 Give a warm welcome to General Alexander. Give a warm welcome to General Alexander. So does the NSA really keep a file on it, everyone? So many things you could say are funny, but I think this requires a very serious answer. First, no, we don't. Absolutely not. And anybody who would tell you that we're keeping files or dossiers on the American people, know that's not true. But I will tell you that those who would want to weave the story that we have millions or hundreds of millions of dossiers on people is absolutely false. That's the first time I can remember not being wiretapped. Okay, well, it's really a great honor to be back and it's really one of the greatest pleasures of my life to be on stage with Laura, who is one of the most fearless, fantastic journalists. And we are here today to tell you a few things. I am an American by birth and a post-nationalist, I suppose, by an accident of history. So I'm here now working as a journalist, and Laura is working as a journalist, and I'll let her introduce herself. So I've been working the last years trying to document the war on terror and to understand it from a human perspective and how we can understand it differently if we understand its impact on people. And today what Jake and I wanted to do is to talk about how the narratives that we've been told are false and how we can construct new narratives that are based on objective facts. I think in some ways some of the things we are saying will be preaching to the choir because it is through this community that we have in fact found some of the truths that we will talk about today. And the CCC to me is like home. So if it wasn't for the CCC and your material support, I don't believe that it would be possible for us to be here today. So thank you all very much for the large conspiracy that the German people and the international community have brought. We have just now simultaneously published on Der Spiegel's website two very large stories which we think will be of great interest, which we will take a little bit of time to explain. But if you go to spiegel.de, you will see two stories. One is about cryptography and one is about the CIA and about J-Pel and NATO. And this is very important, these stories being published at the same time. We very much want to thank Der Spiegel and the colleagues who are in this room, Andy Muller-Magoon, Aaron Gibson and a number of other people, Marcel Rosenbach and Holger Stark. We as some background have been working on these stories really for a long time. The crypto story, I would say it's something we've wanted to do for almost a year and a half, if not more. And really if you think about the investigations and the cypherpunks movement, we really wanted to have some of these answers for about 15 or 20 years. Some of the answers are good and some of the answers are not so fantastic. I guess it depends on where you stand. But we hope that by bringing this to you that it is really in the public interest and that the public here is interested and that you will take it to other places, that you will really take action based on what you see, whether it's judicial action, whether it's civil disobedience, whether it's foyers, whether it's something else, who knows. We hope that you will feel empowered by the end of this talk. And I would just like to say that if anyone wants to open up their laptops and look at some of the documents that we published, we won't be offended at all, in fact we'll be happy. Thank you for the opportunity to contribute to your experience in the talk today. Great. Spiegel.de slash International. And for everyone who can't be here streaming, remember if the stream cuts out and you never see us again, it was murder. So one of the ways that the war on terror works and the way that war works in general is how people are dehumanized and reduced to numbers. This is a short video that I filmed about Guantanamo. That was a video that I made about a former prisoner of Guantanamo. His name was Adnan Latif. He was sent to Guantanamo in 2012 and this is how he came home. He was on hunger strike for many years before he died. And what was most shocking to me is that the watching what happens when he returns home and that he's listed as a number and that his family had to witness that, that this was a person who they were seeing for the first time in many years who was reduced to a number. So today what we're publishing with Der Spiegel is looking at how that process works and it involves Nato's J-Pel kill list that is being used in Afghanistan to target people for targeted killings. We're publishing along that some narratives that a particular people who are on the kill list. One particular case was a man who was given the codename Object Duty. He was targeted for killing or for assassination. A British Apache helicopter that was codenamed Ugly 50 was sent to kill him. This was on a day that the visibility was poor and they missed him and they shot a child and his father. The child was killed. Immediately the father was wounded. The helicopter looped back around and killed its target. Right. So part of what we are hoping to do here just to make it perfectly clear is to expose information that people say doesn't exist with a couple of goals and one of those goals, to be very clear about it even though this I suppose tilts me a little bit on the activist side of journalism is to stop the killing. That is an explicit goal with this publication. The British government and the American government in various different ways, Nato as well they say that these kinds of things really don't exist, that they don't happen this way and they talk about the killing of people in a very, let's say, mechanical fashion. Usually they say this evidence doesn't exist but the evidence does exist and in fact there are lists with names, just endless names and those people in various different ways are graded. They are graded with regard to the political consequence of those people being killed as well as some very small spreadsheet and on that spreadsheet there is a small box and that box explains their crimes. Next to that there is a dollar figure for a potential reward and maybe there is a restriction, sometimes it says something like kinetic action prohibited, for example. That's because by default kinetic action is not prohibited. That is because these are lists of names of people to be found and to be murdered and so these lists, we have an excerpt of these lists being published today and the goal of publishing this is to show what needs to be done. So these lists have redactions and the goal is that Spiegel along with hopefully others will help us to continue to work to uncover not only the fate of these people on this list whose names are redacted but also the fate of people who are not yet on these kinds of lists maybe to move to a world in which we don't have lists for what I would call assassinations and that's what Spiegel calls it as well. This is not as some people would say a joint prioritized effects list. This is an assassination program and I think personally that it is inappropriate for democratic societies to have them and when they deny that they have them we'd like to prove them wrong and publish them and so that is what we have done today. Now an important detail of this is in the story the very specific story that is told in this Spiegel piece as Laura mentioned there was an Apache helicopter and that helicopter attempted to engage with the so-called legitimate target and part of what we hope to drive home is this notion of legitimacy and targeting. In this case there is a value that is assigned to a person and that value is a number which includes the number of people who are not the target that can be killed in service of killing that person that is completely innocent people who are allowed to be killed entirely and depending on the number there may be a call back to base or to a higher command but the number isn't one before they have to make that call they have discretion and in this case a child was killed with a hellfire missile and why is that? Because technology mediates this type of killing and that technology is not as precise as people would say and so we have today published the storyboard of this objective objective duty which is the name DOODY that storyboard tells this and explains that a child was killed with a hellfire missile in service of killing someone else and Laura can explain what this person did to deserve to be killed I mean actually what I want to transition to is looking at actually the fact that the narrative is that the government or our governments are targeting people who are suspected of something and in fact what we learned is that they're targeting people based on as little information as their telephone number or voice recognition and they're using those as methods to target and kill people and one of the things that we've learned through the disclosures by Edward Snowden is that they're targeting people not just in war zones but internationally they're targeting us for surveillance all over the world and this is a video of a target Oh my God This is an engineer engineer engineer engineer engineer So what you just saw there was engineers from Stellar and well that is a fantastic name for a company that gets compromised It is important to understand the notion of targeting with regard to why a target considered legitimate in some cases can have this notion of collateral damage Now in the case of Stellar or in the case of Belgacom which Laura revealed with Der Spiegel what we learned is that it isn't actually the case that a terrorist is involved with Belgacom or with Stellar it is that a kind of neocolonialism is taking place in the digital era where in the colonies the networks that they do not have through coercion of the state or through other surveillance practices they have to be compromised and those become targets and they become legitimate targets in theory and in actuality because of its usefulness because of the leverage that it provides against a speculative target some day in the future that is these networks become compromised in service of being able to compromise future networks and other people just because they can they set out to do that and so Stellar is an example of such a thing and to be able to confront victims this way to show them that they are compromised helps us to understand helps us to show that in fact we are directly and indirectly impacted by these types of activities and when we think about this kind of targeting we have to understand the scale and the scale is sort of incredible the budget for targeted exploitation for the NSA not speaking at all about the GCHQ or the Defense Signals Directorate folks over in Australia there are so much money when you look at the offensive warfare that for 2013 alone there was $650 million spent on the Gini program and the Gini program is their offensive cyber war program as they call it themselves in which they build back doors like United Rake and Straight Bazaar and other tools like Reagan which you know as one of the tools I hope that has been used in Belgecom and other places so they target places like Stellar and Belgecom but they also target places like the European Union in that case the European Union takes the place of a terrorist that is they are the goal they aren't compromising the European Union's networks just because someone interesting might show up they are compromising the European Union's networks because the European Union is the equivalent of a terrorist to them and they wish to have leverage and control because that's what surveillance is in this context it's exploitation of systems where they leverage access to that system or whichever systems that they have access to to get more access to have more control either politically or technologically or both which ties of course into economics now in the case of Gini $650 million is quite a great deal of money but for 2017 the projected budget for Gini is a billion dollars this is just the beginning of what we see and these civilian targets or these governmental targets that are being targeted in continental Europe they're not alone it is actually happening all around the world and these compromises they happen in service of mass surveillance whenever they don't have the ability to mass surveil a system they implant systems along the way in order to surveil what goes in and out of them systems are even used as what are called diodes and diodes are essentially another term which we see the Canadians use operational relay boxes or orbs anybody here that used to be a black hat I know there are no more black hats here it's all legitimate except for that guy in the front everybody knows what you use those boxes for you use them to jump from one network to another network so that when something is traced back it traces back to that machine in the case of the Canadian service they themselves talk about a couple times a year compromising as many systems as they can in non-5I countries in order to ensure that they have as many operational relay boxes as they need for the coming year these diodes mean that when a system does a thing it is absolutely not the case that we can say the person who has purchased that system is responsible for it it is their official doctrine in fact to use other people's computers for their hacking and that's important when we now consider that they have in 2017 projected a goal of having a billion dollars to do that when we look at how that balances out with defense that is not at all balanced in fact it is tilted entirely towards offensive warfare I was wondering how many people in the room have gone online to look at some of the documents that we released anyone? hey nice fantastic so in the future that is to say in approximately three weeks we plan to release along with some of our colleagues at Spiegel and some other people who are helping out more information about specific malware specific cases in which it's used and details about information sharing with regard to the malware in terms of how it's harvested we're thinking probably in the second week of January for that malware story and we wanted to make sure to get it right and we wanted people to focus on the specifics of the NATO kill lists and to focus on cryptography we thought people here in the audience would be able to handle all three the rest of the world just isn't ready for it yet so we had to take a little bit of a pause so more of the malware details will be released in about three weeks now for me one of the things that has I would say for my entire adult life been very interesting to me and before my adult life started was a system known as echelon anybody here remember that system that's the guy that built it I would guess maybe not, maybe not, sorry I'm trying to snitchjack at you there but I think it's to me extremely important to hear about these kinds of things that sound totally crazy like the CAA torture report for example that starts it out as a conspiracy and now we know that America's official policy with the CAA was rape anal rehydration those were conspiracy theories which we now know to be facts so echelon, the rumor of echelon was this notion of planetary surveillance and of course it was Duncan Campbell who brought this forward in a European Union report he in fact very clearly outlined the interception capabilities of the US government and others now it is hard to actually imagine planetary surveillance on a scale let's say your home and how your home fits into your city and your city how it fits into a country and the whole world and all of that being monitored but what we found is that during the crypto wars we thought that we had won we thought that we had a way really to change things but in cryptography we would be able to change the entire balance even if something like planetary surveillance were to come about and so when Duncan Campbell released his reports about echelon in the very early 21st century I think a lot of people weren't as concerned about it as they should have been and shortly after that the war on terror really got off to a very, very big start it turns out that we weren't as concerned as we should have been in the right areas and we, I think, can say now that the first crypto wars were not won and in fact the first crypto wars were probably if anything lost or they are still going on now if we were to delineate that and we were to talk about as an example the second crypto wars what we would find is what has actually been happening behind the scenes and thanks to Edward Snowden we actually have a great deal of answers that we would probably not have otherwise now it is important to understand that the context of this is the notion that everyone is suspicious that we live now in a world of total absolute surveillance which sometimes misses a thing here or there but this is the goal, collect it all that's General Alexander's notion when he talks about this notion, for example, about dossiers it's a trick it's a rhetorical trick what we used to say is that now dossiers are dynamic and that this information is not stored on lists written down like in, let's say, the 50s rather they're stored in databases that dynamically will generate a list based on a query from an analyst give me every person that went to this website at this time and it of course expands the notion is that somehow this will only be used against terrorists but what is a terrorist in this case in some cases it actually includes nearly involved in drugs and part of that has been published as part of the JPL kill lists that is to say people who are definitively not terrorists but who are otherwise interesting targets so there's a sort of bleed over and so we see the same thing with surveillance and cryptography it was for exceptional targets and now it is for everyone and so cryptography came as a liberator and that was the idea but just as we showed a little bit ago with Steller where they targeted engineers specifically to have access to the infrastructure so too we find that for cryptography they sabotage critical infrastructure we found in fact so many different interesting things that it's actually hard to talk about it in only half an hour of time I mean I'd like to just say as one of the journalists who's been publishing on the documents I think one of the most important stories and the most unsatisfying fine stories was the bull run story that was published by the New York Times and The Guardian and ProPublica because it did warn us of how the NSA was attacking critical infrastructure to make the internet insecure and yet it didn't tell us any specifics of what they meant by that and this is something I think that it frustrated many people in the audience and so yeah and so the reporting that Jake has been doing with Aaron Gibson and other people Christian Grutoff there in the audience is to dig in and to find out what those specifics are so that we can actually warn people about what is safe and what's not safe in cryptography so we have let's say a little free time where we're going to talk about this but I'd like to do some surveys who here uses PPTP don't laugh at them when they raise their hand let them be honest, who uses it one guy this audience stop doing that, we're going to tell you why in a second who here uses IPsec with a pre-shared key fantastic stop doing that too raise your hand if you use SSH guess what in the documents that we're publishing today we are showing in fact a series of systems that if we understand them correctly I wonder if I should say my next sentence I say this only as myself and not as Laura I'd be surprised if some buildings weren't burning frankly but the NSA claims to have databases for decryption of an attack orchestration for PPTP and IPsec which is not so surprising at all but also for SSL and TLS and for SSH they have specific slides where they talk about the Debian Week number generation this is not that from what we can tell they have separate programs for that so they of course have a way through the cryptographic exploitation services to do certain decrypts now they say we stress potential it seems to be that there's a pattern and the pattern is things that are done entirely in software in particular as long as there is a good random number generator and especially if it is free software what we find is that it seems to stand the test of time that doesn't mean that it always will because we found a couple of things one of the things is that we found that they log the ciphertext and that they wait sometimes to break it with brute force so we're also revealing today the location of the two large supercomputers that is at Oak Ridge National Laboratories in Port Mead for a program called Long Hall Long Hall I suppose as they have named it appropriately is for their Long Hall approach combined with things like the massive data repository or the mission data center the mission data repository in places like Bluffdale Utah they plan and do store the ciphertext of an unbelievable number of connections when you make an SSL TLS connection the GCHQ keeps statistics the Canadian CSE keeps statistics they seem to log metadata about the handshake in terms of TCPIP but also in terms of SSL and TLS for the actual protocols that is to say they store the cryptographic handshakes and in some cases for specific selected data they take the entire flow now we have found claims that are kind of amazing in the case of Bull Run the New York Times and the Guardian and most of the collaborating news organizations have often left out important details one of the important details which I find to be the most shocking and upsetting is that the British alone by 2010 was it had 832 people read into their Bull Run program that is 832 people knew about their backdooring and sabotage of crypto just in the British service alone and each of the Five Eyes countries runs a program like that with potentially similar numbers of people read into those programs they say something like 3 people can keep a secret if 2 are dead how about 832 Britishmen I'm not sure that that's a really good bet and these guys have bet the farm on it that is to say they have slides and presentations and intercepts where they decrypt SSL or they discuss decrypting SSL at a scale starting in the tens of thousands millions of thousands hundreds of thousands and millions and then into billions actually for TLS and SSL they actually have statistics on the order of billions of all of the major websites that everyone here probably has used at one point or another in their life so in the case of the Canadian services they even monitored hockey talk to give you an idea about this they talk about it in terms of warranted collection and special source collection and encrypted traffic indeed does stand out they have programs like quick ant which is a specific way of interfacing with a program called flying pig flying pig is an SSL TLS database it's a knowledge database and quick ant seems to be what's called a query focused data set they try to use that from what we can tell for doing low latency de-anonymization some of the documents we're releasing today will explain some of their failures now I think it's important to be cautious about this because they have many compartments for their data that is to say they very clearly have ways of keeping secrets even from themselves but one of the things we found and that we're publishing today also is a FISA intercept to the best of my knowledge and I think that this is true no one has ever published one of these before so this is the basis for what you would call parallel construction actually where they gather intelligence and then they say whatever you do don't use this in lawful investigations don't use this in a court it's not to evidence but by the way here it is so we're publishing one of those today and we have some well moderately good news in looking at these what we have found is that they consistently break various different types of encryption so if you are mailing around a Microsoft doc document that's password protected there's a good chance that they send it to long haul using a thing called island transport and then that if it can through brute force is decrypted and it is the case that when they do this decryption they send it back and they include the decrypted information in the FISA transcript they do this for RAR files they do this for .doc files they do this for a bunch of different systems we don't want to focus on what's broken the New York Times and the Guardian and other places have already sort of said everything is fucked we wanted to try to make it a positive talk and so I think Laura here is just going to be able to show you in fact if it will play just drag it over other way so we wanted to show you who here has heard about prism everyone what does that mean to you what does that mean to you what does that mean to you what does it mean to you what does that mean to you we just know it is a massive surveillance program we wanted to show you what one of those prism records looks like which in itself is I think sorry it's a rather un-exciting document except for the fact we get to show it to you which is great I think if you escape so that pleasure in being able to say that this couldn't have happened without Laura, but if you look here you see SIGAD, U.S. 984XN, that's prism. And this is your dossier for prism. And if you're wondering about the redactions, it's all Andy Malamagoon. Here's the good news. The FBI regularly lies to the American public and to the rest of the world, and they say they're going dark. What we found in the study of these FISA intercepts is that basically no one uses cryptography, and basically everyone that uses cryptography is broken, except for, well, let's say two things. Thing number one is OTR. Very important to go with it is you'll notice that there's some metadata, and it's just metadata, but as the U.S. government has said in public, they kill people with metadata. So up there you'll see that, I believe this was Yahoo, is that right Andy? Yeah, I think it could be Gmail, it could be Yahoo, I forget which one this one is. We're releasing enough for you to figure it out on your own. Hopefully this isn't you, if so, I'm sorry we redacted your information, because if it was me I wouldn't want it to be redacted. But you'll see that it's a username, IP address, as well as a time and a date, and you'll also see other IP addresses associated with it. Those are used for selector-based surveillance, which if you haven't been following along at home, it means that they can take that information, put it into other databases, into things like Xkeyscore, and pull up other information that will be related. But most importantly here is you see what is essentially a chat log, as if it had been created on your computer. Now don't log, it's rude. They did it for you anyway. And what you see is OC, no decrypt available for this OTR encrypted message. In other documents we see them saying cryptographic exploitation services, we can't decrypt it, it's off the record. Quite a nice endorsement. And what we have also found is that they do the same thing for PGP. Now in other cases, they do decrypt the messages. So instead of telling you about everything that's broken, what we wanted to do was to suggest look at the composition of OTR, find Ian Goldberg who's here somewhere, ask him to review your cryptographic protocol, maybe don't, he's probably already overwhelmed. But Snowden said this in the very beginning. He said cryptography when properly implemented is one of the few things that you can rely upon and he's right and we see this, this is the message. These things are not to be used in legal proceedings and yet here we see them anyway and what we see is that even there in the most illegal of settings essentially they can't decrypt it. Now the sad part is that not everyone is using it, but the good news is that when you use it, it appears to work. When you verify the fingerprint, for example, we didn't find evidence of them doing active attacks to do man in the middle attacks, but that's easy to solve, OTR allows you to authenticate PGP and GNU PG allow you to verify the fingerprint. We did find evidence of them having databases filled with cryptographic keys that were pilfered from routers and compromising machines. So rotate your keys frequently, use protocols that are ephemeral. They themselves find that they are blinded when you use properly implemented cryptography. So GNU PG, Verna Kock I think is in the audience, GNU PG and OTR are two things that actually stop the spies from spying on you with prism. So we have some other really good news and that good news is this. There are in some of the slides that are being released, a matrix, not the matrix that you were hoping for, but we can talk about that program later. I'm not even joking, but there are some other things. One of the things that they talk about in this matrix is what's hard and what's easy. And in the case of hard, they describe red phone and that means signal, the program by Christine Corbett and Moxie Marlin Spike as catastrophic. They say tails and tore, catastrophic. So what that really means is that we now understand some things that they have trouble with and how they will take action to try to sabotage it is clear. They will try to sabotage the random number generators like they did with Dual EC DRBG. They will try to sabotage the platforms. They will try to force companies to be complicit. I think the German word is Gleischaltung. You're all familiar with that? That is the process that is happening now in America with these crypto programs. That's what Prism is. Prism is when companies would like to fight against it, and that's not to call them victims, most of them are willing. This is still what they are forced into. That is the legal regime. And it is when you take responsibility using this strong crypto that you can set that in a different direction. Those companies actually can't really protect you. They are, in fact, secretly, in some cases, and sometimes willingly, complicit in that. And so if you use red phone and signal, if you use something like Tor and GNU PG with a properly sized key, don't use like a 768-bit RSA key or something stupid like that. If you use OTR, if you use jabber.ccc.de, by that guy who runs that a beer, by the way, if you use these things in concert together, you blind them. So this is the good news. And the documents that support this are online. We have some other bad news, though. There exists a program which they call Tundra. Tundra, it's not exactly clear what the details are, but they say that they have a handful of crypto analytic attacks on AES. Obviously they can't break AES or they would be able to break OTR. But what it suggests is that they have a conflict of interest where they're both supposed to protect our information and, of course, to exploit it. If they have attacks against AES, much like if they have attacks against SSH, as they claim in the Caprios database in that program, then it shows that conflict of interest runs very deep against our critical infrastructure, against the most important systems that exist to protect our data. And it shows a sort of hegemonic arrogance and that arrogance is to suggest that they'll always be on top. I had the misfortune of meeting General Alexander quite recently in Germany, and after failing to have him arrested, which was a funny story in itself, I asked him what he thought he was doing. Another person there stood up and said, what about who comes after you next? And he didn't quite understand the question, but his answer was pretty eerie. He said, nobody comes after us next. Thousand-year Reich. That is exactly what he was saying. And when I confronted him about accountability for things like kill lists and crypto, he said that he was just following orders, literally. So, now we know what blinds them and we understand what they do with things when they are not blinded. Their politics include assassinations, but it doesn't just end there. It includes torture. It includes kidnapping. It includes buying people and then sending their bodies home with a number instead of a name. It includes dehumanizing them. So, we want to encourage everyone here to feel empowered with this knowledge, which is a little difficult, but Verna Koch, are you in the room? Could you stand up? Ian Goldberg, are you in the room? I'm sorry to do this. There's Ian. Christine Corbett. Christine Corbett, are you in the room? From single? Keep standing. Stand up. Stand up. These people, without even knowing it and without even trying, they beat them. Don't sit down, guys. So, last night I screened my film Citizen Four here and there were some questions and somebody asked what can they do to support the work that Snowden has done and the journalist. And actually what I should have said and I didn't say in the moment is that actually everybody should fund the work that you guys do. And I mean that and because literally my work would not be possible without the work that you do. So I would like it if everybody in this room, when they leave here in the next week, to reach out and fund these projects. Because without these projects, the journalism that Glenn and I and Jake have done would literally not be possible. Just to be clear, since this video will definitely be played at a grand jury against the both of us, I want to make it perfectly clear that defense of the US Constitution is the supreme defense, your honor. And secondly that those gentlemen had nothing to do with any of this at all. So now, hold your applause, I'm sorry. I mean they deserve it forever. If it wasn't for them, we definitely would not have made it here today. And so it is free software for freedom, literally as Richard Stallman talks about it. Empowered with strong mathematics, properly implemented that made this possible. It is not hopeless. It is in fact the case that resistance is possible. And in fact I think the CCC, if I have learned one lesson from the KS Computer Club and this community, it's that it's mandatory. That we have a duty to do something about these things and we can do something about it. So what we need to recognize and what I hope that we can bring to you is that there is great risk for Laura in particular in making these kinds of things possible. But that we are in it together. When Julian and I gave a talk with Sarah Harrison last year and we talked about sysadmins of the world uniting, we didn't just mean sysadmins. We meant recognize your class interests and understand that this is the community that you were a part of, at least a small part of, and that we're in it together. We need people like Christine Corbett working on Signal. We need people like Ian Goldberg breaking protocols and building things like OTR and Verna Koch. We need Adam Langley building things like PON. But we need everybody to do whatever they can to help with these things. It requires everyone and every skill is valuable to contribute to that, from all the people that work on Tor to people that work on Debian, the work on free software for freedom, literally. So what we wanted to do was to say that we should align with these class interests and that we should recognize them and that we should work together to do that. And it is this community who can help to really change things in the rest of the world because it is in fact only this community and some of the people in this room and around the world that tie into it that have blinded these people. Everyone else seems to have either gone complicitly or they have designed it incompetently and broken and it is not good. So that is important to recognize. Every person, if you are here, you are out of a small set of people in the world. Use that power wisely. Help these people to do that and that will help us all to continue not only to reveal these things but to fundamentally shift and change that. For everyone, for the whole planet, without any exception. So on that note, we'd like to take some questions. Everybody has a question. Please stand in front of one of the six microphones that are in this room. And signal angel, are you there? Yeah, I'm here. Are there questions from the internet? Yeah, so the first one would be what should we do about SSH now? No. Shall I? Yeah. I want to be clear. We don't understand. We only know what they claim. And I don't want to hype that and say that they didn't claim anything. But they do have claim. They claim it as potential. What I would say is what about those NIST curves? What about NIST anything? The documents that we've released specifically talk about something that's very scary. They say that it is top secret in a classification guide that the NSA and the CIA work together to subvert standards. And we even released as part of the story an example of them going, the NSA that is, to an IETF meeting to enhance surveillance with regard to voiceover IP. They are literally amongst us. So what do we do? First, find them. Second, stop them. Thank you. Microphone 2, please. Can you talk about, do you plan on releasing the source material eventually or will it always be redacted? Well, some of this is already out right now without redactions with the exception of a very few sets of redactions for agents' names and things where legally we will go to prison. I mean, I'm not adverse to that, but I'd like to wait a while. What about in 15, 20 years time? Yeah, I mean, I think there are two questions there is how scaling the reporting, which I agree, needs to happen. And I think it's a valid criticism. We need to do more of it. I think certain things I would say should continue to be redacted, at least for the short term, which are things like there are a lot of names, email addresses, phone numbers, those kinds of specifics, I think we'll continue to redact. And then we're working on scaling. I haven't really had time to think about 15 years from now. So, but of course, I think at some point those questions of names, I mean, that becomes less of an issue. But I do hear the criticism that we need to be doing more publishing. If we live that long, I hope you'll help us. Next question? Next question from the internet, please. So how reliable is the source on OTR? Can that be verified with a second source somehow? Well, I think that's a really good question. From what we know cryptographically, OTR, which has been analyzed by a number of people, hasn't been broken. And what it appears to be the case in these FISA intercepts, alone, that that is one set of things, where they produce one set of evidence from one set of people. And there are other documents from a different section, from different agencies, that essentially say something completely the same. That is, everything we see seems to support that. And I would say, maybe Julian's not the best example of how great OTR is, but I think I am. I rely on it every day for almost all of my communications. And I feel pretty confident, which combined with this, as well as talking with people in the intelligence community who actually use OTR and PGP, amazingly enough. So I feel pretty good about it. And the most important part is that they don't have superpowers. They have back doors. For example, I really would encourage people to look at the Cavium hardware. I don't really know why, but it seems to be that they're obsessed with this. And you can look at the documents and you can see that. But look at the hardware, crypto hardware. And imagine that it's compromised. They spend tens of millions of dollars to backdoor these things and they work with agencies around the world to make that happen. So it would make sense that OTR would be safe, actually. It doesn't interface with any hardware. And it would make sense because the math seems to be good and it seems to be vetted. And that seems to be their weakness. Number four, please. Hello. I have actually, I think maybe a little odd question but I wanted to ask it anyway, regarding the term war on terror in general. Because all of these things, the torture report, the NSA spying, is all being done in the name of the war on terror. Even though we know a number of the people who were tortured were innocent and were in no way terrorists, we know torture does not work as an interrogation method. And we know a vast majority of the people who were being spied on are completely innocent and did nothing wrong. And I wanted to know if maybe we might actually be inadvertently lending an amount of credibility to the whole thing by using the term war on terror in the first place. Yeah. I mean, actually, I think we're talking about reconstructing narratives and that's maybe one we should, because it's really the war on pretty much everyone. And so I agree with that. And I stopped using it for a long time. I think I began reusing it. I think when nothing changed. And in fact, I think I was one of those people who thought things would change under Obama and there would be some accountability. Like if you torture people, you're held accountable for torturing people. And then that didn't. So yeah, I agree. We need a new term for that to describe. I mean, some people are calling it the endless war, which I hope isn't actually true. But I do think that that's a term that comes with the narrative of the government. I think because I've been living in Germany for a while, I actually don't use the war on terror as a sentence ever. I say imperialist war, because that's what it is. It's imperialist war. And it's an imperialist war on you as a person, your liberties. It's not about privacy. It's about choice. It's about dignity. It's about agency. And of course, I mean, these guys are murderers and rapists. We shouldn't dignify them. I mean, they're absolutely awful. The torture report really shows that. But it doesn't matter that torture doesn't work. That's like, as is often said, you know, this notion, what is slavery economically viable? Who fucking cares? It's slavery. Number one, please. Do you think, since it's kind of obvious that we should reject or mostly reject the projects that are influenced by governmental institutions like NIST, do you have any information to how they react when they see that you use smaller projects like, for example, paths to encrypt your hard drive and some odd crypto scheme? Well, one of the things we found is that TrueCrypt, for example, withstands what they're trying to do and they don't like it. I really wonder if someone could figure out why TrueCrypt shut down. That would be really interesting. I can also tell you that after I met General Alexander and I told him to go fuck himself as hard as possible with the chainsaw, I hope he's watching this video. He actually went to, let's say, my employer who shall remain anonymous. And, sorry, Roger. And my understanding is they also went to our funders and said, what's this guy? What's he doing? And they tried to pressure. And my employer, who shall remain anonymous, did not cave. But yeah, they exert pressure. Another question from the internet, please. Yeah, so these files are pretty shocking or revealing. Were they part of the stuff that came out in summer last year and where was the bottleneck? Why do they come out now? Well, that's a question for you. So in this case, this was a number of reasons. One is that we've been slow to scale the reporting. And it was also a case that some of the files I personally didn't have access to during that time when the story actually first came out. And then also just the time of reporting and researching the documents. Number three, please. Thanks for the talk. It was great. I support totally the idea that we need strong crypto. And I think that, yeah, strong crypto needs all the support. We should all use it. But I think strong crypto is not the whole answer to the political situation that we have. And I think that this community of hackers and nerds needs to build stronger ties with political movements and be part of political movements. I know you are. And I think that we can solve the political dilemma with just strong crypto. So we need both. And another question from the internet. No more questions from the internet. So number three, please. Yes. Thank you also very much for the talk. I wanted to ask a question about Citizen 4 and especially the ending of Citizen 4 where there's a strong suggestion that the army base here in Germany called Ramstein is essential in the skillings that you addressed tonight. What would be your, like, are you going to give more information that's not just suggestional? Yeah. And what would you want, like, especially this audience to engage in? I mean, so there is going to be more reporting on that topic that I'm working with. And my colleague Jeremy Scahill at the Intercepts. And I, unfortunately, I can't say more than that other than we will be coming out with more information that will go beyond what you see in the film. So for sure. And it deals with how Ramstein is part of the infrastructure and architecture of communication. Shut it down. Number five, please. Is there a minimum key length that you would consider unsafe? Yeah. So actually, I'm glad you asked that question. I was sort of hoping someone would do that. Okay. So there are some documents from the GCHQ where they talk about their supercomputing resources. And about three years ago, they were talking about, what is it, 640-bit keys being something that they sort of casually take care of. Now, at the same time that that was happening, Arjen Lenstra had, I think, factored 768-bit and it took, what was it, Alex, three years? On a bunch, year and a half. So I think pretty much anything less than 1024 is a bad idea. There are other documents where they specifically say if it's 1024-bit RSA, it's a problem. But you need to think about it, not about what they can do today. First of all, they have different compartments. One of those compartments, obviously, is dedicated to any maths that they've got that speed that up. But another point is that because of things like the massive data repository, the mission data repository at Bluffdale, Utah, you are not encrypting for today. I mean, you are. But you're also encrypting for 50 years from today. So personally, I use 4096-bit RSA keys and I store them on a hardware token, which hopefully doesn't have a backdoor, but I trust Verner. That's the best I can do, unfortunately, which is pretty good. But I think, for example, that the best key sizes you need to think about them in terms of what you're actually doing and how long. And then think about composition. That is, it's not just about encrypting something with like a 4096-bit RSA key. Also, make it hard for them to target you for surveillance in the first place. So for example, when you can, use systems where you can compose it with Tor. Use things that are totally ephemerally keyed, so they can't break in, steal the key, and decrypt things in retrospect. Make it really hard for them to make it valuable. There's an economic point to that collection as well as a mathematical point. Actually, they sort of balance each other out. So anyway, don't use small key lengths and maybe also consider looking at the work that DJB and Tanya have been doing about elliptic curve stuff and I think really look to them. But these guys aren't special. They don't have superpowers. But when you use things that are closed-source software, I mean, Richard Stallman was really right. I mean, I know that it pains some of you to know that, but he was really right. And he deserves a lot of love for that. Free software with software implementations with large keys, that's what you want. And when you can, protocols that allow for ephemeral keying or where they have forward secrecy. Things like PON, things like OTR, things like red phone and signal, and GNU PG. GNU PG has the caveat that if they ever get into your system later, they can, of course, decrypt other messages. So you have to consider all that, not just key size. And GNU PG has safe defaults. So if you're choosing key sizes, hopefully you're using that. Libraries like Salt also make safe choices. So hopefully that answers your question and you use strong crypto in the future. So thank you very much for the talk. Thank you. I saw a lot of people being shocked in that room. A lot of tears of, I think, proudness and hope. I saw that gives me a really good feeling. So thank you for the talk. Give them a very warm applause.