 Alright. Thank you for sticking around for our guest speaker we're gonna have in just a moment but first a couple of reminders. We are going to be going to Sydney in the next summit. November 6th through the 8th so save the date gorgeous city just around the corner. I can't believe we do these twice a year and how all of a sudden we're already playing the next one. And then after Sydney we're going back to Vancouver which is one of the most amazing places we've been able to have a summit yet. Alright so save those dates and we will see you there but before we leave today I've got a very special guest that I'm excited to have an opportunity to interview so let's bring out Edward Snowden on the big screen. Welcome welcome to your first but hopefully not not your last opportunity to join the OpenStack Summit sorry you couldn't be here in person. We will we will try to get you a t-shirt if we can. Are we getting the audio? Yes okay. Alright. Yes okay everybody everybody can hear you so what you've got here in the OpenStack Summit is thousands of people who are really concerned about cloud computing building cloud computing running clouds and so they're they're from all over the world 60 plus countries and what do you what does your kind of take on cloud computing and what does that mean and you're you're from your point of view. So you know there's there's none different ways we can look at this one is the abstract sense where the ordinary user how do they think about cloud what does cloud mean to them. So then cloud means you know Google apps Gmail things like that they've got things up on somebody else's computer. On the other hand we have what you guys and sort of the infrastructure is a service layer which are really increasingly becoming the bones of the internet the thing that we build upon and I think one of the most dangerous things that we see happening in this space and one of the things that you guys do best is help the people who are placed to actually make the decisions about how to build right make these in a considered way. For most people the internet is kind of magic you know it just happens they look at it on their smartphone you know their Facebook app is the internet right but that's not enough and we can't actually let people go to this mindlessly effortlessly when they're in the act of building rather than consuming and you know it raises the question of why right particularly when there are these sort of primarily for-profit alternatives when we get to the infrastructure as a service layer you know you could use EC2 you could use a Google's compute engine or whatever these are fine right they work but the problem here is that they're fundamentally disempowering you give them money right and in exchange you're supposed to be provided with the service and that exists right but you're actually providing them more than money you're also providing them your data and you're giving up control you're giving up influence you can't reshape their infrastructure they're not going to change things and tailor it for your needs and you end up reaching a certain point where okay these are affordable to a certain extent you can containerize things and ship them around but you're sinking costs into an infrastructure that is not yours fundamentally what OpenStack does right it makes you lose that that fundamental inherent silent vulnerability of investing into things that you do not influence that you do not own that you do not control that you do not even shape whereas with OpenStack you know you build it layer by layer requires a little bit more of a technical understanding but as it's becoming more sophisticated and as it continues to comply with this very free and open set of values that the open source community in general drives all over the place but particularly here we can start to envision a world where cloud infrastructures right are not private in the sense of private corporations but private in the sense of person right whether you are a small business whether you are a large business whether you are a community of technologists you can own it you can control it you can shape it right you can build you can lay the foundation upon which everybody builds and I think that's probably one of the most powerful ideas that shapes the history of the Internet and hopefully will allow us to direct the future of the Internet in a more free rather than more closed way thank you that's an insightful answer I think that we we did ask on Twitter for suggestions we got a lot of suggestions for questions a lot of them were obviously in the realm of open source we're all open source stackers here and some of them you know asked just for a little bit of background on your experience with open source what projects do you use or have you experienced with so kind of you know what what is your what's in your toolbox open source wise so probably my my most famous involvement has been during the NSA revelations of 2013 which people don't really think about too much in depth because you know the NSA is primarily running on a windows infrastructure right they have Linux machines they've got servers and things like that to do that for the NSA in the CIA we've seen quite recently through like the vault seven weeks leaks and the shadow brokers leaks that they're also very aggressive GPL violators but on the we have a lot of licensing here that are interested to hear that there is a there's this journalistic side right how did we actually make this happen how did we effectuate the return of public information to public hands that revealed sort of unlawful activity unconstitutional activity the violence relation of rights or norms or laws and this was almost entirely powered by open source right the the tour guards that I was going through I stood up myself they were running on Debian we were using all the journalists were using tails the tails project is their interfaces because I wanted to limit the amount of mistakes they could make they were learning of a fly nobody had seen this of course they weren't specialists in this and the tour project you know was really the most critical piece we're helping people you know it's not to say it'll secure everyone from everything forever but it gave them breathing room to make things happen now since then I was elected by the board as a director at freedom of press Foundation now I have become the president of the freedom of the press Foundation and my primary work there since joining has actually been expanding the open source development efforts that we have in-house there of course we make secure drop which is run at all the major important newsrooms in the United States increasingly around the world now for allowing a sort of anonymous sources to contact journalists securely but there are a lot of other really interesting efforts that you'll be hearing about more this year one of them for people that are interested in sort of open hardware space is last year I gave a talk with Andrew Bunny Huang at the MIT's forbidden research conference on a what we call an introspection engine for modern smart phone we're targeting the iPhone 6 here and this gets into that central issue that we sort of talked again about with infrastructure is you're running things on you know Google's stack you're running things on Amazon's stack how do you know when it starts spying on you how do you know when your image has been passed to some adversarial group right whether it's just taken by employee and sold to a competitor whether it's taken copy for the FBI whether legally or illegally right you really don't have any awareness of this because it's happening at a layer that's hidden from you doesn't matter whether it's rootkit doesn't matter whether it's hypervisor doesn't matter where it's just a process stack the same thing happens with their phones right when we turn on airplane mode when we turn off location services how do we know the GPS is actually off how do we know the baseband antenna is actually powered down we're trusting a software attestation and a rootkit can make that lie to you so we are developing a hardware which is free and open anybody will be able to replicate this we're gonna provide the plans we've already written the paper about it where you will be able to actually look at the electron flow over these circuit paths to confirm that for yourself well okay that's that's great that you're driving forward in the open source and some some meaningful ways appreciate you sharing that I think you know another theme that I heard from from asking for questions out there in our community was you know for those of us who are working on open technologies you know what are some of the ethical implications or obligations that people have if they're working on something not knowing necessarily how it might get used and maybe in ways that they don't they don't necessarily agree with personally think beyond what the license says is clearly lesson number one from this year you know that stuff matters the capability matters and we have to recognize that you know all government involvement isn't necessarily bad thing right all intelligence agencies aren't necessarily bad either there's a lot of good people at NSA there's a lot of good people even at CIA it's hard to say it but there's even some good people at the FBI and the idea here is we want to enable everybody right but we want to think about the context and meaning of our work as technologists fundamentally we don't work for governments we don't work for states we don't work for corporations we should be working for the spirit of technology itself moving people closer to a more empowered future I try to think of this in terms of values right all systems should largely be designed to obey the user and secondly they should not be designed to hide things from so they should not deceive the user they should not lie to the user and they should hide things material from the user this is one of the largest problems that we have with closed source it's not so much that you know somebody doesn't want to share source code although that that matters in the abstract sense it's what that actually means when they don't that leads to the world that we have today where we've got vulnerabilities in every Intel chip that has you know AMT enabled and things like this because Intel's monitoring excuse me Intel's management engine has these blobs on it that we can't inspect that we can't see that we can't change that we can't patch ourselves when you're thinking about your ethical obligations the main thing is how do I empower the user and if this creates a large-scale disruption in traditional power structures right if this can be used or an amplification of powers that are used by sort of aggressive actors whether they're corporate whether they're their government entities or anything else how can people be sheltered against this right at least enter that chain of thought and think about what you can do to protect people you know the traditional world we like to think about of you know the happy policeman on the street that's looking out for people is increasingly and some would say tragically being displaced by technology because we can only put so many people in so many places but technology is everywhere and if we are going to have a computer in every home in every pocket in every car in every place we need to make sure that they are living by the values that protect and serve the public thank you I think that's it's interesting insight and the next question that I wanted to ask was was really just about kind of the dynamics of exploit so you know there are people now that'll pay a million dollars for a zero-day exploit various actors there's there's a market for it so how does that the sort of economics of it you know affect the dynamics here out there for people that are trying to secure their infrastructure you know this is a this is a complicated space and it's hard to get in here in the short time that we have because we could spend an hour just on this topic but to look at it briefly mitigations work we know that if you can start to move entire bug classes off the table start using memory safe languages and things like that for development sort of best practices for coding standards for design standards to limit the kind of weaknesses that you have that you're validating inputs and things like that this will make attacks much more expensive but there's still going to be that market out there there's still going to be people that are looking for that and they're still going to succeed now traditionally we've said the beauty of open source is that you know many eyes make all bugs shallow but we see the bugs still get through and they still get through for a very long time even in the most open context we get things like shell shock right and the impacts of this is large but that's not actually an argument that we shouldn't do open source is that some bugs get through the beauty of it is that when something like that does come through just as we get all of these bugs all the time in these closed source ecosystems you know even iOS has jail breaks and things like that fairly routinely and they have actually a quite skilled security team the entire community can respond and they do right when a shell shock type bug is discovered everybody looks at that code base right and it gets improved in more ways than just that it gets more people involved in the process we don't want to encourage or look for these big bugs to hit us right and then be like oh great we had a wonderful response afterwards but the fact that we can is fundamentally empowering and it's fundamentally educational we learn from it we prove as a community when Apple has a security flaw when Google has a security flaw when Amazon's stack you know or even not in their fundamental programming thing but just in their processes their employees are clicking on phishing emails their keys are stored on a staging server and somebody can get in and pop that laterally and now they've got the keys to kingdom we don't know what they learned we can't evaluate if their response was positive or negative it was good enough or not good enough and ultimately even if we don't like it we have no influence over it now people might go boohoo that's sort of how private industry works and that's a fair argument right but the point of over open source is that we have a better one we don't have to compromise we want a better world and so we're here to build it okay well that that's brings me to my next question which is I think they're ready to to build a better world so you've got the right the right audience here so my next question is you know looking forward you know with everything you've seen everything you know are you an optimist or a pessimist or somewhere in between at this point depends on the day I am fundamentally optimistic when you look at where we are in the progress of technology we're at a crossroads we have been struck by a moral dilemma that we did not ask for that we did not see the way I've described this before is this is the atomic moment for the profession of computer scientists right in the last century we had nuclear physicists who were looking at the science they were trying to master the fundamental laws of the universe just how this stuff fits together and they want to see how far they could go they discovered some new means of productivity right this incredible energetic potential that's what the internet is today the problem is we did not predict how bad actors aggressive violent actors would apply these discoveries of ours now we need to think about how we can mitigate them we can't we can't put the genie back in the bottle right we can't unsplit the atom but what we can do is make sure that we don't make the same errors that we made in the last century we're just to make sure something's working just to make sure that our our cell phone network works we adopt terrible standards like sort of this SS7 sort of circuit switching system for cell phones where it can be hijacked from all over the world where we have the weakest possible encryption schemes that could possibly be applied to typical cell phone communications because governments actually encourage the adoption of that they wanted them to be weak enough to break they didn't say that was why but we need to make sure that we're not looking at good enough particularly not good enough for now because it's very hard to update the technology it's very hard to move legacy stuff out of production we all know that everybody's sitting in a room we need to start thinking about how to build not just for today but for the next hundred years by setting an example and by setting protocols that say we're gonna build things not for today we're going to build things for beyond tomorrow thank you well we've got one final question one final question from the audience getting slightly more political what can we do this person asked to reverse the trend of protectionism and nationalism it's a pretty heavy topic this is extremely complex when you look at the political dynamics today whether it's the election in the United States the closeness of the election in France laws that we see being passed in the United Kingdom they passed the most extreme surveillance bill in the history of Western democracy last year called the investigatory powers bill in places like Russia we see laws like the Yara Vaya Pacquette it's called here Russians call it simply the big brother law and when Russians are calling a surveillance law the big brother law you know there's a problem fear has become the most common political value in the world saying but terrorism will defang any opposition it will silence any counter proposals and this puts us in a systemically vulnerable place where the traditional systems of checks and balances upon which Western civilization has relied upon particularly since the democratic process spread around the world are starting to fail courts are afraid to rule in areas that are politically controversial even though they are legally quite clear for example all this mass surveillance in the United States is a pretty clear violation of the fourth you know any sort of expert group like the ACLU looks at this as filing cases about it and the courts are very hesitant they work these things the appeals process about on a 10-year span because they don't want to be seen as simply applying the law in the way that makes sense and the way that would restrict the government in the way that it traditionally has because judges are people too right judges are vulnerable to fear in the same way everybody else's politicians are vulnerable to fear in the same way everybody else's presidents are vulnerable to fear in the same way and this creates a world in which the weakest link in the fabric of the safeguards of our rights is increasingly becoming human now this leads us leaves us in a place where the traditional mechanisms of enforcing human rights are beginning to fail so we have to develop new ones the beautiful thing is at the same time these old processes are beginning to fail technology we're seeing to glimpses where it can enforce human rights in new ways beyond borders right let's say you have a country that doesn't respect human rights as well as the global standard right this doesn't have to be a place like South Sudan or Cameroon or Russia or China this can be a place like the United Kingdom this can be a place like France this can be a place like right here in the United States in Boston but if we develop protocols systems that are invisibly surrounding us every day they're in our pockets right even if somebody doesn't touch the internet personally their communications are transiting the internet they're relying upon this fabric that we've built this mesh whether it's the infrastructure that you're providing that a hospital is putting their records on right that a 90 year old woman who doesn't even have a computer is still relying on these things can be pushed across borders instantly and when we create safe and reliable means of protecting human rights right at the protocol level at the system level where rights can't be abrogated simply because it was convenient or simply because someone asked we create not just a better world we create a freer world and it can happen on every corner of the earth as fast as we can proliferate the technology and I would argue not only that we can do this not only that we should do this but if the next generation is to enjoy the same rights that we ourselves inherited we must thank you so much Edward Snowden for joining us at at the open stack summit and I would like to go ahead and invite you to the next summit in Sydney and all the other summits from here on out we really hope you can come back and talk to the community again thank you so much for your time thank you well folks that's all we've got for this morning's keynotes I hope that was interesting for everybody I know I enjoyed it but as you leave be sure to remember our maxim have a good time with open stack