-
Not Synced
... wanted to be able to use
-
Not Synced
Thunderbird and GnuPG together with Tor,
-
Not Synced
and so we thought:
-
Not Synced
oh, it would be really easy, I bet,
-
Not Synced
to configure Thunderbird to work with Tor
-
Not Synced
- hah - so a new Free software project
was born.
-
Not Synced
It's a really simple thing, but basically
-
Not Synced
it's just a package
that hooks it all together.
-
Not Synced
So a lot of people were using Thunderbird
-
Not Synced
and TorBirdy, and GnuPG, and Tor,
-
Not Synced
and Debian, together for email,
-
Not Synced
combined with Riseup as an email service.
-
Not Synced
So it's a literally a real peer to peer,
Free software driven set of things,
-
Not Synced
actually, that made it possible.
-
Not Synced
[question]:
So one thing I never understood about this
-
Not Synced
process was exactly how the documents were
handled, and maybe that's because nobody
-
Not Synced
wants to say, but, you know, did you leave
them on a server somewhere and download
-
Not Synced
them, hand them over to people, and who
took what where, and how do you...
-
Not Synced
in case I need to do something really
dangerous with a load of documents,
-
Not Synced
what's the best way of doing it?
-
Not Synced
[laughter]
-
Not Synced
[Jacob]: Hmm!
-
Not Synced
[audience member]: It's a good thing
this isn't being streamed.
-
Not Synced
I'm sorry, what?
-
Not Synced
There was a voice from god,
what did she say?
-
Not Synced
[audience]:
I said good we aren't streaming tonight.
-
Not Synced
Oh yeah, so hello to all of our friends
-
Not Synced
in domestic and international
surveillance services.
-
Not Synced
Well, so I won't answer your question,
-
Not Synced
but since you asked the question,
it's my turn to talk.
-
Not Synced
So what I would say is that...
-
Not Synced
if you want to do clandestine activities
-
Not Synced
that you fear for your life for,
-
Not Synced
you need to really think about
the situation that you're in
-
Not Synced
very carefully.
-
Not Synced
And so a big part of this is
operational security
-
Not Synced
and a big part of that is
compartmentalization.
-
Not Synced
So certain people had access
to certain things,
-
Not Synced
but maybe they couldn't decrypt them,
-
Not Synced
and certain things were moved around,
-
Not Synced
and that's on a need to know basis,
-
Not Synced
and those people who knew,
-
Not Synced
which is not me - I don't know anything,
I don't know what you're talking about.
-
Not Synced
Those people knew, and then you know,
-
Not Synced
it'll go with them to their grave.
-
Not Synced
So if you're interested in being the next
Edward Snowden,
-
Not Synced
you need to do your homework
-
Not Synced
in finding people that will be able to do
the other part of it, let's say.
-
Not Synced
But just in general, I mean
-
Not Synced
compartmentalization is key, right.
-
Not Synced
So it's not just for AppArmor profiles.
-
Not Synced
So you need to think about
what you want to do.
-
Not Synced
And I mean a big part of this
is to consider that the network itself
-
Not Synced
is the enemy, even though it is useful
for communicating.
-
Not Synced
So all the metadata that exists
on the network
-
Not Synced
could have tipped people off,
could have caused
-
Not Synced
this whole thing to fall apart.
-
Not Synced
It really is amazing, I feel like you know
-
Not Synced
two and half, three years ago,
-
Not Synced
when you talk about Free software,
-
Not Synced
and you talk about the idea of
Free software,
-
Not Synced
and you talk about issues relating to
autonomy and privacy, and security
-
Not Synced
you have a really different reception now
than you did then,
-
Not Synced
and that's really what it took
-
Not Synced
to turn the world half a degree,
or something,
-
Not Synced
or a quarter of a degree or something.
-
Not Synced
So I'm not going to tell you about
detailed plans for conspiracy,
-
Not Synced
but I highly encourage you to read about
South African history,
-
Not Synced
in particular the history of
Umkhonto we Sizwe.
-
Not Synced
They are the clandestine communications
group for MK,
-
Not Synced
or rather the operation who lay inside of MK,
-
Not Synced
which is Umkhonto we Sizwe,
-
Not Synced
and they are sort of with
the African National Congress,
-
Not Synced
and those people have published so many
books about the revolutionary activities
-
Not Synced
to overthrow the apartheid state.
-
Not Synced
If you read these books, especially
the book "Operation Vula"
-
Not Synced
and "Armed and Dangerous"
by Ronnie Kasrils
-
Not Synced
they give you some idea about
what you need to do
-
Not Synced
which is to compartmentalize,
-
Not Synced
how to find people to do various tasks,
specific tasks,
-
Not Synced
how to work on building trust
with each other, what that looks like,
-
Not Synced
how to identify political targets,
-
Not Synced
how you might use things
like communications technology
-
Not Synced
to change the political topic on,
-
Not Synced
and the discussion in general.
-
Not Synced
And I think the best way to learn about
these things is to study previous people
-
Not Synced
who have tried to do that kind of stuff.
-
Not Synced
And the NSA is not the apartheid regime of
South Africa,
-
Not Synced
but there are still lessons
to be learned there,
-
Not Synced
so if you really want to know the answer
to that, also Che Guevara's manual
-
Not Synced
on guerilla warfare is very interesting,
-
Not Synced
and there's a lot of other books like that.
-
Not Synced
I'd be happy to talk about it
with you later.
-
Not Synced
And I have nothing to do with anything
that we may or may not have done.
-
Not Synced
[laughter]
-
Not Synced
[question]: Do you think there is a chance
that things may get better
-
Not Synced
for example I know that publicly,
some programs were not extended
-
Not Synced
but I don't know what is happening
in the background
-
Not Synced
so maybe it's the same thing
but they are pretending that it's not
-
Not Synced
How do you see this?
-
Not Synced
[Jacob]: Well I think a couple of things.
-
Not Synced
In general I think what happened, not just
with this movie but with all of these things
-
Not Synced
is that in inspired hope,
-
Not Synced
and the hope is very important,
-
Not Synced
but hope is not a strategy for survival,
or for building alternatives,
-
Not Synced
so what it has also done, is that it has
allowed us to raise the profile
-
Not Synced
of the things which actually do
make it better.
-
Not Synced
For example ridding ourselves of the
chains of proprietary software
-
Not Synced
is something that's a serious discussion
with people that wouldn't have previously
-
Not Synced
talked about Free software
because they don't care about liberty,
-
Not Synced
they care about security.
-
Not Synced
And even though I think those are
really simliar things,
-
Not Synced
previously they just thought we were just
Free software hippies,
-
Not Synced
in tie-dye shirts
-
Not Synced
and while that may be true on the weekends
and evenings
-
Not Synced
or with Bdale every day
[laughter]
-
Not Synced
I think that actually does make it better
-
Not Synced
And it also changes the dialogue, in
the sense that it's no longer reasonable
-
Not Synced
to pretend that mass surveillance and
surveillance issues don't matter,
-
Not Synced
because if you really go down the
rabbit-hole
-
Not Synced
of thinking about what the security
services are trying to do
-
Not Synced
it becomes obvious that we want to encrypt
everything all the time
-
Not Synced
to beat selector-based surveillance
and dragnet-based surveillance.
-
Not Synced
It doesn't matter if something is authenticated
-
Not Synced
You could still trigger some action
to take place
-
Not Synced
with these kinds of surveillance machines
-
Not Synced
that could for example drone
strike someone,
-
Not Synced
and so it raises that.
-
Not Synced
And that gives me a lot of hope too,
-
Not Synced
because people understand the root
of the problem,
-
Not Synced
or the root of many problems
-
Not Synced
and the root of some violence
in the world, actually.
-
Not Synced
And so it helps us to reduce that
violence
-
Not Synced
by getting people to acknowledge
that it's real
-
Not Synced
and also that they care about it
-
Not Synced
and that we care about each other.
-
Not Synced
So that really gives me a lot of hope,
and part of that is Snowden
-
Not Synced
and part of that is the documents
-
Not Synced
but the other part of it is that..
-
Not Synced
I don't want to blow it up and make it
sound like we did something
-
Not Synced
like a big deal,
-
Not Synced
but in a sense, Laura, Glen, myself
and a number of other people
-
Not Synced
were really not sure we would ever be able
to travel home to our country
-
Not Synced
that we wouldn't be arrested.
-
Not Synced
I actually haven't been home
in over two and half years,
-
Not Synced
well, two years and three months
or something
-
Not Synced
I went out on a small business trip
that was supposed to last two weeks
-
Not Synced
and then this happened
-
Not Synced
and I've been hear ever since.
-
Not Synced
It's a really long, crazy trip.
-
Not Synced
But the point is that that's what was
necessary to make some of these changes
-
Not Synced
and eventually it will turn around
-
Not Synced
and I will be able to go home,
-
Not Synced
and Laura and Glen will be able to travel
to the US again.
-
Not Synced
Obviously, Julian is still stuck in the
Ecuadorian embassy
-
Not Synced
Sarah lives in exile in Berlin,
-
Not Synced
I live in exile in Berlin,
-
Not Synced
And Ed is in Moscow
-
Not Synced
So we're not finished with some of
these things
-
Not Synced
and it's also possible that we are,
the set of people I mentioned,
-
Not Synced
the state we're in, will stay that way
forever.
-
Not Synced
But what matters is that the rest
of the world
-
Not Synced
can actually move on and fix some of
these problems,
-
Not Synced
and I have a lot of hope about that.
-
Not Synced
And I see a lot of change, that's the
really big part.
-
Not Synced
Like I see the reproducible build stuff
that Holger and Lunar are working on.
-
Not Synced
People really understand the root reason
for needing to do that
-
Not Synced
and actually seems quite reasonable
to people
-
Not Synced
who would previously have expended energy
against it,
-
Not Synced
in support of it, so I think that's
really good.
-
Not Synced
And there's a lot of other hopeful things.
-
Not Synced
So I would try and be as uplifting
as possible.
-
Not Synced
It's not just the rum!
-
Not Synced
[question]: Near the end of the film
we saw something about another source.
-
Not Synced
I may have been missing some news
or something
-
Not Synced
but I don't remember anything about that
being public.
-
Not Synced
Do you know what happened to them?
-
Not Synced
[Jacob]: As far as I know any other
source that was mentioned in the film
-
Not Synced
is still anonymous, and they're still free.
-
Not Synced
I'm not exactly sure because I was not
involved in that part
-
Not Synced
but I also saw the end of the film
-
Not Synced
and I've seen a bunch of other reporting
which wasn't attributed to anyone in particular
-
Not Synced
So the good news... there's an old slogan
from the Dutch hacker community, right?
-
Not Synced
"Someone you trust is one of us,
-
Not Synced
and the leak is higher up in the chain of
command than you"
-
Not Synced
And I feel like that might be true again,
hopefully.
-
Not Synced
I think that guy has a question as well.
-
Not Synced
[question]: Part of the problem initially
was that encryption software
-
Not Synced
was not so easy to use, right?
-
Not Synced
And I think part of the challenge
for everyone
-
Not Synced
was to improve on that situation
to make it better
-
Not Synced
so I'm asking you if you've observed
any change and to the rest of the room
-
Not Synced
have we done anything to improve on that?
-
Not Synced
[Jacob]: I definitely think that there is
a lot of free software
-
Not Synced
that makes encryption easier to use,
-
Not Synced
though not always on free platforms,
which really is heart-breaking.
-
Not Synced
For example Moxie Marlinspike has done
a really good job
-
Not Synced
with Signal, Textsecure and Redphone
-
Not Synced
and making end-to-end, encrypted
calling, texting, sexting,
-
Not Synced
and whatever apps,
-
Not Synced
sext-secure is what I think it's nicknamed
-
Not Synced
and I'm very impressed by that,
and it works really well
-
Not Synced
and it's something which in the
last two years
-
Not Synced
if you have a cell-phone,
which I don't recommend
-
Not Synced
but if you have a cell-phone,
and you put in everyone's phone number,
-
Not Synced
a lot of people that I would classify as
non-technical people,
-
Not Synced
that don't care about Free software
as a hobby or as a passion
-
Not Synced
or as a profession.
-
Not Synced
You see their names in those systems
-
Not Synced
often more than some of the
Free software people,
-
Not Synced
and that's really impressive to me,
-
Not Synced
and I think there's been a huge shift
just generally about those sorts of things
-
Not Synced
also about social responsibility,
-
Not Synced
or people understand they have a
responsibility to other people
-
Not Synced
to encrypt communications,
and not to put people in harm's way
-
Not Synced
by sending unsafe stuff over
unsafe communication lines.
-
Not Synced
So I think in my personal view it's better.
-
Not Synced
But the original problem wasn't actually
that the encryption was hard to use.
-
Not Synced
I think the main problem is people didn't
understand the reason
-
Not Synced
that it needed to be done
-
Not Synced
and they believed the lie that is
targetted versus mass surveillance.
-
Not Synced
And there's a big lie, and the lie is
that there is such a thing
-
Not Synced
as targeted surveillance.
-
Not Synced
In the modern era, most so-called
targetted surveillance actually happens
-
Not Synced
through mass surveillance.
-
Not Synced
They gather everything up, and then they
look through the thing
-
Not Synced
they've already seized.
-
Not Synced
And of course there are targetted,
focussed attacks.
-
Not Synced
But the main thing is that the abuse of
surveillance often happens
-
Not Synced
on an individual basis.
-
Not Synced
It also has a societal cost.
-
Not Synced
I think a lot of people really
understand that.
-
Not Synced
It's probably because I also live in
Germany now for the last two years
-
Not Synced
but I feel that German society in
particular is extremely aware
-
Not Synced
of these abuses in the modern world
-
Not Synced
and they have a historical context
that allows them to talk about it
-
Not Synced
with the rest of the world, where the
world doesn't downplay it.
-
Not Synced
So this is how other people relate to
Germany
-
Not Synced
not just about Germans relate to
each other.
-
Not Synced
And that has also been really good
for just meeting regular people
-
Not Synced
who really care about it,
-
Not Synced
and who really want to do things.
-
Not Synced
So people's parents email me,
and are like
-
Not Synced
"I want to protect my children,
-
Not Synced
what's the best way to use crypto
with them?"
-
Not Synced
You know, things like that.
-
Not Synced
And I didn't every receive emails like
that in the past
-
Not Synced
and that's to me is uplifting
and very positive.
-
Not Synced
[question]: A quick organisational question.
-
Not Synced
Right now we're live-streaming the Q&A.
Are you comfortable with that?
-
Not Synced
[Jacob]: I don't think in the last three
years I've ever had a moment
-
Not Synced
that wasn't being recorded.
-
Not Synced
[laughter, applause]
-
Not Synced
[question]: If you're fine with it, moving on...
-
Not Synced
[Jacob]: That's fine, just don't do it
when I'm trying to sleep.
-
Not Synced
[question]: I was wondering why Laura
and you ended up in Germany
-
Not Synced
because what you said about people in
Germany might be true
-
Not Synced
but I'm really ashamed about my Government
and how they dealt with ????
-
Not Synced
and they are doing nothing for this.
-
Not Synced
[Jacob]: The reason that we ended up in
Germany
-
Not Synced
is that I'd been attending
Chaos Computer Club events
-
Not Synced
for many years
-
Not Synced
and there are bunch of people that are
part of the Chaos Computer Club
-
Not Synced
who are really supportive,
and good people,
-
Not Synced
who have a stable base,
and an infrastructure.
-
Not Synced
The German hacker scene has this
phenomenon which is that
-
Not Synced
it's a part of society.
-
Not Synced
So there are people in the CCC who will
talk with the constitutional court
-
Not Synced
for example,
-
Not Synced
and that creates a much more stable
society
-
Not Synced
and those people were willing to help us.
-
Not Synced
They were willing to hold footage,
to hold encrypted data.
-
Not Synced
They were willing to help modify hardware.
-
Not Synced
There was a huge base of support where
people, even if they had fear,
-
Not Synced
they did stuff anyway.
-
Not Synced
And that support went back a long time.
-
Not Synced
And so we knew that it would be safe
to store footage for the film here.
-
Not Synced
In Berlin, not in Heidelberg, but here
in Germany.
-
Not Synced
And we knew that, of course,
there were people that would be helpful.
-
Not Synced
In the US there's a much bigger culture
of fear.
-
Not Synced
People are afraid of having their houses
raided by the police,
-
Not Synced
where there's lots of detainments at the
borders,
-
Not Synced
where there's lots of speculative arrests,
-
Not Synced
journalists that are jailed,
-
Not Synced
so the situation was not to say that
Germany was perfect.
-
Not Synced
I revealed in Der Speigel with three other
journalists that Merkel was spied on
-
Not Synced
by the NSA.
-
Not Synced
And it's clear that the Germany government
was complicit
-
Not Synced
with some of this surveillance.
-
Not Synced
But in a sort of pyramid of surveillance
there's a sort of colonialism
-
Not Synced
that takes place.
-
Not Synced
And that the NSA and GCHQ are at the top.
-
Not Synced
And the Germans are little bit below that.
-
Not Synced
The thing is that there's not a lot you
do about that.
-
Not Synced
And so even though we revealed this
about Merkel,
-
Not Synced
it's not clear what she should do.
-
Not Synced
It's not clear what anyone should do.
-
Not Synced
But one thing that was clear was that
if they wanted to break into our houses
-
Not Synced
they would do it in a way that would
cost them a lot politically.
-
Not Synced
It would be very public.
-
Not Synced
The last time someone raided someone
working with Der Speigel
-
Not Synced
was in 1962 during the Speigel affair,
-
Not Synced
and some ministers were kicked out.
-
Not Synced
You may have seen recently the
Landersverrat thing
-
Not Synced
with Netzpolitik.
-
Not Synced
The charges against them now
have been dropped.
-
Not Synced
That would never happen in the
United States.
-
Not Synced
We would not be safe.
-
Not Synced
And I still, for my investigative
journalism,
-
Not Synced
and my work with Wikileaks,
-
Not Synced
and my work with the Tor project,
-
Not Synced
I wouldn't even go back to the US,
-
Not Synced
because there's no chance that if they
wanted to do something to me
-
Not Synced
that I would have any constitutional
liberties, I think,
-
Not Synced
and the same is true of Snowden.
-
Not Synced
You just won't get that fair trial.
-
Not Synced
And we thought at least here we would
have ground to stand and fight on.
-
Not Synced
And it's exactly what happened,
and we won.
-
Not Synced
[question]: This is also about the fear
stuff that you talk about
-
Not Synced
which is in the very old days we used to
put red words in the end of every message
-
Not Synced
to make sure that it would be hard to find
the actual subversive message
-
Not Synced
among all the noise.
-
Not Synced
And you can think about the same thing
here.
-
Not Synced
Should we build our systems so that
everything gets encrypted all the time?
-
Not Synced
[Jacob]: So I have a lot of radical
suggestions for what to do,
-
Not Synced
but I'm going to talk about them tomorrow
in the keynote mostly.
-
Not Synced
But to give you an example,
if you install Debian,
-
Not Synced
you can give someone the ability to log
into the machine
-
Not Synced
over a Tor hidden service for free.
-
Not Synced
You get a free .onion when you add two
lines to a Tor configuration file.
-
Not Synced
We should make encryption not only easy
to use but also out of the box
-
Not Synced
we should have it possible to have
end-to-end reachability and connectivity,
-
Not Synced
and we should reduce the total amount
of metadata, to make it harder for people
-
Not Synced
who want to break the law, that want to
break into computers.
-
Not Synced
We should solve the problem of adversarial
versus non-adversarial forensics
-
Not Synced
so we can verify our systems with open
hardware and Free software together.
-
Not Synced
And there's a lot to be done,
but the main thing to do is to recognise
-
Not Synced
that if you have the ability to upload
to Debian,
-
Not Synced
there are literally intelligence agencies
that would like those keys.
-
Not Synced
And we have a great responsiblity to
humanity as Debian developers
-
Not Synced
to do the right thing: to build open
systems,
-
Not Synced
to build them in a way where users don't
need to understand this stuff.
-
Not Synced
There are a lot of people in the world
that will never see this film.
-
Not Synced
And we can solve the problems that this
film describes largely with Free software.
-
Not Synced
And we can do that without them knowing,
-
Not Synced
and they will be safe for us having
done that.
-
Not Synced
And if we can do that, the world will be
a better place, I think.
-
Not Synced
And I think the world is a better place
because of the efforts that were
-
Not Synced
already done in that area, that made this
possible.
-
Not Synced
The Tails project made it so that a bunch
of people
-
Not Synced
who were good at investigative journalism,
-
Not Synced
but absolutely terrible with computers,
were able to pull this off.
-
Not Synced
And that is entirely the product, in my
opinion, of Free software.
-
Not Synced
And a little bit of Laura and Glen, but
I'd say a lot of Free software.
Debconf
