 So welcome again to the translation. We have one of the big ones of Austrian journalism from ORF, which is an Austrian big broadcaster, and he's basically doing network policy journalism. Or we even knew that network policy was a thing. So yeah, there's lots of knowledge that you can impart on us, and I'm quite excited to learn more about 5G surveillance standards and how the cops are trying to make more surveillance happen at the European Standard Institute. Okay, so you don't even know what I'm going to be talking about. Okay, so these are the 5G surveillance standards with the most important people, most very, very sympathetic people. Currently we're actually trying to set the security standards. These are releases 15 and 16, and there's like a lot of things happening there. There's a very clear demarcation line between telecoms on the one side and cops and spooks on the other sides, and we'll talk about their plans, who is important here. I forgot, if you're here from 3GPP partnership group, S-A-L-I, that's like lawful interception. If you're listening, please for your entertainment. Be careful, the first slide is kind of having some problem. Yes. Okay, trying it again. Okay, there's some problems, but it works. So these are the standardization organs like the institutions that are hoping to standardize. The standardization of surveillance goes back to a fishery decision from 1995, and was only published in an EU journal. Now if you provide a digital telephone network, you need to provide some sort of surveillance measurements. Now 1996, they were the first user requirements for lawful interception. The requirements are quite easy, actually, and the users in this case are police and secret services. These requirements are coming from the technical committee for lawful interception, T-C-L-I. That's a large group. There's like 150 active people in there, at least, and it's pretty much everything is in there, like police, secret services. Anyone who's important there is in there. They have these requirements. This has to be possible, this has to be possible, this has to be possible. So the participants, the documents, and also all the meetings are secret. I know some people that have been in there for like 20 years or more, and there's a second group that are basically implementing these requirements, and this is not actually part of the EU, the technical, the Etsy, it's not a public EU institution, it's something that's organized and funded by the telecom, and 3GP, that is for lawful interception. That's a mixed group with telecoms, cops, spooks, and bureaucracies, bureaucrats that are kind of their documents are public, but it's not easy to find them, and it's very difficult to understand them. I've been trying that for a number of years now, and in this group telecom actually outweigh the other, the spooks. There's about 5,000 stakeholders from telecom in there, from telecom and subcontractors, okay, so we once had Etsy an interface for surveillance, it was developed during the GSM time, and you see there's three surveillance channels, of course that's very abstracted, but when you see the green bar, you see there's like network internal functions, so let's just like your Android goes there, the telecoms, they're trying to get all this data from the network, and then via the black channel, people are asking for data, so if there's a warrant or something, then they can see and they can get the data basically, or maybe not all the metadata as we might be able to see, and the red one is core content, that's basically what you're talking about, that's how it used to be, and they kind of kept this with 3G, but that's a lot more complicated, and 4G and LTE, they kind of managed to try to fit it in there, and now 5G, it doesn't work anymore, and this is kind of a change of paradigm, the center in the telecom network where all the data was found quite easily, that we don't have anymore with 5G, so the network, what we will see now is something that we don't see here, which is like the data in the 5G network, that's like kind of behind the green bar, and where we have to get it and where we have to go it, where it has to go, and these specifications are basically what started it all, this was at the end of last year, they started, and ever since there's been like a lot of discussion and they haven't really found any common ground so far, okay, so this is how it looks, what we see here is everything that's blue is interception, and we don't have one point of intercept anymore, but instead we have many points of intercept, why? Well, 5G networks are basically a cloud, a mobile cloud, and what we have as a point of intercept here is basically just cloud segments, this is a so-called sliced network, if you know something about cloud computing, which I assume you know, maybe you even know more than I do, and this is how it looks, I'll explain it a little bit, what goes where, to the right, at the right bottom, there's ADMF, which is basically administration function, which controls the lawful interception, the lawful interception control function, so commands come from the administration interface and go to the lawful interception and are there implemented, and then of course, they need to go to each of these points of intercepts and go into a specific direction, and on the left you see 5G networks, a non-3GPP, which is GSM, and there basically everything is kind of like combined there, and it's not as easy as it used to be, and you never know which point of intercept the user is actually using, and here with this administration function, there's a small red remark and at the LHCF as well, that says target list, that's a list of all the targets that are supposed to be surveyed, and we should basically check this and like check them, so if your smartphone registers somewhere with a whatever, and there they have to already check, is this smartphone on a surveillance list, do we have to survey the smartphone or not, and if it's not, if this isn't done, then it doesn't work, like none of these surveillance works, so as soon as you log in, you need to know whether you need to survey the smartphone or not, and this is where kind of the big trouble started, so security for the surveyors, if we talk about security, then they're not talking about your security, they're talking about security for the surveyors, because they're the users here, everywhere where it says users, it's not a person with a smartphone, but instead it's a person that wants to survey, the person that tries to intercept, and this is where you see this is kind of something, a draft that comes from the other side from the surveyors, and they're kind of problematizing that the most sensitive of information is the list of targets, of course we can understand that, now, well, yeah, imagine there's a list of all surveyed smartphones in the entire network, maybe hundreds, maybe thousands, and you need to check all of them for each log in, do we need to survey this or not, and when decided back, then then in the fishery task force, everything that happens in the network of a smartphone needs to be registered, nothing can be missing, and that's really important, and this is what it says, completeness, it needs to be complete basically, the law says that, and this is why the system needs to work like this, okay, so there's two possibilities now, the one possibility is either, you put the entire list of all the smartphones until each and every single point of intercept, and then every government actor was like, what you want to put our secret list onto the entire network, that's way too dangerous, so they only care about security for them, they don't care about our security, they really want to get rid of our security, and this is also what went into release 15, there's two possibilities, the first possibility is you put the entire target list onto each and every single point of intercept, and then it works, a smartphone enters this point of intercept, looks at the target list okay, we need the smartphone, we can mark it, it's done, but that's what the cops don't want, if the list is lost or if it's public somewhere, imagine there's a list of all phone numbers that are currently being surveyed, that's like crazy, the second possibility is like the slides don't really work very well, so it's not on here, so the alternatives are, let's go back, okay, we need to go somewhere else trying to find the right slide, no, still trying to find the right slide, okay, we'll be there soon hopefully, okay there we are, so every time a mobile phone connects to some sort of cpnf, which is like the radio access network where you get access to something, when the target list isn't everywhere there, then each time you need to ask the control function and compare, so you need to send this via different network segments, and if you do it like this, there's a problem, you'll get latency, what was, let's remember, what was the unique selling point of 5G, very very low latency, less than one millisecond, and this doesn't work like this, there's no way, you know what the government actors proposed? okay, well yeah, they kind of proposed that you don't need, you can't access to one, you can access at the same time, but instead if one smartphone currently tries to access, then all the other smartphones are getting to a queue, and of course the tail comes, said, well this will not allow low latency, because of course this is where kind of the big discussion started, the big debate, and the government surveyors is completely against this, and they kind of want to compel all the tail comes to have this kind of, to make sure that the network architecture is surveillance friendly, so that basically means that they're basically changing the business model of all the tail comes, and that's not actually what's in the EU law, that you need to do these networks like this, of course there's always some sort of, you can always look at it from one perspective or the other perspective, and this is kind of where the whole debate is at, so what might happen if you just check one after the other, after the other, well latency, latency, latency, and that's exactly, and that's exactly what the telecoms don't want, that's an absolute no-go for them, so let's continue, so before voting on this, about release number 15, there was a big presentation by cops and spooks in this working group, usually they're only there with one person max, because you have to travel around the world every two months for the next meeting, so they don't usually come with as many people, but at this single meeting alone, so from PIDS, that's, that the PIDS, that is an abbreviation for platform interception, something, system analysis, so they usually have one person there, here at this particular point, at this particular meeting, they had four people from this particular organization, the German Federal Criminal Agency, that is also not usually there, also had two people there, the German Institution for the Agency for the Protection of the Constitution had several people there, there is Mr. Steinwurke, who I've also known for 15 years now, he is usually there for every meeting, but hasn't, so he's been for every meeting, in every meeting for 15 years, but at least according to the protocol, he hasn't said anything ever in all those 15 years, and then at the very bottom, you see something that's called National Technical Assistance, that's how the GCHQ represents itself, so that's a department of GCHQ in the UK, and they're the ones who train the cops in surveillance, and they were also there with four people, none of that helped, because the telecoms had 5,000 stakeholders in this vote, and so they were just completely superior, so what was the result? So Gilde Kerkhofer was not amused, he's the primary top terrorism fighter of the European Union, he was super angry, how can you do this? And please, this is where you can see, this is how you see what kind of mindset these guys have. They sent a complaint to the EU Ministerial Council, it says the votes of the companies far outweigh the votes of the law enforcement authorities, and so they're complaining that industrial interests essentially outweigh government interests, but well, I mean, this institute is a private organization, so the right to vote in this organization are based on based on how much that particular member organization pays into this organization, terrible, terrible, right? And then it also says, they also said that there is no veto rate for people who basically have lawful authority. Well, what else do they want? And there is no unanimity principle, so if there was a unanimity principle at this organization, then these standards won't be done in 10 years, and that's why, and so they're saying that's absolutely terrible that in a private telecommunications organization, which in this case is, so this is a UN organization, but all these requirements come from Etsy, so sadly, sadly, all these cops are always outvoted, in some cases they kind of come to an agreement with the private actors, but in general, we should start sending more people to this group, so that it's not going to change anything about the voting rights and the vote weighing. Do you know what that means? That's basically trying to intimidate people, that's intimidation, that's simple intimidation, so when telecoms are not by themselves anymore, but when at least there's a physical presence of law enforcement, or if the entire thing is full of cops and spooks, that's a clear intimidation tactic, and that's, and so this guy wasn't the only one who wasn't happy in the US, you may have heard about the controversy around Huawei, I'm not going to talk about that further because we have limited time, but there is now a Lex Huawei on its way through the Senate, which has been written by hard liners on both the republic and the democrat side, and they want to force Trump to not use Huawei as a token in the trade negotiations with China, which is exactly what he planned, so basically they're taking his joker away from him, which is why the daughter, which is why he took the daughter of the Huawei founder as a hostage, that's nothing else, there was nothing, when she was arrested in Canada that was nothing but a hostage taking, well of course, they're talking about something related to Iran and sanctions, no, but she was arrested and that supposed to be prosecuted in the US, and Trump wanted to essentially use her as a bargaining chip in the negotiations with China, and you can see Huawei is also part of this working group, and Huawei is one of the largest payers of membership fees, they pay as much as everyone else together, and that's usually how things work in this working group, so usually there's not that many state representatives, but primarily it's telecom companies, and then in the middle you kind of have Mr. Steinliko, so this was a different meeting because Mr. Steinliko was usually there, but yeah, and so that's where now we already get the response, so this is from the last meeting which was in Poland, which was in mid-July, which was an extraordinary meeting that wasn't initially planned, but because there was so much fighting going on they had to organize an extraordinary meeting, and here there are 28 change requests from the FBI, so this is just inexcerpt, so you can see, these are the change requests, so where does it say FBI on this list? Well, the FBI is called OTD here, the Office of Technology Division, so you don't see right away who is being represented here, so you can't see right away that it's the FBI once you look at this document, so these are several change requests that are about asking for more metadata and more metadata. So, location data, please, so that's the current topic of discussion right now, and that's something that's going to be decided by the end of December, so this means what we can see here in purple are the requirements from the group, and in red is what Vodafone, so Telecom company added, so what they demanded because there will be so many cells in 5G, they would have to constantly check these inquiry, these IDs to check which particular cell any particular smartphone is in. Imagine kind of like a big mall and maybe has like 15 of these cells, and so they constantly have to check which of these cells the phone is logged into and how this person is moving around, that's what they're demanding, so they really want incredibly granular surveillance with data that the telecoms don't even have access to. The telecom companies really don't care about this right now, they just want to put up these networks, and so Vodafone says, oh, it's going to multiply the pressure on the signals, it's going to lead to problems on several interfaces, and it's going to be incredibly expensive for the telecom because they have to use way more equipment, and here, so this is kind of like a foul from a military intelligence service, so this slide is from an institution in Sweden called Föresverest Radio and Start, so it's a conspiracy radio institution, it's secret radio institution, which is nothing else but their military intelligence service, and so basically they did like a foul against the telecoms because they say, and it's also written in the initial requirements, it says that encrypted communication that can be opened by the telecoms has to be sent to the secret services in the clear, so since 2012 there has been a system for payment, and so the payment system is on the SIM card, so everything that is on the SIM card is under the purview of the telecom, and so obviously that also includes an encryption system for payment, and so now the watchers essentially said, well we need those encryption keys from you because you need to give us all the encryption keys you have access to, and so they're basically what they wrote in here, so they basically tried to do that again, and why not because there's a sufficient number of payment systems, so why shouldn't the telecoms have one as well, so the telecoms are the only ones who have to give out these encryption keys when asked for them, and here what they're saying is that if someone who's using this for roaming, then those encryption keys have also been sent over with the roaming to the different country, that way the telecoms can completely forget about their payment systems, and so they basically forced them to do this just because they really were unhappy about everything else, okay so we're getting towards the end, oh there's something, okay so the next meeting is in two weeks, there's never been this many meetings in a single year as about the 5G surveillance stuff, usually there's maximum of five per year, and so this is already the seventh this year, and so there's an extraordinary meeting in New Jersey where Verizon is inviting everyone, and the FBI is just around the corner, just three kilometers, and then there's a regular meeting in October, also in the U.S. That's also completely unprecedented, usually there's only one meeting in the U.S., or not a single one, and this year there's already been, and so it will be four with these two, and so when talking about the release number 16, it's gonna be like beat by beat essentially for the next few weeks, just the way it started last fall, and it will be decided roughly just before congress in December. Guys, like let's lean back, and look at how these two are, like how these two sides will beat each other up, it's popcorn, popcorn, please give us beer to watch this. Thank you very much, so we have 10 minutes left for questions from the audience and from the internet, so if you have a question, please send it on our chat, or come up here to the mic, to the angel with the mic, or go to the front of house, which also has another mic angel. I don't see any lights so far, so there are no questions yet, so this is your unique opportunity, otherwise we'll have a little conversation on stage here right now. It's pretty common that there are no questions about this, because this whole telecom stuff that's not, and especially telecom networks, I'm the only idiot who's basically spending all this time on reading all of this stuff, and for most people it's like, most people think it's stupid for them to spend time on, oh actually do you see a light, so I'm yeah looking forward to the first question. Just a matter of comprehension, it's a question for clarification, so is this requirement for low latency, is that something that cannot be combined with the availability or the ability to monitor? Is that what I understand that correctly? Yeah, so I think that is basically the core argument, but except, so this entire target list is sprayed all over your network, as the watchers would say, and so they're really scared of that, because this target list is essentially their treasure, imagine this. Right now, if it comes out that a single person is being monitored, that's already kind of like a big deal, and everyone's like, oh well, so that person is being watched, so there's definitely attention, there's a discussion, but what if the entire list was leaked of people who are being monitored right now? Then all the criminals would essentially get a new smartphone contract very quickly, and the only ones who are left are going to be the ones who are being watched for political reasons, and that's also not something that's desirable, and so they really don't want that those are being watched, which is understandable, so they have to take care of that, and so these two things are essentially cannot be combined, but at the same time they want the maximum degree of security for themselves, and so the architecture of this entire network is supposed to be measured against their demands, and that's the main problem, so if you don't do this thing with the list, you're going to have this incredible latency, and the entire unique selling point of 5G is gone, so because the selling point is low latency, and so that's why in the telecoms they're not going to give that up for any reason whatsoever, they're putting so much money into this really, really fast network, and suddenly all these people are telling us that we have to make it slower just so they can monitor people in the network, that's a very clear, that's just a very clear hard economics where the state is essentially intervening with the business models of these telecoms, of course a nation state can do that, you can't really do anything against that if there's a law, so for example, Seehofer in Germany, he might be one of the first ones who will ask for more surveillance, because whenever it's about surveillance, he's going to be one of the ones who is trying to help, even if he doesn't know what's going on, and the telecoms really need to stand up for themselves in this case, because otherwise they're going to have to, they will have wasted all this money, and precisely what the networks weren't able to do before is also now not solved, will still be a problem essentially. Is that clear? Yeah, sounds good, so a slightly less informed question, so if we're looking at the 5G discussion right now, it's primarily about the arguments of well we want telemedicine, remote medicine, and so everything, like all these things that need very low latency, and so all of these things such as remote medicine would also be affected by these lists, or would they have separate networks? So that's unclear for now. So there's definitely going to be a sliced network with several clouds that are connected, so for example, the way Amazon does it, so they're basically using the same architecture for the CIA, where you have storage space for the CIA, and so the question is to what extent that is also under surveillance, but they absolutely want, the way it looks like right now, every single device seems to be affected that has a SIM card, so every single device without any exceptions. With regards to medical devices, I don't know, nobody really knows for now, because these networks don't exist so far, and so all of these things, like there will be no autonomous cars without 5G, I mean come on, and an autonomous car needs to be able to drive autonomously, even without 5G, otherwise it wouldn't be an autonomous car. Same for this whole remote medicine and surgery stuff, can you imagine a surgery that is going to use a mobile network? That's an absurd idea, and it's terrible talking points that the same protagonists as always are using, it's like all these politicians who want to show off and to have understood nothing, but want to kind of claim all these benefits for themselves, or we can do this, this, this and that. It's complete bullshit, and it's really mostly like part of the hype that is being created about this, so the question with regards to how much of that is actually going to be reality, that's difficult to say for now, because none of these networks exist so far. So I just wanted to say something, tomorrow at 6 p.m. Detlef Borchert of Heise, and I will have the honor of giving a second talk. And it's going to be called 75 Years of Journalism on the World Wide Web, so there will be two of us, and the two of us together, we have 50 years on the internet, and so there's someone else who also is added. So as the Greeks would say, this might be the non-published, the unedited version. So tomorrow we will be telling you about what we haven't written about, about what we haven't written with regards to certain topics, and that's going to be happening here at 6 p.m. Amongst other things, it will include the funny story of me turning into Persona Nangrata in 2001 at CE, this organization I was talking about earlier. Thank you.