Keynote: Apathy and Arsenic
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Untertitel |
| |
| Serientitel | ||
| Anzahl der Teile | 32 | |
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/45420 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
DjangoCon Europe 201931 / 32
5
8
14
22
24
27
29
30
31
00:00
WhiteboardRechter WinkelDigitalisierungSoftwaretestDatenmissbrauchBitKategorie <Mathematik>RuhmasseTUNIS <Programm>Computeranimation
01:06
MultiplikationsoperatorBitElement <Gruppentheorie>Faktor <Algebra>SoundverarbeitungRotationsflächeComputerspielProdukt <Mathematik>Computeranimation
02:13
QuellcodeDisk-ArrayWeb SiteVollständigkeitHill-DifferentialgleichungQuaderProdukt <Mathematik>Schreib-Lese-KopfArithmetisches MittelVorzeichen <Mathematik>Computeranimation
02:44
BildschirmmaskeTouchscreenCASE <Informatik>GraphfärbungPlastikkarteProdukt <Mathematik>Computeranimation
03:23
OrnamentgruppeRegulator <Mathematik>Kontextbezogenes SystemAbschattungMereologieStichprobenumfangPublic-domain-SoftwareAggregatzustandVererbungshierarchieFamilie <Mathematik>Computeranimation
05:17
SoftwareStrömungsrichtungDigitale PhotographieDigitalisierungApp <Programm>FacebookFamilie <Mathematik>ZahlenbereichVererbungshierarchieMetadatenDatenmissbrauchKartesische KoordinatenAutomatische DifferentiationGoogolComputeranimation
06:11
ZahlenbereichTwitter <Softwareplattform>COMRuhmasseZahlenbereichDigitalisierungRegulator <Mathematik>DatenmissbrauchSoundverarbeitungSelbst organisierendes SystemGesetz <Physik>MultiplikationsoperatorZentrische StreckungComputerspielFrequenzGoogolWhiteboardGüte der Anpassung
07:28
ComputerspielRuhmasseService providerGreen-FunktionKomplex <Algebra>MathematikZahlenbereichSnake <Bildverarbeitung>Computeranimation
08:14
ZahlenbereichDatenmissbrauchRuhmassePunktBesprechung/Interview
08:51
GeradeBitMetropolitan area networkPunktComputerspielMultiplikationsoperatorMittelwertAnalytische FortsetzungMIDI <Musikelektronik>Neuronales NetzRechter WinkelBesprechung/InterviewComputeranimation
11:11
BenutzerschnittstellenverwaltungssystemComputerspielARM <Computerarchitektur>Familie <Mathematik>Computeranimation
13:19
Dean-ZahlMultiplikationsoperatorE-MailQuaderMessage-PassingSpeicherabzugBitAdressraumComputeranimation
14:05
ComputervirusE-MailProgrammiergerätPasswortComputervirusSoftwareNetzbetriebssystemPasswortProgrammiergerätInternetworkingVollständigkeitInhalt <Mathematik>MomentenproblemRelativitätstheorieE-MailMalwareWeb SiteCOMMultiplikationsoperatorComputeranimation
15:16
QuellcodeWeb SiteComputerspielDigitale PhotographieInhalt <Mathematik>ProgrammierungE-MailTouchscreenBitratePunktZeichenketteRelativitätstheorieComputeranimation
16:12
LochkarteQuellcodeMultiplikationsoperatorZentrische StreckungZahlenbereichResultanteInklusion <Mathematik>E-MailPasswortFormale SpracheUniformer RaumAusreißer <Statistik>Serielle SchnittstelleReelle ZahlTorsionAggregatzustandPunktBesprechung/Interview
18:56
Dienst <Informatik>InternetworkingMereologieFormale GrammatikIdentitätsverwaltungZeichenketteGamecontrollerPlotterGoogolOffice-PaketFacebookComputeranimation
20:04
Zentrische StreckungLikelihood-FunktionDigitalisierungDifferentePunktTermFrequenzMultiplikationsoperatorDatenmissbrauchInzidenzalgebraZahlenbereichGruppenoperationVerschlingungComputeranimation
21:21
Forschungszentrum RossendorfQuellcodeFacebookDatenmissbrauchFacebookE-MailPunktIdentitätsverwaltungInformationHinterlegungsverfahren <Kryptologie>Kontextbezogenes SystemDatenmissbrauchZentrische StreckungMereologieGamecontrollerForcingVollständigkeitKontrollstrukturGruppenoperationApp <Programm>RandomisierungSchnittmengeImpulsAnalytische MengeComputeranimation
23:09
SchätzfunktionOrnamentgruppeDifferenteMomentenproblemKontextbezogenes SystemMultiplikationsoperatorImpulsSpieltheorieNeunzehnComputeranimation
23:49
PunktProgrammierumgebungTelekommunikationKontextbezogenes SystemPartikelsystemLesen <Datenverarbeitung>MultiplikationsoperatorSoftwaretestVierzigComputeranimation
24:26
QuellcodeSoftwaretestAuthentifikationQuellcodeSoftwareentwicklerDivergente ReihePhysikalische TheorieKanal <Bildverarbeitung>SystemaufrufAbschattungMereologieWasserdampftafelWeg <Topologie>Computeranimation
25:36
QuellcodeFreewareHill-DifferentialgleichungKonvexe HülleKontextbezogenes SystemMathematikOrnamentgruppeAbschattungMereologieFokalpunktCoxeter-GruppeAuswahlaxiomGesetz <Physik>GraphfärbungRegulator <Mathematik>MultiplikationsoperatorFreies ProduktProdukt <Mathematik>sinc-FunktionComputeranimation
27:08
OrnamentgruppeFreewareDienst <Informatik>Prozess <Informatik>Physikalische TheorieÄußere Algebra eines ModulsEinfügungsdämpfungÄquivalenzklasseAusnahmebehandlungNeunzehnComputeranimation
28:14
DatenmissbrauchDatenmissbrauchPhysikalisches SystemCookie <Internet>Ultraviolett-PhotoelektronenspektroskopieBrowserGoogolRelativitätstheorieAnalogieschlussKontextbezogenes SystemQuellcodeOnline-DienstWeb SiteMultiplikationsoperatorFacebookDifferenteDatenverwaltungKryptologieBitElektronischer ProgrammführerNormalvektorVirtuelles privates NetzwerkComputeranimation
29:53
SpieltheorieInformationMultiplikationsoperatorMathematikComputeranimation
30:59
Gesetz <Physik>InformationWhiteboardFacebookRelativitätstheorieMereologieDatenmissbrauchKryptologieStellenringEinsGesetz <Physik>EreignishorizontMultiplikationsoperatorExogene VariableGamecontrollerGüte der AnpassungHilfesystemPerfekte GruppeEuler-WinkelÄhnlichkeitsgeometrieDigitalisierungRegulator <Mathematik>OrnamentgruppeQuick-SortOrtsoperatorZentrische StreckungProdukt <Mathematik>GrundraumCASE <Informatik>Spezielle unitäre GruppeComputeranimation
34:58
Ubiquitous ComputingOrtsoperatorDatenmissbrauchZentrische StreckungPhysikalisches SystemSpieltheorieMathematikTwitter <Softwareplattform>Globale OptimierungMultiplikationsoperatorComputeranimation
36:13
VersionsverwaltungAbschattungSichtenkonzeptComputeranimation
36:44
SoftwareCoxeter-GruppeHackerComputeranimation
Transkript: Englisch(automatisch erzeugt)
00:00
Oh, so as Dawn said, I'm Lily. I'm a penetration tester from Melbourne. And I'm a board member of Digital Rights Watch Australia. And I'm a former historian and a future cyborg. And you may remember me from such conference talks
00:20
as the one where I rant about history or the one where I rant about privacy, or most popularly, the one where I rant about history and privacy together. And today's talk fits into that latter category. I want to talk about arsenic and mass surveillance, because there is a lot that we can learn from one about the other. And as a quick note, during this talk,
00:42
I'm going to mention death a lot. And I'll talk about murder a bit. And you'll hear quotes of threats that people have made to other people. And if you are not in a good place to hear about those things right now, that is very OK. You can leave this session. Tune out. Do another thing instead, whatever you would like.
01:01
I don't want to make anyone uncomfortable. So that's a small heads up before we get into this. So this is arsenic trioxide. Arsenic is a natural element. It's been used for all kinds of things since the time of the ancient Greeks. But for the next half hour, when I talk about arsenic, I'm referring specifically to this stuff, arsenic trioxide,
01:24
or white arsenic. This is an industrial byproduct. It started showing up everywhere when the Industrial Revolution began. It looks a lot like sugar or flour. When it's mixed into food, arsenic is colorless, tasteless, odorless,
01:40
and extremely poisonous. If you take a lot at once, it has an effect a lot like cholera, which is more or less the worst diarrhea that you have ever had in your life, followed by the end of your life. If you only take a little bit of arsenic at a time, it can make you tired and achy and give you trouble breathing.
02:02
In England in the 1800s, arsenic was very cheap because it was a waste product that factories wanted to get rid of. And you could get it almost anywhere in almost anything. And by anything, I really do mean pretty much anything. It was in cosmetics, for example. There were many companies that produced arsenical wafers or powders that promised to get rid of pimples and blackheads
02:22
or to slow the signs of aging. And I mean, it's kind of easy to claim that your customers won't age when they use your products because when they use them, they will die. It was used domestically to kill mice and cockroaches and rats and other pests. So it was easy to walk into a shop
02:40
and get a box of the pure stuff to keep in your kitchen. But arsenic was most popular as a color pigment, especially in emerald green, also known as Paris green, which was used in the same form as a pigment by artists and as a pest killer by farmers. Literally, they would walk in and buy the exact same product and it looked like that.
03:01
It produced a really vibrant green that no other pigment to that date was able to give. And because it was in pigments, that meant it ended up in anything that needed color. Cases were recorded of people being poisoned by arsenic in their playing cards, in fabric dyes, and in product packaging.
03:21
Arsenic also found its way into famous art like Van Gogh's Starry Night. And this is one of several reasons that art galleries don't like it very much when you try to lick their paintings. Most notoriously, it was also in wallpaper. Wallpaper was put up in the homes of anyone
03:41
who could afford it. And because our cynical pigment was cheap, that meant that most people eventually could afford it. The pigment dust would come off the walls if people brushed past it, or if there was a breeze. And if it was damp, which it did get damp in England especially, it emitted a toxic arsonist gas.
04:01
People who felt sick would often go on holiday to the seaside to take in the sea air and they would find themselves feeling much better after a day or two. And what they didn't realize is that most seaside cottages had whitewashed walls, not wallpaper. And they were feeling better because they weren't constantly breathing in poison.
04:22
You could get our cynical wallpaper in most Western countries, but it was especially a problem in England and in the United States, the two countries that were not really keen on government regulation of industry. What you're looking at right now is a digitized our cynical wallpaper sample that came from a book
04:40
called Shadows from the Walls of Death. And this book was published in 1874 as part of a public health campaign to raise awareness of the dangers of our cynical wallpaper. And it was eventually so successful in its aims that out of the original 100 or so copies that were produced, there are now only four left
05:01
because of how poisonous they are. Some brave soul at the University of Michigan digitized this one, and they are hopefully still okay. But because these are pretty, and they're in the public domain, you will see a few examples of them as I keep talking. Maybe most importantly, arsenic also had a reputation
05:21
as a way to make money quickly because your family wouldn't taste it if you baked it into a cake or served it in a cup of tea. And for this reason, it was also known as inheritance powder, but we're at a tech conference, which is why we're also talking about digital privacy
05:41
or lack thereof. And by this, I mean the current practice of governments and corporations gathering literally as much data about everybody as they possibly can and storing it forever and not usually very well. I'm talking about Facebook and Google's advertising networks and the Australian government's metadata retention and vague assisted access legislation,
06:04
the dodgy apps that promise to make you look good in photos but then ask for a suspicious number of permissions, and the Five Eyes. I'm talking about the 95,180 GDPR violation complaints that the European Data Protection Board has received
06:20
since the laws came into effect last May and the 41,502 notifications of data breaches that organizations have submitted since that time. The fact that Google has already been fined 50 million euros for violating this law and that this amount of money is basically a trivial operational expense
06:40
to a company of that size. I'm talking about the inevitable and unknown large number of data breaches that remain undiscovered or unreported. And I'm also talking about the fact that the rest of the world is not covered by regulations like the GDPR and mass surveillance practices persist just like they always have.
07:00
So I'm talking about all of that and then what happens to this data gathered in technically GDPR compliant ways or not when it isn't secured properly or someone inside a data gathering organization develops a grudge or even when it's used as intended and a thoughtless new feature upends everything. Where the topics of digital privacy and arsenic intersect
07:23
is that for a good period of time, despite the best efforts of the people who knew what they were talking about, the public didn't really give a damn about either of them. Arsenic and mass data gathering are both things that have pervaded everyday life in large-scale ways that have seemed impossible to change.
07:42
And despite lots of well-informed people agreeing in their respective centuries that these things are damaging to our wellbeing or our way of life, it is hard to get people to care or to think that things can change. These things aren't great, but they're just too useful and convenient. Arsenic makes vibrant and cheap shades of green
08:03
that look nice. It gives you a clear complexion. It kills mice really well. Data can tell us how to plan cities and provide accurate medical care and help us catch bad guys. But while things don't change, people's lives have also been upended by these things in increasing numbers.
08:22
Inhaling ambient arsenic didn't make everybody sick in the same way. One person might die and another person in the same home might just get bad headaches. In the same way, mass surveillance and privacy invasion disproportionately affect the members of society who are already the most vulnerable.
08:40
Then there are the more targeted attacks, both with arsenic and with data, that can become devastating to whoever's on the receiving end. And to illustrate my point, I want to tell you two short stories. In 1852, an English coal mine worker named William Mowbray married a young woman named Mary Ann. And together, they had nine children.
09:03
Over the next few years, seven of these children died tragically from what was recorded as gastric fever. In the mid-19th century, times were hard and it wasn't uncommon for children not to survive childhood. The couple collected the life insurance money and went on.
09:21
After 13 years of marriage, in the January of 1865, William Mowbray himself died tragically of gastric fever, leaving Mary Ann and her two remaining daughters to make their own way in the world with a little bit more insurance money to help them. By the way, the average life insurance payout in England for an adult man at that point in time
09:41
was about equivalent to his year's wages. George Ward, who was an engineer, was recovering from an illness in hospital in 1865 when he fell in love with a nurse named Mary Ann. And they were married in August 1865. Ward tragically died of gastric fever 14 months later.
10:02
His wife collected the insurance payout. James Robinson was a shipwright. In 1886, he had a new baby son and a recently deceased wife, so he hired a housekeeper to help him out. The new housekeeper, a woman named Mary Ann,
10:20
had only been living in the household for a month when the baby tragically died of gastric fever. Robinson found that Mary Ann's presence was emotionally helpful and he married her in the August of 1867. By this time, Mary Ann was pregnant with their daughter who was born two months after the wedding, but the baby only lived for three months
10:41
before dying tragically of gastric fever. Mary Ann's misfortune continued. While she had been living with Ward, one of her surviving children from her first marriage had died tragically of gastric fever. After marrying Robinson, her only remaining daughter from her first marriage also died tragically of gastric fever
11:01
and so did two of Robinson's children from his first marriage. So did Mary Ann's mother just after Mary Ann went to visit her. Mary Ann inherited almost everything. Soon after all these tragedies, James Robinson, the shipwright, discovered that Mary Ann had been stealing from him
11:20
and running up debts. He also noticed that she was becoming weirdly insistent that he should take out a life insurance policy on himself, which he refused to do. Robinson kicked Mary Ann out of the house. He did not die tragically of gastric fever.
11:40
One of Mary Ann's friends took pity on her tragic circumstances and introduced Mary Ann to her brother, Frederick Cotton. Cotton was a widower with two small children of his own and he fell into Mary Ann's arms when in the March of 1870, his beloved sister died tragically of gastric fever.
12:00
Cotton and Mary Ann married in September 1870 and in 1871, they had a son. Unfortunately, before the year was over, Frederick Cotton also died tragically of gastric fever. Mary Ann collected the insurance money. You know what happens next? She moves in with another guy and brings the surviving kids and stepkids with her.
12:21
Wills get rewritten and suddenly pretty much the entire household dies tragically of gastric fever. This left Mary Ann with one remaining stepson, who she complained loudly about to her employer. When the boy took ill and died tragically of gastric fever,
12:40
her boss became suspicious and got the local doctor to delay issuing the death certificate. When Mary Ann discovered that she couldn't get the insurance payout on her stepson's life without the death certificate, she had a public meltdown about it,
13:01
which led to people asking questions and then more questions and then testing her stepson's remains for arsenic, which was found in abundance. Mary Ann was convicted of his murder and died tragically of rope poisoning in 1873.
13:23
In her lifetime, she had murdered 16 of her own children and stepchildren, four of her partners, her mother, and an inconvenient friend, and collected insurance payouts and will benefits from almost all of them. It now takes a lot less time for a criminal to make a lot more money
13:41
than Mary Ann Cotten ever did, but instead of marrying and murdering, they can use the info out of stolen data dumps, which were about as cheap and plentiful as arsenic was back in the day. So here's my next story. Sometime after July last year, some of us opened our inboxes and saw a threatening email that might have looked like it had come
14:01
from our own email address. The message probably went a bit like this one. Hello, I'm a programmer who cracked your email account and device about half a year ago. You entered a password on one of the insecure sites you visited and I catched it. Your password from frederick.cotten at gmail.com on Moment of Crack was haunted too.
14:22
Of course, you can and will change your password or already made it, but it doesn't matter. My RAT software updated every time. Please don't try to contact me or find me. It is impossible, since I am emailing you from your email account. Through your email,
14:40
I uploaded malicious code to your operation system. I saved all of your contacts with friends, colleagues, relatives, and a complete history of visits to the internet resources. Also, I installed a RAT software on your device and a long time spying on you. You are not my only victim. I usually lock devices and ask for a ransom,
15:00
but I was struck by the sites of intimate content that you very often visit. I am in shock of your reach fantasies. Whoa, I've never seen anything like this. I did not even know that such content could be so exciting.
15:21
So when you had fun on intimate sites, you know what I mean, I made screenshot with using my program from your camera of your device. After that, I joined them to the content of the currently viewed site. Will be funny when I send these photos to your contacts, and if your relatives see it, but I'm sure you don't want it,
15:41
I definitely would not want to. I will not do this if you pay me a little amount. I think $754 is a nice price for it. I accept only Bitcoins. My Bitcoin wallet is some long string. You have two days, 48 hours for to make a payment. If this does not happen,
16:00
all your contacts will get crazy shots with your dirty life. Do not take this frivolously. This is the last warning. I hope you will be prudent. Bye. In just one month after these emails first appeared, researchers found that about 70.8 Bitcoin,
16:21
which is about 2.3 million Danish kroner, or just over 300,000 euros at today's exchange rate, that had been deposited into the wallets that had been listed in the scam emails. And when I checked again back in November, just one of those wallets had 928.9 Bitcoin in it, which is about 31 million Danish kroner,
16:41
or 4.2 million euro. I tried checking again this morning, but after 10 or so months, this extortion scam idea has now spread to so many people and turned up in so many languages that tracking the number of Bitcoin wallets that were involved took way more time than I had available. This amount of money is many, many more times
17:03
than a year's wages for most of us, I think, and more money than Mary Ann Cotton could ever have dreamed of. And I know that some of us in this room would have received this email and read it and saw it for the scam that it was and then probably had a good laugh. But clearly, many thousands of other people
17:21
suffered through their own private hell before paying up. The thing that sets these so-called sextortion emails apart from other traditional spam email is the inclusion of real passwords from old data dumps. Some of you probably know exactly the kinds of breaches that these things came from.
17:41
This data's easy enough to find. Mail merge is pretty quick to use, and you only need a few scared people to start seeing results. But most people don't know this stuff, even today. And the inclusion of something like a password, which they thought was extremely private and secure, makes it more likely that they are gonna get
18:01
really scared and pay up. And clearly, they are paying up personal data's potent like that. But serial killers like Mary Ann Cotton were outliers when it came to arsenic death. Most people in Victorian England didn't need to live with a murderer to be poisoned with arsenic because, as we already said, it was everywhere.
18:22
Grown men died from inhaling it off the walls in their sleep. And elderly women died after mistaking it for sugar and putting it in their own tea. Children died from being looked after by nurses wearing uniforms that had been dyed with arsenical pigment. And far, far more people didn't die,
18:41
but lived with chronic headaches and breathing problems and poor digestion that they could never find a cause for in their day and age. In the same way, large scale personal data is not something that needs to be used by individual criminals to create problems. As we know, more formal uses of this kind of data by governments and by private companies alike
19:01
can end up outing trans people, like what happened in 2014 when Google consolidated some of their messaging services and launched Hangouts, which merged previously separate accounts into one legal name identity and put lots of trans Google users in dangerous situations. It can end up strongly influencing democratic,
19:21
ostensibly democratic elections, like what Cambridge Analytica did to the US presidential campaign in 2016 using Facebook's data. It can end up stealing company secrets, like we learned in November last year when a Dutch company, a Dutch team actually, revealed that Microsoft Office 365 was sending the sentences before and after
19:41
spelling and grammar checked strings back to the Redmond mothership as telemetry data that you can't turn off. Anecdotally, I've also heard of plenty of people who have given up on using large parts of the internet because working out what to trust and how to stay safe and in control was too complex without the layers of knowledge
20:00
that people like us have from working in this industry. But despite how much we know it isn't great, most people are still kind of meh about the whole issue. And it's easy to understand why people are either apathetic about big problems or resigned to the fact that horrible things are happening and they can't do anything about them.
20:22
The scale of them seems impossible and the likelihood of it becoming a huge problem for you this week is probably fairly low. The period of time where the most people give the least of a damn is known as peak indifference. This is a term that was coined by Corey Doctorow in 2016
20:43
when he was talking about how the world was at a turning point around the issue of digital privacy. And he argued that after this turning point increasing numbers of people would begin to care about their privacy as increasing numbers of people were affected by breaches and incidents
21:02
or someone they cared about was affected. And Doctorow linked this idea to the eventual success of public health campaigns about tobacco smoking but almost every issue reaches peak indifference at some point or another. And what happens to the issue after that tipping point is something that we can learn a lot from.
21:22
Where we pass peak indifference about privacy in the West is kind of nebulous to work out. And was it after Edward Snowden's actions in 2013 or after Ashley Madison or Target or Sony? I think it was definitely sometime in March last year after the Cambridge Analytica stuff really came to light.
21:42
Because after that point we saw large scale inquiries into corporate data use in the United States and lots of penitent looking CEOs and public commitments to change. And even if these things were only for show they were done to appease this growing sense of public disgust and mistrust
22:01
about the way that data was being gathered and used. In June last year the Pew Research Center in the United States found that in the previous 12 months 74% of US Facebook users had either adjusted their privacy settings, taken a long break from Facebook or deleted the app completely. Then the GDPR came into force in this part of the world
22:21
which of course meant that companies suddenly had to start paying a lot more attention to the data that they had and everyday people were starting to get emails from everyone they had ever forgotten they had signed up with and telling them how important their privacy was and how meaningful their consent would be if they would so graciously deign to give it.
22:43
An awareness of just how much data complete randoms could see about them led to more people taking pro app, gave steps to gain control of where their information was going both inside and outside of the EU. But how do we keep up this momentum? I mean we can let it happen naturally, more and more people ending up the victims
23:01
of data breaches and identity theft and account takeovers and leaked nudes or we can maintain it thoughtfully and with purpose. And we spend all this time talking about arsenic for a reason not just because I like talking about historical poison. 19th century England had its own peak indifference moment and people tried a whole bunch of ways
23:22
to keep these issues central. I estimate that peak indifference about the domestic arsenic problem probably happened somewhere between 1850 and 1870. By 1900, our cynical wallpaper was hardly worth mentioning except when someone occasionally found some and then they had to handle its removal.
23:41
And in this time, two important things gained momentum. Awareness of the problem and resistance to the problem. Awareness happened the more that people were educated. Literacy increased and I don't mean just actual reading skills but general scientific literacy increased. Tiny particles of poison in an environment are hard to see
24:03
and without advanced scientific knowledge for that point in time, ambient poisoning was kind of a conceptually difficult thing to understand. But slowly, over time, concepts like germs and disease communication and chemical pollutants
24:20
became understood by scientists and eventually more generally understood by the public. In 1840, James Marsh developed a test which could detect the presence of arsenic in the human body, something which had previously been impossible basically. Suddenly, knowing that your use of arsenic could be traced back to you
24:41
meant that people were a lot less casual about poisoning each other on purpose. In 1854, a doctor called John Snow, not this guy, this guy. In 1854, a doctor called John Snow realized that a series of cholera outbreaks in London were happening because one of the public water supplies
25:02
was contaminated with something that spread the disease. This went against this commonly held theory that disease was spread by miasma or bad air and that breathing the air around a sick or a dead person was what would transmit all diseases. Snow tracked down the source of the contaminated water,
25:21
he removed the handle off the public pump that gave access to it and the cholera outbreak stopped. This led to the development of modern sewer systems and it built better public understanding of germs and microorganisms. Awareness led to resistance. Protest literature played a big part
25:41
in helping people convince others to join the resistance efforts, things like the toxic shadows from the walls of death was an in-your-face presentation of the problem and it put the focus on wallpaper manufacturers to make changes and not just the individuals who might have arsenical wallpaper in their homes. England, to this day, has never passed
26:02
any meaningful laws banning the use of arsenic in wallpaper. Never. But it turned out that the regulations in other countries like France and Germany had much more of an impact on how much arsenic turned up in English households and this was mostly down to fashion and consumer choice.
26:24
Most European countries had outright banned the use of arsenic in pigment manufacturing since about the 1860s and because of this, they suddenly became innovators for new paint pigments that created bright colors without using arsenic and because everything French is automatically fancy,
26:41
people were into it. Fashion, like it does, eventually trickled down through the whole industry and over time, lots of places in England ended up offering arsenic-free products like wallpaper for affordable prices. In fact, most manufacturers had no choice. The pigments that they used to color their wallpapers
27:01
mostly came from Europe in the first place so it was getting difficult to find any that contained arsenic even if they wanted to. One of the best things about this outcome was that it created accessible alternatives for people who still believed in things like the miasma theory. It was really unrealistic to expect that the average person in the 19th century England
27:22
was suddenly gonna develop a scientific understanding equivalent to a professional chemist. People had jobs to do and lives to get on with. The vast majority of people didn't even have access to the kinds of educational backgrounds that would allow them to begin to start understanding just exactly how domestic arsenic use was a problem.
27:43
So the creation of arsenic-free tech that was affordable to obtain and easy to use and provided just the same kind of experience meant that those people were carried along and helped to solve the problem without needing to become activists themselves. By the start of the 20th century in England,
28:01
arsenic wallpaper had been torn out of most houses and replaced with newer wallpaper and eventually with plain paint as fashions changed and nowadays it's rare to see our cynical wallpaper except behind thick glass in museums. For those of you who have already read this far into the analogy, you know that we are already
28:20
doing a lot of these things when it comes to the privacy fight. We are doing the awareness bit. Seems like everyone and their goldfish has either been to or run at least one crypto party. Every other day there's a new how-to guide about signal and tor. VPNs get advertised on commercial television, at least in Australia they do.
28:42
And we're doing the resistance bit too. The GDPR is a thing. Ubiquitous HTTPS is a thing. Firefox builds ad blockers into their browsers now. Password managers are things that our relatives have started asking us about. Apple markets privacy as a feature of their tech
29:00
and the people who can afford it pay thousands of dollars to get it. And besides just focusing on telling people not to use Facebook or Google and putting the blame on individuals for trusting online services, which marketing has primed them to trust, we are going to the source. We're calling out companies that perpetuate unfair systems
29:20
and pressuring them in a thousand ways to do things differently. So why does it still feel like in a lot of ways nothing has really changed? Except that now we have to click through about 100 more pop-ups that say please accept cookies to use this site. I mean don't get me wrong, all of these things are really positive steps
29:43
in pushing back against accepting data harvesting and privacy violation as normal or inevitable. But the third thing, which the arsenic fight had going for it, which we don't really have yet, is time. This all took a lot of time and a lot of effort. A lot of repeating information
30:01
and a lot of petitioning governments to make changes. And sometimes it worked and sometimes it didn't work, but people kept doing it because arsenic kept poisoning people and it was the right thing to do. And now we have wall decorations that don't kill us slowly in our sleep. And now it is a lot harder to walk out of a corner shop
30:21
with a bag of our cynical powder. Thinking about the long game is really hard. I'm a millennial, so if you believe the newspapers, I am something about avocados and patience is difficult. But time is really the key ingredient. We have to keep doing this and not give up and not give into cynicism
30:41
and repeat ourselves until we're sick of it and then keep going. We have to keep reminding people how important these things are, even when we have things like the GDPR to back us up, because if we grow complacent for one second, things will get worse. We have to do this for much, much longer than we think we need to. So here's what we need to keep doing.
31:02
Keep pushing for grassroots public education efforts like crypto parties and community events and official education efforts from local governments and anyone who wants to get on board. Talk to your friends and the relatives when they ask you about it. Help the people who want to understand this to get the information that they need. Keep writing and speaking about these issues
31:22
every way you can. Boost the voices of others who are already doing it. Keep the heat on lawmakers inside and outside of your country. If your government isn't doing anything meaningful, remember that the French and German laws had significant impacts on English attitudes to arsenic. In a lot of ways, the GDPR is doing a similar thing
31:42
for personal data control outside of Europe. It's had benefits for us in Australia, even though it's a European law. Precedent setting helps. Push for more legislation that gives us back control of our private information and imposes strong penalties for its misuse. Push against every piece of legislation that threatens to weaken that.
32:01
Argue for considered regulations that will actually work in practice. And do this even though we already did it last month and three months ago and last year and in the 90s. Governments and corporations will keep trying it on again and again and they trust that we will get tired. They trust that we will not notice
32:21
when they bend the law. We need to be aware of that and to work around it. Be a voice of reason in your own communities. There are probably people in this room who probably know someone who's stolen information and used it to mess someone else up or know people who set meaningless data gathering as a KPI.
32:40
Challenge these folks to do better. If you have ever been one of these people because it is not a perfect universe, challenge yourselves to keep doing better too. And do your research. Fact check corporate privacy spin. We know Facebook especially invests big money into saying that it is doing the right thing.
33:01
They paid through the nose for global billboard campaigns and an apology tour to do that. Hold them accountable. The GDPR does not magically mean that everything is fixed forever. We need to remember this. If you're feeling good about the laws in your own countries, that is really excellent but it isn't the end.
33:20
Even though we don't have our cynical wallpaper anymore, people still suffer from arsenic poisoning all the time. This mostly happens in places where we've outsourced the messier parts of the manufacturing industry like China. White arsenic is an industrial byproduct. China currently produces about 70% of the world's supply of white arsenic.
33:41
And it gets freely used as a pest killer in a lot of those sorts of places, mostly for the same reasons that it used to be used in Europe. It's cheap, it's productive, it's effective at what it does. That means that it ends up in the water supply and leads to skin cancers and breathing difficulties and many more things for all the people who work with it and around it.
34:01
But if it isn't happening where you are, that can be hard to bear in mind. In just this way, if we want a really good solution for digital surveillance, it has to be global. We can't just look around us and see, okay, things are good here because usually that only means the problem has moved somewhere we can't see it anymore or it's affecting places or people that we might not think about very much.
34:22
Keep looking outward. We probably have the biggest responsibility to try to keep making the world better for the people who don't have the knowledge that a lot of us do. The average person in the 19th century wasn't a chemist. The average person in the 21st century isn't a tech worker.
34:40
Not everybody wants to be and not everybody can be and that is fine. Some folks are gonna keep calling us paranoid forever or they'll minimize the risks or they'll insist that they have nothing to hide and anyone who does is a criminal. But we can keep making the world better anyway because we are the ones who can. All of us in this room are in a unique position
35:02
to understand the scale of suffering and damage that's caused by pervasive surveillance and privacy invading systems no matter whose hands they're in. It's likely that most of us are here because we like building things or breaking things, solving puzzles, getting creative with computers and because we have that knowledge, we can do something about it.
35:21
We have to keep doing something about it. For me, the scariest thing about giving this talk is that nothing is so incredibly uncool as optimism. But I really want to be optimistic and I really want you folks to be optimistic and to keep giving a damn because cynicism gets you retweets
35:40
and dunking on optimism is a lot easier than caring about something. But if you actually do give a damn, you have to think about the long game and have patience and keep doing what you think is right even though there are days and years where sometimes it seems like nothing changes. And I know some of you burnt out on this years ago,
36:00
decades ago, really does take time, decades of it. Burnout is real and it is a thing that you are definitely allowed to feel but we can do it. If you're exhausted by it, support other people to keep trying. So imagine someone is giving this talk in 150 years provided that we have managed to survive the sea levels rising.
36:21
What does the long view of this fight look like? What is the optimistic end goal? Who are the Mary Ann Cottons in this future version of the talk? And who are the James Marshes and the John Snows? What does Shadows from the Walls of Death contain that's so toxic that nobody wants to touch it anymore? We can't answer these questions
36:41
as long as we don't give up. And thank you so much to all of these people who helped me make this talk a thing. And thank you for coming along to hear me.