 Thank you very much hi So there's a little formality first as a member a good standing of the order of After-dinner and conference speakers of England and Wales I am required as the last speaker before lunch to make a joke about being the last speaker before lunch This is that joke Thank you So I work for electronic frontier foundation and I've met some of you in the halls here And when I mentioned I work with the FF they say oh you guys have been around for a long time And it's true like not just internet time not like this is Zcash's second birthday So we're the doddering old men of cryptocurrency long time like we've been around for a quarter century a legitimate long time and I want to talk about our origin story about the Key victories that we scored really early on a quarter century ago that really are the reason you guys and you folks are In this room today I want to talk about the crypto wars Not those crypto wars These crypto wars So back in the late 90s the NSA classed Cryptography as a munition and imposed strict limits on civilian access to strong crypto And there were people as you heard from a very speak about who called themselves cipher punks Crypto anarchists who said that this was bad policy It was a governmental overreach and it needed to be changed and they tried a whole bunch of different Tactics to try and convince the government that this policy was not good policy So they talked about how it was ineffective, right? They said you can ban civilian access to strong cryptography and only allow Access to to weak crypto the 50-bit version of DES And that will not be sufficient to protect people They they made this as a technical argument. They said like look we believe that you could brute force DES with consumer equipment and The courts said well who are gonna believe you or the NSA? Because the NSA they hire all the PhD mathematicians that graduate from the Big Ten schools And they tell us that DES 50 is good enough for anyone So why should we believe you and so we did this we built this thing called the DES cracker It's a quarter million dollars specialized piece of equipment that could crack the entire key space of DES in two hours Right, so we said like look here's your technical proof We can blow through the security that you're proposing to lock down the entire u.s Financial political legal and personal systems with for a quarter million dollars And they said well, maybe that's true, but we can't afford to have the criminals go dark, right? They're gonna hide behind Crypto, and they won't be able to we won't be able to spy on them So in the face of all those of all that resistance, we finally came up with a winning argument We went to court on behalf of a guy named Daniel J. Bernstein You probably heard a DJ be he's a cryptographer. He's a cryptographer whose name is all over all the ciphers you use now, but back then DJ be was a grad student at the University of California at Berkeley and He had written cipher That was stronger than DES 50 and he was posting it to use Matt And we went to the Ninth Circuit and we said we believe that the First Amendment of the US Constitution Which guarantees the right to free speech? protects DJB's right to publish source code that code is a form of expressive speech as we understand under expressive speech in the US constitutional framework and This worked right making technical arguments didn't work making economic arguments didn't work making law enforcement arguments didn't work Recourse to the Constitution worked we won in the Ninth Circuit We won at the Appellate Division and the reason you folks can do ciphers that are stronger than des 50 Which these days you can break with a raspberry pi the reason you can do that is because we won this case So I'm not saying that to suck up to you, right? I'm saying that because it's an important note in terms of tactical diversity in trying to achieve strategic goals Right, it turns out that making recourse to the Constitution is a really important tactical Arrow to have in your quiver and it's not that the Constitution is perfect And it's certainly not true that the US always upholds the Constitution right all countries fall short of their goals The goals that the US fall short of are better than the goal goals that many other countries fall short of the US Still fall short of those goals and the Constitution is not perfect and and you folks you might be more comfortable thinking about Deploying math and code as your tactic But I want to talk to you about the full suite of tactics that we use to affect change in the world And this is a framework that we owe to this guy Lawrence Lessig Larry is the founder of creative commons and has done a lot of other important stuff with cyber law and now works on corruption That's a connection. I'm gonna come back to and and Larry says that there are four forces that regulate our world for Tactical avenues we can pursue. There's a code. That's what's technically possible right making things like deep crack There's markets what's profitable right founding businesses that create stakeholders for Strong security turned out to be a really important piece to Continuing to advance the crypto agenda because there were people who would show up and argue for more access to crypto Not because they believed in the US Constitution But because their shareholders demanded that they do that as part of their ongoing funding right there's norms What's socially acceptable moving from the discussion of crypto as a thing that exists in the realm of math and policy and to a thing that is Part of what makes people good people in the world to convince them that for example allowing sensitive communications to go in the clear is Is a risk that you put not just on yourself, but on the counterparties to your communication? I mean, I think we will eventually arrive at a place We're sending sensitive data and the clear will be the kind of technical equivalent of inviting people to a party Where you close the door and chain smoke right? It's your selfish laziness putting them at risk And then there's law. What's legal? Now the rule of law is absolutely essential to the creation and maintenance of good cypher systems Because there is no key length. There is no cypher system that puts you beyond the reach of law Right, you can't audit every motherboard and every server in the cloud that you rely on For a little backdoor chip the size of a grain of rice that's tapped right into the motherboard control system You can't make all your friends adopt good operational security This is a bit of the the rules used by the deep packet inspection system deployed by the NSA This was published in German newspaper by after it was leaked to them The deep packet inspection rules that the NSA was using to decide who would get a long-term Retention of their communications and who wouldn't They involved looking for people who had ever searched for how to install tour or tails or cubes So if you had ever figured out how to keep a secret the NSA then started storing everything you ever sent in case you ever communicated with someone who wasn't using crypto and Through that conveyed some of the things that was happening inside your black box conversations, right? You can't make everybody you will ever communicate with use good crypto And so if the state is willing to exercise illegitimate authority, you will eventually be found out by them You can't audit the ciphers that that every piece of your tool chain uses including pieces That you don't control that are out of your hands and in the hands of third parties One of the things we learned from the Snowden leaks was that the NSA had sabotage the random number generator in a NIST standard In order to weaken it so that they could backdoor it and read it and so long as the rule of law is not being obeyed So long as you have spy agencies that are unaccountable Running around sabotaging crypto standards that we have every reason to believe otherwise are solid and sound you can never Achieve real security This turns out to be part of a much larger thing Called bull run in the US and Edge Hill in the UK that the NSA and MI 5 were jointly doing to sabotage The entire crypto tool chain from hardware to software to standards to random number generators Opsec is not going to save you Because security favors attackers if you want to be secure from a state you have to be perfect You don't just have to be perfect when you're writing code and checking it in you have to be perfect all the time You have to never make a single mistake Not when you're at a conference that you've traveled across the ocean to and you're horribly jet lagged Not when your baby has woken you up at three in the morning not when you're a little bit drunk You have to make zero mistakes In order for the state to penetrate your operational security They have to find one mistake that you've made And they get to cycle a new shift in every eight hours to watch you They get to have someone spell off the person who's starting to Get screen burn in on their eyes and has to invert the screen because they can no longer focus on the letters They just send someone else to sit down at that console and watch you So your operational security is not going to save you over time the probability that you will make a mistake approaches one So crypto is not a tool that you can use to build a parallel World of code that immunizes you from an illegitimate powerful state Superior technology does not make inferior laws irrelevant But technology and in particular privacy and cryptographic technology, they're not useless Just because your offset won't protect you forever doesn't mean that it won't protect you for just long enough Crypto and privacy tools they can open a space in which for a limited time Before you make that first mistake you can be sheltered from that all-seeing eye And in that space you can have discussions that you're not ready to have in public yet Not just discussions where you reveal that your employer has been spying on everyone in the world But all of the discussions that have brought us to where we are today You know, it's remarkable to think that within our lifetimes within living memory It was illegal in much of the world to be gay and now most of those territories gay people can get married It was illegal to smoke marijuana and now in the country. I'm from canada marijuana is legal Right in every province of the country right It was illegal to practice so-called interracial marriage right there are people who are the products of those marriages who were illegal So how in our lifetimes did we go from these regimes where these activities were prohibited to ones in which they are embraced and considered normal Well, it was because people who had a secret that they weren't ready to talk about in public yet Could have a space that was semi-public where they could choose their allies They could find people who they thought they could trust with this secret And they could whisper the true nature of their hearts to them And they could recruit them into an ever-growing alliance of people who would stand up for them and their principles They could whisper the love that dare not speak its name until they were ready to shout it from the hills And that's how we got here if we eliminate privacy and cryptography if we eliminate the ability to have these Semi public conversations We won't arrive at a place in which Social progress continues anyway We'll arrive at a place that we much like the hundreds of years that preceded the legalization of these activities that are now considered normal Where people that you love went to their graves with secrets in their hearts that they never confessed to you Great aches that you had unknowingly committed Had contributed to because you never knew their true selves So we need good tech policy, and we're not getting it. In fact, we're getting bad tech technology policy that's getting worse by the day so You may remember that Over the last two years We discovered that hospitals are computers that we put sick people into and when we take the computers out of the hospitals They cease to be places where you can treat sick people And that's because of an epidemic of ransomware And there's been a lot of focus on the bad it policies of the hospitals and the hospitals had some bad it policies You shouldn't be running windows xp. There's no excuse for it and so on But ransomware had been around for a long time and it hadn't taken down hospitals all over the world Right the way that ransomware ended up taking down hospitals all over the world Is somebody took some off the shelf ransomware and married it to a thing called deep blue That or eternal blue rather an eternal blue Was an nsa exploit. They had discovered a vulnerability in windows xp And rather than taking it to to microsoft and saying you guys have better patch this because it's a really bad zero day They had just kept it secret in their back pocket against the day that they had an adversary They wanted to use it against except before that could happen Someone leaked their cyber weapon And then dum-dums took the cyber weapon and married it to this old piece of ransomware and started to steal hospitals Now, why do I call these people dum-dums? Because the ransom they were asking for was three hundred dollars Right, they didn't even know that they'd stolen hospitals. They were just Opportunistically stealing anything that was connected to an xp box And then asking for three hundred dollars in cryptocurrency in order to unlock it, right? So this is not good technology policy The nsa believes in a doctrine called no bus No one but us is smart enough to discover this exploit now. First of all, we know that's not true We know that the nsa From the crypto wars, we know that the nsa does not have a monopoly on smart mathematicians, right? These were the people who said does 50 were strong enough for anyone. They were wrong about that. They're wrong about this But even if you believe that the nsa would never That the exploits they discovered would never be independently rediscovered it's pretty obvious that That doesn't mean that they won't be leaked and once they're leaked you can never get that toothpaste back in the tube Now since the the enlightenment for 500 years now We've understood what good knowledge creation and technology policy looks like so let me give you a little history lesson Before the enlightenment we had a thing that looked a lot like science through which we did knowledge creation It was called alchemy and what alchemist did is a lot like scientists you observe two phenomena in the universe You hypothesize a causal relationship. This is making that happen You design an experiment to test your causal relationship You write down what you think you've learned and here's where science and alchemy part ways Because alchemists don't tell people what they think they've learned and so they are able to kid themselves That the reason that their results seem a little off is because maybe they made a little mistake when they were writing them down And not because their hypothesis was wrong, which is how every alchemist discovers for himself The hardest way possible that you should not drink mercury right So for 500 years alchemy produces no dividends and then alchemists do something that is Legitimately miraculous they convert the base metal of superstition into the precious metal of knowledge By publishing by telling other people what they think they've know what they know Not just their friends will go easy on them, but their enemies Right who if they can't find a single mistake in their work They know that their work is good And so as a first principle whenever you're doing something important everyone should be able to criticize it Otherwise you never know that it works So you would hope that that's how we would operate in the information security realm But that's not how we're operating in 1998 congress passed this law the digital millennium copyright act They then went to the european union in 2001 and arm twisted them into uh Passing the european union copyright directive and both of these laws have a rule in them That says that you're not allowed to break digital rights management You're not allowed to bypass a system that restricts access to a copyrighted work And in the early days, this was primarily used to stop people from making region free dvd players, right? But now Everything's got a copyrighted work in it because everything's got a system and a chip in it that costs 22 cents And has 50 000 lines of code including the entire linux linux kernel And usually an instance of busy box running with the default root password of admin and bin, right? And because that's a copyrighted work Um anyone who manufactures a device where they could make more money if they could prescribe how you use that device Can just add a one molecule thick layer of drm in front of that copyrighted work And then because in order to reconfigure the device you have to remove the drm They can make removing drm and thus using your own property in ways that benefit you into a felony Punishable by a five-year prison sentence and a five hundred thousand dollar fine And so there's this enormous temptation to add drm to everything and we're seeing it in everything pacemakers voting machines car engine parts tractors Implanted defibrillators hearing aids. There's a new Uh continuous loop or closed loop artificial pancreas from johnson and johnson It's a continuous glucose monitor married to an insulin A pump with some machine learning intelligence to figure out what dose you need from moment to moment And it uses proprietary insulin cartridges that have a layer of drm in them to make sure that to stay alive Your you only feed your internal organ The material that the manufacturer has approved so that they can charge you an extreme markup So that's bad. That's the reason we're seeing drm everywhere. But the effect of that Is on is uh what it does to security research Because under this rule merely disclosing defects insecurity that might help people bypass drm Also exposes you to legal jeopardy Right, so this is where it starts to get scary because as microcontrollers are permeating everything we use as hospitals Are turning into computers we put sick people into we are making it harder for critics of those devices To explain the dumb mistakes that the people who made them have made we're all drinking mercury Um, and this is going everywhere Particularly it's going into your browser So several years ago the w3c was approached by netflix and a few of the other big entertainment companies to add drm to html 5 Because it was no longer technically Simple to to put drm in browsers because the way they were changing the apis And the w3c said that they would do it and there's it's a long complicated story why they went into it But i personally in eff We had a lot of very spirited discussions with the w3c leadership over this and we warned them that we thought That the companies that wanted to add drm to their browsers didn't want to just protect their copyright We thought that they would use this to stop people from disclosing defects in browsers Because um, they wanted to be able to not just control their copyright But ensure that there wasn't a way to get around this copyright control system And they said oh no never these companies are good actors. We know them. They pay their membership dues They would never abuse this process to come after Uh security researchers who are making good faith honest responsible disclosures Whatever you add your adjective for a disclosure that's made in a way that doesn't make you sad Right, there are all these different ways of talking about security disclosures and we said all right Let's find out let's make membership in the w3c and participation in this drm Committee contingent on promising only to use the dmca to attack people who infringe copyright And never to attack people who make security disclosures And the entire cryptocurrency community who are in blockchain community who are in the w3c working groups They backed us on this in fact It was the most controversial standards vote in w3c history The only one that ever went to a vote is the only one that was ever appealed It was the only one that was ever published without unanimous support It was published with 58 support and not one of the major browser vendors Not one of the big entertainment companies signed on to a promise not to sue security researchers who revealed defects and browsers So let's talk a little about security economics and browsers So security obviously it's not a binary. It's a continuum. We want to be secure from some attack You heard someone talk about threat modeling earlier So like you got a bank vault You know that given enough time and a plasma torch your adversary can cut through that bank vault But you don't worry about that because your bank vault is not meant to secure your money forever It's meant to secure your money until a security guard walks by on their patrol and calls the police Right your bank vault is integrated with the rule of law It is a technical counter measure that is backstopped by the rule of law And without the rule of law your bank vault will eventually be cut open by someone with a plasma cutter So security economics means factoring in the expected return on a breach Into the um, uh design of the system, right? If you have a system that's protecting $500 in assets You want to make sure that it will cost at least $501 to defeat it And you assume that you have a rational actor on the other side Who's not going to come out of your breach $1 in the hole, right? You assume that they're not going to be dum-dums so The this there's a way that this frequently goes wrong a way that you get context shifts that change these security economics calculus And that's when the value of the thing that you're protecting suddenly goes up a lot And the security measures that you're using to protect it don't And all of a sudden your $500 security measure Or $501 security measure isn't protecting $500 worth of stuff It turns out that it's protecting $5 million worth of stuff and the next thing you know There's some dude with a plasma cutter hanging around your vault So this challenge is especially keen in the realm of information security because information security is tied to computers And computers are everywhere and because computers are becoming whoops Because computers are becoming integrated into every facet of our life faster than we can even keep track of it Every day there's a new value that can be realized by an attacker Who finds a defect in computers that can be widely exploited And so every day the cost that you should be spending to secure your computers is going up And we're not keeping up. In fact computers on average are becoming less secure Because the value that you get when you attack computers is becoming higher and so the the expected Desperate behavior is getting better resourced and more dedicated So this is where cryptocurrency does in fact start to come into the story It used to be that if you found a defect in widely used consumer computing hardware You could expect to realize a few hundred or a best a few thousand dollars But in a world where intrinsically hard to secure computers are being asked to protect exponentially growing cryptocurrency pools Well, you know how that works, right? You've seen cryptojacking attacks You've seen all the exchanges go down you understand what happens when the value of the asset being protected shoots up very suddenly It becomes extremely hard to protect So you would expect that in that world where everything we do is being protected by computers that are intrinsically hard to protect And where we need to keep adding more resource to protect them that states would take as their watchword Making crypto as easy to implement as possible making security as as easy as possible to achieve But the reverse is happening Instead what's happening is states are starting to insist that we're going to have to sacrifice some of our security to achieve other policy goals So this guy used to be prime minister of australia. He's not anymore wait six months The current prime minister of australia will also not be prime minister of australia anymore Um This guy malcham turnbull Sorry, did I just get his name wrong? Um, I just blew up his name. Uh What is his name? God, he went so quickly malcham turnbull. It is malcham turnbulls right there on the slide I almost called him malcham gladwell So he he gave this speech where he was explaining why he was going to make it the law that everybody had to backdoor their crypto for him And you know all these cryptographers had shown up and they said well the the the laws of math say that we can't do that We can't make you a thing that's secure enough to protect the government and its secrets But insecure enough that the government can break into it And he said and i'm not going to do the accent He said The laws of australia prevail in australia. I can assure you of that The laws of mathematics are very commendable But the only law that applies in australia is read it with me the law of australia. I mean This may be the stupidest technology thing ever said in the history of really dumb technology utterances But he almost got there and he's not alone, right? The fbi has joined him in this call You know canada has joined us joined him in this call Like if you ever needed proof that that merely having good pecs and good hair doesn't qualify you to have good technology policy The government of justin trudeau and its technology policy has demonstrated this forever, right? This is an equal opportunity madness that every developed state in the world is at least dabbling in And uh We have ended up not just in a world where fighting crime means eliminating good security I mean it's dumber than that, right? We've ended up in a world where making sure people watch tv the right way means sacrificing on security Now the european union they just actually had a chance to fix this because that copyright directive that the us forced them to Pass in 2001 that has this stupid rule in it that they borrowed from the dmca It just came up for its first major revision in 17 years the new copyright directive Is currently nearly finalized it's in its very last stage And rather than fixing this glaring problem with security in the 21st century What they did was they added this thing called article 13 So article 13 is a rule that says if you operate a platform Where people can convey a copyrighted work to the public So like if you have a code repository Or if you have twitter or if you have youtube or if you have soundcloud Or if you have any other way that people can make a copyrighted work available if you host minecraft skins You are required To operate a crowdsourced database Of all the copyrighted works that people care to add to it and claim so anyone can upload anything to it and say This copyright belongs to me And if a user tries to post something that appears in the database You are obliged by law to censor it And there are no penalties for adding things to the database that don't belong to You don't even have to affirmatively identify yourself and the companies are not allowed to strike you off from that database Of uh allegedly copyrighted works even if they repeatedly catch you chaffing the database with garbage that doesn't belong to you The works of william shakespeare all of wikipedia The source code for Some key piece of blockchain infrastructure which now can't be posted to a wordpress blog and discussed Until someone at automatic takes their tweezers and goes through the database and pulls out these garbage entries Whereupon a bot can reinsert them into the database one nanosecond later So this is what they did instead of fixing anti-circumvention rules to make the internet safe for security So, uh, I mentioned this is in its very last phase of discussion And it looked like it was a fix and then the italian government changed over and they flipped positions And we're actually maybe going to get to kill this, but only if you help If you're a european, please go to saveyourinternet.eu and send a letter to your MEPs This is really important because this won't be fixed for another 17 years if this passes saveyourinternet.eu So When we ask ourselves why are governments so incapable of making good technology policy the standard account says It's just too complicated for them to understand, right? How could we expect these old decrepit irrelevant white dudes to ever figure out how the internet works, right? If it's too technological, you're too old, right? But sorting out complicated technical questions. That's what governments do I mean, I work on the internet and so I think it's more complicated than other people's stuff But you know on when I'm being really rigorously honest I have to admit that it's not more complicated than public health or sanitation or building roads And you know, we don't build roads in a way that is as stupid as we have built the internet And that's because the internet is much more hotly contested because every realm of endeavor intersects with the internet And so there are lots of powerful interests engaged in trying to tilt internet policy to their advantage, right? The tv executives and media executives who push for article 13 You know, they're not doing it because they're mustache twirling villains They're just doing it because they want to line their pockets and they don't care What cost that imposes on the rest of us bad policy bad tech policy? It's not bad because making good policy is hard It's bad because making bad policy has a business model Now tech did not cause the corruption that distorts our policy outcomes But it is being supercharged by the same phenomenon that is distorting our policy outcomes And that's what happened with ronald reagan margaret thatcher and their cohort who came to power the same year the apple 2 plus shipped And among the first things they did in office was dismantle our antitrust protections and allowed companies to Do all kinds of things that would have been radioactively illegal in the decades previous like buying all their competitors like engaging in illegal tying like Using long-term contracts and their supply chain to force their competitors out Like doing any one of a host of things That might have landed them In front of an antitrust regulator and broken up into smaller pieces the way at&t had been And as that happened we ended up in a period in which inequality mounted and mounted and mounted And 40 years later we've never lived in a more unequal world We have surpassed the state of inequality of 18th century france Which for many years was the gold standard for just how unequal a society can get Before people start chopping off other people's heads And unequal states are not well regulated ones Unequal states are states in which the peccadillo's cherished illusions and personal priorities of a small number of rich people Who are no smarter than us start to take on outsized policy dimensions Where the preferences and whims of a few plutocrats become law so In a plutocracy Policy only gets to be evidence-based when it doesn't piss off a rich person And we cannot afford distorted technology policy. We are at a breaking point Our security and our privacy and our centralization debt is approaching rupture We are about to default on all of those debts and we won't look like we won't like what the bankruptcy looks like when that arrives Which brings me back to cryptocurrency and the bubble that's going on around us The the bubbles they're not fueled by people who have an ethical interest in decentralization or who worry about overreaching state power Those bubbles right all the frothy money that's in there Not the coders who are writing it or the or the principal people who think about it But all the money that's just sloshing through it and and making your Tokens so volatile that the security economics are impossible that money is being driven by looters Who are firmly entrenched in authoritarian states the same authoritarian states that people are interested in decentralization Say we want to get rid of They're the ones who are buying cyber weapons to help them spy on their own populations To figure out who is fomenting revolutions so they can round them up and torture them and arrest them So that they can be left to loot their national treasuries in peace And spin the money out through financial secrecy havens like the ones that we learned about in the panama papers in the paradise papers And abetting the oligarchic Accumulation of wealth that is not going to create the kinds of states that produce the sound policy that we need to make our browsers secure It will produce states whose policy is a fun house mirror reflection of the worst ideas of the sociopaths Who have looted their national wealth and install themselves as modern feudal lords Your cryptography will not save you from those states They will have the power of coercive force and the unblinking eye of 24 7 surveillance contractors The internet the universal network where universal computing endpoints can send and receive cryptographically secure messages Is not a tool that will save us from coercive states But it is a tool that will give us a temporary shelter within them a space that even the most totalitarian of regimes Will not be able to immediately penetrate where reformers and revolutionaries can organize mobilize and fight back Where we can demand free fair and open societies with broadly shared prosperity across enough hands that we can arrive at Consensuses that reflect best evidence and not the whims of a few where power is decentralized And incidentally having good responsive states will not just produce good policy when it comes to crypto All of our policy failures can be attributed to a small moneyed group of people who wield outsized power to make their bottom line More important than our shared prosperity Whether that's uh the uh people who spent years Expensively sowing doubt about whether or not cigarettes would give us cancer Or the people who today are assuring us that the existential threat that the human species is facing is a conspiracy among climate scientists Who are only in it for the money So you're here because you write code and you may not be interested in politics, but politics is interested in you The rule of law needs to be your alpha and omega because after all All a constitution is is a form of consensus Right, it's it's it's the original consensus seeking mechanism Using the rule of law to defend your technology. It's the most internet thing in the world Let's go back to Bernstein when we went to Bernstein and argued this case We essentially went on an internet message board and made better arguments than the other people And we convinced the people who were listening that our arguments were right. This is how you folks resolve all of your Problems right proof of concept running code Good arguments and you win the rule you win the battle of the day So making change with words That's what everybody does whether we're writing code or writing law And i'm not saying you guys need to stop writing code, but you really need to apply yourself to the legal dimension too Thank you. Thank you So we're gonna ask some questions now I like to call alternately on people who identify as women are non-binary and people who identify as male or non-binary And we can wait a moment if If there's a woman or non-binary person who wants to come forward first There's some there's a mic down there and then there's a rover with a mic. Just stick up your hand There any hands up there? Does someone have their hand up? Is that what that person was shouting and audible from the back? No All right, are there any people who identify as men or non-binary? You'd like to ask the first question There's someone there if there's a runner with a mic maybe or if you want to come down to this microphone Ah, someone's coming now As someone who spent a lot of time involved the internet I'm sure you've read the book the sovereign individual And I recently read this book and it talked a lot about how the internet will increase the Sovereignty of individuals and also how cryptocurrencies will And it predicted a massive increase in inequality as a direct result of the internet. Could you comment on that? Yeah, I haven't read the book So i'm not going to comment directly on the book But I think it's true That if you view yourself as separate from the destinies of the people around you that it will produce inequality I think that that's like empirically wrong, right? Like if there's one thing we've learned about the limits of individual sovereignty It's that you know, you have a shared microbial destiny You know, I speak as a person who left London in the midst of a measles epidemic and landed in california right after they stamped it out by Telling people that you had to vaccinate your kids or they couldn't come to school anymore We do have shared destinies We don't have individual sovereignty And even if you are the greatest and you know anyone who's ever run a business knows this right You could have a coder who's a hundred x coder who produces a hundred times more lines of code than everybody else in the business But if that coder can't maintain the product on their own and if they're a colossal asshole that no one else can work with Then that coder is an as a liability not an asset Right because you need to be able to work with more than one person In order to attain superhuman objectives, which is to say more than one person can do And everything interesting is superhuman right the limits on what an individual can do are pretty strong And so yeah, I I'm I think that that's true. I think that that The kind of policy bent towards selfishness kind of self evidently produces more selfish outcomes, but not better ones, right? not not ones that are Not ones that reflect Kind of a shared shared prosperity and growth Thank you Hi Hi I have had the pleasure of seeing you keynote both decentralized web summits and The ideas you bring to these talks always really stay with me longer than anything else So thank you with with what you've talked about here This is honestly one of the most intimidating and terrifying topics and I'm wondering What what are some ways besides staying informed in trying not to get burned out by at all? What are some ways that people can make a difference? So I recently moved back from London to california as I mentioned And one of the things that that means is I have to drive now and I'm a really shitty driver and in particular I'm a really shitty parker and So when I have to park I do a lot of this and then a lot of this and then a lot of this and then a lot of this And what i'm doing is i'm like moving as far as I can to gain one inch of available space And then or centimeter and then moving into that centimeter available space because that opens up a new space That I can move into and then I'd open and then I move as far as I can and I open up a new space We do this in computing all the time, right? We call it hill climbing. We don't know how to get from a to z But we do know how to get from a to b Right, we can we know where the higher point of whatever it is. We're seeking is stability or or or You know density or interestingness or whatever and so we move one step towards the the objective And from there we get a new vantage point and it exposes new avenues of freedom that we can take I don't know how we get from a to z. I don't know how we get to a better world And I actually believe that because the first casualty of every battle is the plan of attack that by the time We figured out the terrain that it would have been obliterated by the adversaries who don't want us to go there And so instead I I think we need heuristics and that heuristic is to see where your freedom of motion is at any moment and take it Now larry lessick. He's got this framework the four forces code law norms and markets My guess is that most of the people in this room are doing a lot with norms and and markets, right? That's kind of where this this conference sits in that little two by two And as a result you may be blind to some of the code and so some of the law and norm Issues that are available to you right that that it might be That jumping on eff's mailing list or if you're european getting on the edry mailing list or if the mailing list for the individual digital rights groups in your own countries like net's politic in germany or the quadrature to net in france or open rights group in the uk or Bits of freedom in the netherlands and so on getting on those lists And at the right moment calling your mep calling your mp or even better yet Like actually going down when they're when they're holding surgeries when they're holding constituency meetings They don't hear from a lot of people who are technologically clued in right like they only get the other side Of this and you know i've been in a lot of these policy forums and oftentimes the way that the other side prevails It's just by making it up right like one of the things we saw in this filter debate Like we had computer scientists who were telling mep's You know the 70 most eminent computer scientists in the world right that a bunch of touring prize winners Vince surf and timberners leave said like these filters don't exist and we don't know how to make them And they were like oh, we've got these other experts who say we know how to do it And they they had been told for years that the only reason Nerds hadn't built those filters is they weren't nerding hard enough right And if they actually hear from their own constituents people who run small businesses that are part of this big frothy industry that everybody wants Their national economies to participate in who show up at their lawmakers offices and say This really is catastrophic. It's catastrophic to my business. It's catastrophic to the internet. They listen to that Right it makes it moves the needle And and you know you heard earlier someone say are we at peak are we at pitch now? Well, I should pitch right? I work for electronic frontier foundation. We're a non-profit the majority of our money comes from individual donors It's why we can pursue issues that are not necessarily on the radar of the big foundations or big corporate donors We're not beholden to anyone And it's people like you right who keep us in business And you know, I don't draw money from EFF. I'm a mit media lab Research affiliate and they give EFF a grant that pays for my work So the money you give to EFF doesn't land in my pocket, but I've been involved with them now for 15 years I've never seen an organization squeeze a dollar more. So I really think it's worth your while EFF dot org Thank you Oh someone over here. Yes. Hi That that mic is off. Oh, there you go. Thank you very much. Really appreciate the speech. I was very inspiring Thank you. Um, I think maybe not sure how many other people feel this way but one thing that's been hard to me about politics in general, especially in the age of social media is, you know There's a lot of it that spreads messages of fear and anger and hatred and sometimes it feels like when you want to say something and you want to spread a certain voice or Or just spread a certain message that there's this fear of getting swept up in all these messages and and ideas and things that aren't necessarily You're not necessarily aware of your own biases and things like that. How does one stay in say stay sane and fight for, you know, the right fight? I you know, I wish I knew I like I I'll freely admit to you I've had more sleepless nights in the last two years than in all the years before it I mean even during the the movement and nuclear proliferation that was a big part of in the 80s when I thought we were all going to die in a Mushroom cloud I wasn't as worried as I am now. It's tough. I mean for me like just in terms of like personal psychological opsec I've turned off everything that non-consensually shoves Donald Trump headlines into my eyeballs You know that we talk a lot about how like engagement metrics distort the way applications are designed But you know, I really came to understand that that was happening about a year and a half ago So for example, they changed the default Android search bar so that when you tapped in it showed you trending searches Well, like nobody has ever gone to a search engine to find out what other people are searching for Right and the trending searches were inevitably trump threatens nuclear armageddon So the last thing I would do before walking my daughter to school every morning is I would go to the weather app And I would tap in it to see the weather and it's news and it's weather in headlines And the only headlines you can't turn off are top headlines and they're Trendy, you know, they're all trump threatens nuclear armageddon, right? So I realized after a month of this that what had been really the most calming grounding 10 minutes of 15 minutes of my day Where I would walk with my daughter to school and we talk about stuff and it was really quiet We live on a leafy street I just spend that whole time worrying about dying Right and so I had to figure out how to like go through and turn all that stuff off Now what I do is I block out times to think about headlines So I go and I look at the news for a couple hours every day and I write about it I write boing boing right I write a blog about it not necessarily because my opinions are such great opinions But because being synthetic and thoughtful about it means that it's not just Buffeting me right it's it's it's it's becomes a reflective rather than a reflexive exercise But I don't know right. I mean I think that and I don't think it's just the tech I think we are living in a moment of great psychic trauma We are living in and you know the the reason the IPCC report was terrifying Was not because of the shrill headlines the IPCC report was terrifying because it is objectively terrifying right and and so How do you make things that are I don't know how you make things that are objectively terrifying not terrifying I think the best we can hope for is to operate While we are terrified with as much calm and aplomb and uh thoughtfulness as is possible Um, how are we for time? Do you want me off? I know my clocks run out or can I take one more question? stage manager one more One more. All right, and then we'll then we'll ring us off. Yeah. Hi. Um, hi better be good though Okay, I'm ready. I work for the media lab too. Um, so my question corey. Thank you for your talk I think Uh, a lot of people in the cryptocurrency world think about um the current systems that we exist in and we're trying to exit those systems to some extent and create parallel financial, uh, you know, political institutions would have you Versus expressing voice within the current system. How do you balance? Exit versus voice in the current system Well, you know in a technical in a and I I said before that like a constitutional argument is just an internet flame war by another means Right, so uh, when you're arguing About a commit and a pull request One of the things you do is you do proof of concept, right? You show that the thing that you are patching is real and can be exploited Or you show that you're you run unit tests to show that your patch performs well Those parallel exercises are useful as proof of concepts and as unit tests, right? They're prototypes that we can fold back into a wider world and um, I think that The the thing I worry about is not That technologist will build technology. I want technologist to build technology. It's that They will think that the uh, the job stops when you've built the proof of concept That's where the job starts, right when you can prove that you've written a better Algorithm you then have to convince the other stakeholders in the project that it's worth the actual like non zero cost of patching To make that to make that work, right of of going through the whole source tree And finding all the dependencies on the things that you're pulling out and gracefully replacing them because you know When you run a big data center, you can't just start patching stuff You've got a you've got a toolchain that you have to preserve, right? And so that's that's where the job starts, right build your proof of concept build us a parallel financial system Build us or whatever So that we can figure out how to integrate it into a much wider more pluralistic world Not so that we can separate and see stead on our little, you know world over there as you know Like it doesn't matter how great your your Doesn't matter how great your your bunker is right like you can't shoot germs Right like if your solution allows the rest of the world to fall into chaos and no one's taking care of the sanitation system You will still shit yourself to death of cholera in your bunker because like you can't shoot germs Right, so we need pluralistic solutions that work for all of us. Thank you. Thank you All right. Thanks everyone