 hello roots our next speaker is alex stamos the chief security officer at facebook hey everybody I'm alex I work at facebook and I get to work with a bunch of people whose job it is to think about the safety and security issues no it's okay I'll just leave it here it's fine John safety and security issues for over two billion people how many people do you guys think in the world have internet access so who wants who think how many people are there in the world we'll do a little should I do socratic method yeah 7.6 billion I think that's about right that's more significant digits than I feel comfortable saying so about a little less than four billion of those people have some amount of internet access right have what we define that as have regular access to 2g internet which is slower internet than any kid in here has ever used in their life but that's that's actually really significant and so about two billion of those people use one of our products so we have Facebook which none of you kids have heard of you've heard of Instagram which is us as well and WhatsApp which has about 1.3 billion people what's up actually has more messages on what's up than all the text messages in the world put together which makes it pretty amazing it's also pretty amazing in that it's end-to-end encrypted which means that all of the things that you send on WhatsApp are secret except from the two people or the multiple people part of the conversation and that was a really tough thing it's also a really interesting ethical issue as you'll hear later probably from from Leonard so what I just wanted to do is talk a little bit about what we do in security and safety and why it's really important and then I'm gonna have plenty time for questions and we got prizes for questions because I want to encourage curiosity and questioning of authority figures which is something I've done so this is my 20th year at DEF CON I came when I was 18 years old as you can do the math on that I did not have a beard when I was 18 but what I did just like you I was really excited to come to DEF CON and to meet a lot of people who were just like me really curious and how the world worked and at the time we didn't do stuff like this where there's all the awesome opportunity to hack stuff to to go do competitive hacking to go disassemble things for us we kind of had to find a lot of that and a lot of my friends of that era did those things in a way that wasn't completely legal and DEF CON has really changed a lot and given us all these opportunities to explore and use our creative skills in a way that is not just legal and ethical but you're making the world a little bit of a better place and so the things we do at our security team so the first is we work to protect our company so people want to break into us all the time why do you think they want to break into us why would you want to break into a company that has two billion people communicating with each other yeah that's fantastic what's your name thank you very much Maggie that's a totally correct answer you can break into the company and get information about people their private information which can be super valuable to lots of bad people right to criminals who want to steal money from people from governments that don't like the fact that people that live in their country are able to communicate freely and lots of people who want to cause individual harm and so we have to protect the company and that's a big challenge because we deal with some of the the best hackers in the world who want to break in we have another challenge is we have to build really secure products right so I guess we have two billion people on Facebook 700 million on Instagram 1.3 billion on WhatsApp we also make the Oculus headsets is anybody here played with an Oculus before that's a lot of fun right technically you're not supposed to do to a 13 this is interesting safety legal issue but so I'm going to ignore those hands but yes it's a lot of fun and we build those we don't actually build them ourselves we have a contract manufacturer but we're responsible for designing those in the software and keeping them secure and we have a bunch of other products coming out and so we have to make our products secure and we do that both by having people on the inside who work to think about how can this thing break but we also ask people on the outside to break things for us anybody know what that's called when we pay people to find bugs yeah white hat program or a bug bounty program that's right and so we run we've given out about four million or five million dollars over the last four years to people who have find found bugs and for you know for some of these people it's like a fun side project for some of the people that do this this is a full-time job and they support their entire family doing this we have a young man from India from a small village who's made over a hundred thousand dollars just from us finding bugs and that's allowed him to support his entire family and so that you meet all these really interesting people and then the third thing we do is we focus on the safety of our community which when you have two billion people 99.9 percent of people are good but the point one percent of people who aren't good can do a lot of bad things online and so in that area we try to make sure that people are being nice to each other that they're behaving per our rules that they're not abusing each other and then we also one of things we particularly focus on is the interaction between adults and younger people because that can be a really dangerous thing sometimes and so we do a lot of works in the safety issue as well and it's a lot of fun and one of the things we've been working on recently is around protecting elections anybody know what happened last November oh where are you from Canada yes where you have a functioning democracy that congratulations on that I got to meet your prime minister he's a very nice guy you you have to not look him straight in the eyes because you'll fall into them into those deep blue pools but yeah yeah but you're right so there was alleged hacking of the U.S. election you said the name of the country which I'm not allowed to do according to our lawyers but there was a lot of things going on to try to influence our election in the United States and that's actually happened in other places too we've seen that in France there's activity in Germany and there's actually activity all around the world trying to mess with people's elections so that's the kind of thing that is a new problem for us and one of the great parts about our job in my job is I get to deal that's a great look yeah one of the great parts of my job is I get to work on these security problems that nobody's ever seen before countries trying to manipulate millions or hundreds of millions of people to change elections is the kind of security problem that nobody's had to deal with before and so there's no book you can read and there's no class you can go to we just have to kind of figure it out as we go along and that's what we're doing we had to spin up an entire team whose job it is to study that and that team had some kind of traditional nerds people like me who went to a computer science or electrical engineering degrees but we also have a lot of interesting people who do different things so the woman who runs that team her name is Jen she has an undergraduate degree in like in foreign relations and she went a master's degree from a famous school that teaches about foreign relations and international service and then she learned the computer stuff later we have people who have language skills and all the different languages we have to deal with we have people with sociology degrees and so one of the neat things about security is it's not just about hacking computers in a super technical way security is becoming the study of all of the different things that you can do with technology that can cause harm and I think that's a super important thing and I think that's also really exciting for young people because there's all kinds of new things you're gonna have to deal with and honestly I can't predict in 15, 20 years when you guys are in the workforce what the kind of problems are gonna be that you're gonna deal with so anyway anybody have any questions about what we do or what's going on yes what's my favorite part of what I do that's a great question so I like meeting new people I get to do that a lot I get to travel around the world yeah there's some swag that's you hacked our swag formula good work buddy social engineering for sunglasses I like traveling around the world and meeting new people and representing the company and talking about the things we do security so I got to I in the last couple months I've been in I got to go to Korea and Japan and meet people there about what they're doing in security and meet their heads of cyber security I got to go to Germany and France so I got to go to the LSA palace which is their White House in France and talk to them about that about security and then go to the Bundestag which is the the place where the German Parliament is and talk to them about what we're doing to secure their election and that's really neat it's neat to be able to you know we're entering this weird world where companies are doing things that are traditionally the realm of countries right like providing security for two billion people is the kind of thing that used to be a nation state problem that an army would take care of or police force and we're in this new world where the keeping people safe technically is the responsibility of private companies and people who work at private companies much more so than the actual countries where they live and so that's like been a really interesting thing to be able to work with these people who are representing you know these people are elected to represent millions or hundreds of millions of people and we have a responsibility to listen to them and to work with them to keep their people safe so I like doing that I like hiring people I like having a team and seeing young people come in like we just had a class of interns come through and I got to go get dinner with the interns and it's just really exciting to go work with people who are new to the field any other questions anybody want to ask anything yeah how much data this Facebook store that's an excellent question so we don't release the exact number but what what do you think the so what's a big number of data that you think how's it measured in what bytes petabytes that's great so what's a thousand petabytes starts with an E how's your Greek what's what's what's six in Greek exabytes so we measure our storage capacity in exabytes so for the security team our storage capacities in petabytes but for the overall of holding everybody's vacation videos for the last ten years turns out to be measured in exabytes of data in about eight data centers globally so think of hundreds and hundreds of thousands of spinning discs each one is is holding something between two to ten terabytes and that's what our storage looks like we also have petabytes and petabytes of RAM so a lot of like if you if you open up Facebook and you just scroll through it everything you're seeing that is there is actually not on a hard drive it's in RAM because there's no way we could pull it off of a hard drive fast enough for people to have a good experience so basically everything everybody's done for the last couple of days in Facebook all the photos all that stuff is stored in hundreds of petabytes of RAM around the world and then we have this big complicated system that when you say I want to look at a picture in Instagram I won't look a picture in Facebook it figures out where's the closest machine goes pulls it out of RAM and then gets it to you it's we about eight data centers globally and we have hundreds of points of presence servers that are close that will route then over a private fiber optic network to get to where art we're holding your data yeah it's pretty cool data engineering is amazing yeah that's a fantastic question so the question was what are the legal issues with holding so much data and they are extremely complicated so what percentage of our users do you think outside the United States yes miss seventy five that's that's a good guess but it's higher than that the percentage is higher what's a number higher than seventy five and lower than a hundred percent eighty seven point five that's extremely close it's eighty eight percent that guy gets two sunglasses that was a really good yeah so we are a global company and so one of the challenges all of tech companies are facing right now is that the the laws for how we operate are very very different everywhere and countries have still not figured out how they want to regulate what data we collect how we hold it what we do with it what our responsibility is and so it's a really complicated time to try to deal with that what we we do is we try to follow the laws in the places where we have major operations and so for us that's the United States and then Ireland is where we have our biggest head is our headquarters for outside the United States and do countries give us mean glances yes in Europe they're giving us a very mean glance called the general data protection regulation which is a whole new set of rules about what we're supposed to do with people's data in Europe that nobody knows what they actually mean because they're incredibly broad and so there's this constant kind of discussion between us and governments of like what is the appropriate rules they pass these rules we ask them what they actually mean sometimes these are friendly discussions sometimes they're less friendly and they end up in court but this is kind of a constant thing that we're trying to figure out because there's not one set of rules we can live by that will make everybody happy so we try to do the best we can to live by the privacy rules of the most restrictive countries and then hopefully that works everywhere okay I got to get going thank you so much for your time I'm gonna be around if anybody wants to chat about anything and we have our capture the flag competition starting at one o'clock today we got lots of great prizes drones echoes all kinds of stuff so please give it a shot and compete in the capture the flag thank you