Fear and Loathing on the Internet

Video in TIB AV-Portal: Fear and Loathing on the Internet

Formal Metadata

Fear and Loathing on the Internet
The Surveillance Landscape & Coercion Resistant Design
Title of Series
Number of Parts
CC Attribution - ShareAlike 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
Release Date

Content Metadata

Subject Area
Ths talk will contextualize recent surveillance revelations with the rise of the commercial market for offensive digital capability.
Covering space Internetworking Multiplication sign Data acquisition Bit Internet der Dinge Limit (category theory) Exception handling
Observational study Case modding Personal digital assistant Different (Kate Ryan album) Googol Quicksort Mereology Information privacy
Freeware Open source Internetworking Telecommunication Moment (mathematics) Information Quicksort Position operator Vector potential
State of matter Building Cellular automaton Sound effect Parallel port Routing Demoscene
Point (geometry) Mechanism design Observational study Mapping Personal digital assistant Variety (linguistics) Internetworking Personal digital assistant Bit Mass
Point (geometry) Cellular automaton Mathematical analysis Virtual machine Mass Price index Junction (traffic) Metropolitan area network
Slide rule Group action Process (computing) Bit rate Internet service provider Order (biology) Virtual machine Sound effect Client (computing) Food energy Fiber (mathematics)
Type theory Mapping Internetworking Plotter Cuboid Hypercube
Group action View (database) Bit Information security Product (business)
Installation art Area Sign (mathematics) User interface Software Quicksort Information security
Area Web page Duality (mathematics) Explosion Mapping Internetworking Multiplication sign Bit Resultant Row (database)
Point (geometry) Facebook Group action Context awareness Integrated development environment Personal digital assistant Code Internetworking Right angle Junction (traffic) Product (business)
Uniform resource locator Type theory Computer configuration Internetworking Internetworking Web page Virtual machine Mass Incidence algebra Product (business) Extension (kinesiology)
Different (Kate Ryan album) Multiplication sign Encryption Operating system Mereology
Spring (hydrology) Analog-to-digital converter Projective plane Cycle (graph theory) Mathematician Event horizon Field (computer science)
Group action Uniform resource locator Key (cryptography) Hacker (term) Operator (mathematics) Telecommunication Materialization (paranormal)
Personal digital assistant Telecommunication Multiplication sign Ranking Mereology Spectrum (functional analysis) Neuroinformatik
Content (media) Type theory Sound effect Quicksort Form (programming) Neuroinformatik
Computer virus Computer virus Arm Multiplication sign Control flow Mortality rate Price index Neuroinformatik Word Type theory Software Different (Kate Ryan album) Software Rootkit Quicksort Form (programming)
Email Operator (mathematics) Cellular automaton Electronic mailing list Quicksort Window Vulnerability (computing)
Group action Arm Personal digital assistant Real number Video game Self-organization Pattern language
Malware Software Code Network topology Prisoner's dilemma Multiplication sign Self-organization Trojanisches Pferd <Informatik> Instance (computer science) Traffic reporting Neuroinformatik
Keyboard shortcut Computer file File system Generic programming Neuroinformatik Mathematics Software Figurate number Quicksort Intercept theorem Scheduling (computing) Rhombus Rhombus Row (database)
Computer virus Mobile Web Trail Game controller System call Variety (linguistics) Decision theory Mobile Web Sampling (statistics) Coordinate system Spyware System call Windows Mobile Uniform resource locator Operator (mathematics) Computer hardware Smartphone Right angle Data conversion Window Physical system Row (database) Address space
Mapping Variety (linguistics) Different (Kate Ryan album) Flash memory Range (statistics) Infinity Bit Right angle Data conversion Row (database)
Web page Group action Link (knot theory) Hacker (term) Software Quicksort Traffic reporting
Group action Software Personal digital assistant Physical law Intercept theorem Neuroinformatik
Slide rule Mathematics Software State of matter Multiplication sign Set (mathematics) Fine-structure constant Summierbarkeit Game theory Descriptive statistics
Suite (music) Radio-frequency identification Integer Gamma function Field (computer science) Product (business) Wave packet Product (business)
Term (mathematics) State of matter Sampling (statistics) Right angle Product (business)
Slide rule Quicksort
Multiplication sign Rule of inference Family Condition number
Inclusion map Goodness of fit Software Sweep line algorithm Personal digital assistant Hacker (term) Intercept theorem Rule of inference Physical system Neuroinformatik
Software Flow separation
Web page Message passing Software Information Semiconductor memory Multiplication sign Expression Mathematical singularity Water vapor Freeware
Process (computing) Software Sampling (statistics) Self-organization Pattern language
Game controller Information State of matter Personal digital assistant Blog Source code Self-organization Mass Special unitary group
Email Email Moment (mathematics) Multiplication sign Computer Branch (computer science) Spring (hydrology) Blog Personal digital assistant Pattern language Information Quicksort Website Traffic reporting Form (programming)
Vector space Personal digital assistant Block (periodic table) Right angle Traffic reporting
Revision control Domain name Game controller Curvature Phishing Blog Game theory Perturbation theory Arithmetic progression Hand fan
Web page Link (knot theory) Civil engineering Disk read-and-write head Mereology Facebook Facebook Malware Phishing Software CNN Military operation Telecommunication Order (biology) YouTube Information security
Complex (psychology) Facebook Facebook Digital media Variety (linguistics) Website
Moore's law Content (media) Group action Film editing Personal digital assistant Videoconferencing Right angle Quicksort Address space
Predictability Group action Internet service provider Similarity (geometry) Information security Computer programming Formal language
Revision control Optical disc drive Observational study Internet service provider Telecommunication Prisoner's dilemma Game theory Freeware
Email Information State of matter Multiplication sign Sound effect Water vapor Product (business) Content (media) Telecommunication Universe (mathematics) Authorization Encryption Operating system Right angle Circle Quicksort Physical system Form (programming)
Email Key (cryptography) Information Natural number Personal digital assistant Internet service provider Projective plane Mathematical analysis Statement (computer science) Cuboid Sound effect Computer architecture
Web page Multiplication sign Sound effect Total S.A. Open set Degree (graph theory) Mathematics Type theory Web service Integrated development environment Web service Endliche Modelltheorie Game theory Information security
Module (mathematics) Standard deviation Key (cryptography) Variety (linguistics) Internetworking Core dump Video game Quicksort Exploit (computer security) Physical system
Type theory Facebook Web service Internet service provider Order (biology) Encryption Physical system
Email Link (knot theory) Multiplication sign Sound effect Wave packet Web service Internetworking Mixed reality Data center Encryption Mathematical singularity Diagram Series (mathematics)
Email Freeware Theory of relativity Internet service provider Electronic mailing list Encryption Encryption Quicksort Freeware
Data model Wind tunnel Radio-frequency identification Order (biology) Self-organization Quicksort Endliche Modelltheorie Term (mathematics) Information security Information security
Point (geometry) Internetworking Internet service provider Encryption Information security
Internet service provider Authorization Encryption Connected space
Standard deviation Moment (mathematics) Encryption Electronic mailing list Bit Associative property Family Theory Wave packet Row (database)
Point (geometry) Domain name Group action Prisoner's dilemma Online help Database Mathematics Centralizer and normalizer Personal digital assistant Internet service provider Encryption Energy level Point cloud Quicksort
Single-precision floating-point format Order (biology) Program slicing Encryption Set (mathematics) Quicksort Row (database)
Slide rule Email Link (knot theory) Forcing (mathematics) Encryption output Quicksort Demoscene
Malware Information Internetworking Transport Layer Security Right angle Mass Information security
Endliche Modelltheorie Mass Figurate number Quicksort God
Type theory Internetworking Multiplication sign Internet service provider Order (biology) Encryption Energy level
Presentation of a group Dependent and independent variables Software Internetworking
Freeware Transport Layer Security Endliche Modelltheorie Mereology Computer-assisted translation
Sample (statistics) Data acquisition
the bit the
the back the the
what do the the all right the the are going on and I Morgan and this is during learning on the Internet of Things understand this claim I used to work for a very large company that solar none of the stuff that I've done here with 1 exception was accidentally and of its essential done limits must be a time over the Citizen Lab University of Toronto and in a nonstandard group from Mexican the cover
quite a lot of different case studies in green are not all of this work was done by me exclusively by sort like to thank the people I actually did it with beforehand on particularly Colin Anderson Eva
Galperin Claudia got married can go mod check and John Scott relative so yeah this talk is
in part I think about it but I like to say that it's about the grand of but in many ways it's about something that turned out to be far more listen and it's a dream but I had I was formed as a
teenager so it was a dream about the Internet and sort of have an admissions make
that I was actually indeed a teenage techno-utopian on when I 1st got on the internet I was amazed by the hitherto of
and seeing communication potential that this new medium was going to provide and I have high costs that it would a really positive things humanity that be all to understand each other in ways that they have to would give voice to the
voiceless and you know it would act as a liberation geology and now that's not exactly where we are at the moment we sort of somewhere more like the rest of the now I presume that a lot of people here will be
familiar with the concept of an optical on it's it's a mutation on surveillance that was originally postulated by an English philosopher by the name European them on it was actually designed to present the
idea being that you would have a central route and will present cells surrounded and from the scene for a newbie interview the activities that anyone in the present and they wouldn't know whether or not someone was watching in fact they wouldn't even
know someone was in the room and so this would actually function by having a common stifling effect on the behavior of potentially ready prisoners and by making them aware that they could constantly be under surveillance
and now obviously there's parallels to a lot of stuff that people been discussing recently from lightly pertaining to state surveillance on some of this talk is
actually about that on it's it's gonna cover a variety of case
studies on tend to map mass surveillance and a bunch of case studies on the targeted surveillance of various activists and journalists that ended up working with some were gonna discuss why this occurs
at the legal coercion mechanisms are behind us to discuss a little bit about what I'd like to see happen so I
this but a lot of discussion recently that mass surveillance like that most people here have some idea of what happens how about a cynic briefly point out that the way the Internet traffic is generally collected so as you have
a devices which are frequently known as massive indices devices that perform packet restrictions on that at large into the junction points that's about it put the places where a significant amount of traffic passes you have machines capable of performing analysis on a very large amounts of traffic
on some of these vendors obviously that produces cell these machines you guys ever heard of Norris there was some controversy around them of postulated eventually
sold of surveillance equipment Iranian regime but is another reason why you might have heard of them that there was an elite in it's a whistleblower a man by the name of Mark Klein and he worked for a T incentives discussed
and it was actually his job to install these machines can run fiber but anyway he realized why he was doing this and this has been used for energy felt that this was unethical and so he told the public about end what this was the in is a was installing these machines began to look like lodge internet service providers in order to get monitoring of traffic involved but we know
a lot more about this now thinks it's loaded and I wish he released slides and high rates that the people who maybe were harassed but you get the idea of what you see here is um excuse schools automatically excuse collocations which is 1 of the largest collection effects that the 5 eyes and going on but from what we know From a mock client it's likely that action
use boxes to perform this has inflation and you can see from the plots all over the map that they're pretty prolific as you'd expect from the world's best from search and there's a lot of other people that provide this type of capability and premises 1 this is not the actual logo but I
also do not editorialization myself I found a small the on the internet and why might someone while the emesis brightest hyper surveillance equipment on and it's been suggested that they would lease then at the cold and who they sold this to Parliament they're found providing it's the Libyan regime of its accusations of thing being complicit in torture another vendor themselves take Geology you may have heard of it is a
Californian firm by the name of blue glucose and In 2011 the hacktivist group Telecom x discovered that this view is actually being used in serious and and they disclose this the public and there is
quite a big human cry about it there is a large wall street journal article armaments of people really followed up what was going on and largely because Syria is actually embargoed by the United States it's actually illegal for companies to provide products now a little bit of that is postulated that this view was actually in use in Saudi Arabia to facilitate surveillance of there on the like you remember thinking why wasn't working on rumors and speculation on any because I'm a security engineer I decided that the best light you actually to
map the usage of these devices everywhere on decided and this is a matter
that I made of all Bouckaert installations like a 4 and this was in early 2013 and so to explain this the blues areas where differ found installation the black was areas we did not the
grazing areas were found them and I decided that I didn't can't on any of tell you what the so they could take she this practice the use of these technologies on
whole works and because people run networks sign agreements and people of security policies and so forth a bottle of counting sort in the grave was places where
they were found that I just don't use of corpora no x on the blue however was with a recent public access network size piece and that some the places where people expect to have the Americans in it
so this was published January 2013 there's a New York Times article and that shortly after that had the
resale that was found to be selling this gives area was fine 248 million dollars on which is kind of a good result is actually not a lot of money for major international might look at the we actually did another if a little bit
later and continued mapping for these devices and when we rescale stand the internet that she found that they their devices
again being sold in around and now this is another country that is actually invited by the United States it's actually illegal for them to have sold so now we could actually see the time of there was an article on page 1 The Washington Post The Washington Post article on record saying we do not design a product of and during the use to suppress human
rights a product and not intended for surveillance purposes and but I was sure there actually wasn't the case so the blue code provides a product that provides a real-time
awareness of learning and so essentially what that does is it had in monitors traffic allows you to manipulated to block it will to log on so this can be very handy in a corporate environment we want to stop you from getting access to Facebook however which used the whole countries a large junction points can also be useful for loading the actions of Internet users so as they see it they theorize the product and not like the surveillance purposes I
wasn't sure was actually right I was pretty sure that actually read on the internet that they had actually advertised it as such when I search for it however I could not find and however with the the way back machine and so on and this is a tool that was given by critics the pupil coexistence and uh
and surveillance of the Dubai in 2006 called practical examples
of and so that appears to not be entirely accurate ideas on it may be difficult so you these types of incidents that mass surveillance and onion people talk about a lot of what actually like to focus
on and is different kind of surveillance and however we make you would forward would solve this problem some time ago and people been concerned about this since the nineties user movement that some of you may have heard of this parts of they were concerned with the
free-speech stifling possibilities of surveillance and and advocated the use of strong encryption and now if you came from that movement by you might go to sleep in the nineties and wake up now and actually think this reasons that you want I now all of the world's
major operating systems provides the possibilities for encryption which is a good 1
and most of the world's major which services provided scripted access of which also seems like a good idea but the talk projects still exists not only still exists this it's actually being affecting international events and is unique during the Arab Spring to circumvent from blocking government institutions
however surveillance has also called and
but you some of learning of so on historically the say it was known to employ a football field of mathematicians that would charge for the purposes of breaking the cryptographic cycles and so forth and
recently that's come out of that the in is a you could break is are a group of hackers known as the tale operations on now this is basically because it's actually easier to break into things and you'll key materials it is to
break the pros and like How did don't only once during this there's been a lot of documentation from the actions of the Chinese government of the counterpart there is 3 PLA on this
happens much in the way that you would expect from a tiger is identified digital devices of broken into and and implant allowing
further access to install and maintain the steel the data the location the communications and so forth now large companies I realizing should entitlement the nation recently unimpressed this is the general counsel of Microsoft is to the government's sleeping now constituted an advanced persistent
threat from that of the people recognizing this as however the use of tiger technologies surveillance is
actually we around for a while a lot of people here might remember this case as the Buddha's children on this so there was no some of those being prosecuted being part of a steroid sales rank and it came out in his defense and that they had discovered
much of his activity by virtue of evidence told spectral soft runs computer on which they were using 2 monitors communications and the teachers lawyers actually got hold
of the dividends and the CCC actually analyzed and published on account of this on at that time it was initially denied that this has been done on the thing was found actually as of 2011 when this case was that the German government actually already with the
rise of 52 such users of this technology and a year later the dutch
government decided they want to legalize the sort of thing effect that you want to go further they wanted to make it legal tiger and anyone anywhere with inside the country outside and I also want to do this so they could lead to the
legal content promote computers of a lot of people actually found this idea very wiring of animal do not pass current form so this is safer
according to years give it a lot of people that interested in having this type of capabilities and where there is demand for people create things and was sold to you and so on
and so we talked about it on the talk about a lot about now that which is generally the form that this type of mortal indices surveillance takes on now I jerk but now where is any sort it's installed on your computer without an end user license agreement and
however functionally this takes the form of software that you don't know that you have in computer that allows remote access but now the issue is that matching to talk about something for years and years viruses traditions so the thing that you know ran on a
friend's computer and it stopped working they want to fix it in 2 days and that sort of thing but this is so this is of a different type of peace and the sale of offensive capability and is particularly near and there's a bunch of large American arms contractors have been doing this for some time and the also writing and a T. companies but also and right this people I would cost break into computers and is actually
becoming reason this that this is actually a two-year-old priceless that was leaked so that you can see that for what it away 6 vulnerability 20 to 50 thousand dollars Windows Phone abilities 60 120 thousand dollars from
vulnerability oranges explorer institution thousand and so sorry the industry has actually started to do that of soul-searching about the sale of the sort of thing so this
is an interesting piece on our mailing list which is a largely largely we can from so offensive in the
industry was secured industry and this guy just a various associated what exactly do you think they do with the Intel they collect from such operations on basically a few cells on exploiting ends up being used to the dual Intel into extraordinary
rendition or problems that the side of scientists can have their hands anything but bloodless in universally deployed bombs and guns are likely speculate but that's life
near worlds groups in so what actually happened there the really real world wanna cover a few cases here I but this is a woman named a larger having that she is firing R&D who lives in London by she works in economics professor of she's a founding member of the activist organization firing pattern of firing which does is they monitor the sale of arms and to Bahrain recently they had a campaign to solve the Korean government selling gas
that's the Bahraini government to suppress purchase and so she she sees the smelter who
organization in the beginning of May 2012 of trees is using education doesn't work guys I think it would have been the target Trojan Trojan overlaps off of it turned out that she had and the reporter who was working with them and up contacting me I and II that helping her
analyze the malware that was installed on the computer back to try to figure out who was what it was what they were doing bunches of this if I worried because the husband was actually in prison Byron on now out the software that was installed on
the computer I was software known instances by and people actually interested in this for a really long time on the code for gave a keynote with their off on the 1st
day and see it as we see this software we know it exists but we never seen and
you can imagine a red diamonds 2 people your about software for a while before we discovered it on a large is computer but now this is reasonably full-featured software sold for the purposes of all out it's a governmental only
intrusions we from awful interception with they call it now this is what it costs and all sorts of things that someone who wants to monitor someone surreptitiously would find appealing and from recording your keystrokes to recording ambient 40 around the computer's microphone at a B recording figures people's weekends and can
take screenshots of conversations and so forth that there is a variety of works on a variety of operating systems including mobile operating
systems and I analyze samples for this whole virus and right blackberry Symbian and Windows Mobile but it provides an decision holes logging of phone calls of allows you to track victims location at the that that actually really paranoid when I was doing this work I was it's got
um displaces the invisible microphone technique and when you analyze the coordination refers to itself as the slight whole so what happens is
instantiated out hole so that you are unaware exists to remote locations such as the enviably recording was sound around cell phone and find doubtful comes in it returns control the hardware to the phone it
was was foreign flashes rendering your conversation shut down the hall and this continues again this leads the appearing suspiciously myself on a lot of and
I so we did some mapping to try to figure out where on the world with geology is being
used and and we found so those and for this in a
variety of different countries and wrong talk a little bit about this yesterday and is black talk and there was some countries that gave us
real cost for all of this was found in a 2 minutes on a range belonging to the Ministry of Communications and Turkmenistan doesn't have to be a human rights record despite the era of infinite happiness that was recently the the they were flawed and
so released report on this on July 2012 and the New York Times
posted this on page 1 was useful that actually means mean that a group of people are crazier than hackers got involved in that is investigative journalists and and they manage to discover all sorts of interesting things about this company and they had interesting offshore accounts in the Cayman Islands and various interesting business dealings which I am I'm not it's in this but of 2 to the
layperson me they they seem suspicious indeed on finally the British government
decided this potentially they weren't entirely sure about this arm and so they decided that they want to stop the sale of this technology to reservations now Ignatius stipulate what
constituted of repressive regimes got a lot of wiggle room for the mayor of but was greater than the civilian do something the is a Wall Street happening in the UK it was found that the British citizen um was
broken into by the European government using a software and he is trying to say he was the UK government to take international action to us but this actually American citizens who is also suing the Ethiopian government with
the assistance of the Electronic Frontier Foundation of the software was found stolen his computer so and he's an American
citizen so it appears in the European government has been tightening of people on US soil now this specific specific gold of will fall Anthony a lawful intercept target surveillance software actually came to notoriety and during the Arab
Spring but during the year evolutionary Egypt and people kicking down the doors of the state intelligence apparatus and found these documents and slide down from should is a company being
in Munich and that produces defense by software and now these documents you found and State Security Investigation Department from damn International description promote intrusion solution then supply and the set of things we sum of
287 thousand euros but this might seem like a real money it is not is basically dictator pocket change of now at the time game
international to be it wasn't me that's what I is that we have supplied in need of of integers we products correlated training to
Egyptian government the stipulation was that they had just engage in a discussion about the potential sale of this stuff a year later they may be even more interesting place that we did not have like anything Fisher products to Egypt that
could have been used during the movement of the opposition and I'm not entirely sure that means field to me that sort of
deliberately confusing but perhaps the least untruthful thing they could upset about the situation of sorry Over the last 2 years and the use of geology
is shown up at least Steven in Egypt and targeting Egyptians in Cairo reason this is a list of
samples of the but this is simply so our people can understand what I'm saying is not a story this is reproducible with the rights of isolating wants to take a picture that we were lit up and what I find concerning is
that their initial denials
and in 2011 seem to imply that they had not sold this and would not sell because the country was in a state of concerning term well I given that this product
is sure up in this country over the last couple of years of well we know that this situation
in Egypt is still tumultuous yeah so these guys are actually just an example of the grooming you trade and as I mentioned where there is demand capitalism there supply so this industry has gone from being worth nothing 10 years ago to what
was quoted as leave about 5 billion dollars a year in 2012 and what you see on the slide that is in this war what is commonly known as the
wiretap is all and this society's wealth this happens in Washington by and Southeast Asia to around the world and they sell all sorts of technologies for or willful
deception and criminal investigations intelligence gathering I know while meaning governments have actually picked up is use this
as a teacher capability think of iodized Russia France from Germany forth what's interesting now this technology being sold on I a you open market is that any government compliance
which is why you see this technology propping up in European wearing social and there is some activists in the United
Arab Emirates and notice you 85 but they were imprisoned assigning a pro-democracy petition this is a Geiger I'm amounts of and his exact time I believe was something along the lines of insulting the ruling family by Siemens conditions on then
when he was the in of a couple of years I when he got out of his political beliefs
were largely unchanged and he continued to expand publicly on as it turned out that political police of the ruling party of the the ruling faction UAV was also unchanged on and EU was being followed and in many cases he was physically assaulted he was entirely sure how this is
happening on so I that being asked to analyze the computer and that is if you don't do is actually a surveillance software installed on of now the software known is eventually sold
by an Italian company good 2nd team and great and then they so was the hacking sweep for governmental interception now
these guys pitched this as surveillance for security-aware geographically mobile hunter and the idea is that if you actually had someone wants to sail it's kind of
paranoid I don't know where was the this is this is the stuff you right they claim that
itself but untraceable which is I think it's like situation upon but you still too much
and so on there was an article Bloomberg about this
and and initially was denied that the software had been sold in many repressive governments and several of them however it was accused of being used again gang
and Morocco this a citizen journalist recall memory can choose articles the Moroccan government and end they received awards free expression from Global
Voices and actually will more in water this as well and then around that time what happened was that being said journalists they had a web page which said if you had used in our please contact us here so was called and someone's singular message saying I really give the names are given a lot of trouble but
but please read this attached document because it contains much scandalous information but this is actually not a great idea of what had been journalists look to the end of the organizational issue compromises itself of government trained about helping them analyze software for going out what went on on as usually concerning the they actually found that actually had
a very very much the chilling effect of on their work now the targeting of journalists is actually of some concern was
that the pattern here of activists being targeted journalists being targeted the software has been found all around the world so of most concerning we see being used
in Texas a central Asia Africa Middle East Eastern and but as I mentioned targets that was the use of publicly very interesting and this
racially research that I did do for my former employer by my day job and we took a sampling of the world's 25 largest news organizations in which he found that 21 of them been
targeted out by state attackers despite technologies of obviously this is somewhat concerning then it speaks to of Titan journalists not specifically the information provided but active sources
but citizen journalists large news organizations and this is the case
uh this a Vietnamese blog called on the Sun but it was the wild just political blog outside of Vietnam was not under the control of the government of Italy last year they were hacked
and reporter was working on the case actually asked me to see if I can do anything and at the time this wasn't possible and I continued sort of working with various people in which he began to see a pattern of how that was hacked in
2013 and is a Vietnamese which mathematicians and lose to the branches constitutional writing about how it for the Vietnamese government moved to the fall of he was also a tighter in May 2013 and when things started getting even more interesting was the Electronic Frontier Foundation sentences that that received the e-mail up which actually show good
understanding of the target and that it offered activist 3 flights and hotels to attain a human rights conference um am additionally I I became aware of another case of the
reporter who is based in Vietnam and he wrote The Associated Press and now is interesting is that the block is if the if if there were tiger only the people who had written on the Vietnamese government I'm so it actually became apparent when I look
through all those that these were actually forcing vectors now there's a million Vietnamese in the diaspora that exists outside of the Government of and this appears to be the most
common she and scalable method of actually trying to keep tabs on on what people were saying things that we need the government doesn't like outside of the domain of control but unfortunately
just 2 days ago that the founder of the undersigned blog that I mentioned that was actually imprisoned by the Vietnamese government for lowering the priest he should this
thing and so this game is actually very very real on and it becomes even more concerning of wind is actually a hot conflict in progress and in the case history of the civil unrest flat around 2011 I of but digital campaign targeting opposition to the Syrian government followed shortly afterward
and stifles free commonly used there because people don't trust us serene telecommunications establishment of which is probably not a bad move on the part of the picture of the main use their eyes namely grown gallium and he was the head of the Syrian transnational opposition from his facebook page was hacked and a link was posted explaining that the Syrian government was monitoring dissidents and that in order to avoid this you should actually install
following software to provide security your without this is this is not an official Facebook to download now while checking
this but I actually felt the website that they used to experiment with a variety of team sites at a tiger people I'm not sure why the muscles but
so this is the website complexes so a variety of other teams that made it through this the song and was as well and the social media was a very key in organizing immobilization
on a serious I am not just Facebook also you choose due to the ban on foreign journalists used to upload is atrocities occurring in the country I was doing
analysis on and the tightening of an NGO
group there's actually working with Syrian refugees and unfortunately a lot of the moors that he used to try
to get people to install malicious content of all target surveillance after on the computers of because this is the whole world is precluded grizzly and it's just these
videos showing more frequently violence against women by Cide soldiers in this case that it suggested that this which
are human rights atrocities being um done by sunspots sort by analyze this I look the malware and but found it was talking to an address space in
belonging to a certain government and many without thinking about it for some reason I double-clicked on the video and n it shows the civilian having his work cut and being pushed into a shallow
grave going so again this is this is actually used for lot fairly serious purposes in very real situations so that the people of being tied this targeted by the stuff a very well studied by the groceries and actions the people who provide
training a well understood to and a lot of you guys have probably had security
advice or even provide security advice you tell people to use tool or something similar like this and this is a program that offers to provide predictions from surveillance and censorship and it's the Persian language will but now there was a copy of this that was back toward that they would
install was tool but also seeing all of your keystrokes to a recent study Arabia and probably
undesirable so this was a copy of free game which again is a tool that offers to provide protection against government surveillance and this is a modified version of it doesn't scale free gay but also in schools of the
things that you do not want to talk to the Syrian government tall odds of actually seeing back-to-work copies on as well and it's very popular with people trying to evade the Chinese government surveillance and this is a copy that did that but also seems of your communications to the Chinese government and so our work while or as it was the obvious if this is actually also lead to prison but also undertake a brief didn't
so of course if you're actually in the right place and you have the right sort of authority we don't actually have to do all the stuff that we just described as you can just ask people what you want it helps if you have a piece of paper which sees is that they have to do the information and what's become very concerning is is that this no longer
simply takes the form of warrants the data user communications the people's content people's emails and that's the thing which is traditionally expect law-enforcement ossicle and this notice the form of legal amongst all the systems on the circle of the Bill OK is Microsoft's encryption products that comes down on a modern operating systems the universe water engineering and recently state to the news outlets that he was asked multiple times by the if the items still effect on it so that they could be encryption and people probably have a
lot of it has to do with slogans e-mail provider they did not simply ask for all have been to give up singly mail box and they asked the keys that were making provided access to everyone's e-mail nature
shut down of the analysis of the compliance so I could use pursued
2008 back because of the way that architecture they wouldn't be able to comply with a request the use of information even if they were last this is no longer the case that there was an internal
project a statement of project yes but which was an effect designed to make sky able to comply with what was the rest of is obviously
being a bunch of legal challenges to these types of approaches of the if of suing in a safe for a really long time of the degrees of success of now I think about this and this lead me to postulate
there as a service increasing popularity the chances that someone would eventually be forced UTurku was the security model approaches the total and I so maybe is essentially that of a hard sell you know
like try to convince people of this and then you start getting headlines like that the in is saying the CIA SkyDome people online
dating With the release of this there was actually a 17 page document which I read all of the path that contain such genes is this this is linear say describing the effects of the British intelligence services the gchq has really this to exploit game which environments has
produced exploitation modules exports Life and World of Warcraft so the basic things you know this is thoroughly good come on guys we cannot really behind regarding unanimous answer basically like where there is uses the actually will be surveillance if nothing the
variety of ways that we can actually start engineering and again it's based on what they don't into much detail but historically when you're actually talked about this sort of thing the standard you would crazy so however will point out this is that
there's actually some core systems they're actually created like this is like the of Dionisi existing being the the the core particles are the internet and the key for this is actually what between season people can see
the different countries around the world being US king of ourselves to that of Canada China chief public I the idea being that this type of worshippers inevitability to actually have 2 codewords least for people from
countries in order to force them to compromise the system and when we try to
Christians and however what I want to say is that you might remember in nearly 2000 there was actually a really big push to get major service providers to provide incredible audience know I think Gmail the main Facebook followed in outlook I think finally yahoo actually see certain provide encryption log into the
service and everyone's already like we want we perceive only the companies to do this on the celebrations was somewhat premature and not talking about there's a whole
lot if you were to at the company time can I felt a little more like that but now what I was referring to there has the the effects of the Interstate 10 and inter data centre
links training of Google's will this is motivated to about is this which might actually be something that you've seen before
and to this is a diagram of how communications happen on the Internet much simplified of remove most of the series of choosing but a once ITC someone wanting to be with male singing in now and the other side someone want into the e-mail and receives it and so we got encryption here encryption where
here and of course everything that happens in the middle is still essentially free American so let's have a quick problems and so these things will eventually it's to you don't fix this
problem which is sort of opportunistic encryption and start list and unfortunately when I looked at the start certain
relations relations came out last year of the 20 biggest e-mail providers in the world and the people I provided the semantic deuterated so when I last looked things with better but not by much and now the thing about this the biggest for e-mail providers in the world between them so this 1 billion users it's actually quite a lot of people have
now if they actually hold this there that would actually be good it would do would fix a lot of the problems that people discuss this sort of dragnet surveillance all collections and the batteries that would
actually still be possible so tight people by the amount of but they wouldn't get everyone's however longer-term if these organizations decided that they wanted to know how
to approach the tunnels between them would actually agreed with this would look like are they going to provide real security 4 billion users at a very critical and so basically I want to finish by saying that the engineering gangster who worship security models it is something we have to do now in order to keep users may actually have a lot of
tools and then we can actually do
this private people properly motivated and maybe also an idealist but maybe and so this is getting enough tasty utopian of but I think it's important to keep dreaming big impossible dream which is why we're actually come here because like the public hassle to thank you very much does anyone have
any questions be fit
the did I get you correctly that you around now advocating for using TLS estimation and
and to get to what's going a resistance so and what was the
title of main I don't deep into details what what's a good idea is thought be lessons back and so teliospores Transport Layer Security so provides encryption you between I point a and point b in the internet and starts least provides opportunities encryption
so that actually means that can say you you mail provider Hayes day she asked male provided the idea of what
this that they do just encrypt stopped to look like still standing now the someone recently issued quite like those that singing male male-to-male provided that does not so what starts Ulysses like the seeing the in itself I just together and I get get but the meal is still unencrypted on each of the n points which is the the bigger problem because Microsoft being a United States
company for example is not exempt from United States and as a and going to college and some something that we do have something like that in Germany for
example there was a big marketing will have high last year that some genuine provide as
well now using TLS all the connections within each other which of course doesn't solve the problem at all because all the interested authorities still
have excess what you really want to do this end-to-end encryption that is not dependent on any of these providers like 3 Indian in
encryption is a fantastic idea the great thing about
start Telus is that it's it's so the not solving the problem where I would
disagree with you is I think it's a seed of problems right so if the data is not encrypted at rest in the issues that someone can come for it with the bit of paper I described and that's unfortunate and thinking encryption currently is a little bit tricky especially with male and that the gold standard for this at the moment is gt training everyone to use as far as an idea do of like you do as well and I've tried to give some of my list Technical associates friends and family he uses it's been a struggle and the reason why advocates that elicits simply because of it fixes the a
theory of that specific problems and which is essentially that all of that stuff that's actually phrase that stuff stops being afraid and that means they actually have to comfort with a bit of paper which is better than being free because that means that these records or is the varying depending on how similar isn't that they talk introduce and is it
also the case in point is is sort of discussing is the problem of centralization mean Google and Google USA prison partner and so using search LSS change the fact that they're collaborating mother fuckers and it also doesn't change the fact that once
you're in the cloud there was also on the inside and out by the NSA success but that's that's the case it's a circular saw it doesn't really help because level 3 the transit provider that provides the backbone gets this and because of the centralization the we selected surveillance works is that they just look for a domain
name and then anything that matters the domain name immediately goes into the database and people don't really understand that even if it does require some paperwork it's not very much should we actually recognize the people were goes between a bunch size and but that doesn't really stop anybody in that sense In the end and encryption even with that you know how difficult it is is the Goldwater reach but it must also be in a decentralized fashion it's not just by using the 2 about rearchitecting the way that we communicate to remove people or corporations like going out of the picture entirely so that they
can use centralized risky place where the sets of things happen yeah sure some few
yeah I I mean this quite a lot interest there but I think that decentralized this differently safer have the paperwork on this is certain to be Chadian all sorts of ways that we could never have predicted but it's single slice of orders for billions billions of user records that persist across years and that's the thing on I advocate that individuals gene-gene an encryption and when they can but it's easy people screw up and the reason why so now a sintering because of told the day 1 so let's talk about the GB of that advocated the use of encryption is some sort of prophylactic and now the I think you this as sort of this layer and about wanna a double dagger so and so uh this would allow the obviously starts the earliest plus the GP is obviously the mirror and I mean again with this solves it solves a problem
of this stuff being free ride it solves the problem of not this slide the input things yeah I see it basically solves the problem of the fact that we knew scenes unencrypted e-mail across lot of links that are subject to for harvesting so that that is gone for
free and you there are other ways to get the data so this is sort of 1 the easiest that's that we can actually probably force
large companies do base I know you're aware that getting large companies to institute into encryption has not
succeeded anywhere yet but I think you essentially right and then the solution to suggest that anyone else so
it's been said that mass surveillance is now possible because the Internet has made collecting lots of information people very cheap and so you know the NSA with it's admittedly massive budget can use that budget very effectively to surveillance of people it seems like things like starting last increase
the cost of mass surveillance on but I'm curious if you know if there's been any analysis or if you have any notion of like
exactly how far we need to go to make mass surveillance too expensive to park right
sorry you hit hit the nail on the heat which is the sort of and it seems like this increases the cost of surveillance and that's essentially what you're actually doing this I mean there is security firm that makes this the slogan is basically you know you don't have a malware problem you have an adverse to the problem of so if you happen to have an exceptionally large government that is very dedicated to spying on you have in some ways which is how it's been so you make a fool them I'm
the I think so
obviously when it comes to targets that depends on how interesting a tiger there's no question as to how extensively to make mass surveillance of the the model that a a come out that other finalized using is is that it will just
killing everything successful related to the data you want and I think people still go the data that they won't however if you actually start everything and they in it means that a lot of stuff
you collect is not immediately useful depending on people's abilities to the Greek delegation that's the thing and so is sort of how it's been so unfortunately I can provide you with all figure because I'm not entirely where how did these says pockets God and but I think more extensive than functionally 4 years is a really good start so 1 more
question perhaps FIL OK well just stand up and I hear a lot of people talking about how to solve the Internet encryption problem
but basically the internet the level of it is fundamentally about as far as encryption is
concerned because we've been building off of fundamentally on secure systems for the longest time in order to solve this problem you have to build another and and that is not cheap and that is not easy but it is probably the most effective way to secure the internet if you have other you have major corporations that have not partner or not using the same type of Internet services for the day was that with
questions from the question is do you believe that we can stay believe we can actually secure the internet has existed that for its security like active can we secure something is kind of sounds like at the
presentation all of a
potentially false finally and highlight can I make the secure use not I mean the problem is is that like everything is written in software software as she the source of on can we secure the interval from remember for what would be my my response to I building a whole new Internet seems kind of fatalistic have I kind of like the
1 we've got released the cat which is part of an so I'm not sure
I I actually like to see your designed for decentralized you into the book from model dynasty idea making
at the at the bunch of reasons is there a way that you arrive at fj
few yeah
I think that this was taken more than thank