 was actually quite looking forward to moderate this talk because OPSEC assigned, I have to admit, I know Claudio quite well. And why is that? Because we share a co-working space. And the third tenant is a drum set. And this is important to know for the little story I tell now. I almost, I always notice when he does his work breaks because first he reads Twitter for 10 minutes, then he gets triggered. And the next thing I know is a 45 minutes drum solo in Norwegian death metal. And I don't know how many of you are familiar with Gorgoroth. Yeah, but that's not always pleasant. And I noticed something changed during the last few weeks. And I wondered what happened. And part of the explanation for this is this talk. And so if you discourage Claudio with this new project, then the drum solos during work hours start again. And I would beg you, please don't do that. But welcome him with a big round of applause. Claudio Guarnieri, security researcher with Amnesty International, and a fellow at the Citizen Lab. Amnesty International. Well, hello, everybody. So firstly, I have to say a bit sick. So my voice is in the background. I'm a little bit sick with me. Maybe my voice is not so good. So please forgive me that. Everything that I'm going to say today is purely in my opinion. Disclaimer, that all is in my opinion. And I don't have to repeat myself because of the opinions of my employer and other organizations that I have to deal with. And actually, it's the first time that I give a non-technical talk. And then I'm going to give a non-technical talk. And that makes me a little bit scared. But I think, I hope, that it makes sense, what I'm saying here. This is going to be a reflection on the last few years of my experience and my security and my profession. In the last few years, I've worked specifically in working with human rights organizations and journalistic organizations and the civil society in general. And I've learned a lot of things, especially coming from foreign, corporate security background. So computer systems were destined for a global, cultural, and economic background. So computer systems were destined for a global, cultural, and economic revolution, I think. That our community, the hacker community, anticipated a long time ago. And we saw it coming early on. And well, we enjoyed that little time of good times of reckless mandatory online and in the playing of this violence movie, which is the cowboys of the early internet connected age. We also soon welcomed the global realization that we were right along, that technology was going to become predominant in society, and that information technology was going to change everything. And computer security in particular was going to be created. And with that, we embraced the visualization of our culture and with that, also, the monetization of our skills. And now that the internet basically got into our lives. What's interesting is that the moral principle of our culture, our counterculture, as some people say, that was traditionally subversive in our authoritarian as a change, radical movement being increasingly deluded with us at interest. And the traditional distrust for the state is only meaningful in some corners of our community. And this one being one of them. For the most part, it's the most physical one, I would say. The security committee, but the industry really, in particular, and I make that distinction quite often throughout the state. He's enjoying the six-figure salaries, the luxury of Switzerland in Las Vegas, the media attention, and the business class traveling and all of that. And, you know, what concerns me is that with hackers, you know, having moved through their professional lives and their careers and working for many different sides of society, across the entire political spectrum, now it's becoming really difficult to identify shared values among ourselves in the larger, in the larger community. And what is said is also that the internet worked with us, it changed with us, too. Once it was kind of an export space that we were wandering in solitude. And now it's become a marketplace for goods. It has become the primary vehicle of global communication. It has become the place to share cats and veens and porn news, and also, thankfully enough, an unprecedented platform for intellectual liberation, a platform for organization and liberation. However, to quote Kavin Kalli, there is no powerfully constructive technology that is also not powerfully destructive in another direction, just as there is no great idea that cannot be greatly perverted for great harm. And indeed, an eventual idea is not really tremendous unless it can be tremendously abused. And this should be the first law of technological expectation. The greater the promise of a new technology and the greater is the potential of harm as well. Sure enough, we can observe that same technology in the internet, and everything that we built over the decades that we consider of technology and liberation and self-determination. We discovered it being turned into a tool for oppression as well, and it was inevitable. There is an ever-significant technological imbalance between states and their citizens, and there has been lots of dollars that poured into systems of surveillance, both passive and active. It might not just be by the United States, but really by any government that it's both the end of the user. Credible defense is really either a lag behind or remaining accessible, and generally only available to corporations and businesses with deep enough pockets. If you have issues from free software projects that we have, attempting to change things radically are often faced with rather unsustainable funding models. We truly will last long enough to grow these projects to maturity. I think this is a big issue that we need to face. The nation states are very well-taxed in balance, of this technological imbalance, and use it to their own advantage, of course. We've learned through it over the years that technology is regularly used to curb dissent, to censor information, to identify and monitor people, especially those engaging in political struggles and societal struggles. And we saw some examples of it very well. No, we saw the right-wing media against journalists in Ethiopia. We saw the traction of the social movement in Ethiopia, in the heart of dissidents in Iran, and the traction that then became of Syria, and all of these complemented with electronic surveillance and censorship, and they didn't shut up hyperbole anymore and say that people are getting arrested for a tweet. It just happens more and more every day. And anybody who gets his reality is just either misguided or misguided. And all of these cases that we learned over the years remain only that oppressive technology can be used to silence people. We learned that we also take granted access to seemable defensive technology in general, when in countries like Morocco and Egypt, the Emirates, and many others. And then simply access to encryption, where the use of encryption is normally forbidden by default. And then in other parts of the world, even basic communication platforms are regularly blocked at times in our access to internet management. Shut down for a minute for the darnation. And we should be outraged and loud against it. I don't think we are enough. So security can no longer be a privilege for a community in the hands of those who can afford it. Those who take advantage of the mechanism in the pursuit of justice and democracy cannot succeed if they don't make it securely as they remain safe online. And I think that's a lesson that we have learned already. Security has to become a right. It has to be exercised and protected. It is the precondition for privacy, which is the key neighbor for freedom of expression, which is a requirement for a healthy democracy. And while the security industry is becoming increasingly dependent on the national security and defense sector, I think we find ourselves in a renewed need for a structured social and political engagement from the hacker community. That the hacker community turns on there. Like us, often do not get along very well with ethics and politics, I would say, until a completely grown-up maturity, I think, to recognize the implications and the social responsibility we have as a technology. And some of us get there sooner, some of them get there later, some of the other people never will. But having social consciousness is often, I think, the cause of ridicule among techies. And that's unbearable. You can experience this exclusion when you become a second on matters that the larger security community deems stranger to the competences. And you start seeing others becoming patronizing in a conversation with you. First of all, I'm not here in your congress, but I'm trying to experience saying this idea that I'll get other parts. And then you shouldn't let that intimidate you. And we need to recognize that. The privilege we have as educated professionals and technicians, the advantage we have with our understanding of many phases of technology and realize that we cannot educate that responsibility without holding the right and the wrong and connect the society, especially when we're acting in the process as gatekeepers. And being creative or contributing to free software or helping someone in need or pushing the right direction and being respectful to these practices. Dedicated your time and abilities to the benefit of society is concretely a political choice. And you should embrace that with consciousness and try. And the sense that this is a very prominent human rights and a narrative in the crypto community. But there is very little of that dispute between the intersection these have. And I don't even know why, but that doesn't change. But the fact is, what is it we're working for and what is it we're working towards in our own lives? And we're doing too little to formalize the deals through the activism, parallel to privacy activism and human rights activism, all of these forms of engagement in society that we already practice. And we have a means and all of those are real too. But we also face those challenges in the and we don't think the strategies and the and we consider the tactics that we're going to use. And you've thought a lot about this. Intrusion of activism, there is a great difference in the concept of freedom of very greatness. But this is a kind of something we're working on and documenting a wrong joy and without interfering directly, which is something that is close to me and what we sufficient enough traditional activism from happening again as a result of the public outcry and the public attention. And it is a powerful tactic and quite often also the only available or meaningful tactic. It was always an activist movement the shift of tactics are truly the greatness of the act of the police, the legitimization, the structuralizing of the feminist cells. We have to conform to the idea of acceptable behavior. And similarly as we, as security researchers and private activists, we have to use it. We observe, we document, we report on the abuses of the technology in a way that I believe is powerful to lay that economic tension that exists between office and defense. Being a journalist, electronic communication intercepted or computer compromised, the censorship of websites or the blocking of messaging systems that we see pretty much every week. The censorship of the internet, the exposure of the technology that is being used to empower such repression, to implement the cost of their development and cooperation. That is a meaningful tactic. As the idea of the attack has defeated, circumvented, and on the other hand, we have to start re-engineering, redeployed. This process costs money on time. And it's very important to become a way to curb that if there is discrimination and optionally, and become basically an act of force on its own way. Basically, there is competent people watching out and that abuses won't go unnoticed. I can team and say, transform politics is very, very simple. I think there is work within some companies, produce a spider, I don't think those are sorts. The results go against around the world. But more effectively understood, the government has to scrutinize as a result of the public at the time they rise from a service like us, and we have to be careful. And that lies on us, on geeks like us, that we prevent these abuses from taking place. There is one fundamental flaw in the bearing witness we practice. It is a strategy that requires accountability in order to be effective. It implies that a perpetrator of this wrong doing is identifiable and pressureable. And the difference is that you just name and chain people and organizations say some wrong decisions. None of these properties are often available to us in the digital world, right? The internet provides abusers possible deniability and accountability quite often. So it makes it closely impossible to identify the abusers in the first place in any meaningful way. We should be ashamed. But no one name and shade them effectively. We have such a wonderful information in physically exposed to the media and the breaches that happen almost daily that if your stories you are able to tell the direction of dissent and citizens become are becoming repetitive and boring. After all in the front of the majesty of the iridescent attacks and, you know, in third countries being shut down off the internet, apparently. And in the hundreds of millions of foreign accounts and hundreds of millions of accounts every week hacked from the massive spying infrastructure of the firebodies and so on. What is in the eyes of the comic fanatics from Middle East or some other part of the world that is unknown to most and it's compromised with a huge explosion that is involved in the 255th thing. That is an interesting story. So we need to stop the deep breath and look very more around this and see if we're missing the big picture. So a little bit of puppy's to lift your spirits and for me to drink some water. So firstly we need to stop thinking that the most interesting performance and research is the most important one. And when companies like NSO or in other companies well known examples are found involved in violation of human rights makes it for a hell of a media story, you know, and sometimes in research that I worked on an author development and front-page use of international newspapers and I found that a bit ridiculous today. But it's great in some way, but the truth is that despite how legally and politically important these cases are and it's great to expose and present to the public and have done a lot of work on it. Those cases are also exceptional. You know, they're not particularly representative in fact in what is the reality of the use of technologies at all for repression by most states. And for one, they didn't found targets that we had sophisticated commercials by were produced by a European company, American company or whatever. There are hundreds more where you thought that we were free to download probably written versions which you'll make any sort of researcher down and get bored immediately by the sort of collaboration and so on. And what I have learned over the years, this field is that fighting this legitimate hacking and dissonance is never ending cat and mouse for us, but these are better for the important one. However, once you grow out of the boredom at the side of being another dark comet or black shades red or a four years old Microsoft office expert, when you start understanding the true value of this work, she said it's less technical and it's more human. And there's not about the next hack of the next unusual buy of the vehicle and it's not about ourselves, but about our careers. And too often we observe a toxic celebrity culture and the hacker and the security communities emphasize also the aggrandizing bias of the media too often looks for the story of the renegade hacker and then too often we and often at the expense of the victims of progressive technologies who really struggle and then make their unknown problems with the most people. So we need to grow some humility and start containing our egos, I think. No, I'm sorry. Many. And I spent the last few years offering my expertise and my modest skills to the human rights community and while I have to say that it's very dissatisfying and only that I am enjoying previous corporate work. Community is also a mastodontic struggle. And securing a global society is a road filled with obstacles and confusion. And one can provide really interesting and presidential challenges for our problems holding minds as hackers. It also also comes with a role of knowing that lies are at stake. And really it's not some information property or some profit or any pattern that really depends on the person. So how do you distribute this similar diverse network of people with different risks, different adversaries operating in different places, different technologies and different services? It's a topical nightmare. And while we do a security community at large, I mean security in this room, security corporations and organizations with proper modeling and by watching closely for anomalies in that model. But the handful of technologies that are working in the human rights field often can do is only recommend a source after another. Hopefully it is not going to fail the first time we are able to be quote-unquote. So you have to really travel to a South African country to meet some local journalists and activists and let's try to in my checklist of things to preach around. So you normally would and later in the night when I meet the people at night, I winked with a phone and the phone closed. And the screen shows that the phone didn't get the key in the process. They kept everything and then he said I will never close again and sometimes it is not accessible or too expensive and sometimes the closing doesn't work. And we can't expect the world to fly even though we prepare cool tools. And that brings me to the second reflection, we have to engage more. We have to become an important part of this. We have to find our things and support other things. We have to be different groups that fight against fracking, against human rights organizations that fight for justice or we can help with the law. But we have to be independent and instead of complaining that a technical part is missing we have to use the congress to bring us into society and with open arms they welcome other voices to us. This is one opportunity to learn more about ethics and politics from which we often don't know and learn a lot in our technical education. And maybe tomorrow we will hear something from a project or a thing that will motivate you. We hear from Twitter, from the blog, we can organize more. We can organize and engage in the civil society. That is very important in the digital sphere because of a lack of internet expertise. The financial inability to access technology and solutions that are We need to approach the digital sphere and recognize the stimulus that's also going to be yourself. That is a high demand. And also, I'll be Ramune right after the end of the sector, as you heard about. That I believe in the social society and the non-profit sector in China. There are various ways to build that. I'm not going to abandon their career to follow this path. And those that would want to, probably even can't. So what if you create a plan to build together or internalize and then what will happen to the business or provide some assistance to civil society? That's not going to happen again. So we need to flip this game. And it's one attempt of doing so. And this is a project that I have the pleasure of having here. Security ohne Grenzen is a project where I work with an open collective of hackers and journalists, human rights defenders and many others. Being a penetration tester, malware analyst, engineers, researchers. And I invite all of you to join. You are an electrical technician, a malware writer, sign up, engage in. We want to create a structure that can voluntarily help with malware analysis and everything that is needed. Write newsletters, write tools, everything that is needed to create civil society. And that's going to change. It's a young project. But the idea is to turn this problem around and if we get enough people who can spend only one hour a week, then I think we can get enough power together to solve a lot of problems. If we get together in a coordinated effort, then we can make these changes in society. And with that, I thank you all. And you can go on the website right now to find the tools and find the resources to reach out and have something with us. Thank you. Thank you. Thank you very much for the talk about equal firepower. We have plenty of time for questions. So if there are questions, you can come on that mic. Do we have questions from the internet? Okay. So if that's that, I'm sure that Claudia can be approached aside the stage. And I wish you a good time. If that's the case, then Claudia can take the stage and there will be no questions. Thank you.