WEBVTT 00:00:00.000 --> 00:00:01.488 ... wanted to be able to use 00:00:01.488 --> 00:00:03.284 Thunderbird and GnuPG together with Tor, 00:00:03.284 --> 00:00:04.744 and so we thought: 00:00:04.744 --> 00:00:07.103 oh, it would be really easy, I bet, 00:00:07.104 --> 00:00:09.694 to configure Thunderbird to work with Tor 00:00:09.703 --> 00:00:11.989 - hah - so a new Free software project was born. 00:00:12.358 --> 00:00:15.533 It's a really simple thing, but basically 00:00:15.533 --> 00:00:17.655 it's just a package that hooks it all together. 00:00:17.655 --> 00:00:20.577 So a lot of people were using Thunderbird 00:00:20.581 --> 00:00:23.796 and TorBirdy, and GnuPG, and Tor, 00:00:23.796 --> 00:00:26.031 and Debian, together for email, 00:00:26.050 --> 00:00:29.808 combined with Riseup as an email service. 00:00:30.699 --> 00:00:36.954 So it's a literally a real peer to peer, Free software driven set of things, 00:00:37.179 --> 00:00:41.221 actually, that made it possible. NOTE Paragraph 00:00:48.559 --> 00:00:50.438 [question]: So one thing I never understood about this 00:00:50.440 --> 00:00:53.464 process was exactly how the documents were handled, and maybe that's because nobody 00:00:53.474 --> 00:00:57.561 wants to say, but, you know, did you leave them on a server somewhere and download 00:00:57.580 --> 00:01:00.807 them, hand them over to people, and who took what where, and how do you... 00:01:01.263 --> 00:01:04.848 in case I need to do something really dangerous with a load of documents, 00:01:04.848 --> 00:01:07.764 what's the best way of doing it? 00:01:07.891 --> 00:01:10.879 [laughter] 00:01:12.758 --> 00:01:14.763 [Jacob]: Hmm! 00:01:16.555 --> 00:01:18.859 [audience member]: It's a good thing this isn't being streamed. 00:01:19.498 --> 00:01:21.593 I'm sorry, what? 00:01:21.845 --> 00:01:24.789 There was a voice from god, what did she say? 00:01:25.169 --> 00:01:27.261 [audience]: I said good we aren't streaming tonight. 00:01:27.478 --> 00:01:30.156 Oh yeah, so hello to all of our friends 00:01:30.156 --> 00:01:34.133 in domestic and international surveillance services. 00:01:34.819 --> 00:01:37.457 Well, so I won't answer your question, 00:01:37.457 --> 00:01:40.146 but since you asked the question, it's my turn to talk. 00:01:40.157 --> 00:01:41.600 So what I would say is that... 00:01:41.616 --> 00:01:44.075 if you want to do clandestine activities 00:01:44.078 --> 00:01:46.161 that you fear for your life for, 00:01:46.171 --> 00:01:48.198 you need to really think about the situation that you're in 00:01:48.198 --> 00:01:49.347 very carefully. 00:01:49.347 --> 00:01:51.873 And so a big part of this is operational security 00:01:51.892 --> 00:01:54.102 and a big part of that is compartmentalization. 00:01:54.109 --> 00:01:56.310 So certain people had access to certain things, 00:01:56.319 --> 00:01:58.195 but maybe they couldn't decrypt them, 00:01:58.204 --> 00:02:00.968 and certain things were moved around, 00:02:00.972 --> 00:02:03.486 and that's on a need to know basis, 00:02:03.486 --> 00:02:05.067 and those people who knew, 00:02:05.081 --> 00:02:09.305 which is not me - I don't know anything, I don't know what you're talking about. 00:02:09.845 --> 00:02:11.888 Those people knew, and then you know, 00:02:11.896 --> 00:02:13.427 it'll go with them to their grave. 00:02:13.445 --> 00:02:15.729 So if you're interested in being the next Edward Snowden, 00:02:15.760 --> 00:02:17.225 you need to do your homework 00:02:17.247 --> 00:02:20.341 in finding people that will be able to do the other part of it, let's say. 00:02:20.341 --> 00:02:22.771 But just in general, I mean 00:02:22.778 --> 00:02:24.826 compartmentalization is key, right. 00:02:24.839 --> 00:02:27.163 So it's not just for AppArmor profiles. 00:02:27.174 --> 00:02:30.285 So you need to think about what you want to do. 00:02:30.294 --> 00:02:33.551 And I mean a big part of this is to consider that the network itself 00:02:33.551 --> 00:02:36.765 is the enemy, even though it is useful for communicating. 00:02:37.063 --> 00:02:40.730 So all the metadata that exists on the network 00:02:40.733 --> 00:02:42.867 could have tipped people off, could have caused 00:02:42.867 --> 00:02:44.363 this whole thing to fall apart. 00:02:44.489 --> 00:02:46.789 It really is amazing, I feel like you know 00:02:46.823 --> 00:02:48.150 two and half, three years ago, 00:02:48.150 --> 00:02:49.769 when you talk about Free software, 00:02:49.769 --> 00:02:51.617 and you talk about the idea of Free software, 00:02:51.623 --> 00:02:55.024 and you talk about issues relating to autonomy and privacy, and security 00:02:55.024 --> 00:02:57.718 you have a really different reception now than you did then, 00:02:57.718 --> 00:02:58.983 and that's really what it took 00:02:58.983 --> 00:03:01.596 to turn the world half a degree, or something, 00:03:01.618 --> 00:03:03.899 or a quarter of a degree or something. 00:03:04.881 --> 00:03:08.165 So I'm not going to tell you about detailed plans for conspiracy, 00:03:08.178 --> 00:03:10.943 but I highly encourage you to read about South African history, 00:03:10.948 --> 00:03:13.588 in particular the history of Umkhonto we Sizwe. 00:03:13.598 --> 00:03:17.979 They are the clandestine communications group for MK, 00:03:18.023 --> 00:03:20.881 or rather the operation who lay inside of MK, 00:03:20.881 --> 00:03:22.675 which is Umkhonto we Sizwe, 00:03:22.690 --> 00:03:25.000 and they are sort of with the African National Congress, 00:03:25.000 --> 00:03:28.760 and those people have published so many books about the revolutionary activities 00:03:28.762 --> 00:03:31.206 to overthrow the apartheid state. 00:03:31.206 --> 00:03:33.756 If you read these books, especially the book "Operation Vula" 00:03:33.760 --> 00:03:36.182 and "Armed and Dangerous" by Ronnie Kasrils 00:03:36.182 --> 00:03:38.705 they give you some idea about what you need to do 00:03:38.715 --> 00:03:40.220 which is to compartmentalize, 00:03:40.220 --> 00:03:42.542 how to find people to do various tasks, specific tasks, 00:03:42.549 --> 00:03:45.182 how to work on building trust with each other, what that looks like, 00:03:45.182 --> 00:03:47.196 how to identify political targets, 00:03:47.198 --> 00:03:50.307 how you might use things like communications technology 00:03:50.307 --> 00:03:53.037 to change the political topic on, 00:03:53.059 --> 00:03:55.286 and the discussion in general. 00:03:55.556 --> 00:03:59.519 And I think the best way to learn about these things is to study previous people 00:03:59.519 --> 00:04:01.660 who have tried to do that kind of stuff. 00:04:01.732 --> 00:04:05.241 And the NSA is not the apartheid regime of South Africa, 00:04:05.241 --> 00:04:06.890 but there are still lessons to be learned there, 00:04:06.896 --> 00:04:10.060 so if you really want to know the answer to that, also Che Guevara's manual 00:04:10.084 --> 00:04:12.104 on guerilla warfare is very interesting, 00:04:12.117 --> 00:04:13.774 and there's a lot of other books like that. 00:04:13.784 --> 00:04:15.582 I'd be happy to talk about it with you later. 00:04:15.582 --> 00:04:18.236 And I have nothing to do with anything that we may or may not have done. 00:04:18.547 --> 00:04:20.213 [laughter] 00:04:24.900 --> 00:04:28.530 [question]: Do you think there is a chance that things may get better 00:04:28.545 --> 00:04:33.940 for example I know that publicly, some programs were not extended 00:04:33.950 --> 00:04:37.100 but I don't know what is happening in the background 00:04:37.100 --> 00:04:42.966 so maybe it's the same thing but they are pretending that it's not 00:04:42.966 --> 00:04:45.193 How do you see this? 00:04:45.409 --> 00:04:47.713 [Jacob]: Well I think a couple of things. 00:04:47.724 --> 00:04:53.926 In general I think what happened, not just with this movie but with all of these things 00:04:53.926 --> 00:04:56.073 is that in inspired hope, 00:04:56.073 --> 00:04:57.353 and the hope is very important, 00:04:57.361 --> 00:05:01.149 but hope is not a strategy for survival, or for building alternatives, 00:05:01.149 --> 00:05:03.495 so what it has also done, is that it has allowed us to raise the profile 00:05:03.510 --> 00:05:05.500 of the things which actually do make it better. 00:05:05.587 --> 00:05:08.821 For example ridding ourselves of the chains of proprietary software 00:05:08.821 --> 00:05:12.071 is something that's a serious discussion with people that wouldn't have previously 00:05:12.078 --> 00:05:14.849 talked about Free software because they don't care about liberty, 00:05:14.872 --> 00:05:16.510 they care about security. 00:05:16.519 --> 00:05:18.689 And even though I think those are really simliar things, 00:05:18.704 --> 00:05:21.101 previously they just thought we were just Free software hippies, 00:05:21.101 --> 00:05:22.402 in tie-dye shirts 00:05:22.416 --> 00:05:25.086 and while that may be true on the weekends and evenings 00:05:25.086 --> 00:05:27.581 or with Bdale every day [laughter] 00:05:27.581 --> 00:05:29.541 I think that actually does make it better 00:05:29.671 --> 00:05:32.768 And it also changes the dialogue, in the sense that it's no longer reasonable 00:05:32.768 --> 00:05:36.947 to pretend that mass surveillance and surveillance issues don't matter, 00:05:37.309 --> 00:05:39.111 because if you really go down the rabbit-hole 00:05:39.111 --> 00:05:42.257 of thinking about what some of the security services are trying to do 00:05:42.257 --> 00:05:45.289 it becomes obvious that we want to encrypt everything all the time 00:05:45.289 --> 00:05:48.101 to beat selector-based surveillance and dragnet-based surveillance. 00:05:48.187 --> 00:05:50.276 It doesn't matter if something is authenticated 00:05:50.276 --> 00:05:52.683 You could still trigger some action to take place 00:05:52.692 --> 00:05:54.387 with these kinds of surveillance machines 00:05:54.393 --> 00:05:56.774 that could for example drone strike someone, 00:05:56.795 --> 00:05:58.440 and so it raises that. 00:05:58.454 --> 00:05:59.818 And that gives me a lot of hope too, 00:05:59.818 --> 00:06:03.376 because people understand the root of the problem, 00:06:03.376 --> 00:06:05.002 or the root of many problems 00:06:05.007 --> 00:06:07.090 and the root of some violence in the world, actually. 00:06:07.217 --> 00:06:09.098 And so it helps us to reduce that violence 00:06:09.102 --> 00:06:10.761 by getting people to acknowledge that it's real 00:06:10.778 --> 00:06:12.204 and also that they care about it 00:06:12.204 --> 00:06:14.138 and that we care about each other. 00:06:14.138 --> 00:06:16.860 So that really gives me a lot of hope, and part of that is Snowden 00:06:16.860 --> 00:06:18.483 and part of that is the documents 00:06:18.499 --> 00:06:20.276 but the other part of it is that.. 00:06:20.401 --> 00:06:25.013 I don't want to blow it up and make it sound like we did something 00:06:25.024 --> 00:06:26.630 like a big deal, 00:06:26.638 --> 00:06:29.911 but in a sense, Laura, Glen, myself and a number of other people 00:06:29.911 --> 00:06:32.526 were really not sure we would ever be able to travel home to our country 00:06:32.543 --> 00:06:34.137 that we wouldn't be arrested. 00:06:34.137 --> 00:06:36.487 I actually haven't been home in over two and half years, 00:06:36.498 --> 00:06:38.723 well, two years and three months or something 00:06:38.723 --> 00:06:41.975 I went out on a small business trip that was supposed to last two weeks 00:06:41.975 --> 00:06:43.484 and then this happened 00:06:43.499 --> 00:06:44.893 and I've been hear ever since. 00:06:44.893 --> 00:06:46.516 It's a really long, crazy trip. 00:06:46.644 --> 00:06:50.868 But the point is that that's what was necessary to make some of these changes 00:06:51.035 --> 00:06:53.474 and eventually it will turn around 00:06:53.599 --> 00:06:54.667 and I will be able to go home, 00:06:54.667 --> 00:06:57.096 and Laura and Glen will be able to travel to the US again. 00:06:57.098 --> 00:07:00.062 Obviously, Julian is still stuck in the Ecuadorian embassy 00:07:00.062 --> 00:07:01.807 Sarah lives in exile in Berlin, 00:07:01.807 --> 00:07:03.048 I live in exile in Berlin, 00:07:03.048 --> 00:07:04.539 And Ed is in Moscow 00:07:04.547 --> 00:07:07.528 So we're not finished with some of these things 00:07:07.533 --> 00:07:11.708 and it's also possible that we are, the set of people I mentioned, 00:07:11.726 --> 00:07:15.163 the state we're in, will stay that way forever. 00:07:15.248 --> 00:07:16.918 But what matters is that the rest of the world 00:07:16.933 --> 00:07:19.044 can actually move on and fix some of these problems, 00:07:19.044 --> 00:07:20.920 and I have a lot of hope about that. 00:07:21.007 --> 00:07:24.038 And I see a lot of change, that's the really big part. 00:07:24.038 --> 00:07:29.795 Like I see the reproducible build stuff that Holger and Lunar are working on. 00:07:29.969 --> 00:07:32.872 People really understand the root reason for needing to do that 00:07:32.881 --> 00:07:34.918 and actually seems quite reasonable to people 00:07:34.919 --> 00:07:37.521 who would previously have expended energy against it, 00:07:37.537 --> 00:07:40.722 in support of it, so I think that's really good. 00:07:40.722 --> 00:07:43.026 And there's a lot of other hopeful things. 00:07:43.109 --> 00:07:45.456 So I would try and be as uplifting as possible. 00:07:45.485 --> 00:07:47.588 It's not just the rum! 00:07:50.281 --> 00:07:53.651 [question]: Near the end of the film we saw something about another source. 00:07:54.066 --> 00:07:57.147 I may have been missing some news or something 00:07:57.164 --> 00:08:01.038 but I don't remember anything about that being public. 00:08:01.296 --> 00:08:02.943 Do you know what happened to them? 00:08:03.031 --> 00:08:05.633 [Jacob]: As far as I know any other source that was mentioned in the film 00:08:05.639 --> 00:08:08.364 is still anonymous, and they're still free. 00:08:08.492 --> 00:08:11.221 I'm not exactly sure because I was not involved in that part 00:08:11.230 --> 00:08:13.188 but I also saw the end of the film 00:08:13.199 --> 00:08:16.424 and I've seen a bunch of other reporting which wasn't attributed to anyone in particular 00:08:16.552 --> 00:08:21.375 So the good news... there's an old slogan from the Dutch hacker community, right? 00:08:21.547 --> 00:08:22.928 "Someone you trust is one of us, 00:08:22.928 --> 00:08:25.983 and the leak is higher up in the chain of command than you" 00:08:26.067 --> 00:08:30.718 And I feel like that might be true again, hopefully. 00:08:32.765 --> 00:08:34.856 I think that guy has a question as well. 00:08:34.945 --> 00:08:39.303 [question]: Part of the problem initially was that encryption software 00:08:39.428 --> 00:08:42.285 was not so easy to use, right? 00:08:42.285 --> 00:08:44.211 And I think part of the challenge for everyone 00:08:44.211 --> 00:08:47.744 was to improve on that situation to make it better 00:08:47.917 --> 00:08:52.524 so I'm asking you if you've observed any change and to the rest of the room 00:08:52.524 --> 00:08:56.148 have we done anything to improve on that? 00:08:57.049 --> 00:09:00.713 [Jacob]: I definitely think that there is a lot of free software 00:09:00.713 --> 00:09:02.723 that makes encryption easier to use, 00:09:02.724 --> 00:09:05.620 though not always on free platforms, which really is heart-breaking. 00:09:05.711 --> 00:09:09.078 For example Moxie Marlinspike has done a really good job 00:09:09.165 --> 00:09:10.914 with Signal, Textsecure and Redphone 00:09:10.914 --> 00:09:14.030 and making end-to-end, encrypted calling, texting, sexting, 00:09:14.111 --> 00:09:16.717 and whatever apps, 00:09:16.743 --> 00:09:19.707 sext-secure is what I think it's nicknamed 00:09:19.707 --> 00:09:22.417 and I'm very impressed by that, and it works really well 00:09:22.417 --> 00:09:24.572 and it's something which, especially in the last two years, 00:09:24.573 --> 00:09:27.517 if you have a cell-phone, which I don't recommend 00:09:27.560 --> 00:09:31.044 but if you have a cell-phone, and you put in everyone's phone number, 00:09:31.044 --> 00:09:34.449 a lot of people that I would classify as non-technical people, 00:09:34.449 --> 00:09:37.285 that don't care about Free software as a hobby or as a passion 00:09:37.285 --> 00:09:38.999 or as a profession. 00:09:38.999 --> 00:09:40.506 You see their names in those systems 00:09:40.532 --> 00:09:42.537 often more than some of the Free software people, 00:09:42.539 --> 00:09:44.460 and that's really impressive to me, 00:09:44.482 --> 00:09:48.290 and I think there's been a huge shift just generally about those sorts of things 00:09:48.290 --> 00:09:51.154 also about social responsibility, 00:09:51.154 --> 00:09:53.840 or people understand they have a responsibility to other people 00:09:53.841 --> 00:09:57.555 to encrypt communications, and not to put people in harm's way 00:09:57.555 --> 00:10:01.420 by sending unsafe stuff over unsafe communication lines. 00:10:01.420 --> 00:10:04.937 So I think in my personal view it's better. 00:10:04.958 --> 00:10:07.903 But the original problem wasn't actually that the encryption was hard to use. 00:10:07.903 --> 00:10:10.656 I think the main problem is people didn't understand the reason 00:10:10.662 --> 00:10:12.572 that it needed to be done 00:10:12.700 --> 00:10:16.727 and they believed the lie that is targetted versus mass surveillance. 00:10:16.859 --> 00:10:20.027 And there's a big lie, and the lie is that there is such a thing 00:10:20.027 --> 00:10:22.236 as targeted surveillance. 00:10:22.363 --> 00:10:24.924 In the modern era, most so-called targetted surveillance actually happens 00:10:24.924 --> 00:10:26.455 through mass surveillance. 00:10:26.455 --> 00:10:28.418 They gather everything up, and then they look through the thing 00:10:28.431 --> 00:10:30.211 they've already seized. 00:10:30.211 --> 00:10:32.945 And of course there are targetted, focussed attacks. 00:10:33.073 --> 00:10:36.358 But the main thing is that the abuse of surveillance often happens 00:10:36.363 --> 00:10:37.805 on an individual basis. 00:10:37.814 --> 00:10:39.681 It also has a societal cost. 00:10:39.681 --> 00:10:41.816 I think a lot of people really understand that. 00:10:41.904 --> 00:10:45.950 It's probably because I also live in Germany now for the last two years 00:10:45.950 --> 00:10:49.511 but I feel that German society in particular is extremely aware 00:10:49.511 --> 00:10:52.012 of these abuses in the modern world 00:10:52.019 --> 00:10:55.299 and they have a historical context that allows them to talk about it 00:10:55.318 --> 00:10:58.279 with the rest of the world, where the world doesn't downplay it. 00:10:58.279 --> 00:10:59.948 So this is how other people relate to Germany 00:10:59.961 --> 00:11:02.681 not just about Germans relate to each other. 00:11:02.853 --> 00:11:06.390 And that has also been really good for just meeting regular people 00:11:06.390 --> 00:11:07.885 who really care about it, 00:11:07.898 --> 00:11:09.122 and who really want to do things. 00:11:09.139 --> 00:11:10.875 So people's parents email me, and are like 00:11:10.880 --> 00:11:12.477 "I want to protect my children, 00:11:12.477 --> 00:11:14.939 what's the best way to use crypto with them?" 00:11:14.939 --> 00:11:16.505 You know, things like that. 00:11:16.505 --> 00:11:19.450 And I didn't every receive emails like that in the past 00:11:19.468 --> 00:11:23.504 and that's to me is uplifting and very positive. 00:11:25.041 --> 00:11:27.748 [question]: A quick organisational question. 00:11:27.770 --> 00:11:30.497 Right now we're live-streaming the Q&A. Are you comfortable with that? 00:11:30.668 --> 00:11:33.242 [Jacob]: I don't think in the last three years I've ever had a moment 00:11:33.242 --> 00:11:36.092 that wasn't being recorded. 00:11:36.538 --> 00:11:39.324 [laughter, applause] 00:11:41.095 --> 00:11:43.056 [question]: If you're fine with it, moving on... 00:11:43.726 --> 00:11:47.512 [Jacob]: That's fine, just don't do it when I'm trying to sleep. 00:11:48.148 --> 00:11:51.460 [question]: I was wondering why Laura and you ended up in Germany 00:11:51.460 --> 00:11:54.861 because what you said about people in Germany might be true 00:11:54.861 --> 00:12:00.612 but I'm really ashamed about my Government and how they dealt with ???? 00:12:00.612 --> 00:12:04.153 and they are doing nothing for this. 00:12:04.451 --> 00:12:07.692 [Jacob]: The reason that we ended up in Germany 00:12:07.697 --> 00:12:10.850 is that I'd been attending Chaos Computer Club events 00:12:10.868 --> 00:12:12.728 for many years 00:12:12.730 --> 00:12:15.241 and there are bunch of people that are part of the Chaos Computer Club 00:12:15.251 --> 00:12:17.122 who are really supportive, and good people, 00:12:17.137 --> 00:12:19.299 who have a stable base, and an infrastructure. 00:12:19.427 --> 00:12:24.638 The German hacker scene has this phenomenon which is that 00:12:24.659 --> 00:12:27.071 it's a part of society. 00:12:27.390 --> 00:12:30.479 So there are people in the CCC who will talk with the constitutional court 00:12:30.479 --> 00:12:31.892 for example, 00:12:31.901 --> 00:12:34.480 and that creates a much more stable civil society 00:12:34.480 --> 00:12:36.196 and those people were willing to help us. 00:12:36.205 --> 00:12:38.627 They were willing to hold footage, to hold encrypted data. 00:12:38.646 --> 00:12:41.616 They were willing to help modify hardware. 00:12:41.622 --> 00:12:44.855 There was a huge base of support where people, even if they had fear, 00:12:44.855 --> 00:12:47.070 they did stuff anyway. 00:12:47.121 --> 00:12:49.894 And that support went back a long time. 00:12:49.907 --> 00:12:52.965 And so we knew that it would be safe to store footage for the film here. 00:12:52.971 --> 00:12:56.234 In Berlin, not in Heidelberg, but here in Germany. 00:12:56.234 --> 00:13:00.520 And we knew that, of course, there were people that would be helpful. 00:13:00.598 --> 00:13:03.334 In the US there's a much bigger culture of fear. 00:13:03.421 --> 00:13:06.033 People are afraid of having their houses raided by the police, 00:13:06.038 --> 00:13:08.118 where there's lots of detainments at the borders, 00:13:08.126 --> 00:13:10.079 where there's lots of speculative arrests, 00:13:10.079 --> 00:13:11.853 journalists that are jailed, 00:13:11.853 --> 00:13:15.196 so the situation was not to say that Germany was perfect. 00:13:15.327 --> 00:13:18.994 I revealed in Der Speigel with three other journalists that Merkel was spied on 00:13:19.019 --> 00:13:20.363 by the NSA. 00:13:20.369 --> 00:13:22.191 And it's clear that the Germany government was complicit 00:13:22.191 --> 00:13:23.848 with some of this surveillance. 00:13:23.848 --> 00:13:27.011 But in a sort of pyramid of surveillance there's a sort of colonialism 00:13:27.022 --> 00:13:28.409 that takes place. 00:13:28.426 --> 00:13:30.944 And that the NSA and GCHQ are at the top. 00:13:30.951 --> 00:13:33.374 And the Germans are little bit below that. 00:13:33.378 --> 00:13:37.225 The thing is that there's not a lot you can do about that. 00:13:37.225 --> 00:13:38.955 And so even though we revealed this about Merkel, 00:13:38.972 --> 00:13:40.680 it's not clear what she should do. 00:13:40.683 --> 00:13:42.258 It's not clear what anyone should do. 00:13:42.258 --> 00:13:45.406 But one thing that was clear was that if they wanted to break into our houses 00:13:45.406 --> 00:13:49.504 they would do it in a way that would cost them a lot politically. 00:13:49.504 --> 00:13:50.919 It would be very public. 00:13:51.048 --> 00:13:53.138 The last time someone raided someone working with Der Speigel 00:13:53.154 --> 00:13:55.780 was in 1962 during the Speigel affair, 00:13:55.780 --> 00:13:57.786 and some ministers were kicked out. 00:13:57.876 --> 00:14:00.346 You may have seen recently the Landersverrat thing 00:14:00.346 --> 00:14:01.718 with Netzpolitik. 00:14:01.718 --> 00:14:04.319 The charges against them now have been dropped. 00:14:04.444 --> 00:14:06.537 That would never happen in the United States. 00:14:06.619 --> 00:14:07.944 We would not be safe. 00:14:08.025 --> 00:14:09.815 And I still, for my investigative journalism, 00:14:09.861 --> 00:14:11.436 and my work with Wikileaks, 00:14:11.486 --> 00:14:12.718 and my work with the Tor project, 00:14:12.730 --> 00:14:14.510 I wouldn't even go back to the US, 00:14:14.537 --> 00:14:16.687 because there's no chance that if they wanted to do something to me 00:14:16.717 --> 00:14:20.828 that I would have any constitutional liberties, I think, 00:14:20.846 --> 00:14:22.621 and the same is true of Snowden. 00:14:22.643 --> 00:14:24.457 You just won't get that fair trial. 00:14:24.472 --> 00:14:27.998 And we thought at least here we would have ground to stand and fight on. 00:14:28.016 --> 00:14:30.427 And it's exactly what happened, and we won. 00:14:33.651 --> 00:14:35.885 [question]: This is also about the fear stuff that you talk about 00:14:35.885 --> 00:14:41.947 which is in the very old days we used to put red words in the end of every message 00:14:41.974 --> 00:14:45.913 to make sure that it would be hard to find the actual subversive message 00:14:45.913 --> 00:14:47.912 among all the noise. 00:14:47.912 --> 00:14:49.544 And you can think about the same thing here. 00:14:49.716 --> 00:14:55.384 Should we build our systems so that everything gets encrypted all the time? 00:14:56.430 --> 00:14:59.029 [Jacob]: So I have a lot of radical suggestions for what to do, 00:14:59.029 --> 00:15:01.165 but I'm going to talk about them tomorrow in the keynote mostly. 00:15:01.172 --> 00:15:03.928 But to give you an example, when you install Debian, 00:15:03.953 --> 00:15:06.325 you can give someone the ability to log into the machine 00:15:06.337 --> 00:15:07.899 over a Tor hidden service for free. 00:15:07.917 --> 00:15:12.250 You get a free .onion when you add two lines to a Tor configuration file. 00:15:12.284 --> 00:15:15.532 We should make encryption not only easy to use but out of the box 00:15:15.532 --> 00:15:19.504 we should have it possible to have end-to-end reachability and connectivity, 00:15:19.527 --> 00:15:23.899 and we should reduce the total amount of metadata, to make it harder for people 00:15:23.916 --> 00:15:26.374 who want to break the law, that want to break into computers. 00:15:26.375 --> 00:15:30.724 We should solve the problem of adversarial versus non-adversarial forensics 00:15:30.731 --> 00:15:36.315 so we can verify our systems with open hardware and Free software together. 00:15:36.396 --> 00:15:39.302 And there's a lot to be done, but the main thing to do is to recognise 00:15:39.307 --> 00:15:43.049 that if you have the ability to upload to Debian, 00:15:43.393 --> 00:15:46.167 there are literally intelligence agencies that would like those keys. 00:15:46.186 --> 00:15:49.362 And we have a great responsiblity to humanity as Debian developers 00:15:49.362 --> 00:15:51.572 to do the right thing: to build open systems, 00:15:51.572 --> 00:15:55.258 to build them in a way where users don't need to understand this stuff. 00:15:55.427 --> 00:15:58.071 There are a lot of people in the world that will never see this film. 00:15:58.204 --> 00:16:02.977 And we can solve the problems that this film describes largely with Free software. 00:16:03.036 --> 00:16:04.728 And we can do that without them knowing, 00:16:04.728 --> 00:16:06.778 and they will be safe for us having done that. 00:16:06.779 --> 00:16:10.021 And if we can do that, the world will be a better place, I think. 00:16:10.021 --> 00:16:12.368 And I think the world is a better place because of the efforts that were 00:16:12.452 --> 00:16:15.485 already done in that area, that made this possible. 00:16:15.485 --> 00:16:17.647 The Tails project made it so that a bunch of people 00:16:17.647 --> 00:16:19.573 who were good at investigative journalism, 00:16:19.588 --> 00:16:23.759 but absolutely terrible with computers, were able to pull this off. 00:16:23.933 --> 00:16:27.252 And that is entirely the product, in my opinion, of Free software. 00:16:27.252 --> 00:16:32.677 And a little bit of Laura and Glen, but I'd say a lot of Free software. 00:16:34.302 --> 00:16:36.205 [question]: How many people do you think NSA has 00:16:36.205 --> 00:16:38.995 working within the Debian community? 00:16:39.889 --> 00:16:43.601 [laughter, applause] 00:16:45.309 --> 00:16:49.302 [Jacob]: Well, I looked in the Snowden archive about that actually. 00:16:52.813 --> 00:16:55.527 [laughter, applause] 00:16:56.640 --> 00:17:03.341 Yeah. And as far as I can tell Debian is not a high priority target for them. 00:17:03.685 --> 00:17:05.927 I mean they write exploits for all sort of stuff 00:17:05.927 --> 00:17:10.683 but I never found any systematic attempt to compromise or harm the Debian project. 00:17:10.696 --> 00:17:14.561 But obviously there are people who are paid by the NSA to infiltrate communities, 00:17:14.561 --> 00:17:16.993 and that's why we have to open transparent processes 00:17:16.993 --> 00:17:21.044 so that if those people behave badly, we have an audit trail. 00:17:21.044 --> 00:17:23.211 We won't ever stop that kind of stuff, 00:17:23.211 --> 00:17:25.178 but what matters is that people do good things. 00:17:25.178 --> 00:17:28.587 It doesn't matter who they do bad things for as long as we can correct those things 00:17:28.587 --> 00:17:31.019 and/or catch them and stop them before it happens. 00:17:31.019 --> 00:17:33.111 But as far as I know there are only a couple of people that have ever 00:17:33.111 --> 00:17:36.176 been associated with the NSA in the Debian community. 00:17:36.176 --> 00:17:39.933 But I think we shouldn't get paranoid about it, 00:17:39.933 --> 00:17:41.600 but we should just be prudent about our processes, 00:17:41.600 --> 00:17:43.947 because there are lots of intelligence services around the world 00:17:43.947 --> 00:17:47.147 that do not like the values of a universal operating system, 00:17:47.147 --> 00:17:50.902 so I don't think it's super-important to look, but I did actually look, 00:17:50.902 --> 00:17:54.695 very specifically for a whole bunch of people in the Debian community 00:17:54.695 --> 00:17:58.027 to see if any of them also were being paid by the NSA 00:17:58.027 --> 00:18:01.613 and I didn't find any serious thing that raised concern, 00:18:01.613 --> 00:18:03.783 and if I did, I would have... 00:18:03.783 --> 00:18:07.541 I mean, there were lots of things I found in the archive that I immediately 00:18:07.541 --> 00:18:09.333 notified security teams about. 00:18:09.333 --> 00:18:14.112 Where I worked along with many other people to actually fix those things. 00:18:14.112 --> 00:18:18.546 And one of those things, if we had found them, like infiltrators in Debian, 00:18:18.546 --> 00:18:20.769 I absolutely would have just told people about. 00:18:20.769 --> 00:18:23.408 The problem is that a lot of the journalists don't want to do that 00:18:23.408 --> 00:18:26.263 because there's a ten year felony where you go to prison - 00:18:26.263 --> 00:18:28.185 a federal American prison, for ten years - 00:18:28.322 --> 00:18:30.202 if you reveal the name of an agent. 00:18:30.599 --> 00:18:31.923 So there's a tension there, 00:18:31.923 --> 00:18:34.440 but I think that there's something to be said, 00:18:34.652 --> 00:18:36.655 if they're actually actively harming the community 00:18:36.655 --> 00:18:37.851 and they're committing a crime, 00:18:37.851 --> 00:18:39.470 I think there's something to be said about that. 00:18:39.470 --> 00:18:40.921 So if I found that I think it would be worthwhile, 00:18:40.921 --> 00:18:43.144 but just so you know, there's this high cost. 00:18:43.144 --> 00:18:45.362 So if there were people in the agency now, 00:18:45.362 --> 00:18:48.647 because they say that we used Tails, and Debian, and they wanted to subvert it, 00:18:48.647 --> 00:18:52.015 there's a really really high bar for punishment. 00:18:52.015 --> 00:18:55.132 Which suggests that maybe people won't tell you. 00:18:55.132 --> 00:18:59.055 So we need to sort of bank on the fact that we'll never know, 00:18:59.055 --> 00:19:02.766 but we don't need to know, as long as we have good processes 00:19:02.766 --> 00:19:04.390 that would catch bad behaviour. 00:19:04.390 --> 00:19:06.181 And that's one of the strengths of Debian. 00:19:06.181 --> 00:19:08.739 There are very few operating systems, I think, 00:19:08.739 --> 00:19:10.830 and just in general Free software communities, 00:19:10.830 --> 00:19:14.759 that are as diverse, and committed to the openness and the Free software nature 00:19:14.759 --> 00:19:17.742 of this kind of a project, 00:19:17.742 --> 00:19:20.985 and so it's very important to state that. 00:19:21.922 --> 00:19:24.824 But I do think one of the things that will happen in the future at some point 00:19:24.824 --> 00:19:28.067 is that you'll start to find people in the Debian community that are pressured 00:19:28.067 --> 00:19:29.645 by other people to do bad things 00:19:29.645 --> 00:19:31.866 so we need to set up processes that will stop that, 00:19:31.866 --> 00:19:34.296 to create an incentive for that not happening. 00:19:35.022 --> 00:19:37.240 But it's really tough, 00:19:37.926 --> 00:19:40.274 so I think that openness, transparency and accountability are the ways that 00:19:40.274 --> 00:19:43.772 we can combat that, because otherwise we won't really be able to solve it. 00:19:44.881 --> 00:19:47.182 But don't be paranoid, is the other thing. 00:19:47.309 --> 00:19:49.699 They really are out to get you, so be prepared. 00:19:50.430 --> 00:19:56.487 [laughter, applause] 00:20:00.796 --> 00:20:05.999 [question]: I'm just wondering how trust was established 00:20:05.999 --> 00:20:09.628 because I'm just realizing that this community, 00:20:09.628 --> 00:20:14.532 for you to verify your public key and even fingerprint is like, 00:20:14.532 --> 00:20:16.113 you have you produce your passport, 00:20:16.113 --> 00:20:19.613 so I'm wondering how Laura managed to exchange her keys with Snowden 00:20:19.613 --> 00:20:23.071 and make sure that they were really talking to the right person. 00:20:23.843 --> 00:20:28.019 [Julian]: Well, they had a whole sort of dance for doing key exchange. 00:20:28.019 --> 00:20:32.749 I think it was a little bit luck, and a little bit transitive trust, 00:20:32.749 --> 00:20:35.101 there's a little bit of the web of trust, 00:20:35.101 --> 00:20:36.457 and it worked pretty well. 00:20:36.719 --> 00:20:41.332 I mean, I don't think that the key-signing stuff that Debian does is anything close 00:20:41.332 --> 00:20:42.907 to what they were doing. 00:20:42.907 --> 00:20:45.939 They just wanted to make sure that the keys they had were the right keys, 00:20:45.939 --> 00:20:47.687 and that they weren't compromised, 00:20:47.687 --> 00:20:50.075 and that then they would change things. 00:20:50.075 --> 00:20:51.355 There was a point in the movie where they said: 00:20:51.355 --> 00:20:55.875 "let's disassociate our meta-data one more time" 00:20:55.875 --> 00:20:58.951 And what that means is they changed all of the identifiers that are visible 00:20:58.951 --> 00:21:04.158 to the network, new keys, new email addresses, new Tor circuit, etc 00:21:04.158 --> 00:21:07.611 and this is like a key consistency thing, 00:21:07.611 --> 00:21:11.358 where they had the right key to begin with and the continued to rotate over new keys. 00:21:11.358 --> 00:21:13.411 This is also sometimes called TOFU. 00:21:13.411 --> 00:21:15.848 This is, I think, weaker than the web of trust, 00:21:15.848 --> 00:21:19.345 but a lot easier for people to do, and very easy to explain, 00:21:19.345 --> 00:21:20.841 and it worked out pretty well. 00:21:20.841 --> 00:21:25.190 It doesn't scale really well, but it has a separate good side 00:21:25.190 --> 00:21:28.985 which is the web of trust explicitly names a web of co-conspirators. 00:21:28.985 --> 00:21:31.377 And so you don't want that feature. 00:21:31.377 --> 00:21:33.386 It's useful for something like Debian; 00:21:33.386 --> 00:21:36.067 it's not useful for clandestine conspiracies to commit 00:21:36.067 --> 00:21:37.949 investigative journalism. 00:21:37.949 --> 00:21:39.997 [laughter] 00:21:41.746 --> 00:21:44.137 Lots of questions, this is great. 00:21:44.771 --> 00:21:51.857 [question]: Somebody working on Tails told me that the NSA has a file on every DD. 00:21:52.323 --> 00:21:54.246 Is that true, do you know? 00:21:54.673 --> 00:21:57.101 [Julian]: Okay, so when you balance your check-book, 00:21:57.101 --> 00:21:58.941 just to answer your question in a really strange way, 00:21:58.941 --> 00:22:00.945 when you balance your check-book, or you balance your bank account, 00:22:00.945 --> 00:22:03.630 and you think this is how much my rent is, this is how much food is, 00:22:03.630 --> 00:22:06.401 this is how much I have to spend on some new hardware, 00:22:06.401 --> 00:22:09.688 you think about money in an individual way. 00:22:10.502 --> 00:22:13.187 But if you think about is as a state, the way a state thinks about money. 00:22:13.187 --> 00:22:16.302 They don't balance budgets the same way that you do. 00:22:16.302 --> 00:22:18.225 They think about long-term investments very differently. 00:22:18.225 --> 00:22:19.759 They have other people's money. 00:22:19.759 --> 00:22:21.719 It's a whole different way of managing it. 00:22:21.719 --> 00:22:27.291 And the NSA is not the Stasi. So it's not that you have to worry about 00:22:27.420 --> 00:22:29.784 them having a file on you, or every Debian developer, 00:22:30.197 --> 00:22:32.626 but rather there exist some laws in the United States that say 00:22:32.626 --> 00:22:35.781 for cyber-security purposes, you don't have constitutional rights 00:22:35.781 --> 00:22:37.707 and based on your accent, you weren't an American anyway, 00:22:37.707 --> 00:22:39.753 and you aren't in America, 00:22:39.753 --> 00:22:41.970 so you don't have any rights at all, anyway, according to them. 00:22:41.970 --> 00:22:44.186 They're just allowed to do whatever they want to you, 00:22:44.186 --> 00:22:46.280 up to and including murdering you, with the CIA. 00:22:46.280 --> 00:22:49.180 That's what they do with drones; that was at the very end of the movie. 00:22:49.735 --> 00:22:52.165 So it's not that they have a file on you. 00:22:52.339 --> 00:22:56.179 It's that they have giant databases full of information on all of us, 00:22:56.179 --> 00:22:59.550 and then when they're interested in you, pull up all your data, 00:22:59.550 --> 00:23:01.299 and associative data, 00:23:01.299 --> 00:23:03.348 and then they use that, and sometimes they use it to target you, 00:23:03.348 --> 00:23:06.246 to break into your machines, or to find people to exert pressure on, 00:23:06.246 --> 00:23:08.378 or to do psychological manipulation on. 00:23:08.378 --> 00:23:10.892 All that stuff, they do all of those things. 00:23:10.892 --> 00:23:12.774 And so it's not that they have one file on you. 00:23:12.774 --> 00:23:16.101 Though maybe, it depends, if you work on a critical package like the Linux kernel 00:23:16.101 --> 00:23:20.756 they might be more interested in you than if you work on something else. 00:23:20.756 --> 00:23:25.402 I don't want to denigrate anyone's work, but they have very specific focuses, 00:23:25.402 --> 00:23:29.065 and so they definitely are interested in being able to compromise systems, right? 00:23:29.920 --> 00:23:36.316 And so you may also have a file, but it's really the meta list that's the new way 00:23:36.316 --> 00:23:37.470 of thinking about it. 00:23:37.470 --> 00:23:40.755 And in some senses I think that's actually scarier, because they just hoover up 00:23:40.755 --> 00:23:43.019 everything, all across the whole Internet, 00:23:43.019 --> 00:23:46.134 and things that are interesting, then they have them. 00:23:46.134 --> 00:23:49.202 And depending on what interesting things are there, they maybe 00:23:49.202 --> 00:23:51.504 put those in a database that lasts for ever, 00:23:51.504 --> 00:23:53.469 or maybe it's just around for 30 days, 00:23:53.469 --> 00:23:56.889 or maybe its full content for 9 days, or something like that. 00:23:57.608 --> 00:23:59.830 And then of course if you are a person of interest 00:23:59.830 --> 00:24:02.686 they do do the same stuff that the Stasi does, 00:24:02.686 --> 00:24:06.014 they do that Zersetzung stuff, if you're familiar with this German term, 00:24:06.014 --> 00:24:11.050 disintegration, they do that kind of stuff, along with JTRIG, from GHCQ, 00:24:11.050 --> 00:24:16.042 so they harass people, blackmail them, do all sorts of really nasty stuff. 00:24:16.509 --> 00:24:20.005 And they do that also, so both of those things. 00:24:20.651 --> 00:24:23.210 So again, I don't think you should be paranoid, you should encrypt your stuff, 00:24:23.210 --> 00:24:24.747 and help people do the same, 00:24:24.747 --> 00:24:28.966 and know that in a democratic society with a secret political police, 00:24:28.966 --> 00:24:31.953 the right place to be is in their database, right? 00:24:31.953 --> 00:24:34.045 You should be proud of being surveilled by them, 00:24:34.045 --> 00:24:35.665 it means you're doing the right thing. 00:24:36.650 --> 00:24:41.727 [laughter, applause] 00:24:43.174 --> 00:24:44.883 Nonetheless, we should stop them. 00:24:48.895 --> 00:24:53.843 [question]: I'm curious about your views about Snowden actually coming out 00:24:53.843 --> 00:24:55.634 and saying he was the whistleblower, 00:24:55.634 --> 00:24:59.004 because I know, when he came out, I had some fierce discussion 00:24:59.004 --> 00:25:01.613 with friends about it, so I wanted to know what you thought about it. 00:25:01.613 --> 00:25:03.102 [Jacob]: What do you mean came out? 00:25:03.102 --> 00:25:06.516 [question]: He said I'm Edward Snowden, I'm the whistle-blower, here I am, 00:25:06.516 --> 00:25:10.139 instead of just being anonymous the whole way, just sending files to people. 00:25:11.248 --> 00:25:13.680 [Jacob]: Well, I think the main thing is that it's about control of 00:25:13.680 --> 00:25:15.429 your own narrative, right? 00:25:15.429 --> 00:25:19.654 I mean if we could have done everything here anonymous, and gotten away with it, 00:25:19.654 --> 00:25:20.980 would that have made the same impact 00:25:20.980 --> 00:25:24.948 in getting other people to come forward even if they maintain their anonymity? 00:25:24.948 --> 00:25:27.802 So I think that what Snowden did, what's beautiful about it, 00:25:27.832 --> 00:25:30.506 is that he basically did enough, 00:25:31.243 --> 00:25:32.951 where he could then survive. 00:25:33.118 --> 00:25:36.236 Our job now for the most part, a very good friend told me, 00:25:36.236 --> 00:25:39.221 he's a little bit of a fatalist, he said: 00:25:39.221 --> 00:25:43.232 your job, Laura's job, Glen's job, Snowden's job, your job now is 00:25:43.232 --> 00:25:44.897 just to survive. 00:25:44.897 --> 00:25:47.371 That's all that you need to do now. You don't need to do anything else. 00:25:47.371 --> 00:25:51.804 You should go do other things, like drink a glass of wine, relax, be happy, 00:25:51.804 --> 00:25:54.751 have a nice life, but just survive, 00:25:54.929 --> 00:25:58.732 so other people can see that you do the right thing, and even though you could have 00:25:59.156 --> 00:26:02.230 done more, you did enough, and you lived through it. 00:26:02.230 --> 00:26:06.198 And so Snowden coming out and telling us all of these things, I mean, 00:26:06.198 --> 00:26:09.862 there are really powerful people saying he should be assassinated, right, 00:26:09.862 --> 00:26:13.921 hung by the neck until dead, was what one of the CIA people said. 00:26:13.921 --> 00:26:17.244 So he probably could have continued to be anonymous for a while, 00:26:17.244 --> 00:26:20.449 but imagine if the NSA had got to reveal his identity. 00:26:20.449 --> 00:26:23.884 How would that have been framed, what would the first impression have been? 00:26:23.884 --> 00:26:27.719 I think they called him a narcissist, and they called him all these terrible names. 00:26:27.719 --> 00:26:32.974 And it didn't really stick, because he basically said "come at me bro', 00:26:33.396 --> 00:26:37.746 I'm ready, and you can do your worst, but you can't get rid of the facts, 00:26:37.746 --> 00:26:39.155 so let's talk about the facts." 00:26:39.155 --> 00:26:42.403 And I think the timing of how he did that is good, because people really cared 00:26:42.612 --> 00:26:45.853 about the issues, but he also recognized that it was a matter of time, 00:26:45.853 --> 00:26:50.891 the NSA police went to his house, they really bothered his family, 00:26:50.891 --> 00:26:54.777 they've done that with my family as well, other people's families have had trouble. 00:26:55.283 --> 00:26:59.553 So I think think it's tough, because I think he probably would have liked to have 00:26:59.553 --> 00:27:03.198 been able to not have that happen, but there comes a point at which 00:27:03.198 --> 00:27:05.287 you're the person who has access to all that information 00:27:05.287 --> 00:27:06.865 and they're going to figure it out. 00:27:06.865 --> 00:27:11.517 No amount of anonymity, I think, will last forever, but it can buy you time. 00:27:11.517 --> 00:27:14.508 He got exactly the amount of time he needed. 00:27:15.062 --> 00:27:17.663 The really sad part about him coming out in public when he did, though, was that 00:27:17.663 --> 00:27:21.247 he got stuck in Russia, because my government cancelled his passport. 00:27:21.247 --> 00:27:23.681 I think mostly for propaganda reasons. 00:27:23.681 --> 00:27:28.329 Because in the United States, we denigrate all things relating to Russia. 00:27:28.329 --> 00:27:29.781 And there are lots of problems with Russia, 00:27:29.781 --> 00:27:32.256 and especially with Vladimir Putin, 00:27:32.256 --> 00:27:36.695 but at the same time that seems to be the only country that was willing to uphold 00:27:36.695 --> 00:27:38.441 his fundamental liberties. 00:27:38.441 --> 00:27:41.171 I went to the Council of Europe, and to the European Parliament, 00:27:41.171 --> 00:27:44.670 to the German Parliament, to the French, sort of to the French Parliament, 00:27:44.670 --> 00:27:48.297 they didn't really want to meet with me, but also to the Austrian Parliament, 00:27:48.297 --> 00:27:49.963 and to a number of other places, 00:27:49.963 --> 00:27:53.380 and everyone said, oh, we would really live to help anybody who needs help, 00:27:53.380 --> 00:27:55.253 oh it's Edward Snowden, never mind. 00:27:55.975 --> 00:27:57.813 [laughter] 00:27:57.941 --> 00:28:02.527 And so though I have a lot of critiques on Russia, the propaganda aspect of it 00:28:02.527 --> 00:28:04.657 was very damaging for him to be stuck in Russia, 00:28:04.657 --> 00:28:08.242 but on the other hand, he's still alive, and he's still mostly free. 00:28:08.242 --> 00:28:12.300 And they recognized his right to seek and to receive asylum. 00:28:12.857 --> 00:28:15.331 So there's a lot of trade-offs to think identifying one's self, 00:28:15.331 --> 00:28:17.807 and if you were thinking about being the next Snowden, 00:28:18.300 --> 00:28:19.460 or helping Snowden, or something like that, 00:28:20.384 --> 00:28:22.647 you really have to think that, you really have to think this out many steps ahead, 00:28:22.647 --> 00:28:25.808 and it's easy to stay, oh he should have just stayed anonymous and 00:28:25.808 --> 00:28:27.556 nobody would have figured it out, 00:28:27.556 --> 00:28:31.476 but that's very clearly not planning for the case that they do figure it out, 00:28:31.476 --> 00:28:33.272 and then they're going to be in control of the narrative, 00:28:33.272 --> 00:28:37.750 and in that case, I think you are better off to do what he did, 00:28:37.853 --> 00:28:40.156 and he did so quite reluctantly. 00:28:40.411 --> 00:28:43.481 He's not an egoist, or an narcissist, he's actually a really shy guy 00:28:43.481 --> 00:28:44.762 from what I can tell. 00:28:44.762 --> 00:28:48.644 I don't know exactly what conversation you and your friend had, 00:28:48.644 --> 00:28:52.826 but I would suspect that the notion is that people are more powerful 00:28:52.826 --> 00:28:53.875 when anonymous. 00:28:53.875 --> 00:28:55.966 And that is true sometimes, but not always, 00:28:55.966 --> 00:28:58.484 and it's important to remember that the anonymity technology is there 00:28:58.484 --> 00:29:01.004 so you have a choice, not a requirement. 00:29:01.004 --> 00:29:03.647 And that choice is sometimes counter-intuitive, 00:29:03.647 --> 00:29:06.380 but I think he did the right thing in this way, and I wish that my government 00:29:06.380 --> 00:29:09.022 had done the right thing by him as well, but they did not. 00:29:09.022 --> 00:29:12.123 [question]: So there are lot of questions, do you want to keep going on, 00:29:12.132 --> 00:29:13.489 shall we get in a little Mate? 00:29:14.556 --> 00:29:17.747 [Jacob]: I would love some of that rum. 00:29:17.747 --> 00:29:22.724 I think I have to GRsec, right? GRsec kernel. 00:29:22.724 --> 00:29:24.127 And then rum appears. Rum as a service. 00:29:26.385 --> 00:29:29.909 [applause] 00:29:32.902 --> 00:29:36.906 I'm really happy to keep taking questions, because to me, what I want is 00:29:36.906 --> 00:29:41.571 for every person in this room to feel a part of this, because you really are. 00:29:41.571 --> 00:29:44.845 A lot of the people I've met in this community really inspire me to action, 00:29:44.845 --> 00:29:48.850 and it's important to understand that really, it would not have been possible 00:29:48.850 --> 00:29:50.094 without Debian. 00:29:50.094 --> 00:29:54.246 For example debootstrap - really important tool, right? 00:29:54.246 --> 00:29:58.570 With weasel's packaging of Tor, it allowed us to have bootstraps of things, 00:29:58.570 --> 00:29:59.937 it allowed us to build things, 00:29:59.937 --> 00:30:02.494 and using Free software really was helpful, 00:30:02.494 --> 00:30:04.890 so if you guys have any questions at all, 00:30:04.890 --> 00:30:08.392 really each and every person that helps with Debian should just know 00:30:08.392 --> 00:30:09.863 that you are a part of that, 00:30:09.863 --> 00:30:12.362 and I'm just happy to talk for as long as you want, basically, 00:30:12.362 --> 00:30:14.163 to answer all of your questions, 00:30:14.163 --> 00:30:16.458 except the ones that put me in prison. Thanks. 00:30:16.458 --> 00:30:18.384 [laughter] 00:30:19.434 --> 00:30:23.805 [question]: I just wanted to make a quick note about the question 00:30:23.805 --> 00:30:26.075 "do they have a file on me?" 00:30:26.075 --> 00:30:30.168 From all I've read so far, it's just that they're doing the thing 00:30:30.168 --> 00:30:33.235 that is in the commercial world called "big data". 00:30:34.011 --> 00:30:36.338 [Jacob]: Yep. Absolutely. 00:30:36.338 --> 00:30:38.813 Oh boy. GRsec again? 00:30:40.787 --> 00:30:44.953 [orga]: it's not rum, but it's Bavarian whisky. 00:30:45.580 --> 00:30:50.052 [Jacob]: Oh boy. It's going to be a heavy morning tomorrow. 00:30:50.929 --> 00:30:54.078 I saw another couple of hands. 00:30:56.475 --> 00:30:59.976 [question]: I was just wondering if that you noticed throughout this 00:30:59.976 --> 00:31:04.893 that you think we could improve in Debian to make the next people's lives easier. 00:31:04.893 --> 00:31:08.691 [Jacob]: Oh my god, I'm so glad you asked that question, that's so fantastic. 00:31:08.691 --> 00:31:10.391 I'm going to talk about that tomorrow in my keynote, 00:31:10.391 --> 00:31:12.342 but let me tell you about one that I have. 00:31:12.342 --> 00:31:16.666 I revealed a specific document about a wifi injection attack system. 00:31:16.666 --> 00:31:19.466 It's a classified document, it's a top secret document, 00:31:19.466 --> 00:31:22.163 for a thing called nightstand, and what nightstand is, 00:31:22.163 --> 00:31:25.930 it's basically like car metasploit, it's a wifi injector... 00:31:25.930 --> 00:31:29.089 cheers! 00:31:35.352 --> 00:31:37.405 Danke schön. 00:31:38.375 --> 00:31:40.554 It's a wifi injector device... 00:31:41.158 --> 00:31:42.847 Whew, jesus! 00:31:43.953 --> 00:31:48.095 [laughter, applause] 00:31:52.749 --> 00:31:56.570 [orga]: Tonight's whisky sponsored by drunc-tank dot org. 00:31:59.914 --> 00:32:03.815 [Jacob]: So this wifi injector device, what it does is it basically is able to 00:32:03.815 --> 00:32:09.039 exploit the kernel of a device by sending malformed data over wifi. 00:32:09.039 --> 00:32:14.983 Now I have a series of photographs, so all of us.. not all of us, but most of us 00:32:14.983 --> 00:32:19.580 used these speciallly modified X60s where we removed the microphones, soldered?? 00:32:19.580 --> 00:32:22.080 down things on the PCI bus, 00:32:22.080 --> 00:32:24.030 we removed, like, firewire, really modified it, flashed coreboot onto it, 00:32:24.030 --> 00:32:26.871 flipped the read pin so it was only read-only, 00:32:26.871 --> 00:32:30.155 so you couldn't easily make a BIOS root kit and make it persistent, 00:32:30.155 --> 00:32:32.449 we booted TAILS, did all this stuff, 00:32:32.449 --> 00:32:35.974 often we could boot to RAM so that once the machine was powered off 00:32:35.974 --> 00:32:39.325 basically it would be done, so if someone kicks down your door, 00:32:39.325 --> 00:32:41.015 you just pull the power out, 00:32:41.015 --> 00:32:43.148 and you don't have a battery, and when the power fails you have an 00:32:43.148 --> 00:32:45.248 instant kill switch. 00:32:45.248 --> 00:32:48.373 So things that are in TAILS that are really useful include this 00:32:48.373 --> 00:32:52.812 wiping the kernel memory package which I hear is being packaged for Debian 00:32:52.812 --> 00:32:54.660 soon, which is very exciting. 00:32:54.660 --> 00:32:57.043 Because everyone should have access to that so we can tie it into something 00:32:57.043 --> 00:33:01.209 like GNU panicd or these other things. 00:33:01.209 --> 00:33:08.031 But one thing I kept having problems with is this wifi injection device, 00:33:08.031 --> 00:33:09.981 I'm pretty sure, was very close to my house. 00:33:09.981 --> 00:33:13.107 There was a white van outside, it was vibrating a bit like there was a guy 00:33:13.107 --> 00:33:14.831 walking around in it, 00:33:14.831 --> 00:33:17.727 and then all of sudden, an X60 here, an X60 here, and an X60 here, 00:33:17.727 --> 00:33:22.097 just booted into TAILS, not doing anything at all, but on the wifi network, 00:33:22.097 --> 00:33:24.445 kernel panic, kernel panic, kernel panic. 00:33:24.445 --> 00:33:27.674 All the same kernel panic, all the same memory offsets, 00:33:27.674 --> 00:33:32.420 in the Appletalk driver of the stock kernel for TAILS. 00:33:32.420 --> 00:33:36.577 I think I filed a bug upstream with TAILS at the time, 00:33:36.577 --> 00:33:40.018 but this is just incredible because it's clear that all the crap 00:33:40.018 --> 00:33:46.065 in the default Debian kernel that you really want for your 1992 Apple network 00:33:46.065 --> 00:33:48.413 makes operational security really hard, 00:33:48.413 --> 00:33:51.632 and one thing that would be really great would be a GRsec enabled kernel... 00:33:53.206 --> 00:33:55.281 [applause] 00:33:55.281 --> 00:33:57.506 Yes, have to drink. 00:34:01.351 --> 00:34:06.702 But as an example, we built different custom machines, and one of the things 00:34:06.702 --> 00:34:09.953 that we did for some people and in some circumstances was 00:34:09.953 --> 00:34:12.371 to build GRsec enabled kernels. 00:34:12.371 --> 00:34:14.755 And I'm not going to drink again. 00:34:19.044 --> 00:34:20.892 So we built those kernels 00:34:21.222 --> 00:34:23.448 [audience]: Which ones? 00:34:24.315 --> 00:34:27.166 [Jacbob]: Yes, exactly, those ones. 00:34:27.166 --> 00:34:30.886 And that was work which creates a problem for a bunch of reasons. 00:34:30.886 --> 00:34:33.544 When you build custom kernels, and you only have a few people 00:34:33.544 --> 00:34:35.244 that can build those kernels, 00:34:35.244 --> 00:34:37.890 you actually build a chain of evidence of who helped who. 00:34:37.890 --> 00:34:39.891 And if that was stable, normal package, 00:34:39.891 --> 00:34:42.590 that people could install in a Debian pure blend, 00:34:42.590 --> 00:34:44.713 then it would have been easier to do that. 00:34:44.713 --> 00:34:48.660 We built a lot more sandbox profiles for various different things, 00:34:48.660 --> 00:34:51.284 we built some transparent TOR-ification stuff, 00:34:51.284 --> 00:34:53.953 and that required a lot of bespoke knowledge, 00:34:53.953 --> 00:34:57.305 and it required a lot of effort that a lot of people did not have, 00:34:57.305 --> 00:34:59.201 because they had a different set of skills, 00:34:59.201 --> 00:35:00.882 and it's good to have a division of labour, 00:35:00.882 --> 00:35:04.155 but having that kind of stuff built into Debian by default, making a 00:35:04.155 --> 00:35:06.130 Debian installer that could do that, 00:35:06.130 --> 00:35:08.749 and also verification, would be great, right? 00:35:08.749 --> 00:35:12.147 So I wrote some custom scripts where I could look at a TAILS disk, 00:35:12.147 --> 00:35:14.041 or a Debian install, 00:35:14.041 --> 00:35:15.993 and know if it had been tampered with. 00:35:15.993 --> 00:35:19.939 And it would be nice if there was just a disk you could boot that did 00:35:19.939 --> 00:35:21.993 verification of an installed system 00:35:21.993 --> 00:35:25.039 very very easily, so easily that Glen Greenwald could use it. 00:35:25.039 --> 00:35:29.784 I love Glen, I say that very politely, 00:35:30.047 --> 00:35:33.002 but what I means is it needs to be easier than that, 00:35:33.002 --> 00:35:36.425 because Glen at least knows that he he a reason to need it. 00:35:36.425 --> 00:35:39.526 And so that was something that we really needed help with. 00:35:39.526 --> 00:35:41.615 And we spent a lot of time on that. 00:35:41.615 --> 00:35:43.794 And there are lots of other little things like that, 00:35:43.794 --> 00:35:45.390 and I'll talk about some of those things tomorrow, 00:35:45.390 --> 00:35:47.398 but one of the really big problems is hardware, 00:35:47.398 --> 00:35:50.592 which is that you cannot buy a modern Intel CPU which doesn't come 00:35:50.592 --> 00:35:52.444 with a backdoor any more. 00:35:52.444 --> 00:35:57.016 And that is a huge problem, and I'm not sure that the answer is to use ARM. 00:35:57.016 --> 00:35:59.035 It seems like the answer is to use ARM. 00:35:59.035 --> 00:36:02.915 But that's only if assume that ARM didn't just add a backdoor that's obvious. 00:36:02.915 --> 00:36:07.580 So we really need to think about how to, in moving forward, 00:36:07.580 --> 00:36:12.485 how to have easy to use, easy to buy on the shelf, Debian hardware, 00:36:12.485 --> 00:36:14.976 available everywhere, all the time, 00:36:14.976 --> 00:36:18.101 so you can just go and buy this thing and verify it in some way 00:36:18.101 --> 00:36:19.881 with some other machine, 00:36:19.881 --> 00:36:21.705 to know that you would have the right thing. 00:36:21.705 --> 00:36:24.649 And to that extent we didn't have X-rays for a lot of the circuit boards, 00:36:24.649 --> 00:36:27.506 so that made it very difficult to know if when you buy something, 00:36:27.506 --> 00:36:29.725 it's been tampered with. 00:36:29.725 --> 00:36:32.349 I'll talk about some of that stuff tomorrow, 00:36:32.349 --> 00:36:35.748 but basically, Debian does a lot of stuff right, 00:36:35.748 --> 00:36:39.114 and that is also worth mentioning. 00:36:39.114 --> 00:36:44.112 There's so many things that just work out of the box, that just work perfectly. 00:36:44.112 --> 00:36:47.659 So the main thing is to keep the quality assurance at the level, 00:36:47.659 --> 00:36:49.644 or to exceed where it is right now. 00:36:49.644 --> 00:36:51.960 Because it actually works super super well. 00:36:51.960 --> 00:36:55.735 The exception being for very specific targetted attacks, 00:36:55.735 --> 00:36:59.488 the kernel attack surface is pretty big, and pretty bad, I think. 00:36:59.488 --> 00:37:03.059 And also, we rebuilt some binaries in order to.. 00:37:03.059 --> 00:37:04.452 sorry, I'll get to you in a second. 00:37:04.452 --> 00:37:08.880 We rebuilt some binaries to make sure that we had address space randomisation 00:37:08.880 --> 00:37:11.581 and linker hardening, and stack canary stuff, 00:37:11.581 --> 00:37:15.597 and for some stuff lately we've been using address sanitizer, 00:37:15.597 --> 00:37:19.601 so it would be really great if all the hardening stuff was turned in, 00:37:19.601 --> 00:37:22.977 if there was PAX plus GRsec as a kernel. 00:37:23.801 --> 00:37:26.520 [audience]: so the specific problem with GR security is that they don't really 00:37:26.520 --> 00:37:29.580 want to work with distros. 00:37:29.580 --> 00:37:35.280 So we could have a Linux kernel package with GR security applied, 00:37:35.280 --> 00:37:38.401 but it wouldn't have any of the other Debian patches. 00:37:39.121 --> 00:37:41.400 [Jacob]: So I talked with Brad Spender about this, 00:37:41.400 --> 00:37:42.942 and I'm so glad that you said that, 00:37:42.942 --> 00:37:47.180 because what he said was that, as far as I can tell, he's totally interested in 00:37:47.180 --> 00:37:49.700 helping Debian with this but thinks that Debian is not interested. 00:37:49.700 --> 00:37:53.060 He actually runs a kernel building service where they do 00:37:53.060 --> 00:37:55.280 individual kernel builds, and I think you'd be interested, 00:37:55.292 --> 00:37:57.080 and when I told him we'd love to have this in TAILS, he said 00:37:57.340 --> 00:38:01.420 what patches do I need to include in GRsec to make sure that it'll work? 00:38:01.420 --> 00:38:04.500 And he offered to do the integration into the GRsec patch if there are not 00:38:04.500 --> 00:38:05.760 too many things. 00:38:05.760 --> 00:38:07.903 So I think what we should try and do is build a line of communication, 00:38:07.903 --> 00:38:10.000 and if it costs money we should find a way to raise that money, 00:38:10.000 --> 00:38:11.800 I'll put in some of my own personal money for this, 00:38:11.800 --> 00:38:13.720 and I know other people would too. 00:38:13.720 --> 00:38:14.421 [distant audience]: I will. 00:38:14.421 --> 00:38:16.160 [Jacob]: Great. 00:38:16.160 --> 00:38:18.920 So securedrop, for example, part of what they do for their leaking platform, 00:38:18.920 --> 00:38:22.300 if you go to the intercepts website, you wan to leak them a document, 00:38:22.300 --> 00:38:26.201 they actually use free software everywhere, but there are a few things 00:38:26.201 --> 00:38:29.341 they build specially, and one of those things is a GRsec kernel. 00:38:29.341 --> 00:38:31.760 So the people at first look, that helped make this movie, 00:38:31.760 --> 00:38:33.520 and that work on securedrop, 00:38:33.520 --> 00:38:34.903 they would probably also, 00:38:34.903 --> 00:38:37.242 I'm not committing them, I don't know that they would actually do this, 00:38:37.242 --> 00:38:39.280 but I think they would really like it if that was in there, 00:38:39.280 --> 00:38:41.901 and I think it we could find the community will to do that, 00:38:41.901 --> 00:38:44.081 I know I would volunteer and other people would, 00:38:44.081 --> 00:38:47.160 I know that dkg in the back would love to help with this, I would that ??? 00:38:47.160 --> 00:38:50.480 who is just totally behind funding this work, right? 00:38:53.700 --> 00:38:56.401 I thought that you were there to protect my civil liberties, buddy. 00:39:00.080 --> 00:39:03.460 But I really think that it's possible that we could do this, 00:39:03.460 --> 00:39:07.380 and I definitely think Brad, the author of GRsec, 00:39:07.380 --> 00:39:09.920 I think he would really love it if Debian shipped GRsec. 00:39:09.920 --> 00:39:11.920 And it doesn't need to come by default, 00:39:11.920 --> 00:39:16.781 but if it was possible to just have it all, that would be great. 00:39:17.220 --> 00:39:20.400 Maybe we could have an affinity group where everyone who is interested can 00:39:20.400 --> 00:39:23.100 meet sometime tomorrow and we could talk about doing this. 00:39:23.100 --> 00:39:25.421 I would love to have that conversation. 00:39:25.421 --> 00:39:27.080 Who are you? 00:39:28.030 --> 00:39:29.110 [audience]: Ben Hutchings. 00:39:29.720 --> 00:39:34.270 [Jacob]: Oh, nice to meet you! 00:39:35.041 --> 00:39:38.580 [laughter, applause] 00:39:42.880 --> 00:39:44.740 That's awkward. 00:39:46.820 --> 00:39:50.840 [question]: Hi. Sorry to interrupt the awkwardness, 00:39:50.840 --> 00:39:52.562 and replace it with more awkwardness. 00:39:52.562 --> 00:39:54.060 Nice to see you, Jake. 00:39:54.060 --> 00:39:58.282 So, I remember reading the documents in 2013 00:39:58.282 --> 00:40:04.220 and seeing the NSA's internal training guide for how to query their 00:40:04.220 --> 00:40:07.501 Hadoop data store, aka xkeyscore, 00:40:07.501 --> 00:40:14.961 and so I thought I would just ask you if you think Free software net helps us 00:40:14.961 --> 00:40:16.641 or helps them. 00:40:17.361 --> 00:40:19.161 [Jacob]: I'm really glad you asked that question. 00:40:19.161 --> 00:40:23.001 I think that Free software helps everyone on the planet, and I think that 00:40:23.001 --> 00:40:26.983 purpose-based limitations.. I understand why people want them. 00:40:27.640 --> 00:40:30.682 I think we should try to build a world where we are free, 00:40:30.682 --> 00:40:34.360 and so putting in purpose-based limitations is really problematic, 00:40:34.641 --> 00:40:37.681 and I think what we should do is try to mitigate the harm that they can do 00:40:37.681 --> 00:40:39.340 with those systems, 00:40:39.340 --> 00:40:41.820 as opposed to pretending that they care about Free software licensing. 00:40:42.280 --> 00:40:45.100 These guys kill people with flying robots, 00:40:45.100 --> 00:40:48.664 it's illegal to murder people, and they do it. 00:40:49.421 --> 00:40:52.700 Limiting their use with licenses, first of all, that just means they'll spend 00:40:52.700 --> 00:40:55.361 your tax money to rewrite it if they care about the license, 00:40:56.241 --> 00:40:59.680 and you won't get their bug-fixes or their improvements, 00:40:59.680 --> 00:41:02.160 and then additionally they're still not going to obey your license anyway, 00:41:02.160 --> 00:41:05.140 because literally some of these people work on assassinating people. 00:41:05.140 --> 00:41:08.481 So it is better that we keep our integrity and take the high road, 00:41:08.481 --> 00:41:11.980 and write Free software, and we give it to every single person on the planet 00:41:11.980 --> 00:41:13.620 without exception, 00:41:14.600 --> 00:41:16.460 It's just better. It's better for all of us, right? 00:41:16.460 --> 00:41:22.080 So the fact that they have Hadoop, the fact that they, for example, use OpenSSL, 00:41:22.080 --> 00:41:24.860 or maybe they use Tor, or whatever, right? 00:41:24.860 --> 00:41:26.920 Or they use gdb to debug their exploits. 00:41:30.220 --> 00:41:32.260 I kind of wish that on them. 00:41:33.721 --> 00:41:36.622 [laughter, applause] 00:41:37.643 --> 00:41:39.100 I think it's great, right? 00:41:39.100 --> 00:41:42.341 So one of the things Che Guevara said in his manual about guerilla warfare, 00:41:42.341 --> 00:41:44.820 in chapter two, is that (oh, it was chapter three) 00:41:44.820 --> 00:41:48.000 He talks about when you have to arm a guerrilla army, 00:41:48.000 --> 00:41:52.141 this is not exactly related, but it's an analog. 00:41:52.141 --> 00:41:54.780 He says that the most important thing is for the guerrilla army to 00:41:54.780 --> 00:41:58.340 use the weapons of the people that they're fighting - the oppressor. 00:41:58.340 --> 00:42:01.740 And the reason is that it allows you to resupply, essentially. 00:42:01.740 --> 00:42:04.580 When you win a battle, you resupply. 00:42:05.141 --> 00:42:07.860 When we all use the same Free software, and we're working on these things, 00:42:07.860 --> 00:42:10.883 the fact that they have to contribute to the same projects and they often do 00:42:10.883 --> 00:42:13.121 means there's a net win for us. 00:42:13.121 --> 00:42:16.420 They do have some private things that they don't share, obviously, 00:42:16.420 --> 00:42:19.380 with the exception of nice people like Edward Snowden, 00:42:19.380 --> 00:42:22.062 and I think that it is a net positive thing, 00:42:22.062 --> 00:42:24.200 and if we think of it as a struggle, 00:42:24.200 --> 00:42:26.280 we are better off to take the high road, 00:42:26.280 --> 00:42:29.420 and so I really think we should not pretend that we can stop them, 00:42:29.420 --> 00:42:32.000 and instead we should work together to build solutions. 00:42:32.000 --> 00:42:33.641 And I think that Debian is doing that, right? 00:42:33.641 --> 00:42:35.960 I think Debian is much harder to compromise than 00:42:35.960 --> 00:42:37.680 a lot of other operating systems, 00:42:37.680 --> 00:42:39.882 and it's much much harder to coerce people, 00:42:39.882 --> 00:42:42.720 and there's a strong ethos that comes with it that it's not just the technical 00:42:42.720 --> 00:42:45.300 project, there's a social aspect to it. 00:42:45.300 --> 00:42:48.506 I think I was in the New Maintainer queue for 11 years, 00:42:48.506 --> 00:42:50.301 maybe that's a little too long, 00:42:50.301 --> 00:42:52.400 but there's a huge hazing process, 00:42:52.400 --> 00:42:55.640 so anyone who wants to help, really really wants to help, 00:42:55.640 --> 00:42:58.660 and if they want to do something wrong there are processes to catch 00:42:58.660 --> 00:43:00.602 people doing things wrong. 00:43:00.602 --> 00:43:03.000 So we should really stay true to the Free software ethos, 00:43:03.000 --> 00:43:05.060 and it really is a net benefit. 00:43:08.362 --> 00:43:12.120 [question]: Hi Jake. Thanks a lot for saying so much "GRsec". 00:43:17.020 --> 00:43:19.740 Just wanted to give a shout out. 00:43:19.740 --> 00:43:24.681 You mentioned possible backdoors in CPUs and so on, 00:43:24.681 --> 00:43:30.340 that ARM might not be the next best thing because it's not so open either. 00:43:30.340 --> 00:43:32.961 You might want to have a look at Power 8. 00:43:32.961 --> 00:43:38.541 It's basically PowerPC 64, so Debian has support for it as far as I know, 00:43:38.541 --> 00:43:41.300 and most of the stuff is actually open. 00:43:41.300 --> 00:43:45.300 Not that actual designs that IBM is using, 00:43:45.300 --> 00:43:49.101 but you can have, actually, an FPGA implementation of it, 00:43:49.101 --> 00:43:55.240 and if you have the money make your own ASICs for it, without even knowing 00:43:55.240 --> 00:43:59.080 how to do it, which is pretty good, I think. 00:43:59.861 --> 00:44:02.860 [Jacob]: I think there are lots of things we can hack right? 00:44:02.860 --> 00:44:06.100 I mean I had one of those weird RMS laptops, the Limote, 00:44:06.100 --> 00:44:07.940 or whatever it's called, for a while. 00:44:07.940 --> 00:44:10.540 And I was definitely able to get some Free software running on it, 00:44:10.540 --> 00:44:12.621 in theory it was a Free software laptop. 00:44:12.621 --> 00:44:16.160 But getting other people to use this is the problem, 00:44:16.160 --> 00:44:18.382 you need to get everybody to use it, right? 00:44:18.382 --> 00:44:20.680 There's a sort of old anarchist cliché, 00:44:20.680 --> 00:44:22.721 "None of us are free until all of us are free" 00:44:22.721 --> 00:44:25.201 And that really applies here. 00:44:25.201 --> 00:44:28.024 We really need to have Free software that's usable by everyone, 00:44:28.024 --> 00:44:31.320 otherwise we're sort of bound by the lowest common denominator 00:44:31.320 --> 00:44:36.440 of Free, or proprietary tools, depending on what people have to use. 00:44:36.440 --> 00:44:38.380 So it'll be great when we have that, 00:44:38.380 --> 00:44:40.142 and there's a thing called the Nokimist??? 00:44:40.142 --> 00:44:44.201 which is a video mixing board that has an FPGA implementing a Free software CPU 00:44:44.201 --> 00:44:46.321 that you can boot Debian on, or OpenWRT, 00:44:46.321 --> 00:44:48.401 and it does work, and I have used it, 00:44:48.401 --> 00:44:50.580 and in fact I used to use it as a shell, 00:44:50.580 --> 00:44:54.120 and for a long time I used a Debian trick, 00:44:54.120 --> 00:44:56.301 actually I've never talked about that in public, 00:44:56.301 --> 00:44:57.720 let me think about that for a second. 00:44:58.880 --> 00:45:02.280 So I used to use an IRC client that was really buggy, 00:45:02.280 --> 00:45:05.460 and I couldn't figure out where all the bugs were, 00:45:05.460 --> 00:45:08.280 but I knew that if I hung out in certain networks that someone else 00:45:08.280 --> 00:45:11.820 would help me find those bugs by trying to exploit my client. 00:45:11.820 --> 00:45:13.740 And I wanted to make it as hard as possible. 00:45:13.740 --> 00:45:18.960 So I ran my IRC client inside of a Debian machine that was running an S390 emulator. 00:45:18.960 --> 00:45:24.981 Who here uses Hercules? Thank you to whoever packaged it. 00:45:24.981 --> 00:45:28.042 And so I would use Hercules, it was a very long install process. 00:45:28.042 --> 00:45:30.022 Very slow. 00:45:30.022 --> 00:45:34.382 And I would do this, and what I'd always dreamed of doing at some point 00:45:34.382 --> 00:45:37.200 was using the Nokimist??? and the Hercules together 00:45:37.200 --> 00:45:40.580 for maximum ridiculously difficult to exploit, 00:45:40.580 --> 00:45:42.220 plus GRsec kernel. 00:45:45.140 --> 00:45:47.663 But that's not a usable thing. 00:45:47.663 --> 00:45:49.901 So what we need to do is take these kinds of prototypes 00:45:49.901 --> 00:45:52.601 which actually do represent many steps forward, 00:45:52.601 --> 00:45:55.900 and we need to make sure that they're produced on a scale where 00:45:55.900 --> 00:45:59.980 you can go into a store and puchase them anonymously, with cash, 00:45:59.980 --> 00:46:02.261 in a way that you can then verify. 00:46:02.261 --> 00:46:06.260 And we're actually really close to that with software defined radios 00:46:06.260 --> 00:46:07.720 and open hardware, 00:46:07.720 --> 00:46:10.240 but we're not quite there yet. 00:46:11.820 --> 00:46:15.900 [question]: What I meant is that Power 8 is basically getting big, currently, 00:46:15.900 --> 00:46:17.880 on the server market, 00:46:17.880 --> 00:46:20.943 and it might get big for other stuff also. 00:46:21.780 --> 00:46:23.401 [Jacob]: Hopefully. 00:46:26.160 --> 00:46:29.240 [question]: I want to come back to the story about the panic 00:46:29.240 --> 00:46:31.841 in the Appletalk driver. 00:46:31.841 --> 00:46:36.940 The common approach against this is to compile your own kernel with 00:46:36.940 --> 00:46:39.720 all this stuff not compiled in, 00:46:39.720 --> 00:46:44.500 but on two of my systems I have a modprobe wrapper which has 00:46:44.500 --> 00:46:47.320 a whitelist of modules which may be loaded, 00:46:47.320 --> 00:46:52.111 and I install that wrapper as the thing that the kernel uses for loading modules. 00:46:52.361 --> 00:46:58.041 Do you know if such a thing exists elsewhere, or if not, 00:46:58.041 --> 00:47:03.141 I would be interested in developing it into something which is actually useable 00:47:03.141 --> 00:47:04.781 for people. 00:47:05.680 --> 00:47:07.740 [Jacob]: That would be great. 00:47:07.740 --> 00:47:11.600 In this case we were using Tails. 00:47:11.600 --> 00:47:19.150 And so, Tails is very finicky about what it will accept, and very reasonably so, 00:47:19.150 --> 00:47:23.360 and so having that in Debian will make it a lot easier to get it into something 00:47:23.360 --> 00:47:25.335 like Tails, I think. 00:47:25.335 --> 00:47:28.520 But the main thing is really that we have to think about the attack surface 00:47:28.520 --> 00:47:30.301 of the kernel very differently. 00:47:30.301 --> 00:47:33.300 The problem is not Appletalk; the problem is the Linux kernel is filled with 00:47:33.300 --> 00:47:34.921 a lot of code, 00:47:34.921 --> 00:47:38.520 and you can autoload, in certain cases, certain things come in, 00:47:38.520 --> 00:47:40.500 and certain things get autoloaded, 00:47:40.500 --> 00:47:43.381 and I know Bdale loves his ham radio stuff, 00:47:43.381 --> 00:47:45.722 but I never use ham radio on my machine 00:47:45.722 --> 00:47:49.000 I used for clandestine conspiracies, you know? 00:47:49.000 --> 00:47:50.640 That's a separate machine. 00:47:50.640 --> 00:47:52.120 It's over here. 00:47:52.120 --> 00:47:53.860 So we just need to find a way to think about that. 00:47:53.860 --> 00:47:56.840 And part of that could be kernel stuff, but also part of it could be thinking 00:47:56.840 --> 00:47:59.741 about solutions like that, where we don't need to change the kernel. 00:47:59.741 --> 00:48:02.100 So if you could package that and develop that, it would be really fantastic. 00:48:04.022 --> 00:48:09.481 [Ben]: Actually, some time ago, after I think it was the econet exploits, 00:48:09.481 --> 00:48:13.280 no-one uses econet, it was broken anyway, but you could exploit it, 00:48:13.280 --> 00:48:15.240 because it was autoloaded. 00:48:15.240 --> 00:48:22.920 So I actually went through and turned off autoloading on a few of the more obscure 00:48:22.920 --> 00:48:24.740 network protocols. 00:48:24.740 --> 00:48:29.021 We could probably go further with that, even in the defaults. 00:48:29.021 --> 00:48:31.860 [Jacob]: I think it would be great to change some of the kernel stuff so that 00:48:31.860 --> 00:48:36.040 at least, I mean, Tails is a special use case, where, I think, it's very important, 00:48:36.040 --> 00:48:37.941 and it doesn't work for everyone, 00:48:37.941 --> 00:48:41.320 but we should just consider that there are certainly things which are really great, 00:48:41.320 --> 00:48:44.400 and I want to use Debian for it, because Debian is a universal operating system. 00:48:44.400 --> 00:48:48.160 But for a modern desktop system where you're using GNOME, 00:48:48.160 --> 00:48:53.700 and you haven't set anything up, Appletalk for example, 00:48:53.700 --> 00:48:57.781 maybe we would ask those people to load that module themselves. 00:48:59.541 --> 00:49:04.900 [Ben]: Yeah, for example you could have, a lot of those things are going to 00:49:04.900 --> 00:49:06.981 have supporting utilities, 00:49:06.981 --> 00:49:10.021 so you could put something in the supporting utilities that loads it 00:49:10.021 --> 00:49:11.380 at boot time. 00:49:12.100 --> 00:49:14.160 And if you don't have those installed, you don't need it. 00:49:15.060 --> 00:49:17.421 [Jacob]: Yep, totally. And I think there's lots of ways to do it where 00:49:17.421 --> 00:49:20.060 the network can't trigger it, and that's important. 00:49:20.800 --> 00:49:23.802 [Ben]: Yeah, that puzzled me, I can't understand, 00:49:23.802 --> 00:49:29.360 the protocol module should get loaded when userland tries to open a socket 00:49:29.360 --> 00:49:32.220 of that type, 00:49:32.220 --> 00:49:35.481 it shouldn't happen in response to network traffic. 00:49:36.960 --> 00:49:44.981 There are things like, I think if you run ifconfig that can autoload 00:49:44.981 --> 00:49:47.000 a bunch of things, for example. 00:49:47.720 --> 00:49:49.801 [Jacob]: Yeah, I think on either side it should be more explicit, 00:49:49.801 --> 00:49:52.940 and in this case with Tails, 00:49:52.940 --> 00:49:55.220 there was a time when you looked at the kernel module list 00:49:55.220 --> 00:49:57.080 and it was pretty amazing, 00:49:57.080 --> 00:50:00.801 like I think there was an X25 thing, an Appletalk thing, 00:50:00.801 --> 00:50:03.781 wait, this is all about going over Tor, we don't support any of these 00:50:03.781 --> 00:50:05.340 things at all. 00:50:05.340 --> 00:50:09.540 So it's just the way that things are interdependent, right? 00:50:09.540 --> 00:50:11.440 It's not a dig at the kernel itself. 00:50:11.440 --> 00:50:13.981 I think the Linux kernel as it works in Debian today works really well 00:50:13.981 --> 00:50:15.440 for a lot of people, 00:50:15.440 --> 00:50:17.960 but there is definitely a high security use case, 00:50:17.960 --> 00:50:20.780 and I, for example, if I were a Debian developer, and I had a development 00:50:20.780 --> 00:50:22.780 machine where I didn't run a web browser, 00:50:22.780 --> 00:50:24.940 and I took a lot of effort. 00:50:24.940 --> 00:50:29.401 It would be really nice if there were a kernel that put in the same 00:50:29.401 --> 00:50:32.420 threshold of security. 00:50:32.420 --> 00:50:35.840 And I think that the GRsec kernel with some stuff changed about it, 00:50:35.840 --> 00:50:37.840 like getting rid of Appletalk and a few other things, 00:50:37.840 --> 00:50:39.500 would be closer to that, 00:50:39.500 --> 00:50:41.581 and combined with that guy's tool that he's talking about, 00:50:41.581 --> 00:50:46.760 you could make autoloadable module, that at least even if the system was 00:50:46.760 --> 00:50:49.500 going to autoload it, you could stop it, in a failing closed sort of way. 00:50:49.500 --> 00:50:53.200 And I think there's a lot of stuff, practically, to do on that front, 00:50:53.200 --> 00:50:56.160 and there's another project called Subgraph OS, 00:50:56.160 --> 00:51:02.161 which is basically working on becoming in some ways a Debian derivative, 00:51:02.161 --> 00:51:04.540 and they're going to do stuff like GRsec kernel, 00:51:04.540 --> 00:51:08.142 and they have a whole sandboxing framework which uses apparmor, seccomp 00:51:08.142 --> 00:51:10.540 and xpra, and a few other things, 00:51:10.540 --> 00:51:13.903 and I think that they'll make a lot of interesting security decisions, 00:51:13.903 --> 00:51:16.961 which might make sense to adopt in Debian later. 00:51:17.860 --> 00:51:20.441 [Ben]: I think Matthew Garrett has an interesting criticism about that and 00:51:20.441 --> 00:51:24.020 how it wouldn't really work, and Wayland was a better way to go than xpra. 00:51:25.240 --> 00:51:26.741 [Jacob]: Yeah, I've heard those criticisms, 00:51:26.741 --> 00:51:28.622 but Matthew Garrett is wrong. 00:51:29.600 --> 00:51:32.540 Not usually, but in this particular case. 00:51:32.540 --> 00:51:37.200 For example, the sandboxing stuff, if you have a GNOME appstore, 00:51:37.200 --> 00:51:41.761 essentially, that's for one set of users, but for a Debian developer 00:51:41.761 --> 00:51:44.282 writing your own policies, it might be useful, 00:51:44.282 --> 00:51:46.960 and if you need Wayland, you might not have a full solution, 00:51:46.960 --> 00:51:49.220 we might want to have both for a while. 00:51:49.220 --> 00:51:51.060 And think it'd be great. 00:51:51.060 --> 00:51:54.140 And the main thing is we just need to find people who will think about those 00:51:54.140 --> 00:51:55.823 issues and try to integrate them, 00:51:55.823 --> 00:52:00.481 because most people who write exploits, or who understand how to do offensive 00:52:00.481 --> 00:52:03.360 security stuff, they don't want to help Free software projects, 00:52:04.200 --> 00:52:05.761 they just want to exploit them. 00:52:05.761 --> 00:52:08.460 And so some of the Subgraph guys, what I really like about them 00:52:08.460 --> 00:52:11.461 is that they're trying to improve the Free software products we all use. 00:52:11.461 --> 00:52:13.480 Even though they may make different design decisions, 00:52:13.480 --> 00:52:15.200 they're making Free software all the same. 00:52:18.680 --> 00:52:24.400 [question]: Maybe also, some other thing to keep in mind is actually 00:52:24.400 --> 00:52:39.040 that there is also a social aspect of this pressure if NSA wants to put anything 00:52:39.040 --> 00:52:41.440 inside Debian. 00:52:41.440 --> 00:52:48.021 So if we actually also need to make sure that if they put pressure on somebody 00:52:48.021 --> 00:52:56.601 we have any way to help these people not land in prison. 00:52:56.601 --> 00:53:04.080 So is there also a social aspect of supporting people which get pressure 00:53:04.080 --> 00:53:05.980 from anyone. 00:53:06.840 --> 00:53:09.722 [Jacob]: Yep. I mean, if anyone is ever in that situation one thing I would say 00:53:09.722 --> 00:53:12.641 is that it's your right to remain silent, 00:53:12.641 --> 00:53:15.721 you have the right to remain silent I think is the phrase the police would say 00:53:15.721 --> 00:53:19.300 but there are definitely communities of people who will help you. 00:53:19.300 --> 00:53:21.700 There's a group called the Courage foundation, for example, 00:53:21.700 --> 00:53:23.563 which was started by Sarah Harrison, 00:53:23.563 --> 00:53:26.280 and the job that the Courage foundation has taken on 00:53:26.280 --> 00:53:30.060 is essentially to help people who would be sources or who are in harm's way like this 00:53:30.060 --> 00:53:32.642 and if you found yourself in that kind of a position there are people 00:53:32.642 --> 00:53:34.520 who will try to help you. 00:53:34.520 --> 00:53:36.800 I really don't think that is the next step in this, 00:53:36.800 --> 00:53:38.383 I think that could happen. 00:53:38.383 --> 00:53:42.000 But I thin it's much more likely someone is going to write an exploit for Firefox. 00:53:42.000 --> 00:53:44.581 That's the way they're going to own Debian people in the future, 00:53:44.581 --> 00:53:47.041 for the most part, that's how they own us today. 00:53:47.041 --> 00:53:51.700 Firefox, number one enemy to security on your Debian machine, probably. 00:53:51.700 --> 00:53:54.680 And that's not a dig at Firefox, it's just super-complicated software, 00:53:54.680 --> 00:53:56.520 and these guys are really good at writing exploits, 00:53:56.520 --> 00:53:58.582 and that's an easy target. 00:53:58.582 --> 00:54:00.960 So we, I think, have to do with the social thing, 00:54:00.960 --> 00:54:03.580 but we also should look at some of the technical problems, 00:54:03.580 --> 00:54:06.820 and then when and if people have that, you can contact me. 00:54:06.820 --> 00:54:10.022 I'm super happy to put you in touch with people who will help. 00:54:10.022 --> 00:54:13.860 And obviously, get a lawyer, get several lawyers if you can. 00:54:13.860 --> 00:54:17.440 Contact the EFF, or the ACLU, depending on where you are. 00:54:17.440 --> 00:54:22.561 At least in Germany, and in the United States, it isn't so bad yet 00:54:22.561 --> 00:54:25.903 that they can put that kind of pressure on you openly, 00:54:25.903 --> 00:54:27.760 in a Free software project. 00:54:27.760 --> 00:54:31.120 If you write proprietary software you're in a very different situations, 00:54:31.120 --> 00:54:34.180 and there are definitely people who are in that situation right now, 00:54:34.180 --> 00:54:38.223 and I don't envy them. Their position is actually much harder. 00:54:38.223 --> 00:54:42.200 So actually writing Free software already makes you not at the very beginning 00:54:42.200 --> 00:54:43.761 of the target list, I think. 00:54:46.860 --> 00:54:53.140 Any other questions? Wow. Where's the rum? 00:55:01.323 --> 00:55:06.080 [question]: How do you deliver the encrypted message without exposing 00:55:06.080 --> 00:55:07.780 the connection to a third party? 00:55:14.321 --> 00:55:15.960 [Jacob]: Which encrypted message do you mean? 00:55:16.960 --> 00:55:19.102 Do you mean, like jabber? 00:55:19.800 --> 00:55:21.262 [question]: Email, or jabber, yes. 00:55:22.040 --> 00:55:25.640 [Jacob]: For the most part we use systems where Tor hidden services are available 00:55:25.640 --> 00:55:29.060 to connect to them, so we never even left the Tor anonymity network, 00:55:29.060 --> 00:55:31.521 so they're end-to-end encrypted and anonymized, you connect to a 00:55:31.521 --> 00:55:33.541 .onion address, 00:55:33.541 --> 00:55:37.560 and then using crypto on top of that, so TLS to a Jabber server, 00:55:37.560 --> 00:55:39.880 and then OTR on top of that, 00:55:39.880 --> 00:55:44.944 so you have, you could call it a composition of cryptographic systems, 00:55:44.944 --> 00:55:50.060 and the core of that is Tor, along with using throwaway machines, 00:55:50.060 --> 00:55:52.620 going to locations where you never go twice, 00:55:52.620 --> 00:55:57.160 using open wifi plus Tor plus TLS plus OTR, 00:55:57.160 --> 00:56:01.821 and for email, Riseup offers Tor hidden services, which allows you to do the same 00:56:01.821 --> 00:56:05.040 thing, essentially, and then using PGP as well. 00:56:05.840 --> 00:56:11.600 [question]: I mean, how about metadata, like the delivery address of the target? 00:56:12.900 --> 00:56:23.100 [Jacob]: In some cases we use a system called Pond, 00:56:23.100 --> 00:56:26.420 and Pond is a system that is completely Tor hidden service based, 00:56:26.420 --> 00:56:29.342 pond.imperialviolet.org. 00:56:29.342 --> 00:56:33.441 Adam Langley probably wouldn't want me to say, but I'll say it anyway, 00:56:33.441 --> 00:56:35.880 it would be very useful to package this for Debian, 00:56:35.880 --> 00:56:39.400 because it's a system where once you do key exchange with someone, 00:56:39.400 --> 00:56:44.363 you have an end-to-end encrypted messaging system that's like email, 00:56:44.363 --> 00:56:47.960 you can send files that are encrypted, you can send messages that are encrypted, 00:56:47.960 --> 00:56:50.580 It's delay based. You don't have usernames, 00:56:50.580 --> 00:56:53.500 you just have a public key, and then you have group signatures, 00:56:53.500 --> 00:56:57.080 so that people can send things to your mailbox by proving they are a member 00:56:57.080 --> 00:56:59.662 of the group but not which member of the group they are. 00:56:59.662 --> 00:57:01.620 And there's a lot of stuff like that. 00:57:01.620 --> 00:57:03.862 So we use Jabber, we use email, and we use Pond. 00:57:03.862 --> 00:57:08.002 And those three systems together also allowed us to build a clandestine 00:57:08.002 --> 00:57:09.580 sneakernet. 00:57:09.580 --> 00:57:11.445 So we have the ability to carry USB disks, 00:57:11.445 --> 00:57:13.260 and a few of us carried them inside of our bodies, 00:57:13.260 --> 00:57:16.120 and if you've never had that experience, lucky you. 00:57:19.580 --> 00:57:24.401 You want to make sure you use post-quantum computer crypto for that, by the way. 00:57:24.401 --> 00:57:25.641 It's more comfortable. 00:57:28.680 --> 00:57:30.620 [orga]: Shall we relieve this man from his duties? 00:57:31.204 --> 00:57:33.080 [Jacob]: Any more questions? 00:57:33.660 --> 00:57:35.241 [orga]: One more question. 00:57:36.180 --> 00:57:39.061 [question]: Okay, so when the Snowden leaks were first published it created 00:57:39.061 --> 00:57:42.180 a lot of awareness, and people were talking about it, 00:57:42.180 --> 00:57:44.520 and there was a huge media echo, 00:57:44.520 --> 00:57:48.220 Now if some documents leaked, people are saying yeah, all this surveillance, 00:57:48.220 --> 00:57:51.480 and we aren't dead yet, and we can still live our lives. 00:57:51.480 --> 00:57:55.380 They basically care less. They still care a bit, but they care much less than 00:57:55.380 --> 00:57:58.582 when the first documents were published, 00:57:58.582 --> 00:58:04.663 so how can we maintain awareness for this issue in the world population, 00:58:04.663 --> 00:58:06.021 in your opinion? 00:58:07.100 --> 00:58:09.280 [Jacob]: There's a really scary thing that's happening right now. 00:58:09.280 --> 00:58:13.584 There was this idea in the 90s, we had the crypto wars. 00:58:13.584 --> 00:58:16.281 Did any of you remember this idea of the crypto wars? 00:58:16.281 --> 00:58:18.520 Okay, a few of you do, maybe not all of you do. 00:58:18.520 --> 00:58:21.741 But we had the so-called crypto wars in the 90s, I encourage you to look this up 00:58:21.741 --> 00:58:25.020 on DuckDuckGo, or whatever your favourite search engine is. 00:58:25.020 --> 00:58:28.763 In theory we're in the second crypto wars now. 00:58:28.763 --> 00:58:32.120 In reality what happened is the first crypto wars never ended. 00:58:32.120 --> 00:58:34.825 We didn't actually win, like we thought we did. 00:58:34.825 --> 00:58:37.180 But there are a bunch of things that are taking place. 00:58:37.180 --> 00:58:41.020 For example, making a stand against backdoors. 00:58:41.020 --> 00:58:45.082 Using end-to-end encrypted communications. 00:58:45.082 --> 00:58:47.622 Actually pushing for that, being quite open about actually hosting 00:58:47.622 --> 00:58:50.821 those kinds of services, and doing it from a principled perspective, 00:58:50.821 --> 00:58:52.880 from a legal perspective. 00:58:52.880 --> 00:58:57.541 I think you will find that the tension will continue to rise for a while, 00:58:57.541 --> 00:59:02.140 and I think that it will continue to be a conversation about public debate, 00:59:02.140 --> 00:59:06.561 and an important aspect of this is that now regular journalists that don't 00:59:06.561 --> 00:59:10.200 understand technology at least understand the importance of these things. 00:59:10.200 --> 00:59:13.260 And if they don't do that, they at least perceive that they will be considered 00:59:13.260 --> 00:59:16.901 unprofessional if they don't care, and think about those things, 00:59:16.901 --> 00:59:19.140 or they'll be somehow negligent. 00:59:19.140 --> 00:59:21.200 And I think that will keep some of the discussion going, 00:59:21.200 --> 00:59:23.860 and it will allow us to build some breathing room, 00:59:23.860 --> 00:59:26.781 and that breathing room will actually allow us to build some alternatives. 00:59:26.781 --> 00:59:29.704 But there are some downsides, right? 00:59:29.704 --> 00:59:34.020 Some of the things that take place when you reveal security service spying 00:59:34.020 --> 00:59:36.740 is that it tends to get normalized, to a degree. 00:59:36.740 --> 00:59:39.280 But then in some cases it does get pushed back. 00:59:39.280 --> 00:59:43.760 In the 70s in the United States, it became illegal to do assassinations, for example. 00:59:43.760 --> 00:59:46.861 Because what the CIA were doing was so atrocious that eventually there was 00:59:46.861 --> 00:59:48.620 political pushback. 00:59:48.620 --> 00:59:52.401 It turns out it only lasted 30 years, and then they started doing it again. 00:59:52.401 --> 00:59:57.700 But there's a saying in my country which is that effectively the price of liberty 00:59:57.700 --> 00:59:59.480 is eternal vigilance. 00:59:59.480 --> 01:00:01.080 And that's what we are engaged in now. 01:00:01.080 --> 01:00:04.801 And the liberty starts with software liberty, I think, 01:00:04.801 --> 01:00:06.960 in the case of communications on networks. 01:00:06.960 --> 01:00:10.500 And so we have to have Free software, and it has to be responsibly encoding 01:00:10.500 --> 01:00:12.160 packets and data, 01:00:12.160 --> 01:00:14.000 and if we think about it in this sense we'll find a lot of pressure, 01:00:14.000 --> 01:00:16.908 and we'll have a lot of discussions about it, 01:00:16.908 --> 01:00:19.720 and you'll start to see it be a part of policy debates, 01:00:19.720 --> 01:00:22.600 like one of the presidential candidates in the United States 01:00:22.600 --> 01:00:24.400 just came out against encryption. 01:00:24.400 --> 01:00:26.621 I hope that sinks his presidential campaign. 01:00:26.621 --> 01:00:28.600 I mean it's weird to be against encryption. 01:00:28.600 --> 01:00:31.160 It's like I'm against prime numbers. 01:00:31.160 --> 01:00:33.240 No modular arithmetic. 01:00:33.581 --> 01:00:37.161 [laughter, applause] 01:00:38.520 --> 01:00:41.721 I just want to say it's important to understand, you are right, 01:00:41.721 --> 01:00:43.721 people will be normalized about it, 01:00:43.721 --> 01:00:45.880 but each and every one of us that understands these issues 01:00:45.880 --> 01:00:47.700 can actually keep it alive. 01:00:47.700 --> 01:00:49.880 And the way we do that is when we communicate with people... 01:00:49.880 --> 01:00:52.201 I'll give you an example which I like to give. 01:00:52.201 --> 01:00:55.220 I grew up in San Fransisco and in the Bay Area or San Fransisco, and California, 01:00:55.220 --> 01:00:57.740 and I did that in the 80s. 01:00:57.740 --> 01:01:01.783 And so a lot of people that I knew had HIV and they died of AIDS. 01:01:01.783 --> 01:01:05.600 And there was a huge discussion about this, and it was called GRID, 01:01:05.600 --> 01:01:08.701 the Gay Related Immune Deficiency syndrome. 01:01:08.701 --> 01:01:10.662 Before it was called HIV and AIDS. 01:01:10.662 --> 01:01:12.644 And lots of people were sick, and lot of people died, 01:01:12.644 --> 01:01:14.820 and there was a sort of normalization process where people sort of 01:01:14.820 --> 01:01:18.141 accepted this as their fate, especially if they were in the gay community. 01:01:18.141 --> 01:01:22.900 And still, over years and years and years, people began to build a culture about 01:01:22.900 --> 01:01:26.300 safe sex, and they started to talk about respecting their partners, 01:01:26.300 --> 01:01:28.560 and about talking about these issues, and about getting tested, 01:01:28.560 --> 01:01:32.400 and it took a lot of effort, to really go much further. 01:01:32.400 --> 01:01:34.500 A lot of people actually died in that process. 01:01:34.500 --> 01:01:37.160 It was a very sad, serious situation. 01:01:37.160 --> 01:01:40.460 And I think we have similar discussions that are taking place now, 01:01:40.460 --> 01:01:42.361 and some people don't take it seriously, 01:01:42.361 --> 01:01:45.483 and if they happen to be Muslims living in Pakistan, 01:01:45.483 --> 01:01:48.320 they might get a drone strike. 01:01:48.320 --> 01:01:51.300 And there's a sort of survival mechanism that takes place there. 01:01:51.300 --> 01:01:54.384 And it's an unfortunate parallel, I think, 01:01:54.384 --> 01:01:57.261 but I would really consider that we can change this dialogue 01:01:57.261 --> 01:01:59.580 by continuing to have it even though it's exhausting, 01:01:59.580 --> 01:02:01.900 and by recognizing our responsibility, 01:02:01.900 --> 01:02:04.241 and how we can make it better by continuing to do that, 01:02:04.241 --> 01:02:07.040 and by building healthy alternatives, and by building new systems, 01:02:07.040 --> 01:02:10.380 and by refusing to backdoor any system, ever, 01:02:10.380 --> 01:02:13.561 completely committing to Free software, 01:02:13.561 --> 01:02:16.761 and transparency of that software, and also of those processes. 01:02:16.761 --> 01:02:19.640 And really really really sharing the knowledge about it, 01:02:19.640 --> 01:02:21.620 to make it impossible to surpress. 01:02:21.620 --> 01:02:25.020 And we should not accept the normalization of that. 01:02:25.020 --> 01:02:28.122 We shouldn't make it fun to spy on people, we shouldn't make jokes about it 01:02:28.122 --> 01:02:30.242 in a way that normalizes it, 01:02:30.242 --> 01:02:33.842 and we should respect those people who are victims of surveillance, 01:02:33.842 --> 01:02:36.702 and we should recognize that basically everyone here is a victim of surveillance 01:02:36.702 --> 01:02:38.300 to some degree, 01:02:38.300 --> 01:02:40.420 and we should care about that, and we should continue to be upset, 01:02:40.420 --> 01:02:43.160 but not just upset; to channel that anger into something useful 01:02:43.160 --> 01:02:45.321 like making Debian better. 01:02:46.820 --> 01:02:50.240 [applause] 01:02:56.101 --> 01:03:00.041 [orga]: Thanks Jake for such a long Q&A session, 01:03:00.041 --> 01:03:01.860 I hope you enjoy the rum. 01:03:01.860 --> 01:03:04.802 And I'm sure Jake's going to ask any more questions if he can still talk. 01:03:08.300 --> 01:03:10.140 [Jacob]: Thanks.