 So, yeah, you know a lot of people know me for my work in PGP, but the more fun work that I've done in the last 12-14 years has been on secure VoIP. Secure phone calls are just more fun than secure email. So much has changed. And yet we still find ourselves having to argue about Well, what happens if bad guys use this technology? We had to fight hard through the 90s to to get the right to use strong crypto and Now it has become entrenched, and I don't think that we're going to lose it but we are going to have to keep fighting for it because You know politicians keep having to deal with the public policy issues about what happens when criminals use this technology So they keep asking for it They keep pushing back I like to use the the story of Bonnie and Clyde the American bank robbers that Did their activities about a hundred years ago? They use the automobile more effectively than any bank robbers had before they would rob a bank They would run out jump in the car and drive very fast across state lines And the police couldn't chase after them in the US and so the police had never seen bank robbers do this They they didn't know what to do. They were calling for cars to be built with smaller fuel tanks Clyde Barrow wrote a letter to Henry Ford thanking him for designing such a fine automobile that was so important for his bank robberies So fortunately The the need to build smaller fuel tanks was not the that was not the argument that prevailed Bad guys will use new technologies To commit their crimes even even important enabling technologies like How important the car was to Bonnie and Clyde? The the 9-11 terrorists use GPS receivers to navigate Handheld GPS receivers, you know that the navigation systems on the aircraft were Preset to find all the airports. So if you want to land at the airport it knows how to find the airport But you can't make them navigate to the World Trade Center or the Pentagon So they they went there with handheld GPS receivers and Made note of the location and used it to fly their aircraft to their targets What are we supposed to do with that do we stop building GPS receivers? I mean that was that attack happened several years before the iPhone before smartphones had GPS receivers Built in imagine a world today where you couldn't didn't have location services on your phone if we were to Take the policy position that People shouldn't be able to use GPS because terrorists used it so You know that we hear them saying that they're they're going dark But they never had it so good. They're kind of in a golden age of surveillance if you go back to The 1990s when we were fighting this out You know the surveillance picture at that time was was far less capable than it is today today We have ubiquitous traffic cameras in so many countries and they're doing OCR scanning of license plates And they can track the movement of all these vehicles and they know where they go They know where you go who you meet with The street cameras that you know that are millions of cameras that are in cities that have face recognition software So that they can look at a crowd of thousands of people walking by and identify all the faces in the crowd and Keep track of you even when you're not driving a car just walking down the street. They can monitor the movements of individual people They can see who's going in and out of a hotel and recognize all their faces and You know, even if you use a different name to check in at the hotel, they know who's checking in at the hotel They know who's sleeping with who? you know Russian Russian prosecutors that were investigating corruption When Yeltsin was in power There was a Russian prosecutor that was neutralized by a sex scandal because they they caught him in a and a sting operation in a hotel in bed with two women that were not his wife and they they destroyed him politically and they shut down his his corruption investigation and The guy who replaced him the chief prosecutor today is An extremely corrupt prosecutor Perhaps some of you may have seen that video that the pussy riot had about The Corrupt prosecutor it's in Russian so you can't really understand what they're saying But they're they're making this thing with flapping their hands. How many people have seen that video No, you guys aren't pussy riot fans. No, okay Okay Well, anyway, that video is about this corrupt prosecutor that was that replaced the one that was neutralized by this And so this is a product of what what happens when you have a surveillance society That's controlled by an extremely corrupt government. They can get compliment on on anyone who's investigating corruption so We need to do whatever we can to prevent that Kind of surveillance society and you know, we've it's we we've kind of lost that We have a surveillance society and we need to and on top of that we have The we have this situation that's developed About cyber security that has become completely lopsided in favor of the attackers for centuries there's been an arms race between cryptographers and crypt analysts and You know for the at different times in history one or the other of them have been ahead in World War two the crypt analysts were ahead and This you know affected the outcome of the war Today and for the past 40 years, it's the cryptographers that have been ahead and When cryptographers feel like they can put their Their opponents in a position to have to force them to have to solve a difficult math problem. They think they've won they feel Secure that oh, you know, it's going to take longer than the age of the universe for them to to break this math problem So we don't have to worry. It's a false complacency because When you look at the broader picture of cyber security it's actually in favor of the attackers not the defenders and It's so lopsided in favor of the attackers that it's going to take us I Don't know how long to catch up the the attackers will break into your computer and inject malware that will obviate the effectiveness of your of your Encryption software if you're even if you have a properly implemented strong encryption software like PGP or you know Signal or something like that if if malware can then be injected into your computing platform And can escalate its privileges and read all of memory and breach all the sandboxes Then they can exfiltrate your keys and it doesn't matter how good your crypto is and That's what's happened and the consequences of that have been enormous We now have a White House that has been Penetrated by the Kremlin Because of the effectiveness of cyber security attacks and it's not just intelligence gathering It's it's also it's it's now possible for them to exfiltrate sensitive material and weaponize it in elections and even break into election systems and Effect the outcome of the election. I don't know how we're going to make it through the next election cycle No one's doing anything in the US because the president thinks it's not necessary to defend our election systems because You know the elections worked out pretty well for him last time so We're we're at such a disadvantage that we need to we need to have a large number of Engineers and are the workforce and focus their efforts on cyber security defenses. I You know part of that is is is to develop The skills and attacking also because to develop effective offenses you have to understand how the attacks work We need to scale up the The whole the whole field of cyber security and at a time like this when we're When we are overwhelmed by the effectiveness of the attacks This is not the right time to be asking us to to to give up our our strong crypto We need all the help we can get if we if we're told that we need to put backdoors in for for strong crypto Then those backdoors will be hijacked by the attackers I've spent most of my career building Strong crypto that does that has no backdoors and my I mean my secure void products have been used by Navy SEALs and You know the arguments that well, what happens if al-Qaeda or ISIS uses strong crypto. Well, you know what? Don't you want the Navy SEALs who kill al-Qaeda to also have strong crypto? I mean if it if it has a backdoor, they won't use that So That's where we find ourselves. We need to we need to have a Huge escalation in the effectiveness of cyber defenses For the past several years, I I've been working in secure VoIP on Silent Circle a company I started more than five years ago Things have not worked out. Well for Silent Circle We made some business decisions early on that undermined the network effect, you know, we charge money for the product We didn't give it away for free. You can't get network effect without giving it away for free And so without achieving that network effect, we couldn't get traction in the market I Like to try it try it again Only give it away for free the next time I want to do a another cyber security another secure in communications product in fact, I'd like to do it open source and I'm I'm I'm actually looking for Skilled activist engineers that are looking for an open source project to work on I Anybody wants to volunteer to work on secure communication products? That we can open source. I talked to me about it today after my talk so Let's see how much how much time before the the That's to the Q&A. Okay. I've been living in Europe for the past few years I I lived in Geneva for for two years and then and then moved to the Netherlands here I live in the Hague since last October. I Kind of like being an expat In fact, I'm more likely to remain in Europe now until things improve politically in the US Haven't learned Dutch But I'm more comfortable here than in Geneva because I was handicapped by my lack of French speaking skills So so normally I you know a lot of people wait to the end to to do Q&A But I'm more interested in the conversation with the audience And so I'd like to open it up for questions to get things started along a more conversational track if anybody wants to To raise their hand and and Yeah, you If you have questions. Oh, there's a microphone right these come to the mic. Thanks. Thank you step up step up to the mic Hello, I Have a personal question for you feel free not to answer if you feel like not answering it. Okay as far as I've Known about your work for the past the 20 some years the question. I was always Not being able to answer to myself is are you related to Bob Dylan? You know, I have an uncle Bob, but he doesn't sing No Bob Dylan spells Zimmerman with one and and I spell it with two Hi, my name is a Nina and I'm from 360 fashion network I do fashion technology and I'm well aware of for example the car companies specifically who are tracking you with You know cameras and so on and so how can I build clothing that would be the you know? Invisibility cloak or how can we protect ourselves with? technology that will Make the cameras and these tracking Make us unreadable. Do you have some such suggestions? There are Look, there are some camouflage things that I've seen, you know, there's makeup that people sometimes wear to change the face recognition Effectiveness, but I really don't think that's the solution. I think our solution is entirely in policy space You know you can deploy encryption software and you know have a technical solution there But you can't encrypt people's faces for that. We have to work in policy space. We have to regulate surveillance We have to restrict how the surveillance data can be used You know Europe has a far more effective Legal regime for protecting privacy than we have in the US Most of the Western European countries have privacy commissions We don't have anything like a privacy commission in the US This is you know here you have dedicated professionals that go to work every day and work on protecting people's privacy as part of the year The official government apparatus. That's a wonderful thing You can expand the activities of the Privacy Commission in each of your countries if you you know if you pass laws if you have you know, I mean the European Union is is there's a position paper that was Published recently by an EU commissioner that calls for no backdoors in crypto You know, there's an example of Operating in policy space where you can make a difference I mean that it's tempting to think only in terms of technology because most of us here are engineers I assume that most of you are engineers, right? How many people here are engineers? Okay, that's good. So engineers make technology and sometimes the the deployment of technology You know creates the conditions that that then lead to policy changes but I don't think that's going to happen in the case of pervasive video surveillance That's something we need to work on entirely in policy space There's any kind of Device that one could wear or that there's a way to scramble the camera signals, etc From a technical perspective Scramble what scramble the camera signals from well I have seen examples of people wearing LEDs on their hat that are infrared LEDs That shine very brightly and make and make it hard for the camera to see your face but that That's not going to protect the whole population If we want to try to change the world We need to have something that protects the whole population think of it this way imagine if you had developed a Vaccine to protect against a some disease and You were only and only a few people were going to use the vaccine That's great for those people But that's a tiny fraction of the population if you want a vaccine to be effective You have to give it to the whole population We don't have we can't have everybody wear hats that have Infrared LEDs blinding the cameras. I mean technically it's nice But then the engineers that build the cameras will modify the camera sensitivity to not see the infrared and Then the cameras will work again and then there'll be another countermeasure and another counter countermeasure and We need to resolve that I think in policy space I agree with you, but in the interim if the drug for example using your Existing, you know, can we let everyone ask questions, please? I just think that there's a Must be a two-way solution because in the short term you have to do there are technical solutions to certain aspects of video Surveillance, I mean I mentioned one of them but those are Yes, you can get that you can I've seen people put Infrared LEDs on their hats and it works, you know I actually saw through the camera and saw that it really does work, but that's not going to protect the population Hello, I work on the secure drop which is the software developed by the Freedom of the press foundation It's not an explanation to protect the journalist in extreme cases to allow them to communicate with their sources Yeah in a secure and anonymous way now I Do you have an idea about the technology that would improve that kind of scenario? Yes secure communication There's there's several layers of that problem that you have to address To protect the content of the communication is easy You know, we can protect the content of email with PGP. We can protect the content of phone calls with Stuff that I've developed silent phone or step or you know, what's that has has has a VoIP encryption feature that that is secure Signal has a really nice capability of protecting both text and and voice There are several products that do that But that's good just for protecting the content but one of the one of the most important elements of of Helping journalists collect information from whistleblowers is the whistleblowers are terrified of being prosecuted for you know revealing their information In some countries, they're worried more than just being about than just being prosecuted. They're worried about getting killed So in that case traffic analysis becomes important It isn't enough to protect the content because if somebody works Let's say at a government in a government office and they see things that are not appropriate and they try to communicate it to Let's say the New York Times then The fact that there's encrypted communication between someone who works in a classified environment and a journalist for the New York Times that That communication even if encrypted may be enough to focus attention on that whistleblower And and then they can develop in other investigative activities around them to find what he did and then prosecute them You may recall there was a recent incident where there was a Someone in and I think an NSA contractor that printed out some documents on a on a color printer and gave them to a journalist and the the the printer had some Watermark technology that revealed where the printer what printed in anyway even without that they probably could have caught her so traffic analysis is very difficult to defend against and In fact, it can be so difficult that it's it's I usually don't even try because it's just too difficult What what you can do is I mean you specifically asked about whistleblowers The whistleblowers are a special case because they usually first of all they they're working in environments that are tend to be tightly controlled environments You know because they come across information that is Something that they want to give to a journalist They're probably working in a in a place where it's either classified or it's or you know It's in maybe in government Policy areas that they're seeing something scandalous and they want to reveal it and Those kinds of environments Tend to favor traffic analysis, you know Because they access some some computer networks They you know, they'll they'll copy some files onto a memory stick for example And they'll be monitoring software that detects that and then they send it and you know, so there's Traffic analysis happening on multiple levels and that's where the biggest danger is to whistleblowers The content protection is a solved problem now if you go to the New York Times or other Mainstream press Organizations you'll find that many of them have websites that have a page you can go to do you have information for the New York Times? Here's how you can give it to us. They'll give their PGP key. They'll they'll give you their signal You know how to reach them on signal The New York Times used to use my software silent phone But you know, we never we got we never got the network effect that we needed so But you know that I mean Here's a But the other for things that journalists need it isn't purely a whistleblower thing journalists also operate in dangerous environments for example, there was a journalist for a Major American newspaper that was operating in Damascus and using a cell phone to call call her office To report on the war and she was just speaking English on a normal cell phone And so there was a pounding on her hotel room door two guys with weapons You know, she had to escape out the back She got silent phone and it solved the problem because it was encrypted from her phone out to our servers in Montreal and then it she was either doing end-to-end secure calls with her editor in Manhattan and That was end-to-end secure or if she was talking to someone else at the same newspaper It was a normal PSTN call But the gateway for bridging to the PSTN was in Montreal And so it was from her smartphone in Damascus To Montreal and then it was easily wiretapped for Montreal to New York Well, she didn't care about that wiretap. She was in Damascus where people want to kill her You know, so the threat was local so sometimes Even a little bit of security that just protects the content between where you are and your device to anywhere outside the theater of war It can be can be good now. That's not a whistleblower scenario. That's a war correspondent scenario But sometimes when people are operating in physically dangerous environments They need to communicate just to the outside world and then if it gets wiretapped after that who cares You know, they're just making a public switch telephone network call But from a place that the local regime can't reach Yeah, hi, there's an Anecdote by our hand on the internet about the time that you invented your first crypto system say that again About the time that you invented your first crypto system, which turned out to be horribly insecure Yes, yes that resonated very strongly with me because I'd made the exact same mistake a few months before yeah And I was also very proud of it and very smug and cock sure I believe is the wording and my question is is there a way that we can sort of Protect the enthusiasm of amateurs working in the cryptography sphere while also preventing crappy code from getting out there. Yeah You know, I had a friend Who worked at NSA Brian snow he's he's been retired for many years now Brian worked in the information assurance directorate of the NSA Those are the people that actually make the codes not break them that he didn't work on the signals intelligence part of the Organization he worked in the part. He was he was like me, you know, he he protects communication and I met him in the early 90s and right after I first published PGP and And and he he said that he would never trust a crypto system Unless it was designed by someone who had spent years earning their bones by breaking crypto systems and I mean that is so true, you know And that's where I failed because I mean I had this really stupid block cipher that I developed at home I called it the basematic and it was horrible. It was terribly embarrassing and and I and I had a Real cryptographer look at it at the very same crypto conference where I met Brian snow. It was it was Lebiam who who had developed he did his his PhD work on differential crypto analysis and attack on the desk And so I had him look at the basematic and it I spent like 10 minutes with him And I about nine minutes was explaining how it worked and the last minute was him Showing weaknesses in it and it was a very Humiliating experience and that's what I decided I would never again try to design my own block cipher But you know the context of today at that time there was no You couldn't take any courses in in in crypto at that time I Mean, you know academic cryptography was just in a much earlier stage I mean when back in the 70s when I was in college there absolutely were no courses in crypto anywhere There were in fact it was hard to even find textbooks in crypto And and the textbooks that existed in the 70s just weren't They were no they were no good Today every university has crypto courses We you know, there's back when when I first started going to the IACR conferences in in Santa Barbara we used to gather around for a group photograph and You could take a picture of just this People they were like 200 people, you know, maybe maybe less than that maybe a hundred and Many years ago they stopped taking those photographs because the the attendance was much larger There's now so many people that are competent in crypto It's now part of our society in the 90s We had to fight hard to make it so that we could use strong crypto in Industry and and we got that we won that and now it's ubiquitous It used to be you had to explain yourself if you were using strong crypto You had to explain why did you need strong crypto? Are you a criminal? Are you a terrorist? Are you a drug dealer? Why do you need to hide your your stuff today? The legislative environment has inverted from that if you are not using strong crypto today You have to defend yourself If you're a clinic and you're not encrypting your patient records You have to you may be legally liable there because in the US we have our HIPAA laws You have similar laws in most of the European countries if you're if you are in business and you have Let's say you have a laptop computer with a couple hundred thousand customer identities on the on the disk and you leave it in a taxi You better hope that it's encrypted because if it's not you have to go public with that and reveal that you just lost two hundred thousand customer identities, you know through negligence and You know your crypto is you get out of jail free card in the US You just have to go public which damages the company in Britain. I think there's also additional Civil and possibly criminal liabilities for that kind of breach So today the legislative environment favors strong crypto that's how far we've come Now at the time that we were fighting this war in the US We had participation of every corner of society, you know, there was the Congress there were the courts I mean we had litigation going on. There were three cases that were important litigation at that time There were two civil cases Phil Karn was suing the US government for the right to Export encryption Dan Bernstein was suing suing them for Including strong crypto in his coursework, which was going to be exported and then there was the criminal case against me Which it actually I wasn't prosecuted. I was not indicted. I was the target of a three-year criminal investigation But I learned a lot about criminal law from that, you know It's like every time I watch an episode of law in order. I'm always saying don't talk to the cops, you know You get pretty good at criminal law when you're a target of a criminal investigation But I had a great legal team in fact one of the guys was ebb and moglin who was active in the free software foundation And And in fact, we had we had Kurt car now who was a He was a former prosecutor who did intellectual property work There was Ken Bass who was from a Washington law firm and he worked in the Justice Department under Jimmy Carter On national security issues. We had a great legal team. And anyway, it was a it was a great learning experience We won that struggle and and and there were there was participation participation from journalists from the FBI from the NSA from the courts from Congress from academia from civil civil liberties groups you know from every corner of society and The near consensus was that we needed to have strong crypto to drop the export controls in the US to not have Domestic controls the FBI was the one diehard that never let go of it, but everyone else In fact NSA backed away from it and I always wondered at the time why the NSA gave up Now I know of course It's very clear why because they felt that they didn't need to stop strong crypto because they realized that they could get what they needed by other means by the injection of malware in the computing platforms and and so they backed away from that whole debate and We thought we won and you know we did win some important things and that entrenched strong crypto and that gave rise to you know a whole crypto industry and You know created a lot of jobs in crypto and university courses in crypto now I mean this audience many people in this audience have taken crypto courses How many people here have taken crypto courses and university? So you know you can see how available that is and it's largely because we prevailed in the 90s So yeah All right, I feel it is Marco from Italy So over the last year so we have seen an emerging growing in the cryptocurrencies like you know Bitcoin Litecoin and so on and so forth So my question to you is I mean I would like to know your opinion about crypto currencies So do you think this type of technology will be useful like to normal users or would be more useful like Or abused by cyber criminals possibly you know It's funny You know Bitcoin can be used by criminals, but Bitcoin is not really anonymous and so I it's not clear to me why criminals want to use a system that is not anonymous I mean cash is anonymous, but Bitcoin is not anonymous So I don't know what I don't know what why criminals are attracted to Bitcoin I Think what's more interesting about crypto currencies is that? some of the Some of the techniques that were used to design them in particular blockchain can be used for other purposes other interesting applications and I mean for example One of the things that I'm interested in these days is PGP was designed 25 years ago or more than 25 years ago and The threat model from 25 years ago was different than it is today It was it was a much much less complex threat model and Today I think it's time to update PGP's method of of Protecting public keys to to certify public keys, and I think that we can use some of the techniques There's a project called conics K.O.N.I.X. I'm sorry K.O.N.I.K.S. that uses Merkle trees and May I think it has I think it uses blockchain It certainly uses Merkle trees and and it it it's a way of having a public key registry that presents a kind of Coherent picture of of Which keys are have been signed by someone who signs keys. It's like key transparency and I think that's an interesting technique that could be brought to bear to upgrade PGP's trust model So I'm I'm interested in that I'm talking with somebody who's working on that so That's there's other things I'd like to do to bring PGP up to date the original PGP I'm sorry. This is digressing from your point about cryptocurrencies, but it kind of connects to another thread of conversation here PGP's original design never took into account the vulnerability of your keys on your laptop computer because In 1991 when PGP first came out nobody was connected to the internet all the time I mean, yes, you could have workstations in universities that might be connected to the internet a lot but the more typical scenario and when PGP was first released in 1991 was that you had a PC and It was connected by a modem that once in a while you would dial the modem to Pick up your email in fact a lot of people were using Electronic bulletin board systems at the time they weren't even using the internet But the ones that did use the internet would only occasionally dial in there was no worldwide web There were no web pages. You would occasionally dial in with your modem. You would fetch your mail you know with pop Protocol and you would download it and then you know it with PGP you could encrypt and decrypt email but you're connected to the internet for like a minute or two minutes to do this and You didn't have to worry about when you're sleeping at night that somebody's gonna reach into your computer from the other side of the world and You know do a port scan and try to get into your laptop so they could steal your your private key and Then exhaust your passphrase That was not part of the threat model and yet today we have to worry about that in fact today All kinds of crypto protocols that involve servers Have to worry about the exfiltration of private key material from the server you know TLS private keys on servers can be exfiltrated because You know the servers on 24 7 and SSH Private key on a server could be exfiltrated So the servers are constantly available and laptops are Connected almost all the time to the internet now and so what it's what is the likelihood that your PGP key? Well, we'll be safe the private component of your PGP key will remain safe for years at a time It's it's unlikely the threat model today is much worse than it was 25 years ago so we have to Find a way to do something about that maybe with hardware assistance, you know it wait a lot of our mobile devices, you know the iPhone has a secure Hardware secure enclave now That's great for your phone and maybe you could put a key in there, but I have a PGP key I'd like to use on more than one platform and so It's a much more complex threat model now So we need to upgrade the PGP trust model and we need to in the case of PGP We also need to find a way to protect the private key material for much longer periods of time maybe with hardware assistance But your question was about cryptocurrency I think that I Find the most interesting thing about cryptocurrency is the is the new techniques that it introduces And you know, I think blockchain could have a lot of interesting uses Yeah my question was one of the most famous aspects of PGP and WAP of trust that was introduced by the key servers and With the WAP of trust you inherently leak the social graph of the users that's right and With the social network becoming more and more important How do you think are the requirements set for protecting the social graph better? You know when I designed the trust model for PGP. I didn't worry too much about the social network mapping you know Things are so much worse today than they were then Actually, I took this position that well, you know Anybody can sign anyone else's key and it would be completely neutral and you could sign the key of a mass murderer That you have no reason to trust and all you're doing is merely asserting that this key belongs to this person and you know, I Was looking at it with tunnel vision, you know, because I wasn't really thinking that well you're more likely to be signing keys of people that you know and and people that you hang out with and and that's Maybe that's not how key signing parties work because the key signing parties they all come together and just sign each other's key Indiscriminately, you know, it just show show your passport and get your key signed Which you know, maybe that would maybe that would be a weaker social network because you don't really know these people There was an XKC CD cartoon about signing someone's public key at a key signing party Without knowing who they are One of the problems with the PGP trust model is the cognitive burden And in the late 90s, there was a paper published called why Johnny can't encrypt And it was about the difficulty of the cognitive burden of the PGP trust model. It's hard to explain this to your mom You know about what is a trust model? What is a trusted introducer? What's the difference between whether a key is valid that it's been authenticated or that the person who holds that key is Should be trusted to sign other keys That's Cognitively difficult to explain to people and because of that it limited the spread of PGP. It reduced the network effect of PGP and PGP still got used a lot more than SMIME SMIME Didn't have that kind of grassroots trust model. It had a centralized trust model, but The activation energy for SMIME was much higher. So SMIME was bundled with Microsoft products So it actually had a deployment advantage put it in a kind of a static deployment sense It was more widely deployed than PGP, but no one used it because to make it work You had to build a PKI you had to have a certificate authority signing keys and you had to have all that working as It was a big step function in activation energy to get started and so SMIME was not Was not getting much traction even though it had a big static deployment advantage It wasn't getting used as much as PGP and yet still even though PGP had a much lower activation energy It had a higher cognitive burden and so that's neither of them got very much Network effect So we have to overcome that and I think there is a way to overcome that with some of these new techniques I was describing earlier about key transparency and a public key registry that Could make it so that there's a lower cognitive burden to using PGP and then that could mean that the numbers could go far higher. I think today. There's only a few million PGP users But you know WhatsApp has a billion users So what's up has a very low cognitive burden because you don't really deal with the trust model very much But still what's a pass it's prior its social graph leaked to one Company Yeah Yeah, Facebook has plenty of social graph stuff It's their whole business model Hi Thank you for the talk one question I wanted to ask you were just The examples for surveillance that you mentioned there were real life examples for me The areas where surveillance is visible or the most is internet, right? When I'm online I get watched all the time by several institutions now I Realize that doesn't necessarily have bad consequences or as bad consequences as real life surveillance But it's already here and it's happening. That's right. Yeah, so What's your opinion on the relative dangers of online surveillance and real life surveillance? Well Yeah, online surveillance Can lead to quite dystopian results because you know if you if you keep If you have data retention laws that require internet service providers to keep a record of all the websites you visit You know that there's Compromat there, right? I you know, I saw I Saw one of these, you know, there's medical bracelets you wear that's you know that if you that if you if you if you If you have a medical emergency it says that you're a diabetic or something like that or that you're allergic to this drug Or that your blood type is this or something like that. I saw one of these bracelets. That's You know what to do you said Delete my browser history So We can't just delete our browser history now because ISPs At least in Europe are required to do data retention for a long time and that's that's terrible Not everybody can use a VPN to solve that problem I Think that I mean, you know one of the earlier questions was well What technical countermeasure can we do to certain kinds of surveillance? But a lot of it? We need we need public policy solutions. We need to not save the browser history or I'm sorry they the that you know the the ISP saving every all the traffic that you that you've done that's or it I mean Especially with these very long periods of time, you know, I mean that's That's it can get really bad if stuff that you did a year ago is is subject to review now Yeah Yeah, well, it's it's sadly clear that a lot of the problems we do have today need Policy solutions, but in what where do you still see? Possibilities to do things better than they are right now for example how to prevent weak implementations of otherwise proven Crypto algorithms or how to improve the usability of the tools to induce wider wider wider use of of it which also generates more encrypted traffic and thereby Yeah, also makes traffic analysis more difficult. There are I mean, there are some good technical things that we should be doing. I mean Opportunistic encryption of all your web browsing using HTTPS for everything and You know, I there's this Let's encrypt initiative to try to get make to get SSL certificates everywhere Although I have to say the let's encrypt initiative has also created opportunities for bad guys to impersonate you know Banks or whatever, you know, they just get a let's encrypt thing and since those certificates are are The the top-level certificates are now in the browsers You have a failure of PKI can fail even though you it sounds good. Let's do the let's encrypt thing, but it it creates another Serious opening of the attack surface It also reduces the attack surface by having more ubiquitous TLS But it also increases the attack surface in that somebody could dupe They they can fool the the let's encrypt Certificate authority to sign keys that they shouldn't sign. I Think that that we need something better than that. We need to have Something like key transparency or other kinds of things to to make it so that you can't have bogus certificates We also need to do across the board Upping our game. We need to get rid of old crypto suites obsolete crypto suites, you know a lot of TLS stacks have you know 56-bit des and You know RC for and other things that you know, they have things in there that are vulnerable it They support TLS 1.0 SSL, you know, they TLS 1.1. We should get rid of all that in fact TLS 1.3 is where we need to be we should all switch to TLS 1.3 and And that's just on the TLS side. I mean, there's lots of other things too. We need to have ubiquitous encryption and That's part of you know, we shouldn't be fighting government officials that are trying to discourage the deployment of end-to-end Secure communications. It should be everywhere. It should be we need all the help we can get but even if we do that This the big cyber security picture is it's still a disaster in fact, I I think that to a certain extent it's diminishing returns on encryption because We're not doing enough to protect the platforms from malware injection If somebody takes over your computer when I was asking my question I was kind of fishing for what you are about to do With the developers you're looking. Yeah, I I said that I'm looking for volunteers to I'm working. I'm going to work on another secure communications project and I and I and I'm going to open source most of it and I need to I need volunteers to help me with that Can't pay anything, but it'll be it's it's fun Or at least maybe maybe there'll be a way to pay later if there's a way to get Something that happens later other than being fun is there's still already some some hard facts available About how in what direction it's going to go say that again Yeah, are there some some hard facts available in what direction this development is going to you know I'd like to do I'd like to do something like actually the competitive picture is is There's more competition today. I only got a couple of minutes left There's more competition today for secure communications I mean now there's a billion users of WhatsApp and you know, I can't just do silent phone again There has to be something better than that But I'd like to do more secure communication. I'm not done yet How'd you counter the argument that if you've got nothing wrong you've got nothing to hide That's that's absurd I mean You know That's like saying, you know, if if you don't have anything to say then you don't care about free speech You know, there's herd immunity, you know, it's like you say well, I don't need this vaccine You know, there's some anti-vax people that I mean, I think anti-vax is insane, you know We should all get vaccinated against diseases, but The argument that well My children don't need to be vaccinated and that that's none of your business. It's my children. No, there's herd herd immunity and So analogous to that there's herd immunity about free speech. There's herd immunity about Everyone using secure communications. There's herd immunity about public expectations of What we should all be doing about protecting our privacy That's that's a classic herd immunity mechanism I made this point in 1991 with when PGP first came out. I said that think of it as a form of solidarity and So the same argument applies today Okay, ladies and gentlemen, please give a huge round of thanks to Phil Zimmerman By the way, I just want to ask a question I was 37 years old when I published PGP for the first time and how many people here are less than 37 years? old Yeah, so pretty much like almost almost everyone, right? How many people here are younger than PGP? How many people were born after 1991? Okay, yeah, all right so Thanks, thanks for your time