 Good morning. We have an amazing keynote for you this morning. I'm I'm gonna be introducing Matt He's the director of digital safety and privacy at tactical tech. He's also the founder of crypto Arlim Matt is a accurate dedicated to safeguarding marginalized groups around the globe. Please a warm welcome to Matt Hey, everyone. Thank you so much for coming and for waking up so early Especially on a day when there was a party the night before I'm really privileged to see so many field chairs I'm Matt Mitchell. This is my Twitter. I'll have my contacts after that and Let's just jump in. I'm gonna talk about cybersecurity versus the world And is our industry a savior or an annihilator? Which I found out like there's a there's a Canadian metal band named Nile but I wasn't able to check him out So I couldn't I didn't put him on my slides So hey who out there in the infosec versus cyber who's a cyber person like I'm cyber cyber is what I call myself Thank you, and who's a infosec person hashtag infosec Okay, and I don't know what the rest of you are but I don't want to know okay. Okay, cool So I'm gonna Talk about this work that we do because everyone in this room or everyone who's comes to NSEC is has some Thing to do with this space right whether you call yourself a security researcher or a hacker You know there's a overarching label that's attributed to you and I would call that the industry the multi-billion dollar industry of cyber security right and but in our name in the name of hackers or Because of hackers in the name of cyber or because of cyber there are a lot of people who do horrible things in our name and My presentation is just talking about How did our name even? Arise like where'd it come from and and why did it and how did it go so astray and what can we do to reclaim that name? Okay boom These are gonna be I'll tweet these like out and they're creative comments. You can do whatever you want with them I'll just make sure all the things click out to links so you could learn more This is my favorite slide because you know I get the flex about how cool I am But in all seriousness This is a good slide if you want to get picture because these are all organizations that could use a little bit of your brain power if you have a board night or weekend or hour or maybe Vacation and you just want to like lend a helping hand people doing some good. I would recommend it So I call myself a hacker and a security researcher I've been doing this stuff since I was a tiny little kid before I didn't even had a computer I was just like you know typing on a drawing of a computer keyboard on visa card board and Yes worked my way up from there So tactical tech is a nonprofit that's based in Berlin but their work in the reach is global and it's worldwide and I Very honored to be the person that keeps them safe in a research safe and also make sure that the advice that they give is Spot-on and won't be used to harm anyone I'm also an advisor for a group called national association of criminal defense lawyers at the fourth amendment center that's a us thing and It's a national organization of all the people who would defend you if you're charged with a crime Surprisingly, you'll find out if you're ever in the in a hot seat in court Most lawyers aren't really up on Technology and a really small thing that could free you if there you don't know it And you're not able to explain it or have an expert witness work with you It could be the the end of your freedom over like an IP address or something silly like that Okay, so I helped them out with that with a group of other awesome folks including some people from EFF I'm an advisor to this group called the open technology fund which funds a lot of open source technology If you have an idea and it's to do some good and you're like, how do I monetize this idea? Maybe you don't need to monetize the idea Maybe you just need some no strings attached funding to make a free open source tool that people could use and that's what open tech Fund does so you just go there and you fill out a very simple web form And it's a rolling admission so there's many forms every couple of months and you never know I mean, that's how a lot of the tools that we use and we like are Able to maintain their staff and maintain the work that they do. So you don't have to just do it alone There's there's other ways and I'm really honored to be an advisor there to help when they're looking at admissions of stuff and I'm a developer and I used to work in news I used to work in the New York Times as data journalist I used to work at CNN and do much other stuff, but I felt this calling to do more Outside of my nice air-conditioned office you're getting my Starbucks latte I just felt like I'm not really helping anyone and so I decided to jump in heads first. Okay, so let me move on to my my next slide but These are all the things that I worked on 2006 2017 I've got many fellowships and but the the biggest Award to me the thing I'm most honored and humbled about was when I was watching TV one day and Then I saw my name on the screen I was watching Mr. Robot and Elliot's like on a server and then it's like wait Matt Mitchell that's me, you know and You know like I work in service to activists to journalists to people who work in media to people who are marginalized people who don't have funding You know, I'm the person who they are like hey, I heard someone told me about you, you know It's like the a team. I'm just in that van by myself, you know and every once in a while I got a little shine and I'm really honored about it, but not once but twice because Crypto Harlem was my project and It's back in the day when Elliot's using signal and it's when it still had the confirmation words and so they put that in there I mean, I watched it like ten times. They were like no, I'll look for it again I'm like, what are you talking about? There's nothing about me and then I saw that and it was pretty wild But then when I start feeling myself a little too much I get a call from an activist group and then I realize hey, you know, it's not about me and I live in service to give my tech skills to other people and You know, I work with a group called the movement for black lives and their umbrella group That is 60 organizations Including black lives matter inside the United States keeping them digitally safe against the you know Things that they face as well as countless other activist groups and I'm really honored to do that Well, let's jump into this whole cyber thing. Okay So how do we get here? How do we get so astray and I'll explain what I say is astray Kubernetes actually Kubernetes is the problem. You know devops people is their fault Actually, no in a in all seriousness This is a Greek word Which means Kubernetes which is governance or to steer right and from that word is where Cybernetics comes from right so we started out as this governance word and then there's a thing called cybernetics Which just came out of that So our path to being hackers cyber security people started a very long time ago. So what is cybernetics? Cybernetics was this idea from the 1940s in the US This mathematician Norbert Weiner He was like, hey, you know what I've got this idea and it goes beyond math It's a whole new like renaissance level. It touches psychology technology Biology and it's gonna change the world and I'm gonna call that cybernetics It's a connection of man with tools and in the 1950s. It was this ad here that says cybernetics How will you use it right and it was a bank because this was gonna be huge It was gonna be the biggest biggest thing. He had a book the the human use of human beings cybernetics and society and It didn't exactly change society But it did change a lot of people and that trickled down into where our name cyber came from okay Cybernetic organism came from these two people who were like hey We're really into this idea of cybernetics and which started in the 40s now it's 1960 in the US and We feel like Man needs to get to outer space and there was a big government push called the space race to make this happen United States had all these secret Plans to try to beat the USSR in having a manned or a piloted ship enter the stratosphere then go into space and These two gentlemen Manfred Klein and Nathan Klein a scientist and a researcher and the more you read about them are really interesting like Into like very obscure strange things like freeing your mind through cybernetics. It's very strange. It sounds very cult-like and They talked about this thing called the cybernetic organism which they Truncated into cyborg the cyborg in space. We as human beings we struggle right but cyborg freeze man to explore The cybernetic organism it just grew that actually like actually picked up and became a trend and there was actually a Submission to the Journal of American Medical Association Which is actually you know like it's not easy for them to publish your work has to go through peer review and in 1965 and it Became its own little book called evolution of the Superman Cyborg Cyborg as a man who uses machines to increase his power and I don't know about you But mankind and power is never a good recipe now we go towards the 70s and We have this thing called creeper which all the you know old school computer nerds computer science nerds might know about and It was One person worked like working too late at work Bob Thomas and he was like you know what I have this computer And it's on this thing called ARP net and it just does really basic things and I'm gonna spend a lot of time Trying to get it to just write this weird random sentence every once in a while And that's where the I'm the creeper catch me if you can and that's credited as being the first computer virus and then Into the 80s or sorry 1968 just a little bit after that Two artists Have this old piece of artwork from 1968 that has the word cyberspace in the corner there It's very strange. They just were like we're into cybernetics and we heard about this whole art movement And yeah, we're just gonna have this space for cybernet It's a cyberspace and it's just a word cyberspace. So that's actually the word cyberspace goes like 1968 But cyberspace is we know it as like the internet As that like imaginary place we go to on the nodes and surfing and all that stuff That's that visual that concept is attributed to Canadian born see I'm trying to play to my audience William Gibson Burning Chrome is like a smaller novel before Neuromancer I've read both, you know, and then after you do that you just know crash and after you do that You do your little brother, you know got to do your hacker classics But this is where this this vision started and In 1989 that's when more and more people started getting online and that's like the early adopters It was was not easy like 2400 bored modem connections to the internet and cyber security and Cyber war came out in 1989 as words, right? Not really properly attributed to anyone because everyone was saying cyber everything There were cyber dolls and like cyber this and that and the word cyber was just you just put that in front of stuff And it meant like technology and techno, right? but here we are 30 years later and Where are we with info sack? Where are we with cyber? Well, let's go on a little trip around the world just to look at a few places I'm just gonna talk about because these are places where I work with folks and the things that they talked to me about The things that we're struggling with right now probably aren't that well known and I think that people who are like hey I work in cyber security. I work in info sack. You should know about this because people are saying that this is you, right? This is where Vietnam is on the map Here's some quick headlines under Vietnam's new cyber security law US tech giants face stricter censorship on January 1st 2019 the nation of Vietnam which Really is run not it's not a democracy. It's just like run by who's in government right now They decided to have a cyber security law and that's always in my book a dangerous thing because Cyber security laws when you open them up are not what they sound like But the idea that you can open up a newspaper tomorrow and the word hacking is in it means that you need to be secure You need the cyber security so a lot of stuff gets passed all around the world in the name of cyber security This law says that if you are a tech firm whether you're Facebook or Twitter or a small Company and you're operating with data of people from Vietnam. You must have an office in Vietnam So Mark Zuckerberg time to buy that ticket and fly over it also says that The Vietnamese government can censor any post that's on the internet To defend the safety of the government because you know these might be falsehoods and misinformation and things like that The US urges delay on this Vietnamese cyber security bill and a lot of human rights organizations a lot of different groups We're like look we got to stop this cyber security bill We got unpack it or slow it down and this is the same thing that you'll see you'll hear a lot of Conversations before the bill is passed and becomes a law. Well, this is our open letter. This is our mandates when we think about it but then the laws are passed and It's too soon to tell how it's going to be used but already we have some idea two activists Were spreading propaganda on Facebook and they went to jail in Vietnam I was talking to a friend who works in Vietnam in on these issues and they were like hey mad Have you ever seen this before? Now I was like, what's that and they're like you're unable to view this content because local laws restrict our ability to show it If you'd like more information, please see help center when you go back to a post Oh, my post is getting viral. Let me go back to it. You go back to it an hour or two hours later You see this instead. It's very strange. Oh, sorry. This is what other people see they when they're looking at your post Sorry, they see this instead of what was there and then you see this access to your post has been restricted by Facebook Because Facebook says this and I know a lot of great people at Facebook And I constantly have to know them because this involves a lot of conversations and no department that's going to exactly handle these things and I'll say, hey, you know, why did you? Block that piece of content. It was really banal and boring and pretty chill and they're like well the government told us to and they are the rightly Empowered government of that country and so we follow the laws that say the people who run the country tell us what to do And if they say that needs to come down, we have to take it down another thing that happens is a Facebook group will be created and You'll be added as an admin of that group who doesn't want to admin a Facebook group And this is a trick because Facebook doesn't ask for any permissions or anything before you could become an admin They never thought about that and so this kind of like honeypot is created You know someone just starts adding people to it and then a post will show up there and it's in your name now You're an admin of that group. You knew about that post. Maybe you posted that thing. It's like what group? I didn't know about that But it's used as a trick as a way to ensnare and and catch people right if not arrest them This is something that Facebook was hearing from Vietnamese activists and said, okay, well, we aren't okay That sounds like a bug. We're gonna work on that feature of our product. Okay Let's get on the plane Here's the open letter from the activists in Vietnam This is just from this year in May and they're like dear Facebook don't give in to censorship in Vietnam because that censorship is Silencing the voices of the people it's harming the people who are organizing and it's leading to quiet arrest or intimidation on the streets Now we're going to India. I was just in Bangalore. It's a really beautiful city in India and When I was walking around I was trying to get a SIM card It's just first thing I do when I land someplace, you know, just find that shady SIM card dealer Get your SIM card in cash. My name is Elliot boom, you know But I couldn't I could not get a SIM card because they were like, oh, yeah, no problem. You got the cash You met me in the alleyway. I'll give you the SIM card, but I need to know your your national ID number I need to know your ad hard number. I was like, what what? right India is the largest democracy in the world But India is also leading the world in internet shutdowns India will cut off the internet in One village or one town or cut off the internet for the entire country with a drop of a hat India has a plan for a cyber security law This cyber security law is mirroring an existing law, which is something that you'll see around the world People will say this is just like some other country usually a Western Country's law and this is the GDPR law, right? So it's India's version of the GDPR But their GDPR is not like the German EU GDPR, okay? India wants data and India wants control It's a large democracy with millions of people spread all over the place and that's very dangerous and scary to people who sit on seats of power When Mozilla the nonprofit who's pretty chill about stuff is actually leaning in about something, you know it must be bad and They have a draft that they published of what their data protection law would look like One of the things that they say is they'll have a body there That's like a tribunal that will handle all these things and that's always good You want to see that because a lot of these laws have no one behind them. There's actually no one assigned to these titles But that's the only thing that's kind of good actually, I also think it's kind of bad because It doesn't say what's the governance model for creating these people in these seats There's a single data localization, which is a common tactic on these international cyber security laws Which says for us to properly safeguard our networks and our people you must move if not your entire company At least the servers into our borders Which means that they are now subject to our laws and Then it has this data processing law which means that the government has allowed to kind of bend the rules and Reach out to the data regardless of the privacy agreements that they have in the you know national interest or for public safety Which is a huge exception because as the pattern with all of these laws They're extremely vague to the point where they barely mean anything and if you are a Student of looking at these things you'll realize that they are literally Copy-pasted from other countries cyber security laws and then massaged into Whatever another country needs we've seen cyber security laws from Zimbabwe and other countries in Africa and Almost the exact same wording across the globe in places like Thailand Which also has the same problem as they launched their cyber security bill Let's go to Myanmar is where it is on the map. It's a beautiful place. I know some amazing people here I met a group of Digital safety and security workers who just are complete volunteers like it's like oh I got to go the baby You know and they have this network and they're just helping people helping people on the ground because the country is one where it's shifting and Internet laws are changing and the apps that they use are being blocked and people are being hacked and targeted and You need someone on the ground. You need someone who looks like you Who when they're standing in front of the room you're like I can do this because I see myself in this person I was on the phone one of these people today right before I came out here And I was like how's everything going on the ground and then they were like things are moving so quickly And we're really concerned about our neighbors in other parts because they all have the same kinds of bills that they're fighting There's this headline which is a common one about tech companies who once flocked to Myanmar Now like they're the tools they're used against these two drums from the wall. I'm watching post There was this genocide on a Marginalized group called the Rohingya. I specialize in work protecting marginalized groups. That might be queer folks It might be You know black folks might be brown folks It might be someone who's got the wrong passport or whatever the group is that's on the fringe or pushed to the borders or criminalized by their Identity that's who I work with and the same patterns happen over and over again. These laws are designed to target those people Here these journalists who broke a story about police abuse and it's the strangest thing about the story was the police actually The the police actually said you know what you're right like Reuters report is correct And you know the things you're reading here. These are real and we admit to this That's how solid the case was that they made and they got a Pulitzer for their work But they also found themselves in prison and jailed for their work And now we're finding out now that they're out and free now because of a lot of pressure and a lot of work from a Lot of the groups that I see and work with They're free and Now it's coming out how they were targeted how people were knowing where they were and hacking is part of that This thing about this country that's so strange is Facebook is there's a direct link between Facebook post and the genocide in this country they're The military completely weaponized Facebook spread misinformation used Facebook like a virus and Got the country to turn their back on this marginalized group So they can literally be burned in their homes and killed Facebook first said well, that's not don't we don't know that's what happened Mark Zuckerberg It's like I don't know if you can you know and there was open calls for hey Facebook You must change how you're doing things But after a New York Times story about a sniper Facebook group that was followed supposed to be a member of the military, but it's actually controlled by basically the government's PR firm to spread propaganda it was just like too much of a link and then they cancelled over 300 Facebook accounts which they never do of government officials and just yesterday Twitter cancelled this account of An army chief who was using a derogatory term for the Rohingyas So tech firms because of the spotlight that shined upon them will say okay We're going to cancel this one account But there might be a hundred other countries with a hundred other exact same situations but are less in the press spotlight and For that they're like well, we still need a little more information What we see is that public pressure makes a big difference here. I use as much global mail as possible Okay, so How are we doing on time? Okay. So now now what like what do we do that? This is happening Faster and faster seems like every month is a new cyber security law a new data protection law and on the Outside it might seem like a good thing might seem like a good idea and what I would ask you to do is to say you know what? Not in our name We're gonna peel back whatever is going on here and just read into it and make sure it really does match up because the first two Three points on the law will like completely sound innocuous and boring and then as you read it some strange things going on I work with a non-profit that I mentioned called tactical tech and they have a bunch of tools that you might be interested in So I'm just gonna like talk about them they have a report that we just finished researching and publishing on how technology is being used to destroy democracies and It's called personal data political persuasion and some people have heard of Cambridge Analytica and there's like 300 Companies just like Cambridge Analytica and they were already on our radar when we started this research and in this you'll find It's a free PDF. You can just look at all these other Companies and how they advertise and all and elections where they played a part in changing who was who basically who won and What the electorate thought? manipulating voters is Easier than manipulating voting machines and it's a win because they'll continue to vote in the way that you made them vote and It's something that we also talk about the techniques and tools that are used to do this so you can look for it when you go back to wherever you vote and If you ever travel to another place you can look for these same types of things if You have a normal kind of regular mundane non Northsek type person in your life. We have a data detox kit. That's what we call it you could just search on that when you're duck duck go or whatever your nice search is and With that it's instructions kind of like a juice fast or like a detox for your health day one Take a breath. Maybe lay off that a mouse a little bit Not so much Facebook day two and we kind of walk you through a really short eight day cleanse or detox and it's just to teach people little ways about how they're interacting with technology and on day nine You're just gonna go head first back in but a little bit slower And if there's someone who's like, yeah, I get kind of grasp what you're saying, but I don't know I think this might be for them because it's like translated in many languages It's written in a readability level that's easy for people to grasp and has like little cute drawings And I talked about Investigating laws and looking at things around us and we have this thing called the kit Which is kind of like a poor man's Bellingcat if you want to learn how to be an Ossent open-source intelligence gathering person learn how to read the data around you research things We have like this entry point Writing there and I oversee all of those documents to include safety advice So it's like this is a domain you want to know who owns it You want to know who runs it you want to know where their mail comes from these are tactics and tools You could use you want to know when they change pages on there you know we want to know when they pull things down and I make sure that all the stuff is if not free low cost and All the tools are vetted by a collection of people from around the world because I work people from all around this club Okay, I think I'm gonna break for questions or stop for questions if there are questions. Okay, I'm okay, so Yes