0:00:00.000,0:00:09.830
silent 31C3 preroll
0:00:09.830,0:00:12.990
Laura and Jacob silently on stage[br]audio/video playback starts
0:00:12.990,0:00:16.220
Announcing person in video: Give[br]a warm welcome to General Alexander!
0:00:16.220,0:00:20.940
video starts all over again,[br]now at its titles
0:00:20.940,0:00:24.165
Announcing person in video: Give[br]a warm welcome to General Alexander!
0:00:24.165,0:00:29.925
video:applause
0:00:29.925,0:00:34.535
Alexander: Thanks![br]Can you hear me?
0:00:34.535,0:00:37.045
Question: So does the NSA[br]really keep a file on everyone?
0:00:37.045,0:00:39.425
Alexander: So many things you could[br]say are funny but I think this requires
0:00:39.425,0:00:43.829
a very serious answer. First:[br]No, we don’t, absolutely not.
0:00:43.829,0:00:46.670
And anybody who’d tell you that[br]we’re keeping files or dossiers
0:00:46.670,0:00:49.760
on the American people:[br]No, that’s not true.
0:00:49.760,0:00:54.300
And I will tell you that those who would[br]want to weave the story, that we have
0:00:54.300,0:00:59.220
millions or hundreds of millions of[br]dossiers on people is absolutely false.
0:00:59.220,0:01:09.680
title with music[br]“Reconstructing Narratives”
0:01:09.680,0:01:20.770
audio/video playback stops
0:01:20.770,0:01:23.680
Jacob Appelbaum: That’s the first time[br]I can remember not being wiretapped!
0:01:23.680,0:01:33.740
Laura laughs[br]laughter and applause
0:01:33.740,0:01:38.820
Okay, well, it’s really a great[br]honor to be back, and it’s
0:01:38.820,0:01:41.420
really one of the greatest pleasures[br]of my life to be on stage with Laura,
0:01:41.420,0:01:45.819
who is one of the most fearless,[br]fantastic journalists…
0:01:45.819,0:01:54.319
applause
0:01:54.319,0:01:58.829
…and we are here today[br]to tell you a few things.
0:01:58.829,0:02:03.740
I am an American by birth[br]and post-nationalist, I suppose,
0:02:03.740,0:02:08.419
by an accident of history. I’m[br]here now working as a journalist
0:02:08.419,0:02:12.550
and Laura is working as a journalist.[br]And I’ll let her introduce herself.
0:02:12.550,0:02:16.140
Laura Poitras: So, I’ve been working[br]the last years, trying to document
0:02:16.140,0:02:20.170
the “War on Terror” and to understand[br]it from a human perspective
0:02:20.170,0:02:25.080
and how we can understand it differently,[br]if we understand its impact on people.
0:02:25.080,0:02:28.510
And today, what Jacob and[br]I want to do is to talk about
0:02:28.510,0:02:33.330
how the narratives that[br]we’ve been told are false,
0:02:33.330,0:02:37.790
and how we can construct new narratives[br]that are based on objective facts.
0:02:37.790,0:02:40.780
Jacob: I think in some way some of[br]the things we are saying will be
0:02:40.780,0:02:44.250
‘preaching to the choir’, because it is[br]through this community, that we have,
0:02:44.250,0:02:48.280
in fact, found some of the truths,[br]that we will talk about today.
0:02:48.280,0:02:54.540
And the CCC to me is like home, so…
0:02:54.540,0:03:00.680
laughter and applause
0:03:00.680,0:03:05.250
And so, if it wasn’t for the CCC and[br]your material support I don’t believe
0:03:05.250,0:03:08.510
that it would be possible for us to be[br]here today. So, thank you all very much
0:03:08.510,0:03:12.160
for the large conspiracy that the German[br]people and the international community
0:03:12.160,0:03:15.020
have brought.[br]some laughter in the audience
0:03:15.020,0:03:19.070
We have just now simultaneously[br]published on DER SPIEGEL’s website
0:03:19.070,0:03:23.260
two very large stories which we think will[br]be of great interest, which we will take
0:03:23.260,0:03:27.010
a little bit of time to explain.[br]But if you go to spiegel.de
0:03:27.010,0:03:31.370
you will see two stories.[br]One is about cryptography
0:03:31.370,0:03:37.560
and one is about… the CIA.[br]And about JPEL and NATO.
0:03:37.560,0:03:40.790
And this is very important, these stories[br]being published at the same time,
0:03:40.790,0:03:45.020
we very much want to thank DER SPIEGEL[br]and the colleagues who are in this room,
0:03:45.020,0:03:48.250
Andy Müller-Maguhn, Aaron Gibson[br]and a number of other people,
0:03:48.250,0:03:50.740
Marcel Rosenberg and Holger Stark…
0:03:50.740,0:03:58.730
applause
0:03:58.730,0:04:02.440
We, as some background, have[br]been working on these stories
0:04:02.440,0:04:06.460
really for a long time.[br]The crypto story, I would say,
0:04:06.460,0:04:10.180
it’s something we’ve wanted to do for[br]almost a year and a half, if not more.
0:04:10.180,0:04:13.150
And really, if you think about the[br]investigations in the Cypherpunks movement
0:04:13.150,0:04:17.649
we’ve really wanted to have some of[br]these answers for about 15 or 20 years.
0:04:17.649,0:04:20.608
Some of the answers are good and some[br]of the answers are not so fantastic.
0:04:20.608,0:04:24.910
I guess, it depends on where you stand.[br]But we hope that, by bringing this to you,
0:04:24.910,0:04:28.190
that it is really in the public interest.[br]And that the public here is interested
0:04:28.190,0:04:32.190
and that you will take it to other places.[br]That you will really take action, based on
0:04:32.190,0:04:37.030
what you see. Whether it is traditional[br]action, whether it is civil disobedience,
0:04:37.030,0:04:40.940
whether it’s FOIAs, whether it’s[br]something else, who knows, we hope
0:04:40.940,0:04:44.070
that you will feel empowered[br]by the end of this talk.
0:04:44.070,0:04:46.880
Laura: And I’d just like to say[br]that if anyone wants to open up
0:04:46.880,0:04:49.770
their laptops and look at some of[br]the documents that we’ve published
0:04:49.770,0:04:53.160
we won’t be offended at all and,[br]in fact, will be happy. I think it will
0:04:53.160,0:04:55.680
contribute to your experience[br]of the talk today.
0:04:55.680,0:04:59.860
Voice from audience: Laura,[br]it’s ‘/international’ on spiegel.de
0:04:59.860,0:05:04.450
Jacob: Great, ‘spiegel.de/international’[br]And for everyone who can’t be here,
0:05:04.450,0:05:08.389
streaming, remember if the stream cuts out[br]and you never see us again, it was murder!
0:05:08.389,0:05:14.010
Laura and audience laughing, some applause
0:05:14.010,0:05:17.960
Laura: So, one of the ways[br]that the ‘War on Terror’ works
0:05:17.960,0:05:21.850
– and the way that war works in general –[br]is how people are de-humanized
0:05:21.850,0:05:31.500
and reduced to numbers. This is a short[br]video that I filmed about Guantanamo.
0:05:31.500,0:06:38.400
video with serious music
0:06:38.400,0:06:42.680
Laura: That was a video that I made[br]about a former prisoner of Guantanamo.
0:06:42.680,0:06:49.500
His name was Adnan Latif. He[br]was sent to Guantanamo in 2012.
0:06:49.500,0:06:54.930
And this is how he came home. He[br]was on hunger strike for many years
0:06:54.930,0:06:59.220
before he died. And what[br]was most shocking to me
0:06:59.220,0:07:05.650
is watching what happens when he returns[br]home and that he’s listed as a number.
0:07:05.650,0:07:09.900
And that his family had to witness that.[br]That that was a person who they were
0:07:09.900,0:07:13.919
seeing for the first time in many[br]years, who is reduced to a number.
0:07:13.919,0:07:17.740
So today, what we’re publishing[br]with DER SPIEGEL is looking at
0:07:17.740,0:07:23.139
how that process works.[br]And it involves NATO’s JPEL kill list
0:07:23.139,0:07:30.199
that is being used in Afghanistan[br]to target people for targeted killings.
0:07:30.199,0:07:34.680
We’re publishing along that some[br]narratives of particular people
0:07:34.680,0:07:39.650
who are on the kill list. One[br]particular case was a man
0:07:39.650,0:07:45.510
who was given the code[br]name “Object Doody”.
0:07:45.510,0:07:50.560
He was targeted for killing,[br]or for assassination.
0:07:50.560,0:07:55.800
A British Apache helicopter[br]that was code named “Ugly 50”
0:07:55.800,0:08:01.420
was sent to kill him. This was on[br]a day that the visibility was poor,
0:08:01.420,0:08:04.759
and they missed him and they[br]shot a child and his father.
0:08:04.759,0:08:08.820
The child was killed immediately,[br]the father was wounded.
0:08:08.820,0:08:16.240
The helicopter looped back[br]around and killed its target.
0:08:16.240,0:08:20.440
Jacob: Right. So, part of what we are[br]hoping to do here, just to make it
0:08:20.440,0:08:26.211
perfectly clear, is to expose information[br]that people say doesn’t exist, with
0:08:26.211,0:08:30.860
a couple of goals. And one of those[br]goals, to be very clear about it,
0:08:30.860,0:08:34.429
– even though this, I suppose, tilts[br]me a little bit on the activist side
0:08:34.429,0:08:38.599
of journalism – is to stop the[br]killing. That is an explicit goal
0:08:38.599,0:08:43.220
with this publication. The British[br]Government and the American Government
0:08:43.220,0:08:46.520
– in various different ways NATO as well –[br]they say, that these kind of things
0:08:46.520,0:08:50.120
really don’t exist. That they don’t[br]happen this way. Any they talk about
0:08:50.120,0:08:56.680
the killing of people in a very…[br]let’s say ‘mechanical fashion’.
0:08:56.680,0:08:59.930
Usually they say this evidence doesn’t[br]exist, but the evidence does exist.
0:08:59.930,0:09:05.640
And, in fact, there are lists with[br]names, just endless names.
0:09:05.640,0:09:09.180
And those people, in various different[br]ways, are graded. They’re graded
0:09:09.180,0:09:13.180
with regard to the political consequence[br]of those people being killed. As well as
0:09:13.180,0:09:18.140
some very small spreadsheet and on[br]that spreadsheet, there’s a small box,
0:09:18.140,0:09:25.010
and that box explains their crimes.[br]Next to that, there’s a Dollar figure
0:09:25.010,0:09:28.670
for a potential reward. And maybe there’s[br]a restriction. Sometimes it says something
0:09:28.670,0:09:34.180
like “kinetic action prohibited”. For[br]example. That’s because, by default,
0:09:34.180,0:09:38.920
“kinetic action” is not prohibited.[br]That is because these are lists of names
0:09:38.920,0:09:44.100
of people to be found and to be[br]murdered. And so of these lists…
0:09:44.100,0:09:48.230
we have an excerpt of these[br]lists, being published today.
0:09:48.230,0:09:53.770
And the goal of publishing this is[br]to show what needs to be done.
0:09:53.770,0:09:58.000
So these lists have redactions[br]and the goal is that SPIEGEL,
0:09:58.000,0:10:03.500
along with hopefully others, will help[br]us to continue to work to uncover
0:10:03.500,0:10:07.550
not only the fate of these people on these[br]lists whose names are redacted, but also
0:10:07.550,0:10:11.720
the fate of people who are not yet on[br]these kinds of lists. Maybe to move
0:10:11.720,0:10:16.240
to a world in which we don’t have lists[br]for, what I would call, assassinations.
0:10:16.240,0:10:20.480
And that’s what SPIEGEL calls it as well.[br]This is not, as some people would say,
0:10:20.480,0:10:28.890
a “Joint Prioritized Effects List”. This[br]is an assassination program. And I think,
0:10:28.890,0:10:32.600
personally, that it is inappropriate for[br]democratic societies to have them and
0:10:32.600,0:10:37.100
when they deny that they have them, we’d[br]like to prove them wrong and publish them.
0:10:37.100,0:10:39.560
And so that is, what we have done today.
0:10:39.560,0:10:52.900
applause
0:10:52.900,0:10:58.270
Now, an important detail[br]of this is: In the story,
0:10:58.270,0:11:03.330
the very specific story that is told in[br]the SPIEGEL piece, as Laura mentioned,
0:11:03.330,0:11:06.810
there is an Apache helicopter. And[br]that helicopter attempted to engage
0:11:06.810,0:11:10.800
with a so-called “legitimate target”. And[br]part of what we hope to drive home
0:11:10.800,0:11:16.180
is this notion of legitimacy[br]and targeting. In this case,
0:11:16.180,0:11:20.580
there is a value, that is assigned to[br]a person. And that value is a number,
0:11:20.580,0:11:26.000
which includes the number of people who[br]are not the target, that can be killed
0:11:26.000,0:11:29.360
in service of killing that person![br]That is completely innocent people,
0:11:29.360,0:11:33.420
who are allowed to be killed entirely. And
0:11:33.420,0:11:38.350
depending on the number there may be[br]a call back to base or to a higher command.
0:11:38.350,0:11:43.560
But the number isn’t 1 before they have[br]to make that call. They have discretion.
0:11:43.560,0:11:49.350
And in this case a child was killed with[br]a Hellfire missile. And why is that?
0:11:49.350,0:11:52.890
Because technology mediates this[br]type of killing and that technology is
0:11:52.890,0:11:57.820
not as precise as people would say.[br]And so we have today published
0:11:57.820,0:12:05.670
the storyboard of this objective “Doody”,[br]which is the name, D-O-O-D-Y.
0:12:05.670,0:12:09.149
That storyboard tells this and[br]explains that a child was killed
0:12:09.149,0:12:12.489
with a Hellfire missile in service of[br]killing someone else. And Laura
0:12:12.489,0:12:21.010
can explain what this person[br]did to ‘deserve’ to be killed.
0:12:21.010,0:12:25.209
Laura: I mean, actually, what I wanted[br]to transition to is looking at
0:12:25.209,0:12:29.180
actually the fact… the narrative is, that[br]the government or governments are
0:12:29.180,0:12:33.720
targeting people, who are suspected[br]of something. And in fact
0:12:33.720,0:12:38.430
what we learned, is that they’re targeting[br]people based on as little information
0:12:38.430,0:12:43.180
as their telephone number, or a voice[br]recognition. And they’re using those
0:12:43.180,0:12:48.720
as methods to target and kill people.[br]One of the things, that we’ve learned
0:12:48.720,0:12:53.340
through the disclosures by Edward[br]Snowden is that they’re targeting people
0:12:53.340,0:12:57.950
not just in war zones but internationally.[br]They’re targeting us for surveillance
0:12:57.950,0:13:04.830
all over the world. And…[br]this is a video of a target.
0:13:04.830,0:13:13.150
audio/video playback starts[br]Man: This is the highest level! (in German)
0:13:13.150,0:13:17.260
Ali Fares: Mh-mh!
0:13:17.260,0:13:20.430
Netcologne, [inaudible], Teliast…
0:13:20.430,0:13:27.200
Oh my god, it’s so good documented!
0:13:27.200,0:13:31.730
That are most of the[br]routers that I actually know.
0:13:31.730,0:13:41.850
Office, plied sky (?), and…
0:13:41.850,0:13:44.240
Man: This is an engineer?[br]Ali: Yes.
0:13:44.240,0:13:47.530
Man: Engineer, engineer, engineer, engineer…[br]Ali: Oh, yeah.
0:13:47.530,0:13:53.490
Man: …engineer, engineer.[br]This is you?
0:13:53.490,0:14:03.810
Ali: Yes.[br]audio/video playback stops
0:14:03.810,0:14:08.550
Jacob: So what you just saw there[br]was “Engineers from Stellar”, and
0:14:08.550,0:14:13.690
that is a fantastic name for a company[br]that gets compromised. It is important
0:14:13.690,0:14:19.839
to understand the notion of targeting[br]with regard to why a target
0:14:19.839,0:14:25.390
considered legitimate in some cases can[br]have this notion of collateral damage.
0:14:25.390,0:14:29.640
Now in the case of Stellar or in the case[br]of Belgacom, which Laura revealed
0:14:29.640,0:14:35.100
with DER SPIEGEL, what we learn[br]is that it isn’t actually the case
0:14:35.100,0:14:39.580
that a terrorist is involved[br]with Belgacom or with Stellar.
0:14:39.580,0:14:44.600
It is that a kind of neo-colonialism[br]is taking place in the digital era,
0:14:44.600,0:14:49.480
wherein the colonies, the networks,[br]that they do not have through coercion
0:14:49.480,0:14:54.910
of the state or through other surveillance[br]practices, they have to be compromised.
0:14:54.910,0:14:59.839
And those become targets and they[br]become legitimate targets in theory
0:14:59.839,0:15:04.589
and in actuality, because of it’s[br]usefulness. Because of the leverage
0:15:04.589,0:15:10.050
that it provides against a speculative[br]target, someday in the future. That is,
0:15:10.050,0:15:13.570
these networks become compromised[br]in service of being able to compromise
0:15:13.570,0:15:19.630
future networks and other people, just[br]because they can. They set out to do that.
0:15:19.630,0:15:23.649
And so Stellar is an example of such a[br]thing. And to be able to confront victims
0:15:23.649,0:15:29.279
this way, to show them that they’re[br]compromised helps us to understand,
0:15:29.279,0:15:34.089
helps us to show that in fact we are[br]directly, and indirectly impacted
0:15:34.089,0:15:39.640
by these types of activities. And when[br]we think about this kind of targeting
0:15:39.640,0:15:45.890
we have to understand the scale.[br]And this scale is sort of incredible.
0:15:45.890,0:15:52.220
The budget for targeted[br]exploitation, for the NSA,
0:15:52.220,0:15:57.180
not speaking at all about the GCHQ,[br]or the Defense Signals Directorate folks
0:15:57.180,0:16:02.589
over in Australia,[br]there’s so much money,
0:16:02.589,0:16:06.769
when you look at the offensive warfare,[br]that for 2013 alone there was
0:16:06.769,0:16:12.209
650 million Dollars spent[br]on the GENIE program.
0:16:12.209,0:16:15.430
And the GENIE program is their[br]offensive Cyber War program,
0:16:15.430,0:16:20.050
as they call it themselves, in which they[br]build backdoors, like UNITEDRAKE
0:16:20.050,0:16:25.639
and STRAITBIZZARE and other tools like[br]Regin, which you know as one of the tools,
0:16:25.639,0:16:29.860
I hope, that has been used in[br]Belgacom and in other places.
0:16:29.860,0:16:33.930
So they target places like Stellar and[br]Belgacom, but they also target places
0:16:33.930,0:16:39.300
like the European Union. In that[br]case, the EU takes the place
0:16:39.300,0:16:42.940
of a terrorist. That is: they are the[br]goal. They aren’t compromising
0:16:42.940,0:16:46.899
the EU’s networks just because[br]someone interesting might show up,
0:16:46.899,0:16:51.710
they are compromising the EU’s[br]networks, because the EU is
0:16:51.710,0:16:55.800
the equivalent to a terrorist to them. And[br]they wish to have leverage and control.
0:16:55.800,0:16:59.320
Because that’s what surveillance is in[br]this context. It’s exploitation of systems,
0:16:59.320,0:17:03.080
where they leverage access to that[br]system, or whichever systems that they
0:17:03.080,0:17:07.720
have access to, to get more access,[br]to have more control. Either politically
0:17:07.720,0:17:13.469
or technologically or both.[br]Which ties of course into economics.
0:17:13.469,0:17:20.099
Now, in the case of GENIE 650 million[br]Dollars is quite a great deal of money.
0:17:20.099,0:17:26.230
But for 2017 the projected budget[br]for GENIE is a billion Dollars.
0:17:26.230,0:17:31.059
This is just the beginning of what[br]we see. And these civilian targets
0:17:31.059,0:17:34.730
or these governmental targets that are[br]being targeted in continental Europe,
0:17:34.730,0:17:38.570
they’re not alone. It is actually[br]happening all around the world.
0:17:38.570,0:17:42.309
And these compromises, they happen[br]in service of mass surveillance.
0:17:42.309,0:17:46.740
Whenever they don’t have the ability to[br]mass-surveil a system they implant systems
0:17:46.740,0:17:51.020
along the way in order to surveil[br]what goes in and out of them.
0:17:51.020,0:17:56.500
Systems are even used as what are called[br]‘Diodes’. And Diodes are essentially
0:17:56.500,0:18:02.590
another term which we see the Canadians[br]use. Operational Relay Boxes or ORBs.
0:18:02.590,0:18:06.179
Anybody here that used to be a black hat,[br]I know there are no more black hats here,
0:18:06.179,0:18:12.040
it’s all legitimate, but… except[br]for that guy, in the front…
0:18:12.040,0:18:16.450
Everybody knows what you use those boxes[br]for: You use them to jump from one network
0:18:16.450,0:18:20.080
to another network, so that when[br]something is traced back it traces back
0:18:20.080,0:18:23.170
to that machine. In the case of the[br]Canadian Service they themselves
0:18:23.170,0:18:26.980
talk about, a couple of times a year,[br]compromising as many systems as they can
0:18:26.980,0:18:31.020
in non-Five-Eyes countries, in order to[br]ensure that they have as many operational
0:18:31.020,0:18:37.040
relay boxes as they need for the[br]coming year. These diodes mean
0:18:37.040,0:18:42.049
that when a system does a thing, it is[br]absolutely not the case that we can say
0:18:42.049,0:18:45.350
the person who has purchased[br]that system is responsible for it.
0:18:45.350,0:18:49.110
It is their official doctrine, in fact,[br]to use other people’s computers
0:18:49.110,0:18:53.809
for their hacking. And that’s important,[br]when we now consider, that they have
0:18:53.809,0:18:59.660
– in 2017 projected – a goal of[br]having a billion Dollars to do that.
0:18:59.660,0:19:04.530
When we look at how that bounces out with[br]Defense that is – not at all – balanced.
0:19:04.530,0:19:10.980
In fact, it is tilted entirely[br]towards Offensive Warfare.
0:19:10.980,0:19:14.700
Laura: I was wondering, how many[br]people in the room have gone online
0:19:14.700,0:19:17.239
to look at some of the[br]documents that we released.
0:19:17.239,0:19:20.559
Jacob: Anyone? Hey, nice.[br]Laura: Alright.
0:19:20.559,0:19:25.020
Jacob: Fantastic! So in[br]the future, that is to say
0:19:25.020,0:19:30.150
in approximately 3 weeks, we plan to[br]release, along with some of our colleagues
0:19:30.150,0:19:34.090
at SPIEGEL, and other people who[br]are helping out, more information
0:19:34.090,0:19:38.549
about specific malware, specific[br]cases in which it’s used
0:19:38.549,0:19:42.240
and details about information sharing[br]with regard to the malware in terms of
0:19:42.240,0:19:45.320
how it’s harvested. We’re thinking[br]probably in the second week of January
0:19:45.320,0:19:49.230
for that malware story. And we[br]wanted to make sure to get it right
0:19:49.230,0:19:54.549
and we wanted people to focus on[br]the specifics of the NATO kill lists
0:19:54.549,0:19:59.780
and to focus on cryptography.[br]We thought, well, people here
0:19:59.780,0:20:03.480
in the audience would be able to handle[br]all three, the rest of the world just
0:20:03.480,0:20:07.760
isn’t ready for it yet. So we had[br]to take a little bit of a pause. So
0:20:07.760,0:20:13.940
more of the malware details will be[br]released in about 3 weeks. Now for me,
0:20:13.940,0:20:17.860
one of the things that has, I would[br]say for my entire adult life been
0:20:17.860,0:20:21.500
very interesting to me and before[br]my adult life started, was a system
0:20:21.500,0:20:23.830
known as Echelon. Anybody[br]here remember that system?
0:20:23.830,0:20:26.350
‘Woohoow’, and laughter
0:20:26.350,0:20:29.080
jokingly: That’s the guy that built it![br]more laughter
0:20:29.080,0:20:33.510
I would guess… maybe not,[br]sorry, I don’t want to… trying to
0:20:33.510,0:20:37.549
snitch jacket you there… But
0:20:37.549,0:20:42.180
I think it’s to me extremely[br]important to hear about these
0:20:42.180,0:20:46.799
kinds of things, that sound totally crazy.[br]Like the CIA torture report, for example.
0:20:46.799,0:20:50.900
That started out as a conspiracy [theory].[br]And now we know, that America’s
0:20:50.900,0:20:56.439
official policy with the CIA was rape,[br]anal rehydration. Those were
0:20:56.439,0:21:01.380
conspiracy theories which[br]we now know to be facts.
0:21:01.380,0:21:06.630
So Echelon, the rumour of Echelon was[br]this notion of planetary surveillance.
0:21:06.630,0:21:11.400
And of course it was Duncan Campbell who[br]brought this forward in an European Union
0:21:11.400,0:21:17.390
report. He, in fact, very clearly outlined[br]the interception capabilities
0:21:17.390,0:21:23.880
of the U.S. Government and others.[br]Now, it is hard to actually imagine
0:21:23.880,0:21:29.620
planetary surveillance, on a scale, let’s[br]say, your home, and how your home
0:21:29.620,0:21:34.410
fits into your city, and your city how it[br]fits into a country, and the whole world.
0:21:34.410,0:21:38.860
And all of that being monitored.[br]But what we found is that
0:21:38.860,0:21:42.850
during the Crypto Wars we thought that we[br]had won. We thought that we had a way,
0:21:42.850,0:21:46.970
really, to change things. We thought that[br]with cryptography we would be able
0:21:46.970,0:21:52.260
to change the entire balance. Even if[br]something like planetary surveillance
0:21:52.260,0:21:55.510
would have come about. And so when[br]Duncan Campbell released his reports
0:21:55.510,0:21:59.750
about Echelon in the very early 21st[br]century I think a lot of people weren’t
0:21:59.750,0:22:03.950
as concerned about it as they should[br]have been. And shortly after that
0:22:03.950,0:22:09.230
the ‘War on Terror’ really got[br]off to a very, very big start.
0:22:09.230,0:22:13.970
It turns out that we weren’t as concerned[br]as we should have been in the right areas.
0:22:13.970,0:22:18.270
And we I think can say now, that the first[br]Crypto Wars were not won and in fact
0:22:18.270,0:22:22.710
the first Crypto Wars were probably[br]– if anything – lost, or they’re still
0:22:22.710,0:22:29.720
going on now. If we were to delineate that[br]and we were to talk about as an example,
0:22:29.720,0:22:33.220
the second Crypto Wars, what we would[br]find is what has actually been happening
0:22:33.220,0:22:38.590
behind the scenes, and, thanks to Edward[br]Snowden we actually have a great deal
0:22:38.590,0:22:43.530
of answers that we would[br]probably not have otherwise.
0:22:43.530,0:22:55.730
applause
0:22:55.730,0:23:01.280
Now, it is important to understand[br]that the context of this
0:23:01.280,0:23:08.519
is the notion that everyone is suspicious.[br]That we live now in a world of total,
0:23:08.519,0:23:12.820
absolute surveillance which sometimes[br]misses a thing, here or there.
0:23:12.820,0:23:15.940
But this is the goal: Collect it all![br]That’s General Alexander’s notion.
0:23:15.940,0:23:20.759
When he talks about his notion[br]e.g. about dossiers it’s a trick.
0:23:20.759,0:23:24.730
It’s a rhetorical trick. Because what he[br]means to say is that now dossiers
0:23:24.730,0:23:29.919
are dynamic. And that this information is[br]not stored on lists, written down like in,
0:23:29.919,0:23:33.250
let’s say, the 50s. Rather they’re[br]stored in databases that dynamically
0:23:33.250,0:23:37.700
will generate a list based on a query[br]from an analyst. “Give me every person
0:23:37.700,0:23:42.770
that went to this website at this time”.[br]And it of course expands, the notion is
0:23:42.770,0:23:47.020
that somehow this will only be used[br]against terrorists. But what is a terrorist,
0:23:47.020,0:23:52.060
in this case? In some cases it actually[br]includes people who are merely involved
0:23:52.060,0:23:57.980
in drugs, and part of that has been[br]published as part of the JPEL kill lists.
0:23:57.980,0:24:02.660
That is to say: people who are definitely[br]not terrorists, but who are otherwise
0:24:02.660,0:24:07.850
interesting targets, so there’s a sort of[br]“bleed over”, and so we see the same thing
0:24:07.850,0:24:11.580
with surveillance and cryptography: It[br]was for exceptional targets and now it is
0:24:11.580,0:24:18.340
for everyone. And so cryptography came[br]as a liberator. And that was the idea.
0:24:18.340,0:24:22.880
But just as we showed a little bit ago,[br]with STELLAR where they targeted engineers
0:24:22.880,0:24:28.179
specifically to have access to the[br]infrastructure, so, too, we find
0:24:28.179,0:24:34.130
that for cryptography they sabotage[br]critical infrastructure. We found, in fact,
0:24:34.130,0:24:37.309
so many different interesting things that
0:24:37.309,0:24:41.710
it’s actually hard to talk about[br]it in only half an hour of time.
0:24:41.710,0:24:45.690
Laura: I’d like to just say, as one of[br]the journalists who’s been publishing
0:24:45.690,0:24:49.560
on the documents I think that one of the[br]most both important stories and the
0:24:49.560,0:24:53.700
most unsatisfying stories was the[br]BULLRUN story that was published
0:24:53.700,0:24:57.530
by The New York Times, and the Guardian,[br]and ProPublica. Because it did warn us
0:24:57.530,0:25:01.510
of how the NSA was[br]attacking critical infrastructure
0:25:01.510,0:25:06.169
to make the internet insecure, and[br]yet it didn’t tell us any specifics of
0:25:06.169,0:25:09.020
what they meant by that. And this is[br]something that I think frustrated
0:25:09.020,0:25:12.080
many people in the audience, and so…
0:25:12.080,0:25:16.159
applause
0:25:16.159,0:25:19.419
And so the reporting[br]that Jake’s been doing
0:25:19.419,0:25:21.950
along with Aaron Gibson[br]and other people…
0:25:21.950,0:25:24.770
Jacob: Christian (?)…[br]there in the audience.
0:25:24.770,0:25:28.130
Laura: … is to dig in and to find out[br]what those specifics are so that we can
0:25:28.130,0:25:33.580
actually warn people about what is safe[br]and what’s not safe in cryptography.
0:25:33.580,0:25:37.750
Jacob: So, we have, let’s say, a little[br]free time we’re gonna talk about this…
0:25:37.750,0:25:41.880
but I’d like to do some surveys: Who here[br]uses PPTP? And don’t laugh at them
0:25:41.880,0:25:45.620
when they raise their hand, let[br]them be honest… who uses it?
0:25:45.620,0:25:47.220
One guy![br]laughter
0:25:47.220,0:25:50.299
Ok, well, good news to this audience…[br]stop doing that, we’re gonna tell you why
0:25:50.299,0:25:55.530
in a second. Laura laughs[br]Who here uses IPSEC?
0:25:55.530,0:26:00.380
With a pre-shared key?[br]Fantastic…
0:26:00.380,0:26:03.260
Stop doing that too…[br]laughter
0:26:03.260,0:26:06.730
Raise your hand if you use SSH!
0:26:06.730,0:26:08.960
even louder laughter[br]Laura laughs
0:26:08.960,0:26:14.490
Guess what…[br]laughter, slight applause
0:26:14.490,0:26:19.049
In the documents that we’re publishing[br]today we are showing in fact a series
0:26:19.049,0:26:24.560
of systems that, if we[br]understand them correctly…
0:26:24.560,0:26:29.659
I wonder if I should say my next sentence…[br]I say this only as myself and not as Laura.
0:26:29.659,0:26:34.750
I’d be surprised if some building weren’t[br]burning, frankly. But… the NSA claims
0:26:34.750,0:26:40.289
to have databases for decryption, or an[br]attack orchestration for PPTP and IPSEC,
0:26:40.289,0:26:48.710
which is not so surprising at all, but[br]also for SSL and TLS, and… for SSH.
0:26:48.710,0:26:53.330
They have specific slides where they talk[br]about the Debian weak number generation.
0:26:53.330,0:26:59.549
This is not that. For what we can tell[br]they have separate programs for that.
0:26:59.549,0:27:03.880
So they of course have a way through the[br]cryptographic exploitation services,
0:27:03.880,0:27:07.960
crypto-analysis exploitation services, to[br]do certain decrypts. Now, they say:
0:27:07.960,0:27:13.460
“We stress: potential!”. It seems to be[br]there’s a pattern. And the pattern is
0:27:13.460,0:27:19.190
things that are done entirely in software,[br]in particular, those things as long as
0:27:19.190,0:27:23.690
there’s a good random number generator,[br]and especially if it is Free Software,
0:27:23.690,0:27:28.820
what we find is that it seems to stand[br]the test of time. That doesn’t mean
0:27:28.820,0:27:33.340
that it always will, because we found[br]a couple of things. One of the things
0:27:33.340,0:27:37.460
is that we found that they log the[br]cipher texts, and that they wait.
0:27:37.460,0:27:42.230
Sometimes to break it with brute-force, so[br]we are also revealing today the location
0:27:42.230,0:27:46.610
of the two large supercomputers: That is[br]at Oak Ridge National Laboratories and at
0:27:46.610,0:27:52.419
Fort Meade, for a program called LONGHAUL.[br]The LONGHAUL I suppose as they
0:27:52.419,0:27:58.980
have named it appropriately, is for their[br]long haul approach. Combined with things
0:27:58.980,0:28:03.370
like the massive data repository, or the[br]Mission Data Center, the Mission Data
0:28:03.370,0:28:08.610
repository in places like Bluffdale, Utah.[br]They plan and do store the cipher texts
0:28:08.610,0:28:12.679
of an unbelievable number of connections.[br]When you make an SSL / TLS connection
0:28:12.679,0:28:19.480
the GCHQ keeps statistics. The Canadian[br]CSE keeps statistics. They seem to log
0:28:19.480,0:28:25.440
metadata about the handshake in terms of[br]TCP/IP, but also in terms of SSL and TLS
0:28:25.440,0:28:29.730
for the actual protocols. That is to say,[br]they store the cryptographic handshakes,
0:28:29.730,0:28:35.390
and in some cases for specific selected[br]data they take the entire flow. Now,
0:28:35.390,0:28:40.070
we have found claims that are kind[br]of amazing: in the case of BULLRUN
0:28:40.070,0:28:43.480
the New York Times and the Guardian,[br]and the rest of the collaborating
0:28:43.480,0:28:48.120
news organizations have often[br]left out important details.
0:28:48.120,0:28:51.700
One of the important details which I find[br]to be the most shocking and upsetting
0:28:51.700,0:28:57.670
is that the British alone by[br]2010 – was it? – had 832 people
0:28:57.670,0:29:04.620
right into their BULLRUN program. That is[br]832 people knew about their backdooring
0:29:04.620,0:29:09.529
and sabotage of crypto, just[br]in the British Service alone.
0:29:09.529,0:29:13.590
And each of the Five-Eyes countries[br]runs a similar program, like that.
0:29:13.590,0:29:17.679
With potentially similar numbers of[br]people right into those programs.
0:29:17.679,0:29:21.780
They say something like: “3 people[br]can keep a secret if 2 are dead”.
0:29:21.780,0:29:27.159
How about 832 British men? I’m not[br]sure that that’s a really good bet.
0:29:27.159,0:29:31.550
And these guys have bet the farm on it.[br]That is to say, they have slides and
0:29:31.550,0:29:35.640
presentations and intercepts where[br]they decrypt SSL, where they discuss
0:29:35.640,0:29:39.550
decrypting SSL at a scale starting in[br]the tens of thousands, moving into the
0:29:39.550,0:29:43.590
hundreds and millions of thousands.[br]Hundreds of thousands, and millions, and
0:29:43.590,0:29:48.110
then into billions, actually. For TLS[br]and SSL they actually have statistics
0:29:48.110,0:29:53.460
on the order of billions. Of all the[br]major websites that everyone here
0:29:53.460,0:29:58.210
probably has used at one[br]point or another in their life.
0:29:58.210,0:30:04.010
So, in the case of the Canadian Services[br]they even monitored ‘Hockeytalk’,
0:30:04.010,0:30:07.439
to give you and idea about this. And they[br]talk about it in terms of ‘warranted’
0:30:07.439,0:30:11.860
collection, and special source[br]collection, and encrypted traffic
0:30:11.860,0:30:16.950
indeed does stand out. They have[br]programs like QUICKANT, which is a
0:30:16.950,0:30:21.450
specific way of interfacing with[br]a program called FLYING PIG.
0:30:21.450,0:30:25.870
FLYING PIG is an SSL/TLS database,[br]it’s a knowledge database,
0:30:25.870,0:30:30.040
and QUICKANT seems to be what’s called[br]a “Query Focused Data Set”. They try
0:30:30.040,0:30:35.529
to use that, from what we can tell,[br]for doing low latency de-anonymization.
0:30:35.529,0:30:40.199
Some of the documents we’re releasing[br]today will explain some of their failures.
0:30:40.199,0:30:43.570
Now, I think it’s important to be[br]cautious about this because they have
0:30:43.570,0:30:48.740
many compartments for their data,[br]that is to say they very clearly
0:30:48.740,0:30:52.970
have ways of keeping secrets even from[br]themselves. But one of the things we found,
0:30:52.970,0:30:56.960
and that we’re publishing today also,[br]is a FISA intercept. And to the best
0:30:56.960,0:31:01.260
of my knowledge, and I think that this is[br]true, no one has ever published one
0:31:01.260,0:31:05.740
of these before. So, this is the basis for[br]what you would call ‘parallel construction’,
0:31:05.740,0:31:09.030
actually, where they gather Intelligence[br]and then they say, “whatever you do,
0:31:09.030,0:31:12.880
don’t use this in lawful investigation,[br]don’t use this in a court,
0:31:12.880,0:31:18.080
it’s not evidence. But by the way,[br]here it is”. So we’re publishing
0:31:18.080,0:31:23.250
one of those today and we have[br]some, well, moderately good news.
0:31:23.250,0:31:27.350
In looking at these, what we have[br]found is that they consistently break
0:31:27.350,0:31:31.130
various different types of encryption.[br]So if you’re mailing around a Microsoft
0:31:31.130,0:31:34.970
.doc document that’s password protected[br]there’s a good chance that they
0:31:34.970,0:31:40.040
send it to LONGHAUL using a thing[br]called ISLANDTRANSPORT and then that,
0:31:40.040,0:31:45.549
if it can, through brute-force, is[br]decrypted. And it is the case
0:31:45.549,0:31:49.490
that, when they do this decryption,[br]they send it back and they include
0:31:49.490,0:31:53.820
the decrypted information in the FISA[br]transcript. They do this for .rar files,
0:31:53.820,0:31:58.100
they do this for .doc files, they do this[br]for a bunch of different systems. But we
0:31:58.100,0:32:01.179
don’t want to focus on what’s broken[br]because The New York Times and
0:32:01.179,0:32:04.920
The Guardian and other places have[br]already sort of said “everything is fucked”.
0:32:04.920,0:32:08.280
We wanted to try to[br]make it a positive talk!
0:32:08.280,0:32:17.760
laughter and applause
0:32:17.760,0:32:23.930
And… so I think Laura here is just[br]going to be able to show you in fact…
0:32:23.930,0:32:26.810
Laura: If it will play…
0:32:26.810,0:32:34.670
Jacob: Just drag it over… the other way…
0:32:34.670,0:32:39.570
So we wanted to show you… who here[br]has heard about PRISM? Everyone?
0:32:39.570,0:32:42.220
What does that mean to you? It doesn’t[br]mean anything, right? We just know
0:32:42.220,0:32:45.620
that it’s some massive surveillance[br]program. We wanted to show you what
0:32:45.620,0:32:53.520
one of those PRISM records actually[br]looks like which, in itself is, I think…
0:32:53.520,0:32:56.470
Laura: Sorry.[br]Jacob: It’s okay.
0:32:56.470,0:33:00.659
…it’s a rather unexciting document, except[br]for the fact that we get to show it to you.
0:33:00.659,0:33:04.920
Which is great. [to Laura:][br]I think if you escape for the…
0:33:04.920,0:33:14.890
Laura: …escape out of here?
0:33:14.890,0:33:18.950
Jacob: There it is. Hey FBI, fuck you!
0:33:18.950,0:33:29.780
laughter and applause
0:33:29.780,0:33:33.270
So I take great pleasure in being able to[br]say that this couldn’t have happened
0:33:33.270,0:33:42.630
without Laura![br]cheers and applause
0:33:42.630,0:33:48.049
But if you look here you see[br]‘SIGAD US-984XN’. That’s PRISM!
0:33:48.049,0:33:53.620
And this is your dossier for PRISM.[br]some shouts from audience
0:33:53.620,0:33:57.409
From audience: “O3”, “Larger!”[br]Laura: Yeah.
0:33:57.409,0:34:00.470
audience laughs[br]document on screen is zoomed in
0:34:00.470,0:34:05.140
audience goes: “Aaaah!”[br]cheers and applause
0:34:05.140,0:34:08.480
And if you’re wondering about the[br]redactions, it’s all Andy Müller-Maguhn.
0:34:08.480,0:34:12.730
slight laughter[br]Shouted from audience: Fuck you!!
0:34:12.730,0:34:15.289
Jacob laughs
0:34:15.289,0:34:19.659
Jacob: Here’s the good news! The FBI[br]regularly lies to the American Public.
0:34:19.659,0:34:22.289
And to the rest of the world.[br]Then they say they’re ‘going dark’.
0:34:22.289,0:34:25.899
What we found in the study of these[br]FISA intercepts is that basically
0:34:25.899,0:34:31.059
no one uses cryptography. And basically[br]everyone that uses cryptography is broken,
0:34:31.059,0:34:37.629
except for – well, let’s say –[br]2 things. Thing No.1 is OTR.
0:34:37.629,0:34:48.819
big applause and cheers
0:34:48.819,0:34:51.599
Very important to go with it is you’ll[br]notice that there’s some metadata.
0:34:51.599,0:34:54.989
And it’s just metadata. But as the U.S.[br]Government has said in public, they
0:34:54.989,0:35:00.700
kill people with metadata. So up there[br]you’ll see that, I believe this was Yahoo,
0:35:00.700,0:35:03.500
is that right, Andy?[br]Andy M.-M. answers from audience
0:35:03.500,0:35:07.880
Yeah, I think… it could be Gmail, or could[br]be Yahoo, I forgot which one this one is.
0:35:07.880,0:35:11.349
We’re releasing, you know, enough[br]for you to figure it out on your own.
0:35:11.349,0:35:15.119
Hopefully this isn’t you, if so, I’m[br]sorry we redacted your information.
0:35:15.119,0:35:18.999
Cause if it was me I wouldn’t want it to[br]be redacted. But you’ll see that it’s
0:35:18.999,0:35:24.170
a user name, IP address as well as[br]a time and a date. And you also see
0:35:24.170,0:35:28.650
other IP addresses associated with it. Those[br]are used for selector-based surveillance.
0:35:28.650,0:35:32.569
Which if you haven’t been following along[br]at home it means that they can take
0:35:32.569,0:35:35.769
that information, put it into other[br]databases, and the things like XKeyscore,
0:35:35.769,0:35:40.900
and pull up other information that will be[br]related. But most importantly here is,
0:35:40.900,0:35:45.619
you see what is essentially a chat log. As[br]if it had been created on your computer.
0:35:45.619,0:35:50.979
Now, don’t log – it’s rude. They did it[br]for you anyway. And what you see is
0:35:50.979,0:35:55.449
“OC – No decrypt available for[br]this OTR encrypted message”.
0:35:55.449,0:36:00.459
In other documents we see them saying[br]“cryptographic exploitation services”.
0:36:00.459,0:36:06.589
“We can’t decrypt it, it’s off the[br]record”. Quite a nice endorsement!
0:36:06.589,0:36:12.840
And what we have also found is[br]that they do the same thing for PGP.
0:36:12.840,0:36:23.719
applause
0:36:23.719,0:36:28.220
Now in other cases they do decrypt the[br]messages. So instead of telling you
0:36:28.220,0:36:32.950
about everything “It’s broken!”[br]what we wanted to do is to suggest:
0:36:32.950,0:36:37.770
“Look at the composition of OTR, find[br]Ian Goldberg who’s here somewhere,
0:36:37.770,0:36:41.569
ask him to review your cryptographic[br]protocol”. Maybe don’t – he’s probably
0:36:41.569,0:36:47.819
already overwhelmed. But Snowden said[br]this in the very beginning. He said:
0:36:47.819,0:36:50.849
“Cryptography, when properly implemented,[br]is one of the few things that you can
0:36:50.849,0:36:56.549
rely upon”. And he’s right. And we[br]see this. This is the message.
0:36:56.549,0:37:01.319
These things are not to be used in legal[br]proceedings. And yet here we see them
0:37:01.319,0:37:06.039
anyway. And what we see is that even[br]there, in the most illegal of settings,
0:37:06.039,0:37:11.499
essentially, they can’t decrypt it. Now the[br]sad part is that not everyone is using it.
0:37:11.499,0:37:14.719
But the good news is that when you use it,[br]it appears to work. When you verify
0:37:14.719,0:37:18.569
the fingerprint, e.g. We didn’t find[br]evidence of them doing active attacks
0:37:18.569,0:37:22.709
to do man-in-the-middle attacks. But[br]that’s easy to solve. OTR allows you
0:37:22.709,0:37:28.220
to authenticate. PGP and Gnu-PG allow[br]you to verify the fingerprint. We did find
0:37:28.220,0:37:32.380
evidence of them having databases, filled[br]with cryptographic keys, that were pilfered
0:37:32.380,0:37:37.940
from routers, and compromising machines.[br]So rotate your keys frequently,
0:37:37.940,0:37:42.869
use protocols that are ephemeral. They[br]themselves find that they are blinded
0:37:42.869,0:37:47.729
when you use properly implemented[br]cryptography. So Gnu-PG
0:37:47.729,0:37:53.190
– Werner Koch I think is in the audience –[br]Gnu-PG and OTR are 2 things that
0:37:53.190,0:37:57.722
actually stop the spies from[br]spying on you, with PRISM.
0:37:57.722,0:38:01.912
applause, some cheers
0:38:01.912,0:38:09.699
Laura: to Jake Would you mind if I ask…[br]for a volunteer to … computers …?
0:38:09.699,0:38:13.950
Jacob: So, we have some other really[br]good news. And that good news
0:38:13.950,0:38:21.139
is this: There are… in some of the[br]slides that are being released
0:38:21.139,0:38:24.119
a matrix – not ‘the Matrix’[br]that you’re hoping for –
0:38:24.119,0:38:26.170
laughter
0:38:26.170,0:38:31.860
but we can talk about that program later[br]laughter
0:38:31.860,0:38:39.000
I’m not even joking. But…[br]laughter
0:38:39.000,0:38:43.339
There are some other things. One of the[br]things that they talk about in this matrix
0:38:43.339,0:38:48.510
is, what’s hard, and what’s easy.[br]And in the case of ‘Hard’
0:38:48.510,0:38:55.180
they describe Redphone, and that means[br]Signal, the program by Christine Corbett
0:38:55.180,0:39:02.829
and Moxy Marlinspike as ‘catastrophic’.[br]applause
0:39:02.829,0:39:07.129
They say: “Tails and Tor – catastrophic”.
0:39:07.129,0:39:15.680
cheers and applause
0:39:15.680,0:39:19.079
So what that really means is that we[br]now understand some things that
0:39:19.079,0:39:24.119
they have trouble with. And how they[br]will take action to try to sabotage it
0:39:24.119,0:39:27.299
is clear. They will try to sabotage the[br]Random Number Generators like they did
0:39:27.299,0:39:31.789
with Dual_EC_DRBG. They will[br]try to sabotage the platforms.
0:39:31.789,0:39:35.900
They will try to force companies to be[br]complicit. I think the German word is
0:39:35.900,0:39:40.390
‘Gleichschaltung’. You’re all familiar:[br]with that? That is the process that is
0:39:40.390,0:39:45.430
happening now in America. With these[br]crypto programs. That’s what PRISM is.
0:39:45.430,0:39:49.410
PRISM is when companies would like[br]to fight against it. And that’s not to
0:39:49.410,0:39:53.369
call them ‘victims’, most of them are[br]willing. This is still what they’re
0:39:53.369,0:39:56.640
forced into. That is the legal regime.[br]And it is when you take responsibility
0:39:56.640,0:40:00.200
using the strong crypto that you can[br]set that in a different direction.
0:40:00.200,0:40:04.170
Those companies actually can’t really[br]protect you. They are, in fact,
0:40:04.170,0:40:11.109
secretly in some cases, and sometimes[br]willingly, complicit in that. And, so
0:40:11.109,0:40:15.569
if you use Redphone and Signal, if you[br]use something like Tor, and Gnu-PG
0:40:15.569,0:40:20.269
with a properly sized key – don’t[br]use like a 768 bit RSA key
0:40:20.269,0:40:24.280
or something stupid like that…[br]If you use OTR,
0:40:24.280,0:40:29.829
if you use jabber.ccc.de – buy that guy[br]who runs that a beer, by the way –
0:40:29.829,0:40:30.769
applause
0:40:30.769,0:40:35.390
if you use these things in concert[br]together, you blind them.
0:40:35.390,0:40:37.880
So this is the good news. And the[br]documents that support this
0:40:37.880,0:40:42.499
are online. We have some other bad[br]news, though. There exists a program
0:40:42.499,0:40:47.119
which they call ‘TUNDRA’. TUNDRA – it’s[br]not exactly clear what the details are.
0:40:47.119,0:40:52.859
But they say that they have a handful[br]of crypto-analytic attacks on AES.
0:40:52.859,0:40:56.949
Obviously they can’t break AES, or[br]they would be able to break OTR.
0:40:56.949,0:41:01.039
But what it suggests is that they[br]have a conflict of interest.
0:41:01.039,0:41:04.509
Well, they’re both supposed[br]to protect our information
0:41:04.509,0:41:08.859
and, of course, to exploit it. If they[br]have attacks against AES, much like
0:41:08.859,0:41:12.479
if they have attacks against SSH as they[br]claim in the Caprius database,
0:41:12.479,0:41:16.679
in that program then it shows that[br]conflict of interest runs very deep.
0:41:16.679,0:41:19.690
Against our critical infrastructure.[br]Against the most important systems
0:41:19.690,0:41:25.150
that exist. Protect our data. And it[br]shows a sort of hegemonic arrogance.
0:41:25.150,0:41:28.669
And that arrogance is to suggest that[br]they’ll always be on top. I had
0:41:28.669,0:41:32.640
the misfortune of meeting General[br]Alexander, quite recently. In Germany.
0:41:32.640,0:41:39.279
And after failing to have him arrested,[br]which was a funny story in itself,
0:41:39.279,0:41:43.769
I asked him what he thought he was doing.[br]Another person there stood up and said:
0:41:43.769,0:41:48.549
“What about who comes after you next?” And[br]he didn’t quite understand the question.
0:41:48.549,0:41:53.130
But his answer was pretty eerie: He[br]said: “Nobody comes after us next”.
0:41:53.130,0:41:56.529
faint laughter
0:41:56.529,0:42:00.349
“Thousand-year Reich”. That is[br]exactly what he was saying. And
0:42:00.349,0:42:03.920
when I confronted him about accountability[br]for things like kill lists, and crypto
0:42:03.920,0:42:07.849
he said that he was just[br]following orders. Literately.
0:42:07.849,0:42:11.829
laughter and some applause
0:42:11.829,0:42:16.559
So. Now we know what blinds[br]them. And we understand
0:42:16.559,0:42:20.450
what they do with things when they’re[br]not blinded. Their politics include
0:42:20.450,0:42:24.660
assassinations but it doesn’t just[br]end there. It includes torture,
0:42:24.660,0:42:29.650
it includes kidnapping. It includes buying[br]people. And then sending their bodies home
0:42:29.650,0:42:35.319
with a number. Instead of a name.[br]It includes de-humanizing them.
0:42:35.319,0:42:39.359
So we want to encourage everyone here to[br]feel empowered with this knowledge,
0:42:39.359,0:42:45.280
which is a little difficult. But, Werner[br]Koch, are you in the room?
0:42:45.280,0:42:47.710
positive[br]Could you stand up?
0:42:47.710,0:42:53.090
applause
0:42:53.090,0:42:56.860
Stay, stand there, just[br]stay, stand there!
0:42:56.860,0:43:01.509
Laura: Stay up, stand up![br]Jacob: And Ian Goldberg,
0:43:01.509,0:43:03.509
are you in the room?[br]I’m sorry to do this…
0:43:03.509,0:43:11.979
There is Ian![br]ongoing applause
0:43:11.979,0:43:15.410
…and Christine Corbett…[br]Christine Corbett, are you in the room?
0:43:15.410,0:43:18.669
From Signal?[br]Laura: Stay… keep standing!
0:43:18.669,0:43:23.930
Jacob: Stand up! Stand up![br]applause
0:43:23.930,0:43:29.719
These people, without even knowing it,[br]without even trying, they beat them!
0:43:29.719,0:43:47.219
cheers and strong applause
0:43:47.219,0:43:56.499
Laura: So,…
0:43:56.499,0:44:00.470
don’t sit down guys! So,[br]last night I screened my film
0:44:00.470,0:44:03.499
“Citizenfour” here, and there were some[br]questions, and somebody asked
0:44:03.499,0:44:10.219
what can they do to support the work that[br]Snowden has done, and the journalists.
0:44:10.219,0:44:13.219
And actually what I should have said[br]and I didn’t say in the moment is that
0:44:13.219,0:44:17.910
actually everybody should fund the work[br]that you guys do. And I mean that,
0:44:17.910,0:44:22.630
because, literally, my work would not be[br]possible without the work that you do.
0:44:22.630,0:44:27.589
So I would like it if everybody in this[br]room when they leave here in the next week
0:44:27.589,0:44:31.039
to reach out and fund these projects.[br]Because without these projects
0:44:31.039,0:44:38.259
the journalism that Glenn and I, and Jake[br]have done would literally not be possible.
0:44:38.259,0:44:49.529
strong applause, some cheers
0:44:49.529,0:44:58.509
And…
0:44:58.509,0:45:02.130
Jacob: Just to be clear, since this video[br]will definitely be played at a grand jury
0:45:02.130,0:45:06.009
against the both of us, I wanna make[br]it perfectly clear that defense
0:45:06.009,0:45:10.410
of the U.S. Constitution is the Supreme[br]defense, your honor! And, secondly,
0:45:10.410,0:45:13.420
that those gentlemen had nothing[br]to do with any of this at all!
0:45:13.420,0:45:16.479
laughter, some applause
0:45:16.479,0:45:21.020
So, now, hold your applause, I’m sorry.[br]I mean – they deserve it forever.
0:45:21.020,0:45:24.819
If it wasn’t for them we definitely would[br]not have made it here today. So it is
0:45:24.819,0:45:29.029
Free Software. For freedom, literately,[br]as Richard Stallman talks about it.
0:45:29.029,0:45:32.699
Empowered, with strong mathematics,[br]properly implemented
0:45:32.699,0:45:37.319
that made this possible. It is not[br]hopeless. It is, in fact, the case
0:45:37.319,0:45:40.939
that resistance is possible. And, in fact,[br]I think the CCC… If I have learned
0:45:40.939,0:45:45.299
one lesson from the Chaos[br]Computer Club and this community –
0:45:45.299,0:45:50.380
it’s that it’s mandatory. That we have[br]a duty to do something about these things.
0:45:50.380,0:45:54.589
And we can do something about it.[br]So what we need to recognize,
0:45:54.589,0:45:58.740
and what I hope that we can bring[br]to you is that there is great risk,
0:45:58.740,0:46:02.180
for Laura, in particular. In making[br]these kinds of things possible.
0:46:02.180,0:46:05.559
But that we are in it together.[br]When Julian and I gave a talk
0:46:05.559,0:46:08.909
with Sarah Harrison last year, and we[br]talked about “Sysadmins of the world,
0:46:08.909,0:46:13.409
uniting” we didn’t just mean[br]sysadmins. We meant:
0:46:13.409,0:46:17.819
recognize your class interests, and[br]understand that this is the community
0:46:17.819,0:46:22.979
that you are a part of. At least a small[br]part of. And that we’re in it together.
0:46:22.979,0:46:27.890
We need people like Christine Corbett,[br]working on Signal. We need people
0:46:27.890,0:46:32.569
like Ian Goldberg breaking protocols and[br]building things like OTR. And Werner Koch.
0:46:32.569,0:46:36.769
We need Adam Langley building things[br]like Pond. But we need everybody to do
0:46:36.769,0:46:41.009
whatever they can to help with these[br]things. It requires everyone; and
0:46:41.009,0:46:45.200
every skill is valuable to contribute to[br]that. From all the people that work on Tor
0:46:45.200,0:46:50.259
to people that work on Debian. That work[br]on free software, for freedom, literately.
0:46:50.259,0:46:55.329
So what we wanted to do was to say that we[br]should align with these class interests.
0:46:55.329,0:46:58.920
And that we should recognize them. And[br]that we should work together to do that.
0:46:58.920,0:47:03.339
And it is this community who can help[br]to really change things in the rest
0:47:03.339,0:47:06.640
of the world. Because it is in fact only[br]this community and some of the people
0:47:06.640,0:47:11.529
in this room, and around the world to tie[br]in to it, that have blinded these people!
0:47:11.529,0:47:15.849
Everyone else seems to have[br]either gone complicitly;
0:47:15.849,0:47:19.559
or they have designed it[br]incompetently and broken,
0:47:19.559,0:47:23.869
and it is not good. So that[br]is important to recognize.
0:47:23.869,0:47:28.049
Every person, if you are here you are[br]out of a small set of people in the world,
0:47:28.049,0:47:32.249
use that power wisely. Help these people[br]to do that. And that will help us all
0:47:32.249,0:47:35.999
to continue. Not only to reveal these[br]things but to fundamentally shift
0:47:35.999,0:47:41.140
and change that. For everyone, for the[br]whole planet. Without any exception.
0:47:41.140,0:47:44.770
So, on that note we’d like[br]to take some questions!?
0:47:44.770,0:47:46.290
Laura: Yeah!
0:47:46.290,0:48:01.739
strong applause and cheers
0:48:01.739,0:48:05.129
Herald waving at the speakers[br]to approach stage center
0:48:05.129,0:48:16.949
standing ovations
0:48:16.949,0:48:22.049
Herald gently pushing the[br]speakers to stage center
0:48:22.049,0:48:48.379
continued standing ovations
0:48:48.379,0:49:01.739
Laura: Thank you![br]continued standing ovations
0:49:01.739,0:49:04.739
Jacob: Wow![br]Herald: So, everybody who has a question
0:49:04.739,0:49:09.599
please stand in front of[br]one of the 6 microphones
0:49:09.599,0:49:14.299
that are in this room, and,[br]Signal Angel? Are you there?
0:49:14.299,0:49:18.519
Signal Angel: Yeah, I’m here![br]Herald: Are there questions from the internet?
0:49:18.519,0:49:22.510
Signal Angel: Yeah, so the first one would[br]be: What should we do about SSH now?
0:49:22.510,0:49:25.819
laughter[br]Laura laughs
0:49:25.819,0:49:28.069
Jacob: Well,[br]to Laura: shall I?
0:49:28.069,0:49:32.119
Laura: Yeah.[br]Jacob: I wanna be clear.
0:49:32.119,0:49:36.859
We don’t understand, we only know what[br]they claim. And I don’t wanna hide that
0:49:36.859,0:49:41.199
and say that they didn’t claim anything.[br]But they do have claim. They claim
0:49:41.199,0:49:46.259
it as potential. What I would say is:[br]what about these NIST curves?
0:49:46.259,0:49:51.430
What about NIST-anything? The documents[br]that we’ve released specifically talk
0:49:51.430,0:49:55.079
about something that’s very scary.[br]They say that it is Top Secret,
0:49:55.079,0:49:59.119
in a classification guide, that the[br]NSA and the CIA work together
0:49:59.119,0:50:02.869
to subvert standards. And we even released[br]as part of the story an example of them
0:50:02.869,0:50:08.180
going – the NSA, that is –[br]to an IETF meeting
0:50:08.180,0:50:12.359
to enhance surveillance[br]with regard to Voice-over-IP.
0:50:12.359,0:50:16.949
They’re literally amongst us. So[br]what do we do? First, find them.
0:50:16.949,0:50:20.009
Second, stop them![br]mumbles and faint applause
0:50:20.009,0:50:23.539
Question: Thank you![br]Herald: Microphone 2, please!
0:50:23.539,0:50:26.180
Question: Can you talk about, do you[br]plan on releasing the source material,
0:50:26.180,0:50:29.239
eventually? Or will it always be redacted?
0:50:29.239,0:50:33.999
Jacob: Well, some of this is already[br]out right now, without redactions.
0:50:33.999,0:50:37.720
With the exception of[br]very few sets of redactions.
0:50:37.720,0:50:41.480
For agent’s names, and things where[br]legally… we will go to prison. I mean,
0:50:41.480,0:50:43.630
I’m not adverse to that.[br]But I’d like to wait a while.
0:50:43.630,0:50:46.440
laughter
0:50:46.440,0:50:48.519
Question: What about[br]in 15..20 year’s time?
0:50:48.519,0:50:51.509
Laura: Yeah, I mean, I think there[br]are 2 questions there as how to…
0:50:51.509,0:50:54.390
scaling (?) the reporting. But I agree,[br]it needs to happen. And I think
0:50:54.390,0:50:57.710
it’s a valid criticism. I need to do more[br]of it. I think certain things, I think,
0:50:57.710,0:51:01.450
will… I would say should continue to[br]be redacted, at least for the short term.
0:51:01.450,0:51:03.959
Which I think is like there are a lot of[br]names, you know, e-mail addresses,
0:51:03.959,0:51:07.150
phone numbers. All these kinds of[br]specifics, I think, we’ll continue to redact.
0:51:07.150,0:51:10.910
And then we’re working on scaling.[br]I haven’t really had time to think about
0:51:10.910,0:51:14.440
15 years from now. So, but of[br]course, I think at some point
0:51:14.440,0:51:18.299
this questions-of-names becomes[br]less of an issue. But I do here
0:51:18.299,0:51:20.890
the criticism that we need[br]to be doing more publishing!
0:51:20.890,0:51:25.439
Jacob: If we live that long! I hope[br]you’ll help us! Laura laughs
0:51:25.439,0:51:28.769
Next question?[br]Herald: Next question from the internet, please!
0:51:28.769,0:51:32.119
Signal Angel: So how reliable[br]is this source on OTR,
0:51:32.119,0:51:35.560
can that be verified with[br]a second source, somehow?
0:51:35.560,0:51:38.869
Jacob: Well, I think that’s[br]a really good question.
0:51:38.869,0:51:42.559
From what we know, cryptographically,[br]OTR which has been analyzed
0:51:42.559,0:51:46.400
by a number of people hasn’t been broken.
0:51:46.400,0:51:49.700
And what it appears to be the[br]case in these FISA intercepts,
0:51:49.700,0:51:54.180
alone, that is one set of things. Where[br]they produce one set of evidence
0:51:54.180,0:51:58.699
from one set of people. And there are[br]other documents, from a different section,
0:51:58.699,0:52:03.519
from different agencies, that essentially[br]say something completely the same.
0:52:03.519,0:52:09.390
That is: Everything we see seems[br]to support that. And I would say
0:52:09.390,0:52:13.180
maybe Julian is not the best[br]example of how great OTR is.
0:52:13.180,0:52:17.599
But I think I am. I rely on it every day[br]for almost all of my communications.
0:52:17.599,0:52:22.049
And I feel pretty confident, combined[br]with this, as well as talking with people
0:52:22.049,0:52:26.209
in the Intelligence community[br]who actually use OTR, and PGP,
0:52:26.209,0:52:30.409
amazingly enough. So I feel[br]pretty good about it. And
0:52:30.409,0:52:34.959
the most important part is that they don’t[br]have super powers. They have backdoors.
0:52:34.959,0:52:39.590
E.g. I really would encourage people[br]to look at the Cavium (?) hardware.
0:52:39.590,0:52:43.460
I don’t really know why. But it seems[br]to be that they’re obsessed with this.
0:52:43.460,0:52:46.920
And you can look at the documents and[br]you can see that. Look at the hardware.
0:52:46.920,0:52:51.059
Crypto hardware. And imagine that it’s[br]compromised. They spend tens of millions
0:52:51.059,0:52:54.739
of Dollars to backdoor these things. And[br]they work with agencies around the world
0:52:54.739,0:52:59.329
to make that happen. So, would make[br]sense that OTR would be safe, actually.
0:52:59.329,0:53:02.519
It doesn’t interface with any hardware.[br]And it would make sense because the math
0:53:02.519,0:53:08.859
seems to be good. And it seems to be vetted.[br]And that seems to be their weakness.
0:53:08.859,0:53:13.539
Question: Thanks.[br]Herald: Number 4, please!
0:53:13.539,0:53:16.469
Question: Hello. I have… actually, it may[br]be a little odd question. But I wanted
0:53:16.469,0:53:22.009
to ask it anyway. Regarding the[br]term ‘War on Terror’ in general.
0:53:22.009,0:53:26.769
Because all of these things, the[br]Torture Report, the NSA spying,
0:53:26.769,0:53:31.469
is all being done in the name of[br]the ‘War on Terror’. Even though
0:53:31.469,0:53:35.319
we know a number of the people who were[br]tortured were innocent and were in no way
0:53:35.319,0:53:41.619
terrorists. We know torture does not[br]work as an interrogation method.
0:53:41.619,0:53:45.380
And we know a vast majority of the people[br]who are being spied on are completely
0:53:45.380,0:53:50.329
innocent and did nothing wrong. And[br]I wanted to know whether maybe we might
0:53:50.329,0:53:54.689
actually be inadvertently lending (?) an[br]amount of credibility to the whole thing
0:53:54.689,0:53:59.759
by using the term[br]‘War on Terror’ in the first place.
0:53:59.759,0:54:02.560
Laura: Yeah, I mean, actually, I think…[br]Right, we’re talking about ‘Reconstructing
0:54:02.560,0:54:05.579
Narratives’, and that’s maybe one we[br]should binoc (?). This is really the
0:54:05.579,0:54:09.969
‘War on pretty much Everyone’.[br]And so, I agree with that.
0:54:09.969,0:54:13.740
I think… and I stopped using it for[br]a long time. I think that I began
0:54:13.740,0:54:17.699
re-using it, I think,[br]when nothing changed.
0:54:17.699,0:54:20.400
And, in fact, I think I was one of those[br]people who thought things were changed
0:54:20.400,0:54:23.299
under Obama. And there would be some[br]accountability, like if you torture people
0:54:23.299,0:54:27.500
you’re held accountable for torturing[br]people. And then there didn’t. So,
0:54:27.500,0:54:30.710
yeah, I agree, we need a new term for that[br]to describe… Mainly, (?) some people are
0:54:30.710,0:54:35.509
calling it the ‘Endless War’, which[br]I hope is that isn’t actually true.
0:54:35.509,0:54:39.049
But I do think that that’s a term that
0:54:39.049,0:54:44.159
comes with the narrative[br]of the Government.
0:54:44.159,0:54:47.349
Jacob: I think, because I’ve been living in[br]Germany for a while I actually don’t use
0:54:47.349,0:54:50.999
the ‘War on Terror’ as a sentence,[br]ever. I say ‘Imperialist War’.
0:54:50.999,0:54:54.359
Because that’s what it is. It’s Imperialist[br]war. And it’s an Imperialist war on you,
0:54:54.359,0:54:58.449
as a person, your liberties. It’s not[br]about privacy. It’s about choice.
0:54:58.449,0:55:02.349
It’s about dignity. It’s about agency.[br]And of course, I mean these guys
0:55:02.349,0:55:06.519
are murderers and rapists. We[br]shouldn’t dignify them. I mean they’re
0:55:06.519,0:55:10.299
absolutely awful. The Torture Report[br]really shows that. But it doesn’t matter
0:55:10.299,0:55:15.359
that torture doesn’t work. That’s like[br]– as is often said – you know this notion
0:55:15.359,0:55:20.540
like, what (?) is slavery economically[br]viable? Who fucking cares? It’s slavery!
0:55:20.540,0:55:29.710
applause[br]Question: Thank you!
0:55:29.710,0:55:32.290
Herald: Number 1, please!
0:55:32.290,0:55:35.890
Question: Do you think, since it’s[br]kind of obvious, that we should reject,
0:55:35.890,0:55:41.130
or mostly reject, the projects that are[br]influenced by Governmental Institutions
0:55:41.130,0:55:45.859
like NIST? Do you have any[br]information to how they react
0:55:45.859,0:55:50.329
when they see that you use[br]smaller projects like e.g. Paths (?)
0:55:50.329,0:55:56.769
to encrypt your harddrive,[br]and some odd crypto scheme?
0:55:56.769,0:56:00.049
Jacob: Well, one of the things[br]we found is that Truecrypt, e.g.
0:56:00.049,0:56:04.179
withstands what they’re trying to do.[br]And they don’t like it. I really wonder
0:56:04.179,0:56:08.739
if someone could figure out why Truecrypt[br]shut down. That would be really interesting.
0:56:08.739,0:56:15.850
applause
0:56:15.850,0:56:19.880
I can also tell you that after I met[br]General Alexander, and I told him
0:56:19.880,0:56:23.589
to go fuck himself as hard as[br]possible with a chainsaw…
0:56:23.589,0:56:29.470
whoohoo’s, cheers and applause
0:56:29.470,0:56:32.190
I hope he’s watching this video![br]laughter
0:56:32.190,0:56:37.449
He actually went to, let’s say my[br]employer who shall remain anonymous
0:56:37.449,0:56:42.659
someone in the audience laughs[br]and, … sorry Roger!
0:56:42.659,0:56:45.779
laughter[br]…and my understanding is they also
0:56:45.779,0:56:49.929
went to our funders, and said:[br]“What’s this guy? What’s he doing?”,
0:56:49.929,0:56:54.740
you know, and they tried to pressure. And[br]my employer, who shall remain anonymous,
0:56:54.740,0:56:59.050
did not cave. But, yeah,[br]they exert pressure!
0:56:59.050,0:57:07.460
applause
0:57:07.460,0:57:10.479
Herald: Another question[br]from the internet, please!
0:57:10.479,0:57:16.609
Signal Angel: Yeah, so, these files[br]are pretty shocking, or revealing.
0:57:16.609,0:57:19.400
Were they part of the stuff that[br]came out in summer last year?
0:57:19.400,0:57:24.629
And where was the bottleneck?[br]Why do they come out now?
0:57:24.629,0:57:26.150
Jacob: Oh that’s a question for you!
0:57:26.150,0:57:29.670
Laura: Yeah! So in this case
0:57:29.670,0:57:33.990
this was a number of reasons. One is
0:57:33.990,0:57:37.360
that we’ve been slowed[br]to scale the reporting.
0:57:37.360,0:57:40.509
And it was also the case[br]that some of the files
0:57:40.509,0:57:43.600
I personally didn’t have[br]access to, during that time
0:57:43.600,0:57:47.539
when the story actually first[br]came out. And then also
0:57:47.539,0:57:54.489
just the time of reporting and[br]researching the documents.
0:57:54.489,0:57:57.239
Herald: Number 3, please!
0:57:57.239,0:58:01.069
Question: Thanks for the talk! It was[br]great! I support totally the idea that
0:58:01.069,0:58:06.519
we need strong crypto. And I think that
0:58:06.519,0:58:08.840
strong crypto needs also support,[br]and we should all use it. But I think
0:58:08.840,0:58:12.390
strong crypto is not the whole[br]answer to the political situation
0:58:12.390,0:58:15.229
that we have. And I think…
0:58:15.229,0:58:21.259
applause
0:58:21.259,0:58:25.859
…I think that this community of[br]hackers and nerds needs to build
0:58:25.859,0:58:29.650
stronger ties with political movements[br]and be part of political movements.
0:58:29.650,0:58:33.809
I know you are, and I think that[br]we can’t solve the political dilemma
0:58:33.809,0:58:37.329
with just strong crypto. So we need both.
0:58:37.329,0:58:45.539
applause
0:58:45.539,0:58:47.660
Herald: And another[br]question from the internet!
0:58:47.660,0:58:50.949
No more questions from the[br]internet. So, number 3, please!
0:58:50.949,0:58:54.830
Question: Yes, thank you also very much[br]for the talk. I want to ask a question
0:58:54.830,0:58:58.880
about Citizenfour, and especially the[br]ending, of Citizenfour, where there’s
0:58:58.880,0:59:05.079
a strong suggestion that army base here[br]in Germany, called Ramstein is essential
0:59:05.079,0:59:10.710
in these killings that you addressed[br]tonight. What would be your… like,
0:59:10.710,0:59:15.520
are you gonna give more information[br]that’s not just suggestional? And
0:59:15.520,0:59:20.319
what would you want, like, especially[br]this audience to engage in?
0:59:20.319,0:59:24.470
Laura: I mean, so, there is gonna[br]be more reporting on that topic
0:59:24.470,0:59:29.220
that I’m working with, and my colleague[br]Jeremy Scahill, at the Intercept.
0:59:29.220,0:59:32.740
And unfortunately I can’t say more[br]than that, other than, we will be
0:59:32.740,0:59:36.440
coming out with more information that[br]will go beyond what you see in the film.
0:59:36.440,0:59:41.549
So, for sure. And it deals with[br]how Ramstein is part of the
0:59:41.549,0:59:44.709
infrastructure and architecture[br]of communication.
0:59:44.709,0:59:47.149
Jacob: Shut it down! Shut it down!
0:59:47.149,0:59:53.259
applause
0:59:53.259,0:59:56.179
Herald: Number 5, please!
0:59:56.179,1:00:00.339
Question: Is there a minimum key length[br]that you would consider unsafe?
1:00:00.339,1:00:03.009
Jacob: Yeah, so, actually I’m glad you[br]asked that question. I was sort of hoping
1:00:03.009,1:00:06.259
someone will do that. Okay. So. There are[br]some documents from the GCHQ
1:00:06.259,1:00:09.769
where they talk about their super[br]computing resources. And,
1:00:09.769,1:00:15.929
about 3 years ago they were[br]talking about 640 bit keys
1:00:15.929,1:00:20.079
being something that they sort of casually[br]take care of. Now at the same time that
1:00:20.079,1:00:24.499
that was happening Arjen Lenstra[br]had, I think, factored 768 bit,
1:00:24.499,1:00:29.119
and it took, what was it, Alex?[br]3 years? On a bunch…
1:00:29.119,1:00:32.880
listens to answer from audience[br]Year and a half! So, I think pretty much
1:00:32.880,1:00:37.040
anything less than 1024 [bit] is a bad[br]idea. There are other documents
1:00:37.040,1:00:41.349
where they specifically say, if[br]it’s 1024 bit RSA, it’s a problem.
1:00:41.349,1:00:44.619
But you need to think about it,[br]not about what they can do today.
1:00:44.619,1:00:47.259
First of all they have different[br]compartments. One of those compartments
1:00:47.259,1:00:51.289
obviously is dedicated to any maths[br]that they’ve got that speed that up.
1:00:51.289,1:00:54.680
But another point is that because of[br]things like the massive data repository
1:00:54.680,1:00:58.089
– the mission data repository of[br]Bluffdale, Utah – you’re not encrypting
1:00:58.089,1:01:03.229
for today. I mean, you are! But you’re[br]also encrypting for 50 years from today.
1:01:03.229,1:01:07.049
So, personally, I use 4096 bit[br]RSA keys, and I store them
1:01:07.049,1:01:10.329
on a hardware token, which[br]hopefully doesn’t have a backdoor.
1:01:10.329,1:01:14.530
But I trust Werner [Koch]. That’s[br]the best I can do, unfortunately.
1:01:14.530,1:01:17.030
Which is pretty good. But…[br]laughter
1:01:17.030,1:01:22.009
But I think e.g. that the best key sizes,
1:01:22.009,1:01:25.109
you need to think about them in terms of[br]what you’re actually doing; and how long.
1:01:25.109,1:01:29.309
And then think about composition. That is…[br]it’s not just about encrypting something
1:01:29.309,1:01:32.869
with, like, a 4096 bit RSA key.[br]Also make it hard for them to target you
1:01:32.869,1:01:36.670
for surveillance in the[br]first place. So, e.g.
1:01:36.670,1:01:39.939
when you can, use systems where[br]you can composite (?) with Tor. Use things
1:01:39.939,1:01:42.890
that are totally ephemerally keyed. So[br]they can’t break in, steal the key and
1:01:42.890,1:01:47.279
decrypt things in retrospect. Make it[br]really hard for them to make it valuable.
1:01:47.279,1:01:51.319
There’s an economic point to that[br]collection as well as a mathematical point.
1:01:51.319,1:01:54.589
Actually they sort of balance each other[br]out. So anyway, don’t use small key lengths.
1:01:54.589,1:01:59.710
And maybe also consider looking at the[br]work that DJB and Tanja have been doing,
1:01:59.710,1:02:04.910
about Elliptic Curves stuff.[br]And I think, really look to them!
1:02:04.910,1:02:07.930
But these guys [=NSA] aren’t special.[br]They don’t have super powers.
1:02:07.930,1:02:10.879
But when you use things that[br]are closed-source software…
1:02:10.879,1:02:14.470
I mean, Richard Stallman was really right.[br]I mean, I know that it pains some of you
1:02:14.470,1:02:17.470
to know that. But he was really right.[br]laughter
1:02:17.470,1:02:20.010
And he deserves a lot of love for that!
1:02:20.010,1:02:29.509
applause
1:02:29.509,1:02:32.339
Free software, with software[br]implementations with large keys.
1:02:32.339,1:02:35.959
That’s what you want. And when you can:[br]protocols that allow for ephemeral keying,
1:02:35.959,1:02:39.119
or where they have forward secrecy.[br]Things like Pond, things like OTR,
1:02:39.119,1:02:43.420
things like Redphone and Signal.[br]And GnuPG. GnuPG has the caveat (?) that
1:02:43.420,1:02:46.150
if they ever get into your system later[br]they can of course decrypt other messages.
1:02:46.150,1:02:51.569
So you have to consider all that. Not just[br]key size. And GnuPG has safe defaults.
1:02:51.569,1:02:54.740
So if you’re choosing key sizes,[br]hopefully you’re using that.
1:02:54.740,1:02:58.209
Libraries like Salt also[br]make safe choices. So,
1:02:58.209,1:03:02.609
hopefully that answers your question and[br]you use strong crypto in the future.
1:03:02.609,1:03:05.839
Herald: So thank you very[br]much for the talk. Thank you!
1:03:05.839,1:03:08.999
I saw a lot of people being[br]shocked in that room.
1:03:08.999,1:03:13.919
A lot of tears of, I think,[br]proudness and hope.
1:03:13.919,1:03:18.469
I saw… that gives me a really good[br]feeling. So thank you for the talk.
1:03:18.469,1:03:20.839
Give them a very warm applause!
1:03:20.839,1:03:34.499
applause
1:03:34.499,1:03:37.569
silent postroll titles
1:03:37.569,1:03:45.821
Subtitles created by c3subtitles.de[br]in the year 2017. Join, and help us!