silent 31C3 preroll Laura and Jacob silently on stage audio/video playback starts Announcing person in video: Give a warm welcome to General Alexander! video starts all over again, now at its titles Announcing person in video: Give a warm welcome to General Alexander! video:applause Alexander: Thanks! Can you hear me? Question: So does the NSA really keep a file on everyone? Alexander: So many things you could say are funny but I think this requires a very serious answer. First: No, we don’t, absolutely not. And anybody who’d tell you that we’re keeping files or dossiers on the American people: No, that’s not true. And I will tell you that those who would want to weave the story, that we have millions or hundreds of millions of dossiers on people is absolutely false. title with music “Reconstructing Narratives” audio/video playback stops Jacob Appelbaum: That’s the first time I can remember not being wiretapped! Laura laughs laughter and applause Okay, well, it’s really a great honor to be back, and it’s really one of the greatest pleasures of my life to be on stage with Laura, who is one of the most fearless, fantastic journalists… applause …and we are here today to tell you a few things. I am an American by birth and post-nationalist, I suppose, by an accident of history. I’m here now working as a journalist and Laura is working as a journalist. And I’ll let her introduce herself. Laura Poitras: So, I’ve been working the last years, trying to document the “War on Terror” and to understand it from a human perspective and how we can understand it differently, if we understand its impact on people. And today, what Jacob and I want to do is to talk about how the narratives that we’ve been told are false, and how we can construct new narratives that are based on objective facts. Jacob: I think in some way some of the things we are saying will be ‘preaching to the choir’, because it is through this community, that we have, in fact, found some of the truths, that we will talk about today. And the CCC to me is like home, so… laughter and applause And so, if it wasn’t for the CCC and your material support I don’t believe that it would be possible for us to be here today. So, thank you all very much for the large conspiracy that the German people and the international community have brought. some laughter in the audience We have just now simultaneously published on DER SPIEGEL’s website two very large stories which we think will be of great interest, which we will take a little bit of time to explain. But if you go to spiegel.de you will see two stories. One is about cryptography and one is about… the CIA. And about JPEL and NATO. And this is very important, these stories being published at the same time, we very much want to thank DER SPIEGEL and the colleagues who are in this room, Andy Müller-Maguhn, Aaron Gibson and a number of other people, Marcel Rosenberg and Holger Stark… applause We, as some background, have been working on these stories really for a long time. The crypto story, I would say, it’s something we’ve wanted to do for almost a year and a half, if not more. And really, if you think about the investigations in the Cypherpunks movement we’ve really wanted to have some of these answers for about 15 or 20 years. Some of the answers are good and some of the answers are not so fantastic. I guess, it depends on where you stand. But we hope that, by bringing this to you, that it is really in the public interest. And that the public here is interested and that you will take it to other places. That you will really take action, based on what you see. Whether it is traditional action, whether it is civil disobedience, whether it’s FOIAs, whether it’s something else, who knows, we hope that you will feel empowered by the end of this talk. Laura: And I’d just like to say that if anyone wants to open up their laptops and look at some of the documents that we’ve published we won’t be offended at all and, in fact, will be happy. I think it will contribute to your experience of the talk today. Voice from audience: Laura, it’s ‘/international’ on spiegel.de Jacob: Great, ‘spiegel.de/international’ And for everyone who can’t be here, streaming, remember if the stream cuts out and you never see us again, it was murder! Laura and audience laughing, some applause Laura: So, one of the ways that the ‘War on Terror’ works – and the way that war works in general – is how people are de-humanized and reduced to numbers. This is a short video that I filmed about Guantanamo. video with serious music Laura: That was a video that I made about a former prisoner of Guantanamo. His name was Adnan Latif. He was sent to Guantanamo in 2012. And this is how he came home. He was on hunger strike for many years before he died. And what was most shocking to me is watching what happens when he returns home and that he’s listed as a number. And that his family had to witness that. That that was a person who they were seeing for the first time in many years, who is reduced to a number. So today, what we’re publishing with DER SPIEGEL is looking at how that process works. And it involves NATO’s JPEL kill list that is being used in Afghanistan to target people for targeted killings. We’re publishing along that some narratives of particular people who are on the kill list. One particular case was a man who was given the code name “Object Doody”. He was targeted for killing, or for assassination. A British Apache helicopter that was code named “Ugly 50” was sent to kill him. This was on a day that the visibility was poor, and they missed him and they shot a child and his father. The child was killed immediately, the father was wounded. The helicopter looped back around and killed its target. Jacob: Right. So, part of what we are hoping to do here, just to make it perfectly clear, is to expose information that people say doesn’t exist, with a couple of goals. And one of those goals, to be very clear about it, – even though this, I suppose, tilts me a little bit on the activist side of journalism – is to stop the killing. That is an explicit goal with this publication. The British Government and the American Government – in various different ways NATO as well – they say, that these kind of things really don’t exist. That they don’t happen this way. Any they talk about the killing of people in a very… let’s say ‘mechanical fashion’. Usually they say this evidence doesn’t exist, but the evidence does exist. And, in fact, there are lists with names, just endless names. And those people, in various different ways, are graded. They’re graded with regard to the political consequence of those people being killed. As well as some very small spreadsheet and on that spreadsheet, there’s a small box, and that box explains their crimes. Next to that, there’s a Dollar figure for a potential reward. And maybe there’s a restriction. Sometimes it says something like “kinetic action prohibited”. For example. That’s because, by default, “kinetic action” is not prohibited. That is because these are lists of names of people to be found and to be murdered. And so of these lists… we have an excerpt of these lists, being published today. And the goal of publishing this is to show what needs to be done. So these lists have redactions and the goal is that SPIEGEL, along with hopefully others, will help us to continue to work to uncover not only the fate of these people on these lists whose names are redacted, but also the fate of people who are not yet on these kinds of lists. Maybe to move to a world in which we don’t have lists for, what I would call, assassinations. And that’s what SPIEGEL calls it as well. This is not, as some people would say, a “Joint Prioritized Effects List”. This is an assassination program. And I think, personally, that it is inappropriate for democratic societies to have them and when they deny that they have them, we’d like to prove them wrong and publish them. And so that is, what we have done today. applause Now, an important detail of this is: In the story, the very specific story that is told in the SPIEGEL piece, as Laura mentioned, there is an Apache helicopter. And that helicopter attempted to engage with a so-called “legitimate target”. And part of what we hope to drive home is this notion of legitimacy and targeting. In this case, there is a value, that is assigned to a person. And that value is a number, which includes the number of people who are not the target, that can be killed in service of killing that person! That is completely innocent people, who are allowed to be killed entirely. And depending on the number there may be a call back to base or to a higher command. But the number isn’t 1 before they have to make that call. They have discretion. And in this case a child was killed with a Hellfire missile. And why is that? Because technology mediates this type of killing and that technology is not as precise as people would say. And so we have today published the storyboard of this objective “Doody”, which is the name, D-O-O-D-Y. That storyboard tells this and explains that a child was killed with a Hellfire missile in service of killing someone else. And Laura can explain what this person did to ‘deserve’ to be killed. Laura: I mean, actually, what I wanted to transition to is looking at actually the fact… the narrative is, that the government or governments are targeting people, who are suspected of something. And in fact what we learned, is that they’re targeting people based on as little information as their telephone number, or a voice recognition. And they’re using those as methods to target and kill people. One of the things, that we’ve learned through the disclosures by Edward Snowden is that they’re targeting people not just in war zones but internationally. They’re targeting us for surveillance all over the world. And… this is a video of a target. audio/video playback starts Man: This is the highest level! (in German) Ali Fares: Mh-mh! Netcologne, [inaudible], Teliast… Oh my god, it’s so good documented! That are most of the routers that I actually know. Office, plied sky (?), and… Man: This is an engineer? Ali: Yes. Man: Engineer, engineer, engineer, engineer… Ali: Oh, yeah. Man: …engineer, engineer. This is you? Ali: Yes. audio/video playback stops Jacob: So what you just saw there was “Engineers from Stellar”, and that is a fantastic name for a company that gets compromised. It is important to understand the notion of targeting with regard to why a target considered legitimate in some cases can have this notion of collateral damage. Now in the case of Stellar or in the case of Belgacom, which Laura revealed with DER SPIEGEL, what we learn is that it isn’t actually the case that a terrorist is involved with Belgacom or with Stellar. It is that a kind of neo-colonialism is taking place in the digital era, wherein the colonies, the networks, that they do not have through coercion of the state or through other surveillance practices, they have to be compromised. And those become targets and they become legitimate targets in theory and in actuality, because of it’s usefulness. Because of the leverage that it provides against a speculative target, someday in the future. That is, these networks become compromised in service of being able to compromise future networks and other people, just because they can. They set out to do that. And so Stellar is an example of such a thing. And to be able to confront victims this way, to show them that they’re compromised helps us to understand, helps us to show that in fact we are directly, and indirectly impacted by these types of activities. And when we think about this kind of targeting we have to understand the scale. And this scale is sort of incredible. The budget for targeted exploitation, for the NSA, not speaking at all about the GCHQ, or the Defense Signals Directorate folks over in Australia, there’s so much money, when you look at the offensive warfare, that for 2013 alone there was 650 million Dollars spent on the GENIE program. And the GENIE program is their offensive Cyber War program, as they call it themselves, in which they build backdoors, like UNITEDRAKE and STRAITBIZZARE and other tools like Regin, which you know as one of the tools, I hope, that has been used in Belgacom and in other places. So they target places like Stellar and Belgacom, but they also target places like the European Union. In that case, the EU takes the place of a terrorist. That is: they are the goal. They aren’t compromising the EU’s networks just because someone interesting might show up, they are compromising the EU’s networks, because the EU is the equivalent to a terrorist to them. And they wish to have leverage and control. Because that’s what surveillance is in this context. It’s exploitation of systems, where they leverage access to that system, or whichever systems that they have access to, to get more access, to have more control. Either politically or technologically or both. Which ties of course into economics. Now, in the case of GENIE 650 million Dollars is quite a great deal of money. But for 2017 the projected budget for GENIE is a billion Dollars. This is just the beginning of what we see. And these civilian targets or these governmental targets that are being targeted in continental Europe, they’re not alone. It is actually happening all around the world. And these compromises, they happen in service of mass surveillance. Whenever they don’t have the ability to mass-surveil a system they implant systems along the way in order to surveil what goes in and out of them. Systems are even used as what are called ‘Diodes’. And Diodes are essentially another term which we see the Canadians use. Operational Relay Boxes or ORBs. Anybody here that used to be a black hat, I know there are no more black hats here, it’s all legitimate, but… except for that guy, in the front… Everybody knows what you use those boxes for: You use them to jump from one network to another network, so that when something is traced back it traces back to that machine. In the case of the Canadian Service they themselves talk about, a couple of times a year, compromising as many systems as they can in non-Five-Eyes countries, in order to ensure that they have as many operational relay boxes as they need for the coming year. These diodes mean that when a system does a thing, it is absolutely not the case that we can say the person who has purchased that system is responsible for it. It is their official doctrine, in fact, to use other people’s computers for their hacking. And that’s important, when we now consider, that they have – in 2017 projected – a goal of having a billion Dollars to do that. When we look at how that bounces out with Defense that is – not at all – balanced. In fact, it is tilted entirely towards Offensive Warfare. Laura: I was wondering, how many people in the room have gone online to look at some of the documents that we released. Jacob: Anyone? Hey, nice. Laura: Alright. Jacob: Fantastic! So in the future, that is to say in approximately 3 weeks, we plan to release, along with some of our colleagues at SPIEGEL, and other people who are helping out, more information about specific malware, specific cases in which it’s used and details about information sharing with regard to the malware in terms of how it’s harvested. We’re thinking probably in the second week of January for that malware story. And we wanted to make sure to get it right and we wanted people to focus on the specifics of the NATO kill lists and to focus on cryptography. We thought, well, people here in the audience would be able to handle all three, the rest of the world just isn’t ready for it yet. So we had to take a little bit of a pause. So more of the malware details will be released in about 3 weeks. Now for me, one of the things that has, I would say for my entire adult life been very interesting to me and before my adult life started, was a system known as Echelon. Anybody here remember that system? ‘Woohoow’, and laughter jokingly: That’s the guy that built it! more laughter I would guess… maybe not, sorry, I don’t want to… trying to snitch jacket you there… But I think it’s to me extremely important to hear about these kinds of things, that sound totally crazy. Like the CIA torture report, for example. That started out as a conspiracy [theory]. And now we know, that America’s official policy with the CIA was rape, anal rehydration. Those were conspiracy theories which we now know to be facts. So Echelon, the rumour of Echelon was this notion of planetary surveillance. And of course it was Duncan Campbell who brought this forward in an European Union report. He, in fact, very clearly outlined the interception capabilities of the U.S. Government and others. Now, it is hard to actually imagine planetary surveillance, on a scale, let’s say, your home, and how your home fits into your city, and your city how it fits into a country, and the whole world. And all of that being monitored. But what we found is that during the Crypto Wars we thought that we had won. We thought that we had a way, really, to change things. We thought that with cryptography we would be able to change the entire balance. Even if something like planetary surveillance would have come about. And so when Duncan Campbell released his reports about Echelon in the very early 21st century I think a lot of people weren’t as concerned about it as they should have been. And shortly after that the ‘War on Terror’ really got off to a very, very big start. It turns out that we weren’t as concerned as we should have been in the right areas. And we I think can say now, that the first Crypto Wars were not won and in fact the first Crypto Wars were probably – if anything – lost, or they’re still going on now. If we were to delineate that and we were to talk about as an example, the second Crypto Wars, what we would find is what has actually been happening behind the scenes, and, thanks to Edward Snowden we actually have a great deal of answers that we would probably not have otherwise. applause Now, it is important to understand that the context of this is the notion that everyone is suspicious. That we live now in a world of total, absolute surveillance which sometimes misses a thing, here or there. But this is the goal: Collect it all! That’s General Alexander’s notion. When he talks about his notion e.g. about dossiers it’s a trick. It’s a rhetorical trick. Because what he means to say is that now dossiers are dynamic. And that this information is not stored on lists, written down like in, let’s say, the 50s. Rather they’re stored in databases that dynamically will generate a list based on a query from an analyst. “Give me every person that went to this website at this time”. And it of course expands, the notion is that somehow this will only be used against terrorists. But what is a terrorist, in this case? In some cases it actually includes people who are merely involved in drugs, and part of that has been published as part of the JPEL kill lists. That is to say: people who are definitely not terrorists, but who are otherwise interesting targets, so there’s a sort of “bleed over”, and so we see the same thing with surveillance and cryptography: It was for exceptional targets and now it is for everyone. And so cryptography came as a liberator. And that was the idea. But just as we showed a little bit ago, with STELLAR where they targeted engineers specifically to have access to the infrastructure, so, too, we find that for cryptography they sabotage critical infrastructure. We found, in fact, so many different interesting things that it’s actually hard to talk about it in only half an hour of time. Laura: I’d like to just say, as one of the journalists who’s been publishing on the documents I think that one of the most both important stories and the most unsatisfying stories was the BULLRUN story that was published by The New York Times, and the Guardian, and ProPublica. Because it did warn us of how the NSA was attacking critical infrastructure to make the internet insecure, and yet it didn’t tell us any specifics of what they meant by that. And this is something that I think frustrated many people in the audience, and so… applause And so the reporting that Jake’s been doing along with Aaron Gibson and other people… Jacob: Christian (?)… there in the audience. Laura: … is to dig in and to find out what those specifics are so that we can actually warn people about what is safe and what’s not safe in cryptography. Jacob: So, we have, let’s say, a little free time we’re gonna talk about this… but I’d like to do some surveys: Who here uses PPTP? And don’t laugh at them when they raise their hand, let them be honest… who uses it? One guy! laughter Ok, well, good news to this audience… stop doing that, we’re gonna tell you why in a second. Laura laughs Who here uses IPSEC? With a pre-shared key? Fantastic… Stop doing that too… laughter Raise your hand if you use SSH! even louder laughter Laura laughs Guess what… laughter, slight applause In the documents that we’re publishing today we are showing in fact a series of systems that, if we understand them correctly… I wonder if I should say my next sentence… I say this only as myself and not as Laura. I’d be surprised if some building weren’t burning, frankly. But… the NSA claims to have databases for decryption, or an attack orchestration for PPTP and IPSEC, which is not so surprising at all, but also for SSL and TLS, and… for SSH. They have specific slides where they talk about the Debian weak number generation. This is not that. For what we can tell they have separate programs for that. So they of course have a way through the cryptographic exploitation services, crypto-analysis exploitation services, to do certain decrypts. Now, they say: “We stress: potential!”. It seems to be there’s a pattern. And the pattern is things that are done entirely in software, in particular, those things as long as there’s a good random number generator, and especially if it is Free Software, what we find is that it seems to stand the test of time. That doesn’t mean that it always will, because we found a couple of things. One of the things is that we found that they log the cipher texts, and that they wait. Sometimes to break it with brute-force, so we are also revealing today the location of the two large supercomputers: That is at Oak Ridge National Laboratories and at Fort Meade, for a program called LONGHAUL. The LONGHAUL I suppose as they have named it appropriately, is for their long haul approach. Combined with things like the massive data repository, or the Mission Data Center, the Mission Data repository in places like Bluffdale, Utah. They plan and do store the cipher texts of an unbelievable number of connections. When you make an SSL / TLS connection the GCHQ keeps statistics. The Canadian CSE keeps statistics. They seem to log metadata about the handshake in terms of TCP/IP, but also in terms of SSL and TLS for the actual protocols. That is to say, they store the cryptographic handshakes, and in some cases for specific selected data they take the entire flow. Now, we have found claims that are kind of amazing: in the case of BULLRUN the New York Times and the Guardian, and the rest of the collaborating news organizations have often left out important details. One of the important details which I find to be the most shocking and upsetting is that the British alone by 2010 – was it? – had 832 people right into their BULLRUN program. That is 832 people knew about their backdooring and sabotage of crypto, just in the British Service alone. And each of the Five-Eyes countries runs a similar program, like that. With potentially similar numbers of people right into those programs. They say something like: “3 people can keep a secret if 2 are dead”. How about 832 British men? I’m not sure that that’s a really good bet. And these guys have bet the farm on it. That is to say, they have slides and presentations and intercepts where they decrypt SSL, where they discuss decrypting SSL at a scale starting in the tens of thousands, moving into the hundreds and millions of thousands. Hundreds of thousands, and millions, and then into billions, actually. For TLS and SSL they actually have statistics on the order of billions. Of all the major websites that everyone here probably has used at one point or another in their life. So, in the case of the Canadian Services they even monitored ‘Hockeytalk’, to give you and idea about this. And they talk about it in terms of ‘warranted’ collection, and special source collection, and encrypted traffic indeed does stand out. They have programs like QUICKANT, which is a specific way of interfacing with a program called FLYING PIG. FLYING PIG is an SSL/TLS database, it’s a knowledge database, and QUICKANT seems to be what’s called a “Query Focused Data Set”. They try to use that, from what we can tell, for doing low latency de-anonymization. Some of the documents we’re releasing today will explain some of their failures. Now, I think it’s important to be cautious about this because they have many compartments for their data, that is to say they very clearly have ways of keeping secrets even from themselves. But one of the things we found, and that we’re publishing today also, is a FISA intercept. And to the best of my knowledge, and I think that this is true, no one has ever published one of these before. So, this is the basis for what you would call ‘parallel construction’, actually, where they gather Intelligence and then they say, “whatever you do, don’t use this in lawful investigation, don’t use this in a court, it’s not evidence. But by the way, here it is”. So we’re publishing one of those today and we have some, well, moderately good news. In looking at these, what we have found is that they consistently break various different types of encryption. So if you’re mailing around a Microsoft .doc document that’s password protected there’s a good chance that they send it to LONGHAUL using a thing called ISLANDTRANSPORT and then that, if it can, through brute-force, is decrypted. And it is the case that, when they do this decryption, they send it back and they include the decrypted information in the FISA transcript. They do this for .rar files, they do this for .doc files, they do this for a bunch of different systems. But we don’t want to focus on what’s broken because The New York Times and The Guardian and other places have already sort of said “everything is fucked”. We wanted to try to make it a positive talk! laughter and applause And… so I think Laura here is just going to be able to show you in fact… Laura: If it will play… Jacob: Just drag it over… the other way… So we wanted to show you… who here has heard about PRISM? Everyone? What does that mean to you? It doesn’t mean anything, right? We just know that it’s some massive surveillance program. We wanted to show you what one of those PRISM records actually looks like which, in itself is, I think… Laura: Sorry. Jacob: It’s okay. …it’s a rather unexciting document, except for the fact that we get to show it to you. Which is great. [to Laura:] I think if you escape for the… Laura: …escape out of here? Jacob: There it is. Hey FBI, fuck you! laughter and applause So I take great pleasure in being able to say that this couldn’t have happened without Laura! cheers and applause But if you look here you see ‘SIGAD US-984XN’. That’s PRISM! And this is your dossier for PRISM. some shouts from audience From audience: “O3”, “Larger!” Laura: Yeah. audience laughs document on screen is zoomed in audience goes: “Aaaah!” cheers and applause And if you’re wondering about the redactions, it’s all Andy Müller-Maguhn. slight laughter Shouted from audience: Fuck you!! Jacob laughs Jacob: Here’s the good news! The FBI regularly lies to the American Public. And to the rest of the world. Then they say they’re ‘going dark’. What we found in the study of these FISA intercepts is that basically no one uses cryptography. And basically everyone that uses cryptography is broken, except for – well, let’s say – 2 things. Thing No.1 is OTR. big applause and cheers Very important to go with it is you’ll notice that there’s some metadata. And it’s just metadata. But as the U.S. Government has said in public, they kill people with metadata. So up there you’ll see that, I believe this was Yahoo, is that right, Andy? Andy M.-M. answers from audience Yeah, I think… it could be Gmail, or could be Yahoo, I forgot which one this one is. We’re releasing, you know, enough for you to figure it out on your own. Hopefully this isn’t you, if so, I’m sorry we redacted your information. Cause if it was me I wouldn’t want it to be redacted. But you’ll see that it’s a user name, IP address as well as a time and a date. And you also see other IP addresses associated with it. Those are used for selector-based surveillance. Which if you haven’t been following along at home it means that they can take that information, put it into other databases, and the things like XKeyscore, and pull up other information that will be related. But most importantly here is, you see what is essentially a chat log. As if it had been created on your computer. Now, don’t log – it’s rude. They did it for you anyway. And what you see is “OC – No decrypt available for this OTR encrypted message”. In other documents we see them saying “cryptographic exploitation services”. “We can’t decrypt it, it’s off the record”. Quite a nice endorsement! And what we have also found is that they do the same thing for PGP. applause Now in other cases they do decrypt the messages. So instead of telling you about everything “It’s broken!” what we wanted to do is to suggest: “Look at the composition of OTR, find Ian Goldberg who’s here somewhere, ask him to review your cryptographic protocol”. Maybe don’t – he’s probably already overwhelmed. But Snowden said this in the very beginning. He said: “Cryptography, when properly implemented, is one of the few things that you can rely upon”. And he’s right. And we see this. This is the message. These things are not to be used in legal proceedings. And yet here we see them anyway. And what we see is that even there, in the most illegal of settings, essentially, they can’t decrypt it. Now the sad part is that not everyone is using it. But the good news is that when you use it, it appears to work. When you verify the fingerprint, e.g. We didn’t find evidence of them doing active attacks to do man-in-the-middle attacks. But that’s easy to solve. OTR allows you to authenticate. PGP and Gnu-PG allow you to verify the fingerprint. We did find evidence of them having databases, filled with cryptographic keys, that were pilfered from routers, and compromising machines. So rotate your keys frequently, use protocols that are ephemeral. They themselves find that they are blinded when you use properly implemented cryptography. So Gnu-PG – Werner Koch I think is in the audience – Gnu-PG and OTR are 2 things that actually stop the spies from spying on you, with PRISM. applause, some cheers Laura: to Jake Would you mind if I ask… for a volunteer to … computers …? Jacob: So, we have some other really good news. And that good news is this: There are… in some of the slides that are being released a matrix – not ‘the Matrix’ that you’re hoping for – laughter but we can talk about that program later laughter I’m not even joking. But… laughter There are some other things. One of the things that they talk about in this matrix is, what’s hard, and what’s easy. And in the case of ‘Hard’ they describe Redphone, and that means Signal, the program by Christine Corbett and Moxy Marlinspike as ‘catastrophic’. applause They say: “Tails and Tor – catastrophic”. cheers and applause So what that really means is that we now understand some things that they have trouble with. And how they will take action to try to sabotage it is clear. They will try to sabotage the Random Number Generators like they did with Dual_EC_DRBG. They will try to sabotage the platforms. They will try to force companies to be complicit. I think the German word is ‘Gleichschaltung’. You’re all familiar: with that? That is the process that is happening now in America. With these crypto programs. That’s what PRISM is. PRISM is when companies would like to fight against it. And that’s not to call them ‘victims’, most of them are willing. This is still what they’re forced into. That is the legal regime. And it is when you take responsibility using the strong crypto that you can set that in a different direction. Those companies actually can’t really protect you. They are, in fact, secretly in some cases, and sometimes willingly, complicit in that. And, so if you use Redphone and Signal, if you use something like Tor, and Gnu-PG with a properly sized key – don’t use like a 768 bit RSA key or something stupid like that… If you use OTR, if you use jabber.ccc.de – buy that guy who runs that a beer, by the way – applause if you use these things in concert together, you blind them. So this is the good news. And the documents that support this are online. We have some other bad news, though. There exists a program which they call ‘TUNDRA’. TUNDRA – it’s not exactly clear what the details are. But they say that they have a handful of crypto-analytic attacks on AES. Obviously they can’t break AES, or they would be able to break OTR. But what it suggests is that they have a conflict of interest. Well, they’re both supposed to protect our information and, of course, to exploit it. If they have attacks against AES, much like if they have attacks against SSH as they claim in the Caprius database, in that program then it shows that conflict of interest runs very deep. Against our critical infrastructure. Against the most important systems that exist. Protect our data. And it shows a sort of hegemonic arrogance. And that arrogance is to suggest that they’ll always be on top. I had the misfortune of meeting General Alexander, quite recently. In Germany. And after failing to have him arrested, which was a funny story in itself, I asked him what he thought he was doing. Another person there stood up and said: “What about who comes after you next?” And he didn’t quite understand the question. But his answer was pretty eerie: He said: “Nobody comes after us next”. faint laughter “Thousand-year Reich”. That is exactly what he was saying. And when I confronted him about accountability for things like kill lists, and crypto he said that he was just following orders. Literately. laughter and some applause So. Now we know what blinds them. And we understand what they do with things when they’re not blinded. Their politics include assassinations but it doesn’t just end there. It includes torture, it includes kidnapping. It includes buying people. And then sending their bodies home with a number. Instead of a name. It includes de-humanizing them. So we want to encourage everyone here to feel empowered with this knowledge, which is a little difficult. But, Werner Koch, are you in the room? positive Could you stand up? applause Stay, stand there, just stay, stand there! Laura: Stay up, stand up! Jacob: And Ian Goldberg, are you in the room? I’m sorry to do this… There is Ian! ongoing applause …and Christine Corbett… Christine Corbett, are you in the room? From Signal? Laura: Stay… keep standing! Jacob: Stand up! Stand up! applause These people, without even knowing it, without even trying, they beat them! cheers and strong applause Laura: So,… don’t sit down guys! So, last night I screened my film “Citizenfour” here, and there were some questions, and somebody asked what can they do to support the work that Snowden has done, and the journalists. And actually what I should have said and I didn’t say in the moment is that actually everybody should fund the work that you guys do. And I mean that, because, literally, my work would not be possible without the work that you do. So I would like it if everybody in this room when they leave here in the next week to reach out and fund these projects. Because without these projects the journalism that Glenn and I, and Jake have done would literally not be possible. strong applause, some cheers And… Jacob: Just to be clear, since this video will definitely be played at a grand jury against the both of us, I wanna make it perfectly clear that defense of the U.S. Constitution is the Supreme defense, your honor! And, secondly, that those gentlemen had nothing to do with any of this at all! laughter, some applause So, now, hold your applause, I’m sorry. I mean – they deserve it forever. If it wasn’t for them we definitely would not have made it here today. So it is Free Software. For freedom, literately, as Richard Stallman talks about it. Empowered, with strong mathematics, properly implemented that made this possible. It is not hopeless. It is, in fact, the case that resistance is possible. And, in fact, I think the CCC… If I have learned one lesson from the Chaos Computer Club and this community – it’s that it’s mandatory. That we have a duty to do something about these things. And we can do something about it. So what we need to recognize, and what I hope that we can bring to you is that there is great risk, for Laura, in particular. In making these kinds of things possible. But that we are in it together. When Julian and I gave a talk with Sarah Harrison last year, and we talked about “Sysadmins of the world, uniting” we didn’t just mean sysadmins. We meant: recognize your class interests, and understand that this is the community that you are a part of. At least a small part of. And that we’re in it together. We need people like Christine Corbett, working on Signal. We need people like Ian Goldberg breaking protocols and building things like OTR. And Werner Koch. We need Adam Langley building things like Pond. But we need everybody to do whatever they can to help with these things. It requires everyone; and every skill is valuable to contribute to that. From all the people that work on Tor to people that work on Debian. That work on free software, for freedom, literately. So what we wanted to do was to say that we should align with these class interests. And that we should recognize them. And that we should work together to do that. And it is this community who can help to really change things in the rest of the world. Because it is in fact only this community and some of the people in this room, and around the world to tie in to it, that have blinded these people! Everyone else seems to have either gone complicitly; or they have designed it incompetently and broken, and it is not good. So that is important to recognize. Every person, if you are here you are out of a small set of people in the world, use that power wisely. Help these people to do that. And that will help us all to continue. Not only to reveal these things but to fundamentally shift and change that. For everyone, for the whole planet. Without any exception. So, on that note we’d like to take some questions!? Laura: Yeah! strong applause and cheers Herald waving at the speakers to approach stage center standing ovations Herald gently pushing the speakers to stage center continued standing ovations Laura: Thank you! continued standing ovations Jacob: Wow! Herald: So, everybody who has a question please stand in front of one of the 6 microphones that are in this room, and, Signal Angel? Are you there? Signal Angel: Yeah, I’m here! Herald: Are there questions from the internet? Signal Angel: Yeah, so the first one would be: What should we do about SSH now? laughter Laura laughs Jacob: Well, to Laura: shall I? Laura: Yeah. Jacob: I wanna be clear. We don’t understand, we only know what they claim. And I don’t wanna hide that and say that they didn’t claim anything. But they do have claim. They claim it as potential. What I would say is: what about these NIST curves? What about NIST-anything? The documents that we’ve released specifically talk about something that’s very scary. They say that it is Top Secret, in a classification guide, that the NSA and the CIA work together to subvert standards. And we even released as part of the story an example of them going – the NSA, that is – to an IETF meeting to enhance surveillance with regard to Voice-over-IP. They’re literally amongst us. So what do we do? First, find them. Second, stop them! mumbles and faint applause Question: Thank you! Herald: Microphone 2, please! Question: Can you talk about, do you plan on releasing the source material, eventually? Or will it always be redacted? Jacob: Well, some of this is already out right now, without redactions. With the exception of very few sets of redactions. For agent’s names, and things where legally… we will go to prison. I mean, I’m not adverse to that. But I’d like to wait a while. laughter Question: What about in 15..20 year’s time? Laura: Yeah, I mean, I think there are 2 questions there as how to… scaling (?) the reporting. But I agree, it needs to happen. And I think it’s a valid criticism. I need to do more of it. I think certain things, I think, will… I would say should continue to be redacted, at least for the short term. Which I think is like there are a lot of names, you know, e-mail addresses, phone numbers. All these kinds of specifics, I think, we’ll continue to redact. And then we’re working on scaling. I haven’t really had time to think about 15 years from now. So, but of course, I think at some point this questions-of-names becomes less of an issue. But I do here the criticism that we need to be doing more publishing! Jacob: If we live that long! I hope you’ll help us! Laura laughs Next question? Herald: Next question from the internet, please! Signal Angel: So how reliable is this source on OTR, can that be verified with a second source, somehow? Jacob: Well, I think that’s a really good question. From what we know, cryptographically, OTR which has been analyzed by a number of people hasn’t been broken. And what it appears to be the case in these FISA intercepts, alone, that is one set of things. Where they produce one set of evidence from one set of people. And there are other documents, from a different section, from different agencies, that essentially say something completely the same. That is: Everything we see seems to support that. And I would say maybe Julian is not the best example of how great OTR is. But I think I am. I rely on it every day for almost all of my communications. And I feel pretty confident, combined with this, as well as talking with people in the Intelligence community who actually use OTR, and PGP, amazingly enough. So I feel pretty good about it. And the most important part is that they don’t have super powers. They have backdoors. E.g. I really would encourage people to look at the Cavium (?) hardware. I don’t really know why. But it seems to be that they’re obsessed with this. And you can look at the documents and you can see that. Look at the hardware. Crypto hardware. And imagine that it’s compromised. They spend tens of millions of Dollars to backdoor these things. And they work with agencies around the world to make that happen. So, would make sense that OTR would be safe, actually. It doesn’t interface with any hardware. And it would make sense because the math seems to be good. And it seems to be vetted. And that seems to be their weakness. Question: Thanks. Herald: Number 4, please! Question: Hello. I have… actually, it may be a little odd question. But I wanted to ask it anyway. Regarding the term ‘War on Terror’ in general. Because all of these things, the Torture Report, the NSA spying, is all being done in the name of the ‘War on Terror’. Even though we know a number of the people who were tortured were innocent and were in no way terrorists. We know torture does not work as an interrogation method. And we know a vast majority of the people who are being spied on are completely innocent and did nothing wrong. And I wanted to know whether maybe we might actually be inadvertently lending (?) an amount of credibility to the whole thing by using the term ‘War on Terror’ in the first place. Laura: Yeah, I mean, actually, I think… Right, we’re talking about ‘Reconstructing Narratives’, and that’s maybe one we should binoc (?). This is really the ‘War on pretty much Everyone’. And so, I agree with that. I think… and I stopped using it for a long time. I think that I began re-using it, I think, when nothing changed. And, in fact, I think I was one of those people who thought things were changed under Obama. And there would be some accountability, like if you torture people you’re held accountable for torturing people. And then there didn’t. So, yeah, I agree, we need a new term for that to describe… Mainly, (?) some people are calling it the ‘Endless War’, which I hope is that isn’t actually true. But I do think that that’s a term that comes with the narrative of the Government. Jacob: I think, because I’ve been living in Germany for a while I actually don’t use the ‘War on Terror’ as a sentence, ever. I say ‘Imperialist War’. Because that’s what it is. It’s Imperialist war. And it’s an Imperialist war on you, as a person, your liberties. It’s not about privacy. It’s about choice. It’s about dignity. It’s about agency. And of course, I mean these guys are murderers and rapists. We shouldn’t dignify them. I mean they’re absolutely awful. The Torture Report really shows that. But it doesn’t matter that torture doesn’t work. That’s like – as is often said – you know this notion like, what (?) is slavery economically viable? Who fucking cares? It’s slavery! applause Question: Thank you! Herald: Number 1, please! Question: Do you think, since it’s kind of obvious, that we should reject, or mostly reject, the projects that are influenced by Governmental Institutions like NIST? Do you have any information to how they react when they see that you use smaller projects like e.g. Paths (?) to encrypt your harddrive, and some odd crypto scheme? Jacob: Well, one of the things we found is that Truecrypt, e.g. withstands what they’re trying to do. And they don’t like it. I really wonder if someone could figure out why Truecrypt shut down. That would be really interesting. applause I can also tell you that after I met General Alexander, and I told him to go fuck himself as hard as possible with a chainsaw… whoohoo’s, cheers and applause I hope he’s watching this video! laughter He actually went to, let’s say my employer who shall remain anonymous someone in the audience laughs and, … sorry Roger! laughter …and my understanding is they also went to our funders, and said: “What’s this guy? What’s he doing?”, you know, and they tried to pressure. And my employer, who shall remain anonymous, did not cave. But, yeah, they exert pressure! applause Herald: Another question from the internet, please! Signal Angel: Yeah, so, these files are pretty shocking, or revealing. Were they part of the stuff that came out in summer last year? And where was the bottleneck? Why do they come out now? Jacob: Oh that’s a question for you! Laura: Yeah! So in this case this was a number of reasons. One is that we’ve been slowed to scale the reporting. And it was also the case that some of the files I personally didn’t have access to, during that time when the story actually first came out. And then also just the time of reporting and researching the documents. Herald: Number 3, please! Question: Thanks for the talk! It was great! I support totally the idea that we need strong crypto. And I think that strong crypto needs also support, and we should all use it. But I think strong crypto is not the whole answer to the political situation that we have. And I think… applause …I think that this community of hackers and nerds needs to build stronger ties with political movements and be part of political movements. I know you are, and I think that we can’t solve the political dilemma with just strong crypto. So we need both. applause Herald: And another question from the internet! No more questions from the internet. So, number 3, please! Question: Yes, thank you also very much for the talk. I want to ask a question about Citizenfour, and especially the ending, of Citizenfour, where there’s a strong suggestion that army base here in Germany, called Ramstein is essential in these killings that you addressed tonight. What would be your… like, are you gonna give more information that’s not just suggestional? And what would you want, like, especially this audience to engage in? Laura: I mean, so, there is gonna be more reporting on that topic that I’m working with, and my colleague Jeremy Scahill, at the Intercept. And unfortunately I can’t say more than that, other than, we will be coming out with more information that will go beyond what you see in the film. So, for sure. And it deals with how Ramstein is part of the infrastructure and architecture of communication. Jacob: Shut it down! Shut it down! applause Herald: Number 5, please! Question: Is there a minimum key length that you would consider unsafe? Jacob: Yeah, so, actually I’m glad you asked that question. I was sort of hoping someone will do that. Okay. So. There are some documents from the GCHQ where they talk about their super computing resources. And, about 3 years ago they were talking about 640 bit keys being something that they sort of casually take care of. Now at the same time that that was happening Arjen Lenstra had, I think, factored 768 bit, and it took, what was it, Alex? 3 years? On a bunch… listens to answer from audience Year and a half! So, I think pretty much anything less than 1024 [bit] is a bad idea. There are other documents where they specifically say, if it’s 1024 bit RSA, it’s a problem. But you need to think about it, not about what they can do today. First of all they have different compartments. One of those compartments obviously is dedicated to any maths that they’ve got that speed that up. But another point is that because of things like the massive data repository – the mission data repository of Bluffdale, Utah – you’re not encrypting for today. I mean, you are! But you’re also encrypting for 50 years from today. So, personally, I use 4096 bit RSA keys, and I store them on a hardware token, which hopefully doesn’t have a backdoor. But I trust Werner [Koch]. That’s the best I can do, unfortunately. Which is pretty good. But… laughter But I think e.g. that the best key sizes, you need to think about them in terms of what you’re actually doing; and how long. And then think about composition. That is… it’s not just about encrypting something with, like, a 4096 bit RSA key. Also make it hard for them to target you for surveillance in the first place. So, e.g. when you can, use systems where you can composite (?) with Tor. Use things that are totally ephemerally keyed. So they can’t break in, steal the key and decrypt things in retrospect. Make it really hard for them to make it valuable. There’s an economic point to that collection as well as a mathematical point. Actually they sort of balance each other out. So anyway, don’t use small key lengths. And maybe also consider looking at the work that DJB and Tanja have been doing, about Elliptic Curves stuff. And I think, really look to them! But these guys [=NSA] aren’t special. They don’t have super powers. But when you use things that are closed-source software… I mean, Richard Stallman was really right. I mean, I know that it pains some of you to know that. But he was really right. laughter And he deserves a lot of love for that! applause Free software, with software implementations with large keys. That’s what you want. And when you can: protocols that allow for ephemeral keying, or where they have forward secrecy. Things like Pond, things like OTR, things like Redphone and Signal. And GnuPG. GnuPG has the caveat (?) that if they ever get into your system later they can of course decrypt other messages. So you have to consider all that. Not just key size. And GnuPG has safe defaults. So if you’re choosing key sizes, hopefully you’re using that. Libraries like Salt also make safe choices. So, hopefully that answers your question and you use strong crypto in the future. Herald: So thank you very much for the talk. Thank you! I saw a lot of people being shocked in that room. A lot of tears of, I think, proudness and hope. I saw… that gives me a really good feeling. So thank you for the talk. Give them a very warm applause! applause silent postroll titles Subtitles created by c3subtitles.de in the year 2017. Join, and help us!