1
00:00:00,000 --> 00:00:01,488
... wanted to be able to use

2
00:00:01,488 --> 00:00:03,284
Thunderbird and GnuPG together with Tor,

3
00:00:03,284 --> 00:00:04,744
and so we thought:

4
00:00:04,744 --> 00:00:07,103
oh, it would be really easy, I bet,

5
00:00:07,104 --> 00:00:09,694
to configure Thunderbird to work with Tor

6
00:00:09,703 --> 00:00:11,989
- hah - so a new Free software project
was born.

7
00:00:12,358 --> 00:00:15,533
It's a really simple thing, but basically

8
00:00:15,533 --> 00:00:17,655
it's just a package
that hooks it all together.

9
00:00:17,655 --> 00:00:20,577
So a lot of people were using Thunderbird

10
00:00:20,581 --> 00:00:23,796
and TorBirdy, and GnuPG, and Tor,

11
00:00:23,796 --> 00:00:26,031
and Debian, together for email,

12
00:00:26,050 --> 00:00:29,808
combined with Riseup as an email service.

13
00:00:30,699 --> 00:00:36,954
So it's literally a real peer to peer,
Free software driven set of things,

14
00:00:37,179 --> 00:00:39,511
actually, that made it possible.

15
00:00:48,559 --> 00:00:50,438
[question]:
So one thing I never understood about this

16
00:00:50,440 --> 00:00:53,464
process was exactly how the documents were
handled, and maybe that's because nobody

17
00:00:53,474 --> 00:00:57,561
wants to say, but, you know, did you leave
them on a server somewhere and download

18
00:00:57,580 --> 00:01:00,807
them, hand them over to people, and who
took what where, and how do you...

19
00:01:01,263 --> 00:01:04,848
in case I need to do something really
dangerous with a load of documents,

20
00:01:04,848 --> 00:01:07,764
what's the best way of doing it?

21
00:01:07,891 --> 00:01:10,879
[laughter]

22
00:01:12,758 --> 00:01:14,763
[Jacob]: Hmm!

23
00:01:16,555 --> 00:01:18,859
[audience member]: It's a good thing
this isn't being streamed.

24
00:01:19,498 --> 00:01:21,593
I'm sorry, what?

25
00:01:21,845 --> 00:01:24,789
There was a voice from god,
what did she say?

26
00:01:25,169 --> 00:01:27,261
[audience]:
I said good we aren't streaming tonight.

27
00:01:27,478 --> 00:01:30,156
Oh yeah, so hello to all of our friends

28
00:01:30,156 --> 00:01:34,133
in domestic and international
surveillance services.

29
00:01:34,819 --> 00:01:37,457
Well, so I won't answer your question,

30
00:01:37,457 --> 00:01:40,146
but since you asked the question,
it's my turn to talk.

31
00:01:40,157 --> 00:01:41,600
So what I would say is that...

32
00:01:41,616 --> 00:01:44,075
if you want to do clandestine activities

33
00:01:44,078 --> 00:01:46,161
that you fear for your life for,

34
00:01:46,171 --> 00:01:48,198
you need to really think about
the situation that you're in

35
00:01:48,198 --> 00:01:49,347
very carefully.

36
00:01:49,347 --> 00:01:51,873
And so a big part of this is
operational security

37
00:01:51,892 --> 00:01:54,102
and a big part of that is
compartmentalization.

38
00:01:54,109 --> 00:01:56,310
So certain people had access
to certain things,

39
00:01:56,319 --> 00:01:58,195
but maybe they couldn't decrypt them,

40
00:01:58,204 --> 00:02:00,968
and certain things were moved around,

41
00:02:00,972 --> 00:02:03,486
and that's on a need to know basis,

42
00:02:03,486 --> 00:02:05,067
and those people who knew,

43
00:02:05,081 --> 00:02:09,305
which is not me - I don't know anything,
I don't know what you're talking about.

44
00:02:09,845 --> 00:02:11,888
Those people knew, and then you know,

45
00:02:11,896 --> 00:02:13,427
it'll go with them to their grave.

46
00:02:13,445 --> 00:02:15,729
So if you're interested in being the next
Edward Snowden,

47
00:02:15,760 --> 00:02:17,225
you need to do your homework

48
00:02:17,247 --> 00:02:20,341
in finding people that will be able to do
the other part of it, let's say.

49
00:02:20,341 --> 00:02:22,771
But just in general, I mean

50
00:02:22,778 --> 00:02:24,826
compartmentalization is key, right.

51
00:02:24,839 --> 00:02:27,163
So it's not just for AppArmor profiles.

52
00:02:27,174 --> 00:02:30,285
So you need to think about
what you want to do.

53
00:02:30,294 --> 00:02:33,551
And I mean a big part of this
is to consider that the network itself

54
00:02:33,551 --> 00:02:36,765
is the enemy, even though it is useful
for communicating.

55
00:02:37,063 --> 00:02:40,730
So all the metadata that exists
on the network

56
00:02:40,733 --> 00:02:42,867
could have tipped people off,
could have caused

57
00:02:42,867 --> 00:02:44,363
this whole thing to fall apart.

58
00:02:44,489 --> 00:02:46,789
It really is amazing, I feel like you know

59
00:02:46,823 --> 00:02:48,150
two and half, three years ago,

60
00:02:48,150 --> 00:02:49,769
when you talk about Free software,

61
00:02:49,769 --> 00:02:51,617
and you talk about the idea of
Free software,

62
00:02:51,623 --> 00:02:55,024
and you talk about issues relating to
autonomy and privacy, and security

63
00:02:55,024 --> 00:02:57,718
you have a really different reception now
than you did then,

64
00:02:57,718 --> 00:02:58,983
and that's really what it took

65
00:02:58,983 --> 00:03:01,596
to turn the world half a degree,
or something,

66
00:03:01,618 --> 00:03:03,899
or a quarter of a degree or something.

67
00:03:04,881 --> 00:03:08,165
So I'm not going to tell you about
detailed plans for conspiracy,

68
00:03:08,178 --> 00:03:10,943
but I highly encourage you to read about
South African history,

69
00:03:10,948 --> 00:03:13,588
in particular the history of
Umkhonto we Sizwe.

70
00:03:13,598 --> 00:03:17,979
They are the clandestine communications
group for MK,

71
00:03:18,023 --> 00:03:20,881
or rather the operation who lay inside of MK,

72
00:03:20,881 --> 00:03:22,675
which is Umkhonto we Sizwe,

73
00:03:22,690 --> 00:03:25,000
and they are sort of with
the African National Congress,

74
00:03:25,000 --> 00:03:28,760
and those people have published so many
books about the revolutionary activities

75
00:03:28,762 --> 00:03:31,206
to overthrow the apartheid state.

76
00:03:31,206 --> 00:03:33,756
If you read these books, especially
the book "Operation Vula"

77
00:03:33,760 --> 00:03:36,182
and "Armed and Dangerous"
by Ronnie Kasrils

78
00:03:36,182 --> 00:03:38,705
they give you some idea about
what you need to do

79
00:03:38,715 --> 00:03:40,220
which is to compartmentalize,

80
00:03:40,220 --> 00:03:42,542
how to find people to do various tasks,
specific tasks,

81
00:03:42,549 --> 00:03:45,182
how to work on building trust
with each other, what that looks like,

82
00:03:45,182 --> 00:03:47,196
how to identify political targets,

83
00:03:47,198 --> 00:03:50,307
how you might use things
like communications technology

84
00:03:50,307 --> 00:03:53,037
to change the political topic on,

85
00:03:53,059 --> 00:03:55,286
and the discussion in general.

86
00:03:55,556 --> 00:03:59,519
And I think the best way to learn about
these things is to study previous people

87
00:03:59,519 --> 00:04:01,660
who have tried to do that kind of stuff.

88
00:04:01,732 --> 00:04:05,241
And the NSA is not the apartheid regime of
South Africa,

89
00:04:05,241 --> 00:04:06,890
but there are still lessons
to be learned there,

90
00:04:06,896 --> 00:04:10,060
so if you really want to know the answer
to that, also Che Guevara's manual

91
00:04:10,084 --> 00:04:12,104
on guerilla warfare is very interesting,

92
00:04:12,117 --> 00:04:13,774
and there's a lot of other books like that.

93
00:04:13,784 --> 00:04:15,582
I'd be happy to talk about it
with you later.

94
00:04:15,582 --> 00:04:18,236
And I have nothing to do with anything
that we may or may not have done.

95
00:04:18,547 --> 00:04:20,213
[laughter]

96
00:04:24,900 --> 00:04:28,530
[question]: Do you think there is a chance
that things may get better

97
00:04:28,545 --> 00:04:33,940
for example I know that publicly,
some programs were not extended

98
00:04:33,950 --> 00:04:37,100
but I don't know what is happening
in the background

99
00:04:37,100 --> 00:04:42,966
so maybe it's the same thing
but they are pretending that it's not

100
00:04:42,966 --> 00:04:45,193
How do you see this?

101
00:04:45,409 --> 00:04:47,713
[Jacob]: Well I think a couple of things.

102
00:04:47,724 --> 00:04:53,926
In general I think what happened, not just
with this movie but with all of these things

103
00:04:53,926 --> 00:04:56,073
is that in inspired hope,

104
00:04:56,073 --> 00:04:57,353
and the hope is very important,

105
00:04:57,361 --> 00:05:01,149
but hope is not a strategy for survival,
or for building alternatives,

106
00:05:01,149 --> 00:05:03,495
so what it has also done, is that it has
allowed us to raise the profile

107
00:05:03,510 --> 00:05:05,500
of the things which actually do
make it better.

108
00:05:05,587 --> 00:05:08,821
For example ridding ourselves of the
chains of proprietary software

109
00:05:08,821 --> 00:05:12,071
is something that's a serious discussion
with people that wouldn't have previously

110
00:05:12,078 --> 00:05:14,849
talked about Free software
because they don't care about liberty,

111
00:05:14,872 --> 00:05:16,510
they care about security.

112
00:05:16,519 --> 00:05:18,689
And even though I think those are
really simliar things,

113
00:05:18,704 --> 00:05:21,101
previously they just thought we were just
Free software hippies,

114
00:05:21,101 --> 00:05:22,402
in tie-dye shirts

115
00:05:22,416 --> 00:05:25,086
and while that may be true on the weekends
and evenings

116
00:05:25,086 --> 00:05:27,581
or with Bdale every day
[laughter]

117
00:05:27,581 --> 00:05:29,541
I think that actually does make it better

118
00:05:29,671 --> 00:05:32,768
And it also changes the dialogue, in
the sense that it's no longer reasonable

119
00:05:32,768 --> 00:05:36,947
to pretend that mass surveillance and
surveillance issues don't matter,

120
00:05:37,309 --> 00:05:39,111
because if you really go down the
rabbit-hole

121
00:05:39,111 --> 00:05:42,257
of thinking about what some of the
security services are trying to do

122
00:05:42,257 --> 00:05:45,289
it becomes obvious that we want to encrypt
everything all the time

123
00:05:45,289 --> 00:05:48,101
to beat selector-based surveillance
and dragnet-based surveillance.

124
00:05:48,187 --> 00:05:50,276
It doesn't matter if something is authenticated

125
00:05:50,276 --> 00:05:52,683
You could still trigger some action
to take place

126
00:05:52,692 --> 00:05:54,387
with these kinds of surveillance machines

127
00:05:54,393 --> 00:05:56,774
that could for example drone
strike someone,

128
00:05:56,795 --> 00:05:58,440
and so it raises that.

129
00:05:58,454 --> 00:05:59,818
And that gives me a lot of hope too,

130
00:05:59,818 --> 00:06:03,376
because people understand the root
of the problem,

131
00:06:03,376 --> 00:06:05,002
or the root of many problems

132
00:06:05,007 --> 00:06:07,090
and the root of some violence
in the world, actually.

133
00:06:07,217 --> 00:06:09,098
And so it helps us to reduce that
violence

134
00:06:09,102 --> 00:06:10,761
by getting people to acknowledge
that it's real

135
00:06:10,778 --> 00:06:12,204
and also that they care about it

136
00:06:12,204 --> 00:06:14,138
and that we care about each other.

137
00:06:14,138 --> 00:06:16,860
So that really gives me a lot of hope,
and part of that is Snowden

138
00:06:16,860 --> 00:06:18,483
and part of that is the documents

139
00:06:18,499 --> 00:06:20,276
but the other part of it is that..

140
00:06:20,401 --> 00:06:25,013
I don't want to blow it up and make it
sound like we did something

141
00:06:25,024 --> 00:06:26,630
like a big deal,

142
00:06:26,638 --> 00:06:29,911
but in a sense, Laura, Glen, myself
and a number of other people

143
00:06:29,911 --> 00:06:32,526
were really not sure we would ever be able
to travel home to our country

144
00:06:32,543 --> 00:06:34,137
that we wouldn't be arrested.

145
00:06:34,137 --> 00:06:36,487
I actually haven't been home
in over two and half years,

146
00:06:36,498 --> 00:06:38,723
well, two years and three months
or something

147
00:06:38,723 --> 00:06:41,975
I went out on a small business trip
that was supposed to last two weeks

148
00:06:41,975 --> 00:06:43,484
and then this happened

149
00:06:43,499 --> 00:06:44,893
and I've been here ever since.

150
00:06:44,893 --> 00:06:46,516
It's a really long, crazy trip.

151
00:06:46,644 --> 00:06:50,868
But the point is that that's what was
necessary to make some of these changes

152
00:06:51,035 --> 00:06:53,474
and eventually it will turn around

153
00:06:53,599 --> 00:06:54,667
and I will be able to go home,

154
00:06:54,667 --> 00:06:57,096
and Laura and Glen will be able to travel
to the US again.

155
00:06:57,098 --> 00:07:00,062
Obviously, Julian is still stuck in the
Ecuadorian embassy

156
00:07:00,062 --> 00:07:01,807
Sarah lives in exile in Berlin,

157
00:07:01,807 --> 00:07:03,048
I live in exile in Berlin,

158
00:07:03,048 --> 00:07:04,539
And Ed is in Moscow

159
00:07:04,547 --> 00:07:07,528
So we're not finished with some of
these things

160
00:07:07,533 --> 00:07:11,708
and it's also possible that we are,
the set of people I mentioned,

161
00:07:11,726 --> 00:07:15,163
the state we're in, will stay that way
forever.

162
00:07:15,248 --> 00:07:16,918
But what matters is that the rest
of the world

163
00:07:16,933 --> 00:07:19,044
can actually move on and fix some of
these problems,

164
00:07:19,044 --> 00:07:20,920
and I have a lot of hope about that.

165
00:07:21,007 --> 00:07:24,038
And I see a lot of change, that's the
really big part.

166
00:07:24,038 --> 00:07:29,795
Like I see the reproducible build stuff
that Holger and Lunar are working on.

167
00:07:29,969 --> 00:07:32,872
People really understand the root reason
for needing to do that

168
00:07:32,881 --> 00:07:34,918
and actually seems quite reasonable
to people

169
00:07:34,919 --> 00:07:37,521
who would previously have expended energy
against it,

170
00:07:37,537 --> 00:07:40,722
in support of it, so I think that's
really good.

171
00:07:40,722 --> 00:07:43,026
And there's a lot of other hopeful things.

172
00:07:43,109 --> 00:07:45,456
So I would try and be as uplifting
as possible.

173
00:07:45,485 --> 00:07:47,588
It's not just the rum!

174
00:07:50,281 --> 00:07:53,651
[question]: Near the end of the film
we saw something about another source.

175
00:07:54,066 --> 00:07:57,147
I may have been missing some news
or something

176
00:07:57,164 --> 00:08:01,038
but I don't remember anything about that
being public.

177
00:08:01,296 --> 00:08:02,943
Do you know what happened to them?

178
00:08:03,031 --> 00:08:05,633
[Jacob]: As far as I know any other
source that was mentioned in the film

179
00:08:05,639 --> 00:08:08,364
is still anonymous, and they're still free.

180
00:08:08,492 --> 00:08:11,221
I'm not exactly sure because I was not
involved in that part

181
00:08:11,230 --> 00:08:13,188
but I also saw the end of the film

182
00:08:13,199 --> 00:08:16,424
and I've seen a bunch of other reporting
which wasn't attributed to anyone in particular

183
00:08:16,552 --> 00:08:21,375
So the good news... there's an old slogan
from the Dutch hacker community, right?

184
00:08:21,547 --> 00:08:22,928
"Someone you trust is one of us,

185
00:08:22,928 --> 00:08:25,983
and the leak is higher up in the chain of
command than you"

186
00:08:26,067 --> 00:08:30,718
And I feel like that might be true again,
hopefully.

187
00:08:32,765 --> 00:08:34,856
I think that guy has a question as well.

188
00:08:34,945 --> 00:08:39,303
[question]: Part of the problem initially
was that encryption software

189
00:08:39,428 --> 00:08:42,285
was not so easy to use, right?

190
00:08:42,285 --> 00:08:44,211
And I think part of the challenge
for everyone

191
00:08:44,211 --> 00:08:47,744
was to improve on that situation
to make it better

192
00:08:47,917 --> 00:08:52,524
so I'm asking you if you've observed
any change and to the rest of the room

193
00:08:52,524 --> 00:08:56,148
have we done anything to improve on that?

194
00:08:57,049 --> 00:09:00,713
[Jacob]: I definitely think that there is
a lot of free software

195
00:09:00,713 --> 00:09:02,723
that makes encryption easier to use,

196
00:09:02,724 --> 00:09:05,620
though not always on free platforms,
which really is heart-breaking.

197
00:09:05,711 --> 00:09:09,078
For example Moxie Marlinspike has done
a really good job

198
00:09:09,165 --> 00:09:10,914
with Signal, Textsecure and Redphone

199
00:09:10,914 --> 00:09:14,030
and making end-to-end, encrypted
calling, texting, sexting,

200
00:09:14,111 --> 00:09:16,717
and whatever apps,

201
00:09:16,743 --> 00:09:19,707
sext-secure is what I think it's nicknamed

202
00:09:19,707 --> 00:09:22,417
and I'm very impressed by that,
and it works really well

203
00:09:22,417 --> 00:09:24,572
and it's something which, especially
in the last two years,

204
00:09:24,573 --> 00:09:27,517
if you have a cell-phone,
which I don't recommend

205
00:09:27,560 --> 00:09:31,044
but if you have a cell-phone,
and you put in everyone's phone number,

206
00:09:31,044 --> 00:09:34,449
a lot of people that I would classify as
non-technical people,

207
00:09:34,449 --> 00:09:37,285
that don't care about Free software
as a hobby or as a passion

208
00:09:37,285 --> 00:09:38,999
or as a profession.

209
00:09:38,999 --> 00:09:40,506
You see their names in those systems

210
00:09:40,532 --> 00:09:42,537
often more than some of the
Free software people,

211
00:09:42,539 --> 00:09:44,460
and that's really impressive to me,

212
00:09:44,482 --> 00:09:48,290
and I think there's been a huge shift
just generally about those sorts of things

213
00:09:48,290 --> 00:09:51,154
also about social responsibility,

214
00:09:51,154 --> 00:09:53,840
or people understand they have a
responsibility to other people

215
00:09:53,841 --> 00:09:57,555
to encrypt communications,
and not to put people in harm's way

216
00:09:57,555 --> 00:10:01,420
by sending unsafe stuff over
unsafe communication lines.

217
00:10:01,420 --> 00:10:04,937
So I think in my personal view it's better.

218
00:10:04,958 --> 00:10:07,903
But the original problem wasn't actually
that the encryption was hard to use.

219
00:10:07,903 --> 00:10:10,656
I think the main problem is people didn't
understand the reason

220
00:10:10,662 --> 00:10:12,572
that it needed to be done

221
00:10:12,700 --> 00:10:16,727
and they believed the lie that is
targetted versus mass surveillance.

222
00:10:16,859 --> 00:10:20,027
And there's a big lie, and the lie is
that there is such a thing

223
00:10:20,027 --> 00:10:22,236
as targeted surveillance.

224
00:10:22,363 --> 00:10:24,924
In the modern era, most so-called
targetted surveillance actually happens

225
00:10:24,924 --> 00:10:26,455
through mass surveillance.

226
00:10:26,455 --> 00:10:28,418
They gather everything up, and then they
look through the thing

227
00:10:28,431 --> 00:10:30,211
they've already seized.

228
00:10:30,211 --> 00:10:32,945
And of course there are targetted,
focussed attacks.

229
00:10:33,073 --> 00:10:36,358
But the main thing is that the abuse of
surveillance often happens

230
00:10:36,363 --> 00:10:37,805
on an individual basis.

231
00:10:37,814 --> 00:10:39,681
It also has a societal cost.

232
00:10:39,681 --> 00:10:41,816
I think a lot of people really
understand that.

233
00:10:41,904 --> 00:10:45,950
It's probably because I also live in
Germany now for the last two years

234
00:10:45,950 --> 00:10:49,511
but I feel that German society in
particular is extremely aware

235
00:10:49,511 --> 00:10:52,012
of these abuses in the modern world

236
00:10:52,019 --> 00:10:55,299
and they have a historical context
that allows them to talk about it

237
00:10:55,318 --> 00:10:58,279
with the rest of the world, where the
world doesn't downplay it.

238
00:10:58,279 --> 00:10:59,948
So this is how other people relate to
Germany

239
00:10:59,961 --> 00:11:02,681
not just about Germans relate to
each other.

240
00:11:02,853 --> 00:11:06,390
And that has also been really good
for just meeting regular people

241
00:11:06,390 --> 00:11:07,885
who really care about it,

242
00:11:07,898 --> 00:11:09,122
and who really want to do things.

243
00:11:09,139 --> 00:11:10,875
So people's parents email me,
and are like

244
00:11:10,880 --> 00:11:12,477
"I want to protect my children,

245
00:11:12,477 --> 00:11:14,939
what's the best way to use crypto
with them?"

246
00:11:14,939 --> 00:11:16,505
You know, things like that.

247
00:11:16,505 --> 00:11:19,450
And I didn't ever receive emails like
that in the past

248
00:11:19,468 --> 00:11:23,504
and that's to me is uplifting
and very positive.

249
00:11:25,041 --> 00:11:27,748
[question]: A quick organisational question.

250
00:11:27,770 --> 00:11:30,497
Right now we're live-streaming the Q&amp;A.
Are you comfortable with that?

251
00:11:30,668 --> 00:11:33,242
[Jacob]: I don't think in the last three
years I've ever had a moment

252
00:11:33,242 --> 00:11:36,092
that wasn't being recorded.

253
00:11:36,538 --> 00:11:39,324
[laughter, applause]

254
00:11:41,095 --> 00:11:43,056
[question]: If you're fine with it, moving on...

255
00:11:43,726 --> 00:11:47,512
[Jacob]: That's fine, just don't do it
when I'm trying to sleep.

256
00:11:48,148 --> 00:11:51,460
[question]: I was wondering why Laura
and you ended up in Germany

257
00:11:51,460 --> 00:11:54,861
because what you said about people in
Germany might be true

258
00:11:54,861 --> 00:12:00,612
but I'm really ashamed about my Government,
how they dealt with spying the chancellor,

259
00:12:00,612 --> 00:12:04,153
and anything... they are doing nothing for this.

260
00:12:04,451 --> 00:12:07,692
[Jacob]: The reason that we ended up in
Germany

261
00:12:07,697 --> 00:12:10,850
is that I'd been attending
Chaos Computer Club events

262
00:12:10,868 --> 00:12:12,728
for many years

263
00:12:12,730 --> 00:12:15,241
and there are bunch of people that are
part of the Chaos Computer Club

264
00:12:15,251 --> 00:12:17,122
who are really supportive,
and good people,

265
00:12:17,137 --> 00:12:19,299
who have a stable base,
and an infrastructure.

266
00:12:19,427 --> 00:12:24,638
The German hacker scene has this
phenomenon which is that

267
00:12:24,659 --> 00:12:27,071
it's a part of society.

268
00:12:27,390 --> 00:12:30,479
So there are people in the CCC who will
talk with the constitutional court

269
00:12:30,479 --> 00:12:31,892
for example,

270
00:12:31,901 --> 00:12:34,480
and that creates a much more stable
civil society

271
00:12:34,480 --> 00:12:36,196
and those people were willing to help us.

272
00:12:36,205 --> 00:12:38,627
They were willing to hold footage,
to hold encrypted data.

273
00:12:38,646 --> 00:12:41,616
They were willing to help modify hardware.

274
00:12:41,622 --> 00:12:44,855
There was a huge base of support where
people, even if they had fear,

275
00:12:44,855 --> 00:12:47,070
they did stuff anyway.

276
00:12:47,121 --> 00:12:49,894
And that support went back a long time.

277
00:12:49,907 --> 00:12:52,965
And so we knew that it would be safe
to store footage for the film here.

278
00:12:52,971 --> 00:12:56,234
In Berlin, not in Heidelberg, but here
in Germany.

279
00:12:56,234 --> 00:13:00,520
And we knew that, of course,
there were people that would be helpful.

280
00:13:00,598 --> 00:13:03,334
In the US there's a much bigger culture
of fear.

281
00:13:03,421 --> 00:13:06,033
People are afraid of having their houses
raided by the police,

282
00:13:06,038 --> 00:13:08,118
where there's lots of detainments at the
borders,

283
00:13:08,126 --> 00:13:10,079
where there's lots of speculative arrests,

284
00:13:10,079 --> 00:13:11,853
journalists that are jailed,

285
00:13:11,853 --> 00:13:15,196
so the situation was not to say that
Germany was perfect.

286
00:13:15,327 --> 00:13:18,994
I revealed in Der Spiegel with three other
journalists that Merkel was spied on

287
00:13:19,019 --> 00:13:20,363
by the NSA.

288
00:13:20,369 --> 00:13:22,191
And it's clear that the Germany government
was complicit

289
00:13:22,191 --> 00:13:23,848
with some of this surveillance.

290
00:13:23,848 --> 00:13:27,011
But in a sort of pyramid of surveillance
there's a sort of colonialism

291
00:13:27,022 --> 00:13:28,409
that takes place.

292
00:13:28,426 --> 00:13:30,944
And that the NSA and GCHQ are at the top.

293
00:13:30,951 --> 00:13:33,374
And the Germans are little bit below that.

294
00:13:33,378 --> 00:13:37,225
The thing is that there's not a lot you
can do about that.

295
00:13:37,225 --> 00:13:38,955
And so even though we revealed this
about Merkel,

296
00:13:38,972 --> 00:13:40,680
it's not clear what she should do.

297
00:13:40,683 --> 00:13:42,258
It's not clear what anyone should do.

298
00:13:42,258 --> 00:13:45,406
But one thing that was clear was that
if they wanted to break into our houses

299
00:13:45,406 --> 00:13:49,504
they would do it in a way that would
cost them a lot politically.

300
00:13:49,504 --> 00:13:50,919
It would be very public.

301
00:13:51,048 --> 00:13:53,138
The last time someone raided someone
working with Der Spiegel

302
00:13:53,154 --> 00:13:55,780
was in 1962 during the Spiegel affair,

303
00:13:55,780 --> 00:13:57,786
and some ministers were kicked out.

304
00:13:57,876 --> 00:14:00,346
You may have seen recently the
Landesverrat thing

305
00:14:00,346 --> 00:14:01,718
with Netzpolitik.

306
00:14:01,718 --> 00:14:04,319
The charges against them now
have been dropped.

307
00:14:04,444 --> 00:14:06,537
That would never happen in the
United States.

308
00:14:06,619 --> 00:14:07,944
We would not be safe.

309
00:14:08,025 --> 00:14:09,815
And I still, for my investigative
journalism,

310
00:14:09,861 --> 00:14:11,436
and my work with Wikileaks,

311
00:14:11,486 --> 00:14:12,718
and my work with the Tor project,

312
00:14:12,730 --> 00:14:14,510
I wouldn't even go back to the US,

313
00:14:14,537 --> 00:14:16,687
because there's no chance that if they
wanted to do something to me

314
00:14:16,717 --> 00:14:20,828
that I would have any constitutional
liberties, I think,

315
00:14:20,846 --> 00:14:22,621
and the same is true of Snowden.

316
00:14:22,643 --> 00:14:24,457
You just won't get that fair trial.

317
00:14:24,472 --> 00:14:27,998
And we thought at least here we would
have ground to stand and fight on.

318
00:14:28,016 --> 00:14:30,427
And it's exactly what happened,
and we won.

319
00:14:33,651 --> 00:14:35,885
[question]: This is also about the fear
stuff that you talk about

320
00:14:35,885 --> 00:14:41,947
which is in the very old days we used to
put red words in the end of every message

321
00:14:41,974 --> 00:14:45,913
to make sure that it would be hard to find
the actual subversive message

322
00:14:45,913 --> 00:14:47,912
among all the noise.

323
00:14:47,912 --> 00:14:49,544
And you can think about the same thing
here.

324
00:14:49,716 --> 00:14:55,384
Should we build our systems so that
everything gets encrypted all the time?

325
00:14:56,430 --> 00:14:59,029
[Jacob]: So I have a lot of radical
suggestions for what to do,

326
00:14:59,029 --> 00:15:01,165
but I'm going to talk about them tomorrow
in the keynote mostly.

327
00:15:01,172 --> 00:15:03,928
But to give you an example,
when you install Debian,

328
00:15:03,953 --> 00:15:06,325
you can give someone the ability to log
into the machine

329
00:15:06,337 --> 00:15:07,899
over a Tor hidden service for free.

330
00:15:07,917 --> 00:15:12,250
You get a free .onion when you add two
lines to a Tor configuration file.

331
00:15:12,284 --> 00:15:15,532
We should make encryption not only easy
to use but out of the box

332
00:15:15,532 --> 00:15:19,504
we should have it possible to have
end-to-end reachability and connectivity,

333
00:15:19,527 --> 00:15:23,899
and we should reduce the total amount
of metadata, to make it harder for people

334
00:15:23,916 --> 00:15:26,374
who want to break the law, that want to
break into computers.

335
00:15:26,375 --> 00:15:30,724
We should solve the problem of adversarial
versus non-adversarial forensics

336
00:15:30,731 --> 00:15:36,315
so we can verify our systems with open
hardware and Free software together.

337
00:15:36,396 --> 00:15:39,302
And there's a lot to be done,
but the main thing to do is to recognise

338
00:15:39,307 --> 00:15:43,049
that if you have the ability to upload
to Debian,

339
00:15:43,393 --> 00:15:46,167
there are literally intelligence agencies
that would like those keys.

340
00:15:46,186 --> 00:15:49,362
And we have a great responsiblity to
humanity as Debian developers

341
00:15:49,362 --> 00:15:51,572
to do the right thing: to build open
systems,

342
00:15:51,572 --> 00:15:55,258
to build them in a way where users don't
need to understand this stuff.

343
00:15:55,427 --> 00:15:58,071
There are a lot of people in the world
that will never see this film.

344
00:15:58,204 --> 00:16:02,977
And we can solve the problems that this
film describes largely with Free software.

345
00:16:03,036 --> 00:16:04,728
And we can do that without them knowing,

346
00:16:04,728 --> 00:16:06,778
and they will be safe for us having
done that.

347
00:16:06,779 --> 00:16:10,021
And if we can do that, the world will be
a better place, I think.

348
00:16:10,021 --> 00:16:12,368
And I think the world is a better place
because of the efforts that were

349
00:16:12,452 --> 00:16:15,485
already done in that area, that made this
possible.

350
00:16:15,485 --> 00:16:17,647
The Tails project made it so that a bunch
of people

351
00:16:17,647 --> 00:16:19,573
who were good at investigative journalism,

352
00:16:19,588 --> 00:16:23,759
but absolutely terrible with computers,
were able to pull this off.

353
00:16:23,933 --> 00:16:27,252
And that is entirely the product, in my
opinion, of Free software.

354
00:16:27,252 --> 00:16:32,677
And a little bit of Laura and Glen, but
I'd say a lot of Free software.

355
00:16:34,302 --> 00:16:36,205
[question]: How many people do you think
NSA has

356
00:16:36,205 --> 00:16:38,995
working within the Debian community?

357
00:16:39,889 --> 00:16:43,601
[laughter, applause]

358
00:16:45,309 --> 00:16:49,302
[Jacob]: Well, I looked in the Snowden
archive about that actually.

359
00:16:52,813 --> 00:16:55,527
[laughter, applause]

360
00:16:56,640 --> 00:17:03,341
Yeah. And as far as I can tell Debian is
not a high priority target for them.

361
00:17:03,685 --> 00:17:05,927
I mean they write exploits for all sort
of stuff

362
00:17:05,927 --> 00:17:10,683
but I never found any systematic attempt
to compromise or harm the Debian project.

363
00:17:10,696 --> 00:17:14,561
But obviously there are people who are
paid by the NSA to infiltrate communities,

364
00:17:14,561 --> 00:17:16,993
and that's why we have to open transparent
processes

365
00:17:16,993 --> 00:17:21,044
so that if those people behave badly,
we have an audit trail.

366
00:17:21,044 --> 00:17:23,211
We won't ever stop that kind of stuff,

367
00:17:23,211 --> 00:17:25,178
but what matters
is that people do good things.

368
00:17:25,178 --> 00:17:28,587
It doesn't matter who they do bad things
for as long as we can correct those things

369
00:17:28,587 --> 00:17:31,019
and/or catch them and stop them before
it happens.

370
00:17:31,019 --> 00:17:33,111
But as far as I know there are only a
couple of people that have ever

371
00:17:33,111 --> 00:17:36,176
been associated with the NSA in the
Debian community.

372
00:17:36,176 --> 00:17:39,933
But I think we shouldn't get paranoid
about it,

373
00:17:39,933 --> 00:17:41,600
but we should just be prudent about our
processes,

374
00:17:41,600 --> 00:17:43,947
because there are lots of intelligence
services around the world

375
00:17:43,947 --> 00:17:47,147
that do not like the values of a
universal operating system,

376
00:17:47,147 --> 00:17:50,902
so I don't think it's super-important to
look, but I did actually look,

377
00:17:50,902 --> 00:17:54,695
very specifically for a whole bunch of
people in the Debian community

378
00:17:54,695 --> 00:17:58,027
to see if any of them also were being
paid by the NSA

379
00:17:58,027 --> 00:18:01,613
and I didn't find any serious thing that
raised concern,

380
00:18:01,613 --> 00:18:03,783
and if I did, I would have...

381
00:18:03,783 --> 00:18:07,541
I mean, there were lots of things I found
in the archive that I immediately

382
00:18:07,541 --> 00:18:09,333
notified security teams about.

383
00:18:09,333 --> 00:18:14,112
Where I worked along with many other
people to actually fix those things.

384
00:18:14,112 --> 00:18:18,546
And one of those things, if we had found
them, like infiltrators in Debian,

385
00:18:18,546 --> 00:18:20,769
I absolutely would have just told people
about it.

386
00:18:20,769 --> 00:18:23,408
The problem is that a lot of the
journalists don't want to do that

387
00:18:23,408 --> 00:18:26,263
because there's a ten year felony
where you go to prison -

388
00:18:26,263 --> 00:18:28,185
a federal American prison, for
ten years -

389
00:18:28,322 --> 00:18:30,202
if you reveal the name of an agent.

390
00:18:30,599 --> 00:18:31,923
So there's a tension there,

391
00:18:31,923 --> 00:18:34,440
but I think that there's something
to be said,

392
00:18:34,652 --> 00:18:36,655
if they're actually actively harming the
community

393
00:18:36,655 --> 00:18:37,851
and they're committing a crime,

394
00:18:37,851 --> 00:18:39,470
I think there's something to be said
about that.

395
00:18:39,470 --> 00:18:40,921
So if I found that I think it would be
worthwhile,

396
00:18:40,921 --> 00:18:43,144
but just so you know, there's this
high cost.

397
00:18:43,144 --> 00:18:45,362
So if there were people in the agency
now,

398
00:18:45,362 --> 00:18:48,647
because they say that we used Tails, and
Debian, and they wanted to subvert it,

399
00:18:48,647 --> 00:18:52,015
there's a really really high bar for
punishment.

400
00:18:52,015 --> 00:18:55,132
Which suggests that maybe people
won't tell you.

401
00:18:55,132 --> 00:18:59,055
So we need to sort of bank on the fact
that we'll never know,

402
00:18:59,055 --> 00:19:02,766
but we don't need to know, as long as we
have good processes

403
00:19:02,766 --> 00:19:04,390
that would catch bad behaviour.

404
00:19:04,390 --> 00:19:06,181
And that's one of the strengths of Debian.

405
00:19:06,181 --> 00:19:08,739
There are very few operating systems,
I think,

406
00:19:08,739 --> 00:19:10,830
and just in general Free software
communities,

407
00:19:10,830 --> 00:19:14,759
that are as diverse, and committed to the
openness and the Free software nature

408
00:19:14,759 --> 00:19:17,742
of this kind of a project,

409
00:19:17,742 --> 00:19:20,985
and so it's very important to state that.

410
00:19:21,922 --> 00:19:24,824
But I do think one of the things that will
happen in the future at some point

411
00:19:24,824 --> 00:19:28,067
is that you'll start to find people in the
Debian community that are pressured

412
00:19:28,067 --> 00:19:29,645
by other people to do bad things

413
00:19:29,645 --> 00:19:31,866
so we need to set up processes that will
stop that,

414
00:19:31,866 --> 00:19:34,296
to create an incentive for that
not happening.

415
00:19:35,022 --> 00:19:37,240
But it's really tough,

416
00:19:37,926 --> 00:19:40,274
so I think that openness, transparency
and accountability are the ways that

417
00:19:40,274 --> 00:19:43,772
we can combat that, because otherwise
we won't really be able to solve it.

418
00:19:44,881 --> 00:19:47,182
But don't be paranoid, is the other thing.

419
00:19:47,309 --> 00:19:49,699
They really are out to get you,
so be prepared.

420
00:19:50,430 --> 00:19:56,487
[laughter, applause]

421
00:20:00,796 --> 00:20:05,999
[question]: I'm just wondering how trust
was established

422
00:20:05,999 --> 00:20:09,628
because I'm just realizing that
this community,

423
00:20:09,628 --> 00:20:14,532
for you to verify your public key and even
fingerprint is like,

424
00:20:14,532 --> 00:20:16,113
you have you produce your passport,

425
00:20:16,113 --> 00:20:19,613
so I'm wondering how Laura managed to
exchange her keys with Snowden

426
00:20:19,613 --> 00:20:23,071
and make sure that they were really
talking to the right person.

427
00:20:23,843 --> 00:20:28,019
[Jacob]: Well, they had a whole sort of
dance for doing key exchange.

428
00:20:28,019 --> 00:20:32,749
I think it was a little bit luck, and a
little bit transitive trust,

429
00:20:32,749 --> 00:20:35,101
there's a little bit of the web of trust,

430
00:20:35,101 --> 00:20:36,457
and it worked pretty well.

431
00:20:36,719 --> 00:20:41,332
I mean, I don't think that the key-signing
stuff that Debian does is anything close

432
00:20:41,332 --> 00:20:42,907
to what they were doing.

433
00:20:42,907 --> 00:20:45,939
They just wanted to make sure that the
keys they had were the right keys,

434
00:20:45,939 --> 00:20:47,687
and that they weren't compromised,

435
00:20:47,687 --> 00:20:50,075
and that then they would change things.

436
00:20:50,075 --> 00:20:51,355
There was a point in the movie where they
said:

437
00:20:51,355 --> 00:20:55,875
"let's disassociate our meta-data
one more time"

438
00:20:55,875 --> 00:20:58,951
And what that means is they changed all
of the identifiers that are visible

439
00:20:58,951 --> 00:21:04,158
to the network, new keys, new email
addresses, new Tor circuit, etc

440
00:21:04,158 --> 00:21:07,611
and this is like a key consistency thing,

441
00:21:07,611 --> 00:21:11,358
where they had the right key to begin with
and they continued to rotate over to new keys.

442
00:21:11,358 --> 00:21:13,411
This is also sometimes called TOFU.

443
00:21:13,411 --> 00:21:15,848
This is, I think, weaker than the
web of trust,

444
00:21:15,848 --> 00:21:19,345
but a lot easier for people to do, and
very easy to explain,

445
00:21:19,345 --> 00:21:20,841
and it worked out pretty well.

446
00:21:20,841 --> 00:21:25,190
It doesn't scale really well, but it has a
separate good side

447
00:21:25,190 --> 00:21:28,985
which is the web of trust explicitly names
a web of co-conspirators.

448
00:21:28,985 --> 00:21:31,377
And so you don't want that feature.

449
00:21:31,377 --> 00:21:33,386
It's useful for something like Debian;

450
00:21:33,386 --> 00:21:36,067
it's not useful for clandestine
conspiracies to commit

451
00:21:36,067 --> 00:21:37,949
investigative journalism.

452
00:21:37,949 --> 00:21:39,997
[laughter]

453
00:21:41,746 --> 00:21:44,137
Lots of questions, this is great.

454
00:21:44,771 --> 00:21:51,857
[question]: Somebody working on Tails told
me that the NSA has a file on every DD.

455
00:21:52,323 --> 00:21:54,246
Is that true, do you know?

456
00:21:54,673 --> 00:21:57,101
[Jacob]: Okay, so when you balance your
check-book,

457
00:21:57,101 --> 00:21:58,941
just to answer your question in a really
strange way,

458
00:21:58,941 --> 00:22:00,945
when you balance your check-book,
or you balance your bank account,

459
00:22:00,945 --> 00:22:03,630
and you think this is how much my rent is,
this is how much food is,

460
00:22:03,630 --> 00:22:06,401
this is how much I have to spend on some
new hardware,

461
00:22:06,401 --> 00:22:09,688
you think about money in an
individual way.

462
00:22:10,502 --> 00:22:13,187
But if you think about is as a state, the
way a state thinks about money.

463
00:22:13,187 --> 00:22:16,302
They don't balance budgets the same
way that you do.

464
00:22:16,302 --> 00:22:18,225
They think about long-term investments
very differently.

465
00:22:18,225 --> 00:22:19,759
They have other people's money.

466
00:22:19,759 --> 00:22:21,719
It's a whole different way of managing it.

467
00:22:21,719 --> 00:22:27,291
And the NSA is not the Stasi. So it's not
that you have to worry about

468
00:22:27,420 --> 00:22:29,784
them having a file on you, or every Debian
developer,

469
00:22:30,197 --> 00:22:32,626
but rather there exist some laws in the
United States that say

470
00:22:32,626 --> 00:22:35,781
for cyber-security purposes, you don't
have constitutional rights

471
00:22:35,781 --> 00:22:37,707
and based on your accent, you weren't
an American anyway,

472
00:22:37,707 --> 00:22:39,753
and you aren't in America,

473
00:22:39,753 --> 00:22:41,970
so you don't have any rights at all,
anyway, according to them.

474
00:22:41,970 --> 00:22:44,186
They're just allowed to do whatever they
want to you,

475
00:22:44,186 --> 00:22:46,280
up to and including murdering you, with
the CIA.

476
00:22:46,280 --> 00:22:49,180
That's what they do with drones; that was
at the very end of the movie.

477
00:22:49,735 --> 00:22:52,165
So it's not that they have a file on you.

478
00:22:52,339 --> 00:22:56,179
It's that they have giant databases full
of information on all of us,

479
00:22:56,179 --> 00:22:59,550
and then when they're interested in you,
pull up all your data,

480
00:22:59,550 --> 00:23:01,299
and associative data,

481
00:23:01,299 --> 00:23:03,348
and then they use that, and sometimes
they use it to target you,

482
00:23:03,348 --> 00:23:06,246
to break into your machines,
or to find people to exert pressure on,

483
00:23:06,246 --> 00:23:08,378
or to do psychological manipulation on.

484
00:23:08,378 --> 00:23:10,892
All that stuff, they do all of those
things.

485
00:23:10,892 --> 00:23:12,774
And so it's not that they have one file
on you.

486
00:23:12,774 --> 00:23:16,101
Though maybe, it depends, if you work on
a critical package like the Linux kernel

487
00:23:16,101 --> 00:23:20,756
they might be more interested in you
than if you work on something else.

488
00:23:20,756 --> 00:23:25,402
I don't want to denigrate anyone's work,
but they have very specific focuses,

489
00:23:25,402 --> 00:23:29,065
and so they definitely are interested in
being able to compromise systems, right?

490
00:23:29,920 --> 00:23:36,316
And so you may also have a file, but it's
really the meta list that's the new way

491
00:23:36,316 --> 00:23:37,470
of thinking about it.

492
00:23:37,470 --> 00:23:40,755
And in some senses I think that's actually
scarier, because they just hoover up

493
00:23:40,755 --> 00:23:43,019
everything, all across the whole Internet,

494
00:23:43,019 --> 00:23:46,134
and things that are interesting, then
they have them.

495
00:23:46,134 --> 00:23:49,202
And depending on what interesting
things are there, they maybe

496
00:23:49,202 --> 00:23:51,504
put those in a database that lasts
for ever,

497
00:23:51,504 --> 00:23:53,469
or maybe it's just around for 30 days,

498
00:23:53,469 --> 00:23:56,889
or maybe its full content for 9 days,
or something like that.

499
00:23:57,608 --> 00:23:59,830
And then of course if you are a person of
interest

500
00:23:59,830 --> 00:24:02,686
they do do the same stuff that the Stasi
does,

501
00:24:02,686 --> 00:24:06,014
they do that Zersetzung stuff, if you're
familiar with this German term,

502
00:24:06,014 --> 00:24:11,050
disintegration, they do that kind of
stuff, along with JTRIG, from GCHQ,

503
00:24:11,050 --> 00:24:16,042
so they harass people, blackmail them,
do all sorts of really nasty stuff.

504
00:24:16,509 --> 00:24:20,005
And they do that also, so both of those
things.

505
00:24:20,651 --> 00:24:23,210
So again, I don't think you should be
paranoid, you should encrypt your stuff,

506
00:24:23,210 --> 00:24:24,747
and help people do the same,

507
00:24:24,747 --> 00:24:28,966
and know that in a democratic society with
a secret political police,

508
00:24:28,966 --> 00:24:31,953
the right place to be is in their
database, right?

509
00:24:31,953 --> 00:24:34,045
You should be proud of being surveilled
by them,

510
00:24:34,045 --> 00:24:35,665
it means you're doing the right thing.

511
00:24:36,650 --> 00:24:41,727
[laughter, applause]

512
00:24:43,174 --> 00:24:44,883
Nonetheless, we should stop them.

513
00:24:48,895 --> 00:24:53,843
[question]: I'm curious about your views
about Snowden actually coming out

514
00:24:53,843 --> 00:24:55,634
and saying he was the whistleblower,

515
00:24:55,634 --> 00:24:59,004
because I know, when he came out,
I had some fierce discussion

516
00:24:59,004 --> 00:25:01,613
with friends about it, so I wanted to know
what you thought about it.

517
00:25:01,613 --> 00:25:03,102
[Jacob]: What do you mean came out?

518
00:25:03,102 --> 00:25:06,516
[question]: He said I'm Edward Snowden,
I'm the whistle-blower, here I am,

519
00:25:06,516 --> 00:25:10,139
instead of just being anonymous the
whole way, just sending files to people.

520
00:25:11,248 --> 00:25:13,680
[Jacob]: Well, I think the main thing is
that it's about control of

521
00:25:13,680 --> 00:25:15,429
your own narrative, right?

522
00:25:15,429 --> 00:25:19,654
I mean if we could have done everything
here anonymous, and gotten away with it,

523
00:25:19,654 --> 00:25:20,980
would that have made the same impact

524
00:25:20,980 --> 00:25:24,948
in getting other people to come forward
even if they maintain their anonymity?

525
00:25:24,948 --> 00:25:27,802
So I think that what Snowden did, what's
beautiful about it,

526
00:25:27,832 --> 00:25:30,506
is that he basically did enough,

527
00:25:31,243 --> 00:25:32,951
where he could then survive.

528
00:25:33,118 --> 00:25:36,236
Our job now for the most part, a very
good friend told me,

529
00:25:36,236 --> 00:25:39,221
he's a little bit of a fatalist, he said:

530
00:25:39,221 --> 00:25:43,232
your job, Laura's job, Glen's job,
Snowden's job, your job now is

531
00:25:43,232 --> 00:25:44,897
just to survive.

532
00:25:44,897 --> 00:25:47,371
That's all that you need to do now.
You don't need to do anything else.

533
00:25:47,371 --> 00:25:51,804
You should go do other things, like
drink a glass of wine, relax, be happy,

534
00:25:51,804 --> 00:25:54,751
have a nice life, but just survive,

535
00:25:54,929 --> 00:25:58,732
so other people can see that you do the
right thing, and even though you could have

536
00:25:59,156 --> 00:26:02,230
done more, you did enough,
and you lived through it.

537
00:26:02,230 --> 00:26:06,198
And so Snowden coming out and telling us
all of these things, I mean,

538
00:26:06,198 --> 00:26:09,862
there are really powerful people saying
he should be assassinated, right,

539
00:26:09,862 --> 00:26:13,921
hung by the neck until dead, was what one
of the CIA people said.

540
00:26:13,921 --> 00:26:17,244
So he probably could have continued to be
anonymous for a while,

541
00:26:17,244 --> 00:26:20,449
but imagine if the NSA had got to reveal
his identity.

542
00:26:20,449 --> 00:26:23,884
How would that have been framed, what
would the first impression have been?

543
00:26:23,884 --> 00:26:27,719
I think they called him a narcissist, and
they called him all these terrible names.

544
00:26:27,719 --> 00:26:32,974
And it didn't really stick, because he
basically said "come at me bro',

545
00:26:33,396 --> 00:26:37,746
I'm ready, and you can do your worst,
but you can't get rid of the facts,

546
00:26:37,746 --> 00:26:39,155
so let's talk about the facts."

547
00:26:39,155 --> 00:26:42,403
And I think the timing of how he did that
is good, because people really cared

548
00:26:42,612 --> 00:26:45,853
about the issues, but he also recognized
that it was a matter of time,

549
00:26:45,853 --> 00:26:50,891
the NSA police went to his house, they
really bothered his family,

550
00:26:50,891 --> 00:26:54,777
they've done that with my family as well,
other people's families have had trouble.

551
00:26:55,283 --> 00:26:59,553
So I think it's tough, because I
think he probably would have liked to have

552
00:26:59,553 --> 00:27:03,198
been able to not have that happen, but 
there comes a point at which

553
00:27:03,198 --> 00:27:05,287
you're the person who has access to all 
that information

554
00:27:05,287 --> 00:27:06,865
and they're going to figure it out.

555
00:27:06,865 --> 00:27:11,517
No amount of anonymity, I think, will
last forever, but it can buy you time.

556
00:27:11,517 --> 00:27:14,508
He got exactly the amount of time
he needed.

557
00:27:15,062 --> 00:27:17,663
The really sad part about him coming out
in public when he did, though, was that

558
00:27:17,663 --> 00:27:21,247
he got stuck in Russia, because my
government cancelled his passport.

559
00:27:21,247 --> 00:27:23,681
I think mostly for propaganda reasons.

560
00:27:23,681 --> 00:27:28,329
Because in the United States, we denigrate
all things relating to Russia.

561
00:27:28,329 --> 00:27:29,781
And there are lots of problems with
Russia,

562
00:27:29,781 --> 00:27:32,256
and especially with Vladimir Putin,

563
00:27:32,256 --> 00:27:36,695
but at the same time that seems to be the
only country that was willing to uphold

564
00:27:36,695 --> 00:27:38,441
his fundamental liberties.

565
00:27:38,441 --> 00:27:41,171
I went to the Council of Europe, and to
the European Parliament,

566
00:27:41,171 --> 00:27:44,670
to the German Parliament, to the French,
sort of to the French Parliament,

567
00:27:44,670 --> 00:27:48,297
they didn't really want to meet with me,
but also to the Austrian Parliament,

568
00:27:48,297 --> 00:27:49,963
and to a number of other places,

569
00:27:49,963 --> 00:27:53,380
and everyone said, oh, we would really
live to help anybody who needs help,

570
00:27:53,380 --> 00:27:55,253
oh it's Edward Snowden, never mind.

571
00:27:55,975 --> 00:27:57,813
[laughter]

572
00:27:57,941 --> 00:28:02,527
And so though I have a lot of critiques
on Russia, the propaganda aspect of it

573
00:28:02,527 --> 00:28:04,657
was very damaging for him to be stuck
in Russia,

574
00:28:04,657 --> 00:28:08,242
but on the other hand, he's still alive,
and he's still mostly free.

575
00:28:08,242 --> 00:28:12,300
And they recognized his right to
seek and to receive asylum.

576
00:28:12,857 --> 00:28:15,331
So there's a lot of trade-offs to think
identifying one's self,

577
00:28:15,331 --> 00:28:17,807
and if you were thinking about being
the next Snowden,

578
00:28:18,300 --> 00:28:19,460
or helping Snowden,
or something like that,

579
00:28:20,384 --> 00:28:22,647
you really have to think that, you really
have to think this out many steps ahead,

580
00:28:22,647 --> 00:28:25,808
and it's easy to stay, oh he should have
just stayed anonymous and

581
00:28:25,808 --> 00:28:27,556
nobody would have figured it out,

582
00:28:27,556 --> 00:28:31,476
but that's very clearly not planning for
the case that they do figure it out,

583
00:28:31,476 --> 00:28:33,272
and then they're going to be in control
of the narrative,

584
00:28:33,272 --> 00:28:37,750
and in that case, I think you are better
off to do what he did,

585
00:28:37,853 --> 00:28:40,156
and he did so quite reluctantly.

586
00:28:40,411 --> 00:28:43,481
He's not an egoist, or an narcissist,
he's actually a really shy guy

587
00:28:43,481 --> 00:28:44,762
from what I can tell.

588
00:28:44,762 --> 00:28:48,644
I don't know exactly what conversation
you and your friend had,

589
00:28:48,644 --> 00:28:52,826
but I would suspect that the notion is
that people are more powerful

590
00:28:52,826 --> 00:28:53,875
when anonymous.

591
00:28:53,875 --> 00:28:55,966
And that is true sometimes,
but not always,

592
00:28:55,966 --> 00:28:58,484
and it's important to remember that
the anonymity technology is there

593
00:28:58,484 --> 00:29:01,004
so you have a choice, not a requirement.

594
00:29:01,004 --> 00:29:03,647
And that choice is sometimes
counter-intuitive,

595
00:29:03,647 --> 00:29:06,380
but I think he did the right thing in
this way, and I wish that my government

596
00:29:06,380 --> 00:29:09,022
had done the right thing by him as well,
but they did not.

597
00:29:09,022 --> 00:29:12,123
[question]: So there are lot of questions,
do you want to keep going on,

598
00:29:12,132 --> 00:29:13,489
shall we get in a little Mate?

599
00:29:14,556 --> 00:29:17,747
[Jacob]: I would love some of that rum.

600
00:29:17,747 --> 00:29:22,724
I think I have to GRsec, right?
GRsec kernel.

601
00:29:22,724 --> 00:29:24,127
And then rum appears. Rum as a service.

602
00:29:26,385 --> 00:29:29,909
[applause]

603
00:29:32,902 --> 00:29:36,906
I'm really happy to keep taking questions,
because to me, what I want is

604
00:29:36,906 --> 00:29:41,571
for every person in this room to feel
a part of this, because you really are.

605
00:29:41,571 --> 00:29:44,845
A lot of the people I've met in this
community really inspire me to action,

606
00:29:44,845 --> 00:29:48,850
and it's important to understand that
really, it would not have been possible

607
00:29:48,850 --> 00:29:50,094
without Debian.

608
00:29:50,094 --> 00:29:54,246
For example debootstrap - really important
tool, right?

609
00:29:54,246 --> 00:29:58,570
With weasel's packaging of Tor, it allowed
us to have bootstraps of things,

610
00:29:58,570 --> 00:29:59,937
it allowed us to build things,

611
00:29:59,937 --> 00:30:02,494
and using Free software really was
helpful,

612
00:30:02,494 --> 00:30:04,890
so if you guys have any questions at all,

613
00:30:04,890 --> 00:30:08,392
really each and every person that helps
with Debian should just know

614
00:30:08,392 --> 00:30:09,863
that you are a part of that,

615
00:30:09,863 --> 00:30:12,362
and I'm just happy to talk for as long as
you want, basically,

616
00:30:12,362 --> 00:30:14,163
to answer all of your questions,

617
00:30:14,163 --> 00:30:16,458
except the ones that put me in prison.
Thanks.

618
00:30:16,458 --> 00:30:18,384
[laughter]

619
00:30:19,434 --> 00:30:23,805
[question]: I just wanted to make a quick
note about the question

620
00:30:23,805 --> 00:30:26,075
"do they have a file on me?"

621
00:30:26,075 --> 00:30:30,168
From all I've read so far, it's just that
they're doing the thing

622
00:30:30,168 --> 00:30:33,235
that is in the commercial world called
"big data".

623
00:30:34,011 --> 00:30:36,338
[Jacob]: Yep. Absolutely.

624
00:30:36,338 --> 00:30:38,813
Oh boy. GRsec again?

625
00:30:40,787 --> 00:30:44,953
[orga]: it's not rum, but it's Bavarian
whisky.

626
00:30:45,580 --> 00:30:50,052
[Jacob]: Oh boy. It's going to be a
heavy morning tomorrow.

627
00:30:50,929 --> 00:30:54,078
I saw another couple of hands.

628
00:30:56,475 --> 00:30:59,976
[question]: I was just wondering if
that you noticed throughout this

629
00:30:59,976 --> 00:31:04,893
that you think we could improve in Debian
to make the next people's lives easier.

630
00:31:04,893 --> 00:31:08,691
[Jacob]: Oh my god, I'm so glad you asked
that question, that's so fantastic.

631
00:31:08,691 --> 00:31:10,391
I'm going to talk about that tomorrow
in my keynote,

632
00:31:10,391 --> 00:31:12,342
but let me tell you about one that I have.

633
00:31:12,342 --> 00:31:16,666
I revealed a specific document about a
wifi injection attack system.

634
00:31:16,666 --> 00:31:19,466
It's a classified document, it's a
top secret document,

635
00:31:19,466 --> 00:31:22,163
for a thing called nightstand, and what
nightstand is,

636
00:31:22,163 --> 00:31:25,930
it's basically like car metasploit,
it's a wifi injector...

637
00:31:25,930 --> 00:31:29,089
cheers!

638
00:31:35,352 --> 00:31:37,405
Danke schön.

639
00:31:38,375 --> 00:31:40,554
It's a wifi injector device...

640
00:31:41,158 --> 00:31:42,847
Whew, jesus!

641
00:31:43,953 --> 00:31:48,095
[laughter, applause]

642
00:31:52,749 --> 00:31:56,570
[orga]: Tonight's whisky sponsored by
drunc-tank dot org.

643
00:31:59,914 --> 00:32:03,815
[Jacob]: So this wifi injector device,
what it does is it basically is able to

644
00:32:03,815 --> 00:32:09,039
exploit the kernel of a device by sending
malformed data over wifi.

645
00:32:09,039 --> 00:32:14,983
Now I have a series of photographs, so
all of us.. not all of us, but most of us

646
00:32:14,983 --> 00:32:19,580
used these speciallly modified X60s where
we removed the microphones, soldered??

647
00:32:19,580 --> 00:32:22,080
down things on the PCI bus,

648
00:32:22,080 --> 00:32:24,030
we removed, like, firewire, really
modified it, flashed coreboot onto it,

649
00:32:24,030 --> 00:32:26,871
flipped the read pin so it was only
read-only,

650
00:32:26,871 --> 00:32:30,155
so you couldn't easily make a BIOS
root kit and make it persistent,

651
00:32:30,155 --> 00:32:32,449
we booted TAILS, did all this stuff,

652
00:32:32,449 --> 00:32:35,974
often we could boot to RAM so that
once the machine was powered off

653
00:32:35,974 --> 00:32:39,325
basically it would be done, so if someone
kicks down your door,

654
00:32:39,325 --> 00:32:41,015
you just pull the power out,

655
00:32:41,015 --> 00:32:43,148
and you don't have a battery, and
when the power fails you have an

656
00:32:43,148 --> 00:32:45,248
instant kill switch.

657
00:32:45,248 --> 00:32:48,373
So things that are in TAILS that are 
really useful include this

658
00:32:48,373 --> 00:32:52,812
wiping the kernel memory package
which I hear is being packaged for Debian

659
00:32:52,812 --> 00:32:54,660
soon, which is very exciting.

660
00:32:54,660 --> 00:32:57,043
Because everyone should have access
to that so we can tie it into something

661
00:32:57,043 --> 00:33:01,209
like GNU panicd or these other things.

662
00:33:01,209 --> 00:33:08,031
But one thing I kept having problems with
is this wifi injection device,

663
00:33:08,031 --> 00:33:09,981
I'm pretty sure, was very close to my
house.

664
00:33:09,981 --> 00:33:13,107
There was a white van outside, it was
vibrating a bit like there was a guy

665
00:33:13,107 --> 00:33:14,831
walking around in it,

666
00:33:14,831 --> 00:33:17,727
and then all of sudden, an X60 here,
an X60 here, and an X60 here,

667
00:33:17,727 --> 00:33:22,097
just booted into TAILS, not doing
anything at all, but on the wifi network,

668
00:33:22,097 --> 00:33:24,445
kernel panic, kernel panic, kernel panic.

669
00:33:24,445 --> 00:33:27,674
All the same kernel panic, all the
same memory offsets,

670
00:33:27,674 --> 00:33:32,420
in the Appletalk driver of the stock
kernel for TAILS.

671
00:33:32,420 --> 00:33:36,577
I think I filed a bug upstream with TAILS
at the time,

672
00:33:36,577 --> 00:33:40,018
but this is just incredible because
it's clear that all the crap

673
00:33:40,018 --> 00:33:46,065
in the default Debian kernel that you
really want for your 1992 Apple network

674
00:33:46,065 --> 00:33:48,413
makes operational security really hard,

675
00:33:48,413 --> 00:33:51,632
and one thing that would be really great
would be a GRsec enabled kernel...

676
00:33:53,206 --> 00:33:55,281
[applause]

677
00:33:55,281 --> 00:33:57,506
Yes, have to drink.

678
00:34:01,351 --> 00:34:06,702
But as an example, we built different
custom machines, and one of the things

679
00:34:06,702 --> 00:34:09,953
that we did for some people and in some
circumstances was

680
00:34:09,953 --> 00:34:12,371
to build GRsec enabled kernels.

681
00:34:12,371 --> 00:34:14,755
And I'm not going to drink again.

682
00:34:19,044 --> 00:34:20,892
So we built those kernels

683
00:34:21,222 --> 00:34:23,448
[audience]: Which ones?

684
00:34:24,315 --> 00:34:27,166
[Jacbob]: Yes, exactly, those ones.

685
00:34:27,166 --> 00:34:30,886
And that was work which creates a problem
for a bunch of reasons.

686
00:34:30,886 --> 00:34:33,544
When you build custom kernels, and
you only have a few people

687
00:34:33,544 --> 00:34:35,244
that can build those kernels,

688
00:34:35,244 --> 00:34:37,890
you actually build a chain of evidence of
who helped who.

689
00:34:37,890 --> 00:34:39,891
And if that was a stable, normal package,

690
00:34:39,891 --> 00:34:42,590
that people could install in a Debian
pure blend,

691
00:34:42,590 --> 00:34:44,713
then it would have been easier to do that.

692
00:34:44,713 --> 00:34:48,660
We built a lot more sandbox profiles for
various different things,

693
00:34:48,660 --> 00:34:51,284
we built some transparent TOR-ification
stuff,

694
00:34:51,284 --> 00:34:53,953
and that required a lot of bespoke
knowledge,

695
00:34:53,953 --> 00:34:57,305
and it required a lot of effort that a lot
of people did not have,

696
00:34:57,305 --> 00:34:59,201
because they had a different set of
skills,

697
00:34:59,201 --> 00:35:00,882
and it's good to have a division of
labour,

698
00:35:00,882 --> 00:35:04,155
but having that kind of stuff built into
Debian by default, making a

699
00:35:04,155 --> 00:35:06,130
Debian installer that could do that,

700
00:35:06,130 --> 00:35:08,749
and also verification, would be great,
right?

701
00:35:08,749 --> 00:35:12,147
So I wrote some custom scripts 
where I could look at a TAILS disk,

702
00:35:12,147 --> 00:35:14,041
or a Debian install,

703
00:35:14,041 --> 00:35:15,993
and know if it had been tampered with.

704
00:35:15,993 --> 00:35:19,939
And it would be nice if there was just
a disk you could boot that did

705
00:35:19,939 --> 00:35:21,993
verification of an installed system

706
00:35:21,993 --> 00:35:25,039
very very easily, so easily that
Glen Greenwald could use it.

707
00:35:25,039 --> 00:35:29,784
I love Glen, I say that very politely,

708
00:35:30,047 --> 00:35:33,002
but what I mean is it needs to be
easier than that,

709
00:35:33,002 --> 00:35:36,425
because Glen at least knows that he
he a reason to use it.

710
00:35:36,425 --> 00:35:39,526
And so that was something that we really
needed help with.

711
00:35:39,526 --> 00:35:41,615
And we spent a lot of time on that.

712
00:35:41,615 --> 00:35:43,794
And there are lots of other little things
like that,

713
00:35:43,794 --> 00:35:45,390
and I'll talk about some of those things
tomorrow,

714
00:35:45,390 --> 00:35:47,398
but one of the really big problems is
hardware,

715
00:35:47,398 --> 00:35:50,592
which is that you cannot buy a modern
Intel CPU which doesn't come

716
00:35:50,592 --> 00:35:52,444
with a backdoor any more.

717
00:35:52,444 --> 00:35:57,016
And that is a huge problem, and I'm not
sure that the answer is to use ARM.

718
00:35:57,016 --> 00:35:59,035
It seems like the answer is to use ARM.

719
00:35:59,035 --> 00:36:02,915
But that's only if assume that ARM didn't
just add a backdoor that's obvious.

720
00:36:02,915 --> 00:36:07,580
So we really need to think about how to,
in moving forward,

721
00:36:07,580 --> 00:36:12,485
how to have easy to use, easy to buy
on the shelf, Debian hardware,

722
00:36:12,485 --> 00:36:14,976
available everywhere, all the time,

723
00:36:14,976 --> 00:36:18,101
so you can just go and buy this thing and
verify it in some way

724
00:36:18,101 --> 00:36:19,881
with some other machine,

725
00:36:19,881 --> 00:36:21,705
to know that you would have the right
thing.

726
00:36:21,705 --> 00:36:24,649
And to that extent we didn't have X-rays
for a lot of the circuit boards,

727
00:36:24,649 --> 00:36:27,506
so that made it very difficult to know
if when you buy something,

728
00:36:27,506 --> 00:36:29,725
it's been tampered with.

729
00:36:29,725 --> 00:36:32,349
I'll talk about some of that stuff
tomorrow,

730
00:36:32,349 --> 00:36:35,748
but basically, Debian does a lot of stuff
right,

731
00:36:35,748 --> 00:36:39,114
and that is also worth mentioning.

732
00:36:39,114 --> 00:36:44,112
There's so many things that just work
out of the box, that just work perfectly.

733
00:36:44,112 --> 00:36:47,659
So the main thing is to keep the
quality assurance at the level,

734
00:36:47,659 --> 00:36:49,644
or to exceed where it is right now.

735
00:36:49,644 --> 00:36:51,960
Because it actually works super super
well.

736
00:36:51,960 --> 00:36:55,735
The exception being for very specific
targetted attacks,

737
00:36:55,735 --> 00:36:59,488
the kernel attack surface is pretty big,
and pretty bad, I think.

738
00:36:59,488 --> 00:37:03,059
And also, we rebuilt some binaries in
order to..

739
00:37:03,059 --> 00:37:04,452
sorry, I'll get to you in a second.

740
00:37:04,452 --> 00:37:08,880
We rebuilt some binaries to make sure
that we had address space randomisation

741
00:37:08,880 --> 00:37:11,581
and linker hardening, and stack
canary stuff,

742
00:37:11,581 --> 00:37:15,597
and for some stuff lately we've been using
address sanitizer,

743
00:37:15,597 --> 00:37:19,601
so it would be really great if all the
hardening stuff was turned on,

744
00:37:19,601 --> 00:37:22,977
if there was PAX plus GRsec as a kernel.

745
00:37:23,801 --> 00:37:26,520
[audience]: so the specific problem with
GR security is that they don't really

746
00:37:26,520 --> 00:37:29,580
want to work with distros.

747
00:37:29,580 --> 00:37:35,280
So we could have a Linux kernel package
with GR security applied,

748
00:37:35,280 --> 00:37:38,401
but it wouldn't have any of the other
Debian patches.

749
00:37:39,121 --> 00:37:41,400
[Jacob]: So I talked with Brad Spender
about this,

750
00:37:41,400 --> 00:37:42,942
and I'm so glad that you said that,

751
00:37:42,942 --> 00:37:47,180
because what he said was that, as far
as I can tell, he's totally interested in

752
00:37:47,180 --> 00:37:49,700
helping Debian with this but thinks that
Debian is not interested.

753
00:37:49,700 --> 00:37:53,060
He actually runs a kernel building
service where they do

754
00:37:53,060 --> 00:37:55,280
individual kernel builds, and I think
you'd be interested,

755
00:37:55,292 --> 00:37:57,080
and when I told him we'd love to have
this in TAILS, he said

756
00:37:57,340 --> 00:38:01,420
what patches do I need to include in GRsec
to make sure that it'll work?

757
00:38:01,420 --> 00:38:04,500
And he offered to do the integration
into the GRsec patch if there are not

758
00:38:04,500 --> 00:38:05,760
too many things.

759
00:38:05,760 --> 00:38:07,903
So I think what we should try and do
is build a line of communication,

760
00:38:07,903 --> 00:38:10,000
and if it costs money we should find a way
to raise that money,

761
00:38:10,000 --> 00:38:11,800
I'll put in some of my own personal money
for this,

762
00:38:11,800 --> 00:38:13,720
and I know other people would too.

763
00:38:13,720 --> 00:38:14,421
[distant audience]: I will.

764
00:38:14,421 --> 00:38:16,160
[Jacob]: Great.

765
00:38:16,160 --> 00:38:18,920
So securedrop, for example, part of what
they do for their leaking platform,

766
00:38:18,920 --> 00:38:22,300
if you go to the intercepts website,
you want to leak them a document,

767
00:38:22,300 --> 00:38:26,201
they actually use free software
everywhere, but there are a few things

768
00:38:26,201 --> 00:38:29,341
they build specially, and one of those
things is a GRsec kernel.

769
00:38:29,341 --> 00:38:31,760
So the people at first look, that helped
make this movie,

770
00:38:31,760 --> 00:38:33,520
and that work on securedrop,

771
00:38:33,520 --> 00:38:34,903
they would probably also,

772
00:38:34,903 --> 00:38:37,242
I'm not committing them, I don't
know that they would actually do this,

773
00:38:37,242 --> 00:38:39,280
but I think they would really like it if
that was in there,

774
00:38:39,280 --> 00:38:41,901
and I think it we could find the community
will to do that,

775
00:38:41,901 --> 00:38:44,081
I know I would volunteer and other people
would,

776
00:38:44,081 --> 00:38:47,160
I know that dkg in the back would love to
help with this, I know the ACLU is just

777
00:38:47,160 --> 00:38:50,480
totally behind funding this work, right?
[audience]: I don't know.

778
00:38:53,700 --> 00:38:56,401
I thought that you were there to protect
my civil liberties, buddy.

779
00:39:00,080 --> 00:39:03,460
But I really think that it's possible
that we could do this,

780
00:39:03,460 --> 00:39:07,380
and I definitely think Brad, the author of
GRsec,

781
00:39:07,380 --> 00:39:09,920
I think he would really love it if Debian
shipped GRsec.

782
00:39:09,920 --> 00:39:11,920
And it doesn't need to come by default,

783
00:39:11,920 --> 00:39:16,781
but if it was possible to just have
it at all, that would be great.

784
00:39:17,220 --> 00:39:20,400
Maybe we could have an affinity group
where everyone who is interested can

785
00:39:20,400 --> 00:39:23,100
meet sometime tomorrow and we could
talk about doing this.

786
00:39:23,100 --> 00:39:25,421
I would love to have that conversation.

787
00:39:25,421 --> 00:39:27,080
Who are you?

788
00:39:28,030 --> 00:39:29,110
[audience]: Ben Hutchings.

789
00:39:29,720 --> 00:39:34,270
[Jacob]: Oh, nice to meet you!

790
00:39:35,041 --> 00:39:38,580
[laughter, applause]

791
00:39:42,880 --> 00:39:44,740
That's awkward.

792
00:39:46,820 --> 00:39:50,840
[question]: Hi. Sorry to interrupt the
awkwardness,

793
00:39:50,840 --> 00:39:52,562
and replace it with more awkwardness.

794
00:39:52,562 --> 00:39:54,060
Nice to see you, Jake.

795
00:39:54,060 --> 00:39:58,282
So, I remember reading the documents
in 2013

796
00:39:58,282 --> 00:40:04,220
and seeing the NSA's internal training
guide for how to query their

797
00:40:04,220 --> 00:40:07,501
Hadoop data store, aka xkeyscore,

798
00:40:07,501 --> 00:40:14,961
and so I thought I would just ask you
if you think Free software net helps us

799
00:40:14,961 --> 00:40:16,641
or helps them.

800
00:40:17,361 --> 00:40:19,161
[Jacob]: I'm really glad you asked that
question.

801
00:40:19,161 --> 00:40:23,001
I think that Free software helps everyone
on the planet, and I think that

802
00:40:23,001 --> 00:40:26,983
purpose-based limitations.. I understand
why people want them.

803
00:40:27,640 --> 00:40:30,682
I think we should try to build a world
where we are free,

804
00:40:30,682 --> 00:40:34,360
and so putting in purpose-based
limitations is really problematic,

805
00:40:34,641 --> 00:40:37,681
and I think what we should do is try to
mitigate the harm that they can do

806
00:40:37,681 --> 00:40:39,340
with those systems,

807
00:40:39,340 --> 00:40:41,820
as opposed to pretending that they care
about Free software licensing.

808
00:40:42,280 --> 00:40:45,100
These guys kill people with flying robots,

809
00:40:45,100 --> 00:40:48,664
it's illegal to murder people, and they
do it.

810
00:40:49,421 --> 00:40:52,700
Limiting their use with licenses, first
of all, that just means they'll spend

811
00:40:52,700 --> 00:40:55,361
your tax money to rewrite it if they care
about the license,

812
00:40:56,241 --> 00:40:59,680
and you won't get their bug-fixes or their
improvements,

813
00:40:59,680 --> 00:41:02,160
and then additionally they're still not
going to obey your license anyway,

814
00:41:02,160 --> 00:41:05,140
because literally some of these people
work on assassinating people.

815
00:41:05,140 --> 00:41:08,481
So it is better that we keep our integrity
and take the high road,

816
00:41:08,481 --> 00:41:11,980
and write Free software, and we give it to
every single person on the planet

817
00:41:11,980 --> 00:41:13,620
without exception,

818
00:41:14,600 --> 00:41:16,460
It's just better. It's better for all of
us, right?

819
00:41:16,460 --> 00:41:22,080
So the fact that they have Hadoop, the
fact that they, for example, use OpenSSL,

820
00:41:22,080 --> 00:41:24,860
or maybe they use Tor, or whatever, right?

821
00:41:24,860 --> 00:41:26,920
Or they use gdb to debug their exploits.

822
00:41:30,220 --> 00:41:32,260
I kind of wish that on them.

823
00:41:33,721 --> 00:41:36,622
[laughter, applause]

824
00:41:37,643 --> 00:41:39,100
I think it's great, right?

825
00:41:39,100 --> 00:41:42,341
So one of the things Che Guevara said
in his manual about guerilla warfare,

826
00:41:42,341 --> 00:41:44,820
in chapter two, is that (oh, it was
chapter three)

827
00:41:44,820 --> 00:41:48,000
He talks about when you have to arm
a guerrilla army,

828
00:41:48,000 --> 00:41:52,141
this is not exactly related, but it's an
analog.

829
00:41:52,141 --> 00:41:54,780
He says that the most important thing
is for the guerrilla army to

830
00:41:54,780 --> 00:41:58,340
use the weapons of the people that
they're fighting - the oppressor.

831
00:41:58,340 --> 00:42:01,740
And the reason is that it allows you to
resupply, essentially.

832
00:42:01,740 --> 00:42:04,580
When you win a battle, you resupply.

833
00:42:05,141 --> 00:42:07,860
When we all use the same Free software,
and we're working on these things,

834
00:42:07,860 --> 00:42:10,883
the fact that they have to contribute
to the same projects and they often do

835
00:42:10,883 --> 00:42:13,121
means there's a net win for us.

836
00:42:13,121 --> 00:42:16,420
They do have some private things that they
don't share, obviously,

837
00:42:16,420 --> 00:42:19,380
with the exception of nice people like
Edward Snowden,

838
00:42:19,380 --> 00:42:22,062
and I think that it is a net positive
thing,

839
00:42:22,062 --> 00:42:24,200
and if we think of it as a struggle,

840
00:42:24,200 --> 00:42:26,280
we are better off to take the high road,

841
00:42:26,280 --> 00:42:29,420
and so I really think we should not
pretend that we can stop them,

842
00:42:29,420 --> 00:42:32,000
and instead we should work together
to build solutions.

843
00:42:32,000 --> 00:42:33,641
And I think that Debian is doing that,
right?

844
00:42:33,641 --> 00:42:35,960
I think Debian is much harder to
compromise than

845
00:42:35,960 --> 00:42:37,680
a lot of other operating systems,

846
00:42:37,680 --> 00:42:39,882
and it's much much harder to coerce
people,

847
00:42:39,882 --> 00:42:42,720
and there's a strong ethos that comes
with it that it's not just the technical

848
00:42:42,720 --> 00:42:45,300
project, there's a social aspect to it.

849
00:42:45,300 --> 00:42:48,506
I think I was in the New Maintainer
queue for 11 years,

850
00:42:48,506 --> 00:42:50,301
maybe that's a little too long,

851
00:42:50,301 --> 00:42:52,400
but there's a huge hazing process,

852
00:42:52,400 --> 00:42:55,640
so anyone who wants to help, really really
wants to help,

853
00:42:55,640 --> 00:42:58,660
and if they want to do something wrong
there are processes to catch

854
00:42:58,660 --> 00:43:00,602
people doing things wrong.

855
00:43:00,602 --> 00:43:03,000
So we should really stay true to the
Free software ethos,

856
00:43:03,000 --> 00:43:05,060
and it really is a net benefit.

857
00:43:08,362 --> 00:43:12,120
[question]: Hi Jake. Thanks a lot for
saying so much "GRsec".

858
00:43:17,020 --> 00:43:19,740
Just wanted to give a shout out.

859
00:43:19,740 --> 00:43:24,681
You mentioned possible backdoors in
CPUs and so on,

860
00:43:24,681 --> 00:43:30,340
that ARM might not be the next best thing
because it's not so open either.

861
00:43:30,340 --> 00:43:32,961
You might want to have a look at Power 8.

862
00:43:32,961 --> 00:43:38,541
It's basically PowerPC 64, so Debian has
support for it as far as I know,

863
00:43:38,541 --> 00:43:41,300
and most of the stuff is actually open.

864
00:43:41,300 --> 00:43:45,300
Not that actual designs that IBM is
using,

865
00:43:45,300 --> 00:43:49,101
but you can have, actually, an FPGA
implementation of it,

866
00:43:49,101 --> 00:43:55,240
and if you have the money make your own
ASICs for it, without even knowing

867
00:43:55,240 --> 00:43:59,080
how to do it, which is pretty good,
I think.

868
00:43:59,861 --> 00:44:02,860
[Jacob]: I think there are lots of things
we can hack right?

869
00:44:02,860 --> 00:44:06,100
I mean I had one of those weird RMS
laptops, the Limote,

870
00:44:06,100 --> 00:44:07,940
or whatever it's called, for a while.

871
00:44:07,940 --> 00:44:10,540
And I was definitely able to get some
Free software running on it,

872
00:44:10,540 --> 00:44:12,621
in theory it was a Free software laptop.

873
00:44:12,621 --> 00:44:16,160
But getting other people to use this is
the problem,

874
00:44:16,160 --> 00:44:18,382
you need to get everybody to use it,
right?

875
00:44:18,382 --> 00:44:20,680
There's a sort of old anarchist cliché,

876
00:44:20,680 --> 00:44:22,721
"None of us are free until all of us are
free"

877
00:44:22,721 --> 00:44:25,201
And that really applies here.

878
00:44:25,201 --> 00:44:28,024
We really need to have Free software
that's usable by everyone,

879
00:44:28,024 --> 00:44:31,320
otherwise we're sort of bound by the
lowest common denominator

880
00:44:31,320 --> 00:44:36,440
of Free, or proprietary tools, depending
on what people have to use.

881
00:44:36,440 --> 00:44:38,380
So it'll be great when we have that,

882
00:44:38,380 --> 00:44:40,142
and there's a thing called the Nokimist???

883
00:44:40,142 --> 00:44:44,201
which is a video mixing board that has an
FPGA implementing a Free software CPU

884
00:44:44,201 --> 00:44:46,321
that you can boot Debian on, or OpenWRT,

885
00:44:46,321 --> 00:44:48,401
and it does work, and I have used it,

886
00:44:48,401 --> 00:44:50,580
and in fact I used to use it as a shell,

887
00:44:50,580 --> 00:44:54,120
and for a long time I used a Debian
trick,

888
00:44:54,120 --> 00:44:56,301
actually I've never talked about that in
public,

889
00:44:56,301 --> 00:44:57,720
let me think about that for a second.

890
00:44:58,880 --> 00:45:02,280
So I used to use an IRC client that was
really buggy,

891
00:45:02,280 --> 00:45:05,460
and I couldn't figure out where all the
bugs were,

892
00:45:05,460 --> 00:45:08,280
but I knew that if I hung out in certain
networks that someone else

893
00:45:08,280 --> 00:45:11,820
would help me find those bugs by trying
to exploit my client.

894
00:45:11,820 --> 00:45:13,740
And I wanted to make it as hard as
possible.

895
00:45:13,740 --> 00:45:18,960
So I ran my IRC client inside of a Debian
machine that was running an S390 emulator.

896
00:45:18,960 --> 00:45:24,981
Who here uses Hercules? Thank you to
whoever packaged it.

897
00:45:24,981 --> 00:45:28,042
And so I would use Hercules, it was a
very long install process.

898
00:45:28,042 --> 00:45:30,022
Very slow.

899
00:45:30,022 --> 00:45:34,382
And I would do this, and what I'd always
dreamed of doing at some point

900
00:45:34,382 --> 00:45:37,200
was using the Nokimist??? and the
Hercules together

901
00:45:37,200 --> 00:45:40,580
for maximum ridiculously difficult
to exploit,

902
00:45:40,580 --> 00:45:42,220
plus GRsec kernel.

903
00:45:45,140 --> 00:45:47,663
But that's not a usable thing.

904
00:45:47,663 --> 00:45:49,901
So what we need to do is take these kinds
of prototypes

905
00:45:49,901 --> 00:45:52,601
which actually do represent many steps
forward,

906
00:45:52,601 --> 00:45:55,900
and we need to make sure that they're
produced on a scale where

907
00:45:55,900 --> 00:45:59,980
you can go into a store and puchase them
anonymously, with cash,

908
00:45:59,980 --> 00:46:02,261
in a way that you can then verify.

909
00:46:02,261 --> 00:46:06,260
And we're actually really close to that
with software defined radios

910
00:46:06,260 --> 00:46:07,720
and open hardware,

911
00:46:07,720 --> 00:46:10,240
but we're not quite there yet.

912
00:46:11,820 --> 00:46:15,900
[question]: What I meant is that Power 8
is basically getting big, currently,

913
00:46:15,900 --> 00:46:17,880
on the server market,

914
00:46:17,880 --> 00:46:20,943
and it might get big for other stuff also.

915
00:46:21,780 --> 00:46:23,401
[Jacob]: Hopefully.

916
00:46:26,160 --> 00:46:29,240
[question]: I want to come back to the
story about the panic

917
00:46:29,240 --> 00:46:31,841
in the Appletalk driver.

918
00:46:31,841 --> 00:46:36,940
The common approach against this is
to compile your own kernel with

919
00:46:36,940 --> 00:46:39,720
all this stuff not compiled in,

920
00:46:39,720 --> 00:46:44,500
but on two of my systems I have a
modprobe wrapper which has

921
00:46:44,500 --> 00:46:47,320
a whitelist of modules which may be
loaded,

922
00:46:47,320 --> 00:46:52,111
and I install that wrapper as the thing
that the kernel uses for loading modules.

923
00:46:52,361 --> 00:46:58,041
Do you know if such a thing exists
elsewhere, or if not,

924
00:46:58,041 --> 00:47:03,141
I would be interested in developing it
into something which is actually useable

925
00:47:03,141 --> 00:47:04,781
for people.

926
00:47:05,680 --> 00:47:07,740
[Jacob]: That would be great.

927
00:47:07,740 --> 00:47:11,600
In this case we were using Tails.

928
00:47:11,600 --> 00:47:19,150
And so, Tails is very finicky about what
it will accept, and very reasonably so,

929
00:47:19,150 --> 00:47:23,360
and so having that in Debian will make it
a lot easier to get it into something

930
00:47:23,360 --> 00:47:25,335
like Tails, I think.

931
00:47:25,335 --> 00:47:28,520
But the main thing is really that we have
to think about the attack surface

932
00:47:28,520 --> 00:47:30,301
of the kernel very differently.

933
00:47:30,301 --> 00:47:33,300
The problem is not Appletalk; the problem
is the Linux kernel is filled with

934
00:47:33,300 --> 00:47:34,921
a lot of code,

935
00:47:34,921 --> 00:47:38,520
and you can autoload, in certain cases,
certain things come in,

936
00:47:38,520 --> 00:47:40,500
and certain things get autoloaded,

937
00:47:40,500 --> 00:47:43,381
and I know Bdale loves his
ham radio stuff,

938
00:47:43,381 --> 00:47:45,722
but I never use ham radio on my machine

939
00:47:45,722 --> 00:47:49,000
I used for clandestine conspiracies,
you know?

940
00:47:49,000 --> 00:47:50,640
That's a separate machine.

941
00:47:50,640 --> 00:47:52,120
It's over here.

942
00:47:52,120 --> 00:47:53,860
So we just need to find a way to think
about that.

943
00:47:53,860 --> 00:47:56,840
And part of that could be kernel stuff,
but also part of it could be thinking

944
00:47:56,840 --> 00:47:59,741
about solutions like that, where we
don't need to change the kernel.

945
00:47:59,741 --> 00:48:02,100
So if you could package that and develop
that, it would be really fantastic.

946
00:48:04,022 --> 00:48:09,481
[Ben]: Actually, some time ago, after
I think it was the econet exploits,

947
00:48:09,481 --> 00:48:13,280
no-one uses econet, it was broken anyway,
but you could exploit it,

948
00:48:13,280 --> 00:48:15,240
because it was autoloaded.

949
00:48:15,240 --> 00:48:22,920
So I actually went through and turned off
autoloading on a few of the more obscure

950
00:48:22,920 --> 00:48:24,740
network protocols.

951
00:48:24,740 --> 00:48:29,021
We could probably go further with that,
even in the defaults.

952
00:48:29,021 --> 00:48:31,860
[Jacob]: I think it would be great to
change some of the kernel stuff so that

953
00:48:31,860 --> 00:48:36,040
at least, I mean, Tails is a special use
case, where, I think, it's very important,

954
00:48:36,040 --> 00:48:37,941
and it doesn't work for everyone,

955
00:48:37,941 --> 00:48:41,320
but we should just consider that there are
certainly things which are really great,

956
00:48:41,320 --> 00:48:44,400
and I want to use Debian for it, because
Debian is a universal operating system.

957
00:48:44,400 --> 00:48:48,160
But for a modern desktop system where
you're using GNOME,

958
00:48:48,160 --> 00:48:53,700
and you haven't set anything up,
Appletalk for example,

959
00:48:53,700 --> 00:48:57,781
maybe we would ask those people
to load that module themselves.

960
00:48:59,541 --> 00:49:04,900
[Ben]: Yeah, for example you could
have, a lot of those things are going to

961
00:49:04,900 --> 00:49:06,981
have supporting utilities,

962
00:49:06,981 --> 00:49:10,021
so you could put something in the
supporting utilities that loads it

963
00:49:10,021 --> 00:49:11,380
at boot time.

964
00:49:12,100 --> 00:49:14,160
And if you don't have those installed,
you don't need it.

965
00:49:15,060 --> 00:49:17,421
[Jacob]: Yep, totally. And I think there's
lots of ways to do it where

966
00:49:17,421 --> 00:49:20,060
the network can't trigger it,
and that's important.

967
00:49:20,800 --> 00:49:23,802
[Ben]: Yeah, that puzzled me,
I can't understand,

968
00:49:23,802 --> 00:49:29,360
the protocol module should get loaded
when userland tries to open a socket

969
00:49:29,360 --> 00:49:32,220
of that type,

970
00:49:32,220 --> 00:49:35,481
it shouldn't happen in response to
network traffic.

971
00:49:36,960 --> 00:49:44,981
There are things like, I think if you
run ifconfig that can autoload

972
00:49:44,981 --> 00:49:47,000
a bunch of things, for example.

973
00:49:47,720 --> 00:49:49,801
[Jacob]: Yeah, I think on either side
it should be more explicit,

974
00:49:49,801 --> 00:49:52,940
and in this case with Tails,

975
00:49:52,940 --> 00:49:55,220
there was a time when you looked at
the kernel module list

976
00:49:55,220 --> 00:49:57,080
and it was pretty amazing,

977
00:49:57,080 --> 00:50:00,801
like I think there was an X25 thing,
an Appletalk thing,

978
00:50:00,801 --> 00:50:03,781
wait, this is all about going over Tor,
we don't support any of these

979
00:50:03,781 --> 00:50:05,340
things at all.

980
00:50:05,340 --> 00:50:09,540
So it's just the way that things are 
interdependent, right?

981
00:50:09,540 --> 00:50:11,440
It's not a dig at the kernel itself.

982
00:50:11,440 --> 00:50:13,981
I think the Linux kernel as it works
in Debian today works really well

983
00:50:13,981 --> 00:50:15,440
for a lot of people,

984
00:50:15,440 --> 00:50:17,960
but there is definitely a high security
use case,

985
00:50:17,960 --> 00:50:20,780
and I, for example, if I were a Debian
developer, and I had a development

986
00:50:20,780 --> 00:50:22,780
machine where I didn't run a web
browser,

987
00:50:22,780 --> 00:50:24,940
and I took a lot of effort.

988
00:50:24,940 --> 00:50:29,401
It would be really nice if there were
a kernel that put in the same

989
00:50:29,401 --> 00:50:32,420
threshold of security.

990
00:50:32,420 --> 00:50:35,840
And I think that the GRsec kernel with
some stuff changed about it,

991
00:50:35,840 --> 00:50:37,840
like getting rid of Appletalk and a few
other things,

992
00:50:37,840 --> 00:50:39,500
would be closer to that,

993
00:50:39,500 --> 00:50:41,581
and combined with that guy's tool that
he's talking about,

994
00:50:41,581 --> 00:50:46,760
you could make autoloadable module,
that at least even if the system was

995
00:50:46,760 --> 00:50:49,500
going to autoload it, you could stop it,
in a failing closed sort of way.

996
00:50:49,500 --> 00:50:53,200
And I think there's a lot of stuff,
practically, to do on that front,

997
00:50:53,200 --> 00:50:56,160
and there's another project called
Subgraph OS,

998
00:50:56,160 --> 00:51:02,161
which is basically working on becoming
in some ways a Debian derivative,

999
00:51:02,161 --> 00:51:04,540
and they're going to do stuff like GRsec
kernel,

1000
00:51:04,540 --> 00:51:08,142
and they have a whole sandboxing framework
which uses apparmor, seccomp

1001
00:51:08,142 --> 00:51:10,540
and xpra, and a few other things,

1002
00:51:10,540 --> 00:51:13,903
and I think that they'll make a lot of
interesting security decisions,

1003
00:51:13,903 --> 00:51:16,961
which might make sense to adopt in 
Debian later.

1004
00:51:17,860 --> 00:51:20,441
[Ben]: I think Matthew Garrett has an
interesting criticism about that and

1005
00:51:20,441 --> 00:51:24,020
how it wouldn't really work, and Wayland
was a better way to go than xpra.

1006
00:51:25,240 --> 00:51:26,741
[Jacob]: Yeah, I've heard those
criticisms,

1007
00:51:26,741 --> 00:51:28,622
but Matthew Garrett is wrong.

1008
00:51:29,600 --> 00:51:32,540
Not usually, but in this particular case.

1009
00:51:32,540 --> 00:51:37,200
For example, the sandboxing stuff,
if you have a GNOME appstore,

1010
00:51:37,200 --> 00:51:41,761
essentially, that's for one set of users,
but for a Debian developer

1011
00:51:41,761 --> 00:51:44,282
writing your own policies,
it might be useful,

1012
00:51:44,282 --> 00:51:46,960
and if you need Wayland, you might
not have a full solution,

1013
00:51:46,960 --> 00:51:49,220
we might want to have both for a while.

1014
00:51:49,220 --> 00:51:51,060
And think it'd be great.

1015
00:51:51,060 --> 00:51:54,140
And the main thing is we just need to
find people who will think about those

1016
00:51:54,140 --> 00:51:55,823
issues and try to integrate them,

1017
00:51:55,823 --> 00:52:00,481
because most people who write exploits,
or who understand how to do offensive

1018
00:52:00,481 --> 00:52:03,360
security stuff, they don't want to help
Free software projects,

1019
00:52:04,200 --> 00:52:05,761
they just want to exploit them.

1020
00:52:05,761 --> 00:52:08,460
And so some of the Subgraph guys,
what I really like about them

1021
00:52:08,460 --> 00:52:11,461
is that they're trying to improve the
Free software products we all use.

1022
00:52:11,461 --> 00:52:13,480
Even though they may make different
design decisions,

1023
00:52:13,480 --> 00:52:15,200
they're making Free software all the same.

1024
00:52:18,680 --> 00:52:24,400
[question]: Maybe also, some other thing
to keep in mind is actually

1025
00:52:24,400 --> 00:52:39,040
that there is also a social aspect of this
pressure if NSA wants to put anything

1026
00:52:39,040 --> 00:52:41,440
inside Debian.

1027
00:52:41,440 --> 00:52:48,021
So if we actually also need to make sure
that if they put pressure on somebody

1028
00:52:48,021 --> 00:52:56,601
we have any way to help these people
not to land in prison.

1029
00:52:56,601 --> 00:53:04,080
So is there also a social aspect of 
supporting people which get pressure

1030
00:53:04,080 --> 00:53:05,980
from anyone.

1031
00:53:06,840 --> 00:53:09,722
[Jacob]: Yep. I mean, if anyone is ever
in that situation one thing I would say

1032
00:53:09,722 --> 00:53:12,641
is that it's your right to remain silent,

1033
00:53:12,641 --> 00:53:15,721
you have the right to remain silent
I think is the phrase the police would say

1034
00:53:15,721 --> 00:53:19,300
but there are definitely communities
of people who will help you.

1035
00:53:19,300 --> 00:53:21,700
There's a group called the Courage
foundation, for example,

1036
00:53:21,700 --> 00:53:23,563
which was started by Sarah Harrison,

1037
00:53:23,563 --> 00:53:26,280
and the job that the Courage foundation
has taken on

1038
00:53:26,280 --> 00:53:30,060
is essentially to help people who would be
sources or who are in harm's way like this

1039
00:53:30,060 --> 00:53:32,642
and if you found yourself in that kind of
a position there are people

1040
00:53:32,642 --> 00:53:34,520
who will try to help you.

1041
00:53:34,520 --> 00:53:36,800
I really don't think that is the next step
in this,

1042
00:53:36,800 --> 00:53:38,383
I think that could happen.

1043
00:53:38,383 --> 00:53:42,000
But I think it's much more likely someone
is going to write an exploit for Firefox.

1044
00:53:42,000 --> 00:53:44,581
That's the way they're going to own
Debian people in the future,

1045
00:53:44,581 --> 00:53:47,041
for the most part, that's how they own
us today.

1046
00:53:47,041 --> 00:53:51,700
Firefox, number one enemy to security
on your Debian machine, probably.

1047
00:53:51,700 --> 00:53:54,680
And that's not a dig at Firefox, it's just
super-complicated software,

1048
00:53:54,680 --> 00:53:56,520
and these guys are really good at
writing exploits,

1049
00:53:56,520 --> 00:53:58,582
and that's an easy target.

1050
00:53:58,582 --> 00:54:00,960
So we, I think, have to do with the social
thing,

1051
00:54:00,960 --> 00:54:03,580
but we also should look at some of the
technical problems,

1052
00:54:03,580 --> 00:54:06,820
and then when and if people have that,
you can contact me.

1053
00:54:06,820 --> 00:54:10,022
I'm super happy to put you in touch with
people who will help.

1054
00:54:10,022 --> 00:54:13,860
And obviously, get a lawyer, get several
lawyers if you can.

1055
00:54:13,860 --> 00:54:17,440
Contact the EFF, or the ACLU, depending
on where you are.

1056
00:54:17,440 --> 00:54:22,561
At least in Germany, and in the United
States, it isn't so bad yet

1057
00:54:22,561 --> 00:54:25,903
that they can put that kind of pressure 
on you openly,

1058
00:54:25,903 --> 00:54:27,760
in a Free software project.

1059
00:54:27,760 --> 00:54:31,120
If you write proprietary software you're
in a very different situation,

1060
00:54:31,120 --> 00:54:34,180
and there are definitely people who are in
that situation right now,

1061
00:54:34,180 --> 00:54:38,223
and I don't envy them. Their position is
actually much harder.

1062
00:54:38,223 --> 00:54:42,200
So actually writing Free software already
makes you not at the very beginning

1063
00:54:42,200 --> 00:54:43,761
of the target list, I think.

1064
00:54:46,860 --> 00:54:53,140
Any other questions? Wow. Where's the rum?

1065
00:55:01,323 --> 00:55:06,080
[question]: How do you deliver the
encrypted message without exposing

1066
00:55:06,080 --> 00:55:07,780
the connection to a third party?

1067
00:55:14,321 --> 00:55:15,960
[Jacob]: Which encrypted message do you
mean?

1068
00:55:16,960 --> 00:55:19,102
Do you mean, like jabber?

1069
00:55:19,800 --> 00:55:21,262
[question]: Email, or jabber, yes.

1070
00:55:22,040 --> 00:55:25,640
[Jacob]: For the most part we use systems
where Tor hidden services are available

1071
00:55:25,640 --> 00:55:29,060
to connect to them, so we never even left
the Tor anonymity network,

1072
00:55:29,060 --> 00:55:31,521
so they're end-to-end encrypted and
anonymized, you connect to a

1073
00:55:31,521 --> 00:55:33,541
.onion address,

1074
00:55:33,541 --> 00:55:37,560
and then using crypto on top of that, so
TLS to a Jabber server,

1075
00:55:37,560 --> 00:55:39,880
and then OTR on top of that,

1076
00:55:39,880 --> 00:55:44,944
so you have, you could call it a
composition of cryptographic systems,

1077
00:55:44,944 --> 00:55:50,060
and the core of that is Tor, along with
using throwaway machines,

1078
00:55:50,060 --> 00:55:52,620
going to locations where you never go
twice,

1079
00:55:52,620 --> 00:55:57,160
using open wifi plus Tor plus TLS plus
OTR,

1080
00:55:57,160 --> 00:56:01,821
and for email, Riseup offers Tor hidden
services, which allows you to do the same

1081
00:56:01,821 --> 00:56:05,040
thing, essentially, and then using PGP as
well.

1082
00:56:05,840 --> 00:56:11,600
[question]: I mean, how about metadata,
like the delivery address of the target?

1083
00:56:12,900 --> 00:56:23,100
[Jacob]: In some cases we use a system
called Pond,

1084
00:56:23,100 --> 00:56:26,420
and Pond is a system that is completely
Tor hidden service based,

1085
00:56:26,420 --> 00:56:29,342
pond.imperialviolet.org.

1086
00:56:29,342 --> 00:56:33,441
Adam Langley probably wouldn't want me to
say, but I'll say it anyway,

1087
00:56:33,441 --> 00:56:35,880
it would be very useful to package this
for Debian,

1088
00:56:35,880 --> 00:56:39,400
because it's a system where once you do
key exchange with someone,

1089
00:56:39,400 --> 00:56:44,363
you have an end-to-end encrypted messaging
system that's like email,

1090
00:56:44,363 --> 00:56:47,960
you can send files that are encrypted,
you can send messages that are encrypted,

1091
00:56:47,960 --> 00:56:50,580
It's delay based. You don't have
usernames,

1092
00:56:50,580 --> 00:56:53,500
you just have a public key,
and then you have group signatures,

1093
00:56:53,500 --> 00:56:57,080
so that people can send things to your
mailbox by proving they are a member

1094
00:56:57,080 --> 00:56:59,662
of the group but not which member of
the group they are.

1095
00:56:59,662 --> 00:57:01,620
And there's a lot of stuff like that.

1096
00:57:01,620 --> 00:57:03,862
So we use Jabber, we use email, and we use
Pond.

1097
00:57:03,862 --> 00:57:08,002
And those three systems together also
allowed us to build a clandestine

1098
00:57:08,002 --> 00:57:09,580
sneakernet.

1099
00:57:09,580 --> 00:57:11,445
So we have the ability to carry USB disks,

1100
00:57:11,445 --> 00:57:13,260
and a few of us carried them inside of
our bodies,

1101
00:57:13,260 --> 00:57:16,120
and if you've never had that experience,
lucky you.

1102
00:57:19,580 --> 00:57:24,401
You want to make sure you use post-quantum
computer crypto for that, by the way.

1103
00:57:24,401 --> 00:57:25,641
It's more comfortable.

1104
00:57:28,680 --> 00:57:30,620
[orga]: Shall we relieve this man from his
duties?

1105
00:57:31,204 --> 00:57:33,080
[Jacob]: Any more questions?

1106
00:57:33,660 --> 00:57:35,241
[orga]: One more question.

1107
00:57:36,180 --> 00:57:39,061
[question]: Okay, so when the Snowden
leaks were first published it created

1108
00:57:39,061 --> 00:57:42,180
a lot of awareness, and people were
talking about it,

1109
00:57:42,180 --> 00:57:44,520
and there was a huge media echo,

1110
00:57:44,520 --> 00:57:48,220
Now if some documents leaked, people
are saying yeah, all this surveillance,

1111
00:57:48,220 --> 00:57:51,480
and we aren't dead yet, and we can still
live our lives.

1112
00:57:51,480 --> 00:57:55,380
They basically care less. They still care
a bit, but they care much less than

1113
00:57:55,380 --> 00:57:58,582
when the first documents were published,

1114
00:57:58,582 --> 00:58:04,663
so how can we maintain awareness for
this issue in the world population,

1115
00:58:04,663 --> 00:58:06,021
in your opinion?

1116
00:58:07,100 --> 00:58:09,280
[Jacob]: There's a really scary thing
that's happening right now.

1117
00:58:09,280 --> 00:58:13,584
There was this idea in the 90s, we had
the crypto wars.

1118
00:58:13,584 --> 00:58:16,281
Did any of you remember this idea of the
crypto wars?

1119
00:58:16,281 --> 00:58:18,520
Okay, a few of you do, maybe not all of
you do.

1120
00:58:18,520 --> 00:58:21,741
But we had the so-called crypto wars in
the 90s, I encourage you to look this up

1121
00:58:21,741 --> 00:58:25,020
on DuckDuckGo, or whatever your
favourite search engine is.

1122
00:58:25,020 --> 00:58:28,763
In theory we're in the second crypto
wars now.

1123
00:58:28,763 --> 00:58:32,120
In reality what happened is the first
crypto wars never ended.

1124
00:58:32,120 --> 00:58:34,825
We didn't actually win, like we thought
we did.

1125
00:58:34,825 --> 00:58:37,180
But there are a bunch of things that are
taking place.

1126
00:58:37,180 --> 00:58:41,020
For example, making a stand against
backdoors.

1127
00:58:41,020 --> 00:58:45,082
Using end-to-end encrypted
communications.

1128
00:58:45,082 --> 00:58:47,622
Actually pushing for that, being quite
open about actually hosting

1129
00:58:47,622 --> 00:58:50,821
those kinds of services, and doing it
from a principled perspective,

1130
00:58:50,821 --> 00:58:52,880
from a legal perspective.

1131
00:58:52,880 --> 00:58:57,541
I think you will find that the tension
will continue to rise for a while,

1132
00:58:57,541 --> 00:59:02,140
and I think that it will continue to be
a conversation about public debate,

1133
00:59:02,140 --> 00:59:06,561
and an important aspect of this is that
now regular journalists that don't

1134
00:59:06,561 --> 00:59:10,200
understand technology at least understand
the importance of these things.

1135
00:59:10,200 --> 00:59:13,260
And if they don't do that, they at least
perceive that they will be considered

1136
00:59:13,260 --> 00:59:16,901
unprofessional if they don't care, and
think about those things,

1137
00:59:16,901 --> 00:59:19,140
or they'll be somehow negligent.

1138
00:59:19,140 --> 00:59:21,200
And I think that will keep some of the
discussion going,

1139
00:59:21,200 --> 00:59:23,860
and it will allow us to build some
breathing room,

1140
00:59:23,860 --> 00:59:26,781
and that breathing room will actually
allow us to build some alternatives.

1141
00:59:26,781 --> 00:59:29,704
But there are some downsides, right?

1142
00:59:29,704 --> 00:59:34,020
Some of the things that take place when
you reveal security service spying

1143
00:59:34,020 --> 00:59:36,740
is that it tends to get normalized, to a
degree.

1144
00:59:36,740 --> 00:59:39,280
But then in some cases it does get pushed
back.

1145
00:59:39,280 --> 00:59:43,760
In the 70s in the United States, it became
illegal to do assassinations, for example.

1146
00:59:43,760 --> 00:59:46,861
Because what the CIA were doing was so
atrocious that eventually there was

1147
00:59:46,861 --> 00:59:48,620
political pushback.

1148
00:59:48,620 --> 00:59:52,401
It turns out it only lasted 30 years, and
then they started doing it again.

1149
00:59:52,401 --> 00:59:57,700
But there's a saying in my country which
is that effectively the price of liberty

1150
00:59:57,700 --> 00:59:59,480
is eternal vigilance.

1151
00:59:59,480 --> 01:00:01,080
And that's what we are engaged in now.

1152
01:00:01,080 --> 01:00:04,801
And the liberty starts with software
liberty, I think,

1153
01:00:04,801 --> 01:00:06,960
in the case of communications on networks.

1154
01:00:06,960 --> 01:00:10,500
And so we have to have Free software,
and it has to be responsibly encoding

1155
01:00:10,500 --> 01:00:12,160
packets and data,

1156
01:00:12,160 --> 01:00:14,000
and if we think about it in this sense
we'll find a lot of pressure,

1157
01:00:14,000 --> 01:00:16,908
and we'll have a lot of discussions
about it,

1158
01:00:16,908 --> 01:00:19,720
and you'll start to see it be a part of
policy debates,

1159
01:00:19,720 --> 01:00:22,600
like one of the presidential candidates
in the United States

1160
01:00:22,600 --> 01:00:24,400
just came out against encryption.

1161
01:00:24,400 --> 01:00:26,621
I hope that sinks his presidential
campaign.

1162
01:00:26,621 --> 01:00:28,600
I mean it's weird to be against
encryption.

1163
01:00:28,600 --> 01:00:31,160
It's like I'm against prime numbers.

1164
01:00:31,160 --> 01:00:33,240
No modular arithmetic.

1165
01:00:33,581 --> 01:00:37,161
[laughter, applause]

1166
01:00:38,520 --> 01:00:41,721
I just want to say it's important to
understand, you are right,

1167
01:00:41,721 --> 01:00:43,721
people will be normalized about it,

1168
01:00:43,721 --> 01:00:45,880
but each and every one of us that
understands these issues

1169
01:00:45,880 --> 01:00:47,700
can actually keep it alive.

1170
01:00:47,700 --> 01:00:49,880
And the way we do that is when we
communicate with people...

1171
01:00:49,880 --> 01:00:52,201
I'll give you an example which I
like to give.

1172
01:00:52,201 --> 01:00:55,220
I grew up in San Fransisco and in the Bay
Area or San Fransisco, and California,

1173
01:00:55,220 --> 01:00:57,740
and I did that in the 80s.

1174
01:00:57,740 --> 01:01:01,783
And so a lot of people that I knew had
HIV and they died of AIDS.

1175
01:01:01,783 --> 01:01:05,600
And there was a huge discussion about
this, and it was called GRID,

1176
01:01:05,600 --> 01:01:08,701
the Gay Related Immune Deficiency
syndrome.

1177
01:01:08,701 --> 01:01:10,662
Before it was called HIV and AIDS.

1178
01:01:10,662 --> 01:01:12,644
And lots of people were sick, and lot of
people died,

1179
01:01:12,644 --> 01:01:14,820
and there was a sort of normalization
process where people sort of

1180
01:01:14,820 --> 01:01:18,141
accepted this as their fate, especially
if they were in the gay community.

1181
01:01:18,141 --> 01:01:22,900
And still, over years and years and years,
people began to build a culture about

1182
01:01:22,900 --> 01:01:26,300
safe sex, and they started to talk about
respecting their partners,

1183
01:01:26,300 --> 01:01:28,560
and about talking about these issues,
and about getting tested,

1184
01:01:28,560 --> 01:01:32,400
and it took a lot of effort, to really go
much further.

1185
01:01:32,400 --> 01:01:34,500
A lot of people actually died in that
process.

1186
01:01:34,500 --> 01:01:37,160
It was a very sad, serious situation.

1187
01:01:37,160 --> 01:01:40,460
And I think we have similar discussions
that are taking place now,

1188
01:01:40,460 --> 01:01:42,361
and some people don't take it seriously,

1189
01:01:42,361 --> 01:01:45,483
and if they happen to be Muslims living 
in Pakistan,

1190
01:01:45,483 --> 01:01:48,320
they might get a drone strike.

1191
01:01:48,320 --> 01:01:51,300
And there's a sort of survival mechanism
that takes place there.

1192
01:01:51,300 --> 01:01:54,384
And it's an unfortunate parallel, I think,

1193
01:01:54,384 --> 01:01:57,261
but I would really consider that we can
change this dialogue

1194
01:01:57,261 --> 01:01:59,580
by continuing to have it even though
it's exhausting,

1195
01:01:59,580 --> 01:02:01,900
and by recognizing our responsibility,

1196
01:02:01,900 --> 01:02:04,241
and how we can make it better by
continuing to do that,

1197
01:02:04,241 --> 01:02:07,040
and by building healthy alternatives,
and by building new systems,

1198
01:02:07,040 --> 01:02:10,380
and by refusing to backdoor any
system, ever,

1199
01:02:10,380 --> 01:02:13,561
completely committing to
Free software,

1200
01:02:13,561 --> 01:02:16,761
and transparency of that software,
and also of those processes.

1201
01:02:16,761 --> 01:02:19,640
And really really really sharing the
knowledge about it,

1202
01:02:19,640 --> 01:02:21,620
to make it impossible to surpress.

1203
01:02:21,620 --> 01:02:25,020
And we should not accept the
normalization of that.

1204
01:02:25,020 --> 01:02:28,122
We shouldn't make it fun to spy on people,
we shouldn't make jokes about it

1205
01:02:28,122 --> 01:02:30,242
in a way that normalizes it,

1206
01:02:30,242 --> 01:02:33,842
and we should respect those people
who are victims of surveillance,

1207
01:02:33,842 --> 01:02:36,702
and we should recognize that basically
everyone here is a victim of surveillance

1208
01:02:36,702 --> 01:02:38,300
to some degree,

1209
01:02:38,300 --> 01:02:40,420
and we should care about that,
and we should continue to be upset,

1210
01:02:40,420 --> 01:02:43,160
but not just upset; to channel that
anger into something useful

1211
01:02:43,160 --> 01:02:45,321
like making Debian better.

1212
01:02:46,820 --> 01:02:50,240
[applause]

1213
01:02:56,101 --> 01:03:00,041
[orga]: Thanks Jake for such a long Q&amp;A
session,

1214
01:03:00,041 --> 01:03:01,860
I hope you enjoy the rum.

1215
01:03:01,860 --> 01:03:04,802
And I'm sure Jake's going to answer any more
questions if he can still talk.

1216
01:03:08,300 --> 01:03:10,140
[Jacob]: Thanks.
