 So, welcome also from me, we are going to listen to Constanze Kurz and for those of you who don't know Constanze, she is a speaker for the Cars Communication Club. They are very instrumental in Germany for many, many things regarding data privacy and she has been expert witness to the constitutional court that finally stopped data retention first in Germany and then later on in Europe. So that's, but she's also involved in many other legal struggles and she's going to talk about a bit about this and just one statement I'd like to give in regarding that. Many of you probably know Lawrence Lessig who said code is law, right? Maybe you heard of that. What he meant by that is actually that programming determines many things in our societies and I think we've come to realize that laws and what governments do also influences very much what we can do with programming and how programming is actually used by the government, by secret services and that's kind of one of the topics that evolved especially in the last year and again Constanze has launched some actions I think so far in all of the court struggles she's been involved at she had a 100 success rate, right? So that was and I hope she continues with that and in other news she's also she's also a co-writer of very interesting books about the increasing automation that we have in our societies. The German title is Arbeitsfreie which means something like out of work like automated away, something like this and what we can expect in the next 10 years but this is not the topic of her talk now but also something she is doing and so I'm very happy to have her and give the keynote to Constanze. Yeah thank you Holger for the very warm words and you of course for the applause since I didn't even start it thank you very much. Yeah it's one year of Snowden what's next and I guess I'm happy to be back in that building as you maybe know I've been here for quite some years because the hacker community had the really largest European Congress here for quite some years and so I'm happy to be back and speaking in front of another tech community about the Snowden renovations it's going to be a mixture of of course technical topics but also questions of legalese and of course political questions because after that year of renovations and the renovations will go on of course and we have to ask some questions and we should show as a wider tech community that we care and that we don't accept the way it is and that we try to change it and I will maybe in the end of the keynote have some ideas what to do about it. Since June last year we learned more and more about American and British and other spies deep appetite for data and information and of course about economics buying and about the technology they use to collect data as well as they are hacking skills because they also pay a lot of hackers as we know now and we know that the spies systematically tap international communication on an industrial scale that's what we know and the NSA and the GCH HQ and the partner services and contractors metadata repository is capable of storing billions of transactions and events daily. So the question is is there a way to defend against an agency like the NSA with a monstrous budget and where 8500 NSA contractors have access to the data thinking about economics buying as we know now from the Guardian and other papers renovations. After more than one year of Snowden documents we have to conclude the democratic oversight system failed at each level of oversight so let's see how to fix it actually. First we need to analyze what's really going on if we want to fix it of course and I want to talk a little bit about the surveillance industry that happens to to be nowadays. There is a study of privacy international a research study of surveillance companies that offer their products nowadays. The study is a collection of what is being sold it's also a categorization of the technologies and also an explanation of what these technologies actually do, can do and cannot do and those companies as you see here worldwide they are 338 they sell different kinds of technologies for surveillance like cell phone monitoring equipment interception equipment as in hardware of course technologies for internet monitoring spyware packages that allow users to take complete control over the computers and our mobile devices they even buy cell spyware packages for law enforcement mostly or secret services that allow the user to take access to all the data and even the camera and microphones that is the status we have today it's really an industrial complex and not only monitoring filtering and censorship technologies but also passive and offensive hacking to it. Privacy international really did go to the marketplaces and to the fairs which are worldwide and took a look at the marketing brochures those companies have. We should have that in mind if we think about the Snowden revelations because there's a reason for all that's buying complex and the reason is simply money. Those companies usually do not take human rights concerns into account or think about the risk of misuse meaning that their products are used to target pro-democracy activist journalist or any political opposition in regimes or as we know from the Snowden fights no in democracies because since those technologies in the last decades were used in regimes only we now know that they are used in democracies as well and the technical tools to defend against it should not only be used in regimes but also in democracies and in the rare case that there are export restrictions because those companies mostly come from the western sphere and if one of the companies can't get any approval to export their surveillance products from one country then they simply do it from another that's the way it works today so we have on a political agenda the question to ask about export regulations of those technologies not only using it in our democracies. As it is the same for the secret services like NSA and GCHQ this surveillance industry lacks effective oversight or any form of accountability too so we have a problem that comes together with those industrial surveillance complex and the secret services. But really the start of the Snowden year at least on a worldwide scale was the prison scandal the prison program what you see here is a picture from orbit which Vanessa took and artificially you see the Facebook network plotted on that photo and I guess since the prison program mostly used social network data and made some videos and photos the scandal really emerged because most people felt that they have to care about those prison programs because everybody or at least most of the people in the western world are targeted by those mass surveillance programs. Actually I want to talk a little bit about the Pfizer decision I come to that later but most important for me is that that program already started in 2007 so we have the situation that those secret services have a social and communication graph from the whole western world with the history of some years what never happened in history of mankind actually they know the communication pattern of everybody who uses that services and all the companies you see there are cooperating but they do not do this willingly at most but they are legally obliged to do so and that's why I want to talk a little bit about the Pfizer it's a foreign foreign intelligence surveillance act because it's kind of the problem which emerged of course for those companies because this Snowden year is also really a trust crisis in not only between the state and the secret services but also in the rearm of the companies. This worldwide attention to the NSA program in the beginning it was NSA and FBI and CAA and not the British GCHQ started on June 6 last year as you maybe remember Glenn Greenwood and even MacAskill for the Guardian and Barton Gelman and Laura Poitras for the Washington Post reported on a U.S. domestic collection of foreign internet related data and they quote from a Washington Post from this June 6. The National Security Agency and the FBI are tapping directly into the central service of nine U.S. internet companies extracting audio, video, chats, photographs, emails, document and connection logs that enable analysts to track foreign targets. So it was really that's why I quoted this from the law's perspective it was really intended to target U.S. citizen not intended to target U.S. citizen but us as in European and everybody else who's not U.S. citizen or on U.S. soil and so the discussion on a political basis today in the U.S. Congress and the U.S. Senate is just about that domestic spying. It's not a question if that that form of spying or mass surveillance will end for people outside U.S. soil or non-U.S. citizen. We should keep that in mind. Presum is of course the system the internal computer system that collect this data and that is what two days later in June 8 the U.S. director of national intelligence released in a fact sheet. So what I speak about here is only what is where there's no demand from the U.S. governance side or from director of national intelligence. There are some rare cases in that year of revelations that the U.S. government said no. Here is the reporting not correct but mostly they didn't even bother to to write it amending. I want to talk a little bit about the fees that is decision because in my opinion in the public sphere is not quite clear to everybody that this form of mass surveillance is legal in the most forms because of that Pfizer foreign intelligence surveillance act. Generally speaking under that Pfizer any form of electronic surveillance is permissible if there is a probable cause to believe that the target is a foreign agent or foreign power and the primary purpose of the investigation is collection of foreign intelligence information and in section 218 of Pfizer even that requirement that foreign intelligence gathering be the primary purpose of the investigation was eliminated. Now it only requires that it be a significant purpose and this act you maybe read about it in the newspapers also established a special secret court composed of hand selected court judges to review the applications for electronic surveillance orders but this secret course hears only the government's evidence and the Pfizer court is not revealing any public information information concerning electronic surveillance with the exception of an annual report detailing only the number the request made so the secret Pfizer court is also a very silent court and this silent court and secret court have never refused a single request in its 21 year history until 2002 when the Bountessy was patriotic act became law so that is the kind of oversight we have which completely failed not speaking about the political oversight but the judges well but allowing secret tribes based on secret evidence with secret outcomes and no public scrutiny to ensure any form of fairness would be a talk on its own so I stopped talking about that that legal site now well speaking of the companies the cooperating companies then if a company like Google receives a valid Pfizer court order it has of course to deliver any information requested of course so from that beginning and it's even after a year one of the largest scandals and all those revelations they emerged in an interesting discussion about metadata you see on that picture an example this is from a Greek scandal some years ago where the whole government the president and the ministers were tapped and this is a press conference actually a picture from a press conference where they plotted from one of those surveillance software products so that you see what metadata will be will be seen at the screen of course if you have it on a computer you can interact of course with that it's just the problem is that metadata and most of that surveillance stuff is really it's abstract in a way I mean it's not really you cannot really feel the surveillance if you sit in a cafe and there's somebody really staring at you the whole time then you would maybe say stop doing that don't look at my screen don't don't listen to my phone calls but if you have that metadata discussion it's not the same as surveillance in a physical world so what's really at risk here most people don't most people don't realize but the metadata discussion goes on until now and maybe we will have a decision about that from the US Supreme Court later that year or in the next year that is possible I come back to that metadata later of course why they are interested in that metadata so much is because it's significantly easier to collect and store because of the volume of the data and it's much easier to detect any anomaly meaning anomalies and personal communication behavior like is there a person starting to communicate with each other is it maybe on it's it maybe in nighttime so you can have filters or triggers in any form to detect those anomalies and ask maybe for a special identifiers like phone number or email numbers and it's of course it's optimal for any form of automatic filtering so that metadata discussion is not over now of course in Europe metadata belongs to the data that is protected by the right privacy it's maybe not the same in the US but we will maybe see from court decision this or next year after the first revelations about the prison program and the starting metadata discussion January Keith Alexander the then director of the NSA which is of course a general because the head of the NSA is always a military guy confirmed and to public hearing of US congressional intelligence review committees that the NSA collect both domestic and international telephone call metadata from all major US carriers and maintains a database of all such codes for five years so we now know but actually that is for all the revelations that I speak about here we just know nothing really changed the ISN initiative right now in the US Congress to change some of some of those programs but actually it's just for domestic spying it's not for European let's let's say not for us the next the next step in that scandal which is the third one from or I believe that that it's one of the largest scandal is a temporal program what do you see here undersea cable a commercial undersea cable which we have today you see a little anomaly because if you would have an undersea cable today then you maybe wouldn't wouldn't choose that route from UK to New York over the ocean but that come from the telegraph lines more than 100 years ago and as the telegraph lines were invented actually they didn't know very much about the underground of the ocean so they just took a direct route and that is the reason that more than 85 percent maybe of all the connections between the European continent and the Americas goes through the British island and that's why with the temporal program the GCHQ started to be part of the scandal that is the British one of the British spy agencies GCHQ wasn't actually exaggerating when it invented the phrase mastering the internet which is the name of one of the programs has to be found in the snow and documents within those temporal program some 300 GCHQ plus 250 NSA agents have the task to analyze the data that goes of those through the undersea cables and this is this is stored up for up to three days for content and up to 30 days for metadata because the volume is of course not that high you see we we talk about a 20 petabyte that means million gigabytes in that three days and those events it's really the stuff we do every day on mobile phones and over the internet so it's not an event like a technical term but it's our communication and our emails and our photos and stuff and of course it's the same as in the prison program the cooperating companies which are not only the well-known companies like British Telecom or Verizon it's also the backbone providers because of course part of the temporal program are hardware devices and other places where as an undersea cable land on on British soil as we know most of the bits we click is batonned youtube and you porn of course and to reduce the sheer volume of the data running through the undersea cables and like peer-to-peer downloads and it's discarded of course by filters and this reduces the volume about a by by 30 percent maybe and those filters not only reducing the data volume but also a triggered by words by email addresses of phone numbers so the data stream is actually filtered categorized and then stored if it's of any interest all in all gchq and nsa which work as uh um yeah it's it's uh it's more like um it's really close working together at least in the tap power program and they use around 40 000 of those triggers to filter and analyze the data that is slow that flows over the undersea cable so we know that for a year now and the question for all the european countries and not only europe but worldwide actually is what we're going to do about it we talk about the temporal program here in europe a lot but there's also an exact duplicate of that program for the pac net which is a asian pacific undersea cable net so it's actually a worldwide undersea cable surveillance program for my opinion at least in germany the public debate it's not only germany it's it's worldwide i guess really changed when one prominent german person and her mobile phone was tapped and to me it's until now a scandal that um only this one tapping of a mobile phone which is chancellor angela merkel of course um is really a scandal in a political sphere and not the mass surveillance and the offensive hacking techniques we learn from and uh okay i see you agree and since i don't have the time to follow that chronology of that year step by step because you could really need five hours for that i just want to have a short break and tell you just in some words what happened afterwards until maybe um the end of the year because i guess uh you remember from reading the newspaper what happened in this year after june 21 where gca hq's tempora tapping fiber optic cables uh became known which was from the guardian in july we also had a attack list a target list reported by the guardian about cyber attacks that was a list of quite a lot of targets worldwide in july we also learned that the nsa is buying explicitly in asia in hong kong and they are also hacking attempts and against china and that the us hacked pacnet which is the asian pacific fiber optic and then network as i as i mentioned and not only from uh one year or two but from 2009 on in july 31 we also learned about x-key score which is a central tool the nsa uses to aggregate nearly everything from the internet as the guardian wrote in august it was just one month later and we all thought it's somehow maybe the revelation stopped we learned about even more cyber attacks by the us mostly nsa and that were 231 offensives operations even in one year and in september the first time there was really blood on the data because we learned from an article in the washington post that the nsa has ties to the us drone attack then and that metadata and content data explicitly uh were dumped into the us drone program that meaning that means that that data triggered the cah driven drone program and well the reaper and predator drone with the hellfire rocket were sent to mobile phones to deliver the bombs so actually that was not really reported in in europe very much but in the us uh it was reported from the washington post as i said um and i guess um that is a discussion we should uh we should follow closely because i think uh in this year 2014 we will have more of those connections between uh the caa drone program and the metadata and content data collection of the nsa because uh if you want to fire a hellfire rocket then you need the data to know which mobile phone to target in september we even had the first uh cyber war attack as defined by the nato uh nato uh and that was as the gchq targeted in spite on belgacom which the spiegel reported actually belgacom is uh one of the main telecom carriers in belgium and the gchq passively sniffing hacked some of the maintainers of that network and faked linked in pages to target those engineer and they had success and that is really a cyber war attack as defined by the nato uh against another nato country which is belgacom that was really interesting because that kind of attack was the first time we heard about that um we even had a in october that was in october uh second um uh location data scandal but it wasn't really reported worldwide because um the nsa collection a mass collection of us cell phone location data was only reported in english and not so much uh on the european country so we see we have also of course um not only the communication and social graph from prism but also a geolocation program which runs geolocation profiles of course um maybe i start here i mean you can read it in the newspapers and i guess as i as i took a look of all the papers i'm researching for that scandals for about a year now and some of those reports in the different newspapers not only american and european but also brazilian and asian newspapers i simply forget because all the small scandals in between really forgotten when you think about the really big scandals we have here and the lack of oversight for that mafia like um secret service complex well what we learned from that chronology and i took it on one slide because i um wanted to have in one place that's what we learned over the months these are priorities as in targets from those nsa programs as you clearly see these are the top terrorists uh we have in the world and the targets are the eu institutions and uh also the parliament 80 embassies worldwide heads of foreign governments and two from those heads we know by name that is the brazilian president rusev and and the german chancellor mackle we also have the top terrorists at the g20 meetings which were tapped and they even in the g20 meetings they even invented fake internet cafes to uh to grab the passwords of the teams of the politicians meeting at the g20 um also the opaque the world bank large companies like the brazilian petro bus so we have a list of priorities here but we have even more we also have from the revelation the national intelligence priority framework and this is a kind of matrix from that's just the part you see here and you don't have to read it i copied it uh you see it in the next slide um it's a matrix of targets as in contents what is really what kind of topics are those secret service interested and you would maybe wait for national security issues but i copied it for germany from that uh framework and what you see here uh are the targets in that framework that is cyber attack counter espionage emerging strategic technologies clearly a top terrorist problem international trade policy arms export arms control foreign policy objectives economic and financial stability so it's really uh what we learn from that year is that it's much more about economics buying than the political discussion and the discussion in the newspaper is about they always uh argue with the questions of national security but as we know from the revelations it's much more about economics buying and actually the scandals are much more about power and uh access to information than about national security if you see the ideology behind that and i i quote that from the deputy attorney general uh james call then you have that metaphor of the haystack he said if you're looking for a needle in the haystack you have to get the haystack first and what we learned from all those program uh is that the piling even more hay and what we also learned and i come to that in a minute it's pilot that that piling on mohe doesn't really help to find the needle um but before i come back to uh that ideology i want to talk a little bit about uh the dimension of what we actually fight against now and that is part of the revelations too it's a so-called black budget then um in germ most most german at least yeah most german countries you know about the budget those secret services um as in as in money or receive when we have the 19 german secret services so we know as a population what what money we spent on that um that was different in the united states so the black budget revelation was really interesting to take a look at um the u.s. national intelligence uh um budget and that is of course you see it here over 50 billion dollar a year and that is uh much more than even uh than even some of the politicians and the review committees um knew as i talk to william benny who's been here in berlin because we have that commission in the german Bundestag the nsa um we talked about that budget on a um on a podium here in berlin and he said okay that 50 billion dollar per year is not sufficient and i looked at him like what you mean not sufficient it's not that much or even more and he said it's even more because some of the secret service budgets are in uh let's say in military stuff it's it's hiding somewhere he said in his active time in the nsa the budget was already 80 billion dollar per year and he said that some years ago so it's maybe even more that meaning he he corrected that budget above uh but i was i was really staring at him at that moment because i thought 50 billion dollar was quite a lot if if you think about how many nurses uh you could pay from that or how many rockets you can send to the moon from that from that money um i'm running a little bit out of time but i'm uh i want to talk a little bit about the tailored access operation because uh most of the scandal in the public sphere talked about the mass surveillance metadata content data and the you know the little and the the larger scandals but for me as a hacker it's of course interesting uh what they do um in the tailored access operations and what kind of exploits they really have and what are the methods actually that they are using um in the snowden papers we know know that the tao tailored access operations have um has exploit against windows maker as linus and ios and some more which are unnamed and that some of those um exploits um are really zero-day exploits but most of them are known so they spent maybe quite a lot of money to to have access to those exploits and we also learned actually that the gray and black market for um computer vulnerabilities or mobile phone vulnerabilities and malware of all kinds um that that gray market is uh paid from those secret service budgets so we wouldn't even have uh that gray and black market on that large scale if they wouldn't spend that money on that they had had different methods uh within the tao operation the meaning of course back doors that's what we expected uh it was a manipulation of random number generators uh because that's a good way to weaken encryption and they had an intent of cooperation with nist nist is a standard institute uh who every uh where every 10 years a new encryption uh standards are somewhat invented i well shouldn't say invented but uh nist uh was really um releasing a press statement and in some parts uh they said yes we did cooperate um with secret services they even tried uh for that part of the data collection they had which was encrypted to get the master encryption keys with different methods and as a programs they have for that called bull run for the nsa and etcher for the gchq uh they have really 255 million a year and it's if you think about it in fact an anti-security program and it undermines of course the trust we have and the et systems we use every day that was really interesting uh to to learn about the offensive strategies uh from those um secret services they really have a lot of hackers and that they that they pay and um it's really hard to change um to change it on the on the on the ideological uh way because if you take a look at the british and the american hacker community it's quite common uh to work for some years for nsa contractors or even for the nsa itself it's maybe very different from the european habits well we heard all that and i missed a lot of revelations because i don't have time to to collect them all here uh but i want to talk a little bit about the success so what about national security and i copied this from the so-called white house panel which u.s president brahman um initiated is a commission um really run by um secret service veterans and even those secret service guy who clearly belonged to the intelligence community wrote this uh in their report um the metadata of the telemedication brings only a modest contribution to the nation's security and there has been no instance in which nsa could say with confidence that the outcome of a terror investigation would have been any different without the metadata so the stupid phrases we heard in the beginning of that scandal that all that mass surveillance explicitly metadata but also content data would help against terrorist attack is quite nonsense and we see it in the white house report and the intelligence community itself who is sitting in that commission uh stated it in its own report that was really interesting and as you maybe as you maybe know it wasn't really reported at least not in german uh you maybe know and i'm coming to the optimistic part of the talk now right yeah they also targeting a tour we know from october where the presentation the nsa presentation tour stinks um were published that uh tour is really targeting tour as an anonymizing network as you maybe know and this july uh the german ad and the züchter zeitung had a publication um that explicitly uh target users uh tour users are targeted that was really interesting because they released some of the filter routes for the deep packet inspection with the nsa and the gchq used to uh have triggers for every tour user and not only tour user but also people who search for information about tour um that was really interesting because right now tour is the only affordable and reliable technology for people in for example china or iran to communicate encrypted and anonymized with the rest of the world uh one of those tour services operated by the chaos computer club here in germany and so the data traffic to and from uh those so-called tour directory servers um is being taken into the repositories of the nsa and that was the reason that we uh fired again a criminal complaint against angela merkel ministers in germany the head of the secret services in germany and foreign secret services and mostly everybody who uh could be maybe um responsible for that because i guess um at least we don't only need political help and we need technical tools to fight against those nsa mass surveillance and especially targeted surveillance like that one but we also should use uh the laws existing and that's why we fight a criminal complaint against those aggressive surveillance uh in germany directly and we just hope that uh the general bundesanweit is the state federal prosecutor i guess hara drange um will maybe do his job and uh ask the nsa and gcsq some questions and so i'm not quite sure if this will work out but we even we even tried um i want to i want to talk a little bit and that's the last thing i want to i want to talk about um a little about other ways to defend against those mass surveillance and a quote here from gchq may more from may 2012 where the gchq um said our main concern is that references to agency practices meaning the scale of interception and deletion could lead to damaging public debate which might lead to legal challenges against the current regime and the scale of interception and retention required would be fairly likely to be challenged on article eight the right to privacy grounds and that is exactly what we did because um the article eight is part of the european human rights convention and the uk different from the u.s of course ratified uh that convention uh in 1951 so it's bounded to that convention and a big brother watch uh open rights group and uh the english pen and myself we um had a joint application to the european court of human rights in and stasberg so we try to go the legal way though i think uh we should protect ourselves on a technical way um to begin with of course um maybe in the end of july we will know a little bit more from the court because we until now we have a so-called rule 41 which means that our case is prioritized but um actually the court um although we have that fast track um i stopped the process a little bit because of the british tribunal uh which is also a secret court um on uk soil where groups like privacy international try to make a case too and so they they waited for that outcome so we just know maybe in a few days um where the case goes we just right now have um a catalog of questions for the british government and also for the german government because i'm a german citizen but um until now the german government decided to not really answer any of the questions um but i guess it's um just a legal way and we should try that and i'm really very satisfied that a lot of people thousands of people uh spent money on that cases we had in just 48 hours the 20 000 pounds we needed for that case together and little little which is five or six euro come from all all over germany and in just 48 hours we we had that the sum we needed together was i'm very proud of that and i feel um that different from the opinion you read in the newspaper people actually care and they are they they want to support that's that's our fear at least but the legal way is one thing and to put political pressure on those responsible for that but i think as a tech community first of all we should use encryption and not only use it but implement it that is what we should do in our normal working habits because we should we as a technical community should help the normal user because he will rely on us to have working encryption because the nsa mass surveillance programs uh they doesn't scale if just 10 or 15 percent of users really switch encryption on they get blinded and that's what we actually should do so so that's actually what i demand from you use encryption but not only use it but implement it and be as transparent as possible when using encryption in technologies or software you you build that is i guess to rebuild the trust that is lost that is essential for that so be as transparent as you can we should not only cut we should not only cut the budgets of the professional peeping tones but also raise the standards in general for the government to look at everyday communication data metadata content data purchase records medical records and so on because by its very nature mass surveillance is neither necessary nor proportionate because these technologies enable the violation of human rights it's a human rights issue particularly the right to privacy and also the human rights of freedom of expression so eavesdropping on that massive scale is simply not acceptable in free society so let's fight it thank you i i'm not quite sure holger are we supposed to have a question and answer i don't know i don't want to be that negative i hope you have an optimistic feeling right now two microphones you can go over there or here we have like let's say five minutes and then is this thing on yes it is thank you for these amazing insights thank you i have two questions which are actually basically one what would happen if one of these companies at some point just says no and what would happen if all these companies their CEOs come together and they make the agreement and they say no can you tell me can you do you have any insights into that well um well that is not not such a trivial question it's a really complex question actually the point is i have maybe to to remind you that law interception techniques are built into all commercial telecommunication networks by law and they have standards so called etsy standards so the technique to intercept is from a legal perspective necessary to be a commercial telecom carrier in all western countries meaning that the possibility is already there and from a legal perspective and not only the u.s companies but in many european countries too they are simply obliged to hand over the data what they could do actually is to switch on encryption to not log any content and in that way help the users a little bit what they actually do right now mostly in the us is of course write open letters because they they see um that does that that the trust crisis um is a question of economy right now in the european and asian markets because they see that mostly the cloud as a cloud um uh companies um that um well it really drops um the partners uh not even not even they don't have a lot of new contracts but they also have a second contracts uh from agent and european partners demanding from the u.s companies that they have special privacy uh contracts to the normal cloud contract and stuff and so the pressure from the economics fear to the u.s administration uh it's getting higher so maybe that that that trust crisis will be not not will be not solved in a political realm but in an economic realm we have a lot of small companies who says uh who say okay um we build all technology that way that we can't hand over data uh like in the tour network uh or other examples but really the the huge telecom carriers and internet companies they don't have a choice well it's interesting because if you step out for a moment and you look at what's happening it's basically it's the nation state an institution with an army which is very powerful of course but it's interesting to think what would actually happening be happening on the enforcement side of things if a group of these companies just agree not to participate well they actually do point is that we as users we tend to use the large companies so maybe i urge you to think more decentralized thank you hi uh we're here at the python conference um ghidl van rasen the creator of python has been working in a company that makes sure we all have our data secure our most important data secure uh for the last three years uh this company has just acquired a new member of the board of directors which is kondolisa rise one of the main supporters of massive surveillance which is working at the same company of the guy who created this beautiful language what are your thoughts about it yes uh what you're referring to is actually the so-called revolving door right is that what what you meant the so-called revolving door that that you have a lot of people who switch between companies contractors secret services and stuff that's what you mean i mean draw box i don't really get well sorry uh draw box is a company where you can keep yeah you can keep uh all your most important files uh in the cloud well ghidl van rasen is working the creator of python is working for that company for the last three years this company just uh added a new member to the board of director which is kondolisa rise one of the main supporters of master surveillance one of the one of the people who explained that is necessary to have some and now i got you of course i read it in the news um um maybe since uh at the hope hope 10 in new york um at what's known referred to that case so maybe most people are aware now well i don't have really any any any good comment on that i guess it's um not the only case i feel i think it's just something we should all think about and maybe talk to give about it thank you okay