 Well, good evening. Whoa. Is that too loud? No, who knew there? There are official people here in charge of volume There is there's the volume and there's another person in charge of quality. So we have both things covered Okay, then my name is Jonathan Zittrin and I am so pleased to be in conversation tonight with Bruce Schneier Bruce is a Kind of a really good person to introduce in the sense that he's extremely well known But not for trite reasons. It's actually hard to put a bumper sticker on Bruce and not simply because he's security conscious. I think the closest thing would be he's extremely well known for his attitudes and common sense around TSA and I believe you actually coined the phrase security security theater is mine And that's a great phrase and you can't help but enjoy every episode of security theater as you encounter it now on the way and It's also been really interesting to see Bruce's Evolution from somebody writing a canonical text and applied Critography kind of has the technical chops Then really thinking more systemically including human factors about security and again in his explanations being lucid but not Reducing in ways that immediately make good guys and bad guys and sort of simplistic Slogans and yet still again popular enough that I believe you are an internet meme Are you not oddly enough? Yes, there is an internet meme about you look up Bruce Schneier facts I have nothing to do with them Exactly, but just not now Well, it's too late You guys put these rooms in Faraday cages don't that would be an MIT thing to do Okay, and yet not because then they would hack the Faraday cage But we just rely on law to keep people honest and it doesn't work So that's a deeper problem than the ones we're going probably to talk about tonight the last time Bruce and I shared a stage I believe it was 2010 and it was for the intelligence-squared debate resolved the Cyber war threat has been greatly exaggerated grossly exaggerated grossly exaggerated It was kind of interesting was it was myself and Mark Rottenberg on one side We were the sides of yeses grossly exaggerated on the other side was Mike McConnell used to run the NSA now a Big executive was Alan Hamilton one of the people who grossly exaggerate cyber war for a living and you seems only fitting to be on that side Of the debate, you know, I actually thought it pretty easy how it present a list of gross exaggerations We'd all vote and then we'd go home It was more complicated and I actually lost that debate. It really surprised me But at the end of the hour and a half or something More and the vote was they pulled the audience in the beginning pulled the audience the end So you can think about how to game the system. Let's assume people didn't but more more people are convinced that cyber was a real threat then was grossly exaggerated and It really was thinking about that loss that really got me to understand The cyber war debate and why we lost and a lot of it was definitional. We spent most of the time arguing on the definition of cyber war and I think that is in a lot of ways the policy problem today That we don't know When cyber war starts when it ends what it looks like when it's going on and it's not just, you know, the debaters or or or Researchers, it's you know, it's policy people Don't have don't have a good definitions. So it's real hard to discuss whether the threat is exaggerated Listen, you know What the is is? And I'm gonna go on a little bit. This is I mean it used to be in the real world You would judge You would judge the threat by the weaponry right when you saw a tank driving at you You knew it was war because only governments could afford tanks But the problem in cyberspace is everyone's using the same weaponry Everyone's using DDoS attacks everyone's using exploits everyone's using expiltration They're all doing the same thing you can't look at the weapon or you can't look at the tactics and figure out who you're fighting and This is a problem right because when When you're being attacked in cyberspace you're being attacked in general You know a lot of people you can call you can call the police You can call the military you can call Homeland Security you can call your lawyers. I guess we're here Right and and the regime in which your defense operates depends on exactly two things Who's attacking you and why and when you're intact in cyberspace the exact two things you don't know are Who's attacking you and why? So you were seeing the military use a very expansive definition Because they want to you know capture the whole you know the whole gamut of the attacks where I argue very strongly for a much narrower definition and That's that is why I lost that debate. You've never heard that Well, it's because you debated better than I do no fact you didn't I was haha. I Was gonna say you lost because we hacked the vote thereby proving our side and Well more of McConnell's friends were in the audience Yes, and right and if of course that they voted no to start they but I assume they played fair Indeed well, this isn't a debate in the sense that we often I think share more Views than we disagree upon and it's also not a debate in the sense that I think we're wanting the structure of this Conversation and the one that we'll put out to the entire room Before too long as thinking allowed more than advancing some particular view and asking people to hammer upon it This really is especially given the collective brain trust. I already see in this room. This is like a group study Exercise more than it is a delivery of an academic paper or a thesis that we're then supposed to beat up upon By way of framing though, I think it is interesting first just from the remarks as you were getting into substance To already hear you using words like weapon Which already seems to me to be conceding a big part of the frame of the debate something that you see the likes of anonymous I think ironically Deploying when they talk about the low orbit ion cannon Which is I think life imitating art imitating art imitating life because the low orbit ion cannon is itself not a real cannon But I Think also, it's I hope we'll get a chance to talk about what I perceive at least as a trajectory in your own thinking from the beyond fear Phase which captured a lot of your thinking about look. It's complicated It's not like there aren't real threats, but we're often focused on exactly the wrong stuff to our detriment Hence let's get beyond fear. So what I think is shaping up to be Maybe your next book, which you haven't named it yet but as best I can tell the title might be be afraid be very afraid and It's about asymmetric threats very generally from technology not even limited to cyber and again I'm characterizing this because he'll feel free to correct my characterization in a moment But I know you have a lot of worries about the asymmetries between offense and defense and the prospect that as time goes on Our normal ways of handling things and including normal is how reasonable Technically oriented people would handle them may fall short and thereby leave us with a real dilemma About how to secure ourselves. That's at least I think where you're at on the current puzzle That's so we could start there and work back or start at the beginning and work forward That's a piece of it It is a small piece but it's something I've been wondering about for a while and I wrote it down and You know some of the comments I got was wow, you just had a really bad day Very generally very generally we accept a certain amount of of bad action in society Right the right the price of freedom is the possibility of crime We recognize that that in order to be a free society We deliberately limit what the police can do We do a bunch of things to make crime possible and there's a crime rate that we accept Like the murder rate is not zero and we wouldn't want it to be zero There's a whole lot of reasons why that would be bad and we have some We might want it to be zero But we realize that what it would take to make it so would we would not the society we want to be one of the ill effects Right. Yeah, we'd be too many false or false arrests. That'd be the whole lot of reasons why you wouldn't want that so yeah, and If you think about this the amount of damage a bad actor can do is a vaguely a function of technology I Mean that terrorists can kill X people as a function of technology one ten a hundred a thousand as the weaponry gets better a Bank robber can steal more money or steal more accounts as the amount of damage an individual bad actor can do increases The fewer bad actors we're willing to tolerate Right if assuming that effect is constant I mean we want a murder rate of X if the murderers murder ten times as many people as before Then we need one tenth of them to keep that number. I mean this is very hand-wavy and vague Which is this Justin Bruce will never be running for elective office ever. Oh god. No in fact appointed office is now seriously in question Whole lot of reasons for that So as he legalized soon as the amount of as the amount of damage increases The number of bad actors we willing to tolerate decreases and In theory you can imagine it get to the point where even one is bad even one is too much This is the weapons of mass destruction debate Right the terrorists can do so much frickin damage That we must read write every all of our laws to make sure we catch them before they do their bad thing Right no more after the fact detection response that works for murder and a lot of other crimes I mean this must be predictive policing. This must be arresting people on conspiracy I mean all of those reasons why you have these very invasive Investigative tools which is to say what used to be a spectrum on a dial of enforcement to try to scale to the nature of The problem becomes a binary choice between doom from terrorist or doom from police state Kind of you know, so my worry is now doing my best on the bumpers. No, that's good And eventually I'll do a bumper six. I like them too Eventually you get to the point Where technology becomes so great and I'm wondering this is not gonna now a general rule of civilization We could fly around apply around the galaxy if there becomes a point in any species technological Advancement where the amount of damage one lone actor can do is so devastating that it destroys society if that's the case and I'm postulating that destroying is easier than preventing destruction There will be a window in technological advancement Where one lone actor or a group of an actors can destroy society? So now what is the chance that society can get beyond that? I'm not sure. I'm optimistic about the chances Yeah, it's you know, we we tend to run a pretty wide tail bell curve around our species So that's in general the worry Now, what does that mean? I'm not sure Is it true? I mean a lot of things I wrote this to see if people can refute that well Right, maybe an argument in the last book. I spent a whole chapter arguing on the on this notion that The attackers have an inherent advantage because they're they're a first-mover They're a first move and they can react quicker. Oh, what's an example? Someone invents the motor car and the police say what a great idea and they have a a committee to study the use of a car They produce an RFP they get bids they buy a car They have a training program they figure how to use it meanwhile the bank robber says oh look new getaway vehicle Right the and we saw this on the internet, right? You know soon as the internet appears you suddenly have this new breed of cybercriminal who like emerges organically and figures out how To commit crime on the internet meanwhile the police who have been trained on Agatha Christie novels It took them what 10 years to figure out how to defend? And I'll argue in general there will be this temporal gap as Society increases I mean as technology increases where the the bad actors the lone actors the fringe actors are more agile It is interesting though your story is basically Good cops and bad robbers are on a similar baseline and then the robbers adopt enabling technology sooner It may also be a little bit The Good cops or just cops right very well resourced use that to have an advantage that they might not have in sheer numbers But use the technology to leverage it I can listen in on a conversation that you can't and then the technology has a democratizing effect that Levels the playing field but makes it so that the cops no longer have the multiplier. They were I guess either way I don't know I mean I have in other thoughts where we're seeing power use technologies to effects that we didn't imagine before and There are exceptions to this a fingerprint technology is an easy exception Right. This is a technology that benefited the police and didn't benefit the criminals at all or Really the the thing that advanced policing most probably in the last thousand years is the invention of the radio That it truly that fundamentally changed the way police work works Because no longer was a policeman alone actor in the community. He was able to radio for backup and that just changed everything Right you can argue that and I think this is also true while the the The fringe actors are more nimble the the state actors the powerful actors have have a greater multiplier Can make use of technology not faster, but once they figure it out to greater effect Right so and we're seeing that now in the government of of Syria using Facebook to spy on people or you know using technologies for surveillance whereas five years ago the only people using them effectively were the dissidents and now it's not clear Where the new balances Well, so I want to just bookmark a little bit as we go because we can put a few ideas on the table And then have a larger conversation So one idea on the table is what I kind of called be very afraid another way of describing it is Asymmetry between offense and defense. I'm an inherent optimist, so it's weird to sort of have this dystopian essay under my belt well especially because it's not just dystopian it Runs in a very different flow From a lot of your other work such as your work on digital feudalism. There's a loaded term for you In which you worry a lot about centralization of certain technological functionalities either with private actors the Googles and apples or whoever of the world or Public authorities the Syrians of the world and that's the kind of thing for which It's exactly those folks that would want to do that and encourage that centralization that would benefit from fanning the fears of the first topic You know if you want to be protected from these asymmetries come shelter your website under Amazon web services Come do your email through gmail and let us filter your spam and while we're and I by the way I think Bruce and I may be the only people in the room still using eudora Any other eudora users I saw I saw I met a pine I wasn't up my email client is older than yours Challenge, I knew there'd be pine users. I was just there's that one moment in history that we both tend to It's it's gonna be sad when we have to give up eudora because nothing else is like it I keep clicking on as many banner ads as possible just to keep it afloat Anyway, it's so that like a second cluster of thinking that you have Recently is around this sort of digital fuse I want to just give you a little space to kind of map that out and say welcome to the club of people worrying about this Actually to me this does echo the stuff that was that was in your book Which I actually had to relook at after forgetting it and re remembering it. That's a that's a blurb worth putting on the back The book so nice. I read it twice after I forgot it the first time actually not that bad The book or the blurb the blurb okay good I've been thinking a lot about about power power and power a symmetry and I see increasingly we're living in a computing world that I like into feudalism right the idea being if you pledge your allegiance to Apple and give them your email and your calendar and your address book and your photographs Your life is easy Right and they in turn I guess they promise To protect you right you can pledge your allegiance to Google In a lot of us pledged some of our allegiance to Facebook to Amazon and all these companies that are increasingly Controlling our data right as we move them onto these platforms and Controlling our end user devices Right the the era of general purpose computing seems to be fading Right Apple controls whatever what is allowed to be on your iPhone and iPad? Right we Amazon controls what could be in your Kindle and we and last year they they forcibly removed the book It was happened to be 1984 which was you couldn't write that stuff You couldn't write that stuff And I mean I like the feudal metaphor because in a lot of ways we are pawns So for example, I found this out recently that while I can that Google and Apple are two feudal lords fighting and one of the effects is that I can run Google Maps on my iPhone But not my iPad right Google and Facebook are fighting and one of the effects is that Google Reader is disappearing Hey, I mean these things are happening these companies are They're protecting us, but they're also selling us. They're using us and It is very much and I get I mean feudalist kind of half history and half Game of Thrones here You know, I really mean it as a metaphor not an exact And we are members of no house here. We are the peasant. We are the peasantry, right? We are We are we are we are collateral damage I mean dropping Google Reader is collateral damage fact that I can't get The maps on my iPad is collateral damage and if you read about historical feudalism It ended with the rise of the nation-state With things like the Magna Carta and what basically happened is a larger government said to the feudal lords look You have all of these rights. You now have to have responsibilities That that having just one is you know, it's fun for you guys, but no fun for everybody else and I I Want that metaphor to guide what we need to do on the internet. So what's the piece of Westphalia here? I'm not that detailed What I think we need I was thinking the next book is Westphalia. It's not just for him Yeah, you know, but nobody would buy that Or the people would buy it expecting something very different Yeah, I I think we need to recognize that these corporations are De facto states which now sounds like Mark Zuckerberg on at least one day he woke up and decided that was an interesting thing to say I don't know how much he stands behind I know but but I want to regulate him So he's not gonna like where I'm going. Yes, right and that We need to rein them in that that you know on the internet. There's no such thing as as a public space It's more privately owned that but but we treat these spaces. Yes, we treat these as infrastructure not as As corporations and it's more obscured by the fact that the basic market model Which is I buy something you sell to me and then we have this This Capitalistic change that that really is the base of the system Fails because we are not customers of these things we use Right. We are users. We are product. Whatever you want to call us So a lot of this is obscured So we're laying down markers here as we're laying down this marker that's roughly by your label in the realm of digital feudalism. Let me just Mention the kinds of pushback That come to this kind of argument that I'm well familiar with since I argued similar things without the same terminology In my work, it's the bumper sticker. It is And it's also from a futile ism so it has a nice double entendre going on Which you appear to need for almost any book cover don't blame me but The pushback includes an out channel Folks like the mercatus center or you know name your favorite libertarian The first objection to that is Give me a break. You're a communist. I could pass that second is We have more technological Affordances today than we had yesterday than we had last year Isn't most of your worry front-loaded to some future that hasn't at least arrived yet so there is a quality of chicken little because I Know I can't get Google Maps on my incredible iPad mini that didn't exist three years ago Talk about the glass being one million empty Sure, but it's a lot. It's a lot more than that. You know, we know that Google Collects this data. I mean I'm worried a lot about government corporate interaction We know that Google collects this data and we know that the government asked them for it I read an article I've been talking about I guess the crazy libertarians about on the gun control. You said crazy I'll I will say it again, and I will endeavor to prove it if I have to that that the reason we oppose Registering gun owners is because there'll be lists of gun owes the government used to use to confiscate guns That's the argument. I'm reading this. I'm thinking. Why does the government need to get a list? What if they just asked Google what there's asked Axiocon? And and I think we're seeing more remember when how does Google know how many gun owners there are? I'm sure I'm sure in Google's data. If you ask Google who owns guns I'm sure they give you a decent list really based on search terms based on topics discussed Based on purchasing history. I mean depends who you ask the question is and if not now when it will happen I bet it soon when will The corporate sphere just in the data they're collecting about our actions have that list Right. We know that the TSA when they were trying to do Not secure. It was secure flight was called in like oh five and oh six they wanted to use corporate data To differentially screened passengers they recognized that data that that is that we are willingly giving these these companies They could use for differential law enforcement in this case and I I Wonder if the era of the government needs to know data from us is ending I know I can imagine the IRS saying, you know, it's hard to figure out how to who to audit We're gonna go to a credit bureau We're gonna we're gonna ask them to run a differential based what they think your income is what you said your income is And we're gonna all audit people who who mismatch. This is a good idea a bad idea It might be a it might be an effective idea. I don't think it's a good idea I mean, I mean so but but it's an idea that we should discuss the possibility of before they go decide to do it without telling us Okay, but so so so good getting to sort of the question that I mean things are things are looking really good. Why are we worried? You know, we're at a point and a lot of that is the opt-out answer. You don't like it Don't do it don't carry it, but I don't that's not really possible I mean you can't not have a credit card. You can't you actually really can't not have a cell phone Can you not have an iPad? You could not have an iPad But but that your your choices are few and if the two choices don't compete on the feature you're pissed about you're stuck I mean, you can't fly, you know more secure airways You run a background check and everybody or less secure airways We you know hand you a knife when you get on board. I mean you You don't have that ability Right all cell phone plans are the market has not spoken Or or at least the few sellers in the market have decided not to speak on that issue And it might just be some one-time flyers That right that mean there isn't a a Facebook that won't collect your data which is an interesting puzzle by the way why I don't maybe we should just do a quick market test Although there's obviously selection bias and who chose to come tonight, but how many people would be? How many people are Facebook users? All right, let the record show a lot How many people are a little queasy about Facebook? The record shows more? and How many people would be okay with paying? $5 a month and in exchange Facebook will do zip With any data it collects it expunges it as it has it and offers you six bucks. We're gonna run an auction now Just five bucks as a as a how many people would pay by now? Why is that all right first of all very I'd say a maybe 20% of the hands went up because you asked a question wrong Oh, the question is how many of you willing to pay five bucks to be in a non-intrusive Facebook? When all of your other friends are on Facebook, that's the problem. It's the network effect If you're not on Facebook, you don't get invited to parties you don't get dates You don't get ladies these folks are on Facebook and they're not wanting to pay the five bucks Whether they're on it because they feel they have to be on it or they're on it because they like it anyway They're not willing to pay the five bucks for the most part sure and some are some aren't the problem And then probably have a lot of these systems is is they accrete? You know, we're on Facebook. I happen not to me, but I'm a crime on the Yudhura using freak wait who my friends with then You know, I honestly I get it's gonna turn out to be Chuck Norris I get email I get I get email from people thanking me for putting them on Twitter. I'm not on Twitter So I don't know who your friends with This does seem poor security doesn't it? Dispoofing it's only so much I can do but now This leads to the other I think main objection although we may hear more shortly on this riff of Mark doesn't like what I have to say because I say I want to regulate them a big part of your objection to these loci of Concentrations of data is that it's very easy for the government to get it and yet here you are saying let's have the government come in and regulate these guys When's the last time the government came in in this space and did something you thought improved the situation in this space? But I mean so I you have to take a long-term view, right? I mean This is the only quote we shouldn't tell the senators. It's a bill about the internet till the very end Longer term longer term the the quote that lets me survive in this world is Martin Luther King The arc of history is long but bends towards justice Might be a hundred years ago half of us in this room couldn't vote My 200 years ago a bunch of us were slaves. I mean in the long term Assuming my my dystopian vision doesn't happen Governments will do the right thing How long do we have to wait to do the Facebook regulation you might have to wait 20 years you might have to wait a generation You might have to do you have so we haven't even regulated Friendster yet, but it's like let's keep on Let's see how this thing shakes out law. It's okay. You mean short term. I'm actually very pessimistic I mean, I don't think it's I don't think government can Pass a good law at this point. So you're called to testify Mr.. Schneier should we get into the business of protecting the defenseless American public From these economic engines called Facebook and Google and everything should we get into this or should we just keep on walking for 20 years What's your answer? You guys you money grubbing senatorial morons. You shouldn't do anything. I definitely not confirmable Right, I mean we're living in a world with a very dysfunctional government This is another one of my threats that that that power is now using itself to increase power So while in the near term, I have actually no hope for me I mean, I mean I think the update the computer for an abuse act would be a disaster because I can't imagine them making it better I Love it to make it better, but I can't imagine it happening. I'm terrified that they'll get their hands That's the case. I just want to pin you down for a moment here. I'm slippery I know it so you have a theoretical answer that says there ought to be right some regulatory Muscle that could be but not always is Flexed that answers to something other than a market that answers to a polity to deal with certain market failures. You've identified But in the real world at least for the next 19 and a half years You ain't gonna see it or it's gonna kick in the wrong direction probably in which case what should we do right now? I Don't know. I mean and and and I I Don't know if there's an answer. You know a lot of ways. Oh, well, you're screwed I mean, we mean what what do we do? What do we do in the face of of a government? I mean the US government that that doesn't even follow its own law Yes, with respect to data collection and data retention and data use that that carves exceptions into its laws, right? I mean, we've learned recently that the FBI has been for the past over the over the decade running fake cell towers for surveillance Almost certainly against law Right me NSA is eavesdropping We're pretty sure that the the DHS has collected the financial records of everybody under a national security letter I mean, they mean these things that are happening are you know, I'm sense pretty abhorrent and You know on the other hand, I mean what we all we can do is keep up keep fighting Last week and I've tends to a few people I've talked to I don't know if people read Glenn Greenwald He wrote a really nice essay on gay marriage where he said it was one of those uplifting things I've read in the in years. He said, you know, look at what's gone on We have for years been been fighting an issue that we had no hope of winning and In the space of three months what the hell happened it all turned around Whereas it's now it seems that winning is inevitable Look don't give up which was his his his moral which is more general that his moral was that about that in Guantanamo And all the other things he yes, he argues about I Don't know. I have to believe that sooner or later. Yes You know, and we've got people working. I mean well once Larry Lessig solves the money problem. I'm in So, you know, I'm just counting him a count on him just to be like a month ahead with the solution Yes, and as long as that happens. Yes, we're good internet question mark question mark question mark Lessig profit Somebody needs to alert him, but this is progress now. You mentioned Glenn Greenwald That's not a bad segue because Glenn was one of the people who had been identified as An ally of sorts conspirator ally yeah to to something and Anonymous in turn managed to hack HB Gary federal one of the be afraid be very afraid write us a check profit no question mark there and Anonymous was able to completely Own them get all of their internal corporate email Including PowerPoint decks where they made their sales pitches to the likes of Bank of America and where they proposed a dirty Tricks campaign against Glenn Greenwald and others. Yes, and others and I'm just curious I'm curious. I know that you have thoughts about leaks and their value in a society But I'm curious to really think about the function of something like anonymous It feels like a powerful entity That has the feature of not being harnessed to right traditional forces that may be not great But it's also not the harness to anything. How do you think about that? There's a lot to be said about about non-state actors There's a lot to be said about that that whole whole escapade. It's you know, we're living in a world where a bunch of hackers can you know drop a company and And and later than a few a few months later, and this this made the news less anonymous Told NATO not to mess with it We're living in a world where a bunch of guys can threaten NATO I thought you were kind of thinking it's interesting because I've also I think waiting against North Korea So your time has come I Thought you were gonna bring up that anonymous had a war within itself And there was a moment if you I if you went to it one of anonymous's main pages. It said there's a guy Who used to be us who compromised our server until further notice don't visit our website anymore You might get owned and at that point I was just like the center cannot hold Yeah, I don't know who the Falcon and the Falconer is Anonymous is like a lot of movements that that are that are given you know we we as a species like organization So we tend to assume the our enemies organized Reminds me of the way the Black Panthers were treated in the 60s The way al-Qaeda was treated 10 years ago that we assume that was this organization You know with with roles and then hierarchies in an org chart and you drew a salary and got benefits But in all those cases it tends to be Random people who pick up the banner and say I'm al-Qaeda. I'm anonymous. I'm this and Maybe they're loosely connected. Maybe they're ideological connected. Maybe they're just using the name and it's a lot more diffuse so there You know, there really isn't an an anonymous There are the people who today have done things and said hey look we're anonymous and what's but what's your thinking around that? phenomenon I Think the the rise of non-state actors is really interesting that they can do Real damage. I mean, it's this will be called the next cyber war, but you know, it's not it's a bunch of guys There's another thought that came out of my head It's it was a non-state actors. It's their power not being tied to a population makes them much more random and I lost it. Oh, well, it'll come back I'll share some of my thinking about it, which is There's a paper that talks about an arrangement reached in the American Antebellum North and South between Political elites about a very contentious issue at the time the return of fugitive slaves and the North agreed To return fugitive slaves in order to keep the larger peace, right? And it turned out that the North couldn't deliver Because there wasn't professionalized law enforcement the way there is today and in order to get pretty much anything done in the law enforcement Context like return to fugitive slave you had to convene a posse Which was to say I asked the citizenry to come help and the citizenry was gonna be shampooing their cat that day like they were not interested in Doing that and it was an interesting way of applying a template that perhaps subsists or persists only now in the tradition of the jury Where before you can just put somebody away you get 12 citizens good and true or however many and have them be the last ones to weigh in on this and That is less and less needed as Enforcement becomes more push button We see it with anything ranging from YouTube takedowns to surveillance to et cetera You don't need the posse anymore, and I'm wondering is the rise of something like anonymous in many counterparts a reintroduction of actually having to get a Good portion of the polity in line with something for it to actually happen in the world Or is it something else? No, I think that they are One of the first examples that we've seen of what civil disobedience looks like in the Internet age What what it did what it means to protest what a what a sit-in looks like what what a picket line looks like what what? And do you have a view by the way on DDoS? Is it sit-in and should be treated as such a stallman would say or is it? Drucking information remember I said in the beginning. Yeah, I mean it used to be you can tell by the weaponry now You can't so a DDoS is either it's been used for extortion in Happens tends to happen most on fringe industries offshore online gambling online gaming online porn. There is DDoS extortion It is used for for for causing damage. It is used as protest It is used because schools out and we're bored You know so it's used for all of these things actually there are cases a few years ago the Victoria's secret secret website went down not because of a DDoS attack But because of a lot of people wanted to see the pictures But you couldn't tell the difference not exactly this just in Right, but you can't tell the difference if you were on the receiving end. You can't tell the difference so Anonymous Largely, I believe engaged in legitimate civil disobedience and should be treated that way Not because of less because of what they did and because of who they are and why they did it so and I mean this is hard in the real world we tend to have Not different laws, but different expectations around civil disobedience So you know that you'll get arrested and you'll you know You'll you may send a few hours in jail and this is all part of of what we do But of course anonymous if it's true to its name wants the impact of civil disobedience without the part of civil disobedience where you go to jail Unfairness going to jail for 40 years for something wasn't in the cards that a counter sit in right because in in the u.s At least we are and I think we're doing this because of corporate pressure classifying all of this as You know these these horrible Crimes against the internet and and we we are really exaggerating what these are So I would want to remain anonymous too We really don't have an agreement Among all of us of what a valid protest is they mean defacing a website Right could easily be you know I mean you remember Greenpeace and they they throw a banner on on a on a smoke stack I mean that that's the equivalent of defacing a website you you you make us public statement that those Who are or it's a picket line you make a statement that those who are going to where whatever it is You're protesting have to see it have to interact with it You know, but it's but if you do it on the net you are a cyber criminal and and you get a Really exaggerated sentence. I mean you bunches of examples and if you're a view though I just want to dwell on this for one moment if somebody Manages online to disrupt things not just in a Expressive kind of way vandalism is almost the easiest case for online protest. It's the graffiti kind of right But manages to do so in a way that you know PayPal or Mastercard not just the brochure front page But the actual functionality the API is not working for a while and a bunch of commerce grinds to a halt You're saying in your view the motive of such an attack would be material to you in wanting to figure out How to treat it that feels in in line with with with the way law works We do look at at motive, you know acts at a homicide versus murder Well in this case, it's intentional homicide, but one was for a cause and the other was for money Okay, so so so it's less Sorry Indeed, right, so I think I think motive actually does matter. I mean I think and I think it matters in all in all crimes Man, I've always I've always wondered why you can be tried for murder over here with these horrible penalties and attempt to murder for here with much Lift your penalties based on like something as weird as how good your aim is Does that make any sense? I mean it makes no sense to me. It seems like if that's what you wanted to do Why should like or maybe how much the wind was blowing or? How lucky, you know, I mean why should your penalty be based on factors that have nothing to do with intent? Now I'm not an attorney So it's probably good re is because I mean certainly it's easier to measure the effects than the attempts, right? So I mean my guess is that as we invent law We could do the hard thing, but it's way easier to do the easy thing and just hope it Puzzles you on the negative. I wonder how much it puzzles you on the positive Because should we give a Nobel Prize for an effort like flog a stun? I'm sorry It didn't pan out, but there's a lot of work to it and that was pretty genius. It just wasn't true But there's a there's a difference there because there you actually are awarding a result You're not awarding You're not passing. I mean you could give you can be funny if somebody Accidentally cured cancer and won the Nobel Prize and the speech was just like it can happen to you, too Is it'll be like the Beverly hillbillies of science? Yes, that's right Black DNA gold that would and that would make a great Caltech T That would make a great sitcom because now he's faculty at Harvard doesn't know a thing and he's got a teach and Wow a less unusual situation than you would think but so I feel like we should open it up and To do so and it's being recorded. I think it's not going on live, but it will be produced at your hearing We should see is there a at least one hand held so that there won't be the annoying Phenomenon of questions are asked, but the multitudes who watch it later don't so let's just let these handhelds find Repose and I guess my only suggestion aside from the usual try not to speak unduly long is I'm happy to try to engender a conversation more than a ping-pong back and forth So we'll weigh in when we're moved, but let's have a conversation. So here's a hand Here's a hand here are mics and also feel free to say who you are or not because it's being recorded Hi, Daniel Dern. I see enough scenarios here that we don't have the week to talk about it But on one hand, you know Bruce you go to a restaurant You get ready to your hamburger comes and then the guy at the register says, I'm sorry, mr. Schneyer But the restaurant computer refuses to sell you another hamburger this week Because you you know because your medical records say that's all you're allowed until next Thursday on the other hand Somewhere in the basement of the FBI. There's a big master switch that says all cars except ours Stop you know cruise cruise to a safe stop and don't move Or even which is the more terrifying scenario Or even United or even the government says all network routing devices must use our code You know etc and we're not telling you what's in it like China is trying to do I mean, right? That's not even that's not even theoretical. So I'm I have to choose And I gotta say Bruce does run a semi-annual movie plot contest It's true So you're already you got two entries going there and I as I understand the rules It's to come up with as scary and yet realistic a plot as possible But one for which there's no cognizable Specific policy that the government could do that it was a movie So the phrase movie plot threat I coined to be and you see these these overly specific scare stories you'll hear In an effort to to make you afraid that you are like a great showtime series overly specific scare stories Well, but but you remember them Remember the terrorists with scuba gear the terrorists with all men acts. I mean all of those sorts of You know, they make great movie plots But you don't want to craft policy around them yet Those are and when I first did the contest I I got email from saying oh my god, how could you give the terrorist ideas? Like people actually thought that the hard part of terrorism was the idea that once you told them Look, you can you can bomb a dam. They'd say god, why didn't I think of that and run off and do it? So just on that one point for a moment There is I don't know how many people remember this but back in the day there was that movie independence day They're making a sequel. They're making a sequel arbor day They're just going down the whole federal holiday calendar And the british internationalized counterpart bank holiday bank holiday too Anyhow, I'm now confusing myself with what my question was independence day the trailer came out And that trailer featured the white house being blown to bits And I don't know how many people happened to have remembered being in the theater the first time You saw that trailer. I at least remember feeling like whoa That was intense And the reaction of the rest of the theater was kind of a stunned silence Even though there have been plenty of B movies that show Godzilla tearing cities apart and Even within the cycle of that trailer By the time it was getting stale people were laughing at it And of course now I think there are two movies being released this week Which is like the white house blows up even more And there is maybe something I wonder About making certain things more thinkable not by a contest on a blog But by making mainstream certain acts I think so I want to address the uh the original that the hamburger. Yes Basically what we're saying is do we want the government to regulate our choices? That's the question and We do all the time right the the pharmaceuticals you can buy Uh that hamburger, you know can't have more than there's some amount of bug parts that are allowed and some that are too much It's not Right Yeah, okay seems awfully hard to buy it if people can't sell it, but okay. I'm not I'm not sure there's there might be I mean, okay, then on the on the take take drugs on the prescription side You know some people can buy this pharmaceutical the rest of us can't because there's a mechanism by which you can you can get it We as society I mean there's a long rift here I I think you can make a reasonable argument that modern advertising is an unfair trade practice That it is no longer A seller informing a potential buyer of the virtues of his product and it's now deliberate psychological manipulation At I can't think of any other reason. I'm buying most of the stuff I buy So working backwards. I can't be to blame. So, I mean, I mean Along with my riff on on libertarianism is completely wrong Is the notion that and there's a lot of psychological studies to back this up that the point of sale is a terrible place to gauge preferences That that we know That on the long term people want to eat better on the short term man, that hamburger looks good I mean, I ate one of those damn cheque cheques mix bags when I came in here Now I would have been way happier if this session sponsored by cheques Right, I would have been way had I mean, this is why we have this is why we we've adopted term limits Right, please pass a law to prevent me from exercising my preferences Right, but that is a truly wacky thing Let me interject right here because this so nicely fits into your earlier riff About facebook and google are kind of you can't just say it's market They're kind of have an advantage and that's why government should come in so the analogy here would be One reason they might not sell you the hamburgers because you signed up ahead of time and said no matter what I do Right, please stop me. Yeah, you're the other reason might be some bloombergian sunsteenian nudge or something Where they are actually doing their best to remind you of the kind of commitments you want or the burgers have to be served with Blue buns and they may get less escalant that way whatever it is But that's an example of the government intervening to save us From the market right because so I who's worse in this circumstance bloomberg or big gulp Well, but so we these manipulations are happening. I mean in your grocery store store Products are paying for eye level placement ones that don't pay get high or low Those big gulps were were designed for you to so if the government intervenes to Someone's intervening someone's intervening. Yeah intervention is happening. We can't we can either say no intervention Which maybe we can do or we can try And and this is where I have troubled solutions But my guess is that solutions will be the multiple distrustful parties Each keeping you guys on and check So do we want government intervention to limit corporate intervention? Yeah, and I think some solution will have a corporate component a government component an NGO component That everybody will be sort of keeping an eye on everybody else uh Of course this could fail. I mean, I thought this is the way the u.s. Government was supposed to work but post 9 11 Everybody fell down on the job right the the you know congress wouldn't wouldn't keep the president in check The court said I don't need you can keep me out of this I But in theory that's the sort of system. I want to work Well at the very least it means one can retreat to we really need a self conscious dialogue about what kinds of forces You know that at least it's not much but it's something I'm a big fan of of this of the susting nudges because then Even though they are manipulation, but but the manipulation is happening anyway I mean this is this is my unfair trade practice's argument that that We're being manipulated for profit. I mean Maybe it's not that bad to be manipulated for benevolence. Yeah Now the question is of course who decides what benevolence is I mean, there's a lot there's a lot of devil in the details But there's a whole lot of devil if you don't do these details Well as was promised, this is a week's worth of stuff Is there anything you want to say about the fbi turning off all our cars? Which when I put it that way makes it sound absurd But in fact, no, but you know the more the devices are tethered the more a government can ask You want to say something about that before and and and we've seen requests for that You know in the event of a terrorist emergency can the government shut off the internet? I mean this is being asked the cars is going to be Driverless cars high-speed chase. We need the ability to turn off cars on this highway for the safety of everybody I mean you can you can see how that could make sense right or at least how that would be requested Yeah, but internet kill switch has been debated. I mean that's fundamentally crazy for a whole lot of other reasons You know I should say in fairness the at the time it was debated the senators pushing the bill that was said to contain it Said this bill doesn't contain that in fact the government has long since had that authority Since amendments to the communications act made in the wake of pearl harbor. So um There is I think I missed the internet provision and that was passed in the 40s. It's yeah Um, so we should keep the conversation going if the mics found another home. How about over here? So this is not my opinion in particular But I've been exposed to the opinion by people in this computer security community That the way in which to deal with these sorts of problems is that rather than Is that everybody should be responsible for their own information technology security that everybody should learn the skill set in full And that if you don't learn the skill set that it's your own problem Dan gear is one of the people who's talked about an internet driver's license The problem is it's it's actually not only your problem. You know, we are we are too interconnected I mean if you think of didos attacks and bots your security Is very directly a function of whether my mother remembers to turn her firewall back on Because if she doesn't there are more insecure computers Being used for more but I guess one question there is how much low-hanging fruit is there in trying to get grandma to turn on the firewall Of all the things that make security hard Is there Some space comparatively to try to make user education. I'm not a big fan of user education I think user education is a cop out I think user education is a cop out when computer security people like me design crap systems I mean you get these you get these warnings, right? You see them on your computer Complex security thing blah blah blah blah. Do you want to hear? Yes. No, and you what you read is blah blah blah blah Make this but make this dialogue box go away That's what you read and you click would you like to continue with what you're doing, right? Okay, or would you like me to stop annoying you? You know it is it is rare That the user can make a better decision. I can't wait for the firefox plugin called. Yes, man That just answers all dialogue boxes. Okay Yeah I'm patenting that You know so so I I want systems that are robust enough to deal with an uneducated user I mean I we can't legitimately say You have to you know, you you need to pass a skill test to use the internet We it'll be real hard to turn it into something like driving a car And I'm not sure we want so right now just uh share with us Your best conception of the process of a user checking email From a server whoever the provider might be what would be the best practice using today's technology So that the email provider could make it as secure as possible without the user having to be anybody other than grandma You know what we have today is mostly good You know, I I like seeing the additional authentication mechanisms. I like seeing the backup authentication mechanisms improved You know, it's it's not a lot So you don't see anything out there that isn't already kind of working its way in and this is this is a surprise This is a surprise really from your when it was your book when I read your book You made a really good point that that openness is so much better And that that a closed system will be rejected And I believe that too and we got it wrong people love the iphone And iphone is a very close iphone is giving you more security because they regulate What goes on that platform? right and It turns out much to my annoyance That people like that and this is the problem with the feudal metaphor we we we We like these feudal systems Because my mother does a way better job with her photos on flicker It's really better for her to be on gmail. It's better for her Her calderner dress book. She loses her phone. She gets a new one pushes a button. It all appears magically right for the average user This feudal trade-off isn't that bad I'd like it to be worse, but it turns out not to be Right because the cost my mother is paying Is largely invisible It's largely long term Right it's it's it's the long solely the dimension of security against third party attack It may well be more secure for almost certainly is but but even against the thing one more worry about I'm what I'm worried about the third party attack is she making a mistake Right, you know, you make a mistake and you lose your photos. You lose your email Your hard drive no longer works. It's robust against The naive user which is really valuable Yes, because if we want an internet to be socially useful, it has to be technologically easy Ethan Zuckerman Hi guys, I wanted to return to this idea of the asymmetric attack And the notion that the bad guys get way ahead of the good guys And what this makes us think about open and closed environments And Bruce I was working on my entry for the movie plot and I put together two current events One current event was this strange little paper Where someone claims that they infected a hundred thousand cable set-top boxes And use them to make a map of the internet hard to verify But a fairly convincing paper Suggesting that someone built a little worm that was capable of getting into Many many many many set-top boxes and roughly at the same time a really big d uh d dos attack Using dns amplification, which we've all known about for a very long time But swamping spam house our friends and sometimes enemies who try to knock out internet spam Under 300 gigabits per second of traffic a level that many of us thought was Kind of unfeasible for those things You put the two of those together and you suddenly have a scenario in which everyone's cable box Compromised becomes part of a giant d dos network hitting dns and knocking out servers and and for the first time You have to have a broadcast fake news. Then you've got a really good james bond plot. So so that's not already happening for the first time People would not notice people might not notice for the first time in all of this I found myself sort of looking at this and going Maybe i'm actually scared about this. Maybe i've actually hit the point Where these open systems that for years we've known are riddled with holes because we are idiots about security But we are so resilient because we share information very quickly. We adapt so and so forth I find myself wondering if we're hitting a point We're not just on the consumer devices where I think you're absolutely right Bruce that that people in many cases are Preferring the safer environments whether we're going to hit this point on the actual core net Do we think that we might be reaching a tipping point on this is that part of what's reflected In you writing something that's significantly depressing and the follow-up to this is Is this going to shake zit train at all on this who thus far has been really good about sort of coming back and saying Yeah, in general, we're willing to trade a lot to make sure that we have the openness out there And so far it hasn't been this in the but is this finally the time we get So I think me that's a good example So and my worry is is really that the fear of these things will lead the actuality May this whole weapons of mass destruction debate is largely a fear debate the cyborg debate is largely a fear debate These are not based on realistic threats But you know that 10 20 30 years they likely will be I'm afraid you have a point um I find myself wanting to say especially when I ran into that spam house situation I find myself wanting to say yes, this is exactly what I predicted Because my book wasn't Things are great except people are paranoid and the paranoia is going to destroy us. That was not The theme it was Things may be great now But the better they get the higher the stakes are for somebody to find value in making it worse And unless we come up with a Defense to it that is constructed along the lines of what made it great to begin with namely a distributed civic defense For a distributed civic network The most obvious defense when the trolls come is going to be a centralized response a militarized response And that's bad. So I think that fits the template in the sense of People are a little bit kind of asleep at the switch or a collective action problem There ought to be ways and there have been ways suggested to secure border gateway protocol to secure dns service and dns servers Because each of those cable boxes contains a dns resolver. Who knew that is a public proxy like what? So these are the kinds of things that either might be so specific a movie plot But it's hard to go just closing doors after horses leave but that Actually had been long anticipated And if the community that has roughly existed To build this distributed collective hallucination to begin with could come up with the distributed defense of it So far the way wikipedia has managed to do with the content layer a distributed content generation system That contains its own defense not just against garden variety and accuracy But against every page being turned into an ad for a rolex watch, which you can guarantee is being attempted as we speak That gives me hope. I just worry that the paranoia generated by the very real dangers Represented by that incident. We'll have us just say we've got to send the marines somewhere And I I agree with a paranoia worry. I mean any solution is going to look like some form of resilience And whether it's I mean the wikipedia distributed type of resilience Whether it's something built into the internet, you know, there'll be different different aspects of it But in a world I mean We're seeing people today calling the cyber to cyber threats an existential threat to humanity Those words are being used by actual policymakers That is fundamentally a crazy thing to say But You know getting past that Is going to be a realization That you know 9 11 You know the the the existential threat was not this terrorist attack was a reaction to it that if if we have a If we come from not from fear, but from indomibility I mean imagine if that's what you know president bush got up and said Yes, this is horrible. Yes, we have them. Yes, we're gonna We're going to achieve justice, but our country is better than this We're not gonna, you know The things they killed us for are not we're not going to change because they tried I mean those sorts of of ways And I think that rhetoric makes a huge difference But see up to the minute bruce schneyer who worries about asymmetric offense says we have an existential threat We said in the beginning. This is not a consistent talk. Yes Well, it isn't it isn't It's my Cheap shot. I'm sorry Other mics. Yes back here. Hi. I'm gilly. I'm a senior at the college here in a former bergton So it seemed that the most pragmatic solution we have come up with thus far is to start a discussion Um, so I want to ask about how to frame that discussion I think that the role of metaphors has sort of come up here and and we talked about war as a metaphor and it's sort of Both a conflation of the threat and the use of notions from national security and then another thing that bruce seems to support to me is the public health metaphor in a sense, you know, the Bloomberg intervention and the sort of making sure grandma turns on the the firewall again Um, are there any other metaphors we should be considering and should we be aware of these metaphors and what they imply and I mean, I think the metaphors are extraordinarily important I mean, I mean just taking the the cyber war metaphor when you use the word more war You invoke a certain solution space right right things certain things that wouldn't be considered Are reasonable when you're at war Uh for for these type of cyber attacks. I much prefer a police metaphor actually for terrorism I much prefer a police metaphor I think it's more accurate and I think that we as a people Would make better trade-offs right, you know when it's war when the NSA goes to you and says, you know, can I eavesdrop on every phone call? Well, you don't say where's you weren't you say, okay, you know put the stuff in the closet They don't tell anybody and that's because you're thinking is war So, you know, I find the war metaphor dangerous I I like a public I think a public health model I think actually I think biological metaphors are in general Useful for the internet that there's a lot of analog. I mean not the least of is viruses And it's funny. I was trying to see that go back. We're starting to see The the term virus came from health We're starting to see these ways that we're thinking about computer viruses going back into the medical community And they're using some of the tools we've developed for computer viruses to look at the spread of actual biological viruses Uh, right the the metaphor of how the Internet the Internet the stateless versus stateful Not not not from a finite state, but before a government perspective I mean the the metaphor of the 90s remember that the the Internet is outside of any nation state Right is turning out to be not true at all And there's more censorship than ever and and then now where there's a rise in that That's called the cyber sovereignty movement, which terrifies all of us Right where countries are saying look, you know the all of Every piece of the internet is in somebody's border and the ones that are in my border I get to control right in the eye. This is the itu getting involved Uh, a lot of this I think you fight on the level of metaphor. You get the right metaphor magical things happen It it really frames the debate these debates are hard. They're technical. They're confusing And the metaphors matter an enormous amount But what it's worth the metaphor. I'm most uh intrigued by these days is mutual aid and if I'm in a Military environment, I'll call it a NATO for cyberspace, but elsewhere. It's mutual aid That tries to push against the idea of I wrote my check Give me internet and if there's a problem with it. It's a customer service issue That a lot of what built it was a form of mutuality and there may be useful ways For people to be able to help one another with cycles and bandwidth with Expertise and even at the content layer In times of real crisis that is it a good thing To imagine should something happen natural disaster or otherwise Uh, my 3g goes down My wi-fi isn't going anywhere I'm stuck But what if my phone were a two-way radio that could talk to every other two-way radio in the room And what if my facebook credentials were cached and I could then say or any of my facebook friends in this ad hoc network And if they are I'd like to send them a message And is there anybody on the network that has a pre-cached root certificate that says i'm from the government and i'm here to help Because I'd like some help Those are examples to me Of mutual aid and action. It's not a solution to every problem, but it tends to be overlooked Because it isn't all that helpful in many other public safety defense operations That the other metaphors tend to invoke. I like to like infrastructure metaphors Yeah, but sun had the the idea of the internet dial tone. I kind of like that And I think there's something to be said for starting to realize that the internet is Infrastructure is a utility is not You know is not optional. It's like water. It's like power I think that's valuable I mean there I Be british telecom had a great slogan a couple of years ago Called innovation at the speed of life Now they meant it to mean going really fast and I thought of it and said wouldn't it be neat to have it slow down like that? I'm thinking about the cereal Okay, so uh Why don't we take a few more questions? We only have 14 minutes left. So my suggestion Is that we take some thoughts and they're going to pile up and be specific, but uh, bruce has a pen He's going to write some stuff down. I just want to get some more voices in As we go so please I'm less concerned about threats from the internet to humans, but threats from humans to the internet Um, and if you look at war war two or war one, uh, where you had, you know, a global scale conflict you saw, um Letters sort of being smuggled across borders and there was some communication was possible, but it was extremely limited I'm curious what, um, if the internet can exist post a global scale conflict where nations are rebuilding their networks Um, and whether the internet can exist during a global scale conflict and uh, what your thoughts on that are Uh, let's take some other questions wherever the mics happen to be This may I realize favor people on the periphery, but yes, I'm eric. I'm a student um, so you mentioned that Speaking about anonymous that we're going to call it the next cyber war, but it's not it's just a bunch of random guys Um, and yet your emphasis on the asymmetry of attack and defense seems to run against the idea that war can't be about random guys And I just like some comments on that Got it. I was going to ask you about government policy too, but we'll let you succeed Where's the other mic? Yep. I was going to suggest that the reason you got a tepid response to would you pay $60 for a A less data collecting facebook is that it would be a less useful facebook You would be losing all of the people who like x also like y suggestions that people tend to actually like getting Facebook comes back and says for you we'll still keep that for your five bucks. Would that get your hand up? But it In other words, you think what you hate is also what you like In in general people tend to like the primary uses everyone likes amazon suggesting books They like based on the books they bought would people tend to dislike are the secondary uses That amazon then sells that data to somebody else and it propagates out We tend to be okay with the immediate recommender systems and and the immediate systems. Although it is interesting to imagine those applied to people Suggesting well people who like this will like this other person, especially in a real environment rather than just facebook And that is yeah getting really close people who attended this lecture might like to attend the lecture next week Yeah Where are the other mics are they yep um On the subject of anonymous i'm just wondering how much you think anonymous is sort of a reaction to A loss of faith in the government for example with wiki leaks people who supported wiki leaks didn't have really a Standard way of aiding the within the system. It wasn't like the fbi was standing up and saying well wiki leaks may or may not be legal But we're going to hunt down these people who are doing ddos on wiki leaks So anonymous is sort of people who said well our only option is to go Ddos other people and then we can sort of defend i guess this is the batman theory of Yeah, yes the times call for the person. Is the other mic floating around somewhere All right There uh, sorry Yeah, um to go back to the feudal metaphor of my name's hal hodson to go back to the feudal metaphor briefly Um, I guess the feudal system became bad when people started getting hurt And you could kind of imagine that at the beginning it was rather nice Kind of like at the beginning episode one. Yeah You can kind of imagine the beginning google was rather nice and it was so what what's the the internet company equivalent of You know killing peasants because you don't you know because you're pissed off like what's what's going to happen What what are the damage equivalents for internet companies of the feudal problem google reader is the one we got right now google readers hardly You know killing villagers what what's going to hurt me google readers just inconvenient. What's actually going to harm me I don't I don't think you took away my free product How dare you I don't I don't think you betting jerry's I want ice cream every day I don't think you get that kind of harm. I mean it's it is the internet. I mean it's not the real world So you're not gonna get you're not gonna get facebook as captain kirk would say for how long mr. Schneier For how long you're not gonna get facebook spearing its users. I mean it's just not gonna happen Well, there's at least a silver lining to his pessimism Um And I know we've piled up a lot of questions you wanted is there anything you wanted to say on what's happened so far before we open it up again well The question I thought was the notion of of you know can Can a bunch of guys declare war? They can do something but I think you know war is is a very specific thing and it's something nation states do I argue that what a bunch of guys do Even if it's damaging and there's a lot of history but organized crime does I can do a lot of damage We what a couple of weeks ago had someone assassinate a prosecutor in texas and then last way and and and I think this is very much I don't know if it's terrorism. I don't know what to call it but A couple of days ago another prosecutor Has has stepped off a case prosecuting the Aryan brotherhood because he fears for his life This is at a a violent action to change policy So, you know, I don't try to call it But you know these if these things even though they're they're they're bad even though they kill people they're not war And war to me is nation state versus nation state and yes, there are these new sorts of asymmetric threats And they are important But is the war metaphor the proper way to deal with that And we screwed this up, right? We we were we were attacked in 9 11 and in response. We invaded a country Because that's what militaries do if the fbi were in charge We wouldn't have invaded a country because that's not what the fbi does Now we can argue that invaded country was the right thing to do But there was no actual debate about it Because the war metaphor was immediately invoked It is funny to think if The president in the wake of 9 11 had said we are starting a full criminal investigation The u.s. Attorney in the southern district, which is what we he would have been run out on a ramp Which is what we did with every other yeah terrorist attack to date. I mean, that's what we did after um, mumbai, that's I mean, uh, not probably uh Kenya Yeah, right, but it is interesting to see that's what happened nearly a decade later That choice which may well have been sort of by democratic accountability a somewhat, uh, forced one to assign That's no doubt debatable Um, it was psychologically the right choice Unfortunately, but it's interesting that choice then persists in the sense that attempts to downshift into a let's try these folks in the criminal system mode Still results in a lot of pushback. Remember that we were trying to being One terrorist from guantanamo new york to try him And right there was actual fear. We couldn't Put him in a u.s. Jail and i'm thinking what is he magneto? I mean He's just a guy Yeah, but there there is there is this fear. I think obama had had the opportunity to change it When he took office he could have said It's a perfectly reasonable reaction that went here. It's actually a congress actually passed a statue Yes, preventing him authorization act that prevented it. Yeah. Um, there was one other quick thought too on, uh Your notion about When you have prosecutors withdrawing from cases out of fear for their physical safety That's what's happened in the u.s. Right that happens that happens in other countries or other countries where you have judges wearing hoods Right or that kind of thing that happens in mexico that doesn't happen but it gets back to the question of If our own primary institutions are faltering does that push for alternatives and to me it calls to mind A book uh to be published by yale university press called the cartoons that shook the world Uh, a very scholarly treatment peer reviewed Of the mohammed cartoons from Denmark and it included not only the cartoons in question But depictions of mohammed over the centuries And yale university press did a security review prior to going ahead with publication And concluded that it was not safe to publish and insisted that all of the cartoons and all of the other depictions be removed from the book And the book was still published over the objections of the author. It was removed The book was published without them and when yale responded to assertions that they were kind of giving into Threats of violence Kind of thing they said well, you know, you can just get to them on wikipedia So what if you need us for it? And it's an interesting kind of point That wikipedia there's not even enough of a there there to decide whether to take the cartoons off That they're a click away and in fact there is a discussion A talk tab on the page about the cartoons on wikipedia Talking about offending sensibilities not threats of physical violence and they decided it would be a very small thumbnail And then you could click if you wanted there that was the wikipedia's solution But that that goes to his point of of of anonymous being right a loss of that's what I mean a loss of fat and I think If you sort of look at at their activism it is Both a frustration at the institutions who are who are behaving badly and a belief that the institutions aren't Aren't going to follow through in what they should do So my guess is the mics are in two hands currently are about to be Let's do those last two mics and then we should wrap where are they are right here, sir Adrian groper you invoked lessig and the gay marriage flip And the question is how optimistic can we be that the nation state becomes redefined? By the internet in time to save us from this apocalypse that is that is the question So the question really is is the relative speed of social change political change and technological change Right, that's your question. It's a really good one Detecting a theme in tonight's Talk. Yes. Hi, pete devlin. I was wondering whether at least in some cases We don't have to be so afraid that the government has access to our data. So we talked about Them using our financial data to decide who to audit and If they're mining through our data Everyone's anonymous as they're going through until you are identified as someone likely to have Committed tax fraud in a whereas before the internet they would have had to Break into your house Look around see if the pool is in the back or not and that seems to me like a much more fundamental invasion of privacy than Just seeing your anonymous data and then pulling out the And in a lot of cases you can build You can build privacy preserving systems. I mean I mean already we allow the police a remarkable level of intrusion into our lives We do that willingly But we put in a security mechanism right the the warrant process Is meant to be a security mechanism So I will allow the police to intrude in my life But they have to first convince a neutral third party That it is in society's best interest to do so their rules about telling me they did it after the fact There's a whole lot of mechanisms Not to limit what the police can do But to limit How they can do it And so that that's our trade-off to make that work Now those sorts of trade-offs are certainly possible in all of these technological type of of Surveillance's investigations Data collections, we're not doing any of them You know an example is In full-body scanners at airports right there that you can either see the picture or you can blur out the the human form And see a stylized picture and just the contraband objects you're looking for Right, we know that they're both technologically the same Larry Lessig does the is the great point of the license plate Right the police say look we need to know who's who driving the cars because the cars are hitting things and killing people and driving away and that sucks All right, our idea the police says is to put everybody's name On the back of the car Right someone says wait don't do that That that loses anonymity Put a random number on the back of the car We will give you the police the database of random numbers attached to people and that way you can look Cars up when you need to right that That's a mechanism that that gives the police what they wanted but preserves privacy And there are a lot of really clever things we can do To do that. We're just not doing them Which also tends to raise the question that often divides engineers and lawyers and you kind of gave the lawyers answer Descriptively speaking which is well, we can hash it We'll have a table and then the government can consult the table when it has good cause And often the engineering answer is I never trust them to have good cause I want a fake license plate or no license plate or something like that There's an argument to made that one of the solutions here to you know, the very invasive police measures is to give the police better tools Yeah, the reason I mean they're just trying to do their job in most cases. Yeah, and it's a job we want done And the reason they have to be so So expansive is is there's no there are that we don't have the surgical tools And if we could design them we'll have a better chance of having them not do the things we don't want them to do So speaking of engineers and lawyers this event is co-sponsored by the center for research on computation and society at the school of engineering and applied sciences And the berkman center for internet and society of harvard university, but often identified with harvard law school And I think tonight's conversation has been as kaleidoscopic and freewheeling as it was promised to be And we're still trying to figure out How to make the most of a physical gathering like this a gathering augmented by the various technologies We know are happening at the moment in the background. There could have been a big twitter feed or something on the screen behind us But these are threads of conversation I think that show first how hard this stuff is And not purporting to have answers where we don't yet Have them and that also really caused us I think to ask How many of our solutions can be general type solutions a sort of approach that can work from zone to zone to zone Or how much of it is just trying to fix one leak at a time And do so in a way that may feel like your movie plot example, which is you just keep closing barn doors But it provides I think a lot of Puzzle that we continue to work on in venues very different from a public lecture We're very hopeful that bruce will continue to be in our environments here in Cambridge And virtually and it will have chance to continue the kinds of conversations that are happening here And I actually really appreciate the conversation this this is stuff I am as you can tell still trying to figure out So I'm glad it's been it's been taped because I wasn't taking notes But I will listen to this again for that because I said stuff. I didn't realize I was going to say And you guys there's a bunch of people tweeting stuff that you are Fending you on facebook now and we have to tell them it ain't you Okay, there actually is a facebook account that mirrors my blog and there's a twitter account that mirrors my blog I control the facebook account, but not the twitter account someone else set that up But I never actually visit these sites All right then So so don't Don't don't don't send me stuff on facebook So please join me in thanking bruce scheyer for a very provocative