicate with one another and carol is evil and she wants to read their email so alice and bob use cryptography to scramble messages and send them back and forth to each

other and when they do they make two very very important assumptions the first is that carol can get the message in transit and make a copy of it and that assumption on its face may sound a bit weird you know why not use a special courier why not why not have some secure path a wire that goes between alice's house and bob's house that

has armor around it that carol can't get into well it's because increasingly we use public spaces to convey our messages like we may convey our messages by radio so anyone near the receiver or the transmitter can receive a copy of it maybe we transmit our messages by satellite in which case we've got a satellite in orbit whose footprint is the size of a continent

and if carol is anywhere on that continent she can receive the message or maybe we send it over the internet and everyone between bob and carol all of those internet service providers all those online hosting companies all those long-haul fiber links every single one of them

could be subverted by carol and alice and and could read alice and bob's message so if alice and bob are only secure when carol doesn't have their message alice and bob are not secure they make another important assumption which is that carol knows what they did to scramble the message now this seems even stranger on its face because they not only believe that carol knows how they scramble the

message they make a point of telling carol how they scramble the message in fact they tell everybody how they scramble the message what tool what cryptographic equations they used to scramble the message and the reason they do that is because anybody can design a security system that works on people who are stupider than them right but unless you're the smartest

person in the world chances are someone smarter than you will figure out how to break it this has deep roots in modern science before we had modern science we had a thing that looked a lot like science called alchemy and alchemists did science-like activities they formulated hypotheses they

executed experiments but alchemists had no way of knowing whether they were indulging in the endless human capacity for self-deception they had no way of knowing if they were kidding themselves about whether their experiments were successful because they never told anyone else what they learned and that's why every alchemist

discovered for himself in the hardest possible way that drinking mercury is a terrible idea and we call the 500-year period of alchemy the dark ages and when alchemists started publishing and submitting their material to adversarial peer review where your friends tell you about the dumb mistakes you've made and your

enemies tell you what an idiot you are for having made those mistakes we call what came out of that the enlightenment and we call what they practiced in the enlightenment science and all science starts with the idea that you have to tell other people what you think you've done to find out about the dumb mistakes that you've made that you yourself are blind to and alice and bob

making up cryptographic ciphers to transmit their messages they're no exception so if carol knows what alice and bob did and she has a copy of the message how can alice and bob keep their secret well the way they keep their secret is by having a key that is secret and if the key is secret and the math is correct and we think the math is correct because everyone who

wants to look at it has been able to look at it and they haven't been able to find the any failings in it if the key is secret and the math is correct that nothing carol does can unscramble that message without alice and bob's cooperation even if carol could take every hydrogen atom in the universe

and turn it into a computer that ground away on that encrypted message until the universe ran cold we would run out of universe before we ran into possible keys and so alice and bob are secure now how does this work in the ecosystem world how does this work where say netflix wants to make sure that you only watch a video

using an approved device or a program that doesn't let you save it to your hard drive and never watch it with one of your own creation that lets you turn your stream into a download well netflix provides you with a piece of software a client or they bless a piece of software that someone else has made and they give it a key and they

scramble the movie and they send the movie to you and the one thing that they make sure of before they give that that software the key is that it won't let you save the file when you get it when you're when you're watching it and they send you the encrypted movie and the software they provided decrypts it

and because crypto works netflix can keep their movies intact now you may have spotted the problem with this because we're not talking about alice and bob and carol anymore when we're talking about the apple itunes store or the app store or the the nest store or the ps4 store or

the nintendo store or netflix we just have alice and bob bob sends alice a message bob gives alice the key bob then hopes that alice won't figure out where he put the key so that she can figure out how to read the message later on her own terms and alice

is anyone in the world who wants to become alice how do you become a netflix alice get a netflix account right if you're a bored grad student with the weekend off 30 undergraduates who need some extra credit and your own electron tunneling microscope you can be alice for seven euros a month and go at the devices in your own home or in your own lab to

extract the keys keeping keys and devices that you give to your adversary doesn't work for the same reason that making bank safes that you keep in the bank robbers living room doesn't work in technical circles we call the security model wishful thinking and over and over again

bob discovers that you can't both trust alice and not trust alice that when you give alice the key she will extract it but businesses have gone to governments around the world and convinced them that touring completeness is a bug and not a feature and that if technology

won't let us design computers that can run all the programs except for the ones that they don't like then maybe laws can and so starting in the mid-90s with a pair of un treaties from the world intellectual property organization the wipeout copyright treaty and the wipeout performers and phonograms treaties and then spreading out all over the world through the eucd in europe in 2001

through the digital money and copyright act in america in 1998 embarrassingly my own country canada passed its bill c11 in 2011 and it's one thing to make a really dumb mistake about the internet in 1996 or 1998 or 2011 excuse me but as my good friend aaron

sports once said it is no longer okay not to understand the internet so what do these laws say they say that it's against the law to break a digital lock to help people break a digital lock to distribute tools that break digital locks or to take the keys out of a digital lock and make your own player

and that's all allegedly in the name of preventing piracy though of course we all know that the magic incantation for uh breaking a digital lock if you don't want to bother breaking the lock itself is to type the name of the movie or other file that you're after and the word bit torrent into any search engine and you can enjoy the efforts of someone else who's smarter and has more time

than you who's gone to the trouble of breaking the lock off of it so it hasn't done really anything to stop piracy that's not to say that it wasn't useful to those firms it's been very useful because you can't start a business that operates and takes out ads on the sides of buses and does things in public that breaks these locks you have to be

underground you have to be hobbyists you have to keep your names off of it you can't get any capital for it and you can't take it out to the rest of the world and and build the kind of usable highly polished software that gains widespread attraction so see how this works think about CDs and DVDs

imagine that it's 1996 and you go to the high street and you go into a tower records and you spend a thousand euros on CDs and a thousand euros on DVDs and you come home and you put them on a shelf for 10 years and after 10 years you take them off the shelf and you blow the dust off of them well what's happened in 10 years is that your CDs

have gained value this is almost without precedent right usually if you buy technology and you put it on the shelf for 10 20 years by 20 years later it not only has zero value it has negative value you have to pay someone else to get rid of it for you but the CDs because there's no digital lock on them companies were able to make products that expanded the features that came with your CDs when you bought

the CD all you could do is listen to it but now when you put it in your computer your computer automatically launches a piece of software that says would you like to rip mix and burn the CD to make a ringtone an alarm tone a youtube soundtrack a school project a mashup a backup a stream out of this CD and the music on it all of those features

were unlocked just by the march of time but in the 20 years 19 years since DVDs were introduced not one new feature has been added to DVDs all you could do with a DVD in 1996 was watch it all you can do with a DVD today legally is watch it if you want to listen to a song on a CD

on your phone you put it in your computer and your computer will automatically format it so it can go on your phone if you want to watch a movie that you own on DVD on your phone you have to buy it again from one of the digital stores so of course this is something that business is like because they can charge you money for something that you get for free

but the problem with this isn't just a user rights problem in fact the user rights problem is really the least of it it's just why businesses like it because the real problem is that in order to stop people from availing themselves of additional features for their DVDs or buying their software from an unofficial app store or having a mechanic of their choosing

fix their car we have made laws that criminalize telling people about flaws in their devices because if you know about a mistake that the programmer made on the device you can use it to extract the keys and make your own player or grab the clear text while it's while it's playing on the device now if you're not allowed to know

about the flaws in your device if people who find flaws in devices aren't allowed to tell people about it then those flaws in those devices last longer imagine if we had a rule that public health authorities that discovered pathogens in the water weren't allowed to tell you about what was in the tap water those pathogens

would last longer the pathogens in your digital devices are prohibited from disclosure and so our digital devices have become reservoirs of long-lived digital pathogens that can be used to attack us in every conceivable way because your phone is not just a

distraction rectangle and tracking device that lets you throw birds at pigs your phone is a super computer that lives in your pocket and knows who all of your friends are and what you talk to them about and where you are when you're talking to them it knows what your doctor told you last week it knows what your lawyer sent you in confidence it can log into your bank account it can

refinance your house it has a camera it has a microphone it controls your insulin pump you take it into the toilet you take it into the bed and you can't be sure unless the phone is telling you the truth whether it's listening to you and watching you the bugs in our

software and our software and devices aren't just used to jailbreak them to add new features the bugs in our devices are used by malware and crime wear authors to take advantage of us to attack us in lots of ways and this is getting worse because if you think back to

those swooshy internet of things videos the one thing that everyone does in those internet of things videos is they walk into their rollerball house and they turn the lights on with like a gesture from drama school right and then they speak to the house they say house tea earl grey hot right what's a house that

has gesture control and voice control in every room that's a house with a camera and a microphone in every room and because the internet of things is being born with the ecosystem business model because it's being born with digital locks to make you buy from the vendor it is a criminal offense to tell you about the flaws in your

internet of things house a world where our devices are designed to distrust us is one where corporations get us on the way in and governments get us on the way out so you'll remember just over a year ago in Ukraine in Kiev the central square the Maidan was full of protesters who wanted to bring down the government didn't end very well in the as it

turned out but one day these protesters went home from their demonstration and their destruction rectangles buzzed and they took them out and it said dear subscriber you are registered as a participant in a legal disturbance today right be warned how do they know who was in the Maidan well they had a

device called excuse me called a stingray and stingray is a pretend mobile phone tower they're very small and what they do is they wake up and they send out the beacons that mobile phone towers send out that says I'm a mobile phone tower do you need service and all the phones wake up and they say I'm a

phone and this is my unique identifier what kind of service do you have and then the the the stingray says oh never mind and shuts itself off but it remembers all of those unique identifiers and if you have a way to turn those unique identifiers into the names of the people who are on those phones like for example if you have a police force that can go down to the phone company and say tell us

who these numbers belong to then you can identify all of those people and in the US a court has just ruled that stingrays can be used without court orders without warrants that there is no expectation of privacy in your location when you use a mobile phone but think about what this means for the future right um if you've uh if you if

you've been worried about climate change one of the things you've probably seen are these smart meters that go on the walls of our house that are different from a regular thermostat and they have one really important and really good feature which is that the power company can press a button and turn your heat down or your air conditioning down just a little bit so when the power starts

to spike across the grid rather than firing up the old coal fire generator to keep the power grid from going down they can just adjust downwards the amount of power that we're all consuming by a minute amount but of course the power authorities don't want you to walk back over and turn it back up again so they've designed it so that it

doesn't take orders from you it takes remote orders from whoever it is controls the power company so imagine that the next time there's a midan uprising instead of coming home and getting a message that says dear citizen you are registered as a participant in a legal demonstration it says dear citizen you are registered as a participant in a legal

demonstration we've turned your heat off for the night think before you come out to the midan next time right it's getting worse i i mentioned uh i beg your pardon there was an article in the new york times about two months ago now about subprime auto lending you may

remember that the worldwide financial crisis was in part precipitated by subprime house lending where they would take people who are poor credit risks and loan the money to buy houses and then turn those loans into bonds well having run out of houses to pump and dump the finance industry is now doing this with cars there are 1 million subprime cars on the road in america

and to make those bonds that are based on the loans for those cars as valuable as possible and to make it easy to repossess the cars from people who don't make their payments those cars are now all fitted with ignition overrides that are networked and location aware so it's it's pretty bad stuff as you

might imagine it it kind of embodies all of that venomous hatred and cruelty that have become the hallmark of how we treat the poor in the 21st century if you miss a payment it has its own speaker system and the speaker system starts broadcasting as soon as you put the key in and keeps going until you get out of the car you're late on your payment you're late on your payment you're late on your payment

but that's not the main attraction the main attraction is turning off your engine so uh in the new york times article they profiled one woman who had taken out a lease that had a condition that said she wouldn't leave the county that she lived in and one day she went to the woods with her family and she crossed the county line not knowing it or not not understanding and or not remembering

the condition she walked around with her kids in the woods and then it started to get dark and cold maybe there were wolves and uh she brought the kids back to the car and she uh turned the ignition on the car and the car said i can't let you do that dave right it had been designed to disobey her it wouldn't start and of course she's out of

cell phone range and no one else is there doesn't end well and it's not going to get better until we fix this problem so i mentioned before this guy with the artificial leg and all of the ways that computers are entering our bodies there's an incredible presentation if you ever get the chance to see this guy or you look him up on youtube you should check it out there's this

guy named hew hair h-e-r-r like like sir in german hair uh who runs the prosthetics lab at the mit media lab and he does an amazing presentation because it's all visual i just talk he's got pictures and on the wall he shows picture after picture of these incredible devices that have been integrated in the most intimate ways with people's bodies

hands feet arms legs neural prostheses sensory prostheses that have profoundly improved people's lives one after another and then when he's done he clicks to the last slide and it's a slide of him and he's climbing a mountain in gore-tex and he's clinging to the

rock like a gecko and he is super ripped and at both knees there's nothing below them except prosthetics for climbing the mountain and he's been walking around like this the whole time and he says oh yes didn't i mention he rolls up his pants legs and his legs are both cut off at the knees and he's wearing robotic legs

and he starts to run around the stage jumping around the stage right it's a killer demo so the first question anyone asked they said like how much did your legs cost and he said oh you know named a number you could buy like a brown stone in new york for it or like a terraced house in mayfair for it

the next question anyone asks is who could afford those legs he said well anyone right if it's a choice between like a 60-year mortgage on a house and a 60-year mortgage on a pair of legs you'll take the legs well think about what it means when your subprime legs are repossessed right they walk themselves back to the repo depot think about what it means when the

police have an override to make your legs walk you into the police station and when that's not in the hands of a government that we think of as being democratic and fair but in the hands of an autocratic regime that we think of as operating outside of the rule of law and then think of what it means if your government which you do trust which you may trust

has that facility and never abuses it but lose track loses track of the keys or the keys uh leak or it turns out that there's a security flaw that allows other people to remotely override computers that are in your bodies which brings me to cyber security and surveillance whether deliberately or through some

awful convergence the world security services have entered an era in which cyber security is all offense no defense rather than trying to patch the bugs in our devices so we can't be attacked they are trying to create bugs in our devices so they can attack bad guys because all of the enemies of all of the intelligence services use the

same computers we do use the same software we do use the same internet that we do two of these programs uh run jointly by the us and the uk called bull run and edge hill have a 250 million dollar a year spend to deliberately introduce flaws and vulnerabilities into the technology that we all use and depend on for

life and limb not only that governments have created thriving markets through which they buy vulnerabilities that security researchers discover and rather than taking those vulnerabilities that they've discovered and patching them so that we are all secure from criminals or foreign spies or griefers or hackers

they keep them a secret and weaponize them so they can make them into bunda stroyaners so they can make them into technology that they can use to attack the people that they don't like and now we have governments faced with the possibility that manufacturers might encrypt their defaults by their their devices by default saying

that they will make it illegal to install software that embodies a code that is so strong they can't read it the prime minister of the united kingdom who will remain prime minister for another 24 hours david cameron uh i know i know but remember the tories

just perfected the surveillance state labor invented it it sucks he said that we will have no technology if he's elected no technology no communications means that he can't listen in on that he can't penetrate the fbi and the new york attorney general have made similar calls

and people have ridiculed them like how would you stop me from installing software of my choosing that works i mean maybe you would say everybody has to use the broken software but how would you keep me from using the not broken software you actually see its seeds already if the platform is already designed to make it against the law to

install unapproved software all you do is show up at the door of whoever approves the software and says we have a law now and that law is that you have to make sure that everything you approve has a back door that we can listen in on and that back door will be independently discovered by criminals and it will be used by

autocratic regimes and it'll be used by spies and it'll be used by griefers now the modern world exists in a state of constant mass surveillance and in europe especially in the former east block states we like to draw comparisons between the surveillance habits of the stolen security agencies like the stasi

to the nsa and gchq but if you look even glancingly at the numbers you'll see that they don't add up at the peak of the stasi in 1989 there were um there were 16.1 million people living here in the gdr and there were about 264 000 people

working in one way or another for the stasi as spies or informants that's a ratio of about one to sixty every stasi operative could spy on about 60 people in total uh to the extent that they were figuring out how what who was doing what and what where they were at now we don't know exactly how many people participate in the western mass

surveillance efforts led by the nsa but we know what the maximum number could be which is 1.4 million right that's how america that's how many americans have top secret clearance and a lot of those people aren't involved in mass surveillance they're doing other stuff they're making nuclear reactors or or something else right so the 1.4 million americans plus however many

spies from other countries are cooperating with them but it's not going to be i mean the americans are more than 90 of all the spies in the world working on the mass surveillance project that 1.4 million is the biggest number that could be working on mass surveillance and they're surveilling seven billion people the stasi used a bat used an army

to surveil a country the nsa has figured out how to use a battalion to surveil the entire planet so you have to ask yourself why are they spying why does state spy generally states spy because they want to maintain social order they're worried that either domestic or

foreign entities want to change the state in a way that will destabilize the status quo and make whatever they value about the state go away people who like the state that they live in people who feel like it's doing a good job generally don't work to tear down the state it's people who feel badly used by the state who try to tear it down so if you

think about north korea north korea has a bunch of people who have a legitimate grievance about the way that country is run and the kim family engages in a really detailed and invasive mass surveillance and they do so for a reason that's pretty rational when the kim family thinks to itself there's probably someone out there who'd like to hang me from a lamppost

they're right and so of course they spy on their own population and of course they spy on other populations because outside of north korea there's lots of people who wouldn't mind seeing them hanging from a lamppost and there's plenty of people who'd like to help given a chance but it's not just the

autocratic basket case nations where we see mass surveillance and it's not just those nations in which there are sources of a potential destabilization the u.s the uk the eu are all engaged in mass surveillance and they're all engaged in mass surveillance because they correctly believe that there are a bunch of people who don't feel well served by those

states some of those people i happen to agree with some of those people i think are wrong but they're all out there and it's not incorrect to say that there are people who would like to destabilize those states now stabilizing a nation is not all about surveillance in fact usually the go-to measure for stabilizing a nation is to make it

legitimate in the eyes of the people who live there remember people who live in a state who feel like it's legitimate and doing a good job don't try to tear it down and so the carrot of social control is redistribution and social programs and the stick is guard labor surveillance prisons security guards

parole systems court systems other systems of control and states that do a lot of guarding generally don't have a lot of social programs like bahrain where they put a lot of energy into spying on people and into breaking heads when people demonstrate in the streets

and not a lot of energy into distributing bread and circuses to stop people from demonstrating in the streets and states where they do a lot of redistribution generally don't need a lot of guard labor think of the nordic states that have very extensive programs of redistribution and fairly minimal relative to other advanced states uh levels of guard labor and indeed

there's a kind of maximum minimum problem here there's an optimization problem at a certain point you spend more money on guard labor than you would just giving people more hospitals and nurses and doctors to keep them from trying to hang you from a lamppost and at that point it makes more sense to uh to redistribute than it does

to uh to uh uh spy but we have entered a period of unparalleled efficiency in guard labor we have given our security services a two and a half order of magnitude lift in the efficiency of their surveillance operations through technology they're not

spending thousands of times more on surveillance they're spending four times more six times more on surveillance than they did during the cold war but they're getting thousands of times more surveillance for their money with that relatively modest increase because we are bearing the most of the cost of the surveillance we use the internet and we pay to use the internet and

then they just spy on us using the internet they don't have to fit us all with ankle cuffs we carry them around in our pocket and throw birds at pigs with them and we have entered as a consequence a period with very little redistribution and enormous wealth disparity uh in the EU in the EUCD uh the OECD rather we are at

the worst levels of wealth disparity in 50 years the 400 richest americans control more wealth than the other 316 million americans combined and the majority of those 400 richest americans inherited their wealth america calls itself a meritocracy but it's become a hereditary meritocracy so wealth disparity is a source of

enormous social instability not just because people resent the very rich as they get richer and the people at the bottom have less but because as power concentrates into the hands of fewer and fewer people governments are less and less able to make evidence-based policy you know in Saudi Arabia power is concentrated into a very small number

of hands and it's easy to see without doing any research at all that keeping 52 percent of their population out of the workforce in public life is not good for Saudi there are people who would invent cures for cancer better cars new kinds of video games and everything else that can contribute to

their state who are barred from making this contribution because of this policy and the reason they have this policy is because the very small number of people who control all the wealth in this very unbalanced state are able to assert their bias over evidence and this is creeping into every domain of our activity so in London where I live we know

that the finance sector is criminal right like not metaphorically criminal like HSBC stole a trillion dollars from the world's governments by rigging LIBOR criminal but we keep acting like they're not because power has been concentrated into a very small number of hands and the people who control that power don't want to talk about what the

what the finance industry does in Canada where I'm from our conservative government had its election campaign financed and has its power base in the dirtiest source of oil in the world the tar sands of Alberta and as a consequence it has destroyed the entire country's science apparatus because in a resource-rich state you

study climate change and studying climate change runs contrary to the project of adding oil pipelines to Canada in fact a recently leaked memo from our security services the RCMP show that they are now classing people who object peacefully to the new oil pipeline classifying them as domestic extremists and subjecting them to surveillance

so if the Stasi could have given themselves a two and a half order magnitude order of magnitude efficiency left in surveillance what would the former Soviet bloc have looked like how big would the dashes have been how much longer would the wall have stayed how unequal could those states

have been we don't have to imagine it we can see what it looks like because we have states that have emerged in that form so Ethiopia which has almost no domestic ICT capacity has become the world's first turnkey surveillance state they have come to the European Union and bought from the European Union spying tools weaponized vulnerabilities and mass surveillance

tools from companies in the EU that they have used to put their entire country under a level of surveillance that matches the surveillance of any western state it's likely that the equipment that they use has back doors in it so that foreign spy agencies can spy on them one of the stone leaks showed us that there's this thing called fourth party collection when a spy agency

gets inside another spy agency and spies on all the people they spy on there's also a fifth party collection where a spy agency gets inside of a spy agency that's inside of another spy agency it's matrioshka's for spooks Ethiopia has a huge diaspora people who have left the country to escape the

the autocratic tyranny of its ruling elite including a client of the electronic frontier foundation a man named mr kadani who's a permanent resident in the united states who is in washington dc when a cyber weapon created by a european company was used to hack his computer to get the information on dissidents that he was in communications with in ethiopia so that reprisals could

be brought against him there and we are representing him in an american court in a lawsuit against the ethiopian government so this global wealth disparity and surveillance they're bound up together with the rise of technology the ability of states to assert wholesale control at fire sale prices is a key element of

how we got to this place we are in a global arms race between the power of technology to spy and the appetites of elites to amass ever larger piles of wealth poised against the power of technology to give us secure encrypted integrated means to organize among ourselves and lobby for a better just future

so uh i'm gonna skip a bit because i i went a little long here cryptography is not the real fight all of the stuff that i've been talking about today all the tools that i want you to go use to make yourself private that's not the real fight not being surveilled is not the real

fight the existential threats to the human race are things like climate change the refugee crisis the uh uh gross iniquities between the poor and the rich uh gross inequality based on gender racial identity uh and ethnic identity those are our real problems but we will win or lose every one of

those fights on the internet and we will only win them if we have a free fair and open internet thank you so i'm going to finish up now and take a question or two people ask me if i'm

optimistic or pessimistic about this stuff and that's a that's a prediction optimism and pessimism and science fiction writers who make predictions about the future are like drug dealers who sample their own product it never ends well because after all if i were optimistic about the future every morning i would get out of bed and do everything i could to make computers into a tool for liberation instead of surveillance and oppression

and if i was pessimistic about the future i get out of bed every morning and do everything i could to make computers safe for uh for the world and the world's safe for computers instead of optimism or pessimism i'd like you to take on something far more important which is hope when your ship sinks in the open sea as

we've seen happening with horrific regularity in the mediterranean you tread water and you don't tread water because you're it's likely that you'll be picked up almost everyone who's stranded out in the middle of sea doesn't get picked up but everyone who's ever been rescued treaded water until someone came along it is a necessary but insufficient

condition for improving things and moreover if there were people around you couldn't kick for themselves you carry them you'd kick until you ran out of until you ran out of legs to kick with because maybe they would kick for you when you got tired and because you love them and you take care of the people that you love people who care about computers and

know about computers and know about the internet and know about privacy and know that nothing to fear nothing to hide is is wrong we're the people who are conscious and aware and can keep kicking and it's our duty to bring along the people who haven't quite got who haven't quite got there after all privacy is a team sport if you run your own secure mail server but

all your friends keep their mail on some web mail server run by a company with prism in its data center it doesn't matter you have to bring them along solve the parts of the problem that you can and maybe you will think of what the next step is to solve the rest of the problem here in germany you have nets politique all around the world we have the electronic frontier foundation

in france there's la quadrature dinette in all across europe we have edri in the netherlands there's bits of freedom and on and on in every country in the world there are organizations that fight for this stuff and none of us are pure all of us give money and time and energy to people who are working against our interests

we buy products that have digital rights management on them we participate in products sold by companies that advocate against network neutrality think about how much you spend every month on companies whose mission is to make the internet into the world's most perfect surveillance apparatus and figure out what proportion of that you think you should be giving to one

of those other groups that's working to undo the harm that they're making you know every vegetarian thank you every vegetarian eventually meets a vegan every vegan eventually meets a fruitarian every fruitarian eventually meets a britarian nobody is pure

but we all do what we can thank you very much i think we might have time for one quick question thank you right uh are there any um people who identify as women or non-binary who'd like to start us off with the q and a so uh are there any questions

yeah i did warn you at the start of the talk all right is there anyone who's got a question all right in that case oh go say the stuff that i skipped thank you justin i paid justin to say that no i i won't say the stuff that i

skipped thank you justin though that was very kind of you all right thanks guys