 Thank you, Louise and your whole team for putting this together I'm honored to be here with with Cori who I consider to be one of the greatest writers of all time Welcome to San Francisco I think like like all great sci-fi writers I think whether you realize it or not you inspire many technologists to both visualize and build the future and I think your Fiction is particularly useful because it seems to be in the very near future Which is something I want to ask you a little bit more about But you know Cori doesn't only do fiction. He also writes about the current news that's going on every day I think that's probably what makes his fiction so good people like me depend on him to keep up on All the news events and what they mean to all of us every day and furthermore you use that technology and your knowledge to Do more than just write but really be an activist and making change in the world And so I think you you inspire a lot of people for more than just your writing about your actions and Thank you really appreciate all your hard work. Thank you. So how many in the room here have read little brother already? Wow, all right. Very cool. Awesome. How many have read every one of Cori's books? There's been like I don't know nine my dad Your dad and your mom Okay, since we're at a public library today, I thought we could talk about Librarians for a minute. That's a group that I only really got to know because of you Really, I didn't know much about them before for instance. I didn't know that when you check out a book Afterwards your records of checking out that book are destroyed librarians I think I I Didn't really realize that as a hacker. I think librarians and hackers actually have tremendous amount in common they're both huge advocates of both privacy and human rights both here and around the world and I think that's something that was really eye-opening to me and and I think to then to receive an award from librarians and their friends is even More honorable than almost any other award that I could imagine receiving in the world So I think it's thank you really special and you know, I know you've been talking a lot about librarians lately and And what they've done and I've got a lot of questions here for you tonight. And so I was wondering How do we know that you're gonna be truthful with these questions? I see where you're going. So there's a wonderful radical librarian named Jessamyn West who after the Patriot Act came into effect Which provided for cops going to libraries and secretly demanding looks at their records to figure out who is checking out the terrorist books So they would know which terrorists to arrest by based on their terrorist reading And and librarians wouldn't be allowed to tell their patrons when the FBI started snooping on their records and so Jessamyn West came up with this great idea She put a sign on the wall of her library that said the FBI has not been here yet watch for this sign to come down So, you know on the grounds that it's much harder to In terms of sort of legal frameworks. It's one thing to say to people. You're not allowed to tell someone a secret It's another thing to say to people that you're required to lie And the jurisprudence of you are required to lie is a lot more complicated the Constitutionality of you are required to lie is a lot more complicated than saying you just can't tell someone this secret because it's an important secret and so Requiring Jessamyn West not to remove the sign that says the FBI has not been here Is actually a very fraught question in the First Amendment it was a very clever way of thinking about it and it's also a way of pushing the idea of enlisting everyday people into the business of Surveillance and making us all kind of part of the surveillance apparatus that it kind of pushes the the absurdity of that to the fore you know it we you know not everybody wants to play junior g-man and and Requiring people to do that as a matter of law puts them in absurd and and sometimes comical positions You know tragic comical usually I see you have the sign. Yeah Well, so I thought maybe if you just kept that sign with you while we're having our interview about there I would know we'd know you're telling the truth. I added a little bit to the librarian one Which is I thought the NSA and DHS dot dot dot. Yeah, you left out the CIA and GCHQ and the whole Although, although, you know, most of them are on furloughs. So I they're unlikely to turn up Well You know, I think I've read in the New York Times I think that they said that you were really good at delivering subversive content to youth and Yeah, I have a feeling that's why the librarians really like you and gave you this award because it seems like they're very Subversive to very subversive group these librarians Yeah, I think so. I mean librarians It's funny, you know whenever I talk at a lot of library conferences And one of the things I always say to them is that I I think they underestimate the extent to which they have a great deal of Moral authority. I mean even in these austerity crazed You know times of Characterizing everybody who does public service or works in the public service as a, you know Parasite who who just you know wants to to get rich off the taxpayer Nobody seriously says oh, you just got involved with libraries to make fat bank, right? There really is like only one reason to get involved in librarianship and that's because you believe in the You know the ancient mission of universal access to all human knowledge And so librarians have this enormous moral authority when it comes to speaking about the implications of information policy And they they have have more relevance in my view today than they've ever had before, you know Anyone who's ever worked in a library in in collection development Which is the people who decide which books are going to be on the shelves has known that just because someone Decided to pay money to put a book between covers doesn't mean that that book has anything useful or significant to say and Librarians part of their job has been acting as a proxy for all of us, you know sitting there at the coal face Mining out the books that that are worthy of our attention to add to the collections So that when we go to them and say help me answer an important question They can point us to good resources for it. Well now we're all in that position You know the internet is one of the is a place where navigating authority is more hard than it's ever been and Having these professionals around who've dedicated literally centuries of not millennia to figuring out how to how to How to navigate authority and there as as a resource for all of us as we embark on this ever increasingly complex project of Figuring out which of the answers that the internet proffers, you know The net of a thousand lies proffers to your question Which one of those is the one that you want to go with before you? You know treat your embarrassing skin condition or repair your home wiring or Teach your kids that the earth is 5,000 years old and dinosaurs and humans coexisted that you know That's that that figuring out how to navigate that authority is more important than it's ever been and here We have ready made this entire class of information professionals who've who systematized that project And who are better suited to teach us about this than anyone and and who we really need more than ever before Yeah, I agree So you're here visiting for a few days with your parents and your daughter. Yeah, you have a how's your daughter? She's five and a half five and a half She's sitting over there wearing the adventure timeshirt. All right So do you teach your your daughter subversive content to a little bit, um, you know, we we I Did spend a lot of time whenever we told stories about Princesses and Queens and Kings talking about why it was Princesses and Queens and Kings didn't have an honest job Where there was that there was this version for a while that we used to tell of sleeping beauty where you know after after the Thorins grew up around the castle after she pricks her finger on the spinning wheel where You know the people in the village below the castle They have a hundred years there while princes keep riding up to to try and you know enter the castle And getting skewered on the on the thorns around the castle And we used to tell it with the princes riding up and the the people from the village going to them and saying Why don't you come with us and become gainfully employed instead of you know Throwing your body against the horrible sword-like thorns of the rose bushes We you know we have a lot of really rewarding work you can do here and and over and over again being rebuffed by these kind of inbred You know loonies a weak chinned loonies who would who would throw themselves against the thorns and be disemboweled by them and have To be stitched up by the villagers and then sent off back to their castles to live out the rest of their days And when they they're finally you know Prince charming arrives and gets through the thorns and comes and kisses the princess She comes to life and they emerge a hundred years later You know five generations four generations later and say we're back bow down You know the villagers responded with no, I'm sorry That's not on we've we figured out that we don't actually need someone who's sold job is to sit around and wave So if you'd like there's honest work for you otherwise, you know, we've collectivized your castle, you know So It seems to me like you're describing subversive content is a good thing It's not really how Webster's describes it. I don't think well. I don't know I mean, I guess subversions in the eye of the beholder. I think that robustness of ideology robustness of a system arises from having to answer good questions about its legitimacy That that the way that is that even if you think that the state as it exists is a good one The way that it remains good is by having it continuously tested for its goodness by having people Question whether or not it's doing a good job And demanding that it demonstrate, you know show its work and demonstrate that Whatever decisions that it's arrived at are ones that are grounded in evidence and that are doing as as good a job as possible I mean, I think that there's that there's More than one failure mode for a system. It's not just that systems are sometimes corrupt they're also sometimes incompetent and and Solving that problem involves figuring out which one of those problems you have and and since systems Always have to continually adapt to the world The world is always changing so the systems that we use to regulate our conduct in the world have to change all the time To when those systems fail It's important that they fail well and one of the ways that they have to fail Well is by revealing whether their failure is the result of corruption or incompetence So we know whether or not someone has been a crook or merely a fool and we know You know how to address that that that question and I think that the idea of subversion the idea of Demanding continuously that the state prove its legitimacy and prove that its mistakes are honest ones and prove that they're not foolish ones is Is the thing that makes the state good, you know to the extent that a state can be good It is good through that process In the same way that security is not a product but a process It's a continuous Conversation between people who try to find vulnerabilities and secure systems and people who respond to those vulnerabilities as they're revealed By repairing them so too is the security of the state itself continually improved by continuous criticism by continuous scrutiny by by Adversarial arms length arrangement between people and the people who govern them I Agree completely So I'm I'm all fine with you teaching my kids subversive content, but I know you are I Noticed that your your book little brother is on the NSA required reading for new hires Are you also teaching them subversive content? And I mean I I hope that I am I hope that that I mean, you know The thing that we learned from Snowden is that people go to work in the intelligence apparatus Sometimes with the best of intentions or at least not with with with intentions that are arguably good and are sometimes horrified to discover that the consensus that that has Been arrived at within the institution about how best to do good is that such enormous odds from what the people believe that They're doing and what the law allows them to do that they see no alternative But to go public with the evidence of that criminality and and you know the idea that that people are learning From a story How it feels when the default posture of a computer shifts from yes, master to I can't let you do that Dave is is And and are therefore poised to understand when they're when their employer Embarks on a program to undermine the security of computers by Making them watch what the people who are using them do and try to interdict them from doing things that that are undesirable And and and makes them go public with that information. That's that's good news I mean One of the things that that stories especially stories about the future can do is they can put Blood and sinew into what are otherwise very theoretical and an abstract argument So imagine it was like 1947 and Orwell had yet to publish 1984 and someone came to you and said, you know The war is over. We have the peace dividend all this great technology and what we're gonna do with it Is we're gonna put cameras everywhere and microphones everywhere so that we can see everything that's going on Find all the bad stuff and stop it in its tracks We'll be it's like it's like something out of the Sermon on the Mount You know, his eye is on the sparrow, right? We will be men as gods and we will see all of the wrongdoing and stop it as it arrives and and you try to explain why it is you feel like the cameras all over the place would undermine your ability to have integrity in your personal relationships and your intellectual endeavors and your life lived as a free fully realized human being you end up kind of sputtering a bunch of Generalities about like it would just feel creepy for you to spy on me But you know fast forward a couple of years 1984 has been published and it has brought with it an incredibly versatile Adjective you can say I don't like your camera proposal because it's Orwellian, right? And and that that adjective imports in one word the whole narrative of the horrors of the feeling that you feel When you read Orwell the feeling that you feel about that claustrophobic and and very difficult Society that Orwell describes and so if there are people who go to work at the NSA Who read a story in which having your computers turned against you and the internet turned against you makes you feel that you can't Conduct your affairs even those affairs that are totally legitimate and and perfectly defensible and and good You can't conduct your affairs freely then that's great, right? That's I that's that's a good outcome You know that that is I hope at least spurring a debate Internally there at the NSA Good, I agree. I think you have to infiltrate Everywhere, I hope so yeah, I mean you're the master of this Nika runs It's called roots now right but it used to be called Def Con kids Which is hands-down the best kids technology education program I've ever seen 20,000 hackers to send on Vegas to you know explain how to make defibrillators Stop people's hearts from 30 feet away and how to how to bump every lock ever made and how you know air traffic control systems are inherently insecure and so on and and often a Side room all of the kids who come with their parents get to hang out and have all of the keynote speakers from the head of the NSA to Notorious and awesome hackers like Moxie Marlin spike come and give them You know one on 20 workshops on on how this stuff works and how to think critically about it They get lock-picking workshops. They learn how to hack devices your daughter discovered a vulnerability in apples iOS iPhone operating system when she was nine and then disclose that to Apple through a responsible disclosure program after a long Internal debate about whether or not the kids should keep that secret and use it to improve their scores on network video games and like Totally ace out their friends I mean what an amazing program and you bring the NSA and the DoD and all the rest of them to those programs Although not this year interestingly enough both you and that the folks who founded Def Con Uninvited the DoD this year, which I think was was both Good and brave of you only for one year because I think in general You know the year before you are keynote along with general Alexander And I think that balance and having both sides is really what we all need We can't be afraid of the other side that we disagree with yeah And and you know it's it's always interesting to hear people from the NSA who are accustomed to a very tame press and very tame Audiences address a bunch of freewheeling Anti-authoritarian incredibly smart hackers who really understand crypto and really understand security and who who can distinguish between Security and security theater and are totally not shy about standing up and explaining to the general the difference So that was that's pretty awesome Yeah, and the kids got them alone On their own audience, that's they are a pretty tough So we're here in San Francisco today and to tell me a little bit Why did you decide is San Francisco the place for a little brother? Well, there's a lot of reasons I mean for one thing obviously San Francisco has this great counterculture history You know and and so writing a story about kids who become radical and lead a radical movement in the streets of San Francisco There's all that resonance with all the different radical movements through San Francisco's history Whether it's queer liberation the hippies and the hippies but and even before that, you know the Well, I last year's one one book one city pick the Solence Paradise born a paradise built in hell talks about the kind of bohemian Cultures that arose spontaneously out of the 1905 earthquake So San Francisco has always been one of these these these kind of origin nodes for kind of groovy Counter-cultury stuff, you know, they say when the continent was founded They picked it up and shook it and everything loose and flaky slid to the West Coast and you know it it lodged here in the bay You know for friend and here we are. I mean this amazing city, but also because a funny thing happened after 9-11 which is that People who had never had much time for New York and who thought of it as a kind of embodied Sodom and Gomorrah and who you know thought of it as like a pit of of Fuzzy-headed liberalism and and you know kind of cosmopolitan sin All of a sudden after New York was attacked Became in their hearts and souls New Yorkers and beat their breast and demanded that in in return for this Horrible attack on this city that they suddenly realized they had all this emotional attachment to provided that emotional attachment gave them the basis for demanding wars in foreign countries that they would that they would Declare themselves to be honorary New Yorkers and moreover as honorary New Yorkers feel that they had a legitimate say in demanding that New York be Turned into a police state because it's for everybody's benefit and I thought you know There are a lot of those people for whom you know, New York is kind of San Francisco light in the Sodom and Gomorrah department But who would be perfectly happy to declare themselves to be honorary San Franciscans after a terrorist attack on San Francisco Especially if it meant that they could endorse a kind of instant overnight police Statification of San Francisco for its own good Love it And I find it interesting that you picked a school as this You know, I think as we we're all looking at Snowden right now and learning that we're surveilled more than we thought we were You know, I realized that most kids under the age of 18 are constantly in a surveillance state. Yeah Well, I mean We have this kind of beta test Arrangement for our surveillance and control technology. We start with prisoners and mental patients We move on to kids and then it goes to Fortune 500 companies and then everybody gets it That's the kind of that's the kind of diffusion path for for technologies of control And kids in particular in America since the passage of the communications decency act have been Extremely surveilled because that's the act that requires organizations that receive federal funding including schools to surveil or to censor their internet connections, you know to to Run some kind of sensor where that nominally stops kids from looking at porn although it completely fails to do that and one of the things that's not well understood about Censorship in on the internet is that censorship on the internet is synonymous with surveillance on the internet that there is no way to stop people from looking at bad web pages without looking at all the web pages they're looking at to make sure they're not looking at the bad ones and One of the way one of the ways to understand that an analogy to understand that is that you know and that we've just come through banned book weeks banned books week and in the 50s, I believe the United Kingdom banned Ulysses and Banning Ulysses as a print book as despicable as that might have been was nevertheless a fairly uncomplicated affair You could ban Ulysses just by telling everyone who ran a bookstore that if we caught you selling Ulysses You'd get a fine or maybe go to jail and that more or less accomplished a ban on Ulysses But banning www.Ulysses.com is a substantially more complicated business You have to snaffle up all of the internet traffic from your country or your school and Make sure that none of those URLs that people are requesting come from www.Ulysses.com and so every organization that receives federal funding in the name of stopping kids from looking at porn Sends all of their traffic off to Companies that operate sensorware and these companies are pretty dirty. I mean a large plurality of them receive most of their business by Providing sensorware to totalitarian governments and only secondarily repackage that for use in schools and companies And so, you know, your kids are being surveilled by companies whose major source of income is Bahrain and You know who make a side business out of surveilling American teenagers And so as this data is being like off-shored to these to these multinational war criminals And and yet we are telling kids. Oh, your privacy is very important You should you should stop putting it on Facebook. It shouldn't surprise us that kids say, well, you tell me that my private data is Invaluable and once gone it can never be recovered and should be guarded as preciously as my virginity But at the same time you tell me that all of my online interactions, which you know If you're an adolescent or these days an adult in America is almost all of your interactions are going to be harvested up by some giant corporation That I have no insight into and that is not in any way accountable to me And that if you catch me doing anything to stop these companies from seeing everything I do on the internet I'm gonna get kicked out of school It's not surprising to hear that kids like don't really take us seriously when we tell them that Facebook is Is not a great place to dump all the intimate details your private life I think Facebook really is not a good place to dump all the intimate details of your private life But telling kids not to do that as at the same time as you're surveilling everything they do in the in the in as part of some Failed adventure to stop them from looking at bad web pages It's like telling them that they shouldn't smoke as you light a cigarette from the one that you're about to stub out in the Ashtray, you know actions speak louder than words And I feel like in in this balance here with surveillance and privacy on October 6th Obama said something that I Swear I read in your book But he said was there a point where you're the president essentially said that you can't have Privacy and security at the same time and you're gonna have to give over that may have appeared in the book I'd say it's certainly a false dichotomy that we hear a lot And it's it's a false dichotomy predicated on the idea that somewhere out there is this abstract called security And when you have it you are secure But security is is something that you can only have in a context, right? I am secure from the Government when they can't spy on me and they are secure for me when they know everything I do The thing that I want to be secure to do is to be private and to say Well, I can't have privacy and security at the same time is to say that I can't have security at all That security if it doesn't incorporate the right to be left alone the right to Conduct your affairs and go about your business and to and and I think this is a really underappreciated Element of this but to make mistakes, right the way to double your success rate is to triple your failure rate and The way to triple your failure rate is to make the cost of failure cheaper And when everything that you do is surveilled all the time when every idea no matter how half-formed is Immediately is immediately seen by someone else It's like if you've ever watched a kid learning how to Master a skill and they catch you looking at them they catch you looking at those They're trying to form their letters or trying to learn how to play an instrument or learn how to draw something and the self-consciousness Of knowing that you're watching them Stops them from being able to freely make the mistakes that allow them to learn to do it better That that is that's kind of a microcosm of a process that we go through all of our lives as we progress as human beings Do you consider private privacy and private correspondence the basic human right? Yeah, I think so I think that and and not only that I think you know more more Interestingly and and maybe even miraculously private correspondence appears to be woven into the fabric of the universe that you know It is easier to keep a secret than it is to break a secret that The mathematics of making a message secret scale Linearly your message gets more secret with a linear increase in effort But breaking that secrecy is exponentially harder And so if you want to make a secret that's so strong that all of the computers now made or yet to be made Laboring in concert from now until the heat death of the universe Can't possibly brute force it we can do that with a modest computer today Provided that we can trust that computer provided that that computer is honestly implemented provided that the code hasn't been backdoored by Spies provided that it was implemented well So you know those two failure modes again foolishness or or corruption You know provided that that our code is free from both of those we can make secrets That that we can share with other people without third people being able to interpose themselves in it Assuming we live in a democracy where no one hits you with a rubber hose until you tell them what your password is And so that's an amazing thing and and it tells you not only that it's a human right But it is in some sense inevitable if we get the technology right It's something we get for free if our technology has that yes master and not that I can't let you do that Dave posture But won't want that kind of a privacy Enable the four the four horsemen that you talk about to take over the world pirates the mafia Child pornographers and terrorists the four horsemen of the infocalypse. Yeah There is a funny Moment that we're in in the history of regulating technology and it's the moment at which things That become both general purple it purpose and complicated So we've had general purpose machines for a long time, you know, the Greeks had the simple machines the pulley the wheel the lever And we always understood that those machines were general purpose and that they there was no way to Stop them from doing from being used in bad things, right? Like no one ever said every car has got four wheels on it and Including the cars that bank robbers drive away from bank heists. Let's make a bank robber proof wheel Because we understood that like such an adventure would be doomed from the start and that to even attempt it would do like Substantial violence to the underlying utility of wheels that we all rely on every day, right? But if you said well like the the car We can see that people who talk on phones even hands-free phones and cars get into accidents And so I want a rule that says you're not allowed to put a hands-free phone in a car No one would say I'm sorry. You're not allowed to You're not allowed to have a car or rather that telling people they're not allowed to have a car with a phone in it Would break the idea of car nests, right? So we had this idea that if a thing is complicated that you can add and remove features from it but a computer sits at this weird nexus of being general purpose and complicated and The intuition that people have about computers, especially lawmakers is that we can solve a problem with a computer by Removing some of its general purposeness, you know We think of a computer that has Excel running on it as a computer that has the spreadsheet feature and therefore we can remove the Spreadsheet feature by telling people they're not allowed to run Excel on their computers But as a practical matter designing a computer that can run every program except for the one that you don't like is Impossible and the only way we can approach it is by just putting spyware on the computer have some hidden program That watches what you're doing and tries to stop you from doing the thing that someone has decided you shouldn't do Which is all a long way of saying that if you want to make a computer that allows You and I to have secrets that we can use for example to authenticate to our Implanted defibrillators or to make sure that our thermostats are set correctly and not gonna freeze us to death or boil us Death in the middle of the night or to ensure that our phones are calling the people we want a phone without Leaking our phone conversations to third parties or that the cameras in our laptops aren't watching us when we undress for the evening We need to have those secrets and to allow us to have the secrets without allowing bad guys to have secrets is a fool's errand It's not something we can accomplish. It's like making a wheel that's bad guy proof and you know Computers are part of everything we do today and soon will be required for everything we do today That's the trajectory of computers and so every problem is going to involve computers Just like clothes are part of everything we do and so every problem involves clothes, but you know It would be if you could figure out how to make pants that fell down if you wore them it while committing a bank robbery You would stop some plurality of bank robberies But no one's ever proposed that in seriousness because we understand that pants can't be regulated that way So Marcus in the book He discovers moment when his laptop was tapped that the world that changed forever. Did you have one of those moments? Have I had one of those moments? Not personally I'm I have as far as I can tell not had a computer betray me in that way But I've had the fear of it happening. I've had times when I when I worried that it had happened I mean certainly I've gotten infected with viruses But it was in the old days when all viruses did where you know randomly delete your files or try to copy themselves to other Computers, I mean today we live in the era of the rat the remote access Trojan And you know last week the FBI arrested this creep who had tricked Miss Teen USA into installing a Remote access Trojan on her computer that he'd used to take nude pictures of her that he threatened to release Unless she performed live sex acts on camera for him Rating is a widespread practice today, and it's not just practiced by you know weird internet perverts The German government got caught ratting computers illegally ratting computers of Dissidents the the Chaos Computer Club Caught them installing this piece of software. They called the Bundes Trojan or the state's Trojan on the computers of dissidents And it turned out that this rat was not only this thing that allowed people to watch through the cameras, but it was also a So badly written that other people could also write their own logins to it could also break into it and watch people So you could go to a Starbucks and just monitor the network for other people who are who are Hanging out there who had been infected by the government and if you found someone You could sort of worm your way into their computer and thereafter also look through their camera listen through their microphone Plunder their keystrokes look through their files and their hard drive capture their their screens and so on and you know We've seen school administrators caught doing this to their students a lot of schools Hand out laptops to their students and they put laptop recovery software on the computers Which is just a rat and they use that to spy on their students There was a school district lower Marion pencil meaning that I had to settle with a student that they'd photographed more than 6,000 times because they thought he might be a discipline problem And so they wanted to prove it and they had to they decided to prove it by Photographing him asleep and awake and dressed and undressed and you know in the company of his minor His minor siblings and so on and then you know just last year the Federal Trade Commission settled with seven companies that Did rent to own laptops and an eighth company designer where that that provided laptop recovery software just just a rat To to those companies and they stipulated in their settlement with the FTC They admitted that they had been secretly video recording their customers having sex that they had secretly audio recorded their private conversations They captured video of their children in the nude They had intercepted their banking logins their logins for their hospital websites and doctors websites They're confidential medical and legal information. They plundered their hard drives for interesting files to pass around the office They they'd done all of this stuff and the FTC They didn't even find them and they said you're no longer allowed to do this unless you put it in the fine print Unless somewhere in the user agreement you say you know if you were if if by renting this laptop You agree that we're allowed to watch you so just like Skype Yeah, just like Skype right yeah by by by using Skype you agree that anytime you use the word democracy We'll send a copy of your IM session to the Chinese government, which the Chinese edition of Skype does and the You know The proliferation of this now has put me it has given me the fear like when my computer behaves erratically I don't think oh, maybe I've got a bug I worry that maybe I've got a rat and I I'm one of those people who puts a post-it note over my camera Yeah, me too. I use masking tape. Yeah, it's better. Yeah, you mentioned dissidents and I Think maybe there could be an alternative title for your book Which might be how to bring down your government and enjoy doing it Was this meant to be a how-to guide for? You know what it was meant to be it was meant to be a how-to guide for figuring out how to use computers to take liberty instead of having it taken away from you and You know when I was younger forbidden knowledge was something that we trafficked in You know someone in my peer group met someone who met someone who met someone who knew that if you unscrewed the handset from a the speaker piece from a Payphone and short of the two contacts on the back you get a dial tone You could make a free phone call and that information spread like wildfire was part of our social capital in our group And that was pretty amazing in those days But these days the forbidden knowledge is very easy to lay hands on the facts are cheap The price of a fact has crashed to zero But knowing which facts to find has become more expensive than ever because all of the facts are at your fingertips You know there's this John Charity poem that the old crow is getting slow The young crow does is not the one thing the old crow knows is where to go right and and by by having a Book that was effectively a bunch of keywords you could type into your favorite search engine That would and scenarios that describe what what you might find on the other end of those search queries What I hoped is that rather than providing a collection of facts that would stale date very quickly instead I would provide concepts that people could use to seize the means of information for themselves to To go and figure out how to make their computers dance to their own tune so In reading your book and I think all the people you hang out with and stuff that you read on a daily basis You're you've probably got some good tips for the audience On what they can do To help protect their privacy. It all seems a little daunting right now, especially with Snowden. Yeah Yeah, I mean it's true You know I toured the sequel to homeland in February or to a little brother in February It's called homeland the first stop of the tour was at the Seattle Public Library that awesome crazy funky building in Seattle and I gave this talk and I talked about Rats and Trojans and lower Marion school district and so on and at the end of it this woman in the audience put her hand up And she said you've scared the pants off of me. I don't know what to do I don't know how to secure all my devices and and I said, you know like I don't know how to secure all my devices either I'm a I'm a former systems administrator, and I'm barely qualified to configure a Wi-Fi router these days I don't know how to secure all my systems and even if I did I Live in a world full of systems that other people are in charge of too And so the fact that I can make my system secure is not in and it's in and of itself Sufficient you can do things to make yourself more secure You can run free open operating systems like those derived from GNU Linux like Ubuntu you can Replace the operating system that comes on your phone with a more secure one I like signage and mod which is a replacement for Android. It's C. Y. A A-N-O-G-E-N mod signage and mod everything is great about it except for its name And and it gives you a bunch of features that Google doesn't give you out of the box and also Is fully open and so it's open to scrutiny and so if there are any backdoors in it They're likely to come to light faster than they would if they were in the somewhat proprietary Android operating system so you can take these steps you can use to use g you learn to use GPG to protect your email You have wicker your secure messaging protocol that I think is a very good way to protect your privacy as well But ultimately if I came to you and I said Our water treatment project is not up to snuff You would not say my goodness. How do I operate my own water filtration facility and master? Epidemiology and microbiology in order to make sure that the water that I drink is safe You would say how do I make sure that the country that I live in? Thinks about water with sufficient gravitas and takes it seriously enough that they make sure that the water is safe We have laws in the books like the digital millennium millennium copyright Act that says that it's illegal to discuss vulnerabilities and computers if in so doing you will make it easier to pirate movies and music Right let people listen to music the wrong way and what that effectively means is that if you discover a problem with a computer That makes its owner vulnerable and that problem revealing that problem might make it easy to Save a movie to your hard drive after it's been streamed to you You have to think twice and maybe three times before you tell anyone about it and that's a bad idea We know that in the past major security vulnerabilities have been delayed in coming to light But sometimes by months because the researchers who discovered them were afraid that they would get follow-follow this law one one case 2005 Sony BMG's root kit on their audio CDs ended up infecting an estimated 300,000 us government and military networks before it was disclosed because the researchers who discovered it We're we're afraid that if they told people about it that they would be busted for violating the DMCA But it's not just the DMCA We have governments now including this government trafficking in vulnerabilities in in computers We talked about how your daughter discovered a vulnerability in the iPhone and she disclosed it to Apple and she did it through a procedure called Responsible disclosure, which effectively is like lighting a fuse on the disclosure. You said Apple We're gonna tell you about this vulnerability You have so many days to fix it and after that period we're gonna tell everyone about it And so that way they're they're incentivized to fix it. That's how we've done it for years and years and years It's how our security has gotten better, but now governments are really interested in buying vulnerabilities instead of instead of Having these vulnerabilities disclosed to manufacturers so they can be fixed Governments including this one have set up marketplaces where they buy these vulnerabilities in order to make these Tom Clancy style cyberweapons like Stuxnet and that they could that they think they can use to you know fight these weird spook on spook wars with Foreign powers and and by having vulnerabilities instead of them being disclosed having them the most lucrative thing to do with a Vulnerability being to sell it to a government that weaponizes it even if you never fall afoul of the weapon You may fall afoul of the vulnerability because some bad guy might also discover the vulnerability and use it to attack you And so again if you know if governments discovered problems with the water supply We would expect them to fix the water supply not figure out how they could use that to give tummy aches to all the bad guys, right? We understand that that we all drink from the same water supply There is only one internet and we are all connected to it and and undermining its security is bad for everything We do on it, which increasingly is everything so if you want to make yourself secure By all means figure out how to make your computer better But also figure out how to make your country better groups like the electronic frontier foundation the free software foundation and so on They the ACLU all the groups that have worked on this stuff Fight for the future Demand progress all the groups that have worked on on keeping the internet open and free public knowledge That actually the list is so long and I go and I list a whole ton of them at the back of a little brother in The back of homeland that that it's actually quite heartening because when I started thinking about this stuff That list was was Depressingly short the number of organizations that made it their business to tackle these issues was very small and now there's this whole alphabet soup of Organizations that really care about this stuff and are attacking the problem from every angle Including librarians the ala's office of intellectual freedom is brilliant on this stuff. And so yes Join EFF get involved with creative commons get involved with the free software foundation If you go to school started local chapter of students for free culture do all of these things that put pressure on your government and and and Pressure on regulators to make computers more secure and to make them enhance freedom instead of taking it away Because we can't all individually solve these problems. These are problems that we have to solve as a society Great completely I have one last question and we're gonna open it up to the audience We have about another half an hour so everybody out there start thinking about what you want to ask Corey Although I'll remind you that a long rambling statement followed by what do you think of that may technically be a question It's just not a good one So What what? Optimistic things do you see in the future here about technology and where it'll bring us in society So I often get asked if I'm an optimist or a pessimist and I think I'm both right I'm pessimistic because I think that if we don't take affirmative steps to make Computers enhance freedom rather than taking it away that the ways that computers can take away our freedom make Orwell look like a you know kind of idle-minded Optimist, but I am an optimist because I feel like we can take those steps that one of the our best weapons for keeping the Internet free is But the Internet The Internet helps us organize ourselves and and take collective action in ways that you know previous Generations could only dream of you know when I was an activist in the 80s 98% of my time was stuffing envelopes and writing addresses on them and the other 2% was figuring what to write and put in the envelopes And now we get the envelopes for free right this is an amazing thing And I am incredibly optimistic that computers are going to continue to lower the cost of working together And that as that cost gets lower our ability as as a kind of loosely constituted public To hold these very tightly constituted establishments to account will get more and more powerful You know people sometimes ask me like how would you write science fiction about the future? How do you predict things about the future as I say science fiction sucks at predicting the future? But in general if you want to predict futuristic things that feel credible I think what you should do is just imagine anything that today Requires a big formally constituted group like a corporation or a government or an army and imagine it being done by a group of people Who are about as formally knit together as a bake sale, you know imagine building us a skyscraper with a wiki and a mailing list and and that I think Feels futuristic credibly futuristic, you know We have built things as complicated as skyscrapers Using these kind of open methodologies and cyclopedias and operating systems and that trend will continue So what would it the sorry what would an optimistically conceived? Futuristic space program that was just made out of mailing list and wikis look like That to me is is the optimistic future I'm glad there is one So questions I'm not in charge of hands, so don't look at me when you put your head don't look hopefully at me There's mic runners over there Yeah Okay, I was just wondering because I thought that you were a local of San Francisco when you wrote this I'm what research you did about San Francisco to get all kind of like the insider knowledge Oh, I lived here for six years Before moving overseas, so yeah, that was my that was my research and I commuted here for years before that I I used to work for a high-tech firm down in Silicon Valley I remember the Google campus when it was the SGI campus And so I have been coming here now since the mid 90s And and lived here from the late 90s Light speed systems content filtering is your is your content filter? That's awesome We were we were censored by a company boing boing Who said that any website that had any nudity at all even one picture of Michelangelo's David was a nudity website even if it only appeared on one of a hundred thousand pages and Then we found out that the company was founded by a guy on the California sex offender registry And there are people in the sex offender registry for like public urination But that's not what he was on it for he's on it for sexually interfering with a 14 year old girl And the CTO was a diaper fetishist, which like whatever floats your boat, man But he was really into posting long detailed accounts of his Infantilist sex play parties on the internet and it was kind of like dude We know you love the first amendment. We just wish you'd share, you know Like like by all means, you know, let your freak flag fly but get stop getting in the way of everyone else's Yeah, I was wondering our systems that are built in to stuff like your operating system like the encryption in Ubuntu as Good as systems like true crypt and will they still be like or do you think in the future? Like for encrypting your data or should you use stuff like true crypt to encrypt it instead? So what should you use Lux which is the the whole disk encryption that comes with Ubuntu or should you use true crypt? I think that in in general They are both subject to an enormous amount of peer scrutiny Which is the best way to find the flaws and there will be flaws in every security system They there's only one experimental methodology for discovering whether a security system is good And that's to tell as many people as possible how it works so that they can find the flaws in it You know Bruce Schneier says anyone can design a security system that works so well that he himself Can't think or think of a way of breaking it doesn't mean you've got a good security system It just means that you've got one that works against everyone stupider than you so Both of those systems are subject to a lot of peer scrutiny And I think that both of them are in our good robust systems Lux disk is you know the basis for lots of full disk encryption, so I think it's it's pretty good Okay, I had a few questions, so I decided to go with one that was more relevant to today You know today the guy who started Silk Road got arrested and I was just curious as to you know Medium had a post around how there were all these blunders that he did around like having his information out there That gave insight into who he was ahead of his actual arrest if you could just talk about some things about like maybe To kind of like how people Can you know help make sure that things like that like what is your views on like the Silk Road? Actually, it was what one of my questions, but then I thought I don't know if that's relevant to your book exactly But yeah, maybe well I think that there are a lot of lessons to learn from the fact that the Silk Road got shut down because of operator error Effectively the first one is that you can do policing without having to sabotage crypto Because criminals make mistakes You know that the way that they caught the guys who tried to blow up the Twin Towers the first time around Was because it was was through like good old-fashioned policing. They went they found them Not not by listening in on everybody's phone calls and and that's how we generally solve problems I mean terrorists are not you know hundred foot tall super genius giants. They are by and large foolish and deluded people who You know are in many cases suicidal and not thinking very clearly and they make a lot of mistakes They mistake, you know like in England We had these three guys who blew themselves up because they were Deluded into thinking that they could they could blow up an airport by filling the back of their car with propane Setting it on fire and ramming their car into the airport, which did nothing but kill them so One of the things that we that you know about this is that crooks make mistakes Even very smart crooks who managed to do who to build very big elaborate criminal systems make mistakes And that the cops don't need to spy on everybody to catch the bad guys and the other lesson of that is that the Technological security that we can get from using crypto Is insufficient in and of itself to make us secure? So imagine the inverse of that imagine that you were trying to use crypto to make yourself as secure as possible in a In a an illegitimate totalitarian state whose police Weren't policing Real criminality but instead mere dissidents Could we use technology itself as the as the as the bulwark of staying free? And I think the answer is no I think that eventually someone will make a mistake because again like that kind of hyper vigilance that that you know Perfect vigilance that never making any mistakes is not a reasonable goal So the the most important security system we have is a legitimate state a state that tolerates dissent welcomes opposing points of view Operates with a consent of the governed has transparency and accountability in its policing and judiciary Has a prison system that is operated humanely because when when the judiciary makes mistakes and puts people in jail and correctly We don't want to send them off to what are effectively torture chambers and you know here in California the Supreme Court Ordered the prison system to start releasing people because just being in a California pen was cruel and unusual Punishment because they were so overcrowded. So that's the that's the real security system the real security system is a free and fair state and The layer that we build on top of it the freedom layer on the internet the crypto layer is It's just the first line of defense But we need defense in depth and the defense in depth comes out of having fair societies All right, I think it's time for one more question, but it better be awesome No pressure Whoops am I on I think it's a good one to end with you've talked a lot and I've heard other people talk about the Constitutionality of or the Constitution is a backbone for a lot of what's going on Do you see the Constitution as it stands as sufficient to take us forward when the world we're going into is so Very very different from anything that could have possibly been envisioned at the beginning Well, I mean the Constitution is designed to fail moderately well, right? It's been amended and re-amended many times through its history I think that The great barrier we face is one that the framers force saw which is which is corruption Larry Lessig has written a lot recently about what the framers meant by corruption and and the idea that Congress being beholden to funders instead of to constituents is a major source of corruption I think You know the problem economists have discussed for a long time of externalities is really a problem of the fact that People who benefit from corruption Tend to have very concentrated interest right if I pollute the water by not treating my industrial waste That profit goes straight into my pocket And I can use some of it to make sure that I don't get prosecuted for polluting the water and keeping environmental regulations Lacks, whereas all of the people who get sick from my polluted water are diffused And it's hard for them to all club together and form an organization that lobbies as hard as I do for clean water As hard as I'm lobbying for the right to make water dirty But you know one of the amazing things we've seen from the rise of crowdfunding and things like Kickstarter is that it's Increasingly possible to focus the interests of people who have had no way to focus their interests and maybe address some of that So I've got a column coming out in locus where I talk about a thought experiment for solving patent rolls Where people who've been approached to pay a patent roll pledge publicly I will instead of paying this patent roll paid to fight the patent roll if a hundred other people Also who've been approached by the patent roll agree to do it with me It's the magnificent seven business model one year You don't pay the bandits instead you pay the mercenaries right and and it has that collective action problem Where if a few people decide to pay off the bandits they don't burn those people's fields They just burn everybody else's fields and meanwhile they can't raise enough money to pay the mercenaries and and everybody's stuff But if you could if you could build something like a Kickstarter that solved that collective action problem Suddenly the corruption doesn't become irrelevant, but there's at least a much stronger check against it than we've ever had before There's this there's this ability to fight back by concentrating the interests of the victims of corruption and not just the beneficiaries of it All right. Thanks, Cory everyone Thank you Niko Thank you both so much Cory and thank you ladies and gentlemen for a wonderful evening His books will be available in the back of the room and let's give him one more great round of applause. Thank you. Good evening