 Yeah, welcome to the 28th Chaos Communication Congress So 20 years 28 years is quite a bit of time and So what we really would like to know is who is here for the first time Wow cool So we always said that our goal with these congresses is basically growing the cultural space growing the idea space of hacking of hackers of the hacker mindset and we have traveled quite a bit in the last years and So there you know probably the saying of the second half of the chessboard coming from this Ancient saying about the Indian King who wanted to award the inventor of chess And the inventor of chess said yeah I want one piece of grain for the first field two pieces in the second field eight pieces four pieces on the third field eight pieces on the fourth year and so on so an exponential growth curve and What we're seeing now in this year? Is that we are technology development wise now in the second half of the chess board? That means everything is going ever faster all the time It doesn't mean that this will continue this way But this is part of the explanation why all things that we're seeing are going ever more crazy All time Because technology is driving now everything so core doctor who will speak later said that you don't buying a car anymore You're buying a computer that has some motor and wheels as peripherals and This is basically what what we are here about we're about to learn to exchange opinions ideas and The thing that we should keep in mind is that what we do here really matters Because lots of people out there are just sitting there like here Dear in the headlight when it comes to technology development whereas we strive to try to understand what we're doing and We really want to understand how technology works. We make it our own. We want to make it working for us So that doesn't mean that everything will be happy and fine because what we see this year Very clearly, which is what the Afghani will be talking about in a moment is that also Dictatorships and oppressors and large corporations have massive technology So they are buying people like us they are able to just get the technology minds that they need by giving us money and What it also means is that what we do as a community and what we do not as a community what we decide to not to do Really matters. It's not like like playing a little bit in the in the corner anymore It's we are in the center of Society's development and this is something that we should keep in mind while being here, but I'm off of all We want to have fun. So let's have fun and have a nice case communication Congress. Oh, hi everyone It's very odd for me to be speaking after you've been promised to have some fun because it's a rather gruesome subject That I'll talk about and it's also very odd for me to be playing this part of the Grinch who stole Christmas This year in part because I've been repeatedly talking about the way in which the caters have been using technology For their own purposes to crack down on free speech to engage in Sarbanes. I've been saying that for several years But this year suddenly I found that the media and the public began paying attention And I would argue that it happened in part because of the Arab Spring because some documents were discovered that showed that Technology companies were pitching their products and their solutions to dictators But in part because the conversation has turned from talking about some abstract technology That is being used by dictators to the role that Western and not necessarily Western Technology companies are playing and supplying those technologies So suddenly the tables have turned from talking just about technology in the abstract They're actually kicking some of this companies in the butt Which is interesting and which is also something that the media can easily play on But again, I just would like to emphasize before we get into the substance of this is that many of the same points have Been made for many years Including by many people in this audience. This is not a new discussion It did not start this year this year is when the media suddenly picked up on some of the messages I would also like to caution Before we proceed any further is that this is not an extremely comprehensive overview of every single technology and every single company That is being used by dictators. There are hundreds of them I will point you immediately to a couple of interesting resources. Some of you may have seen those Bloomberg has put together this very interesting visualization Virate for repression which allows you to actually click on a particular country and see both Who's buying this technology with kind of technology it is who's supplying it? It's dynamic You can browse this in real time and you'll get a much better overview of many of the particular Technologies and companies involved. We'll just mention two others briefly some of you may have seen the spy files We should put together by WikiLeaks on a Privacy international and a bunch of other partners Which delivers many of the same information in a somewhat different format for more investigative take I would also urge you to check out the Wall Street journals Huge series called Sendership Incorporated which actually has some nice narrative And so does Bloomberg and the WikiLeaks site which actually go to the specific detail Of what technologies what companies and so forth and so forth so today I'll take a more of a macro level view and try to focus on What's happening and what we can do and why I believe some of the solutions that happen proposed like sanctions Are not going to entirely solve the problem I assume that this is a technical audience and you guys know a Lot of this stuff much better than I do. So I'll just be very brief while talking about particular technologies So if you look at what kind of gear dictators are using and for what purposes some of it is self-abuse It's trying to control communication channels whether it's email whether it's text messaging some of it is done on a very primitive basis just by tracking keywords Some of it is done a little bit more sophisticated by looking at location and even particular users Online filtering is something we've known for a while and going on for decades again Nothing new here intelligent video surveillance is something that we increasingly seeing being supplied by Chinese companies And I will talk about that in a second companies like Huawei who are expanding all over the world and Providing video surveillance supposedly to monitor traffic on the roads and then some one bizarre case They claim they do it to provide long-distance education while It is reasonable to expect that many of the same technologies are being used also to monitor protests Descendant what not what I found particularly Interesting and disturbing for example in Tunisia is that it's not just surveillance. It's not just monitoring what people do You may have seen a recent story in Bloomberg news that Discussed how the Tunisian authority is actually modifying the content of some email messages and either Sort of putting some gibberish in them to confuse people or as in one case discussed in that article They're actually inserting for example pornographic images and work-related emails, right? That way they're trying to embarrass and not argue harass the recipients thus creating a very disturbing Trend where people are no longer confident in the technology they're using and again This gear will talk about the companies that provide them But this is more or less what's happening and the first question that I think arises in many of our minds as Why we can just ban this technologies? Why can't we just ban these companies from supplying this gear to dictators? I think here the answer is that it's very hard to implement any kind of global ban That would actually ban all technologies and all technology companies from being supplied to all countries I've just listed city cases which I think will help you grasp Why it's very hard to implement bans and sanctions that work well in the first case You have an American company blue coat that some of you may know has been building mostly on Internet censorship and filtering technology and this technology ended up in Syria and thanks to the efforts of Telecomics we figured out that it is actually being used in Syria even though The United States government prohibits Western while American companies from selling technology to Syria Well, what happened in that case is that blue coat claims? They were selling this technology to a distributor in the United Arab Emirates We actually claim that the ultimate destination of this gear was Iraq And there are no sanctions on Iraq and blue coat said that hey, we thought it was going to Iraq It ended up in Syria. It's not our problem now of course It's a distributor is who are taking the fire for this because the Western companies just claim It's not us we ship it to some place and then it ends up with I know where exactly it ends up Another technology company that recently got into a lot of heat for this is an Israeli company Which more or less got itself into a similar kind of trouble they claim they were just shipping technology to Denmark and They distributed and Denmark was actually contractually obligated to keep that technology in Denmark But then that technology ended up in Iran, which as you can judge is not particularly good news for any Israeli company because again, there are laws and sanctions prohibiting them from engaging with trade in Iran and now Other than suffering A huge fall in the stock markets this company also risks its executives. It is getting quite a few years in prison and huge fines Again, their excuses that it all ended up in our distributors hands another example. The last example here is again an American technology company net app which used to run an Application that was eventually bought by an Italian company called area and this company Because there were no sanctions on doing any kind of technology work in Syria was actually free to ship this technology to Syria So we end up with an Italian company Getting some gear from the Americans sending them to Syria, which again if it was done directly would be illegal Sanctions wouldn't cover it again. Net app managed to get away Even though Bloomberg had uncovered emails that showed that net app engineers We're actually aware that the technology was heading to Syria and that they were actually configuring it in the process Again, the only thing that can be done here and I'm just illustrating you two recent stories on this Is that we can we can ban the distributors, right? We can make sure the distributors that are located in America We're allocated in the European Union that they actually suffered the consequences and that they are banned from shipping any of this gear To countries run by dictators that however, I think is not going to be Fully effective in part because there are just so many other countries involved in this trade, right? One of the recent reports from one of the surveillance fairs that ran in the Washington Post Estimated that there were representatives from about 40 straight countries buying such technology gear and obviously a lot of those Countries are not in the European Union that are not in the US and it's I think useful to think what would happen if some of this American and European Syrupians gear is being shipped to same old all over South Sudan It's actually interesting that another recent article by Bloomberg actually found a representative from South Sudan at one of those Technology fairs and it's very interesting because South Sudan is just five months old As a country and they're already in the market for buying surveillance gear But the question then of course becomes what happens to distributors and what kind of What kind of intermediaries will emerge and those of you who don't know this guy This is Victor boot one of the probably the world's most famous art smuggler who is currently in detention in in Manhattan Who made his money and his fame by Trading more or less arms and supplying them from Eastern Europe To Africa, Latin America and others in other states and continents the question is if Victor both was to start his career today Would he choose to be in this our van's business? And I think it's not an unreasonable question to ask because the more sanctions we impose The more intermediaries will eventually emerge who will do their business by essentially finding failed governments in You name it Moldova, South Sudan, Azerbaijan or any other country Convincing them to purchase surveillance gear from America in Europe They would be able to purchase that surveillance gear because there are no kindless sanctions against them And then convincing those governments to ship that gear to country X whether it's Syria or Iran I think this is quite realistic and this will be happening and the fact that we already saw Some shipments that were destined to be in Iraq And up in Syria suggests that we may already have some people who are like Victor both cooperating as Intermediaries in this business Another note that I want to make on sanctions is that sanctions differ in their scope and in their usefulness You have some sanctions which hurt Ordinary users America has plenty of such sanctions they for example have sanctions on Technology companies any technology companies doing business in Syria which ends up hurting ordinary Syrian users So ordinary Syrian users have problem buying credit on Skype Because there are sanctions that make it very hard not impossible But very hard for technology companies to actually do business they have to go and obtain all sorts of licenses Which then ends up hurting users I know of a few examples of American sanctions for example, which single out particularly individuals They would say that American companies are prohibited doing business from Individual acts and then you know his last name and first name and what not and what we would see is that some American companies Especially internet hosting companies would refuse to do business with any nationals of that country because they do not want to verify That the person buying the internet hosting is not on the sanctions list, right? So there are some secondary unintended consequences from sanctions Which may actually hurt ordinary users and this is something that we need to keep in mind while governments by the way often manage to get away It is in discovery by I think was citizen lap found that Various extremist entities and government entities of Syria actually host their websites in Canada in the US Even though again that goes directly in violation of the sanctions But government entities have all sorts of secondary players they can rely on and solve their problems So again, I would urge you to think very hard about what some of them and the consequences might be There are sanctions on the other hand are good But they often very ineffective because again governments set up other shell companies That take the role of companies that are banned by say the European Union now There are sanctions against doing business with some Syrian companies that work in the telecom industry If you look at the justification for those sanctions, they say that those companies to just shell companies for the Syrian government Again, you bend one company another company pops up and you continuously need to monitor to make sure that those companies are not connected one of the Suggestions that has been proposed in which to solve this problem was to force companies to actually Monitor who their customers are and to do more due due diligence on those firms And I think it's probably true that it's much easier to open to actually buy surveillance gear in the US then to open a bank account in the Any American bank in part because the banking industry has been forced to do due diligence on their customers They have to verify and again many of us don't like it because it creates more problems of privacy It creates again additional surveillance, but there are justifiable Rules and regulations that can actually make sure that our own Western technology companies that do business with clients in the middle list actually engage in better monitoring What's happening? Not just at the time of sale But also at the time of use whenever those technologies are used There needs to be a way to monitor who's using them how those technologies are being modified And so for us again in the case of Area that the Italian firm and net app we do have evidence that net apps engineers Actually knew that the technology ended up in Syria, which again says that we need to make sure that engineers Don't just say hey, we know it's in Sierra But that they actually take action in Gation whistleblowing What not another interesting debate that I think is beginning to happen in Western Europe and in the US Is how much of this know your customer rule? We can actually delegate to technology and here I think it will be very provocative a controversial debate which many of you would probably participate and to what extent we should actually have kill switches on Technologies that are used for either survey and so censorship I know the general argument again kill switches in this crowd would be that they're just evil and bad But when such evil technologies are used on say Technologies that are used for web filtering. I just don't see how random hacker turning off that Technology would actually be a bad thing So I think there are some valid debates to be had web sense for example now claims and web sense is a technology that provides web filtering They claim that the actual monitor Where their technologies are being used and they manage to monitor our 40,000 customers And if their technology ends up being used in Syria, they just make sure that they either don't update it Or that they somehow remotely Turn it off which again, I'm not sure if that's actually happening But they claim to be engaging in continuous the diligence the question here Of course is very complicated and it's how can we justify using more survey and some more kill switches when we actually talk Against survey and some kill switches generally and this is what would be needed There is no other way to monitor what's being done with this technology Except for requiring technology companies to engage in more surveillance of their customers Which again, maybe justifiable in the case of Iran or in the case of Syria But we need to make sure that the same thing is not happening When clients in the West are using it so again a lot of controversial ground But I would like to urge that to just to point out that this is not my While thinking those are actually some ideas debated by some NGOs like access now for example in the US So it may be happening and I think it's useful to participate in some of these debates What to anticipate? I think the situation will probably in the short term get worse It will get worse because on the one hand I think the situation in the middle list is not so easy and clear-cut as it seems The Libyan the new Libyan government for example started engaging in social fit filtering Which means they now ban pornography websites, which were not actually bent under Qaddafi Al Jazeera reported that in Arabic last week, which is a very disturbing development But again, it may reflect that there will be more controversial skims depending on which way the situation is going in both Libya Tunisia and Egypt And of course the situation is radically different in all three But even in the countries which have supposedly been liberated by their spring I would argue that the situation is not as clear-cut as it seems. We may actually be seeing more and more Use of filtering and surveillance and different formats in each country But what troubles me is that if you look beyond the middle is situation also promises to get worse That's a report from a news site from about September of this year and for those of you who don't know CSTO stands for collective security through the organization Which is kind of a NATO block of the former Soviet Union Those guys are getting increasingly concerned about their spring and their first intent is of course to boost their Monitoring and surveying systems. So we are beginning to see more cooperation within those countries. We see them passing The strategy document list of steps aimed at securing the cyberspace of the member states And they are very explicit in saying that what they want to do is to prevent another Arab spring One way to do it would be to engage in more surveillance So those countries and that's the reason I know well because I come from it Those countries have not engaged in purchases of Sarbanes gear to the extent that Countries in the Middle East and South East Asia have engaged in it. So we will see new customers We don't know really what's happening in Russia How much data is actually being stored by the ISP's on demands from FSB? It may be the case that all of the data passing through the former Soviet Union somehow ends up a stored by Those ISP's and it may be the case that Russia will come to the aid of some of those countries If they need to identify a particular blogger again, this is something to keep an eye on I'm just arguing that probably in that particular region situation will get much worse than it used to be Disturbing development that at least I find troubling is that China is beginning to flex its muscles and its companies are beginning to Very aggressively spread throughout the world. That's a map of Huawei's presence in Africa Who always he knows one of the largest mobile network mobile equipment companies on the par with? Nokia Simmons and others that are actively spreading around the globe and that are supplying technology That again is configured in a way to enable a lawful intercept The fact that they are so cheap and that very often the Chinese government actually helps to subsidize The implementation of those networks because it fits within the Chinese foreign policy is also something very troubling And I think that we need to keep a closer eye on I think this map is actually outdated by a few years I would guess that if you look at Huawei's presence in Africa now virtually every single country would be covered But you also see news items like this, which mostly go unnoticed So this is a very tiny item about China's economic aid to Moldova Which would not normally appear on anyone's screen of people sitting in this audience But if you read it very closely, you actually see that the Chinese are now supplying the Moldovan government This video survey and systems which again they claim is for just monitoring road traffic But again in the times of protest and we have seen those protests in Moldova in 2009 They can be turned against the protesters in Houston, you know identifying them or at least tracking them or whatever All that is happening for free from just the benevolence of the Chinese state Something much closer to I come from from Belarus Now there are also negotiations within the Chinese and the Belarusian governments about again Huawei supplying some media surveillance technology, right? And why the local office of Huawei says that it's just for you know Very banal uses traffic management from distance education local security But Russian government when asked by the Wall Street Journal was actually much more open about the real purposes and said yes It's for monitoring town centers and potentially preventing terrorism and whatnot Again the extent to which this is subsidized by the Chinese government. We don't know the extent to which This is built in a way to actually facilitate Surveillance by the government for political purposes We don't know but this is something that is worse to keep an eye on because what the Chinese are doing in this space It's much less visible to us in the West But it's also much harder to convince the Chinese companies with the same kind of persuasion that we can convince the Western companies Right, they do not react they do react somewhat and I'll give you some examples of them actually changing their behavior But it's much harder to convince them than to convince saying okay Simmons Another thing again related to Sarviens, which I just would urge you to look up is that you actually have some Western academics people in this particular example academics who work at the University of California in Los Angeles and UCLA Who actually taking money from the Chinese government to set up nonprofits and institutes where they basically hire you know people who Label whatever they see in the photos and then they combine it with their software and they end up with this very nice image to tax systems Which actually solve one of the main challenges in the video Sarviens? They make it intelligent and that way it makes it easier to search because now you can search videos through tax Because whatever is being seen on those photos is being labeled right and there is some metadata and it's easy to search it now The question is why do we have people who are working in America and in Western universities taking money from the Chinese government? To build such Sarvan systems some of it may be entirely benign and benevolent, but I would argue that there is not enough attention Pay to what's actually happening in this field and I would say that there are many emerging technologies like this We're talking about local intercept. I'm talking about something a much more cutting-edge, you know Automated Facial recognition technologies all sorts of data mining Techniques which are still quite rough and we should require quite a bit of academic expertise To be fully developed and I think this is an opportunity to keep a closer eye on all sorts of academic Institutions who are taking money from either big companies and big governments and you know China is an obvious elephant in this room And I think we need to be much more careful in terms of what research is being done and to sensitize the researchers To the implications of what it is that they're doing now the more upbeat part of this presentation What can actually be done by ordinary? Activists and netizens and people concerned with the future of the internet and yeah I would say that there are three things to be done and I would present each of them in advance And I think there is some kind of a pyramid that is emerging I think first of all it's very easy for us to turn the tables on surveillance industry and start engaging in Surveillance of that industry, right? It's becoming easy and easier to actually monitor what they're doing in part because these companies have been careless in the last few years And they have really been operating with the degree of publicness That they shouldn't have given the atrocious thing that they're doing so for some investigative journalists, you know This is very silver from Bloomberg, you know, this guy wrote a book Tracing a two thousand five hundred year old, you know Chalice from Troy and now turn his attention to investigating what this technology companies is doing I mean, this is a dream come true because you can actually engage in very nice investigative work Be tracing the shipments for investigative journalists. This is great But I would argue that also for people who are not card-carrying investigative journalists who are people who sit, you know Their computers like most of us it is also possible to engage and start keeping a close eye in this companies So this is comes from a website run by the Sunlight Foundation in the US They're a lobbying tracker. You can actually see that Bluecoat Systems that company that hired that was selling filtering technology to Syria Claiming that it was going to Iraq, you know hired lobbyists and they can actually go and check who those lobbyists are You can read an entire PDF Showing you where they come from a lot of this information is public, right? So keeping an eye on some keywords, you know expert controls on this website to keeping some keyword That would be you know experts of surveillance technology would actually allow you to see what's changing who's hiring whom again This was not well reported. I only saw a reference to this lobbyist being hired by Bluecoat in Washington Post and there was a good reason why Bluecoat hired them because they were about to be sold And actually in the middle of this news about them selling technology to Syria They actually sold the company at twice the market capitalization for about 1.5 billion dollars So they definitely needed the lobbyist what I'm saying is that we can actually see some of the underneath Processes if you close attention to sites like this Telecomics, I think did an amazing job with setting up this wiki Blue cabinet where you can actually go and report on what some of these companies are selling link to Reports link to news reports link to particular news items. Again, I think it's a very useful Project it needs scale. I think if all of you go and start investigating each of these companies and adding more information to it I think will advance much more, but also the media will advance much more Just to give you all this one other example National media still plays an influential role as opposed to global media like Bloomberg So Bloomberg has been reporting on this Italian company area for a few weeks if not a few months It didn't really cause much damage to the company until Italian newspapers picked up the story So Corriere della Sera picked up the story began interviewing the executives within a few days And of course there were also protests against the area some of them by the local pirate party Which also received news attention in the Italian media After that happened Immediately area said no we're exiting this market, right? We're exiting this business I would argue this wouldn't have happened if it was just Bloomberg or Wall Street Journal You do need local media to engage whether it's newspapers in Italy or in Germany or in France or in Denmark or in Sweden and in all of those countries you have plenty of local companies Engaging this trade so making sure you find the local equivalent of whoever does this job for Bloomberg Whoever does this job Wall Street Journal will be amazing convincing your editors That you need to dedicate a team and that's what happened with Bloomberg Those people are dedicated to tracking this industry for a year and you know, they do make results So if you have any influence with your national newspapers go and argue that they need to dedicate people to track particular Companies and how they engage in this investors can be persuaded as well Some of you may have seen this item from earlier this year when One particular financial fund actually decided to divest from Cisco because they couldn't get satisfying answers about Cisco's work in In China again tracking who invest in those companies tracking where they get their money and then pressuring the investors I think it's another thing to do but also investigating individual companies So I was was while doing research with this keynote I came across this company Polaris wireless and I saw there was mentioned in the spy files But there were no files attached to it was just mentioned amongst, you know hundreds of companies by WikiLeaks and others There was no brochures nothing it may just be that they're slow in scanning the brochures But there was nothing that you could find so I did something around online And you know, it looks like a respectable company has a very respected venture capitalist funding its work Then I read an interview was one of their executives and basically they very openly and blatantly say that their Technology is being used by government agencies in the Middle East Africa and Asia Pacific regions, you know to engage in surveillance This is something that's being said on the record, right? They're not afraid of that being public knowledge or anything So I started digging and then they figure out what it is that they actually sell that the cell technology Which basically allows them to track Gatherings of people with mobile phones, you know create some kind of a geofence and monitor or anyone who enters that with their mobile phone Is the identity do it in real time and do it historically so you can actually go and track who was where at which time? You know in what day and thus, you know, they claim it's all for tracking terrorists It's very easy to use this technology to track protesters, right? You can go and historically analyze who was where to given public square at what time and then go and do Whatever you want with those people, right? And they're actually promising that they will also hook it up to some kind of data mining and Start incorporating, you know social data social media data to assess risk, right? That seems like wow and these people are so public about it And then I just read some more news reports and you see that they just opened an office in the Middle East Based in Dubai where they're planning to sell them more surveillance technology to those governments You see they just double their manpower in India. It's been a very good year for them Right, but the reason why I'm showing you the slides is that because this company has more or less avoided any public scrutiny so far The media that write about them are mostly technology media who don't actually care about the surveillance implications But I think it's worthwhile that someone places a call to them on us to those company What exactly you are selling to the governments in the Middle East? Why exactly have you opened this office? What exactly you're saying from Dubai and by the way, they'll be present at the big Surveillance fair that's happening in Dubai in 2012. So this is something that can be done by individuals This is something that can be done by bloggers. So people interested in this whether by modifying, you know, the the wiki of Telecomics or just by following up on the reports in Bloomberg I don't think that given the crisis in investigative journalism that we have these days That even newspapers and news outlets like Bloomberg and Wall Street Journal would be able to go and investigate a hundred companies This is something that needs to be done in a crowdsourced manner And I think this is the kind of subject that can actually be tracked down from open sources Because these companies have just been so public about it. You know, some of those companies have huge allies, which again can be embarrassed The investors can be embarrassed This is something that again needs to be investigated and studied and this is something that individual bloggers can do I mean, not only do those companies have allies Some of them also have huge balls claiming that they actually proud to be supplying technology to Iran, right? And again, this is something that boggles my mind, but This stuff needs to be tracked and their executives need to be questioned about what exactly makes them so proud to be supplying this technology To some of the most authoritarian governments in the world but I think a much more ambitious task and if you think of this pyramid that I've tried to draw if This basic investigative work crowdsourcing data-gathering about technology companies is at the very Basis the very foundation of this pyramid I think the second important task is for us for activists for journalists for intellectuals for Technologies to start linking the sales of this technology to authoritarian states to the actual developments In domestic surveillance in democracies again This link has not been made by most news reports who think that this technology is billed uniquely for the purposes of the middle list No, this technology is billed for the purposes mostly of Western law enforcement agencies And that's the next angle I would argue in talking about this technology when we talk about it to the public you may have seen this ladder Which for me encapsulates this debate really well That's a ladder from one of the women one of the people who runs This big Sarbanes fair that has generated so much coverage I would urge you to go and read this letter in full because it's just again perfectly encapsulates the logic Both of the Sarbanes industry in the West but also the Western law enforcement agencies I mean, I would just quote you the third paragraph. I think is worth reading in full So this is a ladder with she basically she's complaining to the Wall Street Journal editors that they have taken on this Investigation and she's claiming that well, you know the more guys you talk about at the fewer jobs We will have from the United States because your news coverage threatens our jobs in the Sarbanes industry So what she's saying in the third paragraph? I think is very important. She's basically saying that This coverage will create an atmosphere where Congress isn't likely to pass an updated lawful interception law The law would require social networking companies to deploy special features to support law enforcement Without the update the opportunity for us companies to develop and launch intercept products Domestically for eventual export will be greatly curtailed Right, that's a powerful statement. If you actually read the whole thing You'll see three things and first of all if dictators need any help in suppressing their presence, you know We are here to help will do it. It's it's cool second is that you know How dictator helping jobs are going to China and the sort which I think is the more important part is that The main driver of this market are the needs of the US law enforcement and here it was written in the US I would add German law enforcement British law enforcement and so forth. So I think we need to ridicule all three parts To this logic, right? And then I think the first one is very easy to ridicule if you go and track the quotes For some of the people involved in this those quotes are just ridiculous and they do not stand any rigorous analysis By anyone who knows anything about logic, right or who knows the debate So when you have JR Lucas who runs the surveillance fair claiming that this technology is absolutely vital for Civilization and that you can't have a situation where bad guys can communicate and you buy interception. No, that's actually wrong I mean right now if you Think about it for a very long time a law enforcement didn't have the interception capabilities And you know they managed to track mobile phones engage in all sorts of data mining and they were doing fine You know, they actually are solving everything that they need to solve without having the capability to break encryption or whatever I mean, I'm just saying that this statement itself needs to be scrutinized because it relies on that history and bad logic And you can go through all of this and see that you can actually attack the premises there and embarrass the people making those Arguments and the media or elsewhere the second point about China stealing our jobs. I always think that this is somewhat ridiculous I did point out that companies like Huawei and others are very hard to persuade But actually if you look closer, they also respond to embarrassing media coverage in Western media in part because all of those companies Have huge ambitions for the Western markets as well So you have Huawei who's been trying to get into the American market for a decade now And they cannot because there's a fact of having connections with the Chinese government So every time the Wall Street Journal runs an argument and an article embarrassing Huawei for doing business in Iran They get huge Pressure to actually get out of Iran So now they kind of committed to no longer seek new clients in Iran and just to keep to the old clients and whatnot Again, it may just be a smoke screen They may still be involved But that argument that somehow the Chinese companies will fill in this market again needs to be scrutinized Some of those jobs can only be performed by giant companies like Huawei and those companies also respond to embarrassing incentives This part about links to domestic surveillance I think is something where we need to focus our energy and intellectual effort and critical effort if you actually read some of those reports from in the intelligence fairs and surveillance fairs and bowls Carefully you'll see that it's not just representatives from Iran or you know, Syria or any other country That's mindless or Ethereum bang those technologies You'll actually see that you know, you have representatives from more than 35 government agencies of the US Attending those fairs to buy their technology right including even the interior department's fish and wildfile wildlife service Right. It's this is the real client industry those are the real people paying for those solutions and I think we have to go back and look at some of the arguments that FBI and other law enforcement agencies have been making about the inability to essentially work Unless they have those lawful interception tools. This is where the real key to stopping that trade lies It's not in sanctions and it's being much more critical about the actual needs of our own domestic law enforcement agencies So for those of you who don't know about the FBI is going dark problem It's basically an effort that FBI launched about five years ago Where they are trying on the one hand to build new laws and pass new laws that will allow them the same level of Ideal or the same level of lawful intercept to real-time communications on say social networking sites or peer-to-peer sites and services as they have with Phones right so they want to be able to intercept real-time communications that fall outside of existing laws More effectively, but they also in the meantime. They're not only trying to pass laws They're also investing in tools right and this is something that you need to understand that they are Investing in those tools and this is where those tools come from if you did the testimony of FBI's general counsel To the Senate earlier this year. You'll see that she's actually very open about What FBI wants and they do want to build a new ways to intercept data communications data in real or near real-time But what she's claiming at the very end the second quote I think is much more interesting She's basically saying that FBI understands that individual tailored solutions, which of course the sent industry creates to Exists to provide on or enough and that they have to be the exception rather than the rule Right, so she's basically arguing that well if bi doesn't want to take any blame For creating this industry and that they would rather pass a new law and then drive the industry out of existence Which is saying is a very clever rhetorical rules But for us on the activist side there is also something that we need to understand though This quote comes from a blog post written by a staffer at EFF, right? And it doesn't get any more pro-freedom and pro-internet Liberty of the AFF and what basically the staff attorney is claiming is that as long as FBI can build tools That can do this job safely without compromising the user's privacy or other users being very secure You know basically if they can build a perfect Trojan and use it for Surveillance then it's much better than updating and passing new laws And if you see that the kind of arguments she invokes here There is nothing here about this tools than being used by authoritarian regimes, right? It's all about the efficiency and the effectiveness of building tools that are not over-riching And I think now after we have seen what we have seen this year that argument is no longer tenable What I mean by this it's not that suddenly we should all go and embrace, you know A new version of Kalea which will be this law that will require, you know building backdoors What I mean by this is that we also need to consider that building individually tailored tools to monitor users Also have secondary effects and those secondary facts are basically entrenching dictatorships around the globe So this is something that we need to consider and this is actually good Because if you think about it, it actually allows us to argue against Kalea, right? It allows us to say that look right now We are already at a point where FBI has created an industry where they can monitor everything they want and that if we build Kalea too Right, it will actually strengthen those authoritarian governments even more because then the dictators will have access to the same backdoors I think this is a very good rhetorical opportunity For people in this movement to actually start actively arguing that these tools are enough We have to regulate them. We have to sanction them But there is no way that FBI should invoke their need to build a new law that would require building backdoors I think this is very important for the media to pick it up because if they don't pick it up We'll continue talking about sanctions sanctions and nothing else but sanctions There is a broader opportunity here which does relate to domestic debate And I think that's an opportunity that we need to embrace The other point, the very last point of the experiment that I've been trying to build and articulate, you know When we start with investigations of these companies continue to having a debate about domestic surveillance I think the last point is trying to get the foreign policy element in all of this, right? And what I mean by this is something very simple We can of course ban Western companies from selling technologies to countries like Iran Right, it's much harder to make that argument to policymakers about Saudi Arabia Because Western governments actually are quite okay with Saudi Arabia No one wants to pass sanctions on them So again, we need to make sure that our focus on tools and sanctions does not prevent us from also engaging in a broader foreign policy debate I'll just give an example of how influential the existing foreign policy positions are in this Consider the fate of Cisco So Cisco as all of you know has been accused of supplying routers to the Chinese and actually selling those routers With explicit arguments that you can use them to track down dissidents and your opponents in lots of human rights groups and now suing Cisco Not just one but several it's a company that has a reputation problem at least in this room I would assume so when you see a news item like this This is a news item from 2010 and it's basically a news item about the US State Department Taking a delegation of technology companies to Syria You actually see that the State Department arranged the meeting for executive from Cisco was the Syrian president Right and Syrian top executives and how does it square was the rhetoric of Internet freedom and everything else that you know The State Department and others have been advancing and the reason why that happened is because right until This year Syria was an ally, right? So it was okay to be actually arranging shipments of routers surveillance technology and whatnot to those regimes Right and nothing much has changed. You actually see that later that year Cisco actually received an award From the State Department for corporate excellence, right? Given all the Violations and all the lost youth and whatever it has been having in China and elsewhere It's not perceived as an ally in part because the countries it's been working on have not been a high priority Foreign policy wise and it's not just American companies We actually read many of those reports in the Wall Street Journal and Washington Post and elsewhere closely You will see that even frame even you know European government and companies here complicit, you know the Wall Street Journal for example Speculated that the Libyans got their surveillance capacity while Gaddafi was visiting France and he managed to negotiate it with sarcosis and his people and Back then again Libya was seen as an ally. All I'm saying here is that we need to move beyond this focus on just Tools because we need also to scrutinize engagement Current engagements that our Western governments have for these countries unless we scrutinize those engagements We will never pass any laws that will prevent the sale of such technology to Saudi Arabia Bahrain Iran is a very easy target Everyone likes to hate Iran whether it's the European Union was as the US government No one likes them if you think on the other hand about Saudi Arabia Bahrain those are much more complicated cases in part because we actually see American and I would assume German weapons Going to Saudi Arabia and others I mean 60 billion worse of weapons was sent to Saudi Arabia by the United States government alone I mean it pales in comparison to surveillance gear, whatever surveillance gear ends up in Saudi Arabia, right? So what needs to change is not just us talking in the abstract about banning, you know particular tools from being exported We need to use this debate as an opportunity to scrutinize the engagement that our governments have with those regimes And I think again with web sense I showed you an example what they claim that the monitor 40,000 of the users and if those users end up in Syria They would turn off their service I would bet that they would not turn off their service if those users are in Bahrain or in Saudi Arabia, right? And again, that's a problem that needs to be solved in the transmudge deeper than just the expert of particular tools and technologies But I also think it's an opportunity for gigs people who are beginning to think about it politically Whether it is through pirate parties with telecomics or through other entities to actually think much more explicitly About the foreign policy dimension to their work I don't think it's a bad angle for this entities to take and I think there is some change that's possible And I also think it's possible to actually rhetorically Exploit the current fascination with the role of the internet in their spring to actually make a lot of arguments There are not so much about the internet But that are about foreign policy per se because unless we start engaging in this issues in a much more political and strategic Manor we will still end up with many governments that are technically Western allies benefiting from Western technology and I think I'll stop here and we still have nine minutes for questions. Thank you very much. I Don't know if there are mics, but I would assume that if you want to ask yeah, there are okay I can't really see so if you are burning to ask a question. Just ask it. There is Yeah, there is a question in the back Could you elaborate on the sort of social filtering that you mentioned is being used in Libya? Yeah, again, it's something that Just came out. There was a one tiny report in Al Jazeera in Arabic actually. I don't read Arabic I saw one of my colleagues who tracks it In Arabic who pointed me to that article as far as I understand they are beginning to filter out pornography websites And again that person keeps a close eye. He works for the open net initiative He worked he keeps a close eye in Libya and he claims that while Gaddafi was in power The only filtering that they had was political So they would filter out access to websites that were specifically about Libyan opposition But they would not filter access to you know sites of pornography or you know things like that That's all we know I haven't seen any information about it in English But there's definitely worse following up if you work for the news agency or something Hi, I think you gave too little credit to us for creating the market in the first place If it weren't for our law enforcement agencies the whole market wouldn't exist You can't basically blame the companies now for selling the stuff We made them build to other countries as well And I think the solution is not to ban exports to Iran but to ban the whole thing make it like landmines I mean there will always be rogue nations like the USA will still build it But I mean you have to you have to ban the whole technology otherwise it won't go away It's not okay to export this shit to Denmark, you know in the first place. It's not better And I fully agree with you actually you know And I think when I showed you some of the statements from those guys who are on the surveillance fairs You know when they say that civilization will collapse if you bar interception. I mean many people I know the Washington's in really well because I live in America many people in Washington who in senators and their staffers who know nothing about technology They actually believe those statements, right? So the question then becomes how should people who are experts in technology who are hackers who know something Actually communicate that knowledge to an audience that is essentially technical as you have seen all of those technology companies have lobbyists All of them have communicators all of them know how to control the conversation Right until now was an exception of this news Coverage in Bloomberg news and Walter Jordan and elsewhere. I didn't see anyone actively seeking the perspective of you know the Guys like you in the audience, right? So the question may be how to build an effective communication strategy and how you can actually make sure that this conversation is not dominated by law Bests, but actually reflect fact-based evidence that Can point and say that look you didn't have intercept capabilities for a few years civilization hasn't collapsed But there's a question of communications and I think it's something that need to be addressed Maybe even in the context of this event need an amazing job of communicating this knowledge to five seven thousand people I'm just curious if there are any staffers who work for you as senators in this audience And it's probably that you wouldn't even want to have any staffers working for senators in this audience But unless they hear your message the conversation will be conducted, you know and dominated by people who claim civilization will collapse So that's a problem that you guys need to solve is how to communicate. It's not necessarily a problem of You know Having to make any further proof that civilization won't collapse. I don't know. Yes Hey over here I think one one thing we as activists can do is point out How differently surveillance is sold to governments and to citizens especially in democracies especially in Europe So data retention is sold to governments. It's the ideal solution to track groups of Opposing interest whereas it's sold to the citizens as something That helps you and protects you from terror and I think this is one of the lines We can also we can also hit and make make it clear that for the government This means something totally different than they communicate No, I'm a fool agree again A lot of this is a question of making those arguments visible in public But I think also the Arab Spring provides an excellent rhetorical opportunity where you guys can essentially hijack a very emotional narrative about the struggle for democracy in the Middle East which still dominates a lot of newspapers and Make sure that you actually do talk about things like surveillance and you do end up making arguments about what's happening back at home One of the witnesses of this Articles in Bloomberg and in Wall Street Journal I think was that very few of them actually traced the roots of the problem to domestic surveillance and that's I think the next step and I think it's if you manage to Insert yourself if you will in those conversations would actually be able to let them You know in whatever direction you want point the limits of domestic surveillance points the Pointlessness of some of the struggles against terrorism all of that is possible and now's the time to do it I'm afraid in a year the media attention will not be there Yes, Jake, I think so your talk was awesome, and it's very timely. So thanks for for having it I think it's important to note that you say so called lawful intercept instead of just lawful intercept Because what this is is actually an expansion of police powers at least in most of the places in which this Technology is being developed. It would be an expansion in the countries where it's developed It's also an actual capability expansion in the places where it's sold like in Syria And there's there's something about that and so I think framing it as an expansion is very important And we should reject the expansion just as we should actually reject the core itself But I would I would take it a step further and I should say we should Find the individuals who run the companies Photographs of them their Facebook profiles all that stuff and we should publish that information because these people are essentially Like Deutsche Homage during the Second World War with IBM these companies know that they're committing human rights abuses They custom tailor the software they update them. It's not like when you sell a car, right? The ISS people when they threw me out of their wiretappers ball in Washington DC They said hey, you know, we just sell this stuff and it's like a car and it's really important to note that it is not like a car It's it is more like a tank where you say you were going to provide service And you're gonna provide ammunition and you're gonna provide ammunition that specifically targets felon gong people and that's important right so it's an expansion where they Individually target people based on political social sexual and so on and and other beliefs as well as actual properties That are that are intrinsic to those people and then they kill them and that's what they do with this technology It's an arms industry where they murder people and so an expansion of murdering people is I think a really serious problem And and so what we can do though is we can find the people that are involved with that And we can turn the tables on them and own the shit out of all of them Thanks for your talk. Thank you. I mean I agree was was more of a result again I think it's even worse than that because it's very problematic to me It's actually nonsensical to be talking about something like lawful intercept in the context of Iran or Syria where the government can bend any Laws at once and that you know the very category of lawful kind of disappears and Dissolves in many of those states because the respective rule of law doesn't really exist So as long as this technologies are being developed on the premise that hey, they are evil But because we have laws we can actually direct and control that evil in the West that just doesn't apply in the Asuritarian states at all. I think we have to be quite explicit in saying that something that is explicitly recognized as Technology for lawful intercept or so-called lawful intercept is not at all lawful by any standard measure when it's used in a dictatorship Because there are no rules of law and no systems that will actually regulate its use So this is also a rhetorical opportunity that I think needs to be exploited in terms of tracking those companies Again, I'm all for tracking the executives and exerting pressure It's just that I know that some of the researchers and some of the media who try to go after say company like trove core Which is based here in Germany are basically being told that if you Misrepresent what we are what we say we take you to court right and then the question is How can we actually make sure that our media can report on those companies that those companies Stratton to take those media and basically see them out of existence And that's something that is probably much better to be done by individual activists You know anonymous or any other sources than to be done by Bloomberg of Wall Street Journal Because those guys have lawsuits to lose an anonymous has so many lawsuits to lose at this point that one more lawsuit wouldn't matter Thank you, I think I'll stop here Okay one last question Now okay, that's fine. Thank you