... wanted to be able to use Thunderbird and GnuPG together with Tor, and so we thought: oh, it would be really easy, I bet, to configure Thunderbird to work with Tor - hah - so a new Free software project was born. It's a really simple thing, but basically it's just a package that hooks it all together. So a lot of people were using Thunderbird and TorBirdy, and GnuPG, and Tor, and Debian, together for email, combined with Riseup as an email service. So it's a literally a real peer to peer, Free software driven set of things, actually, that made it possible. [question]: So one thing I never understood about this process was exactly how the documents were handled, and maybe that's because nobody wants to say, but, you know, did you leave them on a server somewhere and download them, hand them over to people, and who took what where, and how do you... in case I need to do something really dangerous with a load of documents, what's the best way of doing it? [laughter] [Jacob]: Hmm! [audience member]: It's a good thing this isn't being streamed. I'm sorry, what? There was a voice from god, what did she say? [audience]: I said good we aren't streaming tonight. Oh yeah, so hello to all of our friends in domestic and international surveillance services. Well, so I won't answer your question, but since you asked the question, it's my turn to talk. So what I would say is that... if you want to do clandestine activities that you fear for your life for, you need to really think about the situation that you're in very carefully. And so a big part of this is operational security and a big part of that is compartmentalization. So certain people had access to certain things, but maybe they couldn't decrypt them, and certain things were moved around, and that's on a need to know basis, and those people who knew, which is not me - I don't know anything, I don't know what you're talking about. Those people knew, and then you know, it'll go with them to their grave. So if you're interested in being the next Edward Snowden, you need to do your homework in finding people that will be able to do the other part of it, let's say. But just in general, I mean compartmentalization is key, right. So it's not just for AppArmor profiles. So you need to think about what you want to do. And I mean a big part of this is to consider that the network itself is the enemy, even though it is useful for communicating. So all the metadata that exists on the network could have tipped people off, could have caused this whole thing to fall apart. It really is amazing, I feel like you know two and half, three years ago, when you talk about Free software, and you talk about the idea of Free software, and you talk about issues relating to autonomy and privacy, and security you have a really different reception now than you did then, and that's really what it took to turn the world half a degree, or something, or a quarter of a degree or something. So I'm not going to tell you about detailed plans for conspiracy, but I highly encourage you to read about South African history, in particular the history of Umkhonto we Sizwe. They are the clandestine communications group for MK, or rather the operation who lay inside of MK, which is Umkhonto we Sizwe, and they are sort of with the African National Congress, and those people have published so many books about the revolutionary activities to overthrow the apartheid state. If you read these books, especially the book "Operation Vula" and "Armed and Dangerous" by Ronnie Kasrils they give you some idea about what you need to do which is to compartmentalize, how to find people to do various tasks, specific tasks, how to work on building trust with each other, what that looks like, how to identify political targets, how you might use things like communications technology to change the political topic on, and the discussion in general. And I think the best way to learn about these things is to study previous people who have tried to do that kind of stuff. And the NSA is not the apartheid regime of South Africa, but there are still lessons to be learned there, so if you really want to know the answer to that, also Che Guevara's manual on guerilla warfare is very interesting, and there's a lot of other books like that. I'd be happy to talk about it with you later. And I have nothing to do with anything that we may or may not have done. [laughter] [question]: Do you think there is a chance that things may get better for example I know that publicly, some programs were not extended but I don't know what is happening in the background so maybe it's the same thing but they are pretending that it's not How do you see this? [Jacob]: Well I think a couple of things. In general I think what happened, not just with this movie but with all of these things is that in inspired hope, and the hope is very important, but hope is not a strategy for survival, or for building alternatives, so what it has also done, is that it has allowed us to raise the profile of the things which actually do make it better. For example ridding ourselves of the chains of proprietary software is something that's a serious discussion with people that wouldn't have previously talked about Free software because they don't care about liberty, they care about security. And even though I think those are really simliar things, previously they just thought we were just Free software hippies, in tie-dye shirts and while that may be true on the weekends and evenings or with Bdale every day [laughter] I think that actually does make it better And it also changes the dialogue, in the sense that it's no longer reasonable to pretend that mass surveillance and surveillance issues don't matter, because if you really go down the rabbit-hole of thinking about what the security services are trying to do it becomes obvious that we want to encrypt everything all the time to beat selector-based surveillance and dragnet-based surveillance. It doesn't matter if something is authenticated You could still trigger some action to take place with these kinds of surveillance machines that could for example drone strike someone, and so it raises that. And that gives me a lot of hope too, because people understand the root of the problem, or the root of many problems and the root of some violence in the world, actually. And so it helps us to reduce that violence by getting people to acknowledge that it's real and also that they care about it and that we care about each other. So that really gives me a lot of hope, and part of that is Snowden and part of that is the documents but the other part of it is that.. I don't want to blow it up and make it sound like we did something like a big deal, but in a sense, Laura, Glen, myself and a number of other people were really not sure we would ever be able to travel home to our country that we wouldn't be arrested. I actually haven't been home in over two and half years, well, two years and three months or something I went out on a small business trip that was supposed to last two weeks and then this happened and I've been hear ever since. It's a really long, crazy trip. But the point is that that's what was necessary to make some of these changes and eventually it will turn around and I will be able to go home, and Laura and Glen will be able to travel to the US again. Obviously, Julian is still stuck in the Ecuadorian embassy Sarah lives in exile in Berlin, I live in exile in Berlin, And Ed is in Moscow So we're not finished with some of these things and it's also possible that we are, the set of people I mentioned, the state we're in, will stay that way forever. But what matters is that the rest of the world can actually move on and fix some of these problems, and I have a lot of hope about that. And I see a lot of change, that's the really big part. Like I see the reproducible build stuff that Holger and Lunar are working on. People really understand the root reason for needing to do that and actually seems quite reasonable to people who would previously have expended energy against it, in support of it, so I think that's really good. And there's a lot of other hopeful things. So I would try and be as uplifting as possible. It's not just the rum! [question]: Near the end of the film we saw something about another source. I may have been missing some news or something but I don't remember anything about that being public. Do you know what happened to them? [Jacob]: As far as I know any other source that was mentioned in the film is still anonymous, and they're still free. I'm not exactly sure because I was not involved in that part but I also saw the end of the film and I've seen a bunch of other reporting which wasn't attributed to anyone in particular So the good news... there's an old slogan from the Dutch hacker community, right? "Someone you trust is one of us, and the leak is higher up in the chain of command than you" And I feel like that might be true again, hopefully. I think that guy has a question as well. [question]: Part of the problem initially was that encryption software was not so easy to use, right? And I think part of the challenge for everyone was to improve on that situation to make it better so I'm asking you if you've observed any change and to the rest of the room have we done anything to improve on that? [Jacob]: I definitely think that there is a lot of free software that makes encryption easier to use, though not always on free platforms, which really is heart-breaking. For example Moxie Marlinspike has done a really good job with Signal, Textsecure and Redphone and making end-to-end, encrypted calling, texting, sexting, and whatever apps, sext-secure is what I think it's nicknamed and I'm very impressed by that, and it works really well and it's something which in the last two years if you have a cell-phone, which I don't recommend but if you have a cell-phone, and you put in everyone's phone number, a lot of people that I would classify as non-technical people, that don't care about Free software as a hobby or as a passion or as a profession. You see their names in those systems often more than some of the Free software people, and that's really impressive to me, and I think there's been a huge shift just generally about those sorts of things also about social responsibility, or people understand they have a responsibility to other people to encrypt communications, and not to put people in harm's way by sending unsafe stuff over unsafe communication lines. So I think in my personal view it's better. But the original problem wasn't actually that the encryption was hard to use. I think the main problem is people didn't understand the reason that it needed to be done and they believed the lie that is targetted versus mass surveillance. And there's a big lie, and the lie is that there is such a thing as targeted surveillance. In the modern era, most so-called targetted surveillance actually happens through mass surveillance. They gather everything up, and then they look through the thing they've already seized. And of course there are targetted, focussed attacks. But the main thing is that the abuse of surveillance often happens on an individual basis. It also has a societal cost. I think a lot of people really understand that. It's probably because I also live in Germany now for the last two years but I feel that German society in particular is extremely aware of these abuses in the modern world and they have a historical context that allows them to talk about it with the rest of the world, where the world doesn't downplay it. So this is how other people relate to Germany not just about Germans relate to each other. And that has also been really good for just meeting regular people who really care about it, and who really want to do things. So people's parents email me, and are like "I want to protect my children, what's the best way to use crypto with them?" You know, things like that. And I didn't every receive emails like that in the past and that's to me is uplifting and very positive. [question]: A quick organisational question. Right now we're live-streaming the Q&A. Are you comfortable with that? [Jacob]: I don't think in the last three years I've ever had a moment that wasn't being recorded. [laughter, applause] [question]: If you're fine with it, moving on... [Jacob]: That's fine, just don't do it when I'm trying to sleep. [question]: I was wondering why Laura and you ended up in Germany because what you said about people in Germany might be true but I'm really ashamed about my Government and how they dealt with ???? and they are doing nothing for this. [Jacob]: The reason that we ended up in Germany is that I'd been attending Chaos Computer Club events for many years and there are bunch of people that are part of the Chaos Computer Club who are really supportive, and good people, who have a stable base, and an infrastructure. The German hacker scene has this phenomenon which is that it's a part of society. So there are people in the CCC who will talk with the constitutional court for example, and that creates a much more stable society and those people were willing to help us. They were willing to hold footage, to hold encrypted data. They were willing to help modify hardware. There was a huge base of support where people, even if they had fear, they did stuff anyway. And that support went back a long time. And so we knew that it would be safe to store footage for the film here. In Berlin, not in Heidelberg, but here in Germany. And we knew that, of course, there were people that would be helpful. In the US there's a much bigger culture of fear. People are afraid of having their houses raided by the police, where there's lots of detainments at the borders, where there's lots of speculative arrests, journalists that are jailed, so the situation was not to say that Germany was perfect. I revealed in Der Speigel with three other journalists that Merkel was spied on by the NSA. And it's clear that the Germany government was complicit with some of this surveillance. But in a sort of pyramid of surveillance there's a sort of colonialism that takes place. And that the NSA and GCHQ are at the top. And the Germans are little bit below that. The thing is that there's not a lot you do about that. And so even though we revealed this about Merkel, it's not clear what she should do. It's not clear what anyone should do. But one thing that was clear was that if they wanted to break into our houses they would do it in a way that would cost them a lot politically. It would be very public. The last time someone raided someone working with Der Speigel was in 1962 during the Speigel affair, and some ministers were kicked out. You may have seen recently the Landersverrat thing with Netzpolitik. The charges against them now have been dropped. That would never happen in the United States. We would not be safe. And I still, for my investigative journalism, and my work with Wikileaks, and my work with the Tor project, I wouldn't even go back to the US, because there's no chance that if they wanted to do something to me that I would have any constitutional liberties, I think, and the same is true of Snowden. You just won't get that fair trial. And we thought at least here we would have ground to stand and fight on. And it's exactly what happened, and we won. [question]: This is also about the fear stuff that you talk about which is in the very old days we used to put red words in the end of every message to make sure that it would be hard to find the actual subversive message among all the noise. And you can think about the same thing here. Should we build our systems so that everything gets encrypted all the time? [Jacob]: So I have a lot of radical suggestions for what to do, but I'm going to talk about them tomorrow in the keynote mostly. But to give you an example, if you install Debian, you can give someone the ability to log into the machine over a Tor hidden service for free. You get a free .onion when you add two lines to a Tor configuration file. We should make encryption not only easy to use but also out of the box we should have it possible to have end-to-end reachability and connectivity, and we should reduce the total amount of metadata, to make it harder for people who want to break the law, that want to break into computers. We should solve the problem of adversarial versus non-adversarial forensics so we can verify our systems with open hardware and Free software together. And there's a lot to be done, but the main thing to do is to recognise that if you have the ability to upload to Debian, there are literally intelligence agencies that would like those keys. And we have a great responsiblity to humanity as Debian developers to do the right thing: to build open systems, to build them in a way where users don't need to understand this stuff. There are a lot of people in the world that will never see this film. And we can solve the problems that this film describes largely with Free software. And we can do that without them knowing, and they will be safe for us having done that. And if we can do that, the world will be a better place, I think. And I think the world is a better place because of the efforts that were already done in that area, that made this possible. The Tails project made it so that a bunch of people who were good at investigative journalism, but absolutely terrible with computers, were able to pull this off. And that is entirely the product, in my opinion, of Free software. And a little bit of Laura and Glen, but I'd say a lot of Free software.