 Anderson and he's giving a talk to us today. And the title is what price the upload filter from Cold War to Crypto Wars and back again. And we're very happy that he's here today. And for our non English speaking public, we have translations. These are talk but on German. And this conference is translated in French as well. Yeah. Ross, ready to start? Let's go. Have a good have a good time. Enjoy. Yes, ready to go. Thanks. Okay. As the as has been said, I'm Ross Anderson. And I'm in the position of being one of the old guys of this field and that I've been involved in the Crypto Wars right from the start. And in fact, even since before the clipper chip actually come out, if we could go to the slides, please. Right. Can we see the slides that had supplied the US armed forces? And guess what happened? Well, in the 1950s, Boris Hagelin, who'd set up that company, secretly sold it to the NSA. And for a number of years, quite a lot of years, countries as diverse as Latin America and India and even NATO countries such as Italy, were buying machines from Crypto Argue, which the NSA could decipher. And this had all sorts of consequences. For example, it's been revealed fairly recently that Britain's success against Argentina in the Fortress War in 1982 was to a large extent due to signals intelligence that came from these machines. So next slide, please. And in this prehistory of the Crypto Wars, almost all the players between governments, there was very little role for civil society. There was one or two journalists who were engaged in trying to map what the NSA and friends were up to. As far as industry was concerned, well, at that time I was working in banking. And we found that encryption for confidentiality was discouraged. If we tried to use line encryptors, then false mysteriously appeared on the line. But authentication was okay. We were allowed to encrypt thin pad, thin blocks, and we were allowed to put max and messages. There was some minor harassment. For example, when Revesh Shamir and Adelman came up with their encryption algorithm, the NSA tried to make it classified, but the provost of MIT, Jerome Weissner, persuaded them not to make that fight. The big debate in the 1970s, though, was whether the NSA affected the design of the data encryption standard algorithm. And we know now that this was the case. It was designed to be only just strong enough. And we're definitely predicted back in the 1970s that 2 to the power 56 key search would eventually be feasible. The EFF built a machine in 1998. And now, of course, that's fairly easy because each Bitcoin block costs 2 to the power 68 calculations. Next slide, please. So where things get interesting is that the NSA persuaded Bill Clinton in one of his first cabinet meetings in 1993 to introduce key escrow, the idea that the NSA should have a copy of every of these keys. And one of the people at that meeting admitted there so that President Bushley Elder had been asked and had refused that Clinton, when he got into office, was naive and thought that this was an opportunity to fix the world. Now, the critical trip which we can see here was tamper resistance and had a secret block site for an NSA backdoor key. And the launch product was an AT&T secure phone. Next slide, please. Now, the clipper protocol was an interesting one in that each chip had a unique secret key KU and a global secret family key K NSA burned in. And in order to send data to Bob, Alice had to send her clipper chip a working key KW, which is generated by some external means such as a Diffie Helm and key exchange. And it made up a law enforcement access field, which was basically Alice and Bob's names with the working key encrypted under the unit key, and then a hash of the working key encrypted under the NSA key. And that was sent along with the Cypher text to make authorize while tapping easy. And the idea with the hash is that this would stop cheating. Bob's clipper chip wouldn't use a working key unless it came with a valid leaf. And I can remember a few of us can still remember the enormous outcry that this caused at the time. American companies in particular didn't like it because they started losing business to foreign firms. And in fact, a couple of our students here at Cambridge started a company and Cypher that proved to be quite large because they could sell worldwide unlike US firms. People said, why don't we use encryption software? Well, that's easy to write, but it's hard to deploy at scale as Phil Zimmerman found with PGP. And the big concern was whether key escrow would kill electronic commerce. A secondary concern was whether, you know, how on earth would we know if government designs are secure? Why not should you trust the NSA? Next slide, please. Well, the first serious fight back in the crypto wars came when Matt Blaise of Bell Labs found an attack on Clipper. He found that Alice could just try lots of leaves until one of them works because the tag was only 16 bits long and it turned out that 2 to the power 112 of the 2 to the power 128 possibilities work. And this meant that Alice could generate a bogus leaf that would pass inspection, but which wouldn't decrypt the traffic. And Bob could also generate a new leaf on the fly so you could write non interoperable rogue applications that the NSA had no access to. And with a bit more work, you could make rogue applications interoperate with official ones. And this was only the first of many dumb ideas. Next slide, please. Okay, so why don't people just use software? Well, at that time, the US had export controls on intangible goods such as software, although European countries generally didn't. And this meant that US academics couldn't put crypto code online, although we Europeans couldn't. We did. And so Phil Zimmerman achieved fame by exporting PGP, pretty good privacy, some encryption software he'd written from America as a paper book. And this was protected by the trust amendment. So they sent it across the border to Canada, they fed it into an optical character recognition scanner, they recompiled it, and the code had escaped. For this, Phil was subjected to a grand jury investigation. There was also the Bernstein case around code as free speech, and Bruce Schneier rose to fame with his book, Applied Cryptography, which had protocols, algorithms and source code in C, which you could type in in order to get cryptographic algorithms anywhere. And we saw export controlled clothing. This t-shirt was something that many people wore at the time. I've actually got one, and I plan to wear it for this, but unfortunately, I come into the lab in order to get better connectivity, and I left it at home. So this t-shirt has got an implementation of RSA written in parallel, plus a barcode so that you can scan it in. And in theory, you should not walk across the border wearing this t-shirt, or if you're a U.S. citizen, you shouldn't even let a non-U.S. citizen look at it. So by these means, people probed the outskirts of what was possible, and an awful lot of fun was had. It was a good laugh to tweak the Tyrannosaurus tail. Next slide. But this wasn't just something that was limited to the USA. The big and obvious problem, if you try and do kiasco in Europe, is that there's dozens of countries in Europe. And what happens if someone from Britain, for example, has got a mobile phone that they bought in France with a German SIM card, and they're standing on the street in Stockholm, and they found somebody who's in Budapest, who's got a Hungarian form of the Spanish SIM card in it, then which of these countries, secret police forces, should be able to listen to the call? And this was something that stalled the progress of kiasco, if that's a good way to describe it in Europe. And in 1996, GCHQ got academic colleagues at Royal Holloway to come up with a proposal for public sector email, which they believe would fix this. Now, at the time, after Clipper had fallen into disrepute, the NSA's proposal was that also certification authority should have to be licensed, and that this would enforce a condition that all private keys would be escrowed. So you would only be able to get a signature on your public key if the private key was held by the CA. And the idea is that you'd have one CA for each government department, and civilians would use trusted firms like Barclaysbank or the Post Office, which would keep our keys safe. And it would also work across other EU member states so that somebody in Britain calling somebody in Germany would end up in a situation where a trustworthy CA, from the NSA's point of view, that is an untrustworthy CA from our point of view, in Britain would be prepared to leak a key, and so would one in Germany. This at least was the idea. So how did we do this? Next slide on the GCHQ protocol. So here's how it was designed to work in the UK government. If Alice at the Department of Agriculture wants to talk to Bob at the Department of Business, she asks her departmental security officer, DA, for a SEM key for herself, and a receive key for Bob. And DA and DB get a top level interoperability key, KTAB, from GCHQ. And DA calculates a secret SEM key of the day as a hasher of KTAB and Alice's name and the DSO's identity for Alice, which you give us to Alice. And similarly, a public receive key of the day for Bob. And Alice sends Bob her public SEM key along with the encrypted message, and Bob can go and get go to his DSO and get his secret receive key of the day. Now, this is slightly complicated. And there's all sorts of other things are wrong with it once you start to look at it. Next slide, please. The first is that from the point of view of the overall effect, you could just as easily have used carboros, because you've basically got a key distribution center at both ends, which knows everybody's keys. So you've not actually gained very much by using complicated public key mechanisms. And the next problem is, what's the law enforcement access need for centrally generated signing keys? If this is actually for law enforcement rather than intelligence, while the police want to be able to read things, not forge things. A third problem is that keys involve hashing department names. And governments are changing the name of their departments all the time as the Prime Minister of the day moves his ministers around and they chop and change departments. And this means, of course, that everybody has to get new cryptographic keys and suddenly the old cryptographic keys don't work anymore. And those are horrendous complexity comes from this. Now, there are about 10 other things wrong with this protocol. But curiously enough, it's still used by the UK government for the top secret stuff. It went through a number of iterations. It's now called Mikey Saki, those details in my security engineering book. And it turned out to be such a pain that the stuff below the top secret now just uses a branded version of G Suite. So if what you want to do is to figure out what speech Boris Johnson will be making tomorrow, you just have to guess the password recovery questions for his private secretaries and officials. Next slide, the global internet trust register. This was an interesting piece of fun we had around the 1997 election when Tony Blair took over and introduced a labor government before the election. Labor promised to not seize crypto keys involved without a warrant. And one of the first things that happened to him once he was in office is Vice President Al Gore went to visit him. And all of a sudden Tony Blair decided that he wanted all certification authorities to be licensed and they were about to rush this through Parliament. So we put all the important public keys in a paper book and we took it to the cultural secretary, Chris Smith, and we said, you're the minister for books. So why are you passing a law to ban this book? And if you'll switch to the video shot, I've got the initial copy of the book that we just put together on the photocopying machine in the department. And then we sent the PDF off to MIT and they produced it as a proper book. And this means that we had a book, you know, which is supposedly protected. And this enabled us to get the topic onto the agenda for cabinet discussion. So this at least stopped precipitous action. We ended up with a regulation of investigatory powers bill in 2000 that was far from perfect. But that was a longer story. So what happened back then is that we set up an NGO, a digital rights organization, the Foundation for Information Policy Research. And the climate at the time was such that we had no difficulty raising a couple of hundred thousand pounds from Microsoft and Hewlett Packard and Redbus and other tech players. So we were able to hire Casper Bowden for three years to basically be the director of FIPPA and to lobby the government hard on this. Now, if we can go back to the slides, please, and go to the next slide, the slide on bringing it all together. So in 1997, a number of us, Hal Abelson and I, and Steve Bellifin and Josh Benelow from Microsoft and Matt Blaise, a broken clipper and Whit Diffie, who'd invented digital signatures and John Gilmer of EFF, Peter Nyman of SRI, Ron Rivest and Jeff Schiller of MIT and Bruce Schneier had written applied cryptography, got together and wrote a paper on the risks of key recovery, key escrow and trust in third-party encryption. Where we discussed the system consequences of giving third-party or government access to both traffic data and content without user notice or consent deployed internationally and available around the clock. We came to the conclusion that this was not really doable. It brought in simply too many vulnerabilities and too many complexities. So how did it end? Well, if we go to the next slide, the victory in Europe wasn't as a result of academic argument. It was a result of industry pressure. And we owe a debt to Commissioner Martin Bangaman and also to the German government who backed him. And in 1994, Martin had put together a group of European CEOs to advise him on internet policy and they advised him, keep your hands off until we can see which way it's going. Let's just run with this thing and see what we can do with it. And the thing that he developed in order to drive a stake through the heart of key escrow was the electronic signatures directive in 1999. And this gave a rebuttable presumption of validity to qualifying electronic signatures but subject to a number of conditions. And one of these was that the signing key must never be known to anybody else other than the signer. And this killed the idea of licensing CAs in such a way that the NSA had access to all the private key material. The agencies had argued that without controlling signatures, you couldn't control encryption. But, of course, as intelligence agencies, they were as much interested in manipulating information as they were in listening into it. And this created a really sharp conflict with businesses. In the UK, we had a regulation of Investigators Repairs Bill went through the following year. And there we got strong support from the banks who did not want the possibility of intelligence and law enforcement personnel either getting hold of bank keys or forging banking transactions. And so we managed with their help to insert a number of conditions into the bill, which meant that if a corp or a chief constable, for example, demands a key from a company, they got to demand it from somebody at the level of a director of the company. And it's got to be signed by someone really senior such as a chief constable. So there were some controls that we managed to get in there. Next slide. What did victory in the USA look like? Well, in the middle of 2000, there's a number of people who had predicted Al Gore decided that he wanted to stop fighting the tech industry in order to get elected president. And there was a deal done at the time which was secret. It was done at the FBI headquarters at Cranteco, where my US law enforcement would rely on naturally occurring vulnerabilities rather than compelling their insertion by companies like Intel or Microsoft. Now, this was secret at the time. And I happened to know about it because I was consulting for Intel. And the NDA I was under had a four year time limit on it. So after 2004, I was at liberty to talk about this. And so this basically gave the NSA access to the cert feed. And so as part of this deal, the export rules were liberalized a bit with various hooks and gotchas left so that the authorities could bully companies who got too difficult. And in 2002, Robert Morris senior, who had been the chief scientist at the NSA, at much of this period admitted that the real policy goal was to ensure that the many systems developed during the dot com boom were deployed with weak protection or none. And there's a huge long list of these. Next slide, please. So what was the collateral damage from crypto war one? This is the first novel part of this talk, which I've got together as a result of spending the last academic year writing the third edition of my book on security engineering. As I've gone through and updated all the chapters on car security, door lock security and web security and so on and so forth. We find everywhere that there are still very serious costs remaining from crypto war one. For example, almost all of the remote key entry systems for cars used inadequate cryptography per random number generators and so on and so forth. And car theft has almost doubled in the past five years. This is not all due to weak crypto, but it's substantially due to a wrong culture that was started off in the context of the crypto wars. Second, there are millions of door locks still using my fair classic, even the building where I work, for example. The University of Cambridge changed its door locks around 2000. So we've still got a whole lot of my fair classic around. And it's very difficult when you've got 100 buildings to change all the locks on them. And this is the case with thousands of organizations worldwide with universities with banks with all sorts of people simply because changing all the locks at once and dozens of buildings is just too expensive. Then, of course, as a CA in your browser, most nations own or control certification authorities that your browser trusts. And the few nations that weren't allowed to own such CAs such as Iran, but up to mischief, as we found in the case of the digital tar hack a few years ago. And this means that most nations have got a more or less guaranteed ability to do man in the middle attacks on your web logons. Now, some companies like Google have, of course, started to fix that with various mechanisms such as certificate pinning, but that was a deliberate vulnerability that was there for a long, long time and is still very widespread. Phones, 2G is insecure. That actually goes back to the Cold War rather than the Crypto War. But thanks to the Crypto Wars, 4G and 5G are not very much better. The details are slightly complicated. And again, they're described in the book. Bluetooth is easy to hack. That's another piece of legacy. And as I mentioned, the agency's own the search responsible disclosure pipeline, which means that they get a free, far hose of zero days that they can exploit for perhaps a month or three before these end up being touched. Next slide, please. Last year when I talked at the Chaos Communications Congress, the audience chose this as the cover for my security engineering book, and that's now out. And it's the process of writing this that brought home to me the scale of the damage that we still suffered as a result of Crypto War One. So let's move on to the next slide and the next period of history, which we might call the War on Terror. And I've arbitrarily put this down as 2000 to 2013, although some countries stopped using the phrase War on Terror in about 2000 and head once we have got rid of George W. Bush and Tony Blair. But that's a historical convenience. This is, if you like, the central period in our tale. And it starts off with a lot of harassment around the edges of security and cryptography. For example, in 2000, Tony Blair promoted the EU dual use regulation number 1334 to extend export controls from tangible goods, such as rifles and tanks to intangibles such as crypto software, despite the fact that he had basically declared peace on the tech industry. Two years later in 2002, the UK Parliament bolted an export control bill that was going to transpose this because it added controls on scientific speech, not just crypto code, but even papers and crypt analysis and even electron microscope scripts. And so Parliament inserted a research exemption clause at the argument of the then president of the Royal Society, Sir Robert May. But what then happened is that GCHQ used EU regulations to frustrate Parliament. This pattern of extra legal behaviour was to continue. Next slide. Because after export control, the play shifted to traffic data retention. Another bad thing that I'm afraid to say the UK exported to Europe back in the days when we were, in effect, the Americans conceivably airy on the European Council. Sorry about that folks, but all I can say is at least we helped start EDRI a year after that. So one of the interesting aspects of this was that our then Home Secretary, Jackie Smith, started talking up the need for a comms database, a database of all the metadata of who had flown whom when, who had sent an email to whom when, so that the police could continue to use the traditional contact tracing techniques online. And the line that we got hammered home to us again and again and again was if you've got nothing to hide, you've got nothing to fear. What then happened in 2008 is that a very bad person walked into Parliament and went to the PC where the expense claims of MPs were kept. And they copied all the expense claims onto a DVD and they hopped it around Fleet Street until the Daily Telegraph bought it from them for £400,000. And then from the best part of the year, the Daily Telegraph was telling scandalous things about what various members of Parliament had claimed from the taxpayer. And it turned out that author Jackie Smith may have been innocent. Her husband had been downloading pornography and charging it to her parliamentary expenses. So she lost her job as Home Secretary and she lost her seat in Parliament and the communications data bill was lost. So was this a victory? Well, in June 2013 we learned from Ed Snowden that they just built it anyway despite Parliament. So maybe the victory in Parliament wasn't what it seemed to be at the time. But I'm getting ahead of myself. Anyway, next slide please. The other thing that we did in the 2000s is that we spent, I spent maybe a third of my time and about another 100 people joined and we developed the economics of security as a discipline. We began to realise that many of the things that went wrong happened because Alice was guarding a system and Bob was paying the cost of failure. For example, if you've got a payment system then in order to prevent fraud, what you basically have to do is to get the merchants and the banks who buy transactions from them to take care. But the costs of fraud fall on the car holder and on the banks who issue them with cards and the two aren't the same. And it's this that causes the governance tensions and causes governance to break down and makes fraud higher than it should be. Now after that one of the early topics was patching and responsible disclosure. And we worked through all the issues of whether you should not patch at all, which some people in industry wanted to do or whether you should just put all the bugs on bug track as some hackers wanted to do or whether you would go through the cert system despite the NSA compromise because they at least would give you legal cover and would be Microsoft into patching the bug at the next patch Tuesday and would then do disclosure after 90 days. And we eventually came to the conclusion as an industry followed that responsible disclosure was the way to go. Now one of the problems that arises here is the equities issue. Suppose you're the director of the NSA and somebody comes to you with some super new innovative bug, say they had prediscovered Spectre for example. And so you're going to bug which can be used to penetrate any crypto software that's out there. Do you report the bug to Microsoft and Intel to defend 300 million Americans? Or do you keep it quiet so you can exploit 450 million Europeans and 1,000 million Chinese and so on and so forth? Well once you put it that way it's fairly obvious that the NSA will favor attack or a defense. And there are multiple models of attack and defense. You can think of institutional factors and politics. For example, if you're the director of the NSA and you defend 300 million Americans, you defend the White House against the Chinese hacking it. You know, the president will never know if he's hacked or not because the Chinese will keep it quiet if they do. But if on the other hand you manage to hack the Politburo land in Peking, you can put some juicy intelligence every morning with the president's breakfast cereal. So that's an even stronger argument of why you should do attack rather than defense. Another thing that I'll mention in passing is that throughout the 2000s governments also scrambled to get more data on their citizens. For example in Britain we'd a long debate about whether medical records should be centralized. In the beginning we said if you were to centralize all medical records that would be such a large target that the database should be top secret and it would be too inconvenient for doctors to use. Well Blair decided in 2001 to do it anyway. We wrote a report in 2009 saying that this was a red line, that this was a serious hazard. And then in 2014 we discovered that Cameron's buddy who was the transparency star in the NHS had sold the database to 1200 researchers including drug companies in China. So that meant that all the sensitive personal health information about 1 billion patient episodes you know had been sold around the world and was available to not just to medical researchers but to foreign intelligence services. Now this brings us on to Snowden. In June 2013 we had one of those game changing moments when Ed Snowden leaked a whole bunch of papers showing that the NSA had been breaking the law in America and GCHQ had been breaking the law in Britain that we had been lied to that Parliament had been misled and a whole lot of collection and interception was going on which supposedly shouldn't have been going on. Now one of the things that got industry attention was a system called Prism which was in fact legal because this was in you know done as a result of warrants being served on the major internet service providers. And if we can move to the next slide we can see that this started off with Microsoft in 2007, Yahoo in 2008 they fought it in court for a year they lost and then Google and Facebook and so on got added and this basically enabled the NSA to go to someone like Google and say Ross J Anderson at gmail.com is a foreign national river for entitled to read his traffic kindly give us his Gmail and Google would say yes sir for Americans you have to show probable cause that they've committed a crime for foreigners you simply have to show probable cause that they're a foreigner and next slide this disclosure from Snowden disclosed that Prism despite the fact that it only cost about 20 million dollars a year was generating something like half of all the intelligence that the NSA was using by the end of financial year 2012 but that was not all next slide please the thing that really annoyed Google was this slide on a deck from a presentation at GCHQ showing how the NSA was not really connecting stuff through the front door by serving warrants and Google in Mountain View it was collecting stuff through the back door as well because they were harvesting the plain text copies of Gmail and maps and docks and so on which were being sent backwards and forwards within Google's different data sensors and the little smiley face which you can see on the sticky got Sergey and friends really really uptight and they just decided right you know you know we're not going to allow this they will have to knock and show warrants in the future and there was a crash program at all the major internet service providers to encrypt all the traffic and so that in future things could only be got by means of a warrant. Next slide please the EU was really annoyed by what was called Operation Socialist. Operation Socialist was basically the hack of Belgium and the idea was that GCHQ spearfished some technical staff at Belgium and this enabled them to wartap all the traffic at the European Commission in Brussels and you know as well as mobile phone traffic to and from various countries in Africa and this is rather amazing it's as if Nicola Sturgeon the First Minister of Scotland had tasked Police Scotland with hacking BT so that she could wartap what was going on with the Parliament in London so this annoyed a number of people. With the next slide we can see that the Operation Bull Run and Operation Edge Hill as GCHQ called their version of it have been aggressive multi-pronged efforts to break widely used internet encryption technologies and we learned an awful lot about what was being done to break VPNs worldwide and what had been done in terms of inserting vulnerabilities in protocols getting people to use vulnerable prime numbers for Diffie Helm and Key Exchange and so on and so forth. Next slide thrust slide and Bull Run and Edge Hill SIGINT enabling project actively engages the US and foreign IT industries to cover the influence and or overtly leverage their commercial products designs these design changes make the systems in question exploitable through SIGINT collection endpoint midpoint etc with formality of the modification so the consumer and other adversaries however the system security remains intact. Next slide so the insert vulnerabilities into commercial systems IT systems networks endpoint communication devices used by targets. Next slide and they also influence policy standards and specifications for commercial public key technologies and this was the smoking gun that crypto war one had not actually ended it had just gone undercover and so with this things come out into the open. Next slide so we could perhaps date crypto war two so the Snowden disclosures in their aftermath in America it must be said that all three arms of the US government showed at least mild remorse Obama set up the NSA review group and adopted most of what it said except on the equities issue Congress dropped data retention where it renewed the Patriot Act and the FISA court introduced an advocate for targets tech companies as I mentioned starting started encrypting all their traffic in the UK on the other hand government express no remorse at all and they passed the investigatory powers act and legalize all the unlawful things it already been doing and they can now order from secretly to do anything they physically can however data retention was nixed by the European courts the academic response in the next slide keys under door mats much the same authors as before we analyzed the new situation and came to much of the same conclusions next slide the 2018 gch cube proposals from Ian Levy and Crispin Robinson proposed to add ghost users to what's happened facetime calls in response to warrants the ideas that you've got an FBI key on your device key ring you still have end-to-end crypto you just have an extra end and this of course fills the keys under door mats tests your software would abandon best practice it would create targets and increase complexity and it would also have to lie about trust next slide please this brings us to the upload filters which were proposed over the past six months they first surfaced in early 2020 for you stand from think tank and they were adopted by Commissioner Yulva Johansson on June the ninth start of the German presidency on the 20th of September we got a leaked tech paper whose authors include our GCHQ friends Ian Levy and Crispin Robinson the top options are that you filter in client software assisted by a server as client side only filtering is too constrained and easy to compromise the excuse is that you want to stop illegal materials such as child sex abuse images being shared over end-to-end messaging systems such as whatsapp various NGOs objected and we had a meeting with the commission which was a little bit like a Stockholm syndrome event we had one official there on the child protection front thanks by half a dozen officials from various security bodies departments and agencies who seem to be clearly driving the thing with child protection merely being an excuse so where might this lead well the obvious things to worry about are as a similar language in the new terror regulation you can expect the filter to extend from child sex abuse material to terror and static filtering won't work because if there's a bad list of 100 000 forbidden images then the bad people will just go out and make another 100 000 child sex abuse images so the filtering will have to become dynamic and then the question is whether your phone will block it or report it and there's an existing legal duty in a number of countries and in the UK too although this is obviously no longer a member state an existing duty to report terror stuff and the question is who will be in charge of updating the filters what's going to happen then next slide well we've seen an illustration during the lockdown in April the French and Dutch government sent an update to all anchor chat mobile phones with a root kit which copied messages crypto keys and lock screen passwords the anchor chat was a brand of mobile phone that was sold through underground channels to various criminal groups and others and since this was largely used by criminals of various kinds the UK government justified bulk intercepts by passing it off as targeted equipment interference in other words they brought a targeted warrant for all 45 000 anchor chat handsets and of 10 000 users in the UK 800 were arrested in June when the white tapping exercise was completed now again this appears to ignore the laws that we have on the books because even our investigatory paris act rules out bulk interception of UK residents and those who follow such matters will know that there was a trial at Liverpool Crown Court a hearing of whether this stuff was admissible and we should have a first verdict on that early in the new year then that will no doubt go to appeal and if the material is held to be admissible then there will be a whole series of trials so this brings me to my final point what can we expect going forward China is emerging as a full stack competitor to the west not like russia and cold war one because russia only ever produced things like primary goods like oil and weapons and trouble of course but china is trying to compete all the way up and down the stack from chips through software up through services and everything else and developments in china don't exactly fill one with much confidence because in march 2018 president Xi declared himself to be ruler from life basically tearing up the chinese constitution there are large-scale state crimes being committed in Tibet and Sinki and elsewhere just last week britain's chief rabbi described the treatment of Uyghurs as an unfallable unfallable mass atrocity in my book i describe escalating cyber conflict and various hacks such as the hack of the office of personnel management which had clearance files on all americans who work for the federal government the hack of Equifax which got credit ratings and credit histories of all americans and there are also growing tussles and standards for example the draft isaac 27 double five three and biometric authentication from mobile phones is introducing at the instance of chinese delegates a central database option so in future your phone might not verify your face print or your fingerprint locally it might do it with a central database next slide how could call war 2.0 be different well there's a number of interesting things here and the purpose of this talk is to try and kick off a discussion of these issues china makes electronics not just guns the way the old uss r did can you have a separate supply chain for china and one for everybody else but hang on a minute consider the fact that china has now collected very substantial personal data sets on the office of personnel management they got us government employees by forcing apple to set up its own data centers in china for iphone users in china they get access to all the data for chinese users of iphones that america gets for american users of iphones plus maybe more as well if the chinese can break the hsm's and chinese data centers as we expect they would be able to equifax got them data on all economically active people in the usa carried out data gave them medical records of everybody in the uk and this bulk personal data is already being targeted in intelligence use when western countries for example send diplomats to countries in africa or latin america the local chinese counterintelligence people know whether they're bona fide diplomats or whether they're intelligence agents undercover why from exploitation of all this bulk personal information now given that this information is already in efficient targeted use the next question we have to ask is when will it be used at scale and this is the point at which we say that the equities issue now needs a serious rethink and the whole structure of the conflict is going to have to move from more offensive to more defensive because we depend on supply chains to which the chinese have access more than they depend on supply chains to which we have access now it's dreadful that they were headed towards a new cold war but as we had there we have to ask also the respective roles of governments industry and civil society academia next slide please and so looking forward my point is this that if cold war 2.0 does happen i hope it doesn't but we appear to be headed that way despite the change of government in the white house then we need to be able to defend everybody not just the elites now it's not going to be easy because there are more set players the usa is a big block the eu is a big block there are other players other democracies there are other non democracies there's other failing democracies it's going to be complex and messy it isn't going to be a situation like last time where big tech reaches out to civil society and academia and we get a united front against the agencies and even in that case of course the victory that we got was only an apparent victory a superficial victory that's only lasted for a while so what can we do well at this point i think we need to remind all the players who listen but it's not just about strategy and tactics but it's about values too and so we need to be firmly on the side of freedom privacy and the rule of law now for the old timers you may remember that there was a product called tom skype which was introduced in 2011 in china the chinese wanted the citizens to be able to use skype but they wanted to be able to wiretap it as well despite the fact that skype had the time at end-to-end encryption and so people in china were compelled to download a client for skype called tom skype tom was the company that distributed skype in china and it basically had built-in wiretapping so you had end-to-end encryption using skype in those days but in china you ended up having a trojan client which you had to use and what we are doing at the moment is basically that the eu is trying to copy tom skype and saying that we should be doing now what china was doing eight years ago and i say we should reject that we can't challenge president she by going down that road instead we've got to reset our values and we've got to think through the equities issue and we've got to figure out how it is that we're going to deal with the challenges of dealing with non-democratic countries when there is serious conflict in a globalised world where we're sharing the same technology thanks and perhaps the last slide for my book can come now and i'm happy to take questions yeah thanks a lot ross for your talk it's a bit depressing to listen to you i have to admit let's have a look okay so i have a question i'm wondering if the export controls at EU level became worse than UK level export controls because entities like gchq had more influence there or because there's a harmful franco-german security culture or what it was do you have anything on that well the experience that we had with these export controls once they were in place was as follows it was about 2015 i think or 2016 it came to our retention that a british company um sophos was selling bulk surveillance equipment to president our asset of syria and he was using it to basically what happens into our population and decide who he was going to arrest and kill the following day and it was sold by sophos in fact through a german subsidiary and so we went along to the export control office in in victoria street a number of NGOs the open rights group went along and privacy international and us and one or two others and we said look according to the EU dual use regulation right bulk intercept equipment is military kit it should be on the military list therefore you should be demanding an export license for this stuff and they found every conceivable excuse um you know not to demand it and it was the lady from gchq there in the room who was clearly calling the shots and she was absolutely determined that there should be no export controls on the stuff being sold to syria and eventually i said look it's fairly obvious what's going on here if there's going to be black boxes and president our assets network you want them to be british black boxes or german black boxes not ukraine you know israeli black boxes and she said i cannot discuss classified matters in an open meeting which is as close as you get to an admission and um a couple of months later angela maracle to her great credit actually come out in public and said that allowing the equipment to be exported from uti marco to syria was one of the hardest decisions she had ever taken as chancellor um and there's a very difficult trade-off between maintaining intelligence access given the possibility that western troops would be involved in syria and um the fact that the the kit was being used for very evil purposes so that that's an example of how the export controls are used in practice they are not used to control the harms that we as voters are told that they're there to control right they're used in all sorts of dark and dismal games and we really have to tackle the issue of export controls with our eyes open yeah yeah there's a lot a lot to do and now germany has left the uh u uh u n security council so let's see what happens next um yeah we'll see ross anything else you'd like to add we don't have any more questions oh no we have another question it's just come up second good do you think that refusal to accept backdoors will create large uncensorable applications well if you've got large applications um which are associated with significant economic power um then you know pressure gets brought to bear in those economic players to you know do their social duty um and this is what we have seen with the platforms that intermediate content uh the actors content intermediaries such as facebook and google and so on that they do a certain amount of filtering um but if on the other hand you have wholesale um surveillance before the fact of end-to-end encrypted stuff then are we moving into an environment um or a private speech from one person to another is no longer permitted you know i i don't think that's the right trade-off that we should be taking um because we all know from hard experience that when governments say think of the children they're not thinking of children at all if they were thinking of children they would not be selling weapons to Saudi Arabia and the united arab emirates to kill children in the yemen and they say think about terrorism but the the censorship that we are supposed to use in universities around terrorism the so-called prevent duty is is known to be counterproductive it makes Muslim students feel alienated and marginalised so the arguments that governments use around this are not in any way honest and we now have 20 years experience of these dishonest arguments and for goodness sake let's have a more grown-up conversation about these things now you're totally right even if i have to admit it took me a couple of years not 20 but a lot to finally understand okay i think that's it we just have another comment and i'm thanking you for your time and um are you in an assembly somewhere around hanging around in the next hour or so maybe if someone wants to talk to you he can just pop by if you ever if you if you have used this 2d world already no i i haven't been using the 2d world um i had some um issues with my browser and getting into it but um you know i've got my my web page and my email address is public and anybody who wants to discuss these things is welcome to get in touch with me all right so thanks a lot thank you for the invitation yeah thanks a lot