 The CDC hacktivism panel. I've been asked by our sponsors to mention that coming up next is Jim Christie's Fed panel. So I guess that's for all of the feds. And after that is Brian Glancy's the weakest link. Okay. Let me sort of explain how this is going to work and then you can decide whether or not you want to stay and watch it. I'm Reed Fleming from the Cult of the Dead Cow. This is the panel about hacktivism. All my fans. And we're pleased to present today's keynote speech and panel discussion entitled hacktivism in human rights using technology to raise the bar. The format's simple. There's going to be a speech and then afterwards there'll be a panel discussion and then tonight after 5.30 you can find us in the bar at the Hard Rock Hotel and you can talk to us about basically anything you hear here. And buying our beers. Yeah. Our keynote speech speaker is Dr. Patrick Ball, Deputy Director of the Science and Human Rights Program with the American Association for the Advancement of Science or AAAS. They're located in Washington, DC. AAAS examines how the progress of science impacts the well-being of people. The association facilitates communication among science, government, and the public on a wide variety of topics that affect people around the world. AAAS's Directorate for Science and Policy Programs is an authoritative source on research and development in the federal budget and explores a host of science and technology issues that face Congress. It works to ensure research competitiveness and high ethical standards and encourages a dialogue on science, ethics, and religion. Its Science and Human Rights Program helps guarantee human rights worldwide. The AAAS Science and Human Rights Program was established in 1976 to give scientists a way to help their colleagues around the world whose human rights are threatened or violated. Mobilizing effective assistance to protect the human rights of scientists around the world remains central to its mission, as well as making the tools and knowledge of science available to benefit the field of human rights. Since 1991, Dr. Ball has designed information management systems, provided training on the use of cryptographic tools, and conducted quantitative analysis of large-scale human rights projects for truth commissions, non-governmental organizations, tribunals, and United Nations missions in El Salvador, Ethiopia, Guatemala, Haiti, South Africa, Kosovo, and Sri Lanka. AAAS has published three books by Dr. Ball. Who did what to whom? Planning and implementing a large-scale human rights data project. State violence in Guatemala 1960 to 1996, a quantitative reflection, and policy or panic, the flight of ethnic Albanians from Kosovo, March to May 1999. I give you Dr. Patrick Ball. Thanks a lot. It's really cool to hear yourself introduced. I want to be very clear how thankful I am to the CDC for inviting me to give this talk. I hadn't thought of what I do as hacktivism, but as I talk to these guys, I realize that what we do is incredibly similar, what I do and what they do. They're very similar in a lot of different ways. I think that I found that similarity really exciting. I hope that I can share some of that excitement with you today. As Reid said, we apply science and technology to human rights. We take a broad view of what science is. What people in this room do, we would count as science. At least for this afternoon or for the next 30 minutes, think of yourself as a scientist, as someone who applies a systematic and rational approach to solving a problem, to figuring something out, to discovering something. With that, let me talk a little bit about what I think hacking is. I think hacking is finding things out. It is discovery, especially if the knowledge you're looking for is hidden, obscure, and important. When governments commit mass killings, when they commit a program of ethnic cleansing to drive hundreds of thousands of people from their home, when they detain arbitrarily thousands or tens of thousands of people when they commit torture over a period of years or decades, this is not knowledge that they wish for others to know about. For hundreds of years, the Quakers have had an idea of speaking truth to power. It's a very strong idea. It's an idea that has brought repressive regimes down over periods of time when people continuously, tirelessly and truthfully, speak truth to power. We can agree that it's a valuable idea, but it's not always as easy as one might think to figure out what the truth is. It might be easy enough to say, oh, yeah, that guy was killed and he was killed by the government. The government, I assure you, when you make that claim, will dismiss it. Well, he wasn't really killed, or he was killed in a crossfire, or the agents involved were rogues and we've sanctioned them. But if you can demonstrate that not just that guy was killed, but 10,000 other people were killed just like him, then you'll speak truth to power in a way that power will be unable to deny. And the only way you can aggregate that much information is with technology. So I won't explain these slides. I'll point you at the earl. But I can say that these slides are a piece of speaking truth to power. And so are these. So hacktivism is finding ways to speak truth to power using technology in this way. Technology or hacking in the service of human rights or civil liberties or the environment. So when the Truth Commission in Guatemala was able to conclude that we find that more than 200,000 people were killed during the armed internal conflict. More than 93% of people were killed by the government. The Army of Guatemala can no longer deny that this occurred because the basis on which we made this claim was defensible on scientific grounds. There's no more pretending that this didn't happen or that it was a few violations or that violations were committed equally by both the government and the agents of the insurgency. No. Now in fact we have scientific data that allow us to say this happened. It can't be denied. And in six regions, the slide in the lower right, in fact the killing and the pattern of the killing was such that it constituted genocide. What I'm going to talk about today briefly is what are human rights? What do we mean by them? Human rights are not just good ideas. How does information and technology help human rights work? I'll talk a little bit about the use of massive data and information systems. I'll talk about cryptography and I'll talk about distributed web-based databases. And finally I'll talk about why I decided to come out here and sit in this breathtakingly hot tent. Does anyone else in here feel that their natural home environment is a server room that's about 45 degrees colder than here? And I'll say what can you do? It turns out that there's an awful lot that people in this room can do. The fact that you've come to this conference means you have certain interests and I think that those interests mean you have certain skills and if you have those skills I'd like to get email from you. I'd rather not see you have root on my machine though if that's alright. Human rights are defined in international law. In 1948 after the Holocaust in Europe after the Nazi atrocities the world said to itself we needed some way of saying this was wrong. People said during during the Holocaust that it was wrong but no one had the right under international law to say that the Nazi government could not do what it could do because they had this bad idea called sovereignty and the bad idea of sovereignty means that governments can do what they want and other governments can't say anything about it. So in 1948 governments said well sovereignty has a limit and that limit is defined by certain rights that everyone has. You do not have a right to do anything you want but you do have certain rights and these are the rights defined as goals for international law in the Universal Declaration of Human Rights which essentially all governments of the world agreed to in 1948 with some rather sad exceptions. In the next years that followed that these laws these ideas these goals were given the force of international law and these are this law is codified in two covenants the covenant on civil and political rights the covenant on economic and social economic social and cultural rights these were ratified and came into force in 1976. Coming into force means they have the the force of international law. Governments that are party to these agreements may not violate these rights without being in the wrong. Well you may say well so what so what if they're in the wrong. Well it turns out that being in the wrong is a basis on which other governments being pressured to bear on them. Other governments don't want to have diplomatic relations with them. Other governments don't want to trade with them. Other governments don't want to have cultural and sports missions with them. This may sound light but you know when I was working in South Africa in 1996 and through 1998 the South Africans told me that the thing that hit them hardest was that they couldn't have other teams other sports teams come and play sports with them. This erodes the fabric of what it means to live in a nice place and we all want to live in a nice place and so when the things that make a place to live nice are taken away regular citizens start saying hey wait wait wait this isn't okay and those little bits of pressure come to bear they aggregate across all sorts of different arenas and they pressure bad governments to behave better. Of course now we have on the basis of crimes of war we have tribunals, tribunals which try international, excuse me try people who have violated international humanitarian law and send them to prison. It would be very nice if we had a round of applause for the extradition of Slobodan Milosevic to the Hague last week and I hope you're all as excited as I am by the prospect of his very pleasant and drawn out trial which should begin in about six months. The convention against genocide is the strongest of all international humanitarian law and it means that no government can decide because they don't like some group because of its ethnicity, its religion, its race, its color, its ideas even. It means that they cannot target that group for elimination. It's a strong idea. It may sound obvious but it was only ratified in 1948 and we've only had two findings under international law that genocide has been committed. That doesn't mean that they're the only two times it's occurred. It means the only two times we've had findings. We're building that and making a finding about genocide is making a finding about policy. If you want to say that something has happened as a question of policy, you need an awful lot of data. An awful lot of data and to get that much data in one place and to do something about it, you need a lot of technology. When we build these mechanisms for pressure, we use standards. We use the standards of international law. The pressure comes from public groups like the United Nations missions. It comes from big international human rights groups like Amnesty International or Human Rights Watch but more than anything it comes from tiny grassroots groups on what I call the cold face. It comes from the groups that look the police who do disappearances in the eye. It comes from people who go to the police stations and say do you have this guy? Could we have him back before you disappear him please? There are more than 8,500 of these groups worldwide and they desperately need a lot more technology and I'll tell you about the technology they need and the ways we have applied technology in a few of these cases over the course of the next 20 minutes. For this pressure to be effective, it's much more important that it be focused than that it be massive. This is an important understanding. If we say oh well you know the government to pick a case out of the air, Burma has done some terrible things. I know, let's set up a website where people can mass email or mail bomb different instances of the government of Burma say their embassies in various countries or other places and people write hate mail in email to the government of Burma. They're just going to put up a spam filter. That's not going to mean anything because they'll realize because of the unfocused or undisciplined nature of the action the government of Burma will quickly realize that the people sending this email don't really know what they're talking about and that they aren't really going to be committed to a long-term pressure campaign against the government. Human rights groups that do mass advocacy have very careful, carefully planned strategies. They know exactly who in the government might be receptive. They understand if there are reformist elements that can undermine the hardliners and maybe ultimately force them out of power. They know how to turn a campaign on and then turn it off if the government does what you want. And so I would urge you in your human rights work if you decide to participate in these kinds of direct actions, please do so in networks of professional human rights groups. Don't create your own networks. These people have been doing it a long time and they know what works and more importantly they know what doesn't work. So go to Amnesty. I'll put the earl up later. But there's a lot more you can do and we'll talk about that. I mentioned how big the groups are, how big the community is. Let's see why do groups build human rights, why do we build databases? A little human rights group in Guatemala, the International Center for Human Rights Research between 1991 and 1997 built a database of only 65 megabytes of data. That takes an awful lot of work. That's more than 19,000 cases. It's more than 45,000 individual violations. It's a lot of dead trees. If you guys see all that paper up on the wall, those are the coding forms and the interview documents that we went out in the field and took more than 100 people worked for five years to take these interviews. The database was densely relational and had 40 tables. We ran it under Foxpro for DOS on Toshiba 386 monochrome screens. We put the data all together. We encrypted it using PGP and PK zip and wipe every night. We aggregated it on to a single machine using sneaker net, people bringing things over. Ungodly amounts of Foxpro code to ensure the relational integrity. It didn't work that well. I wrote it. But the encryption worked. A laptop went missing during the process. And as far as we know, there was no data leakage. It's a lot of discipline, folks, and it's a lot of pushing hard to do crypto on a platform like this. About a year and a half ago, Carl Ellison, a cryptographer at Intel, a great guy formulated what I call Ellison's Law, which states that the user base for strong cryptography declines by half with every additional keystroke or mouse click required to make it work. Think about that when you're designing tools. When we put together a lot of statistics, we get big pictures, we see the large profile, we see when things happen. Here's a graph from Haiti pointing out that during the de facto regime, there was a huge spike in October of 1993. Anybody who can remember back that far, I can only remember it because I've got this slide and a couple of my talks. Remember that the Clinton administration was threatening intervention and the paramilitaries on the street turned up the pressure. They turned up the pressure by grabbing folks off the street and torturing them and killing them. We learned two things from this slide. We learned two things from looking at patterns. One, we learned that there is this coincidence, this unsurprising perhaps coincidence between a huge spike in the amount of political violence correlated to some political event. We also learned that types of violence move together. The little yellow line on the bottom spikes at the same time as the purple line on the top. Killings go up at the same time as torture. Why would that happen? It happens because they respond to the same cause. They're coordinated. It's policy. It's policy. Similarly, if we look at the demographic structure of people who suffered a particular kind of violence in South Africa, we find a structure. We find a structure that's different for men and for women who are victims of this violation. Men are younger than women who suffered this violation. Buy me a beer. I'll tell you why. These are some projects I won't talk about. There's too much time and I don't want to information overload. But the reason I put the slide up is to say how widespread this practice is. We're doing statistics all over the place in the Truth Commission in Haiti. We're doing it in a little NGO project in Guatemala, in the Truth Commission in South Africa, in the Truth Commission in Guatemala and now in Kosovo. More recently, also in Sri Lanka, we've got projects going in East Timor, in a couple of different countries in West Africa. Stuff is happening. And the reason that this is important for you guys is that just means there's that much more data for people to take away from us. So let's think about ways that we can aggregate data more safely. Building tools like Bastille, which I appreciated from this morning. Hey, I got Bastille on my machine. That means none of you guys are going to hack it, right? All right, just checking. I want to go into some detail about the first project I ever did, the Non-Government Human Rights Commission in El Salvador. I worked there in 1992, in 1991 and 1992. This group took over 9,000 testimonies from 1977 to 1991. 9,000 people they sat down with and listened to as they told stories about watching people get killed in front of them or their children being taken away and never returned. They did legal work for most of these cases. There were more than 17,000 people documented in these testimonies. More than 29,000 violations. We put the data together in an incredibly simple format. This little flat, it wasn't flat, but for cases for this example, I'll call it flat. This little flat table where we had the victim's name in one column, a list of the violations that they suffered in the second column. Actually, in an array of it, okay. The date of the violation in the perpetrating unit, okay, it's a flat structure. If these things occurred on different days, I had to repeat the record. If there were multiple perpetrators, I had to repeat the record. Let's leave that aside for the purposes of this invented example. We see that Juan Perez was tortured and executed on the 22nd of March 1982 and the witnesses alleged to have been done by the army and on and on and on for 17,000 victims. We also collected the career histories of individual military officers. For example, we found that Hernán Galindo, this is invented. There is no Hernán Galindo in the army in El Salvador, who was a colonel and from the 2nd of August until the 31st of December 1983, he was the commander of the army. In fact, we had over 40 different units that we looked at. We had 14,000 of these segments of career structure. And we see on the third record that Hernán Galindo, we also know, commanded the police for a period before he commanded the army on and on for 14,000 segments of this man's career. Well, anyone in here ever written a sequel statement? Yeah? You know what's coming, right? It's a join. It's a big join. It's a really big join. And the point of this join is to develop an individual statistical dossier on every one of these officers. So we link the execution, torture and detention of Hector Colindres with the career segment of Hernán Galindo, thereby attributing these violations to Colonel Galindo at this point in his career. This converts into a table that says that for example, Rogelio Acevedo Pellacios was responsible for 17 arbitrary executions, the first column. 44 forced disappearances, the second column. 86 cases of torture, no massacres, but 225 involuntary disappearances. There's two category of disappearance under Salvadoran law. Again, buying a beer tells you why. But if you go on and on and look through this statistical structure, what jumps out at you is your eye scans, is that most of these guys are not involved in that much stuff. But look at Juan Alcides Áviles. He jumps off the map. We allege him to have been responsible for more than 222 arbitrary executions, more than 91 cases of forced disappearance, 149 cases of torture, five massacres, and on and on. And so when we looked across this list of officers, we determined that about a hundred of them were really bad guys. These were guys who had been into it really deeply. We passed the statistical findings to two structures set up by the negotiations that ended the war in 1991. These two structures had the power to force guys into retirement. And they took our list as the basis for the list of people they forced out of the army. All right, we didn't get them sent to prison, but we got them taken out of positions of power. That's a big step. It's a big step when these guys are no longer running the death squads that come after our officers. So what do we do? We publish this table in a newspaper. We put pictures of these guys on posters with the statistical summary underneath them with some very simple text explaining what the tables meant and we wheat pasted them all over San Salvador. I left the country. I came home. But I've been back since and you know now one of these guys that we nailed, he's got a talk show with one of the guerrilla generals and he sometimes makes jokes about how he doesn't know how we did our statistics. But in fact, they suit us for defamation. He does know because they suit us for defamation after we published these suits. If it had been a few years earlier, of course, they would have just killed us all. But because it was after the peace process, they suit us. So we went into court with what lawyers go into court with, that is dozens of cases of paper. But we also went in with disquets with my code and we gave it to the judge and we said, here's how it was done. And when the judge looked at the code, he didn't read the code, but he figured, you know, said to the officers with whom he'd been in bed for years, he said, you know, you guys, if you guys have technicians review this stuff, what if they're right? You want to go to court and have them prove right? And they backed off. They backed off with through their suit. And that's the news that people remember now. That's the news they remember. The reason it worked, big data. Technology is why it worked. If we'd gone with a few cases the way lawyers always do, they would have been able to come up with a few cases that were the other way. And then we'd come up with a few more and they'd come up with a few more and then they'd come up with it. We're talking about tens of thousands of violations. You never exhaust even a tiny fraction of the universe that way. You need to have the big picture. And the point is then that we were able to target. We were able to be focused. All the officers were implicated in something. Sure. But who was really involved? Who just peripherally? And so to make that decision, the decision that our that our choices about which officers we targeted was a fair decision, a scientific decision, a technological decision, not a political one. We had to look at all of them and discard the ones who were not so deeply implicated. Only large scale methods, only big data, big technology allows us to do that. I want to go on to cryptography. It may be obvious to you that human rights groups have a lot of sensitive data. And in fact, we have stuff like the addresses of witnesses, according to our files, Betty Smith and Jane Jones are the most important witnesses. You can find Betty at her home 123 North State Street. She usually comes home at five. Sometimes she stays with her mom. Hey, keep this confidential. And then send it in clear text. Obviously not. You can see the date on this. I've been giving this particular slide for a long time. Human rights groups get it. Not as much as they should. But many groups use PGP. If you guys are going to applaud, applaud for Phil Zimmerman. Okay. PGP has had an enormously positive impact on the human rights community. Okay. For its various weaknesses and God knows I'm really sick of the command line. For all its weaknesses, it's done a lot of good for us and we need to keep pushing that technology. We're also vulnerable to spoofing. What would happen if somebody posted a message that appears to come from Human Rights Watch saying that, oh, yeah, you know, according to our investigations, the Iraqi government has released all political prisoners, seized torturing detainees, closed forced labor production and now permits the full exercise of rights to free speech, religion, assembly and association. The time for criticism has passed. Let's accentuate the positive. Let's stop being whiners. I would hope that people would recognize this as a spoof. But hope is not enough to stake your legitimacy on. It's not enough. Reputation is as important to us as it is to you. And so serious human rights groups store digital signatures on their messages now. They may not distribute the messages with digital signatures on them, largely because sending digital signatures around clear text messages get mangled and so you get a lot of false rejections, but they put them on their website so that you can download a digitally signed version and verify that in fact this came from the group that it claims to have come from. At my group, when we send out urgent actions about scientists, we put everything up in signature and we will deny it. We've never had a spoof. Many other groups have. We may be just too small to bother with. I'm going to go on to one more example. This is the Martyrs Project. Most of what human rights groups do is text. I wish, I wish that we had more structured data so that I had more examples of the first kind. I wish there were more groups doing crypto, but most of what human rights groups do is text. Somebody comes into your shop, your organization, they say I want to tell you a story and I want to tell you a story about something that happened that I saw and here comes my story and they tell their story and a good human rights group writes it down. They usually write it down on paper. In fact, a group that I'm working with in Sri Lanka right now wrote down 3,000 stories on paper and these stories were then eaten by termites. So paper is not a good place to put a story. And paper is not a good place to put a story as I showed in the first slide. If you're looking for something in any of those stories because very soon after you start taking things on paper, you have tens of thousands of pages and it's not a useful searching mechanism paper. So what you need is some sort of information management system and so what groups do is they type it all into word files. Well, it's not eaten by termites, but their searching capability is not a lot greater. What we really need is a way to prevent them from losing all that data when their hard disk crash or their offices blow up or their CPUs go missing either because of theft or because of some sort of attack or because somebody just saves a new file with the same name. These are not technologically sophisticated people. What happens? Well, people lose data. Has anyone worked in an office where people lost data just because they don't know well enough? All right. You may have some sense of the scale of the problem. Okay. So what we need is some way to take lightly fielded text data encrypt it locally. Okay. In case the CPU goes missing. Replicate that data through a server network across encrypted channels to networks in remote locations so that if the local machines are attacked, the far away machines are safe, and then maybe we can add a little value and put a public interface to those servers so that information the groups want to make public can be searchable through some sort of relatively simple web interface. Check out www.tripledub.martis.org. Here's what the client looks like. We're in very early development. The client I think at this point shows that screen and right after that it crashes. But we're working on it and when it works it will be GPLed. It will have a SourceForge home and it will be cross-platform. We're going to write it once and debug it everywhere. And we are hoping for some help on that debugging. Maybe there are people in here right in Java. So watch for that. We're looking at toward the end of the year. We hope to have that out. But we hope that this solution will solve many of those problems. We've gone to human rights groups in Cambodia, Sri Lanka, and Guatemala, and demoed it and said, hey, if we wrote it, would you use it? And they were like, well, guy, you demoed it. It must work. Can we have it? And we had to explain what a demo is. That was a lot of fun. What is to be done, folks? What can you guys do? Let me say that I think that everyone in here who has ever called herself or himself a geek, the first thing you should do is support your own community. There are terrific, terrific civil liberties groups in your community day in and day out doing important work. That includes the Electronic Privacy Information Center, the Electronic Frontier Foundation, the Center for Democracy and Technology, and computer professionals for social responsibility. These folks are terrific. They deserve your support. You should read their stuff. You should send them money. You should be in touch with what they're up to. But we can get a little bit more focused. Sorry, once I used the double arrow, I couldn't help myself. Anyway, there's some other stuff you can do, more in the human rights line. You can join amnesty and write one letter a month. You're not doing this for amnesty. It helps them. It helps you. It helps you to think about what human rights means. It's not an abstraction. It's somebody in prison being tortured. Think about that person for 20 minutes while you write a letter, a fax, or an email. Think about it. Just for 20 minutes. Not asking for much. Join amnesty. Read the Human Rights Watch site. Read my site at shr.tripleass.org. Keep in touch with what people are doing. People may have seen in the news recently NPR and even New York Times covered it. That sociologist in Egypt was put in prison for seven years because he wrote a scientific report in which he claimed that certain things the government were doing weren't working. Hello. All right. Hello. What if he'd written a piece of code they didn't like? How much closer to home does it have to come? So let's stay in touch. Let's stay in touch with that stuff. But you're just warming up when you do that. Let's get to what you do. You can write code. You can write code that promotes privacy. You can make utilities to hack the embedded ID numbers out of things that embed them. That's a bad thing for human rights groups. Any document structure that embeds an ID number in it destroys the anonymity of our ability to produce that document. Write us a utility that shreds that but retains the integrity of the document. We can't stop every human rights group in the world from using word. That's not a realistic goal. They're going to use word. But we can make that a little bit less devastating for a lot of these leakage, data leakage issues. You can support version one of privacy services, not necessarily because they work, but because if we don't support version one, we'll never get version two. And we can build. We can port. We can contribute to. We can review and bug fix existing freedoms promoting software. I'm not going to give you a list of freedom promoting software. You decide what you think that means. And I think the CDC guys may have some ideas. And let's keep going. Support free and open source software. Free the doc format. Give me a translator that works every time. Some of our documents are really complicated legal documents. And even the best translators break on those. Remember that human rights folks and other people protecting your privacy are users. They're not geeks. If your mom can't use the software, we can't either. So keep that in mind as your reference point. Finally, maybe you could do me a favor or two. Is there anyone in here who's really good at postscript and want to write me a little pearl? I got a really interesting little hack. And finally, is there anyone in here who really knows his or her way around X3-4-1 and an ATR card under red hat 7-1? I got a problem. And it's so far defeated Linux care. Maybe somebody in here can help me out. Anyway, thanks a lot for your tolerance. I hope this really gets you excited. Thank you, Dr. Patrick Ball. Now it's time to throw the popsicles into the audience and also announce the other two members of our panel. Next to Dr. Ball is Greg Walton. He's a human rights researcher living in Dar Essela. Let me try that again. Sitting next to Dr. Ball is Greg Walton, who's a human rights researcher working with the Canadian Human Rights Group Rights and Democracy. He lives in Dar Essela. And sitting on the end is Drunken Master, a member of Hack to Vismo, and technical lead on the upcoming product, Peek-a-Boo-Dee. Hello. I think the first question we want to start off with is, I notice that in the discussions that we've had before this panel about what we consider hacktivism, I think the main thing is we want to straighten out what it isn't, and that it isn't any sort of cyber-terrorism or disabling computers or trying to make things harder for a repressive regime by taking down their web server. Does anyone disagree with that? Anyone? No, I mean, I think it's a good idea to make that clear right from the start. Loud yell. I think it's important to make that clear right from the start, that what we're talking about when we're talking about hacktivismo is something more constructive, something more positive. Kiss it. Okay, okay. I think it's important to make that clear right from the start that we're not talking about cyber-terrorism, we're not talking about information warfare, we're not talking about taking down the Chinese backbone. We're talking about more constructive, positive ways of dealing with human rights abuses. I think that's something we all agreed on, I mean, straight away, you know? So we've passed out copies of the hacktivismo declaration and hopefully most people have seen it or at least looked at the art. What do you guys think about the hacktivismo declaration? Well, I'm part of the group that actually wrote it, so I think it's great. But it's basically our founding declaration that the summary is the various countries around the world have signed these two documents that are mentioned in the declaration about everyone has the right to have their own opinions, to view whatever documents are out there that they want. And even though a lot of countries have signed that, they don't uphold it. And one of the program that I'm the technical lead on is called PikaBooty and it's going to basically write around any censorship on the internet. I mean, I think that one of the interesting things about this declaration is that it's come from Cult of the Dead Cow and it's in the language of a human rights group. When I was explaining to some of the human rights groups that I worked with about PikaBooty, they were like, wow, that's incredible. That would really change a lot. Who made it? Cult of the Dead Cow. And they'd be like, what? Cult of the Dead Cow? They know nothing about hacking. All they've heard about, maybe it's a few media reports from DEF CON or Cult of the Dead Cow, Alien, anal probe, intrusion, kind of stage shows or something, there's a big gulf between the hacking community and between the human rights community. That there's a kind of lack of understanding about a lot of things. And I think one thing about this document that impressed the human rights groups that read it was that it was so professional. I mean, written in their language, something that they could really understand, something really very reasonable. I think it's really valuable that you guys read this document. And let me tell you why I think that is. I agree with what Greg said. Now, my first reaction was Cult of the Dead Cow, and I read it, and I'm like, wow, it's really balanced. It's really thoughtful. It really gets at what the balances are in the trade offs in international human rights law. When we get an international instrument established, we have to get governments like Saudi Arabia to agree to it. Now, Saudi Arabia, in fact, hasn't agreed to a bunch of them, but we do have to get two-thirds of the countries in the United Nations to sign on before something becomes really useful. And to do that, it's politics. Guys, we're horse trading. And there's a lot of stuff that's in international instruments that maybe isn't as strong as everyone in this room would like, certainly not as strong as I'd like. But that's the way it is. We use what we've got, and we go forward, and we keep pushing. This document gets it. And I think when you read this document, look at the carefulness of the language. Look at the very clear things that it grants to government. It's not saying government may never look at anything of mine ever, because that's just, frankly, not the way international law is. If you've got Kitty Porn on your disc, you're host. So what we have to do is think about this in a balanced term. If not only we want the international human rights groups to get it, which Greg has said, they're going to read this, they are going to get it, they're going to like it, they're going to work for it. Hey, when we're talking about human rights, let's remember that human rights is not the right to everything we want. Let's work with those rights and then push them. If you want more, let's keep pushing. Absolutely. Keep going. No reason to stop now. We've got some momentum. We've got one of the worst bad guys ever in jail, at least in my lifetime, one of the worst guys, bad guys ever. I mean, history. Let's go with it. This is a great document. I only had one more thing and then maybe we'll open it up to a couple of quick questions unless you guys have anything else you want to bring up. So the last thing I have is we were talking before and it seems to me that if the choice were between giving 50 bucks to a human rights organization or instead donating an hour of pearl scripting, that the pearl scripting would be worth way more than the 50 bucks. Am I right? Way more. Yeah. Because you couldn't buy an hour's worth of pearl scripting for 50 bucks. So, I mean, the beauty of this is you could actually help one of these groups without ever leaving your bedroom. I mean, you could just ask you to do something. You could send them a script and that would be it. It would be entirely by email. I totally agree with that. In fact, I'm pleading and begging for a script myself. I actually do write pearl, but this one anyway. But that's, it's true that you can help human rights groups without leaving your bedroom and I think that's terrific. And I'm not suggesting necessarily that you should leave your bedroom. But I do think you should leave the world of pearl scripting for a second. For 20 minutes a month, I think you should engage this idea. If this talk has engaged you a little bit today, if hearing me talk about ways to respond to mass killing, to mass detention, to ethnic cleansing and to torture, if that rings a bell for you, stay engaged. Writing a letter for amnesty every month is not just about that guy in jail you're writing about. It's about you. It's about you understanding what's going on, keeping your enthusiasm up, keeping your solidarity going, keeping your focus on what the world's about clear. So do that for yourself. And by the way, it'll help amnesty and it may help that guy in jail. Yeah. Oh, go ahead. Oh, go ahead. I was just going to see for those of you who don't know me, I'm Death Vege of CDC. I'm Death Vege of CDC for those of you who don't know me. Anyway, we wanted to see if anyone had any questions or if we could take any questions. We have about 10 minutes. Yeah, we have about 10 minutes for questions. Anyone? You in the front. Wait, wait, wait. I'm like Montell. Are you concerned that hackers, if they take on a more active role in political campaigns around the world, will become targets of hostile governments? And what can we do to prevent that? Maybe no more than there already are. Brian. I don't think so. We use aliases in the hacker community. We know how to keep ourselves secret. I don't think that would be a problem. But it's also worthwhile thinking about who the hostile governments are. I mean, what kind of reach does a hostile government have into wherever it is you live? Sometimes that may be very significant. During the 1980s, we learned over and over again as the FBI trashed our offices that people who opposed the U.S. support for the war in El Salvador were targets and we got nailed. And if there had been hackers helping us out back then, I'm sure you guys would have been targets too. So sometimes you are going to be targets and like's just been said, you watch yourselves, use anonymity. You know how to use these tools. You wrote them. That's one thing. On the other hand, be strategic. Think about what you're doing. Be strategic. I think that's very important. I mean, do it very well. But it's an occupational hazard, I think. If you're going to be involved with taking on repressive regimes, then yeah, I mean, sure, it could be a danger, yeah. Anyone else? Hi, are you planning to make localized language versions of your Marta software? And if so, what language is? Yeah, totally. Actually, the demo runs now, and even the demo, man, runs now in English and Spanish. And that's just because it was really easy for me to translate into Spanish. We, our current language, our current target languages are include Khmer, Tamil, and Sinhala. So those are a little bit harder because that's different character sets. And so far, not all of them are unicodes. So we're going to have, there's going to be some struggle there, but we're definitely committed to a unicode solution. Okay, hang on a second. Could you tell us more about Pika Booty and ways that it will assist people in countries like China, et cetera, getting access to information? Well, I can't talk about the technical details, but let's see, I can't say that anyone around the world should be able to use it. It'll be small, it'll be, it'll be able to be run on hardware that's five years old or whatever. So. I was just wondering if you could repeat. I was just wondering if you could repeat the name of the website where you can get more information about Mardis. Yeah, sure. www.mardis.org. That's pretty straightforward. So that people know Mardis is the Greek word for witness, hence the name. All right, this may end to the people making Pika Booty. You're using some sort of a P2P network doing this thing, right? Yes. Okay, I know a few groups who really, they're a little bit concerned about the plausibility of using a peer-to-peer network for anti-censorship. I know, I've talked to a lot of people from yak.net and from Peacefire, who are just, they're a little bit skeptical. Will there be any specifications released for open commenting on a form or anything? I mean, because if you're gonna do this thing, you gotta do it right. It's going to be open source, yeah. And all of our documentation will be released when that happens, once we release it. Beforehand? I mean, if you don't do it right the first time, you have potentially people's lives on the line. Um, the, okay. One of the, oh well, I can't really discuss too much of it. I mean, you can say for sure that it's not being released today and it's gone back to the drawing board. Why, because of this, if people could lose their lives because of it, it's gotta be, it's gotta work, yeah. It's not a word processor. So yeah, and I've heard about some of these concerns. I've read some great critiques of the idea from people like, from the Yaknet and people like that. But on the other hand, you know, I think some of those concerns have been met. We do have people from security firms reviewing it. We have designed and safeguards to keep people safe. I think the concern that the last speaker, the last questioner was bringing up is that not having it open source doesn't put it, before it's released, doesn't put it out for peer review so that you can run into the problem that once it gets out there, it's like, go say, some large company that's initials on Microsoft does, then it gets out there and you suddenly find there's lots of holes in it because it hasn't had the peer review yet. That's a good point, but we will have time to test this, obviously. Well, I think the other thing is, we are talking about having it peer reviewed, but it may not be open for public review. Once it's released, there's gonna be an arms race, right? We release it, everyone gets it all at once, the good guys and the bad guys, and after that, it's gonna be a race to who can block the other faster. Well, I really admire the way that a lot of these groups speak truth to power and take the people out of power and take away their guns who violate human rights. We all know that nothing hates a vacuum more than power. And I'd like you to address what some of your efforts are to keep groups, multinational corporations, governments, from exploiting the lack of leadership in some of these countries where you take down the leadership. Well, I think taking down the leadership's a little strong. We don't usually bring governments down. Usually you're able to pull out some of the worst guys and maybe affect some structural reforms. But I think that that's actually a really interesting question and it's a strategic question that the whole human rights community has been grappling with for about 10 years since we actually started to have an impact. At the grassroots, what most groups end up doing is that after there is some significant transition, the groups lose a lot of their mandate. I mean, what were you doing? Well, God, we were all really busy. We were all really, really, really busy documenting political killings when there were dozens a month. Now that there's maybe one or two a month, what do we do? Well, what we do is democratization projects. And democratization projects have a wide variety of different mechanisms and a wider variety of effectiveness. Most of them don't have much effectiveness at all. But I think what the point is, is to figure out how we can use the networks of people that have been built to build meaningful grassroots political party structures to express yourself in democratic transitions and in a democracy. Build effective citizenship training programs in a country coming out of dictatorship. Nobody knows what it means to be the citizen of a democracy. And for democracies to work, citizens have to know that they can participate and that they can participate and that there are ways to do it. And here's how you do it. And here's how you have input. And a lot of human rights groups in this kind of transition, in particular, I'm thinking about Central American groups because those are the cases I know best in the post-transition work on these democratization projects. I think what is, well, I'll say ironic, is that a lot of the funding for democratization projects comes from USAID. But USAID has been a really big player in Central America promoting democratization. And some of the projects work. There are, in fact, all sorts of ways that people in really low-resourced communities are able to express themselves politically and bring pressure to bear and protect civil rights, which are stronger in a democracy often more relevant than the human rights they struggled for before. I think we probably have time for one or two more questions. Yeah, does anyone? I guess you can see a movement. I wanted to plug one activism project that I think also deserves mentioning. It's the Independent Media Center at ndmedia.org. Yeah! I ndymedia.org. It's basically an activist hacker media collection, democratic media generation. But I also want to ask a technical question. Maybe you guys could even comment what you think about ndmedia. But I also want to ask a technical question maybe or whatever. But why should I think, and maybe you're going to be too secretive, but why should I think about using peek-a-booty over FreeNet or something? Okay, first of all, I definitely support ndmedia. I think they're awesome. They're one of the groups that opened my eyes to a lot of things. What was the next question? FreeNet. FreeNet. FreeNet does publishing. We do sort of getting the data. So, it's the opposite end. ndmedia is great. I mean, activism obviously means more than hacking on a computer. Maybe it means over the airwaves, with video, video hacking, prior radio, these kind of things. I mean, ndmedia is fantastic. Democratic media movement, this is crucial to what we're talking about, for sure. Ditto. Okay, does anyone have any last words before we dismiss everyone? Yeah, I do. I just like to say that peek-a-booty is just one instance of this, of hacktivism, right? There's gonna be a lot more in the coming years. And I encourage everyone to get involved with either Patrick or some group where you can support human rights. I think when I came to this conference, I wasn't sure how well we would get along and everything, but we've had such a great melding of ideas. Bringing these desperate groups together has been just generating tons and tons of ideas and it's been quite an experience. So, I definitely encourage anyone who's interested to contact them. I think this is peek-a-booty and where we are now is really just the beginning of it all. It's really just the genesis of something which we can not really imagine what's coming next. But, I mean, it's a very exciting field. I'd just like to say that I'd like to just keep on hearing from people that I've been meeting over the weekend, just giving, sharing ideas and giving me technical advice on answering my questions. I mean, that's been great. I wanna really thank CDC. It was really exciting for me to get involved with these guys. I wanna echo what's been said. I think we've had a terrific meeting of the meeting of ideas. It's been really exciting. I've enjoyed being here. And I really look forward to about 24 hours more of some very intense conversation about hacking, about security, and about human rights. Thanks. So, for more information about Hack to Vismo and updates on peek-a-booty, you should check out the Coltec Cal website over the next weeks and months. And then, if you wanna talk to us after 5.30 today, we will be in the bar of the Hard Rock Hotel. You walk in the door, there's that little circular bar right in the middle, we'll be there, even if we're just hanging off with five beers. What'd you want? Well, we wanted to sum up. We wanted to end on a serious note because we're known for that. Thank you very much.