Black Code

Video in TIB AV-Portal: Black Code

Formal Metadata

Title
Black Code
Title of Series
Number of Parts
126
Author
License
CC Attribution - ShareAlike 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
Identifiers
Publisher
Release Date
2014
Language
English

Content Metadata

Subject Area
Abstract
A recent stream of documents leaked by former NSA contractor Edward Snowden has shed light on an otherwise highly secretive world of cyber surveillance. Among the revelations, perhaps the most important for the future of global cyberspace are those concerning the way the U.S. government compelled the secret cooperation of American telecommunications, Internet, and social media companies with signals intelligence programs.
Data acquisition Code Directory service
Sensitivity analysis Digital media Expression Shared memory Online help Right angle Basis <Mathematik> Shape (magazine) Freeware
Uniformer Raum Information Internetworking Firewall (computing) Website Set (mathematics) Hill differential equation Right angle Physical system Physical system
Web page Dependent and independent variables Firewall (computing) Block (periodic table) Projective plane Sound effect Port scanner Design by contract Internetworking Remote procedure call Series (mathematics) Physical system Task (computing)
Domain name Dependent and independent variables Code System administrator Mathematical analysis Self-organization IP address Equivalence relation Fingerprint Physical system
Ocean current Digital media System administrator Projective plane Self-organization Traffic reporting Event horizon Connected space Fingerprint
Group action Email Digital media Self-organization Right angle Staff (military) Open set System call Resultant
Dependent and independent variables Physical law Right angle Line (geometry) System call Local ring
Revision control Type theory Internetworking Denial-of-service attack Right angle Computing platform
Cybersex Software Execution unit Cyberspace Right angle Information security Field (computer science) Physical system
Context awareness Spyware Weight Digitizing Projective plane Horizon Bit Open set Product (business) Web service Internetworking Computer network Data conversion Physical system
Mobile Web Context awareness Social software Digital media Forcing (mathematics) Information and communications technology Cyberspace Basis <Mathematik> Cloud computing Sign (mathematics) Mathematics Internetworking Right angle
Information Computer file 1 (number) Disk read-and-write head Twitter
Pulse (signal processing) Uniform resource locator Operating system Endliche Modelltheorie Router (computing) Enterprise resource planning 2 (number) Geometry Form (programming) Spacetime
Digital photography Email Server (computing) Internetworking Telecommunication Internet der Dinge Cartesian coordinate system Neuroinformatik
Point (geometry) Cybersex Context awareness Information State of matter Direction (geometry) Archaeological field survey Cyberspace Cyberspace Graph coloring Power (physics) Internetworking Right angle Quicksort Information security
Programming paradigm Mathematics State of matter Acoustic shadow Game theory Information security
Programming paradigm Shift operator Dot product Physical law Horizon Mereology Rule of inference Type theory Mathematics Envelope (mathematics) Right angle Catastrophism Information security
Computer virus Domain name Mathematics Sign (mathematics) Arm Multiplication sign Software developer Forcing (mathematics) Sound effect Cyberspace
Cybersex Complex (psychology) Dynamical system Arithmetic mean Internetworking State of matter Forcing (mathematics) Information security
Facebook Pattern recognition Digital media Computer network Mereology Exploit (computer security)
Confluence (abstract rewriting) Scaling (geometry) Forcing (mathematics) Multiplication sign Virtual machine Family Error message Power (physics)
Existence Shift operator Internetworking Forcing (mathematics) Order (biology) Design by contract Data conversion Surface of revolution
Mathematics Internetworking Internetworking State of matter Gravitation Control flow Cyberspace
Cybersex Web service State of matter Multiplication sign Computer network Cyberspace Endliche Modelltheorie Exploit (computer security) Information security Power (physics) Product (business)
Game controller Internetworking Coalition View (database) Electronic Government Cyberspace Line (geometry) Endliche Modelltheorie Error message
Internetworking System call Local ring
Bit rate Internetworking Software developer Pressure Table (information) Event horizon Computing platform
Revision control Word Centralizer and normalizer Functional (mathematics) Internetworking Personal digital assistant Electronic mailing list Cartesian coordinate system Information security Event horizon Entire function Physical system
Mobile Web Group action Programming paradigm Open source Spyware Multiplication sign Source code Cartesian coordinate system Rule of inference Mathematics Malware Spring (hydrology) Numeral (linguistics) Internetworking Personal digital assistant Self-organization Right angle
Server (computing) Game controller Projective plane Total S.A. Incidence algebra Product (business) Software bug Subject indexing Software Boundary value problem Right angle Backdoor (computing) Row (database)
Content (media) Data mining Trail Identifiability Spring (hydrology) Internetworking Surface Computer network Limit (category theory) Field (computer science) Product (business) Template (C++)
Revision control Personal digital assistant Prisoner's dilemma Internet service provider Digitizing Archaeological field survey Basis <Mathematik> Traffic reporting Pole (complex analysis) Twitter Task (computing)
Dependent and independent variables Multiplication sign Plotter Shared memory Disk read-and-write head Data dictionary Information privacy Formal language Different (Kate Ryan album) Telecommunication Order (biology) Interpreter (computing) Endliche Modelltheorie
Different (Kate Ryan album) Right angle Basis <Mathematik> Rule of inference
Area Mathematics Strategy game Open source Term (mathematics) Multiplication sign Right angle Information privacy Theory
Cybersex Mixture model Complex (psychology) Type theory Arm Process (computing) Information Channel capacity Core dump Division (mathematics) Extension (kinesiology) Form (programming)
Standard deviation Regulator gene Internetworking Decision theory Cryptography Information security Communications protocol Resultant
Type theory Mathematics Divisor Internetworking State of matter Euler angles Surface Closed set Physical law Cyberspace
Mapping Open source Software Multiplication sign Data recovery Civil engineering Cyberspace Right angle
Point (geometry) Software Digital media Self-organization Right angle Cyberspace Extension (kinesiology) Resultant Connected space
Group action Statistics Scaling (geometry) Coalition Chemical equation 1 (number) Directory service Basis <Mathematik> Price index Open set Number Goodness of fit Internetworking Information security
Database normalization Chemical equation Computer network Computer programming 10 (number)
Point (geometry) Internetworking File format Table (information) Number
Point (geometry) Different (Kate Ryan album) Chemical equation Order of magnitude
Data mining Software Internetworking Multiplication sign Universe (mathematics) Projective plane Mereology Communications protocol
Information Repository (publishing) Internetworking Chemical equation Universe (mathematics) File archiver Computer science Quicksort Fiber bundle Engineering physics Physical system
Degree (graph theory) Surface Connectivity (graph theory) Universe (mathematics) Computer science Computer programming Neuroinformatik
Point (geometry) Presentation of a group Goodness of fit Process (computing) Internetworking Software framework Right angle Family Physical system Computer architecture Exception handling Number
Onlinecommunity Internetworking Self-organization Instance (computer science) Protein Computer architecture
Term (mathematics) Real number Projective plane Civil engineering Right angle Pressure
Type theory Functional (mathematics) Mobile app Logic State of matter Term (mathematics) Office suite Parameter (computer programming) Address space Physical system Form (programming)
Area Cybersex Point (geometry) Group action Civil engineering Multiplication sign Forcing (mathematics) Lattice (order) Event horizon Type theory Process (computing) Internetworking Representation (politics) Right angle Quicksort Information security
Domain name Multiplication sign Hill differential equation Right angle Office suite Information security
Data acquisition
this so we could
buy it in
if you see a half hour a literary thank you for coming I'm really glad to be
here in Berlin uh at the beginning uh with Edward Snowden's but all eyes are on stone of course and what can you say this is the biggest intelligence in all of human history and as I understand it many millions of documents
were taken so we're going to be living in on world in the aftermath of the world that Edwards stillness help shape of for many years to come that notwithstanding the importance of this topic I'm not actually going to go through the other revelations in any detail in fact I'm going to start somewhere far far away in Pakistan now as many of you know I think Pakistan as a country with more than its share of problems it's a country that has a corrupt government there are 2 major Governance Challenges insurgencies throughout the country but it faces
almost on a weekly basis drone strikes from the air that have major collateral damages to civilians many casualties which inflame already a tense situation around a religious sensitivities it's also 1 of the world's worst places for human rights and free expression that journalists were routinely harassed many kidnap and torture media
headquarters or bond and it's also 1 of the world's worst senses of the Internet all of you to do is blocked for example in Pakistan as are many websites having to do with human rights information or information about LGBT issues on not that long ago the Government of Pakistan put out this tender for proposals for a
nationwide Internet filtering system they wanted to solicit proposals from companies to build effectively the Great Firewall of Pakistan and it was quite a sophisticated set of requirements they wanted a company that could service up to 50 million euros a 2nd and so uh this was quite something quite substantial worldwide public reaction to this was quite inflamed many people within the
communities that I belong to the organized up public advocacy campaign a letter-writing campaign where they send letters to the companies that manufacture Internet censorship technologies and they said please don't be on Pakistan's request for proposals and actually had some effect of McAfee the maker of this Markov filter system actually tweeted
their response saying that it's official we're not going to be at on this project but the system went ahead and today if you visit Pakistan and you get online and you try to access you to uh this is what you'll see block page like this now as the citizen Lab which I direct we look upon this as a kind of challenge for this is a puzzle that we want to solve but who are the manufacturers of the company of the technologies that are used to do the censorship in Pakistan who won the contract so we undertook a series of remote scans and in-country tasks undertaken by partner
organizations in Pakistan and after analysis the researchers came across this which may not mean much to some people in the room but to
the researchers at the system while it's the equivalent of a fingerprint in the HTML response code alone we can tell from this who the manufacture of
the filtering system was but the funny thing was the filtering system was actually misconfigured such that if you went to the IP address directly instead of the domain name you would get this which is the administration panel for the filtering system itself including a login prompt and on the
admin panel you can see all sorts of
fingerprints clearly laid out the company is named their Netsweeper now for those of you don't know that there's a connection for me to this because Netsweeper happens to be a company based in
Canada and when we released a report there was some significant media attention about this in Canada made all of the headlines and the major newspapers but then it quickly died
off overtaken by the usual slew of current events in Pakistan however it was only the beginning of the story 1 of the organizations in Pakistan within its citizens have worked on this project fights for all did not stop at the research but actually took the Pakistan
government to court they've been engaging in public of litigation for many months but unfortunately bytes for all has experienced the darker
side of Pakistan as a result of threats and intimidation open
calls on national media for blasphemy charges to be laid against the header bytes for all effectively a death sentence and kidnappings of staff members in the middle of the nite this is this is the price that is paid by advocacy organizations like fights for all simply for doing research public litigation and advocacy in the promotion of human rights meanwhile other Pakistan right so groups
were puzzled by the fact that comedian companies supply the technology to do the filtering and 1 of them actually wrote to the Canadian government and remarkably the canadian government replied and this is the letter here I know you can't read it but I can tell you the gist of it is yes in Canada we believe
in human rights but when it comes to the situation of Netsweeper in Pakistan well the the line is down here use of such technologies in Pakistan is the responsibility of the government of Pakistan to managed in accordance with local laws that's what you
call having your cake and eating it too I think is a phrase but now to
me this is a microcosm of the type of world we are going to see more of in the future when it comes to Internet
freedom issues of flood democracy revision with internal insurgencies corruption and strife a major violator of human rights in a country where access to the platforms of the internet we take for granted in places like Germany were filtered using hybrid technology supplied by a Canadian firm is this the future of the Internet posts no it's also a microcosm of the type
of work that we do at the Citizen Lab now for those of you who don't know the system I is an unusual place where Research Unit at the University of Toronto and we employ a mixed methods approach to the research that we
do we combine the skills of of engineers computer scientists with social scientists we collaborate with people from all over the world to do field research that we do like our partners in Pakistan and we do this to advance research on global security cyberspace in human rights we've uncovered global cyber espionage networks we've documented patterns of
Internet censorship worldwide to projects like the Open Net Initiative and more recently we've documented the disturbing growth of what many are calling the market for digital harms
products and services for Internet censorship and surveillance spyware in computer network attack we been a kind of digital early warning systems scanning the horizon and what we've seen frankly has been really disturbing
when I'm going to do today is described to you some of what we have seen and I'm going to start by putting the conversation in a bit of a broader historical context outlining 3 major social
forces shaping global Internet politics today and then I'm going to describe some of these warning signs which we need to take seriously the signs of growing censorship surveillance and militarization of this global commons so that we now call cyberspace and I hope to end by saying some suggestions of what we
can do about it but 1st of broader historical context and the first one I think is an obvious 1 to everyone here in this room but I think it needs to be said we are going through the most profound
change in communication technologies in all of human history right that that's a bold thing to say when you think about technologies like the printing press radiotelegraph television all very important but I believe just within the last 3 to 5 years we're going through the most transformative purely on the basis of 3 technologies mobile social media and cloud computing
nobles are different in many ways but they share 1 very important characteristic and that's the amount of private information information that used to be an art desktop search filing cabinets even in our heads that we now interested 3rd parties most of those 3rd
parties are private companies and many of them are private companies that are headquartered in the in jurisdictions other than the ones that we're citizens and this includes data
that we are conscious and deliberate about the females we stand in the tweets we post but it also includes a lot of information that were completely or mostly unconscious of about
and that and I think the best way to describe way the people talking about his metadata so if you take my mobile phone even when I'm not using and its emitting a pulse every few
seconds as a beacon trying to locate the nearest Wi-Fi router or cell phone exchange and live within that
region is the make and model of the
form the fact that it's my phone because my name is attached to the operating system the operating system on the phone and most importantly the geo
location of the phone so all you have phones in your pocket were all connected to each other now in time and space and that's just the mobile phone most of us have
dozens of applications on her mobile phones that do more or less the same thing then each of them can give permission to access our communications or e-mail it's about our social networks even our photographs and the data doesn't just evaporate into the it sits there on the computers on the servers of the companies that owned and operated there to be mined or shared perhaps indefinitely now all of this is really profound but with what many people are calling out the Internet of Things is going to grow exponentially as more and more
devices now something like 15 billion are connected to each other and to the internet we're leaving this digital exhaust around us as we go about our daily lots of that contains extraordinary precise
information about our lives are habits or social relationships reduced to trillions of data points that form now this new ethereal where around the planet that's only growing in all directions so that's the very 1st historical context the 2nd is the growing role of the state in
cyberspace now this will simplify things of that but if you go back 20 years or so and did a survey most governments didn't think about the Internet
all very few of them had even Internet policy this right fast forward to today not only are they very involved in Internet issues but cyber security is at the top of most countries agendas worldwide right and I think in hindsight this was to be expected with so much technology connected to the internet including critical infrastructure creating all sorts of externalities was really inevitable that the state would have to get involved but there was as often happens in history a punctuation point that accelerated in color that and that punctuation point was of course about 9 11 now it's
hard to underestimate the impact this has had on the technologies that we're all talking about today we still live in the shadow of 9 11 several things in the wake of those horrific attacks occurred that we know more about that 1st the security paradigm
turned inward to all of society game this is something that happened gradually after the end of the Cold War the primary threat paradigm change from 1 which was previously a concerned mostly about what other states is doing that in the middle of the nite estate on the other side of the planet would launch ballistic
missiles over the horizon to 1 where the paradigm is of of the threat being instead someone blowing themselves up in a crowded theater like this so that the paradigm
turned inward you also see a culture shift especially in the United States especially in and around Washington DC this idea of all
bets are off an edge of the envelope type thinking which brings about the urgency to overcome of barriers and see is part of this culture shift and operate a
reverence to the rule of law that begins to manifest itself you also have a very important legal changes after 9 11 the Patriot Act another security and terrorism acts were passed in the United States and most industrialized countries around the world that empowers law-enforcement and intelligence and part of this was based on the perception of the failure to connect the dots that led to this catastrophe right so now we need to connect the dots meaning we have to collected
all collect the entire haystack you also see at this time important change in the military strategic thinking beginning in the 2 thousands and have a definition of
cyberspace as a domain equal to land sea air and space in Pentagon thinking and the development of ofensive capabilities to fight and win wars in this domain important Rubicon was crossed with the Stuxnet virus when the US and Israeli intelligence agencies targeted nuclear enrichment facilities in enron you had in effect the 1st act of war sabotage occurring through cyberspace and now predictably we have an arms race in cyberspace as dozens of governments are standing up within the armed forces capabilities to fight and win wars that shows no signs of abating it brings up some interesting questions what does it mean when war is constant its scope
is global and the battlefield is the realm of ideas and public dialog now those 2
historical forces together are generating a new markets and new political economy dynamics dynamic that
i've called the cyber security industrial complex the aims of the Internet economy on the 1 hand and the aims of State security
convergence of overlap around the same functional means collecting and monitoring and analyzing as much fake data as possible not surprisingly you see
many of the same firms servicing both segments of the markets like companies of market facial recognition technologies for example which tend to be dominated by Israeli firms servicing Facebook on the 1 hand and the CIA on the other they read what
we so now part of the market is much more nefarious capabilities of being put in the hands of policymakers 5 years ago they never imagined
that they would have a cell phone tracking social media infiltration in computer network attack and exploitation companies that we used to associate with wiring the world and connecting individuals are now turning those wires into secret weapons of warfare and repression this is
where big data meets big brother now the confluence of these 2 social forces happening in this historical error are
really breathtaking in scope and scale and I think require us to step back and think about the historical significance at the very same time that we're in the midst of turning their digitalized inside of the world's most powerful surveillance machinery is turning inwards on all of us a surveillance machine who's over arching intention is to shield itself from public scrutiny to barely
acknowledged its own existence to operate in a cloak of secrecy that to me is not possible shift requiring an urgent conversation on the order
of a new social contract now there's a 3rd historical social forces happening right now that we need to take into account and its way less understood
especially by people living in affluent Western countries and that is the true of the Internet is changing fast were going through a demographic a demographic revolution when it comes to
cyberspace I believe is perhaps the most important in the center of gravity of cyberspace the shifting break before our
eyes from the north and the west of the planet where was invented to the south and the east and this change is going to be an extraordinary the vast majority of Internet users today and into the future are coming from the developing world was sent me
well when you look at it closely some the fastest-growing online populations are emerging from the world's weakest states the fail the fragile for whom these technologies are empowering in many of them like Pakistan religion plays a more important role in governance typically does in the last many of them are authoritarian or autocratic
regimes failed states or slipping into something like authoritarianism remember these countries and their populations are quickly entering into what we call Cyberspace at a much different time than the early adopters they're coming after the prisoner as
revelations with the model of the NSA in mind at a time when cyber security is at the top of the international agenda and most importantly when products and services of unparalleled surveillance in computer network exploitation power are being offered commercially what should we expect that
from these next billion digital users as they come on line in the post known error why I think we 1st have to consider the international dynamic now before so many people had a kind of simplified black and white view of the international governance of the Internet there was on the 1 hand all of those freedom-loving countries the United
States Germany United Kingdom Canada and so on so called the Freedom online coalition that favored something like the existing open distributed model of Internet governance and on the other side were all the other countries that favored a more top-down state-centric approach greater national controls what can we expect of the governance in this space in the wake of the Snowden revelations well 1 thing you can say is that of freedom online coalition is facing a
major legitimacy crisis the full details around the scope of the NSA documents in practices and what's been
going on with gchq and others like them have angered many leaders understandable leading to calls for data localization and detachment from the United States here in Germany of course calls a very strong showing in routing as it's known now data localization in and of itself is not that but 1 person's data localization can be another's national censorship regime like many I fear the balkanization of the Internet will result in will we see countries
that the 1st the government Internet engaging in partnerships and sharing best practices due jointly developing technical platforms as China Enron of Don will we see major events like the Sochi Olympics which I called prism on
steroids will we see them used as a kind of showcase marketed turned turnkey style wholesale to countries undergoing rapid development a kind of surveillance by designing for whole whole urban centers how these pressures come to bear on a region like sub-Saharan Africa undergoing growth rates on the order of several hundred per cent per year remember we said talk about the Chinese company while way having public-relations problems for fear about after being implanted on the rotors 1 now the tables are turned
and American companies have a hallway problems of their own which is opened the door for new investment opportunities for companies like this will we see the legitimization of nationwide monitoring systems that seek to duplicate
the imperative to collect the entire haystack monitor at all as appears to be the case in India with the role of of its so-called central monitoring system for the 40 million dollar Nigerian system powered by the Israeli security firm Elbit Systems will we come to take for granted that the popular applications millions of us now used to chat and socialize chair pictures and even organize politically will have contained within the hidden functionalities of keyword censorship and surveillance uploaded with new lists every week to reflect current events as we discovered in the is allowed in the Chinese version of Skype and the popular instant messaging
application will we experienced more warnings like this because well it's acceptable and that's what everyone does what about the benefits of the Internet for social mobilization democratic change a few years ago many of us celebrated the arab spring
as the paradigm of what these technologies to do you remember we called at the time of liberation technologies that would bring about the end of authoritarian rule unfortunately Syria has become the arab spring stock after working together Citizen Lab and EFF researchers have shown how the very means of online organization could become sources of insecurity as groups sympathetic to this aberration have employed off the shelf malware crime kids to infiltrate social networks arrest torture and murder opposition groups and even target the airstrikes Our research has uncovered numerous cases of human rights activists in places like Bahrain Ethiopian elsewhere targeted by advanced spyware manufactured by Western companies if these were isolated
incidents perhaps we could write them off as anomalies but our global span of the command and control servers of these products pioneered by Bill Mahers and Morgan marking wire and Claudio Panarin others has
produced deeply disturbing evidence of a global market that knows no boundaries we found command-and-control servers for fins by backdoors a total of 25 countries including countries with dubious human rights records like Bahrain Bangladesh Ethiopia gather and Turkmenistan among others a subsequent project found that 21 governments are current or former users of software including 9 receiving the lowest ranking authoritarian in the economists 2012 democracy index that that's just to companies their products all over the
world a market that is going to spread far and wide in our research has only picked at the surface of what is a growing major field products that provide advanced deep packet inspection content filtering Social network mining cell phone
tracking and even computer network in an attack capabilities are being put in the hands of policymakers developed by Western firms and used to limit democratic participation isolate and identify opposition
and infiltrate meddlesome adversaries all over the world indeed what I worry about most is that the template for the future of the Internet is not the arab spring at all it's actually the green movement in from a few years prior to recall hellip began with such
high hopes dubbed a Twitter revolution by many but it ended in a dark cloud through an Arabian version of prison user data turned over by the largest cell phone provider
Nokia Siemens to the Revolutionary Guard clearly we want to prevent such abuses from happening but on what basis will we do so what moral grounds will we stand on
here to make the case that that is something wrong that shouldn't happen over there now I'm a Canadian citizen so I think it's instructive task that question with respect to Canada which is what we've been doing lately at the citizen love led by Christopher persons he sent out a survey a detailed questionnaire to around 13 telcos and I as in Canada asking them whether how and how often they share user data this big ethereal digital exhaust poles us around with police and intelligence agencies and the answer he got unfortunately no comment there nothing like transparency reports in Canada but we tell you that and then just a few
weeks ago we found out what is considered normal practice for the Canadian government agencies to routinely share user data but with governments on the order of millions of times a year all without a warrant shouldn't be any surprise that that in Canada are signals intelligence agency which is supposed to be restricted to monitoring activities abroad is using all of this data has been collected to model canadian communication habits at airports hotels places of works in coffee shops should not be surprising or perhaps not a surprise as the official response given by c set which is our NSA says the government of Canada node you make Canadian communications were our or are targeted collected or used all this work are scratching their heads of that now that the does make sense maybe they're basing what they're doing in on a secret interpretation of a
secret plot maybe they're using a different thing English language dictionary than the rest of the human
rights or maybe they're following the George Costanza rule of public policy yeah just remember it's not a a if you believe that
a whichever the answer is it's not good if we're turning over user data without judicial oversight who we to hold the moral high ground on what basis can be credibly criticize those countries abroad when we do no difference here at home now granted
whatever sketch here I think is pretty daunting and it may seem at times to those of us who study this area that it's all overwhelming but I think we have to have a strategy to bring about change I think that strategy has to begin at home after 9 11 the
pendulum swung way over here in terms of the greater empowerment for law-enforcement and intelligence and restrictions on
privacy rights we need to restore transparency accountability and oversight to governments and liberal democratic governments need to start getting their own house is in awarded known theories are needed for this we just need to remind ourselves of some basic principles
at the heart of democracy mixture division we need to extend oversight and transparency
accountability of private-sector precisely because the hand so much highly revealing information as never before in human history to private companies we need to find ways to monitor what they're
doing and that is going to require new forms of innovation new watchdog capacities new types of monitoring that overseas with the private sector's doing especially around the Cybersecurity industrial complex and the stock market of cyber arms we also need to be d secure ties and reuse so late the engineering community and by that I mean reverse the process that has happened over the last decade or so where the engineers the core
scientists that effectively run the Internet developed the standards to cryptography and the regulations
that the protocols that define how it all works have been gradually user into national security rivalries that have tainted their communities and undermined trust and reputation somehow we need to get that back we need to give
meaning to the empty euphemism of multi-stakeholder is I can't tell you how often I hear governments loading but they support
multi-stakeholder results but don't practice what they preach we need to distribute governments as widely as possible and make sure decision
making about the Internet and cyberspace doesn't happen behind closed doors decided upon by States and private sector we can never let that happen again and finally I believe we need a cultural change we need to recover the original sense of half of what it means to be a factor in the original hacktivists so that at which in many quarters today is synonymous with breaking the law but originally had a very positive connotation it meant someone who is interested in technology understanding how it works beneath the surface not taking it for granted not just
accepting things as shrink-wrapped I think we need to encourage that type of attitude towards technology as a civic ethic today need to not take the Internet for granted we need to lift the lid on it and find out what goes on beneath the surface now I'm not idealistic I realize that all
of this can happen overnight this it's going to take a very long time but we need to start somewhere and I see this as a long of world map to recover democracy and human rights in cyberspace before it's too late thank you very much I
have higher
it
so the question but if by the time might was from from Polish free and open source software foundation and I
agree with those 5 points completely but I miss a set S 6 point and I think that the 6 6 point is crucial to the 6 point being we need to convince the users need to convince everybody that they need to support its right this need support this it's also financial support this it's also a public debate afford this need support in the media etc. etc. etc. and if users do not understand the users cannot see that the point the users that not see the connection between supporting something and expecting the results of this this will not happen and this has been uh extremely visible and extremely stock in the heart situation where a lot of a lot of future IT companies ICT companies and by extension a huge swaths of users were using a single of software developed by 11 guys that are underfunded and this is something that we need to think what I agree
completely that what if I I would I would add that is another 1 I think it's it is obviously a major challenge for a lot of people especially the people who really have toiled tirelessly in the human rights advocacy space and so there's a lot is a research organization we don't necessarily do that advocacy that we work with an admirer
the the ones that do the groups like yeah that and you know I had and some of the people that met here in Germany doing phenomenal work but you're absolutely right that the scales are imbalanced here
you can look at many indications of that
the the team that worked on the Open SSL I heard some statistics about the funding that they received for the year is something like 2 thousand dollars you know
this is ridiculous given that this is
used by you know a a huge number of people that rely on just on the basis of Security alone it's it's ridiculous and so is not does not take money from any government but I think it's still interesting to think about the the imbalance that exists there when you look at for example the funds from the freedom online coalition to support Internet freedom in a lot of people are doing a lot of good work using those funds including I
believe Torah gets some of its funding from from that fund and that's a good thing but that we're talking about the tens of millions of dollars compared to the billions tens hundreds of
billions of dollars of that defines the market for surveillance censorship and computer network attack capabilities and programs that are designed to sum over those very things so there's a huge imbalance right now and we all frankly have to work on rectifying out somehow to change is hard to see from
appears to continue to to make you might perceive the redundant now but I know I was going to say
on point number 4 using being shouldn't
happen behind but not all stories them effectively remember uh Microsoft pushed
through this variable the format the completely open doors by basically bribing everyone mn for receiving come companies to vote for for accepting that table format in if we again if you think about the internet so example but just brought up the the funds for the British East these humongous it's they should go to to to fight in in such
an imbalance that hold on for example the fight Microsoft promised the strong because you can clearly see the techniques that they're in all value that the point of making use just money in an inner cities going again and again
it's coming up in this kind of problem of imbalanced money coming up very often in that's the I'm interested in what your thoughts of what are your thoughts on trying to you know balances out of these you know is the order of magnitude that the talking about the difference in the order of magnitude is only like 3 5 0 that listen and it's quite a lot so again it's a very
good question and I think you know it allows
me to bring up another a pet project of mine if you will of being a professor at a university among the many different things that can be done on these issues I think universities have a special role to play and are not really fulfilling their responsibility and by that I mean it was out of the universities that the Internet was born
forget about the universe of story about the Defense Advanced Research Project Agency whatever I'm not talking about time but what
we take for granted as the basic protocols and so on come out of the university is where many of the notions of peer networking and some of the other principles of that define the Internet have their origins and it was primarily among university engineers that the Internet was built and designed and effectively run for many decades but unfortunately now I think universities are not stepping up to the major challenges that exist that we're all talking about now and have been revealed thanks in part to Edward known the Internet is under threat to the very the very commons of
information the that that we used to not only engage in shopping and all sorts of trivial things but is now become the repository of our common knowledge the university should be standing up and saying this threat to
this system cannot go on it must not happen because the university the whole rationale there is the university is the custodian of knowledge and it's the Internet or knowledge is shared now an archive and that's why I think universities have a special role to play in taking on this challenge unfortunately you have the same problems there you have a major imbalance in funding for research that goes towards the very things that we oppose if you go to any engineering sciences department or any computer science department the vast majority of funds for research comes from military intelligence sectors that needs to change somehow from we need to overcome
disciplinary divides within the university as well is crazy that we live in a society that we live in and you can go through in engineering and computer science program without taking a single social science
courses philosophy course and likewise in the arts and sciences we have people going through whole undergraduate degrees and they do even know how to what to do inside the computers or how the technology actually works beneath the surface were new during our citizens and we need to change that by overcoming these disciplinary divides and all that answer you the challenges you lay out entirely but it has to be 1 small component of all
close of brothers of fantastic presentation and thank to record this is of from Mikosch from the Center for Internet and
Society of I just had a few questions on on these last few of points of so 1 is 1 point number 2 of despite all the problems we have with governmental accountability there exist frameworks of the existing systems vary widely recognized things like the Universal Declaration of Human Rights for private sector accountability on the other hand there isn't any they're accountable to their shareholders not to sit is your accountable perhaps because like the of just like extends consumers as well so how do you propose giving human rights ideas which we can enforce against governments up to the how we extend that to the private sector that's 1 because the 2nd 1 can emerges of points 3 and 4 of which is to build a widely cited example of good multi-stakeholder processes the of fear 1 example would be something like the idea I. to yes or would be the Internet architecture for except except I'm not really sure about that I see the
idea was primarily a commercial organization the most of the things that get pushed through odd things that are supported by
large commercial organization of if you look at the constitution of the Internet architecture for for instance it has been around 15 people of which of proteins are all white meals from North America and Western and Northern Europe maybe it's hardly represents the Internet community get that currently the most successful multi-stakeholder thing you have to do so would you know any other know examples of rare multi-stakeholder rats that actually work so
in terms of 1st question about the private sector I don't pretend to have any you know novel answer in my back pocket about how to do this but I do think tho that there's some obvious things that we need we need to do more of that I can see working now but if you look at pressures on companies from known people column name and shame campaigns but I think that trivializes actually what's involved so I'll give you an example of this is allowed of 1 of the projects uh
that is now being undertaken by Christopher persons is to have put out there if you go to this is my website very I see is the 1st entry details to citizens on how they can exercise their rights to ask companies what data they keep on I think that alone is right that very
few systems actually exercise right so at Christie's he laid out the argument rational why this is important they went further any actually outputs all of the the addresses for the company offices and even puts a form letter together for you by giving you the text that you can use and going further yet again he says well what happens if they don't reply will here's what you do here's how you logic complaint and here's the template letter you can use to lodge the complaint so as successful as is then that are now developing an app that will facilitate this even more quickly so this is 1 example of i think the type of distributed watchdog functionalities that can
happen think must happen if we're going to hold the private sector responsible because you're absolutely right it can we can think about in terms of just 1 state more you know because corporations are very nimble many of them a transnational it has to happen in a distributed way that has to happen in the new creative manner rather the questionable multi-stakeholder
processes it is very difficult to actually do this in practice you see this all the time not meaning internet area but and climate change governance right where you have
thousands of stakeholders involved in all sorts of special interest lobbying and cost no civil society groups can be manipulated by a special forces and lobbyists to presented positions as
if they're coming from civil society I didn't go to next Monday I'll in Brazil but I heard that it was a very successful example of the type of multi-stakeholder process that can happen but also on the issue is we need to start doing this we can have something like the London cyber process I was at the 1st London cyber event and for those of you don't know this was meant to be a major gathering around governance of cyber security and there is a point at this meeting where the government representatives literally went behind a closed door I there's like no it's not a metaphor they actually did that and we're not allowed in we all the rest of us all us to
the way they are actually behind closed doors allowed to go there at the time of this like that just can't happen you know this is not the Government's domains to shape according to national interest it is as
someone said earlier what we make of it it's ours right and we need to government accordingly it just so happens that turns out to be the best way to ensure that security by distributing it as widely as possible any other questions the comments the we show
that the quality you have to me for that column I old in what I think With this thing the right here in the office and this is
what
Feedback