@tobararbulu # mmt@tobararbulu
Edward Snowden, Glenn Greenwald & Chris Hedges on NSA Leaks, Assange & P… https://youtu.be/ky0YLV5Vt9w?si=S8I58m9sQutZLPPF
ooo
Edward Snowden, Glenn Greenwald & Chris Hedges on NSA Leaks, Assange & Protecting a Free Internet
(https://www.youtube.com/watch?v=ky0YLV5Vt9w)
NSA whistleblower Edward Snowden and Pulitzer Prize-winning journalists Glenn Greenwald and Chris Hedges discuss mass surveillance, government secrecy, Internet freedom and U.S. attempts to extradite and prosecute Wikileaks founder Julian Assange. They spoke together on a panel moderated by Amy Goodman at the virtual War on Terror film festival after a screening of “Citizenfour” — the Oscar-winning documentary about Snowden by Laura Poitras.
2021(e)ko abe. 23(a
Transkripzioa:
0:00
[Music] this is democracy now democracynow.org the war and peace report i’m amy goodman
0:07
today a special on two people who will not be home for the holidays edward
0:12
snowden and julian assange in this special broadcast we spend the
0:17
hour with nsa whistleblower edward snowden along with two pulitzer prize-winning journalists glenn
0:24
greenwald and chris hedges i recently moderated a discussion with them at the
0:30
virtual war on terror film festival after a screening of citizen four the
0:36
oscar-winning documentary about edward snowden by laura poitras the documentary
0:42
chronicles how snowden met with laura poitras and glenn greenwald in a hotel
0:47
room in hong kong in june 2013 to share a trove of secret documents about how
0:55
the united states had built a massive surveillance apparatus to spy on americans and people across the globe it
1:02
was the biggest leak ever to come out of the nsa after sharing the documents edward
1:09
snowden was charged in the united states for violating the espionage act and
1:14
other laws as he attempted to flee from hong kong to latin america snowden was stranded in
1:21
russia at the airport after the u.s revoked his passport he was granted
1:26
political asylum and has lived in moscow ever since i began by asking edward snowden to talk
1:34
about why he chose to blow the whistle on the nsa i grew up in the shadow of government um
1:40
both my parents worked for the government and i expected that i would as well
1:46
september 11th happened uh when i was 18 years old
1:52
and it was one of those uh things that really changes the politics
1:58
not only of the people but of place and at the time i didn’t really question
2:04
that it just seemed like you know we had this new problem everybody on tv
2:11
and when everybody else was protesting the iraq war uh i was volunteering
2:18
to join and that’s because i believed the things that the government was saying not all
2:23
of them of course but i believe that the government was mostly honest
2:28
because it seemed to me on reason uh that the government would be willing to risk sort of our long-term faith in
2:34
the institution but for short-term political advantage as i said i was a very young man
2:41
i ended up going uh to work for the cia undercover overseas out of the
2:47
diplomatic platforms then i moved into contracting which is really you’re still working for
2:53
the government in government offices uh taking the directives from government working on government equipment
3:00
but the badge that you wear that identifies you changes from blue to green the color of only because most
3:07
people go into contracting still working for the government in these classified spaces because you make
3:12
basically twice as much the same work and then i worked in japan for the nsa um before eventually
3:19
bouncing back and forth back and forth back and forth until i ended up in hawaii in a little place called the office of
3:25
information sharing i mean it was only here uh and i was the sole employee of
3:30
the office of information sharing they didn’t realize how good i would be at that job and neither did i
3:37
that i could see the whole picture which was at the same time that i was
3:43
beginning to identify with the government the government was beginning to identify
3:49
less with its citizens than the public more generally what had happened was as
3:56
you know we grew up with this idea of the private citizen because we have no um
4:03
power or influence relative to the great institutions of the day uh and the public official right where we know
4:10
everything about them and what they’re doing who they’re meeting with and what their policies are and what their interests are we scrutinize them because
4:16
they order our lives their directives determine what happens tomorrow now well that was being inverted
4:23
and because of the new war on terror all the words all of the old ideals
4:29
could be tossed away and replaced with a deuces and that was the system of mass surveillance that we were publicly told
4:36
about the government knew it was likely unconstitutional and certainly uh
4:41
illegal but they continued with it anyway because they argued to themselves at
4:46
least it was necessary it was not necessary and it would take some time to establish that with facts and that’s you
4:52
know the story that we’ve done the years since but in brief realizing this
4:59
through the documentation of the architecture of the system how it came to be who was involved in building it
5:05
and authorizing it and constricting it which fell to people like me
5:10
who did not realize at each step of our careers what it was we were actually building because the need to know
5:17
principal uh collapsed your universe to your work you didn’t realize what the
5:22
office next door to you was doing you weren’t supposed to for those of us who didn’t know i mean it was only by
5:28
breaking down those barriers the fact that i moved from ciu to say that i moved from uh
5:34
actual uh officer of government to contractor working for private companies extending the work of government and
5:41
then finally working in this uh office where i could see sort of everything not just at my agency but
5:48
many other agencies that i saw the large picture um and that was fundamentally that the
5:55
government had lied not only to me but to all of us
6:01
um and this to me seemed like something broadly we had to know because if uh
6:09
government is in a democracy intended to be mandated by the consent of the
6:16
government but we don’t know what it is that they’re doing then that’s not consent or
6:22
it’s not informed consent consent is not informed it’s not meaningful uh and so i
6:29
started writing to journalists that brought me eventually to glenn and that’s where the story goes from
6:35
there can you talk about that that reaching out to laura poitras and glenn
6:43
and yes i want you to tell the story again because there are many who haven’t seen the film and it is that act that then
6:51
we’ll introduce glenn uh when you decided to leave everything
6:57
that you knew so well where you felt so safe to enter a world where as you said
7:02
you had no idea where you would end up
7:09
well when you first enter on duty at the cia they take you in a dark room it’s a very
7:15
solemn ceremony you raise your hand and say you know i state your name whatever
7:20
um do solemnly swear to uh support and defend the constitution
7:26
of the united states against all enemies foreign and domestic
7:32
uh they talk about the oath of secrecy there is no both of secrecy um there is
7:37
a uh standard form 312 classified non-disclosure agreement the government you sign which is what they’re actually
7:44
referring to but it’s not an oof it’s a civil agreement now on the other hand you do take this
7:50
oath of service as they describe it and this for me is what anime
7:58
what happens when you have uh conflicting obligations on the one hand you’re supposed to keep the secrets of
8:03
government because this is all classified information that we’re discussing um the fact that the government is
8:09
breaking the law is itself in secret but when the government’s law breaking
8:14
is a violation of the constitution that you entered into duty to uphold what
8:20
then do you do uh you know i talked to my colleagues i talked to my bosses uh they wanted
8:25
nothing to do with this many of them agreed that it was wrong but they said you know it’s not my job
8:30
to fix it’s not your job either um and they knew what would happen as a result everybody knew you know the
8:37
government was going to be extremely unhappy and everybody who has done this in the past has ended
8:43
up charged in prison as a result of this um but for me i felt that i had an obligation to do
8:50
this and so uh i gathered information that i believed was evidence of unlawful
8:56
or unconstitutional activity and i could have published it myself i could have just put it up on the internet
9:02
established a website possibly could have made it so it would not likely retract back to me
9:09
um however uh i thought if i just declared myself the
9:14
president of secrets and that i made some mistake right there wasn’t much process involved
9:20
there the problem that got us into this situation was that the government itself was
9:25
acting as a kind of uh unitary power the
9:30
office of the executive the president of the united states was assuming that luke
9:36
you know we decide what we will and won’t do the courts have no role in this uh the legislature has no real role in
9:42
this uh overstar site hasn’t been functional for years which i’m sure the other panelists will describe
9:48
but i didn’t want to replicate that so i felt i could check uh my own worst impulses and suspicions
9:54
by partnering with journalists right who could then take my bias out of the information
10:00
look at what the document said i actually go to the government for clarification where things weren’t here
10:05
and to challenge government but to do their own investigation to go to companies for comment and everything like that and find the best uh possible
10:12
version of the truth right what is the most accurate representation of this of that superset of their investigation
10:20
what is the subset of that that’s in the public interest to know um
10:25
working uh in absolute secrecy again with laura poitras
10:30
um greenwald eventually barton gellman and ewan mccaskill
10:36
i shared this archive of information with them on conditions that they publish for example
10:42
only what they believe is in the public interest to know merely what i thought was uh useful to know
10:49
and that’s what brought us to this hotel room in hong kong to explain what these documents actually
10:55
meant for the first time because as glenn can uh sort of testify to uh these were very
11:01
dense technical documents and they’re the sort of thing that journalists um in the uh
11:07
public world had never seen before well because they were so highly classified
11:12
so that does bring us to glenn greenwald um glenn talk about your first contacts
11:18
with ed snowden um when you decided to make that trip to
11:24
hong kong the risks that you were taking at the time you worked for the guardian
11:29
um taking on all the institutions that you knew could
11:35
certainly take you down i recall you know in the weeks leading up to our ultimate meeting
11:43
and was kind of fixated on the idea that we all fly to hong kong to meet with him
11:50
and you know we still didn’t know who he was we didn’t know in which agency he worked and the fact that he wanted us to
11:56
go to hong kong made everything much more confusing because why would somebody
12:01
with high level access to top secret documents of the u.s security state usually you would expect to find a
12:08
person like that you know in the kind of underworld of arlington virginia not you
12:14
know hong kong and i remember telling ed you know look
12:20
i i trust you i i feel like what you’re saying intuitively is is uh
12:25
genuine but before i get on a plane and fly all the way literally across the world to the other side of the world
12:32
show me something that demonstrates that you’re authentic that you actually have
12:37
material that makes all of this worthwhile and he said i’m going to give you the tiniest
12:42
tip of the iceberg um and we spent i don’t know a good you know two weeks setting up just an
12:48
encryption system to let him do that he sent me i think 20 documents
12:54
and even though those documents were as he said just the tiniest tip of the iceberg
13:00
they were shocking you know i mean just the mere fact alone that top secret documents had leaked for
13:06
the first time ever from the nsa the most secretive agency within the world’s most powerful
13:12
government was already momentous enough independent of their content but among the documents
13:18
were parts of what we were able to report as the prism program the cooperation
13:24
on the part of what at the time were the nine tech giants of silicon valley with the
13:29
nsa widespread data sharing giving over wholesale
13:35
information about their users to the nsa with no judicial checks no legal framework no democratic
13:41
accountability so suffice to say had sufficiently excited me uh and lured me i think that
13:48
night i called my editor at the guardian and demanded a fly to new york the next day which i did i met with her janine
13:55
gibson showed her what i had and everyone immediately knew that this was
14:01
going to be one of the most important stories in the history of modern journalism just based on those tiny number of documents let alone the the
14:08
full archive and that next day so it was very fast laura and i boarded
14:15
a plane um from jfk direct to hong kong and you know i talked about before how i
14:22
spent the 16 hours so engrossed with the documents that by that point we had had not necessarily the best operational
14:29
security ever reading top secret nsa documents you know on a on a on a public passenger
14:37
jet um while in them you know flying across the world but i knew this was by this point
14:43
the kind of first opening ever into this sprawling
14:50
undemocratic security state and i couldn’t help myself i needed to see what was in there
14:56
um and then we landed in hong kong 16 hours later and then the very next morning
15:01
through a plan that had devised that involved lots of kind of spycraft which was
15:07
really important we didn’t know at the time what u.s government authorities knew about ed and what he was doing and what
15:13
we were doing what chinese authorities might have known what local hong kong uh intelligence officials might have
15:19
known so all of that stealth was so important um but it was a huge blur you know we were
15:26
12 hours in a different time zone had a hurdle ourselves within a very short amount of time over to hong kong to meet
15:33
someone we knew nothing about um you know and i’ll never forget the moment that ed walked in and i think
15:38
baltimore and i we’ve talked about this before we’re shocked by many things including
15:44
his young age um you know i thought the whole time i was talking to somebody who is likely 60 or 65 years old and
15:52
you know i think part because of the sophistication of of ed’s insights but
15:57
also you know the thing that struck me so much and that to this day you know
16:02
is a critical part of my world view of how i look at things was unlike most
16:08
sources who understandably when they’re turning over top secret documents to journalists and
16:13
doing something the government regards as a crime and therefore want to conceal their identity
16:18
from the start you know ed’s posture was i don’t want to hide i i want to
16:24
identify who i am i want to explain to the public why i’m doing what i i’ve done and why i
16:30
think it was so important and so you know my belief was that he was probably 65 or 70. it’s i think you
16:38
know a lot easier to say i’m willing to risk life in prison if life in prison means 10 or 15 or 20 years of life
16:45
expectancy rather than you know 60 or 70. um so we were shocked
16:50
by that and we went up to ed’s hotel room and and laura being laura you know
16:56
immediately turned on the camera and me being me immediately began interrogating ed i think we had
17:02
like maybe 10 seconds of niceties before you know i forced him into this very
17:08
uh intense interrogation we were sitting maybe a few feet apart from one another in this small hotel room
17:14
and by the end of the day i was convinced that ed was authentic that the documents he had given us were genuine
17:20
and that this was a story that the public had an immediate
17:25
right to know should have known years ago and the courage and and the kind of
17:32
principled conviction that drove ed to do what he did i think immediately infected both myself and laura ewan
17:38
mccaskill the guardian journalist joined us the next day and he you know i think was
17:44
um contaminated by that well uh that as well and i think that um eventually that
17:50
made the guardian very passionate and willing and that act as we all know created these reverberations that really
17:56
to this day lasts that the government is always trying to spy on
18:02
what it is that we’re doing they particularly target marginalized and vulnerable groups at the time
18:08
the hot you know number one on their list was obviously muslim communities around the world including in the united
18:13
states and that journalism and whistleblowing is one of the few if not
18:18
the only means we have to find out what they’re doing and to guard
18:24
against their their abuses journalist glenn greenwald he won the pulitzer prize for his reporting on edward
18:30
snowden’s leaked nsa documents when we come back we’ll continue our discussion
18:36
with glenn and ed snowden and be joined by another pulitzer prize winner the
18:41
journalist chris hedges we’ll talk about surveillance internet freedom julian
18:46
assange and more this is democracy now democracynow.org the war and peace
18:52
report i’m amy goodman as we continue our discussion with nsa whistleblower edward snowden and
18:59
pulitzer prize-winning journalists glenn greenwald and chris hedges i asked ed
19:05
snowden to talk about what he felt was most significant about the documents he
19:10
leaked in 2013 exposing the nsa’s massive surveillance
19:16
apparatus the most important thing about the stories of 2013 that i think people
19:23
because it was not a story about surveillance um it was a story about democracy uh the
19:29
surveillance system the global mass surveillance system was the product of a failure in governance where we the
19:35
public had sort of lost our seat at the table of democratic governments because
19:42
uh secrecy the state secrets regime and the
19:47
classification animal had grown to such a size that it was allowed to push uh public oversight
19:56
further and further to the fringes of the decision-making apparatus until it was basically no longer present at all
20:03
what that meant was for the first time in history uh there was the technical
20:08
capability um and the political reality that it was
20:14
possible to construct a system that had not existed before now what did that system do
20:20
in history traditionally government surveillance has
20:25
occurred in a targeted manner whether it is the police going we suspect this one
20:30
this person of a crime going to a judge showing their basis for it establishing problem cause the judge okays it then
20:38
they put teams they have people uh follow them when they leave their house in the morning
20:43
they have another team go inside their house and place listening devices place video surveillance you know copy their
20:50
notepads take photographs of whatever’s going on
20:55
flown their their hard disks whatever this is a human-enabled capability
21:01
and that put necessarily necessary constraints on how frequently it could
21:06
be used and as the government agents are sort of following this person through their life
21:11
sitting down in the cafe behind them you know trying to see who they meet with right now license plates and all of these things and they don’t hear every
21:18
word that the person says generally but they get the idea they see who they they
21:23
see how long they were there with that person they see where that person went afterwards because they sent someone to follow them
21:29
this these activity records were now available for the first time in
21:34
a form called metadata uh things that are analogous to what a private detective would get from following you
21:41
around your life and you know taking pictures and writing down notes we’re now being produced by the
21:47
smartphones in our pockets by the laptops you know on our desk on the couch next to us but it was also coming
21:53
from your tv it was also coming from your car uh you know the system is inside of that now it’s coming from
22:00
automated license plate readers all of these things for the first time we’re producing information
22:05
that now the government went what if we didn’t have to go to a judge in every individual piece and say we
22:12
thought this person was up to no good what if under the aegis of the threat of terrorism
22:18
we could say we want to collect all information that could potentially theoretically be relevant to a terrorism
22:25
investigation before we need it and we’ll simply say
22:32
look at this information if you’re not suspected but we will still gather it about you as
22:38
though you work this is what changed and this is what continues
22:44
what has actually happened that expands this to to an even greater state of alarm is that now
22:51
this is a business now corporations are getting this and they’re competing against each other to
22:57
see who can provide similar product and even more attractive product
23:02
not just to governments who they do sell this information to as a service but also to advertisers and anyone else
23:09
who’s willing to pay that’s what’s changed which brings us to the pulitzer prize
23:15
winning journalist chris hedges um chris you’ve spent decades um exposing
23:23
governments wield lethal power from central america to the middle east to
23:28
the balkans ed snowden said that behind his disclosures was the
23:35
balance of state power versus people’s power to meaningfully oppose that power
23:42
can you talk about the significance of what ed just said in terms of exposing
23:48
the wars that the us has engaged in to this day
23:54
i would focus narrowly on what everything that ed exposed
23:59
for the press so when i began reporting the war in el salvador in 83.
24:06
we when we got uh secret or classified information they were documents
24:12
uh we didn’t transfer anything electronically um and and this was
24:18
the traditional way but in order to get those documents you had contacts with people uh who were willing to pass them
24:25
to you and so uh what happened and this was under the obama administration the
24:30
aggressive use of the espionage act against anyone who would reach out
24:35
kiriakou drake were mentioned and others a shutdown invested traditional investigative journalism
24:42
which i did periodically as a foreign correspondent and then did after 9 11
24:47
when i was based in paris uh covering al qaeda in europe and the middle east uh and so friends of
24:55
mine i left the paper in 2005 but friends of mine who are still doing investigative reporting at the paper
25:01
said in terms of getting any information on the inner workings of
25:06
power of government it has become impossible and i won’t quote her but a
25:12
former colleague of mine at the paper an investigative journalist said even
25:17
when she speaks to someone at the doj or anyone else
25:22
they’re nervous about even reciting official policy over the phone something
25:27
that sounds like a press release because they don’t want to get tagged uh for speaking to a journalist in fact they’re
25:34
already tagged uh and so i think it’s important to understand that what ed did
25:39
and what glenn did uh is the only way left
25:44
well jeremy hammond was another figure uh when i sued obama over section 1021
25:50
of the national defense authorization act which overturned the 1878 posi comet doctors act which prohibited
25:57
the military from use being used as a domestic police force we used the emails i think there were some three mill
26:03
million emails hammond had hacked into with stratfor a private security firm
26:09
like the one ed worked for uh and the homeland security where they were
26:15
they were the chat was trying to tie uh domestic opposition groups to foreign
26:23
terrorist groups so i mean they were asking it was anything posted on this particular site this uh jihadist site uh
26:30
so they can use terrorism laws against them uh and so the last readout for as a
26:36
as a journalist comes from figures like ed but of course the cost is
26:42
catastrophic uh in his case if he was not in moscow and they had grabbed
26:49
him uh he would be facing the kind of charges that uh julian assange is facing uh who
26:56
didn’t leak by the way it didn’t hack in anything he just published the material so i think for me what’s been so
27:01
distressing about the modern kind of period uh is that it that wholesale
27:07
surveillance that ability to follow anyone has really shut down our traditional access to people with a
27:15
conscience inside systems of power which is uh the only way that we can do any
27:22
real reporting uh on the national security state and it’s left and you see what they’ve done to ed what they’ve done to glenn i mean
27:29
after he published that he wasn’t sure whether he should come back to the united states um
27:34
so that that for me and and then in in speaking about the crimes of empire
27:41
i mean that gets into another issue which is the collapse of foreign correspondence because as revenues have
27:47
fallen uh to the floor uh the all the foreign bureaus are gone
27:53
there’s no there’s no reporting people will pull a clip from you know disseminated out of
27:58
syria or something uh that some somebody has sent out but that’s not reporting so
28:04
there’s a giant black hole about what’s happening which was of course again what
28:10
made the iraqi and afghan war logs so important uh and then i will just in
28:16
defense of people there uh most of whom are now freelance that and and i covering a war is very expensive i mean
28:23
if you want to be safe so i was driving in bosnia a 100 000
28:28
armored car uh you know sat phones all this kind of stuff um but it is dangerous it is i think the
28:35
danger level is exponentially increased not so much from sorry ever where the serbs were intentionally trying to shoot
28:41
journalists indeed shot 45 foreign correspondents um uh but it
28:47
you can’t you can’t go into the caliphate i mean it’s uh you can’t go in with
28:53
into syria with many of these groups because you’ll get kidnapped but but that has created uh
28:59
uh for me as somebody was overseas and just terrifying it’s drawn a veil on on
29:04
what the empire is doing uh and and and you know to quote thucydides the tyranny
29:11
that athens imposed on others when he’s attacking the death of athenian democracy and the rise of the athenian
29:16
empire it opposed it imposes on itself so i i guess my last point would be that
29:22
many of the techniques of surveillance and control that ed exposed were often
29:28
first tested i mean gaza is a laboratory for the israeli
29:34
military and intelligence service and they will talk about it as being tested against the palestinians uh so we often
29:42
see uh on the outer reaches of empire the techniques that gravitate back to
29:49
the united states as of course they have first off you’re absolutely right about the laboratory aspect
29:54
i’ve said before all of this stuff moves from war front to front um and we see the same kind of uh
30:02
techniques that were uh present in the archive of material that i provided the journalists in 2013
30:08
um being used to you know make the movements of cell phones in afghanistan
30:15
being applied by the fbi that’s black lives matters protesters uh just within
30:20
the span of 10 years i mean this stuff moves quite quickly uh from something that seems exceptional capability that
30:27
can only be used far away against you know the other
30:32
uh it moves right here home to the you know your neighbors
30:39
um but you you spoke about this this dynamic that uh you know it’s something i persevered on i think about this a lot
30:46
uh which is uh it’s become more difficult to access officials and let them tell you anything
30:53
much less than the truth about everything the relationship between
31:00
sources and the journalists that they work with in context of power
31:07
i think all over the places threatened but those doors have really been closed and this has um i think
31:14
enormously increased the necessity so the power of document releases
31:22
you know things like chelsea manning provided things like pipe provided
31:27
ellsberg in the 70s but also we see in the case of this uh facebook person
31:32
francis hogan um it feels as though we’re in it talks about this pope’s truth dynamic
31:40
where the actual facts of the case are uh disputed as frequently as the
31:45
interpretation of them people try to then the obvious truth is and it seems like documentation has
31:51
a way around that um i would just ask where do you think
31:57
things are headed from if we no longer have access to factual information for the government
32:03
you have a much greater history of viewing this than than a lot of us uh here do amy you’ve also seen this your
32:09
entire life democracy now is one of the few outlets that i think reports
32:14
aggressively on this government is perennially deceptive it’s
32:19
snowing us in regards to what is happening because they want us to view the facts of our reality through
32:26
a preferred lens when they begin shutting the voting public from um
32:34
you know the the facts of our reality what they actually are and at the same time any documentary
32:41
release is uh quite literally criminalized uh
32:46
what happens next well what happens next is east germany which i covered except that we’re far
32:52
more efficient than the stasi and uh i just i i’ll let glenn because
32:58
he’s written on this better than i have i don’t think the facebook whistleblower is a whistleblower i think she’s a tool
33:04
of the security and surveillance state and they’re using her to justify the kind of censorship they want against
33:10
people like you and glenn um so you know this gets into a whole other
33:17
analysis but we’ve undergone what john ralston saw calls a corporate coup d’etat it’s over any time you have a
33:23
tiny cabal that seizes power in our case corporate and all of the institutions
33:30
especially the democratic institutions are deformed to essentially buttress and
33:35
increase that power and wealth uh then of course you’re leaving the vast
33:40
majority the uh you know the 99 percent if we want to use that term
33:46
uh as uh your either the whole process is about disempowering them and that
33:51
surveillance has to become more draconian pulitzer prize-winning journalist chris hedges formerly with
33:57
the new york times we’ll continue with hedges edward snowden and pulitzer
34:02
prize-winning journalist glenn greenwald when we come back and we’ll talk more about the imprisoned publisher julian
34:09
assange this is democracy now democracynow.org the war and peace
34:15
report i’m amy goodman as we continue our discussion with national security
34:20
agency whistleblower edward snowden and pulitzer prize-winning journalists glenn
34:25
greenwald and chris hedges i asked ed snowden to talk about u.s attempts to
34:30
prosecute and extradite wikileaks founder julian assange who suffered a
34:36
mini stroke in a british prison in late october as he fought to avoid extradition to the united states to face
34:44
espionage charges he faces 170 years in prison
34:49
a british court has now ruled in favor of the biden administration’s appeal to extradite assange to face charges in the
34:57
u.s in a ruling condemned by journalists around the world as a major blow to
35:03
press freedom this is ed snowden i think what uh a lot of people miss um and we
35:08
see this in the public responses to uh sort of leaking whistleblowing whatever you want to call that
35:14
this documentary release um is uh
35:19
both sides of the aisle democrat republican um honestly pick any country pick their political dynamic it doesn’t
35:26
matter power does not respond well to its bad behavior
35:31
be exposed um that’s that’s very clear and that’s what happened in case uh
35:38
that’s what will happen every case um there is no force or access to courts or
35:44
process or protection for someone who makes the government uncomfortable
35:50
or produces a large enough political threat an entirely political threat a non-violent
35:57
um publication of truthful information this is all julian assange has ever did
36:03
done all of the charges against him that you see the government talked about communicating national defense
36:10
information espionage you know uh conspiracy there’s a uh entirely
36:15
constructed uh hacking charge under the computer fraud and abuse act
36:21
uh which is supposed to show trying to hack military computers or something uh but it’s absolutely
36:28
ridiculous because for one it never actually happened it’s the product of a 20-second conversation uh between a
36:35
supposed chelsea supposed julian assange because the chat transcript is pseudonymous they don’t
36:41
even know it’s these people um but then it’s describing uh this alleged manning trying to access the
36:49
administrative account for the personal machine the the the work machine that’s being
36:55
used uh to copy this material it’s not going to provide additional access so
37:00
i’ll tell you i work with these kind of machines i understand how it was it was entirely a source protection
37:06
conversation it was entirely about how could manning protect their identity if indeed this
37:11
was manning from being discovered now the government is presenting as if you know julian assange hacked the pentagon
37:19
it’s absolutely ridiculous that if you look at the constellation of all
37:25
of this now you know julian is one of history’s greatest criminals you know less time
37:31
than their threatening assange with and what was a saunders crime telling the truth about something the
37:37
government did not want to be told um and then you know chris mentioned uh this other facebook person and
37:44
i think a lot of people miss this it doesn’t really matter why a
37:50
whistleblower or anyone else publishes this material it doesn’t matter whether
37:55
it’s you know facebook’s dirty laundry it doesn’t matter whether it’s john podesta’s risotto recipes it doesn’t
38:00
matter whether it’s uh material regarding the the absolute government’s
38:05
internal truth of mass surveillance the whistleblower
38:11
is the mechanism they are the lever we don’t have to like them
38:17
but they don’t truly matter once they’ve done this and this is why it’s wonderful the support
38:22
that i received and i very much hope that julian will receive more of it he absolutely hasn’t
38:28
particularly from the press which is i think one of the great media tragedies i will tell you
38:33
um but the response should be a little bit like you know thank you very much for your
38:39
whistleblowing um but now please stop telling us you know what we should do about facebook um you are not
38:47
especially placed to you know uh answer a public conversation
38:53
listen to you will hear you out sure but you shouldn’t be treated
38:59
the speaker of god’s honest truth simply because you held it in your hand and provided to someone else
39:05
that’s a wonderful thing it’s a public interest gesture right but i i think a lot of the opposition
39:11
people have to this is there’s an elevation where the whistleblower label
39:16
is applied to someone and then everything they say from then is supposed to receive additional weight
39:22
perhaps it could but their statement shouldn’t really be evaluated any differently
39:27
than another person saying you know it’s interesting i was uh reflecting on what i had said at the beginning which is
39:33
that in some ways these events that we’re convening to discuss seem
39:38
like they were 10 lifetimes ago and in a lot of ways anything that happened before trump does and then in other ways
39:44
it a lot of it seems like it it happened just yesterday and i think the reason for that is is because sometimes
39:52
there are really important details that we’ve forgotten so chris mentioned and alluded to for
39:58
example the stasi and i remember just now i probably haven’t thought about this in several years even though it’s incredibly important and revealing
40:05
that when there was a report around the time we were doing the snowden reporting that the nsa had been spying under
40:11
president obama on the personal cell phone of angela merkel she called
40:17
obama indignant enraged by all accounts and very meaningfully given that she had
40:24
grown up in communist east germany under the actual stasi it wasn’t an
40:29
abstraction to her but a very vivid memory invoked mem the stasi and said
40:34
essentially what you’re doing is what they did and that caused german newspapers to go and interview
40:41
stasi agents former agents of the stasi and what they said about these snowden revelations were
40:47
we would have loved to have had the capacity that the nsa
40:52
developed but it was beyond anything that we could have possibly dreamed of what they have done is so far beyond
40:59
anything we were capable of doing or even thought about doing this is ubiquitous surveillance
41:05
that they’ve created and i thought that was really poignant and sometimes that the details like that
41:11
have gotten lost i think the reason and on the other hand though it seems like yesterday is because so many of the
41:19
the kind of battles that were waged as a result of of what ed did and the fallout are very much with us
41:26
today um you know i i i think that at the time when we started the reporting and the
41:33
debates uh that were provoked by them unfolded the focus was on the infringement of our
41:39
right to privacy obviously that was an important part of the story but i always felt like the story was about a lot more
41:46
than that one part of it was whether or not we actually have a
41:51
democracy in anything other than name only if incredibly consequential events are
41:57
being undertaken in the dark without anybody knowing about what’s being done
42:03
you know one of the things that was so striking is when we revealed these programs it wasn’t just the public
42:09
and the media that had no idea the nsa was doing any of these things it was members of the intelligence committee
42:16
and members of the national security committees in the uk parliament who wrote op-ed saying we had no idea any of
42:22
this was happening and so for me a big part of what we were doing was waging a battle on behalf of
42:28
the public’s right to know and so much of the reason that there was so much intense backlash against the
42:36
story and against ed the reason eight years later he’s still in russia and then when donald trump floated the idea
42:42
of a pardon on a bipartisan basis people were so outraged the reason they’re so angry about it wasn’t necessarily
42:48
because of the right to privacy aspect it was because of their ability to
42:55
make consequential decision decisions the most consequential decisions without anyone knowing about what they’re doing
43:02
was in peril by these revelations and that’s the same reason that julian
43:07
assange is now in prison not necessarily because they’re specifically angry about
43:12
what he revealed in 2010 or 2016 or even the apple vault revelations what
43:18
they’re really angry about is that he represents still a
43:23
uh a weapon that prevents them from doing what is most important to them which is
43:29
the ability to run the world including societies that are ostensibly democratic without anyone knowing what
43:36
they’re doing but the other aspect of it i think is really important with regard to this whole you know facebook
43:43
disclosures and the debate that’s taking place over uh how we combat things like
43:48
misinformation and fake news as a result of francis hagen but even before that is you know i had mentioned that that
43:55
that first day that i interrogated ed what i wanted to know and needed to know more than anything was
44:01
you know you’re 29 years old you have a loving family you have a
44:06
girlfriend um with whom you’ve had a very fulfilling relationship you have this incredibly
44:12
bright future ahead of you why would you want to risk your entire life spending the rest of
44:18
your life in a high security prison for this cause like why is this important enough to you to do
44:24
and what finally convinced me about ed’s motives was when he told me about
44:29
how a free internet was so central to everything that he was able to do in
44:35
his life growing up you know in a like a lower middle class home without the ability to travel
44:41
internationally and lots of those privileges that people who come from world have that the internet was his
44:46
gateway into exploring the world something with which i had identified so much and so in a lot of ways i saw our cause
44:52
back then not necessarily this more limited uh definition of protecting the right of
44:58
privacy but protecting a free internet this invention that is singularly
45:04
capable of empowering people and emancipating people and enabling us to
45:09
communicate and organize without centralized corporate and government control
45:15
and i see so many of the current controversies about
45:21
how much censorship there should be online that comes from facebook and google the anger that facebook and google
45:27
aren’t censoring enough which i think is the big takeaway from these disclosures from frances hagen
45:34
debates about how much the government should be controlling the internet very much this a a central part of that
45:41
same battle that was being waged when ed came forward that when julian came forward
45:48
which is can centers of power around the world tolerate
45:54
any kind of instrument like the internet that enables people to
45:59
interact freely to think freely to develop ideas freely to organize freely
46:04
outside of the control of centralized authority
46:10
what is happening to julian assange today and wikileaks
46:15
um this case as uh glenn said i don’t think any any reasonable person that believes it
46:22
has anything to do with what he did in 2009 uh publishing the iraq and afghanistan
46:28
war logs and autonomy bay files which received rewards all over the
46:33
world high prizes in journalism everyone recognizes it today as a public interest
46:38
story of historic importance it is the best place
46:44
the guardian the new york times every major you know news outlet around the world participated because of that
46:50
recognition right absolutely and it’s like just this was a positive event even though
46:56
the administration obviously hated it but we’re not in that world now right
47:02
we’re 20 20 20 21 um we are far from it and now it’s dug up and now
47:09
it’s used against him and i think it everyone
47:14
recognizes the question is why or should recognize the question is why this is a case
47:20
of political character that asserts a political crime my political crimes never
47:25
qualify for extradition and then what is a political crime political crime is
47:32
the victim is the state itself assassination is not a political crime
47:38
because the head of state is still a person right you you shoot the president the archduke whatever
47:43
you are you still qualify for extradition because you formed an individual the state as an apparatus
47:50
when you are publishing its misdeeds and that is itself held up to be criminal uh
47:56
there is no more political crime which makes julian assange a political criminal or a political prisoner i think
48:02
certainly if assange is a criminal we all are
48:08
criminals because we all want to know the truth we all deserve to know the truth and we must [Music]
48:15
at least the outlines of it in order to exercise our roles as citizens and free
48:20
society uh glenn said again and he believes you know in 2013 the motivating force
48:26
for his participation is the free internet go further and say it’s the free society about the press they hate
48:34
i’m talking about the institution like the times they hate julian and they hated him when he was giving them that
48:40
information and the reason they hate him is because he shamed them into doing
48:45
their job i’ve i don’t know if i told you amy but every time i sat with bill keller who
48:51
couldn’t stand me of course and wanted me out of the new york times he would bring you up he goes well i guess she could work for a democracy now i mean
48:58
i think he hated this thing about you well because you i praise you shamed him
49:04
that’s what the alternative press does it shames them but there’s a real hatred because they want to present themselves
49:11
as the journalistic and kind of moral center uh and so that’s why the press
49:17
after these revelations turned with a vengeance i think that
49:23
uh the julian case is so important not only because he is still in belmarsh but
49:28
because it does provide this prism into all of these issues it was ironically bill keller who was the first
49:34
person to smear julian’s personality by writing a column after where he said i’ve worked
49:40
with julian he smells his socks are so dirty they don’t even come up to his ankles
49:45
this you know media the role of the media in all of these things that we’re talking about the corporate media i
49:51
think is so crucial um because obviously if the media were out there
49:57
like they were doing under trump saying that joe biden is imperiling press freedoms and raising their voice it
50:03
would be a lot more difficult to do what they’re doing doing to julian but they’re not and i think it gets back to
50:09
what chris said um julian was doing the kind of whistleblowing and reporting like ed was
50:15
doing that the government doesn’t want and what they do what they think is reporting is when the cia comes to you
50:21
or the fbi comes to you and says here’s the information we want to be published and then they go and publish it and i
50:27
think they are a huge impediment um just so many of the goals that we’ve been talking about trying to reach but also a
50:34
crucial instrument that’s being used by the centers of authority to maintain these repressive structures
50:40
in place in the little time we have left uh ed
50:45
you know julian assange is in the bellmarsh person um faces 170 years in prison in the united
50:53
states yahoo news revealed that the cia had a
50:59
was plotting to kidnap or assassinate him if we get in by you coming specifically
51:06
on that and also then in your own case um what is your hope of returning home
51:13
what communications are you having with the biden administration is there any hope
51:19
i i definitely haven’t communicated with the biden administration i didn’t communicate with the trump administration um we’re not really
51:26
calling each other every day uh you know that that’s uh quite a ways
51:32
back um case i’m just going to set it aside because it’s you know there’s no
51:38
movement on it doesn’t really matter history will be the judge um if they want to force me an exile
51:44
phone you know i’m not going to be miserable i will make as positive and impact the world uh as i can from the situation
51:51
that i can uh about the case with julian and uh the assassination plans against some of the
51:57
rendition plans against them it’s really an extraordinary story you uh you are listening haven’t read this uh you
52:04
absolutely should uh you know the cia was planning out with the white house
52:09
and their partners in in london uh having gun fights
52:14
in the streets of london if you know they had to shoot out the the tires of a plane who was going to do that which
52:19
service was going to do it um just absolutely you know it’s crazy it’s hard to believe
52:25
um where it should be apart but unfortunately in
52:31
the direction that our society is progressing in the post-9 11 period is becoming um more familiar
52:38
and i think that’s uniquely threatening it’s it’s funny when i came forward in 2013 in citizens
52:45
i think there’s a comment in the film nevermind like uh you know the embassies right up the street they could rendition
52:50
me or the triads whatever uh you know just try to often
52:56
whether they do it to hands-on or whether they say oops it was an accident he fell
53:01
to me those things were possible and at the time even journalists who were working
53:07
with me argan gelman washington post of the time said he thought that was you know a
53:13
little bit ridiculous but years later as he began to see he himself was subjected to surveillance uh
53:19
he saw that the u.s intelligence services had been keeping the tabs on his reporting
53:26
before he was ever involved with me uh and of course now we see things like julian
53:32
um force is not a barrier to the state
53:37
when it comes to securing their objectives and i believe
53:42
anything they could have done uh to stop this story they would have done if they
53:48
believed it uh if that meant taking action against me if that meant taking action against a journalist i believe they would have
53:54
done it in the case of julian assange that thinking has been vindicated uh
54:00
julian assange is not a whistleblower that’s not a judgment on him that’s the
54:05
fact he’s not the source he’s the publisher that means he should be less at risk than the whistleblowers
54:13
and yet somehow he has ended up more at risk now the question is how is that
54:19
possible has assange changed and we look at what the charges against them are not really
54:24
talking about things that happened in the distant past what has changed is the nature of the
54:29
state and its relationship to the press and if we let that be established
54:36
with them during assange not with a gun shot in the streets of london not with a drone but with
54:42
concrete in belmont or florence or uh whatever prison they put him in
54:47
that is not better now whether you kill someone fast or you kill someone slow if you are killing
54:53
them because you don’t like what they say
54:59
that is i think a final judgment on the state rather than on the victim of the state that’s national security agency
55:06
whistleblower edward snowden along with pulitzer prize-winning journalists glenn greenwald and chris hedges i spoke to
55:13
them as part of our discussion at the virtual war on terror film festival
55:19
we’ll link to our entire discussion at democracynow.org
oooooo
Open Dialogue: Edward Snowden, Live from Russia | Dalhousie University https://youtu.be/oizhVJstxC4?si=y0Gj1Kh9kAdPsc1p
ooo
Bruce Schneier and Edward Snowden @ Harvard Data Privacy Symposium 1/23/15
(https://www.youtube.com/watch?v=7Ui3tLbzIgQ)
Bruce Schneier, Harvard Berkman Center Fellow, talks with Edward Snowden about government surveillance and the effectiveness of privacy tools like encryption to an audience at Harvard’s School of Engineering and Applied Sciences.
Part I of the Institute for Applied Computational Science’s (IACS) annual symposium on the future of computation in science and engineering. Co-sponsored by the Center for Research on Computation and Soceity (CRCS) at the Harvard John A. Paulson School of Engineering and Applied Sciences.
Transkripzioa:
0:00
um but as you know our first uh uh uh part of the program is a conversation
0:06
between Bruce schneer and Edward Snowden um Bruce is one of the world’s leading experts on computer Society who we’ve
0:14
been extremely fortunate to have visiting uh here at Harvard as a fellow at the burkman center for the internet
0:19
and Society for the past year and a half uh one thing that’s really remarkable about um Bruce is the extremely wide
0:28
span of the kind of work he does ranges from mathematical research papers on the
0:33
design and Analysis of cryptographic algorithms to policy engagement by serving on government committees and
0:39
testifying before Congress and a huge amount of uh writing about computer
0:45
security uh for lay audience through uh popular articles blog posts and a number
0:51
of books uh the latest of which is uh data and Goliath the new book uh that is
0:57
uh coming out I believe on March 7 um and Bruce will be having a
1:03
conversation with Edward Snowden um who probably um needs no
1:09
introduction um but uh Edward uh uh is a
1:14
Former Intelligence officer who served uh at the CIA NSA and Dia as an expert
1:21
on technology and cyber security for nearly a decade um before the disclosure of uh classified uh documents uh in 2013
1:30
um while he was a consultant at the NSA um last year epic the Electronic Privacy
1:38
Information Center um gave uh gave Edward uh one of its champions of
1:45
Freedom Awards uh for the effect of what he did on transforming the public debate
1:51
on privacy and we’re really thrilled that he could join us today for this conversation by video conference with uh
1:58
Bruce schneer to talk about uh surveillance and and tools for
2:05
addressing
2:28
that I’m pretty sure that Applause is for you not for me well welcome to Harvard good to see
2:35
you again Bruce thank you thank you very much and I’d like to thank you and Harvard and the burkman center everybody
2:41
involved for the opportunity to speak I have to say the burkman center from my
2:46
perspective uh during my time with the NSA and every uh long before 2013 has always been kind of on the
2:53
Leading Edge of these topics and the issues and thinking sort of ahead of the curb on the debate so I I just want to
3:00
say thanks for everything they’ve been doing and I hope they continue in the future yeah thank you so let’s start by
Encryption
3:08
talking about about cryptography and uh what can and can’t be done I mean to me the biggest surprise in all the NSA
3:14
documents is is the lack of big surprises that we don’t see any any any
3:21
major Secret Sauce of of quantum computers or you know anything that that
3:28
says they or really any intelligence agency can do magical things and to me
3:33
that’s really interesting right I I I would say it’s it’s critical and it’s important because it reminds us that
3:40
despite all of the documentation we’ve seen all of that that outcome of the revelations and everyone’s been
3:46
concerned is that encryption really is one of the few things the mathematics of it when it’s properly implemented that
3:52
we can rely on and this is fundamental when we talk about computer security because we’ve got to have some Foundation we’ve got to have some basis
4:00
for trust from which we can start building things and when we look at the software typically this is not reliable
4:06
but when we look at the stories that have come out and been reported publicly about how the NSA attacks encryption
4:13
properly implemented encryption does work the algorithms in the math are
4:18
often sound and when they do attack it it’s typically through uh some kind of
4:23
weakness uh some sort of shortcut that that sort of uh reduces the resistance
4:29
but typically not a clean break there’s no magic key that unlocks crypto yeah
4:34
more likely try to go around it and steal the keys off of the end points right so there was something in uh in in
4:42
the the black budget it was clapper’s introduction and he has an interesting sentence and I I I always I always I
4:47
always talk about this he says we are investing in groundbreaking crypto analytic capabilities to defeat
4:54
adversarial cryptography and exploit internet traffic so that’s an interesting quote I mean doesn’t sound
5:00
like we’re hiring a bunch of mathematicians and and hoping they get lucky it sounds like you know right we
5:07
got something in the back room we got the massive computer we got the cool piece of math you know is he just is
5:15
that just a PR sentence and it trying to make whatever congressman and and staffers read that uh
5:23
optimistic you know is what my my question is I’m thinking about this so
5:28
do they have like a on rc4 or is this uh a massive database of SSL keys or is it
5:36
something against some amateur stuff uh so I’m I’m not going to reveal
5:41
anything that has yet to be published I I leave it to the journalists to decide where to draw the line uh in terms of
5:48
what should be public and what would basically cause more harm than it would cause benefit because I have a strong
5:55
political bias and by trusting these DEC decisions to the institutions the Press they can
6:01
sort of remove that bias and make a more reliable decision so I don’t want to get too uh too ahead of them there but what
6:09
I will say is that when you think about government culture yes there is some Showmanship to the way to write this
6:15
these budget uh black budget uh documents are typically the results of budget justification they go around and
6:22
they ask all the offices you know what are your successes what are the things you can do what are the things you’re
6:27
working on that we can pitch to get more money and this is how ultimately we end up with $75 billion a year intelligence
6:34
expenditure that we had now um but when we look at the actual uh cryptographic
6:40
access and methods that have been uh typically pursued yes there there are
6:45
some successes uh there is a lot of success against home brewed crypto sort
6:52
of Boutique crypto uh commercial close Source crypto and critically Hardware
6:58
implementations crypto uh but when we talk about the the real academic open source peer-reviewed
7:05
standards uh things like a yes Blowfish two fish things like that um those are
7:11
typically pretty robust pretty reliable and we had seen within the documentation uh references that
7:19
indicate that there are certain cryptographic methods that are widely for today we saw this in we saw this in
7:27
uh some of the documents that Spiegel released in December that OTR pgp that
7:32
these are uh tour that these are open security cryptographic standards that
7:37
are giving the NSA a lot of trouble so so we are we are learning that interesting the black budget it’s it’s
7:44
hard to check the numbers but it seems to me it’s 35,000 people in 11 billion are part of what are called uh the
7:51
Consolidated cryptologic program that’s that’s DOD wide uh about 4% of that goes
7:57
to research and Technology that’s 4 40 million so there’s a lot of money being spent on the math and it I mean I think
8:05
it’s a credit to the math that this much money this much effort whether it’s the
8:10
NSA or China or or any other country isn’t producing these fantastic results
8:17
I mean 10 20 years ago we would assume that we in the academic world were a decade Behind the NSA and other
8:24
countries and it seems that that’s that might not be true that there is more parody
8:30
than we thought I I do think the community is much closer to the nsa’s uh
8:35
understanding of the math today than they have in the past crypto was you know kind of a black art along with
8:41
computer security for decades and decades recently we have seen the sort of capability Gap as you consider it and
8:48
this is around the world not just within the US Community uh really shrink it’s come closer together but this
8:54
mathematical expenditure I mean it is valuable and does uh it does have a payoff in in certain respects one of the
9:01
keys are uh sometimes governments use their own algorithms for example the
9:07
Russian uh government has their own uh encryption algorithm standards for
9:12
protecting their classified data so when we talk about things that are publicly used these are really dangerous and
9:19
honestly uh if NSA has some capability against it they should not be using they should be reporting it and closing it
9:25
because it actually uh weakens us the United States and the public internationally around the world if we
9:32
have poor security but if they’re using this against sort of Again Boutique
9:37
crypto that’s only used in sort of adversary contexts uh this is something that they should be investing heavily in
9:43
research in when they do have successes there they should explo that you know I I’ve heard uh this period after these
9:50
documents called the second Dark Age of cryptography because again we have a lot of people suddenly not trusting anything
9:58
building home brw stuff which is inherently more vulnerable just like we saw in the mid 90s when we
10:04
didn’t know anything and people are are inventing their own own crypto systems so yeah so what you said is what I think
10:09
we’re learning is that the way again not just the NSA way everybody gets around cryptography is by getting around the
10:16
cryptography one of the documents that Spiegel uh published talked about VPN as several of them did uh pptp is a a VPN
10:24
standard it’s insecure I mean I wrote a paper that broke it I think 1998 and
10:29
here it is still being used and of course it’s being exploited I mean not just by the NSA probably by everybody so
10:36
we do see a lot of these commercial systems that are poorly designed being
10:44
exploited either you know by by whoever right and one of the other big
10:49
distinguishers is the the fact that we’re not talking about you know laboratory environments we’re not
10:55
talking about uh sort of the academic implementation we’re talking about practical implementations that work at
11:01
scale uh for VPN exploitation we’re talking about automation of it the
11:06
detection of it the ingestion of it from The frontend Collection systems pulling it back sort of to our storage systems
11:14
where we can keep it forever and the automation of of using sort of a gigantic resource tool if it requires
11:21
some kind of Crypt analysis uh to do that in a standardized way where you don’t have to have an individual human
11:28
going in and do doing all of this it simply just happens in the background 247 while the lights are off and it
11:35
provides them access into sort of our private lives private records uh and
11:40
this has uh intelligence of value but also has significant risks to sort of
11:45
the fabric of the internet the infrastructure now at the same time we shouldn’t be relying on these old bad
11:51
standards that we know are weak also with encryption uh one of the things that we’ve seen is given this sort of
11:57
Dark Age mentality that you’ve mentioned there are really two risks one is that the algorithm itself could be weak a
12:05
weakness that we are not currently aware of also the implementation could be bad when we get new crypto tools it normally
12:12
takes a number of years before we know they’re robust before we know they’re reliable they have to be reviewed by a number of people they have to be broken
12:18
a number of times and they have to be fixed and eventually they they reach a level where we’re sort of defensible for
12:24
algorithms we don’t have that same uh same standard typically because there’s
12:31
not that many people who can attack them in a credible way outside of the academic Community which is quite small
12:37
which is why when we get new crypto we don’t see it adopted for 10 years what I wonder is if there’s any way we could
12:43
sort of pull this curve forward by doing research into cascading uh cryptographic
12:50
algorithms where we don’t rely on a a single implementation of a single algorithm at a single bit length but
12:58
actually use two or three or you know an arbitrary number of different
13:03
cryptographic algorithms that are uh performance aware sort of provid us that you’ll
13:09
you’ll see that sometimes right in in general the algorithm is the strongest piece I mean this is this is what we’re
13:15
learning so whether you know here we are building a wall and now we’re arguing whether one post should be a mile tall
13:22
or a mile and a half tall in a sense it doesn’t matter what we really have to worry about is the rest of the rest of
13:29
everything so the bad implementations the the weak Keys any kind of of back
13:36
doors that can be inserted in the software we’re seeing a lot of that I don’t know if you remember there was a a
13:42
back door found it wasn’t inserted but almost was into Linux a few years ago we
13:47
don’t know who did it it showed up in the code it almost got in now it could have been any government we so so that
13:55
is a much bigger risk I was reading last night some of the documentation on the
14:01
surveillance arms manufacturers the companies like hacking team uh RCS that
14:07
are sold to third world countries that I do much the same things that the NSA does not at the scale but it is hacking
14:15
into a computer reading the encrypted traffic after it’s been encrypt been decrypted U key loggers grabbing
14:22
passwords and and I’m reading what these capabilities are and it’s very much the
14:28
same as the NSA toolkit presumably the Chinese government toolkit and we’re seeing this democratization of these
14:36
techniques what what countries have that I think what the major countries have is
14:42
is the budgets to do the paralyzation what you said doing it automatically 24
14:47
by7 based on privilege positions on the internet right the Chinese can do that just because of the way their internet
14:53
works within their country Russia is trying to get the same capability the NSA has a lot simply because so much
14:59
traffic goes through the United States and and that’s something else you said
15:04
early on that that it’s the end points that are weak that it’s not the data in
15:10
transit that’s weak it’s the end points which then can break the data in transit
15:16
sort of interesting to see that interplay right ultimately it comes down to the level of effort that the adversary wants to expend uh when you’re
15:23
thinking of it from the offensive side you know when I’m going after a Target you look at the Target and you go how
15:29
can I get them now the reason we see this explosion in Mass surveillance that
15:34
we’ve had in the last 15 years in post 911 era is because passive is cheap it’s
15:41
easy it’s simple if you’re a nation state as you said whether you’re China or or France us Russia whatever uh if
15:47
you can go to the Telecom providers uh and there’s a lot of plain text out
15:53
there just pull it off the lines uh and and there you have it you’ve won sort of you got Communications you got
15:59
associations you’ve got content you’ve got whatever you need on the lines now the benefit of encryption across the
16:06
wire is that it makes that much more difficult they have to either go with a much more sophistic attack they have to
16:11
subvert the uh certificate authorities they they have to go after the key material basically and one of the the
16:19
you you kind of hinted at this earlier one of the real dangers of the current uh security model at scale for Defenders
16:27
is aggregation of key material if you have a centralized database of keys that
16:33
is a massive Target they’ll go after that either remot or they will send uh
16:39
someone to get hired into your organization to develop access and eventually exfiltrate that key material
16:46
because again they don’t want to attack the crypto they don’t want to expend uh computational resources they want to
16:52
just be able to unlock it by getting around it as you said the wall is high so rather than go over it they Rather B
16:59
a hole under it or walk around it uh we’ve got to focus on the end points we’ve got to focus on the keys and have
17:05
control basically more def there I mean and something else is happening in the
17:10
United States at least is we have these these legal attempts to get keys so we
17:15
saw the whole lava bit example compulsion where right compulsion where the FBI went to the lava bit went to the
17:21
courts and said give us the master key uh we saw this uh with Skype which something we didn’t know for a for a few
17:28
years we knew that the that Microsoft did something to Skype to make it more EAS dropping friendly we
17:34
didn’t know what and there was a document in in the latest Spiegel uh release that talked about it that they
17:40
redesigned the system so that they had the keys and now the US government can go with a with a fisa warrant and and
17:49
demand access to the keys for whatever Skype traffic they wanted and reading
17:55
the the NSA document looks like they got brought access to Skype the uh the audio and the text and presumably other
18:03
countries can do the same thing with the companies that they would they have that legal
18:09
compulsion yes uh and we do see that we see that happening increasingly around the world and it happens on both a
18:15
discriminate and an indiscriminate basis obviously we want to Heir on the side of
18:20
discriminate targeted compulsion whatever that happens but intelligence authorities in general they they have
18:26
sort of three methods for for going out to these systems they don’t like they’ve got
18:31
coercion uh they’ve got compulsion and they’ve got intrusion yeah they also
18:37
have bribery right we know that they’ll occasionally pay well I kind of count that in coercion okay fair enough um but
18:44
that’s exactly it I mean uh sub subversion uh being what they did with
18:49
uh nist the standards organizations uh where they they will sort of abuse the
18:55
trust that the industry the the commercial sector the academic sector
19:00
has in them in their brand the idea that they’re called the National Security Agency so we assume they’re going to
19:07
secure our Communications without necessarily being aware that they have this dual role this dual Mission and in
19:13
the last you know decade plus uh they have really shifted their focus they’re a much less defensive organization than
19:20
they’ve ever been before uh and a much larger a much higher portion of their
19:25
efforts is committed to offense so really if if the NSA is knocking on your
19:30
door and asking for uh your help if it’s not on a compelled basis where you know
19:37
there’s some kind of Court involvement you should really be asking yourself why is this proper is this appropriate and
19:43
does this serve the Public’s needs broadly am I sort of benefiting an intelligence agency a group of spies a
19:51
state Security Bureau or am I benefiting the the public the country the
19:56
government and these are really questions that we need to think know actually I want to get back to that
20:02
later but so going sort of talking more about this way of collecting the data
20:07
again I think the surprise from the NSA documents is there’s not a lot of magic
20:12
so when I was working with the guardian in October and released the story about tour the the big thing that the guardian
20:20
of the NSA were negotiating and they didn’t want released was quantum the quantum program which is basically
20:26
packet injection and what surprised me is how that’s not a
20:33
big secret right well the technique I mean yes you can do this in Starbucks
20:38
well it’s you see it everywhere I mean there are hacker tools to do packet injection the great fire oil of China
20:44
Works on packet injection uh both finfisher and hacking teams sell packet injection to pretty much any third world
20:52
country who wants and a lot of the techniques are very democratic Fox acid
20:59
the big NSA uh system that does exploiting individual computers looks like met
21:06
exploit right it’s another hacking tool yes it has a bigger budget probably a better user interface certainly better
21:13
tech support but this isn’t these aren’t major differences so
21:20
I I think we have to start looking at a world where these capabilities are
21:27
everywhere I it’s what you’re saying it’s attack versus defense but these
21:33
defenses affect everybody because these attack tools are very very
21:38
common they they are common and the the difference again is scale it’s reach its
21:45
complexity and it’s it’s it’s resourcing um and it’s also how they’re applied and how we expect them to be applied when
21:51
hackers are doing this uh we socially recognize that this is not a public good
21:58
it’s security researchers doing it to demonstrate a vulnerability that’s one thing uh but otherwise this is this is a
22:04
criminal act we were not aware that these agencies broadly were involved in
22:09
criminal activities and they were I mean these these still are in many cases criminal activities there is no explicit
22:16
legal authorization uh for these programs many of these programs even on the target basis to occur in this way
22:24
they could be there’s nothing that say they could be prohibited but if we live you know in a constitutional uh Society
22:32
where we have a a government with specific enumerated powers and there’s no authorizing legislation that says hey
22:39
you can hack these people by impersonating private companies such as Linked In or you know the FBI send
22:45
Reuters stories to somebody that aren’t actually from Reuters or VAP whoever it was uh that’s a significant departure
22:53
and the government agencies both domestically and abroad were aware of this uh in fact in the uh gchq we saw
23:02
that in their own internal classified documents they said they weren’t concerned about these capabilities being
23:09
revealed because it would provide some kind of uh real security risk or it would reduce their capabilities it was
23:16
because they were afraid of a quote damaging public debate they were afraid of the fact that if we knew about this
23:22
it would enable legal challenges that might change and restrain the way they operate
23:29
let’s talk about this I think this is interesting it’s a notion of risk now one of the differences between passively
23:34
listening on on a wire and collecting the data and going into the adversary’s
23:41
computer and either grabbing traffic Force en crypted or changing router
23:46
table so so traffic moves to where you can intercept it you know any of any of these more active penetrating techniques
23:53
is there higher risk right you have more risk of getting caught more risk of getting noticed
23:58
now depending on who you are whether you’re a criminal whether you’re a country whether you’re a major power
24:05
your your appetite for risk is going to change it’ll depend on who who your target is depending on who you are and
24:12
one of the things I noticed early on reading some of the documents is how risk averse the NSA was I was reading
24:20
the manual for for Fox acid and it was I mean felt like a it was a manual design
24:26
to take an unskilled Soldier and turned him into a cyber Warrior and it was full of if this happens stop if it looks
24:33
weird stop if there’s a problem stop if there’s an infal chance of you getting caught stop stop stop stop uh right
24:40
compare that to let’s say a cyber criminal organization operating out of you know someplace in in Southeast Asia
24:48
there going to have far fewer stop conditions right they’ll go and they’ll try because maybe they’ll get lucky and
24:54
there’s not a lot of risk right so when you look at it from the from the uh from the offensive
25:01
standpoint right when I’m sitting at my desk at the NSA using these operations or I’m a you know a chief in one of
25:07
these offices directing these things again the biggest thing is the fear of liability they realize that some of
25:12
these things again are not explicitly authorized and so they’ve got to be careful not to have these things exposed
25:19
uh they they don’t want it to be revealed and when you’re using passive operations you’re not leaving LW entries it’s not going to follow you home as you
25:26
said when you switch active operation suddenly you’re leaving evidence you’re leaving something that could come back
25:32
to haunt you someday and again the disal stories recently uh they showed that the
25:37
NSA will intentionally try to make itself look less capable when it hacks
25:43
somebody to go oh this couldn’t be the NSA these guys don’t know what they’re doing and they would use sort of cutouts
25:48
they would use third countries to exfiltrate the data so they hack country a send the data from country a to
25:54
Country B so they think country B happen and they then they send it home through their sort of exfiltration about us uh
26:01
there there is a big risk aversion there as well in how the Personnel is managed as you said sort of the the the
26:07
checklists that go through people have this mental conception of Tao The nsa’s
26:12
Happening the tailored access operations and they’re rocks as they call them are remote operation centers and they think
26:19
these operators these guys are sort of these these these you know the the mystical uh mythical hackers on steroids
26:26
Guys these guys are like you know amazing but the majority of them well not necessarily the majority of them but
26:32
a a great proportion of them are junior enlisted military guys they don’t have
26:38
uh you know particular training on this that’s exceptional they’ve gone through a couple weeks of training uh really
26:44
it’s a paint by numbers operation and the reason they have so many stock conditions is as you say it’s to limit
26:51
liability that somebody who may be clever but also may not be so clever
26:56
leave something behind they get a little froggy they go a little beh beyond their skills and they make a mistake now
27:03
obviously there’s different uh levels of capability different levels of skill for each individual person but by
27:09
constricting this bureaucratizing it uh they can minimize their sort of political risks their public risks and
27:16
that is uh that’s reasonable in a lot of ways and that’s why they do it now something that we’ve seen though is over
27:22
the last you know again in sort of this this terrorism era the war on terror
27:29
uh that level of uh hunger for risk has greatly increased
27:37
uh they’ve been hacking everybody uh as we moved on through the decade until
27:43
sort of 2013 and then because everything blew up in their faces they’ve sort of backed off a little bit I think uh but
27:50
while they do have um they do have these policies in place to try to mitigate the
27:56
risks I I think it’s long to say that they’re risk averse uh contemporaneously because we
28:02
see the the targets they’re picking in a lot of cases are are crazy they’re unjustified I mean uh the gchq for
28:09
example the sort of British NSA was just revealed by the guardian a few days ago
28:15
to have intercepted and stored the uh emails from journalists from The New
28:20
York Times from BBC they knew they had journalist emails but they kept them anyway why you know these are things
28:27
that should be happening and if they were truly risk averse they wouldn’t be doing this because they know it’s unlawful they lack the authority to do
28:33
so but they did well I mean couple of thing one of the things I’m trying to contrast what I see the NSA and gchq
28:41
doing is some of the attacks coming out of China I mean looking at the past decade or more of Chinese military
28:48
attacks against the United States against government networks against uh defense contractors it’s surprising how
28:54
sloppy a lot of those attacks were it’s surprising how how risky they were and
29:00
and there are some uh China Watchers that that talk about the relationship between the attackers and the government
29:05
that it’s not they’re not necessarily employees they’re free actors who just know if they find something good to pass
29:11
it on to their handlers and I think we we found I mean I see some s some
29:16
increasing sophistication in cyber attacks around the world as in a sense
29:22
this is becoming normalized right the body of knowledge is increasing as well I mean again not
29:28
everybody knew how to do this it wasn’t a paint by numbers thing as you have more people going through these organizations as you have the level of
29:35
academic knowledge improving as you have sort of the tools techniques you know uh developing and improving and increasing
29:41
in sophistication that sort of bleeds out it it it uh expands and covers a
29:47
larger body of people a larger body of actors and you have more people involve more actors more noticed activity more
29:55
exceptional actors who are never noticed because they’re never caught but also uh
30:01
people who are are not very good and AR are caught regularly the other thing is again the difference in culture in
30:07
liability I actually worked against the Chinese Target uh when I was in Hawaii so I know quite a bit about this
30:14
and I can’t talk uh you know at full Liberties here but in general the the
30:19
level of sophistication in Chinese cyber uniters Is Not Great uh I I mean there
30:25
are people in this room who probably were much more capable than a Chinese military cyber unit when they were
30:32
teenagers um but again the difference is when you’re a military unit paying
30:38
military wages selecting from military rosters you’ve only got a certain level of talent you’ve only got a certain
30:46
skill some of the other actors are people who are Moonlighting you know they they may be working in intelligence
30:53
organization and maybe working in a military unit uh and again they realized that as they’ve worked there their
30:59
skills have developed and they’re not being compensated relative to uh sort of
31:04
their product so they go home at night they continue hacking they uh aggregate
31:10
information they exfiltrate it and they sell it and then sort of on the other end you
31:16
have almost the script kitties of National Intelligence right the companies that are buying uh the fin
31:21
Fisher and whe and I think of uh usbekistan or Ethiopia or Syria uh we
31:28
will see these countries using them to Target dissidents and journalists again the same tools these bigger countries
31:34
are using much sloppier I’m sure easier to detect I’m sure you know not with not
31:41
a lot of skill and you know then we so we have the monk School up in Toronto
31:46
finding a lot of these these attack tools on computers on phones of people
31:52
around the world so we are seeing this this huge array of risk averseness
31:58
I I seem to think the United States is changing I was reading some of the the the rean stuff when that was that came
32:05
out last fall it was surprising of the array of targets that the United States
32:11
was targeting with this tool very sophisticated attack tool and similar in scope to some of the the Russian the
32:19
Chinese the the the other tools that the anti virus companies expose off and on I
32:26
think since it it surprises me that as risk averse as the NSA was there really never was a
32:33
plan for one copy of everything we’ve ever written being published that was
32:39
sort of a scenario that was beyond the the scope of risk planning and I would
32:46
think that now you know the NSA gchq is going to have to look at every one of
32:52
their programs and say this is probably going to become public in 5 years do we
32:57
think that’s okay and that will cause a change right and we’ve already seen that
33:03
happen I mean we’ve seen that happen at highest levels of government the president himself said that the the way they go about looking at which
33:10
operations authorize and which ones uh they’re going to pass on has has
33:16
completely changed based on the principle of just because we can do it doesn’t mean we should and this is wise
33:23
because the thing is when you have uh organizations like the say which are
33:28
basically completely free from any meaningful oversight they they have sort of handwavy oversight they’ve got
33:34
compliance officers but the Washington Post reported that they had more than 2776 privacy violations in a single year
33:42
uh and you know these These are only the ones that are self-reported by the NSA these are the only ones that are
33:48
detected employees say hey I did this it was wrong it was a mistake uh the
33:54
majority of people who were doing the auditing are the friends of the they work in the same office they’re not
33:59
full-time Auditors they’re guys who have sort of other duties as assigned additional job there are a few traveling
34:06
Auditors and things like that who go around that they look at the things that are out there but really it’s not robust beyond that they’re regulated by a
34:13
secret Court which is a rubber stamp I I can’t remember the exact figures but it’s something like uh they were asked
34:20
31,000 times or something like that uh for warrants over the last you know 10
34:26
15 years and they said said no I think 13 times I think it’s it’s some small
34:31
number it’s some small number like that well I mean that could be just a really good warrant writers % of the time they
34:37
say yes they say do whatever you want it’s fine um so this is the challenge when you’re operating in this environment a culture of impunity
34:45
develops where the people working at say they’re not bad people you know these aren’t villains they’re not trying to
34:51
you end the world they’re trying to do a good thing but they go I can do this I can do that I can do anything because
34:58
it’s for a Just Cause And The Challenge is when you take the political uh
35:03
oversight out of it when you take the judicial oversight and again meaningful judicial oversight not not sort of a a
35:10
fake surveillance panel but a real Court uh with real judges as opposed to fisa
35:15
judges you get a really different quality of decision and this has a
35:21
significant impact on the kind of decisions that are made and I I do think things have changed significantly for
35:26
the people in the audience who weren’t familiar you mentioned rean earlier the rean operation uh that was a uh it’s
35:33
called operation socialist the United Kingdom their NSA the gchq decided to
35:39
hack into the Belgian State telecommunications provider that’s used by everybody in the country rather than
35:45
seeking access through the mlab the mutual legal aid treaty between those countries because they didn’t want the
35:51
belgians to know about it um they basically damaged critical infrastructure caused millions of
35:57
dollars of of uh of harm to these systems which by the way still hasn’t fixed according
36:03
to employees there using NSA capabilities so you get this weird chain now where the NSA sharing infrastructure
36:11
they’re sharing capabilities with third parties with foreign countries basically they’re then using our tool sets to hack
36:18
other foreign countries with which we are Alli with which we have friendly relations we have no idea we can’t uh we
36:26
can’t really think ahead and figure out how this is going to work out in the end because there’s no model for it it
36:32
hasn’t happened before well I mean there’s two different kinds of oversight I me one is the Tactical I me I I think
36:38
that the NSA is very good at tactical oversight that are we doing things right
36:43
are we following the rules and that’s what we saw in those self-reporting privacy violations we broke our rules we
36:49
made a mistake that’s very different than are these the right rules that’s a
36:54
form of oversight but it’s not oversight that can happen inside the organization it has to happen at a greater level are
37:01
we doing the right things right not is this is this legal by the rules we have
37:09
we have agreed to that have been given to us the interpretations of the laws that we’ve made but is this the correct
37:15
thing that we as a country should do and that’s a very different kind of question
37:20
and the way you get that greater oversight is are is through these discussions of what makes sense I mean
37:27
what what is moral in our society what is proper we just because we can doesn’t
37:32
mean we should or maybe it does there’s there’s a big question there about is
37:39
the potential intelligence that we gain worth the potential costs a good example
37:44
of this is the fact this is sort of a picture of what the NSA considers industrial relations to be you know
37:52
that’s a Cisco box there for anybody who can’t see it in the audience um they’re intercepting sort of American products
37:58
and services whether it’s Facebook whether it’s Google whether it’s a Cisco physical router um and they’re
38:04
subverting they’re weakening the security of them in some cases like this case they’re implanting Trojans in sort
38:10
of malware uh where they’re going to the hardware level they’re putting out firmware modifications bios
38:16
modifications in there um that are reducing the trust in the security of American
38:23
products and this is critical uh in American infrastructure um because it has a real cost not just for us morally
38:30
not just for us legally not just ethically um but financially I mean the American Technical sector is critical to
38:39
the Future economic health of the country uh and we’ve had studies done since the 2013 uh Revelations that have
38:46
shown the nsa’s activities just the ones that have been revealed so far have cost us somewhere between 35 billion and $185
38:54
billion I mean that’s more than their budget in har as a relation to just poorly thought
39:00
operations poorly thought out operations that never should have been done in the first place uh there are again methods
39:06
that they could do this lawfully legally and with the Public’s knowledge and consent where we don’t have to go yes
39:13
it’s okay hack that particular individual yes hack that particular you know government organization or whatever
39:20
but we should at least have a reasonable understanding of the broad outlines of policies and powers that they’re
39:27
invested themselves with if it’s happening behind closed doors they can’t really be said uh to be representing our
39:33
interests because they are divorced from our interests when there’s no
39:38
communication they’re no longer part of the community oh then that that’s Cisco by that Cisco story I think is real
39:44
interesting to see the uh the implant going into the the box and and we
39:49
certainly worry about Chinese implants coming in in equipment that bought there and brought into this country sort of
39:56
interesting the know very generally all of this government surveillance is fueled by by corporations that I mean
40:04
it’s not that the NSA woke up one morning and said we want to spy on the entire internet they woke up a morning
40:10
and said you know corporations are spying on the entire internet let’s get ourselves a copy and whether it’s
40:15
getting a copy by you know putting an implant in a Cisco router or by uh going
40:21
into Google’s trunk links between their data centers or going to uh Microsoft of
40:27
Skype with a court order and demanding a key I mean this is all data that is
40:32
sloshing around the corporate world you know we’ve built an internet for surveillance we’ve decided that that
40:40
advertising that marketing that personal information is is the currency by which
40:47
we all buy our internet and that fuels what countries can do and again
40:55
not just the US it’s everybody everybody’s using all of these platforms
41:01
so to me it’s interesting to see now that these NSA stories are public which
41:07
I think are also shining lights on what other countries are doing what what criminals are doing the democratization
41:13
of all these all these techniques sort of showing how insecure everybody is I
41:18
think we’re seeing changing attitudes in some cases in the standards bodies and
41:25
in in some of the tech companies the ietf in an engineering task force is
41:30
trying to build more security into the internet we’re seeing Google encrypting
41:36
trunk leaks I mean it’s Google so I mean at one point they’re saying you know
41:42
it’s always amusing to see when they complain about the government spying on on their users because it’s their job to
41:47
spy on their users but we we are we we we are seeing
41:52
this change so maybe there is some hope for technology to make this better there is a little bit of ring thinking going
41:58
on there and I I mean it’s it’s a complicated issue there’s there’s a lot of debate to be had there I don’t even
42:04
think we we’ started a significant level on S the corporate surveillance issued
42:13
yet I think we’ve lost you you’re back sorry you’re back right so State actors
42:19
broadly around the world have been piggybacking on sort of this aggregation of data that’s happening in sort of all
42:26
these different corporate silos around the world and that that siloing that aggregation those centers of gravity
42:32
they are simply too rich too interesting for governments to ignore and and that’s
42:38
a danger you know we need to think about how to do this and this is where decentralized models are interesting
42:45
right now the current sort of business model of the internet is as you said we’re exchanging our private records uh
42:51
the value of those for access to some sort of service uh and
42:58
this has happened in ways that are both knowing for example the Google model where we opt in uh generally we’re
43:04
saying yeah you know I’ll get this Gmail account I’ll put all my email on your server so of course you have access to
43:10
it but also other ways uh that are that are not we’re not so aware of I’ve been reading your book data in Goliath and in
43:17
the intro to it you mention sort of cell phone networks it’s a sort of brief
43:22
introduction from non-technical people and it just explains that if you have a cell phone in your pocket
43:30
you’re without being aware of it necessarily agreeing to allow the cell
43:36
phone provider to know your location wherever you are all the time because that’s how calls are wraid it’s sort of a byproduct of the service uh but it’s a
43:44
real question of does it have to be that way and of course it we know it doesn’t now at least on Broad terms that’s sort
43:50
of an artifact of the way that architecture developed but we have decentralized routing models now we have
43:56
uh proxies we can use cryptographic tokens or hashes uh uh to to represent an
44:03
individual we could have transient tokenization and we’ve got all these blockchains and different methods of
44:09
tracking uh and recording interactions with complex
44:14
systems that that could uh substitute for the traditional models we have the real question is where do we go with
44:20
this where do we draw the lines and this is what the 2013 Revelations changed is before it there was no cost to
44:28
collaboration at the expense of your users because nobody knew just how badly they were getting sold down R yeah after
44:35
2013 we saw immediately Apple Google Facebook basically everybody who showed up on the prism
44:41
slides uh they said uh you know everybody who whose logo is at the top
44:46
of that slide right there uh suddenly they whoa whoa whoa whoa whoa whoa maybe we should change this yes we’ll
44:52
cooperate with government but you got to come in through the front door at the very least you have to use normal legal
44:57
process you have to use a warrant you have to show probable cause that there is a requirement for this data you can’t
45:04
just do what you’ve been doing and hack into a Google back end you know sort of those trunk L you discussed and things
45:09
like that that’s a significantly positive development and a bit change and I think there’s more to come up that
45:16
FR may be interesting to see it I mean there is has been over the decades a lot of research in in privacy preserving
45:22
Technologies in ways to do you know possibly cell phone uh
45:28
being able to deliver calls to cell phones without keeping a database of where every phone is and having a cell
45:35
phone being being a tracking device ways to do electronic transfer that are Anonymous we’ve had digital cach
45:41
protocols since the 80s of course there’s been no appetite for it there’s been no appetite because companies want
45:48
that data they want it for marketing and now governments are piggybacking on it so it’ be interesting to see if we can
45:55
rebuild some of these syst systems with less metadata one of the things we haven’t talked about is how much of this
46:02
information can’t easily be encrypted mean a lot of What Not Just the NSA but
46:07
what everyone does is use this data to collect Association graphs doesn’t
46:13
matter what we’re talking about what matters is that you and I are conversing
46:18
and who you converse with who I converse with right this is this is the whole metadata conversation this is the the multiple Hops and that data isn’t easily
46:28
encrypted it the network needs it at least the way it’s built today and I think one of the open questions is can
46:34
we build a more privacy preserving Network can we do better than that right
46:40
and I I think one way for sort of the technical audience here to think about how how do you uh conceptualize this
46:47
metadata this encrypted issue encrypted content issue is even if I for example
46:52
I’m doing sort of a a counter cyber investigation I’m trying to get attribute and attack uh and I can’t see
47:00
the content because the content’s using some kind of sophisticated exploit kit that uh encrypts all of its exfiltration
47:07
all of its exfiltrated data but I have the accesses to install
47:13
you know basically a tiny equivalent of wire shark and then just peap do a
47:19
packet capture on all of the traffic on a given system I can see what it’s communicating with I can look at the
47:25
volumes and I can go this is user data this is user activity and this is anomalous activity and then even though
47:30
I don’t know what it is I can go well it’s going to this hop out here that’s clearly you know one step in their
47:35
extration chain their operational relay box as we callac and then you go to that one you
47:41
do the same thing you hack that box you capture its traffic and this is assuming you don’t have passive if you got
47:47
passive collection with backgrounds you don’t even need to do this part uh you can then hack the next box you know go
47:54
who is it talking to and even if you can’t read the content the whole way home eventually you can follow home and
48:00
eventually the encryption drops off because it’s at the end point even if that chain is a 100 LS long uh you know
48:06
if you keep at it you’ll get there eventually and we’ve seen increasingly
48:12
that sort of the arguments for Mass surveillance that the governments have had aren’t really reliable they’re
48:19
they’re not really meaningful they’ve said you know this is to stop terrorism but we know it doesn’t top terrorism uh
48:25
the the PE clob the privacy and Cil Liberties oversight board uh the president appointed this the White House
48:30
appointed this uh it was packed with you know former CIA Deputy directors and things like that people who have every
48:37
incentive to say these programs are great you know we want them they’re wonderful said they had never stopped a
48:43
single terrorist attack this is a broad contrast to what the NSA eventually or originally uh put forth was was that it
48:51
thwarted 54 plots and then later the Senate questioned them a little more carefully on at least I believe was and
48:58
they said No in fact it wasn’t 54 plots no it was they weren’t tax they weren’t
49:03
anything like that it wasn’t even 54 in fact it was one guy a cab driver in California sending a couple thousand
49:09
dollars to his clan in Somali so there’s actually a really good New Yorker article appeared the last week week
49:15
before talking all about that case it’s a really interesting case and the case right worth
49:21
reading so so we’re close to out of time I I want to sort of end with with one uh
49:27
issue that uh I think pulls us all together and that’s the equities issue the notion that the NSA has to balance
49:35
two different focuses uh defend our networks and attack their networks and
49:41
those missions I think made a lot more sense during the Cold War when you could
49:47
defend the US radios and attack the Soviet radios because the radios were
49:53
different that it was us and them and we used stuff what’s changed since then is
49:59
that we’re all using the same stuff right everyone uses tcpip Microsoft Word
50:07
Firefox uh Windows computers Cisco routers we’re all using the same stuff
50:13
and whenever you you have a technique to attack their stuff you are necessarily
50:21
leaving our stuff vulnerable right and conversely whenever you fix our stuff
50:26
you are fixing their stuff right a and this requires a different way of
50:32
thinking about security versus surveillance a different way of balancing that we can’t simultaneously
50:40
do both and when we look at all of the attack tools out there the
50:45
vulnerabilities are great and every time we hoard a vul as Z day hord of
50:51
vulnerability we’re leaving ourselves open to attack from anybody absolutely
50:57
and the way to conceptualize this is to think about when you launch an attack uh
51:03
you’re not stealing a a a sort of um a a fixed amount of you know points cyber
51:10
points from the enemy you know research data uh intelligence data whatever it’s
51:15
really a percentage basic based on the size of their investment the size of their economy the size of their R&D
51:22
funding uh if we hack the Chinese and the Chinese have sort of a 100 cyber points to be had that attack is worth
51:29
10% of the points we got 10 points but if we have you know a million points and
51:35
they hacked us once because we weakened the standard doesn’t matter if we if we hacked them you know all 10 times uh or
51:44
or took all hundred of their cyber points if they hack us once because we weakened that common standard they’re
51:50
far far ahead because they have 100,000 points even though we got the 100 points
51:55
and that’s that’s really something that we have to do and this is our problem with this is our problem with hacking back to North Korea they have what a
52:01
dozen computers it’s it makes it a lot harder the spel story actually Drew this
52:08
uh out in a large way that was not really noticed the significance of it was not noticed and this was that we had
52:14
compromised their networks according to the NSA documentation since 2010 we had
52:20
been hacking North Korea successfully and yet it didn’t provide us a lot of detail didn’t provide us a lot of
52:25
information we missed Miss missile launches we missed nuclear tests we missed leadership changes we missed
52:30
health issues we missed military drills um and we even missed the Sony attacks
52:36
that they launched even though we were hacking them we were eating their lunch over and over and over again over the course of years but then they hack us
52:44
once just one time with Sony and you know everyone in the nation is rening their garments and going this is this is
52:50
terrible they’re attacking our our our our basic values because it was so much more value a to them to win once than it
52:59
was for us to win a thousand times and this is something that has to stop if I could add one point just for people to
53:06
think about uh because a a common Trope sort of a meme that we see government officials around the world now
53:12
advocating to sort of defend Mass surveillance besides the fact they say it stops terrorism we know whether it’s Paris or London or
53:19
Boston or Mumbai uh none of the mass surveillance programs stopped any of these attacks they say encryption right
53:26
they we’ve got to ban encryption we got to mandate back doors we’ve got to have a way in uh everybody has to collaborate
53:32
they have to give us some way to access your encrypted data or we’re going to go dark we’re not going to be able to we’re
53:39
not going to be able to uh continue to investigate murderers are going to walk free you know our children are going to
53:44
be violated all these terrible things happen pay attention to the silk Roe case that’s going on right now sort of
53:50
the uh the tour online drug Market was shut down the accused Ross Al um
53:56
allegedly uh The Mastermind behind sort of this whole Sil Road Affair used pgp
54:02
which we know from their own documents they could not break he had fully irresistibly encrypted material and yet
54:10
just yesterday in court they were reading out his encrypted diary entries to a room full of reporters why is that
54:16
it’s because as you said encryption is not foolproof the Endo is a weakness and
54:21
if the user can at any point ever view that encrypted material
54:27
it is vulnerable to the adversary to seize that without any new authorities well we could probably keep
54:33
going for uh another four hours but I think everyone else will get mad uh thank you very much for uh for being
54:40
here and
54:55
uh
55:04
and hopefully we bring you back in person next time thank
55:09
you thank you
oooooo
Gehigarriak: