 So first of all, I'm dead addict 17 years ago or so. I had a different handle that was unrelated to computer security. And I remember kind of clearly when that handle was given to me by a good friend of mine, Minda Rape. And he expressed that it was really inappropriate to use the handle I was using in the piracy world for computer security-related passions. And I think he was right on the separation of identities and identity management is really important in these regards. I was a senior member of a piracy group way back when, far past the statute of limitations. Jason Scott, I saw, shoved his hand up there, represent. And it's funny, because the only remnants of my belonging to that piracy group can be found on textfiles.com and one of the various NFOs that Jason Scott, the Underground's historian of note, has archived. So if you want to take a look back in memory lane at what the piracy scene was some time ago, go visit textfiles.com. When I joined the piracy group, I essentially did it because I was pissed off with the quality of the releases of the rest of the pirates. I wasn't really interested in fame. For some time I had anonymity and wasn't even using a handle when I was contributing to that group, but I was so frustrated at the lack of quality assurance in the pirate releases that I wanted to do something about it. For one month, one of the groups that monitors the pirate activity, and it was one of the underground groups, they like to keep tally about who's coolest and who's releasing most. But for one month, our group was the highest releaser of any group out there. Now in our space, which was the non-game space, the application space, because while I can play games now and again, I thought the application, getting applications out to kids and to allow them to learn was important. But essentially, right about the time I was most heavily involved was the downfall of piracy as we knew it back then, which was BBS-based. And that was very tightly controlled, somewhat clueless circles. Wired.com was not publishing articles on the latest protocols to get your wares at, which I appreciate now, but it's a different time. One of the other reasons I had a different handle is that there's really different cultures. And at the time, there was a conflict between the pirates and the hackers. And essentially, the pirates, I'm not exactly sure what their problem was. I think part of them was they were afraid of the hackers. Some, one BBS operator I knew, didn't want to associate with hackers because he didn't want the law enforcement scrutiny, which would then find out about his pirate activity. Of course, he ran a small telecom, so I don't blame him for those concerns. There's often little respect between the two groups. And I can understand that. I can understand that hackers can look at pirates and say, well, what are you doing exactly? You're just copying bits around. That's not impressive. We're not impressed. There's nothing elite going on there. There's no skills going on there. You're just copying bits. And I don't want to use the word theft. We'll talk briefly about ethics, but I can understand that. And of course, there's an exception to that. And the counterargument to that is the crackers, which is stupid terminology. Some people want to talk about black-eyed hackers as crackers. Now, the software crackers actually were doing interesting work. And they were doing reverse engineering. And they were doing very impressive things. But there was a very small percentage of the pirates. But I have a feeling that those people often moved on to our industry and became badass reverse engineers doing things more than just enabling gameplay. So the reason I'm giving this talk is because I've been coming here, well, forever. And through this time, I don't recall many speeches on piracy. And I find it really interesting, because piracy is certainly part of what we'd call the computer underground. And piracy culture has affected us all. And that separation that happened 17 years ago or so, when I was heavily involved, that's still occurring. We don't talk about it. We don't discuss it. And I think there's interesting issues and interesting things to think about. And it saddens me to think that, and I certainly don't want to characterize the pirate community negatively, but people that aren't thinking about technical issues and technical challenges that are just thinking about their distribution mechanisms. It saddens me that these bright people here at DEF CON aren't thinking about some of these issues. And I'm not going to give you any definitive answers, and you're not going to walk away with any zero day. But I hope at the end of all of this, you'll give some thought to some of these issues and where we're going in piracy and what all this means, and perhaps how we can help. There's certainly some toolkits and some software and some best practices that can be adopted. And hopefully, even if none of you watch that video camera that's stealing my soul, we'll then transmit it through YouTube and some actual pirates will take a close look at some of these issues. I'd like to get a feel for the audience here. Can I get a raise of hands for everyone that's a pirate, please? Everyone? Everyone? OK. Now can I get a raise of hands for everyone that's not a pirate? OK, you're all lying. So I don't have any animosity towards the people that didn't raise their hands at all, because they're just people that don't like to raise their hands. And that's cool. I don't blame you for that. But yeah, all of you that say you're not pirates, including you, are pirates. And if you start thinking about piracy in a broad context and you start looking at piracy while the textbook that my professor gave me that was photocopied, that's piracy, too. That song that your friend gave you in MV3 format, that's piracy, too. And I could spend 10 minutes fully listing out the kinds and types of piracy. And I would be shocked and still call you a liar if you raised your hand and said you weren't a pirate. So back in the day, if you wanted to be a pirate, you had to spend time and energy and you had to get involved with a pirate community. You had to find the BBSs. Then you had to ingratiate yourself to them. You had to go through quizzes to even be allowed into these areas. And an old friend of mine, prosecuting attorney, Gail Thackery, once said that those quizzes, the law enforcement loves them and they call those intent. So any pirates out there, if you're still using those things, I swear I'm not a member of law enforcement. I swear I'm not a member of the RIAA, all of those things. That shows intent and you're stupid and stuff. So there was a barrier to entry at the time. And 17 years ago, the computer community wasn't a third of the planet, so it was a lot smaller. Now if you want to learn about the latest piracy techniques and if you want to find out how to get the wares today, if you want to get into this, well, I won't call it underground because that would be disingenuous, if you want to get in the piracy scene, you don't have to have a friend that has a dial up to a BPS where you are presented with a quiz of silly acronyms. Instead, you pretty much have to read wired. And I'm always very amused. I've watched over the years, like every time a new piracy technology comes out, a new peer-to-peer system, any advancements, any threats, any attacks against pirates. All this is covered in news, and you require no skill whatsoever to glance around and see exactly how to get your wares. Also, well, there's anger, I think, at the content industries, and that's different from where we were 17 years ago. Then there really wasn't people justifying their actions. Pirates pretty much knew they were pirates. They pretty much knew they were breaking the law. They were doing illicit things. And even among themselves, they would acknowledge that they were stealing content. And I don't want to get into arguments about semantics. And I think when you steal something, the original person doesn't have it anymore. But nonetheless, people pretty much realized they were sort of doing the wrong thing, and they were doing it anyways. But there's a lot of rage at the content industry. And I think a lot of people, even older, responsible people who would normally not think of themselves as breaking the law, realized after they bought the LP, and then the 8-track, and then the cassette, and then the CD, and then the enhanced CD, and then the download from iTunes. Then when their telephone carrier comes and says, you need to pay another $3 for a 30-second snippet of that song, there comes a boiling point of rage, I think, when people think they're justified to violate copyright laws. The title of this speech is unfair use. So I'm not going to try to justify this. I will acknowledge that what I'm talking about here is not fair use. And while I sympathize, and I have a lot of rage against various content industries for their thieving business models. And it is sort of thieving, right? They take my money. I don't have it anymore. They do. That's closer to my definition of theft. The ethical issues are complex. And I think an entire speech could be spent about the ethical issues of piracy. And I hope to see more speeches on piracy, and focus speeches on piracy in the future. And I hope, if any of you get done with this talk and say, well, that sucked, I hope you think why that sucked, and what would be a good piracy speech, and then submit that, because that would bring greater breadth to the content of the conference. So one clear thing to me, and I don't want to draw lines about what's ethical and ethical, but bootlegging. Bootlegging is different. Bootlegging is not piracy, and I'd like to indeed draw a semantic difference between the two. Bootlegging is charging for the copyrighted materials and making a profit off someone else's labor. And bootlegging, there's a kind of commercial bootlegging that goes on. And I wish law enforcement luck catching people that print tens of thousands of CDs, and then redistribute them and sell them. Good luck law enforcement on that, and you go after those guys. But also there's, even to some extent, there's money motivations within people we think of as pirates and not bootleggers. And it started way back when I was actually heavily involved in all of this, and that would be nodes of BBS as being charged by the pirate groups for distribution. So the pirate groups were trying to actually collect money from various parties. And there were some schisms and disagreements that were pretty sincere, and people made firm lines, what I would call the more ethical pirate groups, that they would have no part of that, and they would not take money from anyone. Which essentially makes all of this a large, unpaid volunteer effort. And that's largely what the pirate community has been about while there are violations of laws, you essentially have distributed network of volunteers that often do very tedious time consuming things. So I did mention that content piracy is also rampant at universities. I think that's interesting. I think, again, that goes to the frustration of the people involved of the educational system of the textbook industry, and having to buy new textbooks every year, just so the used market does not exist, and then pushing professors to use the latest addition, which I don't know, I mean, there's lots of fields where Greek history hasn't progressed much in the last couple of years, for example. I'm not a calculus person, but I imagine a year or two, there's not huge massive changes in how we look and think at calculus. So again, I sympathize with a lot of the frustration that people have, and again, the ethical issues of reselling the same content to the consumer again and again and again. I think that's an ethical issue of the content industries and some of the piracy that we see is reflected on that. So content is king in my mind. And different content types, and I'm gonna kind of enumerate different sorts of things you can pirate, they've changed, they've expanded a lot over the years. Back when I was involved, essentially the only thing that was being pirated was software. That's not true at all anymore. I imagine that's a relatively small percentage of bandwidth anyways. So different content types have different characteristics, bandwidth and storage requirements. If you want a lossless Blu-ray collection of every Blu-ray that's ever been made, well that's largely unfeasible, even though there's a small library of Blu-ray disks out now. And those bandwidth storage requirements, when you say, well, I want all of the text on a certain subject and I want a library of books in this very specified subject, for example, if you have two gigabytes of e-books on aquariums and fish care, you can have nearly the whole body of knowledge of the human race in a very tiny, tiny amount of space. So the bandwidth and storage requirements are one characteristics of the distinctions in content. Lossy versus lossless is another, which is interesting. Even back when software piracy, there was lossy software piracy as people didn't want to distribute all the long trailers and all the long kind of filler content because they didn't have the bandwidth with their slower modems and not high-speed internet, so they would strip out some of the content. That's not really being done in software anymore. Content is, software content is generally lossless. But the lossy versus lossless does apply to all of these other content types, which I'm gonna enumerate. Industry responses. People feel very comfortable pirating some sorts of content, for example, e-books. There are a few vocal authors and there's some movement within the publishing industry to realize what they feel is a growing threat. And there's other industries and areas where there's no response whatsoever, for example, instructional videos. There's sites that have large collections of magic tutorial DVDs that have been ripped. And the content industry and their response to that is not unified and really affects the viability of pirating their content and the risk management involved with the people doing so. Metadata management. So I care a lot about metadata. Metadata to me is really important and it becomes important as more and more data is amassed and more and more data is available through illicit means. If there's not good metadata and clean metadata, it becomes a real problem. And I've had people tell me that I have such a passion for metadata. I should go into information sciences. The difficulty to import and rip and crack, I think, is another data point and that differs from content type. For example, music now, there's no problem ripping that and cracking that and DVDs as well. There's still some software that's a challenge. I think interestingly enough, ripping books is a real challenge. Even though there's successful books, oftentimes it's just the images and oftentimes if they do OCR, there's problems with that OCR and then there's multiple revisions going on. And the availability and popularity is another characteristic of content. For example, one of the content types that's being pirated is knitting blueprints and whatnot. And you pretty much have to know to go to the right spot. The Pirate Bay will not serve you for your very, very niche interests. Which is the content industries around that would be very happy about that. But then that means if you care about that, then you have to find out the still sort of underground and member only and make the time invent to pirate. And another thing about metadata I just wanna touch about is one of the nice things about MP3s, for example, and even images, is those file formats support having a lot of rich metadata within them. And that means the metadata will stay with the content as it's moved from system to system. And there's other content types that don't have as rich of metadata available to them within the file format itself, which means separate files are often created that include that metadata. Those separate files are often lost. Your metadata is lost and the data becomes a lot less valuable in my perspective. So content type software, I've talked about that a good deal. I would call it largely the oldest type of piracy and the first content type that there was a full scene around and a community around. Audio content, music. So it's interesting. I don't know if any of you remember when MP3s first came out, but it took a long time to rip them and that was a characteristic of that content type and it prevented entry and it prevented people from taking that content. There's bandwidth issues and at the time people were ripping into very, very low formats and there was a lot of loss going on to the lossy versus lossless. Kind of progressed over time with audio piracy to the point now where we're almost at a point where we've gone from various levels of lossy to loss less and FLAC is not yet ubiquitous or other equivalents of FLAC. But I think in the near term future as what terabytes cost $80 or something now, I think these storage issues will work themselves out for audio. Video, again you can watch the progression and while there's many people now that want the full DVD reps and having four gig downloads is more and more common, the Blu-ray reps are still less common and that's for bandwidth and hard drive purposes. Books, very interesting. They're tiny, they're easy to transport which is interesting characteristics. They're a lot harder to rip. There requires a lot of manual intervention there other than when people get electronic versions of the books but that traditionally hasn't been how that content has been imported but in each of these you can separately follow the content types and look for trends and see where we are and see where we're going. There's often many revisions on books. You don't see that with audio files. You don't see that with MP3s. Well, here's the fourth attempt with roughly the same characteristics because people catch those OCR errors and they have the revesty and whatnot of the books. Fonts, fonts very small. The industry cares a fair amount but you'll probably never get caught stealing fonts if you don't use those fonts commercially. If you wanna put up a big billboard with some nifty stolen font you'll probably get busted for that and I don't know, in my mind as well you should. And among the ethical issues that the places I've personally stood is if you're making profit from this even if you're not selling it but if you're getting compensation somehow if you're using this in your job to make a profit then that's probably not okay. Clipart also. And it's interesting when you go to conferences and whatnot and conferences of all types and it's like copyrights don't exist. The images on the screen, like look at the school comic I stole. Look at this picture I got from somewhere on the net. And I'll pick on a speaker here but I won't name him because that would be mean but there's a prominent well-known speaker at Defconn, a good guy and he wrote a number of books and in one of his books I noticed a picture. I'm like, wow, that's an awesome picture. I was in it. But I'm like, I know who took that picture and I'm pretty sure they're a professional photographer and this is what they do for a living and you just published a book with that. I'm like, so I'm sure you contacted the photographer and asked them about that and they're like, no, no, no, no. I got that picture from the internet. I'm like, wow, what a coincidence. I got Photoshop from the internet. That was a long time ago. I don't have that copy of Photoshop anymore. But this person literally is written on cyber ethics and is trying to bring cyber ethic issues to the forefront and thought nothing of that or at least it didn't seem so to me. I won't say any more about that. She'll figure out who you assume. Magazines, another content type and you have the similar issues with ripping as you did with books but I think one of the interesting things about magazines is the industry response. Their business model is not selling their old copies of their magazines. By and large when you have old issues of some relatively obscure magazine they generally don't care. There's exceptions. I think Playboy is probably reselling their old content. Boobies don't get dated. National Geographic also has a lot of content and they put together an electronic format so some of these care but generally not so much. Knitting patterns, that's interesting because there certainly is some industry response there and people are concerned about their intellectual property from being taken. Three dimensional data. And I bring this up because I think this is something that we don't see a lot of right now and I've certainly seen libraries of 3D models and whatnot on sort of obscure places but I think you'll see it in the future and I think that's one thing that'll become more prevalent and more ubiquitous and I spoke about piracy about DEF CON 2 or 3. I think it was DEF CON 2, I spoke about piracy. At that time I made the prediction that audio piracy was going to be ubiquitous and at the time I thought it was an obvious thing to state but it certainly wasn't ubiquitous at the time, it was very clunky and CDB wasn't around and metadata was difficult and ripping was difficult and as 3D dimensional data is used more and more and compelling content is created from that. I think we can expect 3D dimensional data to be pirated as well. Threats to piracy. Well, there's a couple of non-technical threats to piracy and that's the legal system in the industry and these aren't technical threats that you can add software to and protect yourself to. You can try to avoid detection but essentially once you're detected if the legal system engages you, either the civil or the criminal legal system, then that's a large threat. Most of the time I think this is done to dissuade piracy and there's been a small number of people that have gotten busted for non-commercial piracy infringement and the industry response is obviously the RIA and the MPA have campaigns and they've conducted legal action themselves. As far as criminal actions, well, the DMCA does have criminal provisions in it and people have spent time in jail for writing software. People have spent time in jail for software that enables copying of bits of data. Dimitri Skivalar, I'm sure it mangled his last name, is a prime example. There's ramifications to this. It can backfire, there can be backlash, people can be more pissed off and once people see their friends and families being sued for ridiculous amounts of money by the record companies, that might piss them off even more and make them less supportive of their efforts in the future. One of the interesting threats I think to, oh yeah, one of the interesting things and most fun threats to piracy I see is free content. When content is freely given away, I don't know, I say watching the Daily Show on your computer, right? Well, there was a time when you could download, illegally download Daily Show episodes and then you'd watch those but then they put them online and really, why would you go through the trouble and there's a time factor in all of this, why would you go through the trouble of pirating it when you can just watch it streaming from the people that are distributing it and I don't think people really mind it with 30 second ad now and again. People are willing to put up with advertising to get their content and as this happens more and more, I think you'll see the piracy community pirating this content less and less. If it's available for free streaming legitimately, it's just too much trouble for the average person. Now there may still be archives, you're never gonna eliminate piracy but there may still be archives and people supplying this content but people aren't gonna be stealing it when they're being given it. And I don't mean to use the word steal so much but free academic texts. Yeah I talked about the copying of textbooks and whatnot but the MIT and other universities are starting to realize that it's in the interest of everyone to make the content that they create freely available and I really think on a personal level that if a university doesn't have a mission to promote the exchange of information and ideas and to make these freely available to academics and non-academics alike then the universities shouldn't be there and they're doing the wrong thing. And in that context I don't have much sympathy for those that wanna pirate that content because academics should be creating information for other people to consume and furthering the body of knowledge in the human race. The problem with, and this is a threat to the, these are threats to piracy and it's kind of a wonderful threat. I hope these threats come true, right? I hope that if piracy is gonna be reduced or eliminated I hope it's because content is freely available. Oh another threat in regards to audio content and I've paid for streaming audio services $20 for a year and then you have all these options and then it's not a big deal. It's the cost of a lunch and suddenly you can get playlists and you don't have to manage your own playlist and figure out what you want. And I think it's not only free content but very cheap and affordable content could very much undermine the piracy and the pirate community. The problem with all of these things by and large except for the actual licensed free academic texts where they say okay this is Creative Commons this is really free. The problem is that any of the other content that's being given away cheaply or freely advertiser supported can go away at any time and while they're giving it away now there's no assurances they'll be giving away in the future. Some technical threats to piracy. The first is the black hat, the hackers, us. No not really us so much the actual bad guys. It seems these attacks are financially motivated and essentially these are people attempting to make money and steal based on their knowledge that people will pirate. And these include malware or distribution and it's already illicit content so people don't have assurances of its integrity which they should have and this can be done and we need to address this and I'll talk briefly about that in a minute. bogus codecs are an obvious one, they're a lot of fun. Oh you need to go to this strange, strange site to download the software to view this movie. Probably not and I think people are even non security oriented people are now being made aware that this is probably not appropriate and that social engineer attack won't work much more. Rootkits, terrifying things. Well there's not viruses being installed back in the day you could just run an antivirus scanner with its tiny amount of signatures but now if someone puts a custom root kit into a piece of software you'll never know it's there and if it was only distributed that one piece of software no one will probably ever detect it. How likely is this to occur? Well a few years ago I'm a black hat and I'm wandering the halls and a gentleman and a acquaintance and I don't even call him a friend who can be an asshole. He came up to me and he's like so do you have any wares? I'm like wares what do you mean? Software is that what do you want? He's like yeah I'm like I don't know like maybe I have a copy of Photoshop laying around or something and I kind of quit collecting software. Software is really difficult to maintain by the way if you want to be a pirate and if you want to have a large collection of software and then you want to pay attention to all the maintenance releases and the version increases and what not that becomes a full time job and you're not actually using any software. So I mean there are still people dedicated enough to volunteer their time to that futile process but at the time I'd given up years ago so I didn't really have much software and I'm like well maybe I have a Photoshop or something laying around and he's like so where did you get it? Well what do you mean where did I get it? Where did you get that copy? I'm like I don't know maybe in like a torrent site or something he's like no no I don't want it. Like really? Why don't you want it? I mean like where should I be getting it? He's like well you know people install root kids on these things and then distribute them via torrent networks and I'm like really? How do you know this? He's like well I do this that's why I mentioned he can be kind of an asshole and I'm like fuck you you asshole Jesus. And I must admit while I'm not a real software person after that conversation many many years ago beyond the statute of limitations at that point in time and don't do the math of when BitTorrent came out in such a place, thanks. At that point in time even though I really wasn't collecting software or using software I became a lot more paranoid and a lot more cautious and it became even less likely that I would do so and this is that sort of thing is a very good reason why the people the pirate groups that create these releases need to have some data and integrity and be aware of their own reputation because if someone downloads one of these things gets owned by a root kit they're not gonna think that the asshole black cat who silently re-uploaded it is responsible. They'll probably look at the release group that released it and blame them. The other side of the threats is the content industry and so they hire people that kind of do malicious things to various piracy networks and services and they flood with bad content. There's network disruptions and you know things like network disruptions essentially it's a security arms race and these sorts of things as a security community we can look what they're doing we can take countermeasures we can improve our protocols we can look at these problems and we can address them and that's something people in this room can do well a couple of you maybe. The flooding with fake content which is another thing they do I think is can be mitigated by the people that are releasing the software realizing that their reputations as criminals but they really care about reputation. All this volunteer work is being done and essentially the only thing they gotta get out of it is the ego within their own community and I'm sure we don't know anything about that here and thanks to all the volunteers at DEF CON we would not have DEF CON without volunteers. The tech industry when they're attacking and when they're creating these disruptions they know they're not gonna stop piracy that's not really their aim. What they're trying to do is make it annoying and make it difficult enough where they'll dissuade enough people and that's what they're trying to do and they succeed in a number of, in a lot of ways. So I think some of these threats can be addressed and I think some good crypto and some good signatures and I'll go into a little bit of that more. There are many things we can address to reduce many of these threats. However there is one thing that is very, very difficult if not near impossible and to think that we can secure piracy or prevent law enforcement from finding these folks is ridiculous. So to think that we can prevent the content industries from doing stuff about this is also ridiculous because there's a threat that's non-technical and it's not legal and it's infiltration and the law enforcement uses this method and the content industry uses this method and I remember when I was involved way back when and when I was very active I was really puzzled why piracy exists at all and I had an assertion that I believe was kind of true at the time and my assertion was that if you gave me six months maybe, I don't even think I think I needed anyone else do you just give me six months and I can probably kill off 90% of the pirate groups in the country if not the world and I really believe that's a feasible thing and I don't think it's easy to protect against infiltration and I assure you that all of the people attempting to infiltrate know what those acronyms meant they can pass all the little quizzes that you throw at them and many times they're very familiar with the pirate scene themselves and there's nothing you can do about that. So, defense, sign your criminal content that's really important you're distributing illegal things put your signature on it that sounds kind of ridiculous, I realize this but the fact of the matter is that all these groups are already assigning in a way and in a secure way their content these groups are putting out facts and they're listing out members of facts and they have the name of their group after it and they talk about their distribution headquarters sometimes and the groups don't silently release these things anonymously they care about their reputation and they try to be, you know, release stuff the fast or the most prolific and so reputation actually means a lot to them it's all they have so what needs to happen is that they need to sign their metadata and their metadata talks about their release and they need to defend their reputation it doesn't matter how exactly I mean you can use X509 based signing you can use PGP based signing but what needs to happen in the community is there needs to be some standardization and everyone needs to start doing roughly the same thing and I think this is a key to help their reputations and to help the integrity of the data that's being copied and also at the end of the day because of the malware that's being distributed and the root kits are being distributed regardless of how you feel about piracy there's probably not a lot of people here except for that one in the back that wants bigger botnets and wants more malware out there and if the integrity of this data is not there then this malware will continue to be propagated I like metadata I like metadata a lot so there's a couple kinds of metadata that are associated with each piece of content one is kind of the peer descriptor of the content itself and a good example of that is the information you'll find at IMDB and there's a ton of it in that example you know who's in the movie all the credits all sorts of metadata can be grabbed and that describes the actual content now Pirates don't need to include any of that really what their metadata needs to include a pointer to the metadata for the actual content but their content is different than the actual content their content has things like your release group your quality, your version, your codecs used the hash of the actual files that you're talking about so you describe that file and how, what its characteristics are and give a lot of information so people can look at it and analyze it and then hopefully in an ideal world we can do this in a relatively standardized way because the moment we standardize all this metadata and signatures then we can use other tools to look at this and to browse content and to make Piracy a much more enjoyable experience and I certainly look forward to I don't know, not really Google's version of the future their version of the future is all the content in the world is available at your fingertips that's their vision of the future and I'm with them there up until the point that Google hosts it all so the idea of a ubiquitous global library I think is a really compelling one and I think that vision can make the world a better place so there's no risk to the signing like the idea of signing your criminal acts signing the information that admits that you're a criminal you've already admitted you're a criminal and being part of one of these groups and you're already telling people what your information about your group and your private key well yeah, that's going to be on your hard drive but if it gets to the point where people are knocking down your door and taking your hard drive the private key is probably the least of your worries so I wouldn't worry about that too much a couple of other points I want to touch upon is the idea of bodies of knowledge and I talked about it before a little bit with fish information, right? all the aquarium information you could possibly want to know about and if you go online you'll notice that there's these bodies of knowledge in academic areas and in specific areas of content particularly with ebooks because ebooks are small enough where you can actually distribute huge large bodies of knowledge and what you get is nearly all books on x, y and z subjects and currently there's bodies of these collections of content that are 4, 8 or 16 gigs large but as our storage capacity increases and Blu-ray becomes ubiquitous and affordable and whatnot and our bandwidth also increases you'll see these bodies of knowledge and essentially you have private librarians maintaining these and maintaining their own personal archives of these bodies of knowledge and this is going to happen this is going to continue into the future and it's kind of exciting another note I want to make is regarding hard drives the hard drive manufacturers know this there was a point in my life when I was pirating software which I don't do because I'm risk averse these days because my asshole friend but there's a time I said I don't support the software industry I support the hardware industry and I think that's true with a lot of pirates they spend a lot of money on hard drives they spend a lot of time on computer hardware and the hard drive manufacturers have stated this publicly they know that terabyte drives that they're selling and the quantity of they're selling are not being filled up with high definition quality content of their children running around now they know that pirates make their business viable and I'm glad to have been a part of that way back past when the statute of limitations occurred of course and as we see pedabyte drives in the future we'll see these bodies of knowledge increase to a great amount and there's one type of piracy that will be nearly impossible and has been nearly impossible to deal with and the content industry won't be able to do anything about it can't do anything about it and that is physical exchanges of information you go to someone's house you send them a hard drive in the mail and suddenly they have a terabyte of this content maybe you send it encrypted and that's a very difficult thing to deal with but I think the important thing is we have integrity in our data we have clearly classified data we have rich metadata and that we sign our content and that there's some standardization within the pirate community that there's XML formats that people can agree on of how they're going to describe their metadata for these various releases that you can do per content type and I think that will also increase the security of the internet as people are not infected with this much malware it's my understanding that I'm going to be taken to another question and answer room in a few minutes here or a couple minutes I have about three or so minutes left in my speech I'd just like to thank you all for coming and be ethical, have fun and thanks for coming