 The next speaker is Kurt Obsel, he's a guest from the United States and he's working or he's not only working, he is the Executive Director and General Counsel of the Electronic Frontier Foundation and he is a long-time working attorney and he has had many high-profile cases against the National Security Agency, for example, and that's also his topic, I guess. So it always feels like the Five Eyes are watching you, so give a nice warm welcome to Kurt, please. Thank you, thank you everybody. It's a pleasure to be back here at CCC. Thank you all for coming. I know there's a lot of interesting things to do here, so thank you for taking some time out of your CCC experience to come see this talk. Today we're going to talk about the Five Eyes. The Five Eyes are an intelligence alliance. It is a group of countries, intelligence services who have agreed to work together, share data, and it is the, as far as we know at least, the largest intelligence alliance in the world. Its members are Australia, Canada, New Zealand, the United Kingdom, and the United States. Each one of them, one of the eyes, and they share information about all sorts of intelligence. It's primarily signals intelligence, but it also involves human intelligence, which is, you know, actually working with sources, like more of what the spies do, and geospatial intelligence, which is like looking through satellite information and trying to derive intelligence from that. The Five Eyes, as we will also see, originated in the Second World War. It continued on very strongly in the Cold War, and it continues to this day still spying on all of us. So it's members, the United States, that primarily the National Security Agency, but also that works with some of the other agencies, like the CIA and the FBI. The United Kingdom, as primarily the Government Communications Headquarters, or GCHQ, as well as other services, such as the famed MI6 and James Bond. The Australian Signals Directorate, which is their signals and intelligence agency. And when it comes to some of these partners, they have particular areas of the world that they're responsible. So, for example, Australia has responsibilities in the Pacific area in this excerpt here. It is showing that it's Indonesia, Malaysia, Singapore, based on Australia's unique language capabilities and geographic access. So each of the members has certain responsibilities which may be exclusively theirs, and then they share the information. Canada has the Communication Security Establishment, which is also known as CSEC, for the Communication Security Establishment Canada, and several other intelligence services. This excerpt shows some of the depth of the cooperation. It talks about exchange of officers, joint projects, shared activities. There's a strong embedding within each other. And then New Zealand, where it's the Government Communications Security Bureau, as well as some other intelligence agencies. In this excerpt, it is talking about how keen they are to share data. They're working to meet the standards of that to get into the X key score. We're going to be talking a bit about the X key score later on. And it says, it's hope that sharing will be achieved so we can offer full-take collection data. Full-take is a way of describing the sort of mass bulk surveillance kind of information which New Zealand is gathering and then sharing with the other ones. So it started out, as I said, in the Second World War, where the US and the UK made several intelligence agreements. In the 40s, these intelligence agreements also worked with several of the Allies, Western European countries. But then, post-war, it shrunk down to just the US, the UK, and the key dominions. At that time, they were dominions of the United Kingdom, Canada, New Zealand, and Australia. They've since become more independent. The term five eyes came from just shortening the formal way of saying it when describing the classification level was Australia, Canada, New Zealand, UK, US, eyes only. That was a bit of a mouthful. So that got shortened to the five eyes. And then they actually have an acronym, even shorter, FVEY, as a way of tightening it down a little bit more. So the main document is what's called the UK-USA Agreement. So it was originally called the British-US Communications Intelligence Agreement, but the name was revised in 1955 to the UK-USA Agreement. And the US and UK are still the primary bodies that are part of this. They are the first parties, while Canada, Australia, New Zealand are second parties. So they're not full, but they are very close to being full within this agreement. Now, there have been many plans to expand the number of eyes, some discussions of it. There have been various proposals to add a sixth country to make it sixth eyes. France and Germany reportedly were approached to become part of it. There also are some wider groups, which include first party, second parties, now third parties. And so the nine eyes, some student documents revealed a group called the nine eyes, Denmark, Norway, the Netherlands and France added into that as third parties. And then there's also a group called the SIGIN Seniors Europe, which is more or less 14 eyes, because it takes the nine eyes and adds in Belgium. I think I overdid France, I'm sorry about that, Belgium, France, Germany, Italy and Sweden. And I may have missed one in there, but you can see at the very bottom of the screen here, the full list of that. Now the five eyes agreement for a long time was an extraordinarily closely held secret. The UK-USA Agreement, the very existence of it was secret until 2005. And the text of the agreement was secret until 2010. It is now available, there's the URL if you want to go look it up and read some of the agreements and it's accompanying appendices and a lot of documents that set it about. The agencies that were heavily involved that were themselves secret, the NSA, GCHQ and CSEC for example, were not publicly acknowledged until the 70s and for a while even after they were information about them was leaked, they were still denied. In the United States the joke was that the NSA was no such agency referring to the practice of denying its very existence. In one sort of interesting quirk, Australia, the prime minister didn't find out that Australia was part of this group until 1973 when there was an internal dispute in Australia which led to some investigations into their intelligence services and then they discovered that in fact there was this agreement. But now the five eyes is a little bit more open about its existence. They now have annual meetings and issue press releases. During the Cold War the five eyes focused primarily on the Soviet Union and China which were considered to be the big threats, the communist threat of that era and it was mostly extensive NSA GCHQ cooperation. We see here in the pictures that the GCHQ headquarters on top, the NSA headquarters on the bottom and they used that in some key moments of the Cold War, some Vietnam, the conflict there, in the CIA-backed coup in Iran in the 50s, in the Chilean coup that brought Pinochet to power, information derived from the five eyes collection were used to effectuate those coups. One of the key programs was for signals antenna, the echelon collection and analysis program. Now echelon is actually just one of the code names for the program. It's the most well-known code name so I'm referring to it there. But it had several names over the years and it started out in the 60s and it was using Earth stations to gather information from satellites because at that time for a lot of long distance data and telephonic communications were being beamed up to satellites, beamed back down to the Earth and it was possible to receive the satellite signal even if you weren't the intended recipient and that was a primary source of communications intelligence. And so they used the geographic coverage of the five eyes plus their technology and building down receiving stations to gather information throughout the world and bring it all together. Though over time echelon became more or less obsolete. Fiber optics began to supplant satellite communications and satellite communications of course still exist, they're still used but they're often being used for things like video, things which are, you get the idea of what you're trying to spy upon just from like the metadata of knowing what video is being sent, you don't need as much of the raw data and they were getting worried that they were getting very little intelligence through these down links and they needed to get onto the internet more where the fiber optics were carrying more and more of this data. And this really ramped up in the new millennium after 9-11 there was a strong desire to expand in this capacity pushing the limits of law and policy and they wanted to live on the network to try and get back to the place where they had deep insight into world communications and a lot of the global IP traffic is being routed by cables that go through members of the 5Is they were some of the more technologically quick to adopt the internet and had a lot of the cables going through the country as it was and this allowed them to engage in some of the bulk collection two of the programs that have become well known through the Snowden leaks the upstream program from the NSA and the tempora program from the GCHQ so this is an example from the NSA's upstream program this came from EFF's lawsuit against the National Security Agency we are now in our 10th year of suing the NSA and they haven't successfully gotten rid of the case yet which I think is a somewhat of a victory and what we show here is the Folsom Street facility Street is just a building in San Francisco a windowless building that serves as a routing and peering center for AT&T in there the information comes through goes through an optical splitter one copy goes on to its destination through the peering links the other copy goes to an NSA controlled room and then to a secret network which goes back to the NSA and similar designs with this sort of optical splitter are throughout the network where they're getting this take from the global communications tempora works in a similar manner the GCHQ refers to it as a buffer so they have a buffer which they've taken from fiber optic cables going back a certain period of time and then they share that with the Five Eyes through X-KeyScore you can see here from this excerpt that they're a massive amount of data they're very proud that this is more data than several all the other databases combined more than 40 billion pieces of content per day so this gives you a sense of the scope of the surveillance that is being conducted and then used in this in addition to this bulk collection the Five Eye members are involved in active collecting programs they will develop and deploy malware develop back doors to allow them access to put that malware on they have tailored access operations which is where they go after more specific targets directly trying to attack a known person or entity and then corporate access where they are obtaining information from the internet service providers the telephone service provider the large internet companies famously there's the program Prism that came out through the Snowden leaks and they also will use as they did with Prism secret warrants other legal process to obtain information from the companies and put it into their shareable system and in some cases when they weren't feeling like they were getting enough from the companies they also took active measures as one of the Snowden documents revealed they found that links between data centers at Google were not being encrypted and so they were able to get in between those links and get the data that was as far as Google was concerned inside their system but was now accessible because the SSL was removed so some examples of things that came through this cooperation there's the Reagan malware that was allegedly made by GCHQ and NSA working together this was found on Belgecom a Belgian telecom provider and also on EU official computers so this was being used by the 5I members to spy upon the European Union see what was going on there the Snowden documents showed that the NSA was behind this intrusion into the EU networks another example eternal blue and this kind of shows how some of these things can go wrong this was a exploit exploit to SMB that could allow for remote code execution and then it was leaked by a group called the Shadow Brokers who somehow got a hold of a variety of NSA tools and leaked them it was eventually used by WannaCry and caused worldwide trouble there and even though once it was known to have leaked their patch was out it's still actually very dangerous because people are slow to patch so this shows an example of how some of these tools where they will tell you that it's designed to make the world more secure are in fact backfiring and can make things less secure another example of that Juniper the Juniper Screen OS used dual EC DRBG this was something that the NSA inserted a flaw into a flaw into its random number generator that allowed someone who knew what constants were being used to have an easier time to decrypt the traffic going through the Juniper iron that was using Screen OS though the funny thing about this one was that when this was discovered it ended up using different constants than the NSA had originally provided which suggests that this back door that they had created to allow easier access to communication streams had been compromised and put under the controller made easier for a third party where basically the back door got out of their control so a little bit about how the five eyes works well, it's more or less straightforward they connect, they collect intelligence signal standards, human intelligence they share that with other members under the five eye restriction they make an agreement not to spy on each other's government officials government entities though not so much as far as each other's citizens and the other advantage of some of this how it works is that if one part of the five eyes is engaged in particular spying the others can deny that they're doing that spying because literally they are not and still get the data and so a lot of the things that came out that later were shown to be part of five eye programs when they came out there was some denials from members of the five eyes who weren't the ones who were part of that aspect of the collection and very dangerously it allows for some domestic workarounds where if you have the, if you're a member of the five eyes you may have as all of them do restrictions on when you can spy upon your own citizens you might have to go to a court might have to get special process might have to go through a lot more paperwork but that may not be true for the other members of the five eyes who might be able to spy on your citizens and then share the information back so David Blunkett, a former Home Secretary of the UK who was talking to Parliament and he said that the NSA were circumventing the UK restrictions where the UK would have to go through this additional process if it was to ask for information about UK citizens but the NSA instead just offered to give them the information without them asking and so that was somehow able to get around that restriction the other thing which is pretty key for the domestic workaround is this notion that unintentional collection isn't a problem to share and unintentional collection is that they are intentionally collecting bulk data in this case talking about metadata but there's no intent to target an Australian national this is one of the Australian ones because they're just collecting everybody and it just so happens there might be some in there but because it was unintentional that is something that can be shared and I think this is a very dangerous notion one of the core dangerous notions of bulk collection is that it doesn't matter unless you are specifically targeting if you target everybody you can get everyone but you're doing it unintentionally and so it doesn't matter and then once that data is obtained it's very easy to share through the X-key score system the operators can determine what level of sharing is available on that they could select for some data a five eyes defeat checkbox select that box and it will not be shared with the five members but it's not required and they can basically put on there whatever selector they deem appropriate and then they can be shared with those members they're a little bit more selective for the third parties nine or fourteen eyes that might be part of it but there's a lot of sharing within the original five eyes so to give an example of how the third parties can get some access Germany's BND uses X-key score and this excerpt they talk about successfully using some DSL wiretap collection and also the BFV the German Domestic Intelligence Service was looking for more X-key score access and the NSA seemed to be delighted to provide that so they may not be getting everything but there's a lot of cooperation trying to get this data and share it so to bring this sort of more towards where is this going today and where are the problems today we'll take a deep dive on encryption which is something that is very important for the world it provides privacy and security for billions of people and that privacy and security is vital for the functioning of a democratic society but the five eyes they want to return the world to the days where it was easy for them to get massive spying on data and so they have a very keen interest in encryption this is from the X-key score sort of a promotional PDF that was leaked through the Snowden documents and they give the example of encryption well you can just go to the X-key score and say hey show me all the encrypted word documents in Iran or all the PGP usage in Iran and you could substitute any country for Iran in this example so they want to be able to get that they have a storage facility where they keep encrypted data for as long as it takes to decrypt it but encryption is getting increasingly frustrating for the five eyes this is just one example HTBS in Chrome over the last couple of years from 2015 to 2018 where it's going from below 50% up to somewhere in the mid 80s different countries have different adoption rates but the trend is there and I think this example is more or less reflective of overall trend things like let's encrypt have made it a lot easier encrypt internet traffic and so they're finding it more and more the communications that they're trying to spy upon are encrypted they're also finding it frustrating that the devices that they see are often encrypted so in 2017 the ministers of the five eyes met in Canada and issued a joint communique so as I said they had previously been secret but now they're a little bit more often so they're issuing this statement and here it says they said here's the problem we're worried about encryption and we're committed to develop our engagement with communications and technology companies to explore shared solutions while upholding cyber security and individual rights so this is part of their softer touch they want to engage with the companies but that softer touch had a little bit of a force behind it which was the then recently passed the UK investigatory powers act now the act itself claims that it doesn't allow for back doors it never certainly mentions the word back doors but that's because it's so broad that they don't have to mention back doors it has extremely powerful warrants that can target people target organizations it has one particular feature a technical capability notice which is basically their approach to dealing with encryption problem in a nutshell which is they're saying we don't want back doors we don't want to break encryption we just want you to be able to provide the ability to disclose the content of communications in intelligible form so encrypt it all you want so long as you can give us plain text access whenever we ask for it which is sort of the opposite of what you're looking for in encryption and so how would they implement that well we got a little bit of a clue earlier this year when Ian Leves GCHQ's technical director proposed a solution where it's called a ghost user to surveil encrypted group chats a ghost user is someone who joins the chat but is not revealed to the members of the chat so if you're on Signal for example it would be you and the people that you're signaling with and then an invisible user that would also be part of this communications but in order for it to work it has to suppress warning messages it has to do something basically that would kill the authentication system so that you would know who you were talking to and be able to see if there was somebody added to the chat but this is sort of an example of the ideas that they are trying to propose where they're saying we are not breaking encryption because we're not like messing with the math anymore but instead we're doing something within the authentication model and then shortly thereafter the Five Eyes met again in Australia and they issued another joint statement and had a lot of discussions in this a couple of these are notable one is that government should not favor a particular technology they say and this is a lesson that the Five Eyes learned from the first crypto wars of the 90s where several ideas were proposed key escrow systems, the clipper chip and then security researchers investigated them, found flaws and they were turned out to be not very good systems and so they decided to move away from proposing specific solutions that would be subject to that kind of review attack and then ultimate disclosure that they weren't working and saying this is actually a problem for the providers to create these solutions and then the up the ante again this is the second paragraph there and I want to put some emphasis on if you don't do this if we continue to encounter impediments we may pursue technological enforcement legislative or other measures so previously they were saying let's have some constructive engagement but now they're saying hey that's some nice encryption there be ashamed if something happened to it and this wasn't a idle threat because at the same time in Australia they were working on a new piece of legislation now Australia is a little bit of a special place during the debate about encryption in Australia the Prime Minister said well the laws of mathematics they're nice and all but they don't apply in Australia only the law of Australia applies and this of course is a response to various security professionals being saying it doesn't work you can't make a back door that isn't a back door you can't make access to plain text and still have a secure end to end system but nevertheless Australia kept on going and earlier this month they passed the Assistance and Access Act which is a complex law it has many facets to it I can hit some of the highlights here so one aspect is similar to the Investigative Powers Act it's like the Investigative Powers Act plus plus they have the secretly issued orders to compel companies to re-engineer software and hardware in order to comply with their notices it puts some hefty fines for corporations the fines could go up to 10 million Australian dollars and for individuals it could go up to 50,000 Australian dollars and potentially prison time for failing to comply there's a pretty tough position a provision that seems to go against international norms on freedom of expression that suggests that counseling a technologist to oppose this to not cooperate could itself be a crime and the fact that there's some emphasis on individual technologies a fine for them also at least it creates the specter that the Australians may if they're not getting sufficient cooperation from a company approach individual engineers who are working for that company and try to get them to do something with a secret order I'm not sure how that would be able to work very effectively in practice for someone to be able to change the code without other people knowing about it but I think it's something that a lot of engineers are rightly worried about so they also are like well what is the scope of this well it says the designated communications provider don't worry about it they must not be required to implement or build systemic weaknesses or systemic vulnerabilities this was their nod to the criticism that they had received that this might create a weakening security though you might be wondering okay well what's a systemic weakness or systemic vulnerability and that's a very good question because systemic is not defined so we can sort of imagine that they're at least excluding something that would affect a small number of people but it's unclear whether their view of what is systemic is going to be the same as the computer scientists who have been working on encryption who are very worried about things that are systemic for example the ghost in the machine that the GCHQ had proposed I would call a systemic weakness because it is systemically removing the security model for those communications while they might say it's not systemic because we're just going to go in and monitor particular conversations but not all of them but we'll see what that ends up meaning also it's limited to what they say designated communications providers but this is very broadly defined as well and they're trying to say that it is basically any company that has a nexus to Australia now this maybe end up be more complex than that because while a lot of companies do business in Australia they don't necessarily have offices or engineers there and a lot of the companies that they're sort of most concerned about are not in Australia in sort of a heavy way so whether or not those companies sort of feel like they have to abide by this law we shall see some projects like open source projects have said we're just going to not have anyone go to Australia anymore and we won't have to worry about that but that's a harder thing to do for a company like Google or Apple when they're trying to create more secure messaging systems and to give us sort of a sense of what they consider the types of assistance that they might ask for they have things like removing a form of electronic protection that means cryptography if they have the capability of doing it so they're not also sort of some discussions of this have said if you have the keys they're more about if you have the capability providing the design specs to the agency this is in case they want to create their own attack mechanism or exploit on it and that brings us to the next one which is installing maintain testing whatever software given to the provider by the agency so after they get that information develop their exploit based on it they might say hey here's this box stick it on your network don't worry about it or you know just add the software so it can exploit on the target company system and you know there's also things like helping tester develop their own systems and capacities so trying to go sort of both sides of that where they're putting obligations on the providers as well as trying to help the agencies be able to break those things there's another one here notifying agency of major changes to their systems that are relevant to the effective execution of a warrant what that is talking about is if they're going to be adding something that adds more security that if it's previously they were able to get that information with a warrant but now it'll be less effective because an additional security system was put into place they won't advance notice about that so they can potentially do something about it so for example on your iPhone if you back up to the iCloud then often times there is a copy of your data where Apple has the key and so if they sees your phone want to get the encrypted information on there and they can't get it from the phone they can get the same information from the iCloud backup but if Apple made it so that you held the key for your backup or a similar service came about then that would be perhaps one of these changes that they're looking for notice of and then on the last one concealing the fact that agencies have undertaken a covert operation so secrecy is a big part of this and so they will be doing these operations potentially installing software hardware along the networks potentially asking them to remove things but don't tell anybody about it now many people have said to the Australians that this is not feasible, this is not practical that you can't remove the encryption without breaking it so they have a provision here that the Director General of Security one of their top intelligence officials is not supposed to be issuing this unless the Director General is satisfied that it's practical and feasible so that means the decision-making authority on determining whether the complaints about its practicality and feasibility are true are the Australian government so they can say we disagree, we think it is practical and feasible and so despite whatever arguments you have gone, the laws of mathematics don't apply here, only the law of Australia so go ahead and do it so why does this matter well it matters for a lot of reasons one is that the Five Eyes is conducting surveillance operations on a global scale they are creating with this bulk surveillance something similar to the Panopticon the Panopticon refers to a a prison design where as seen here the prison would be a circle around a central surveillance location and that would mean that all the prisoners cells could be viewed by the surveillance and they wouldn't know whether their individual cells were being viewed and the idea was to induce better behavior from the prisoners because they knew they could only always be spied upon they are always being subjected to surveillance and that was designed to intimidate them into not doing bad behavior and by creating a regime where all of our communications are capable of being spied upon where there is no security that you can be sure of that you can go to a company, get something which seems to be an end-to-end product but know that they might have gotten a technical assistance notice that might have introduced a flaw of the system like that ghost that would be able to listen in then you're subject to the background where you're always knowing that big brother is watching you. The second thing is that this is not just for identified targets. A lot of times the rhetoric around this we'll talk about we're using this just to get sort of the bad guys and terrorists and such but they're still collecting all the data because essentially they're trying to create a time machine so that if later they find out that somebody is worthy of their attention they don't just start surveilling them but they can go back and say wow what was their emails from five years ago what have they been searching through their browser prior to when we became interested because they have that take and the further back in time perhaps the less that it goes but we've also seen things like the NSA built a massive facility in Utah that can store years and years of full take from telecommunications so they'll be able to go back in time pretty far and like this is something which is fundamental to goes against fundamental human rights. Privacy is a fundamental human right it has been and trying upon things like the universal declaration of human rights virtually every charter of human rights identifies privacy as something that is important most constitutions will have provisions about it and is trying to strip away that privacy with the thin veneer of saying well but we won't look at the data until we think that there's a reason to so you still have privacy and that is not right and so it falls afoul of some key principles where that surveillance should be necessary and proportionate she only conduct the surveillance when it is necessary when there is a reason to it that allows you to target that person that entity for an important state interest but also it has to be proportionate that the amount of surveillance the type of surveillance the activities should be proportionate to the threat that you're mitigating and I put up a link here to the necessary proportionate principles necessary proportionate.org these are some principles that were derived by a number of civil society members and NGOs to set forth what would be a good way to balance between these very important human rights and the investigative capacities of nation states and it's very important if we're going to have a free society moving forward that the surveillance abides by these principles and it is disproportionate to do bulk surveillance and one of the things I was saying is that why encryption is particularly important is because they want to destroy encryption to allow for that bulk surveillance that if there's a particular target they have plenty of tools from malware tailored access operations to be able to do pretty well surveilling a particular person but the encryption gets in the way of doing massive surveillance and storing all that veil making it available through things like X key score so that they can go back in time and that is the sort of the greatest danger to having a free society of the massive surveillance and by doing this very publicly it also normalizes mass surveillance so that you know there's a line of rhetoric that's sometimes used that because the five eyes are western democracies that you know they're the good guys and we shouldn't worry so much about misuse of these powers but even if you buy into that it normalizes mass surveillance for all the other countries in the world so if you find a country that you would find authoritarian that will not be respecting human rights principles they can now say hey we're just doing what these other countries do it is part of what every country does and so breaking encryption asking for the back doors making sure that we can get access to plain text for example is something that all the countries can ask for and if you even if you feel that it's okay that Australia can get this information and then share it with the other five eye members or maybe the 14 eyes maybe you don't feel so much that China should get this that they should be able to say that all devices sold in China will have a back door that goes to the Chinese government maybe it's the Russian government that you're worried about but in all these circumstances it makes it too normal and also the as we saw with some of the examples of the malware and such that the weaknesses that have been introduced into the system by the by the five eyes have been used by others they've gotten outside of the control and that even if they feel like well it's not a systemic weakness to use their their term that it can become a systemic weakness when it is massively exploited when it goes through perhaps the shadow brokers perhaps it is just its independent discovery by a security researcher we don't know all the ways they can come out but we do know that weaknesses do become discovered and do become exploited and so once you put them in they can be abused and then the five eyes offers no real protection for for its allies in fact there have been examples of the five eyes spy non-countries which would ordinarily be considered allies members of NATO for example there's not very much protections for ordinary five eyes civilians because they have that ability to spy and share the information with other members and there's nothing for the rest of the world that they have very little in the way of restrictions on what can be done for everybody else and so while security is so important a key thing the problem is not that it's too strong we already have enough weaknesses in our information security and finding more in order to enable the spying is going to be ultimately counterproductive now in this way the five eye they say we're all about security they were trying to say we're trying to secure the world but they've actually introduced widespread insecurity and the encryption example is very is sort of the key to this one because that is really where they're in the public having the method of attack right now they want access on demand and they're saying that this is what they call responsible encryption but the only responsible encryption is strong encryption and if you have access on demand you've destroyed the trust in the end to end security model you've made it so it's not possible to have a fully trustworthy system and if you destroy that trust that is a systemic weakness so a lot of the work has been done from the five eye trying to introduce into security researchers the notion that we should be continuing to have what they call the debate and try to figure out ways in which you can have your cake and eat it to where you can have strong encryption but nevertheless get access and they say we need to research this we need to discover instead what we need to do is find the weaknesses that already exist and try to fix them so don't be seduced by the temptation to try and find a better escrow system a better way of providing that access but instead we should fight for the strongest possible encryption so that we have secure communications and therefore we can have a democratic society thank you very much well thank you Kurt I think we have plenty time left for some good questions if we have them so line up at all the microphones and let's start with signal angels I heard you have something for us from the internet can you comment on the use of arms export control regulations in particular to prevent the spread of strong encryption sure so it's asking about the the vassnar arrangement which is a an arrangement where they're trying to list out some munitions that cannot be exported who are of export controls and you know for many of you munitions may bring to mind things like tanks and guns and such but in some cases they're looking at for example tools, pen testing tools as falling under the sort of the category of things which should be restricted also strong encryption device and I think this is kind of a mistake that it is not really realizing that in order to test security you have to use the tools that can break security even if those might be tools that could be used for evil so a lot of the controversy that's come up from vassnar is that in a well-intentioned attempt to try to make it more difficult to sell attack tools to repressive regimes but they also overdrew it so that it was removing some tools that were necessary for security researchers okay let's have microphone before please yes, thank you very much for your talk that was very informative my question is I mean they've got the technology to do the surveillance do they also have the ability to do some manipulation on the data and are they actually performing those manipulations so that's an interesting question I don't have any evidence that it has been done at any kind of scale but the ability certainly if you have a fiber optic tap for example on a system as we understand how they do it they just put an optical splitter take two copies on their way but it is certainly possible to have a more complex computer system in its place that would look at some of the data and determine that some of it should be changed it may be too detectable one of the things they're very worried about is being detected so I'm not sure how that would work at scale without some lag for the particular information that was being stripped and moved and we haven't seen any sort of documents about it being done at scale now moving back not at scale there certainly has been some information manipulation over the course of the almost 100 or 80 or so years that the Five Eyes have been working together with some of like during times of conflict for example we talked about the Vietnam Conflict the Gulf of Tonkin Institute was later revealed to have been a bit of a sham so at a smaller scale certainly is in the history of these agencies to engage in disinformation but I'm not sure that that's applying to the massive scale well let's have microphone one please everything that you kind of summarized is essentially a legal attack it's not a technological attack can you be a little bit closer to the microphone thank you everything that you summarized is a legal attack it's not a technological attack really is there a place left that is traditionally neutral jurisdiction like I don't know Switzerland some Nordic country where at least you cannot be spied on without knowing it or this battle is completely lost at this point well so that is a good question and I think that you know there still is somewhat of an ability to base yourself in a particular country based on your knowledge of their laws and the restrictions they have on that country doing surveillance on citizens and you could sort of imagine a country that had sufficient transparency and control so you had a reasonable amount of faith in that but the thing that you can't control for is whether they have been themselves compromised by a third party for example the Five Eyes so you give Switzerland and is it possible that the Five Eyes have done surveillance on Switzerland without the Swiss permission it's certainly possible I have not seen any information that has happened but a lot of really interesting stuff happens in Switzerland and they're extremely interested in the flow of money Switzerland is well known for its banking system and its secrecy a little bit less secret than it used to be but nevertheless that's one of their principles so that is a bit of the risk so think of it sort of like a multi prong thing that you need to have the law that says that you would be protected and you would have a policy that makes that law actually effective a country that abides by the rule of law but you still need the third component which is a technological protection a system that you can trust that even if somebody was trying to actively exploit it they would be resistant to that thing so hoping that they don't because they have the law and policy but also in case that they do or maybe a third party does that you have that system of confidence in that system and I think those systems still will exist and they will continue to exist because you can develop an open source product make it available not go to these countries and someone can look through the code and have at least a reasonable idea that there's no intentional backdoor, there's no intentional ghost user capability that it has a system where if anybody is added to a conversation you need to verify keys and go through a process so the technological step I think you need in addition to being comfortable with the nation state wow that's a microphone too hello so this is perhaps a little bit more of a comment so there's a thing in modern messaging programs like Signal Caught of Ford Secure Ratchet we think what it does allows the encryption to sort of heal if the device is compromised at a particular point in time and what this is actually good for is it lets us simplify the authentication between devices so one interesting thing about this ghost user problem so a major sort of academic open question has been how would you how do you generalize these Ford Secure Ratchets to multi-party things and we don't really have a great answer there's some nice things the ghost user problems is that maybe the right way to think about this question isn't how do we just generalize the Ford Secure Ratchet with the healing property but actually how do we make it specifically resistant to these ghost users how do we make it so that it's mathematically impossible to hard to hide who are the participants so that this might be the right generalization for this kind of problem anyway it's just an interesting thing I take away from your talk thank you for that comment so I'm going to say it's an initial response comment I'm an attorney, not a technologist so I work with a lot of technologists and so I couldn't tell you specifically about that system though it is to my knowledge that Signal is working on trying to solve this problem and messaging providers are and that I would say as a sort of more of a higher level thing as technologists what y'all need to create, please hopefully that people in this room will do this is a great user interface that simplifies the key authentication management transfer systems so that people can quickly and easily verify the keys of the other members of their group and make it so that it's very hard to add an unauthenticated unverified person okay let's hear from the internet again Signal Angel we have a few more questions from the chat the first one how far do you believe SIGINT has come since the Snowden leaks do you believe it is far worse than in 2013 yeah that is another good question so we have we had a great trove of information that came out in 2013 during the leaks some of which actually was not right there at 2013 was describing things that were happening a little bit earlier there have been various follow on stories so we do know a few things about what has happened since and there have been a few reactions like in some places the reaction has been to pass legislation to authorize more of these things things like the investigatory powers act and this assistance thing the United States the foreign intelligence surveillance act and some modifications so that really doesn't give you a whole lot of faith it gives more legal some of the activities that they were doing and in the context of at least some of these laws there were various things that were put as a nod to the civil liberties concerns that we saw this just now where they were saying well we won't do systemic weaknesses in some of the other bills there are things like well when you're presenting it to the court the court can get experts so it's harder for the agencies to resolve the judges by techno babble things like that that are reforms but it hasn't gone far enough to give us the confidence that there have been real reforms and then there is sort of the concern at the same time that their capabilities are increasing at an increasing rate like the ability to store data and to think how much it costs to get like a terabyte of data in 2013 how much it costs today then sort of think about how much traffic they can cover by massive data storage how many years back of full take they can store and it's going to be an ever increasing number it's going to be ever cheaper to store massive amounts of data that will allow them to go with their time machine further back in time so yeah I am a little concerned with some of that decrease in costs that that was actually one of the greatest protections we had for our civil liberties well it was too expensive to spy on everybody a long time ago to find out where you are they needed to have a person walk behind you or like a car follow you around and then they got like a beeper they had to stick it on your car you know stick the beeper on and have somebody tracking it but now we all have a phone in our pocket that gives out our location all the time and so they can just query a database and find out any particular phone numbers movements these are a lot of things which give them greater capacity so I kind of think they are in the golden age of surveillance despite their claims of encryption causing them to go dark let's go to microphone one at the beginning what can you tell us about the position and role of the European Commission about all the decisions of the UK European Commission AC the EU the UN or UK EU so what can I say about the EU on this well I think when some of these things came out the EU did some investigations into it and has been generally saying that this is a problem for some of the it was reacting mostly to the Snowden leaks but then also a lot of the data protection efforts in the EU have been focused mostly on what information is available to commercial entities they do have some effect on government energy but not a particularly strong restriction against national security uses so I think the EU could do more to make it clear that this would not be acceptable for EU members so I think we can squeeze on number 4 alright so I was wondering about the access and availability act the Australia when you told us about from a legal or business perspective how are companies actually for it and can they avoid it by limiting or not doing any actual business in Australia at all and did some companies already sort of said they would want to so I think some of the companies came out pretty strongly against the bill as I call Apple submitted comments that were pointing out some of the flaws in the bill now it's one thing to say that this is flawed and try to stop the bill a little bit of a heavier thing to say well then we're just simply not going to do business in that country and that is one of the challenges for any kind of global corporate enterprise where they have to make some choices about whether or not they're going to do business in a regime that might assert jurisdiction and try to make them do things that they don't want to do and we've seen occasional examples of that after Google discovered that China had hacked into its systems and was getting information about some dissonance through that hack they did stop doing business in China for a while but then I think they're still interested in potentially doing that and working on a search engine that will be acceptable to the Chinese so these marketplaces provide a strong temptation I think Australia is not the largest of markets it's one that some of these companies could decide not to do business with without sacrificing a giant swath but would they do that it kind of will depend they have to decide ok if we stop doing business here how much money would we lose if we continue to do business here and we're forced to compromise our products worldwide in order to comply how much business would we lose especially if that ever got found out and then the other possibility is say ok we're making a special Australian version and that you know that was there's some bad history for that for a long time in the 90s versions of the then most popular browser the Netscape navigator one for US domestic use one for international and the one for international had very weak encryption so that it was easy for the NSA and 5i partners to be able to crack that encryption but this was really silly because it was fairly trivial for someone to get a copy of the stronger encrypted version and ultimately that export control of the stronger encryption turned out to be a violation of law and so now we have everybody gets the stronger version and so I think if you try to say ok I've got this messaging software and here's my Australian version I think many people would be like maybe I shouldn't get the Australian version if they think that this is the reason why they're having that two products ok so I think we have already overstepped our time so I'm sorry for all the other questions but I'm sure they can find you at least it's not the internet alright so give another round of applause for Kurt please thank you everybody, thank you for coming out and thank you