0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/214 Thanks! 1 00:00:09,250 --> 00:00:10,250 All right. 2 00:00:11,870 --> 00:00:12,829 Yeah. 3 00:00:12,830 --> 00:00:15,139 Actually, this thing is 4 00:00:15,140 --> 00:00:17,239 an alpha version of a talk. 5 00:00:17,240 --> 00:00:19,429 It might be the draft 6 00:00:19,430 --> 00:00:22,039 of our 20 to 14 7 00:00:22,040 --> 00:00:23,040 to do list. 8 00:00:24,200 --> 00:00:26,359 It might be also just 9 00:00:26,360 --> 00:00:28,519 a draft to be discussed. 10 00:00:28,520 --> 00:00:30,919 However, after running 11 00:00:30,920 --> 00:00:33,079 some years of wiki called 12 00:00:33,080 --> 00:00:35,209 Planet Info, which I created in 13 00:00:35,210 --> 00:00:37,279 the pre Snowden area, and 14 00:00:37,280 --> 00:00:39,349 unfortunately it turned out to be totally 15 00:00:39,350 --> 00:00:40,399 true. 16 00:00:40,400 --> 00:00:42,619 So yeah, planet, 17 00:00:42,620 --> 00:00:44,209 it's like that. 18 00:00:44,210 --> 00:00:46,309 I thought I need to move on and 19 00:00:46,310 --> 00:00:48,739 we got to find ways to debunk 20 00:00:48,740 --> 00:00:50,179 planet Earth. 21 00:00:50,180 --> 00:00:51,180 So 22 00:00:52,310 --> 00:00:53,990 I'm looking at this whole thing. 23 00:00:55,340 --> 00:00:57,529 I'm trying to structurally look at this 24 00:00:57,530 --> 00:01:00,259 whole thing, as I did 25 00:01:00,260 --> 00:01:01,789 when I created Park Planet. 26 00:01:01,790 --> 00:01:04,249 I, first of all, collected like stuff 27 00:01:04,250 --> 00:01:06,559 on companies providing 28 00:01:06,560 --> 00:01:09,529 surveillance technologies on countries 29 00:01:09,530 --> 00:01:11,469 and country specific situations. 30 00:01:11,470 --> 00:01:14,149 So you'll find a planet that info 31 00:01:14,150 --> 00:01:16,219 wiki page for each country on this 32 00:01:16,220 --> 00:01:17,220 planet. 33 00:01:17,810 --> 00:01:19,489 So looking at worldwide ticket 34 00:01:19,490 --> 00:01:21,769 installations, actually my this 35 00:01:21,770 --> 00:01:23,869 year I was a lot more busy than all 36 00:01:23,870 --> 00:01:25,819 the time before with adding entries 37 00:01:25,820 --> 00:01:28,099 because with the Snowden stuff, there's 38 00:01:28,100 --> 00:01:30,049 a lot more on NSA programs and their 39 00:01:30,050 --> 00:01:32,629 structure and so on, but also 40 00:01:32,630 --> 00:01:35,359 on the cooperation models of intelligence 41 00:01:35,360 --> 00:01:38,479 agencies as it looks like 42 00:01:38,480 --> 00:01:40,639 our enemies. So to see 43 00:01:40,640 --> 00:01:43,129 those guys applying surveillance 44 00:01:43,130 --> 00:01:45,079 technology, being under control freak 45 00:01:45,080 --> 00:01:47,299 mode, the assholes get 46 00:01:47,300 --> 00:01:49,549 along with each other quite well 47 00:01:49,550 --> 00:01:52,639 as they have stuff to share 48 00:01:52,640 --> 00:01:54,469 and interest to share and so on. 49 00:01:55,640 --> 00:01:57,319 But also, I want to talk a little bit 50 00:01:57,320 --> 00:02:00,019 about the technology side of which 51 00:02:00,020 --> 00:02:02,479 stuff we must consider 52 00:02:02,480 --> 00:02:04,909 compromised at this point. 53 00:02:04,910 --> 00:02:05,910 So 54 00:02:07,130 --> 00:02:09,288 if you look 55 00:02:09,289 --> 00:02:11,749 at it from a global 56 00:02:11,750 --> 00:02:14,059 point of view, said to say we 57 00:02:14,060 --> 00:02:16,219 have this information 58 00:02:16,220 --> 00:02:18,439 at hand and we have 59 00:02:19,520 --> 00:02:21,739 a process or we have more 60 00:02:21,740 --> 00:02:23,959 information than actually find their way 61 00:02:23,960 --> 00:02:26,329 into the public understanding 62 00:02:26,330 --> 00:02:28,429 at the moment, I'm working for 63 00:02:28,430 --> 00:02:30,109 quite some time now with Spiegel and 64 00:02:30,110 --> 00:02:33,259 others to like, get the material 65 00:02:33,260 --> 00:02:35,119 to a level of understanding. 66 00:02:35,120 --> 00:02:36,649 And if you look for example at the 67 00:02:36,650 --> 00:02:38,989 simplification process, when 68 00:02:38,990 --> 00:02:41,449 we found material where the NSA, 69 00:02:41,450 --> 00:02:43,519 they do not break encryption, OK, but to 70 00:02:43,520 --> 00:02:45,769 circumvent it, they have ways to steal 71 00:02:45,770 --> 00:02:47,839 the keys to limit the 72 00:02:47,840 --> 00:02:49,339 key links and so on. 73 00:02:49,340 --> 00:02:51,679 But journalists who are not aware 74 00:02:51,680 --> 00:02:53,989 of this whole area and to try 75 00:02:53,990 --> 00:02:55,549 to, you know, we're going to simplify it 76 00:02:55,550 --> 00:02:57,139 a little bit. And then the editorial 77 00:02:57,140 --> 00:02:58,759 process again thinks, Oh, this is too 78 00:02:58,760 --> 00:03:00,019 complicated for our readers. 79 00:03:00,020 --> 00:03:02,179 Let's simplify the message to 80 00:03:02,180 --> 00:03:04,159 the end user and the newspaper is done 81 00:03:04,160 --> 00:03:06,079 and it's a breaks encryption, which is 82 00:03:06,080 --> 00:03:08,149 exactly the wrong message. 83 00:03:08,150 --> 00:03:10,219 But this is one of 84 00:03:10,220 --> 00:03:12,349 the problems we are facing, 85 00:03:12,350 --> 00:03:14,719 that we are in a level of complexity 86 00:03:14,720 --> 00:03:16,939 here where 87 00:03:16,940 --> 00:03:18,620 we need new ways to 88 00:03:19,760 --> 00:03:22,849 bring this into the public, understanding 89 00:03:22,850 --> 00:03:25,009 what we are talking about and what 90 00:03:25,010 --> 00:03:27,259 the problem is and how 91 00:03:27,260 --> 00:03:29,329 to get out of this problematic 92 00:03:29,330 --> 00:03:30,530 situation here and there. 93 00:03:32,000 --> 00:03:34,219 So next to that type 94 00:03:34,220 --> 00:03:36,199 of problems, we have missing bits. 95 00:03:38,840 --> 00:03:41,419 Snowden comes from a department 96 00:03:41,420 --> 00:03:43,519 called S2, and below 97 00:03:43,520 --> 00:03:45,679 that is those guys organizing 98 00:03:45,680 --> 00:03:47,629 technical data. 99 00:03:47,630 --> 00:03:49,969 I'm thinking about ways to exploit 100 00:03:49,970 --> 00:03:52,129 other systems, thinking about crypto 101 00:03:52,130 --> 00:03:53,130 circumvention, 102 00:03:54,680 --> 00:03:56,749 stealing data, the one or the 103 00:03:56,750 --> 00:03:58,249 other way. 104 00:03:58,250 --> 00:04:00,349 However, this is all and most 105 00:04:00,350 --> 00:04:02,449 of the material is about technology. 106 00:04:03,920 --> 00:04:06,469 The material contains not so much 107 00:04:06,470 --> 00:04:08,659 about, let's say, the 108 00:04:08,660 --> 00:04:10,939 targets because the targets 109 00:04:10,940 --> 00:04:12,560 are like 110 00:04:13,580 --> 00:04:15,559 individual cases, but the individual 111 00:04:15,560 --> 00:04:17,359 cases only find their way into the 112 00:04:17,360 --> 00:04:19,518 material if an especial effort 113 00:04:19,519 --> 00:04:21,018 was required. 114 00:04:21,019 --> 00:04:23,269 So if not, the standard way 115 00:04:23,270 --> 00:04:25,819 of, let's say, underwater 116 00:04:25,820 --> 00:04:28,069 cable tapping or 117 00:04:28,070 --> 00:04:30,559 having a compromised infrastructure 118 00:04:30,560 --> 00:04:32,539 in the country helps, but they needed to 119 00:04:32,540 --> 00:04:33,920 do something specifically. 120 00:04:34,970 --> 00:04:37,069 There is a department. 121 00:04:37,070 --> 00:04:39,559 If you look at the way the NSA 122 00:04:39,560 --> 00:04:41,989 works, there's a department above 123 00:04:41,990 --> 00:04:44,269 as to what's called as one is called 124 00:04:44,270 --> 00:04:46,189 customer relations. 125 00:04:46,190 --> 00:04:48,379 Unfortunately, we don't have a lot 126 00:04:48,380 --> 00:04:51,019 of stuff about them at this moment, 127 00:04:51,020 --> 00:04:53,209 so we have an idea who 128 00:04:53,210 --> 00:04:55,669 the customers of the NSA are 129 00:04:55,670 --> 00:04:57,019 like the White House, the State 130 00:04:57,020 --> 00:04:59,389 Department, the CIA and so on, 131 00:04:59,390 --> 00:05:01,819 and how they are liaison 132 00:05:01,820 --> 00:05:03,919 officers from the customers meet 133 00:05:03,920 --> 00:05:06,349 the liaison officers from the NSA. 134 00:05:06,350 --> 00:05:08,869 Well, this finds its way into a process 135 00:05:08,870 --> 00:05:09,969 called a request. 136 00:05:09,970 --> 00:05:12,039 And where that again finds its way to 137 00:05:12,040 --> 00:05:14,229 a process called tasking, Jake 138 00:05:14,230 --> 00:05:16,449 was explaining tasking earlier this day, 139 00:05:16,450 --> 00:05:18,939 this is actually tasking is sometimes 140 00:05:18,940 --> 00:05:20,829 done by someone who understands the 141 00:05:20,830 --> 00:05:22,809 technical capabilities of the different 142 00:05:22,810 --> 00:05:25,239 programs and who 143 00:05:25,240 --> 00:05:27,789 manages to get the targets 144 00:05:27,790 --> 00:05:30,459 information out of the systems or 145 00:05:30,460 --> 00:05:33,009 like initiates collections, initiates 146 00:05:33,010 --> 00:05:35,139 exploits or whatever is required to get 147 00:05:35,140 --> 00:05:37,989 the data about the target. 148 00:05:37,990 --> 00:05:40,089 But then all 149 00:05:40,090 --> 00:05:42,369 this type of technical data goes 150 00:05:42,370 --> 00:05:44,469 back to what's called the rope, 151 00:05:44,470 --> 00:05:46,209 the requesting office of Primary 152 00:05:46,210 --> 00:05:47,289 Interest. 153 00:05:47,290 --> 00:05:49,419 And they write reports, they write 154 00:05:49,420 --> 00:05:50,709 a lot of the code reports. 155 00:05:50,710 --> 00:05:53,259 And here we come to in that interesting 156 00:05:53,260 --> 00:05:55,419 area because it 157 00:05:55,420 --> 00:05:57,849 helps us also to understand why 158 00:05:57,850 --> 00:06:00,879 the NSA has a $50 billion budget 159 00:06:00,880 --> 00:06:02,589 because there is people using that 160 00:06:02,590 --> 00:06:04,779 material in negotiations in 161 00:06:04,780 --> 00:06:06,609 what kind of things. So if we have a 162 00:06:06,610 --> 00:06:08,499 delegation of the Department of Commerce 163 00:06:08,500 --> 00:06:10,569 or whatever, maybe goes to Germany 164 00:06:10,570 --> 00:06:12,729 and they meet five 10 165 00:06:12,730 --> 00:06:14,889 people, they can submit that list 166 00:06:14,890 --> 00:06:17,229 of people to the NSA and say, Get me 167 00:06:17,230 --> 00:06:19,059 all of them your hat and they get NIS 168 00:06:19,060 --> 00:06:21,699 briefly need briefly 169 00:06:21,700 --> 00:06:23,799 report about what these people like, 170 00:06:23,800 --> 00:06:25,119 what they don't like, what they think 171 00:06:25,120 --> 00:06:27,249 about the issues to be discussed, 172 00:06:27,250 --> 00:06:28,959 what their financial figures are or who 173 00:06:28,960 --> 00:06:31,029 their enemies are, who their friends are. 174 00:06:31,030 --> 00:06:33,159 And I discussed this type of usage 175 00:06:33,160 --> 00:06:35,409 of second with William Binney, the 176 00:06:35,410 --> 00:06:37,569 former architect of the NSA, 177 00:06:37,570 --> 00:06:39,699 who was here last year and became 178 00:06:39,700 --> 00:06:41,949 one of the very early whistleblowers. 179 00:06:41,950 --> 00:06:44,589 And he said, don't think black and white. 180 00:06:44,590 --> 00:06:46,509 It's not that we have to use that 181 00:06:46,510 --> 00:06:48,279 information for blackmailing because 182 00:06:48,280 --> 00:06:49,959 blackmailing is, you know, is offending 183 00:06:49,960 --> 00:06:50,979 people. 184 00:06:50,980 --> 00:06:53,019 And, you know, they might find it abusive 185 00:06:53,020 --> 00:06:55,179 and so on. Thin gray mailing. 186 00:06:55,180 --> 00:06:56,169 It just works like this. 187 00:06:56,170 --> 00:06:58,269 You have this all this information about 188 00:06:58,270 --> 00:07:00,249 a prison. And you know, you know what? 189 00:07:00,250 --> 00:07:01,419 You don't want to talk about this and 190 00:07:01,420 --> 00:07:03,039 went right, and we don't want to talk 191 00:07:03,040 --> 00:07:05,229 about this. So why don't we agree 192 00:07:05,230 --> 00:07:06,339 to each other? 193 00:07:06,340 --> 00:07:08,409 So it's like a gentlemen's way 194 00:07:08,410 --> 00:07:11,289 of, yeah, not blackmailing mailing, 195 00:07:11,290 --> 00:07:13,899 which is an important procedure 196 00:07:13,900 --> 00:07:16,239 to understand if we ask ourselves, what 197 00:07:16,240 --> 00:07:17,619 the hell are they doing with all this 198 00:07:17,620 --> 00:07:19,509 data? Why are they doing this? 199 00:07:19,510 --> 00:07:21,789 And how does this also affect 200 00:07:21,790 --> 00:07:24,039 a policy making big 201 00:07:24,040 --> 00:07:25,409 business and other things? 202 00:07:26,680 --> 00:07:28,779 So next to this, there's a lot more 203 00:07:28,780 --> 00:07:30,939 to learn how this data 204 00:07:30,940 --> 00:07:33,069 is being used, but this talk 205 00:07:33,070 --> 00:07:34,869 is not about how this data is being used. 206 00:07:34,870 --> 00:07:37,839 This talk is trying to 207 00:07:37,840 --> 00:07:39,969 get some ideas together what 208 00:07:39,970 --> 00:07:41,529 we can do against it. 209 00:07:41,530 --> 00:07:43,809 So there is this term 210 00:07:43,810 --> 00:07:46,239 of tcim of technical surveillance 211 00:07:46,240 --> 00:07:48,579 countermeasures, and within that 212 00:07:48,580 --> 00:07:50,939 terminology, there's a thing called a TSM 213 00:07:50,940 --> 00:07:53,080 survey, which is defining 214 00:07:54,670 --> 00:07:57,129 or defined as service provided 215 00:07:57,130 --> 00:07:58,899 by qualified personnel to detect the 216 00:07:58,900 --> 00:08:00,639 presence of technical surveillance 217 00:08:00,640 --> 00:08:02,709 devices and hazards, 218 00:08:02,710 --> 00:08:04,899 identified technical security weaknesses 219 00:08:04,900 --> 00:08:06,369 that could aid in the conduct of a 220 00:08:06,370 --> 00:08:08,979 technical penetration of the service 221 00:08:08,980 --> 00:08:11,049 facilities. So the facility in this 222 00:08:11,050 --> 00:08:12,279 case is planet Earth. 223 00:08:13,630 --> 00:08:15,819 But to simplify it a little bit 224 00:08:15,820 --> 00:08:18,039 and make it maybe manageable, 225 00:08:18,040 --> 00:08:20,229 I would hypothetically like 226 00:08:20,230 --> 00:08:22,419 to think of a country which maybe says, 227 00:08:22,420 --> 00:08:23,619 you know, we want to get out of this 228 00:08:23,620 --> 00:08:24,759 shit. 229 00:08:24,760 --> 00:08:25,930 We would like to 230 00:08:26,980 --> 00:08:29,199 provide our citizens and infrastructure 231 00:08:29,200 --> 00:08:31,419 for communication that is not pre owned 232 00:08:31,420 --> 00:08:33,639 by default by the NSA and whether data 233 00:08:33,640 --> 00:08:35,379 does not and so on and so on. 234 00:08:35,380 --> 00:08:37,479 So if 235 00:08:37,480 --> 00:08:39,908 we think of a country 236 00:08:39,909 --> 00:08:42,219 who might, you know, want to move 237 00:08:42,220 --> 00:08:44,499 in that direction, there 238 00:08:44,500 --> 00:08:46,899 is a few steps required. 239 00:08:46,900 --> 00:08:49,089 My definition of TCM is 240 00:08:49,090 --> 00:08:51,399 not the clinical one. 241 00:08:51,400 --> 00:08:53,979 So clinical one is 242 00:08:53,980 --> 00:08:56,229 the DSM just detects what 243 00:08:56,230 --> 00:08:58,329 the hell is around 244 00:08:58,330 --> 00:09:00,609 there, because the theory 245 00:09:00,610 --> 00:09:02,379 from the very old days where you went 246 00:09:02,380 --> 00:09:04,509 into a room and you would do 247 00:09:04,510 --> 00:09:06,579 a sweeping, you would look, where is the 248 00:09:06,580 --> 00:09:08,979 hidden park under the table or whatever? 249 00:09:08,980 --> 00:09:11,409 You would remove that and you'd be fine. 250 00:09:11,410 --> 00:09:13,449 Things are unfortunately no more of that 251 00:09:13,450 --> 00:09:14,409 easy. 252 00:09:14,410 --> 00:09:16,739 So communication, 253 00:09:16,740 --> 00:09:18,849 security, operational security, I 254 00:09:18,850 --> 00:09:21,639 consider all parts of a successful TCM 255 00:09:21,640 --> 00:09:23,829 approach if it should lead to 256 00:09:23,830 --> 00:09:24,830 something. 257 00:09:25,420 --> 00:09:27,819 Meaning in the scope 258 00:09:27,820 --> 00:09:30,249 of the problem is OK, identify 259 00:09:30,250 --> 00:09:32,199 the points where the surveillance is all 260 00:09:32,200 --> 00:09:34,090 the second takes place. 261 00:09:35,560 --> 00:09:37,929 Identify the technological problems 262 00:09:37,930 --> 00:09:39,489 of the framework. That technology you're 263 00:09:39,490 --> 00:09:41,799 dealing with are the parties 264 00:09:41,800 --> 00:09:44,169 involved, the supply technologies 265 00:09:44,170 --> 00:09:45,279 and their jurisdictions. 266 00:09:45,280 --> 00:09:48,429 And although those related things 267 00:09:48,430 --> 00:09:50,529 and then construct 268 00:09:50,530 --> 00:09:53,079 services, processes and devices 269 00:09:53,080 --> 00:09:55,509 in a way where surveillance get nothing 270 00:09:55,510 --> 00:09:57,939 except maybe encrypted data 271 00:09:57,940 --> 00:10:00,309 where network software 272 00:10:00,310 --> 00:10:02,589 process architecture issues 273 00:10:02,590 --> 00:10:04,689 are being reconstructed in a 274 00:10:04,690 --> 00:10:07,569 way that data does not get 275 00:10:07,570 --> 00:10:10,439 easily into wrong hands by default. 276 00:10:10,440 --> 00:10:12,989 And where device is being used in process 277 00:10:12,990 --> 00:10:15,299 is being used by human beings, are 278 00:10:15,300 --> 00:10:17,639 under the control of 279 00:10:17,640 --> 00:10:19,949 the user and or the process owner 280 00:10:19,950 --> 00:10:20,950 at least. 281 00:10:21,630 --> 00:10:24,329 So that's quite a high 282 00:10:24,330 --> 00:10:26,639 attitude of to achieve. 283 00:10:26,640 --> 00:10:27,989 But I guess it's what we want. 284 00:10:30,000 --> 00:10:32,669 The scope of the problem, however we 285 00:10:32,670 --> 00:10:35,249 come to that, is that transnational 286 00:10:35,250 --> 00:10:36,929 infrastructure must be considered 287 00:10:36,930 --> 00:10:39,449 compromised, at least by 288 00:10:39,450 --> 00:10:41,579 roughly three parties a country, 289 00:10:41,580 --> 00:10:42,959 a country B. 290 00:10:42,960 --> 00:10:45,209 Then you've got the NSA, the 291 00:10:45,210 --> 00:10:46,210 Q and the Mossad 292 00:10:47,370 --> 00:10:48,539 as party number three. 293 00:10:50,100 --> 00:10:52,259 Just if we simplify, then consider 294 00:10:52,260 --> 00:10:53,260 that one block. 295 00:10:54,120 --> 00:10:56,249 Many national infrastructures must even 296 00:10:56,250 --> 00:10:58,319 be considered compromised because they 297 00:10:58,320 --> 00:11:01,049 are pre owned, often operated 298 00:11:01,050 --> 00:11:03,539 by parties where 299 00:11:03,540 --> 00:11:05,909 the American, British, whatever 300 00:11:05,910 --> 00:11:07,919 players have access. 301 00:11:07,920 --> 00:11:10,199 And on top of it is the national 302 00:11:10,200 --> 00:11:12,359 intelligence who also has the idea of, 303 00:11:12,360 --> 00:11:14,399 you know, applying surveillance, getting 304 00:11:14,400 --> 00:11:15,629 the data and so on. 305 00:11:15,630 --> 00:11:18,089 So we're dealing with even more people 306 00:11:18,090 --> 00:11:20,309 and then we 307 00:11:20,310 --> 00:11:22,619 have exploitation methods that are 308 00:11:23,700 --> 00:11:26,189 built into technology. 309 00:11:26,190 --> 00:11:27,869 And that is what was released by the 310 00:11:27,870 --> 00:11:30,089 Spiegel this morning at 11:00, 311 00:11:30,090 --> 00:11:32,459 where Jacob Jake 312 00:11:32,460 --> 00:11:34,200 referred to slightly also 313 00:11:35,970 --> 00:11:38,129 built in implant, which is their 314 00:11:38,130 --> 00:11:40,769 terminology for exploits, plus 315 00:11:40,770 --> 00:11:43,349 something that remains and the devices 316 00:11:43,350 --> 00:11:44,730 in order to control it. 317 00:11:45,870 --> 00:11:48,089 So a lot of technology 318 00:11:48,090 --> 00:11:50,429 we use by default, but Cisco 319 00:11:50,430 --> 00:11:52,499 Juniper, whereby whatever 320 00:11:52,500 --> 00:11:55,139 must be considered compromised 321 00:11:55,140 --> 00:11:56,879 and subject to computer network 322 00:11:56,880 --> 00:11:58,649 exploitation or tailored access 323 00:11:58,650 --> 00:12:00,960 operations, that's NSA terminology. 324 00:12:02,250 --> 00:12:04,319 And also cryptic circumvention 325 00:12:04,320 --> 00:12:07,829 tools are available on a scalable 326 00:12:07,830 --> 00:12:10,259 dimension, meaning that they 327 00:12:10,260 --> 00:12:12,479 collect so-called fingerprints of all 328 00:12:12,480 --> 00:12:15,129 our computer parameters. 329 00:12:15,130 --> 00:12:17,579 So operating system, browser 330 00:12:17,580 --> 00:12:19,709 plug ins, versions of those plugins and 331 00:12:19,710 --> 00:12:21,779 so on and have standard 332 00:12:21,780 --> 00:12:23,009 exploits at hand 333 00:12:24,450 --> 00:12:26,539 ready to inject into our 334 00:12:26,540 --> 00:12:27,959 deceptive his streams. 335 00:12:27,960 --> 00:12:29,940 And this is just a very rough picture. 336 00:12:31,590 --> 00:12:33,809 It's NSA puts this very 337 00:12:33,810 --> 00:12:35,939 rough picture in a bit more 338 00:12:35,940 --> 00:12:37,139 of a beautiful form. 339 00:12:38,550 --> 00:12:40,679 So I 340 00:12:40,680 --> 00:12:43,409 don't want to like analyze this here 341 00:12:43,410 --> 00:12:45,179 in front of you. You can do that at home, 342 00:12:45,180 --> 00:12:46,709 but you could rough the idea of, you 343 00:12:46,710 --> 00:12:49,739 know, cables connecting 344 00:12:49,740 --> 00:12:52,079 countries or continents, 345 00:12:52,080 --> 00:12:54,299 regional infrastructures of 346 00:12:54,300 --> 00:12:55,950 the collection services, 347 00:12:57,510 --> 00:12:59,819 cooperating operators 348 00:12:59,820 --> 00:13:02,219 of fiber optic networks within 349 00:13:02,220 --> 00:13:04,349 or cross-country 350 00:13:04,350 --> 00:13:06,599 plus implants, which 351 00:13:06,600 --> 00:13:08,879 makes the infrastructure of foreign 352 00:13:08,880 --> 00:13:10,769 countries and foreign network operators 353 00:13:10,770 --> 00:13:12,720 removed controllable for the NSA. 354 00:13:14,340 --> 00:13:16,589 The structure of the NSA programs 355 00:13:16,590 --> 00:13:18,659 is roughly like this 356 00:13:18,660 --> 00:13:20,729 you can in the 357 00:13:20,730 --> 00:13:22,919 hope that this is interest 358 00:13:22,920 --> 00:13:23,879 for you. 359 00:13:23,880 --> 00:13:26,579 I spend a lot of time identifying 360 00:13:26,580 --> 00:13:29,189 the programs of the different sections 361 00:13:29,190 --> 00:13:30,089 of the substance. 362 00:13:30,090 --> 00:13:32,219 Sections are the script analysis guys. 363 00:13:32,220 --> 00:13:35,159 They collect handshakes and stuff. 364 00:13:35,160 --> 00:13:37,229 The global access guys, they go for their 365 00:13:37,230 --> 00:13:38,669 high fiber cables. 366 00:13:38,670 --> 00:13:39,869 Special collection sites. 367 00:13:39,870 --> 00:13:42,389 That's mostly the embassies. 368 00:13:42,390 --> 00:13:44,789 Special source operations is corporations 369 00:13:44,790 --> 00:13:47,009 with companies, telcos, carriers 370 00:13:47,010 --> 00:13:49,619 who run infrastructure 371 00:13:49,620 --> 00:13:51,839 and tailored access operations is, 372 00:13:51,840 --> 00:13:53,729 you might call it, hacking that I don't 373 00:13:53,730 --> 00:13:55,320 call it hacking. I call it like, 374 00:13:56,670 --> 00:13:58,859 that's a military way of attacking 375 00:13:58,860 --> 00:14:01,169 computers and taking control 376 00:14:01,170 --> 00:14:03,269 over them. So because there's no hacker 377 00:14:03,270 --> 00:14:05,159 attacks involved, I don't call these guys 378 00:14:05,160 --> 00:14:07,469 hackers. These are assaults 379 00:14:07,470 --> 00:14:09,529 in governmental contract adjacent 380 00:14:09,530 --> 00:14:10,530 to. 381 00:14:13,990 --> 00:14:15,279 All right, and then we have 382 00:14:16,600 --> 00:14:18,969 next to be 383 00:14:18,970 --> 00:14:22,359 before we can come to straight technology 384 00:14:22,360 --> 00:14:24,759 specific solutions in this area. 385 00:14:24,760 --> 00:14:26,919 We have to watch 386 00:14:26,920 --> 00:14:28,989 a bit of principle because 387 00:14:28,990 --> 00:14:31,149 again, let's put yourself 388 00:14:31,150 --> 00:14:33,769 or it's put ourselves on the mind 389 00:14:33,770 --> 00:14:36,259 of a group who maybe advises 390 00:14:36,260 --> 00:14:38,499 the government of a country who says, 391 00:14:38,500 --> 00:14:39,609 we want to get out of this. 392 00:14:39,610 --> 00:14:41,709 OK, so what what what 393 00:14:41,710 --> 00:14:43,869 do we find next to these NSA 394 00:14:43,870 --> 00:14:45,939 based operations 395 00:14:45,940 --> 00:14:47,349 and so on? 396 00:14:47,350 --> 00:14:48,350 We have 397 00:14:49,420 --> 00:14:51,969 problems of exclusivity 398 00:14:51,970 --> 00:14:53,199 of security. 399 00:14:53,200 --> 00:14:55,269 The NSA calls this the noblest 400 00:14:55,270 --> 00:14:57,579 principle. No one but us. 401 00:14:57,580 --> 00:15:00,009 If we are looking for example, at 402 00:15:00,010 --> 00:15:02,409 a heavy military grade encryption 403 00:15:02,410 --> 00:15:04,539 systems which are capable of 404 00:15:04,540 --> 00:15:06,939 indeed providing security 405 00:15:06,940 --> 00:15:09,369 over an even insecure 406 00:15:09,370 --> 00:15:11,379 network environments, this technology 407 00:15:11,380 --> 00:15:13,449 tend to be not only expensive but also 408 00:15:13,450 --> 00:15:15,699 subject to export controls 409 00:15:15,700 --> 00:15:17,859 and because surveillance systems 410 00:15:17,860 --> 00:15:19,749 you can sell all over the planet, there's 411 00:15:19,750 --> 00:15:22,029 roughly no regulation in place yet. 412 00:15:22,030 --> 00:15:24,129 But if you come to encryption, this 413 00:15:24,130 --> 00:15:26,169 is considered as the ability of a country 414 00:15:26,170 --> 00:15:27,909 to protect itself from the global 415 00:15:27,910 --> 00:15:29,889 surveillance, so it's not available to 416 00:15:29,890 --> 00:15:32,509 all countries legally to be exported. 417 00:15:32,510 --> 00:15:35,049 Hence, one also 418 00:15:35,050 --> 00:15:37,119 signal intelligence so that the 419 00:15:37,120 --> 00:15:39,309 data being accessed through all 420 00:15:39,310 --> 00:15:41,829 this programs is a currency. 421 00:15:41,830 --> 00:15:44,319 It's being exchanged between countries. 422 00:15:44,320 --> 00:15:47,379 If, for example, Miss Merkel, the German 423 00:15:47,380 --> 00:15:49,959 chancellor, if this lady would 424 00:15:49,960 --> 00:15:52,059 in theory have the idea of, Oh, 425 00:15:52,060 --> 00:15:54,249 we need to, you know, stop that the 426 00:15:54,250 --> 00:15:56,169 American success, German data and turn 427 00:15:56,170 --> 00:15:57,939 and we need to stop any cooperation with 428 00:15:57,940 --> 00:15:59,649 the NSA on this one. 429 00:15:59,650 --> 00:16:01,509 I guess she would find herself in the 430 00:16:01,510 --> 00:16:03,249 very difficult situation that if the 431 00:16:03,250 --> 00:16:05,529 Americans don't provide the German army 432 00:16:05,530 --> 00:16:07,659 and the German foreign intelligence 433 00:16:07,660 --> 00:16:09,909 data from their signal to signal 434 00:16:09,910 --> 00:16:12,189 intelligence infrastructure like imagery, 435 00:16:12,190 --> 00:16:14,499 satellite imagery of stuff 436 00:16:14,500 --> 00:16:16,539 happening in Afghanistan or elsewhere, 437 00:16:16,540 --> 00:16:18,489 she will have a few hundred dead German 438 00:16:18,490 --> 00:16:20,619 soldiers to handle and a 439 00:16:20,620 --> 00:16:22,629 problem justifying that. 440 00:16:22,630 --> 00:16:24,699 So there is dependencies of 441 00:16:24,700 --> 00:16:27,519 countries in this exchange of 442 00:16:27,520 --> 00:16:29,679 seguinte, and these dependencies are 443 00:16:29,680 --> 00:16:31,989 very different depending on the country 444 00:16:31,990 --> 00:16:33,099 and so on. 445 00:16:33,100 --> 00:16:35,169 But they need to be identified because 446 00:16:35,170 --> 00:16:37,419 as long as we don't, let's say, 447 00:16:37,420 --> 00:16:40,389 integrate that in our concept, 448 00:16:40,390 --> 00:16:42,189 we stay pretty naive. 449 00:16:42,190 --> 00:16:44,379 OK, because reality is not 450 00:16:44,380 --> 00:16:46,269 only what can be done technology, but 451 00:16:46,270 --> 00:16:48,549 also what our interests and what 452 00:16:48,550 --> 00:16:50,619 are trade offs and what kind of deals are 453 00:16:50,620 --> 00:16:53,349 being made to ensure 454 00:16:53,350 --> 00:16:55,509 that national governments exist 455 00:16:55,510 --> 00:16:57,039 or whatever. 456 00:16:57,040 --> 00:16:59,139 And by the way, that's the 457 00:16:59,140 --> 00:17:01,599 third point, and that's not so 458 00:17:01,600 --> 00:17:04,118 unimportant one that also country 459 00:17:04,119 --> 00:17:06,279 specific control freaks fractures, the 460 00:17:06,280 --> 00:17:09,189 so-called governments that tend to be 461 00:17:09,190 --> 00:17:11,289 control freaks by nature as they 462 00:17:11,290 --> 00:17:13,358 need to, or have this idea 463 00:17:13,359 --> 00:17:15,429 of controlling not only a 464 00:17:15,430 --> 00:17:17,679 geographic territory T, but also 465 00:17:17,680 --> 00:17:20,049 people living there and, you know, 466 00:17:20,050 --> 00:17:22,239 companies acting there and so 467 00:17:22,240 --> 00:17:24,669 on and so on, and borders and all these 468 00:17:24,670 --> 00:17:26,919 things that define a country. 469 00:17:26,920 --> 00:17:29,109 And so we might, 470 00:17:29,110 --> 00:17:31,329 of course, even if 471 00:17:31,330 --> 00:17:33,039 you know, it's it's a bit of a strange 472 00:17:33,040 --> 00:17:35,169 idea, but we might of course say, 473 00:17:35,170 --> 00:17:37,329 Well, yes, OK, maybe a world is 474 00:17:37,330 --> 00:17:39,159 better with strong Nation-States than 475 00:17:39,160 --> 00:17:41,529 with One Nation State that 476 00:17:41,530 --> 00:17:42,969 all the other social groups, all the 477 00:17:42,970 --> 00:17:44,229 others have. However, you said, 478 00:17:45,640 --> 00:17:47,799 however, governments tend to want 479 00:17:47,800 --> 00:17:49,509 to avoid third party excesses. 480 00:17:49,510 --> 00:17:52,149 They want to be in exclusively, 481 00:17:52,150 --> 00:17:54,369 by the way, that also helps 482 00:17:54,370 --> 00:17:56,649 them to raise the value 483 00:17:56,650 --> 00:17:58,869 of their own seguinte because 484 00:17:58,870 --> 00:18:00,579 of the others have it already. 485 00:18:00,580 --> 00:18:03,359 Then it's heavy. It's hard to trade it. 486 00:18:03,360 --> 00:18:05,649 Okay, but if you are, like are able 487 00:18:05,650 --> 00:18:07,899 to establish a bit of exclusivity 488 00:18:07,900 --> 00:18:09,819 on your stuff, it's more worth. 489 00:18:09,820 --> 00:18:11,769 And if we like, that principle is another 490 00:18:11,770 --> 00:18:13,809 question, but maybe we can use it in some 491 00:18:13,810 --> 00:18:14,810 way. 492 00:18:15,310 --> 00:18:17,499 And also, they want to ensure that 493 00:18:17,500 --> 00:18:19,539 they have their access to self. 494 00:18:19,540 --> 00:18:21,249 And here it gets here. 495 00:18:21,250 --> 00:18:23,139 We run into a lot of problems and I'll 496 00:18:23,140 --> 00:18:24,489 come to that. 497 00:18:24,490 --> 00:18:26,559 So let's say 498 00:18:26,560 --> 00:18:28,869 we have our country, 499 00:18:28,870 --> 00:18:31,269 we look at the interconnection stuff, 500 00:18:31,270 --> 00:18:33,519 we look at cross country stuff. 501 00:18:33,520 --> 00:18:35,169 We might identify 502 00:18:36,220 --> 00:18:37,660 the companies acting here, 503 00:18:39,010 --> 00:18:41,169 their jurisdictional obligations, 504 00:18:41,170 --> 00:18:43,179 meaning if they are American companies, 505 00:18:43,180 --> 00:18:45,279 if they like it or not, they are obliged 506 00:18:45,280 --> 00:18:47,499 by law to allow NSA 507 00:18:47,500 --> 00:18:48,579 access to their stuff 508 00:18:49,750 --> 00:18:51,939 and also their options 509 00:18:51,940 --> 00:18:54,399 clandestinely so covertly 510 00:18:54,400 --> 00:18:55,629 to do whatever. 511 00:18:55,630 --> 00:18:56,709 With the infrastructure, 512 00:18:58,030 --> 00:19:00,189 we have to identify whatever exchange 513 00:19:00,190 --> 00:19:02,379 and cooperation agreements between 514 00:19:02,380 --> 00:19:04,599 the national intelligence guys 515 00:19:04,600 --> 00:19:06,789 and foreign intelligence are 516 00:19:06,790 --> 00:19:09,009 existent because that's, 517 00:19:09,010 --> 00:19:11,229 as I said, very important and we need 518 00:19:11,230 --> 00:19:12,619 to identify what. 519 00:19:12,620 --> 00:19:14,359 Kind of foreign embassy, so 520 00:19:15,420 --> 00:19:17,569 situations we have as 521 00:19:17,570 --> 00:19:19,789 we learn that the United States 522 00:19:19,790 --> 00:19:22,129 National Security Agency uses 523 00:19:22,130 --> 00:19:24,679 the embassies locations quite 524 00:19:24,680 --> 00:19:26,839 intensely for especially, of 525 00:19:26,840 --> 00:19:29,059 course, acting in unfriendly environments 526 00:19:29,060 --> 00:19:30,619 but also in other countries. 527 00:19:31,700 --> 00:19:33,859 I come to that in a second and 528 00:19:33,860 --> 00:19:36,169 then the target, the implant, so 529 00:19:36,170 --> 00:19:38,329 whatever infrastructure there is 530 00:19:38,330 --> 00:19:40,459 in place and not physically, but 531 00:19:40,460 --> 00:19:41,509 logically. 532 00:19:41,510 --> 00:19:43,579 So what part of our infrastructure in 533 00:19:43,580 --> 00:19:45,709 our country is already or 534 00:19:45,710 --> 00:19:48,539 might be subject to remote control 535 00:19:48,540 --> 00:19:51,229 network speed, our normal network of 536 00:19:51,230 --> 00:19:53,599 Cisco, whatever 537 00:19:53,600 --> 00:19:55,699 technology providing switching and 538 00:19:55,700 --> 00:19:56,700 so on. 539 00:19:58,520 --> 00:20:00,499 If we look at this first area of the 540 00:20:00,500 --> 00:20:03,799 costs, cross-country installations, 541 00:20:03,800 --> 00:20:06,049 we have a lot of material already 542 00:20:06,050 --> 00:20:08,239 thanks to Snowden in our hand 543 00:20:08,240 --> 00:20:10,579 to identify the taps 544 00:20:10,580 --> 00:20:13,399 to possibly reconfigure rooting. 545 00:20:13,400 --> 00:20:15,349 To think about bulk encryption for 546 00:20:15,350 --> 00:20:17,689 international traffic between specific 547 00:20:17,690 --> 00:20:20,119 points and also 548 00:20:20,120 --> 00:20:22,009 building up alternative connections, 549 00:20:22,010 --> 00:20:24,319 circumventing those points where we know 550 00:20:24,320 --> 00:20:26,209 that, by the way, started to happen, that 551 00:20:26,210 --> 00:20:28,579 likes countries like Finland 552 00:20:28,580 --> 00:20:30,649 connecting their stuff, not 553 00:20:30,650 --> 00:20:33,829 through Sweden and other areas. 554 00:20:33,830 --> 00:20:35,329 So this is unfortunately like a 555 00:20:35,330 --> 00:20:38,179 screenshot from a bloody television where 556 00:20:38,180 --> 00:20:40,339 Glenn Greenwald was browsing through 557 00:20:40,340 --> 00:20:41,689 some stuff. 558 00:20:41,690 --> 00:20:43,519 But this is just some of the operations 559 00:20:43,520 --> 00:20:45,709 of what it's called funded so far 560 00:20:45,710 --> 00:20:47,959 in satellite communications are being 561 00:20:47,960 --> 00:20:50,269 collected and 562 00:20:50,270 --> 00:20:52,549 we have more of those 563 00:20:52,550 --> 00:20:53,749 things. 564 00:20:53,750 --> 00:20:55,129 The other is on. 565 00:20:55,130 --> 00:20:56,720 The second point is reviewing 566 00:20:57,830 --> 00:21:00,019 third parties operating in the country. 567 00:21:00,020 --> 00:21:02,209 So identify who owns what. 568 00:21:02,210 --> 00:21:03,210 Companies 569 00:21:04,790 --> 00:21:06,919 review network architecture to 570 00:21:06,920 --> 00:21:09,319 identify critical points. 571 00:21:09,320 --> 00:21:11,449 Review of or identifying 572 00:21:11,450 --> 00:21:12,899 clean operators. 573 00:21:12,900 --> 00:21:15,169 So those who do not 574 00:21:15,170 --> 00:21:17,210 by default, hand over their data. 575 00:21:18,230 --> 00:21:20,299 And there is, as usual, 576 00:21:20,300 --> 00:21:21,739 for a nation state. 577 00:21:21,740 --> 00:21:23,989 If we are a country of a government 578 00:21:23,990 --> 00:21:26,449 of some country, there's a lot of options 579 00:21:26,450 --> 00:21:28,759 to put conditions into 580 00:21:28,760 --> 00:21:30,019 licensing. 581 00:21:30,020 --> 00:21:32,209 So to make, you know, the national 582 00:21:32,210 --> 00:21:34,489 reporting or this or that, this 583 00:21:34,490 --> 00:21:37,009 stuff is already already happening, 584 00:21:37,010 --> 00:21:39,799 but it often happens also on the 585 00:21:39,800 --> 00:21:42,169 just very selfish interest of 586 00:21:42,170 --> 00:21:44,209 countries who say, OK, we just play, 587 00:21:44,210 --> 00:21:46,609 Noble says, Well, OK, we'll just say 588 00:21:46,610 --> 00:21:48,679 we get all the data, all the citizens 589 00:21:48,680 --> 00:21:51,229 in our country, not the NSA by default. 590 00:21:51,230 --> 00:21:53,359 And if the NSA won something, then 591 00:21:53,360 --> 00:21:54,559 we have something to trade. 592 00:21:54,560 --> 00:21:56,629 That's of course not what we want. 593 00:21:56,630 --> 00:21:59,389 So we we got to be 594 00:21:59,390 --> 00:22:02,029 careful about the ideas we're spreading 595 00:22:02,030 --> 00:22:03,679 and where they end up in national 596 00:22:03,680 --> 00:22:04,680 agendas. 597 00:22:06,020 --> 00:22:08,749 So and you can shift, at least 598 00:22:08,750 --> 00:22:09,649 that's important. 599 00:22:09,650 --> 00:22:12,469 Your critical service to operators 600 00:22:12,470 --> 00:22:14,659 where you suspect a better 601 00:22:14,660 --> 00:22:16,909 level of understanding of the problems 602 00:22:16,910 --> 00:22:19,459 and taking care of it. 603 00:22:19,460 --> 00:22:22,039 We have countries specific 604 00:22:22,040 --> 00:22:24,319 situations where normally 605 00:22:24,320 --> 00:22:26,929 this should have happened long ago, 606 00:22:26,930 --> 00:22:29,059 like the if you look at Greece 607 00:22:29,060 --> 00:22:31,219 and Greece in 2006, there was a 608 00:22:31,220 --> 00:22:33,439 huge interception scandal on the 609 00:22:33,440 --> 00:22:35,239 prime minister, the most important 610 00:22:35,240 --> 00:22:36,529 ministers. 611 00:22:36,530 --> 00:22:38,989 It was a very technically complicated 612 00:22:38,990 --> 00:22:40,519 thing that was a lawful interception 613 00:22:40,520 --> 00:22:42,979 system, which was reprogramed 614 00:22:42,980 --> 00:22:45,469 in a way that these 615 00:22:45,470 --> 00:22:47,209 ministers would be targeted, a lawful 616 00:22:47,210 --> 00:22:49,339 interception measures which would 617 00:22:49,340 --> 00:22:51,499 not show up in the normal lawful 618 00:22:51,500 --> 00:22:53,839 interception systems, statistics 619 00:22:53,840 --> 00:22:54,979 and so on. 620 00:22:54,980 --> 00:22:57,349 It was all identified 621 00:22:57,350 --> 00:22:59,150 to be coming from Vodafone. 622 00:23:00,440 --> 00:23:02,569 There was the chief technician 623 00:23:02,570 --> 00:23:03,799 of Vodaphone Security. 624 00:23:03,800 --> 00:23:05,629 Greece found hanged. 625 00:23:05,630 --> 00:23:07,969 So a so-called 626 00:23:07,970 --> 00:23:10,459 suicide which no one police 627 00:23:10,460 --> 00:23:12,589 and the police investigation indeed 628 00:23:12,590 --> 00:23:15,020 started after some years again. 629 00:23:16,550 --> 00:23:18,769 But the funny thing is that it went 630 00:23:18,770 --> 00:23:20,809 to the level that the Greek government 631 00:23:20,810 --> 00:23:22,999 understood that Vodafone is a problem 632 00:23:23,000 --> 00:23:24,289 for them. 633 00:23:24,290 --> 00:23:26,119 But what they did was not revoking their 634 00:23:26,120 --> 00:23:28,849 license, but just cashing in 150 635 00:23:28,850 --> 00:23:31,159 million euro on 636 00:23:31,160 --> 00:23:33,139 compensation charge and everything 637 00:23:33,140 --> 00:23:34,199 remained in service. 638 00:23:34,200 --> 00:23:36,200 So that was 2006 639 00:23:37,460 --> 00:23:38,539 and 2013. 640 00:23:38,540 --> 00:23:40,609 We learned about the same company 641 00:23:40,610 --> 00:23:42,799 that indeed they do have obligations to 642 00:23:42,800 --> 00:23:44,579 the British government, similar to those 643 00:23:44,580 --> 00:23:46,169 to the Americans. 644 00:23:46,170 --> 00:23:49,269 So not always 645 00:23:49,270 --> 00:23:51,559 enough that we know what companies 646 00:23:51,560 --> 00:23:53,979 is doing, what the 647 00:23:53,980 --> 00:23:56,389 the idea of national governments 648 00:23:56,390 --> 00:23:58,069 than acting the right way 649 00:23:59,630 --> 00:24:00,979 also needs to be. They need to be 650 00:24:00,980 --> 00:24:03,139 instructed, obviously, or kind 651 00:24:03,140 --> 00:24:04,140 of like that. 652 00:24:05,240 --> 00:24:08,059 And then we have this situation 653 00:24:08,060 --> 00:24:10,309 of the cooperation agreements 654 00:24:10,310 --> 00:24:12,489 from national local. 655 00:24:12,490 --> 00:24:14,829 Intelligence agencies with the NSA, 656 00:24:16,900 --> 00:24:18,699 where a review of the national 657 00:24:18,700 --> 00:24:20,410 capabilities and so on is 658 00:24:21,580 --> 00:24:23,979 like of utmost importance 659 00:24:23,980 --> 00:24:26,289 in Germany, especially, 660 00:24:26,290 --> 00:24:28,389 this situation is as fucked up as 661 00:24:28,390 --> 00:24:30,939 it can be. By the way, the 662 00:24:30,940 --> 00:24:33,759 when Germany was still east and west, 663 00:24:33,760 --> 00:24:35,259 the east German government, the 664 00:24:35,260 --> 00:24:36,789 intelligence of the East German 665 00:24:36,790 --> 00:24:39,069 government, got hold of 666 00:24:39,070 --> 00:24:41,109 what is called the NSA RL. 667 00:24:41,110 --> 00:24:43,059 That's the national second requirement 668 00:24:43,060 --> 00:24:44,979 list. That's one of the most secret 669 00:24:44,980 --> 00:24:47,139 documents of the NSA listing 670 00:24:47,140 --> 00:24:50,049 all the targets in all the countries 671 00:24:50,050 --> 00:24:51,939 like what they want on that government, 672 00:24:51,940 --> 00:24:53,769 what they want on that company, in that 673 00:24:53,770 --> 00:24:55,240 country and so on and so on. 674 00:24:56,560 --> 00:24:58,689 So they had that 675 00:24:58,690 --> 00:25:00,879 list and they 676 00:25:00,880 --> 00:25:03,759 knew the Americans knew that 677 00:25:03,760 --> 00:25:06,159 East German intelligence had it. 678 00:25:06,160 --> 00:25:08,229 The authority 679 00:25:08,230 --> 00:25:10,419 keeping the records of the East German 680 00:25:10,420 --> 00:25:12,699 intelligence headed by a 681 00:25:12,700 --> 00:25:13,900 guy called Gulick 682 00:25:15,490 --> 00:25:17,679 turned over that material 683 00:25:17,680 --> 00:25:18,639 that A. R. L. 684 00:25:18,640 --> 00:25:20,679 List, which is, by the way, the same list 685 00:25:20,680 --> 00:25:22,959 that identified later that Mrs Merkel 686 00:25:22,960 --> 00:25:23,960 is a target. 687 00:25:24,820 --> 00:25:26,529 They gave it back to the Americans 688 00:25:26,530 --> 00:25:28,629 without keeping a copy under police 689 00:25:28,630 --> 00:25:30,699 protection, and they had 690 00:25:30,700 --> 00:25:32,769 of that authority keeping 691 00:25:32,770 --> 00:25:35,169 that records later 692 00:25:35,170 --> 00:25:37,299 was not punished because 693 00:25:37,300 --> 00:25:39,669 he betrayed German interest 694 00:25:39,670 --> 00:25:40,779 of American interest. 695 00:25:40,780 --> 00:25:42,939 No. He became Germany's 696 00:25:42,940 --> 00:25:43,940 president. 697 00:25:45,010 --> 00:25:47,109 So that's the same guy being our 698 00:25:47,110 --> 00:25:48,519 president now. 699 00:25:48,520 --> 00:25:50,709 And when Snowden came up 700 00:25:50,710 --> 00:25:53,019 in late June, he said 701 00:25:53,020 --> 00:25:55,209 stuff like, Oh, I don't 702 00:25:55,210 --> 00:25:57,449 have any sympathy for traitors. 703 00:25:58,960 --> 00:26:01,179 And then later a 704 00:26:01,180 --> 00:26:03,039 month or few days later, we had him, 705 00:26:03,040 --> 00:26:05,229 yeah, OK, well, maybe we need to find out 706 00:26:05,230 --> 00:26:06,609 what happened, whatever. 707 00:26:06,610 --> 00:26:08,949 But at least he gave us an idea 708 00:26:08,950 --> 00:26:11,859 on his recycling ability 709 00:26:11,860 --> 00:26:14,019 in the situation because I mean, what do 710 00:26:14,020 --> 00:26:16,029 you want to do with a guy who's heading 711 00:26:16,030 --> 00:26:18,159 your country, who's obviously 712 00:26:18,160 --> 00:26:19,149 putting U.S. 713 00:26:19,150 --> 00:26:20,829 interests over the interests of the 714 00:26:20,830 --> 00:26:22,689 country? He's meant to be the president 715 00:26:22,690 --> 00:26:24,129 and take care of? 716 00:26:24,130 --> 00:26:26,289 I mean, you might be able to recycle that 717 00:26:26,290 --> 00:26:28,479 guy maybe as dogfood or so, 718 00:26:28,480 --> 00:26:30,789 but I don't really get 719 00:26:30,790 --> 00:26:32,949 the idea what he can play for a helpful 720 00:26:32,950 --> 00:26:35,019 role in 721 00:26:35,020 --> 00:26:36,020 politics. 722 00:26:37,390 --> 00:26:38,390 So 723 00:26:39,610 --> 00:26:41,739 if we come to the areas 724 00:26:41,740 --> 00:26:44,139 where clandestinely, so covertly, 725 00:26:44,140 --> 00:26:46,359 embassies and similar offices, so 726 00:26:46,360 --> 00:26:47,360 also, 727 00:26:49,030 --> 00:26:50,859 let's say foreign companies are in 728 00:26:50,860 --> 00:26:53,829 disguise of foreign companies, offices 729 00:26:53,830 --> 00:26:56,199 do stuff there. 730 00:26:56,200 --> 00:26:58,419 Actually, we tried this in Germany 731 00:26:58,420 --> 00:27:00,189 and we spent quite some time with it 732 00:27:00,190 --> 00:27:02,259 looking. What the hell 733 00:27:02,260 --> 00:27:04,359 are they doing and what can we find out? 734 00:27:05,770 --> 00:27:08,049 So to look at their installations, their 735 00:27:08,050 --> 00:27:10,239 areas, they target 736 00:27:10,240 --> 00:27:12,399 the prisons like 737 00:27:12,400 --> 00:27:14,499 working in the embassies, their 738 00:27:14,500 --> 00:27:17,229 roads, their movements, their activities. 739 00:27:17,230 --> 00:27:19,479 I mean, if you are or if we are 740 00:27:19,480 --> 00:27:21,759 like to think of 741 00:27:21,760 --> 00:27:23,079 to be a government of a national, a 742 00:27:23,080 --> 00:27:24,819 country, we obviously would have some 743 00:27:24,820 --> 00:27:27,039 options to look closer of 744 00:27:27,040 --> 00:27:28,119 who might be dealing here. 745 00:27:29,290 --> 00:27:31,419 But also, of course, the next 746 00:27:31,420 --> 00:27:33,669 step would be then to target that kind 747 00:27:33,670 --> 00:27:36,279 of stuff. So using strong encryption, 748 00:27:36,280 --> 00:27:38,469 improving physical security, shielding 749 00:27:38,470 --> 00:27:40,749 and integrity of components and so on. 750 00:27:41,860 --> 00:27:43,180 So this sounds all 751 00:27:44,740 --> 00:27:46,869 pretty wild, but I think it's 752 00:27:46,870 --> 00:27:48,579 pretty important. 753 00:27:48,580 --> 00:27:50,829 This is the list of 754 00:27:50,830 --> 00:27:53,229 the CIA sites, all the special 755 00:27:53,230 --> 00:27:55,299 collection service, and most of them 756 00:27:55,300 --> 00:27:56,859 are indeed in embassies. 757 00:27:58,930 --> 00:28:00,969 We if you look at, for example, this is 758 00:28:00,970 --> 00:28:02,289 the rooftop of the U.S. 759 00:28:02,290 --> 00:28:03,879 Embassy in Berlin. I mean, that's pretty 760 00:28:03,880 --> 00:28:05,799 obvious that this is not a wall right in 761 00:28:05,800 --> 00:28:06,729 the middle. 762 00:28:06,730 --> 00:28:09,009 And we looked at it with 10ml 763 00:28:09,010 --> 00:28:11,529 imagery. We even identified 764 00:28:11,530 --> 00:28:13,719 the spots where the stuff 765 00:28:13,720 --> 00:28:15,789 is being like located and so 766 00:28:15,790 --> 00:28:16,790 on. 767 00:28:17,230 --> 00:28:19,329 However, 100 meters behind us, 768 00:28:19,330 --> 00:28:21,429 the British Embassy, the British 769 00:28:21,430 --> 00:28:23,709 Embassy don't even cover it. 770 00:28:23,710 --> 00:28:26,259 They just put a fucking huge 771 00:28:26,260 --> 00:28:28,329 in insulation with a 772 00:28:28,330 --> 00:28:30,909 random on their embassy. 773 00:28:30,910 --> 00:28:32,919 So the Americans at least tried to make 774 00:28:32,920 --> 00:28:34,460 it look a little bit nice. 775 00:28:35,830 --> 00:28:37,959 However, this is unfortunately 776 00:28:37,960 --> 00:28:39,239 in Germany as well. 777 00:28:39,240 --> 00:28:41,319 The stuff I made in the Latics 778 00:28:41,320 --> 00:28:43,449 for the smoker's situation, so 779 00:28:43,450 --> 00:28:45,609 they have one of these walls, which 780 00:28:45,610 --> 00:28:47,679 are not walls on the bottom right 781 00:28:47,680 --> 00:28:49,919 corner with the red things in each cell 782 00:28:49,920 --> 00:28:52,329 north, east, west, south 783 00:28:52,330 --> 00:28:53,410 in each direction 784 00:28:54,670 --> 00:28:57,219 and their location is pretty good for 785 00:28:57,220 --> 00:28:59,799 getting just them and other 786 00:28:59,800 --> 00:29:02,319 like while their stuff and so on from 787 00:29:02,320 --> 00:29:04,599 the parliamentarian offices, 788 00:29:04,600 --> 00:29:07,059 from the parliament itself, from, uh, 789 00:29:07,060 --> 00:29:08,589 the most important hotels and the 790 00:29:08,590 --> 00:29:10,179 governmental district and stuff like 791 00:29:10,180 --> 00:29:11,180 that. 792 00:29:11,920 --> 00:29:13,899 There is actually Duncan Campbell 793 00:29:13,900 --> 00:29:15,789 collects these embassy pictures. 794 00:29:15,790 --> 00:29:16,689 He has a lot more. 795 00:29:16,690 --> 00:29:18,519 I don't want to bore you with that, but 796 00:29:18,520 --> 00:29:20,709 if you're into nice pictures, he has 797 00:29:20,710 --> 00:29:21,909 a lot more. 798 00:29:21,910 --> 00:29:24,639 Um, what we found 799 00:29:24,640 --> 00:29:26,799 and what is being what was published 800 00:29:26,800 --> 00:29:29,259 just today is that also embassies 801 00:29:29,260 --> 00:29:31,509 play. So there's a special 802 00:29:31,510 --> 00:29:33,639 collection service plays a role 803 00:29:33,640 --> 00:29:36,339 in the active exploitation 804 00:29:36,340 --> 00:29:38,739 methods. So when they want to 805 00:29:38,740 --> 00:29:40,869 inject data packets, 806 00:29:40,870 --> 00:29:43,389 when they redirect internet traffic 807 00:29:43,390 --> 00:29:45,729 and they want to corrupt or shut down to 808 00:29:45,730 --> 00:29:46,730 IP connections, 809 00:29:48,040 --> 00:29:50,889 what they need is the red and blue 810 00:29:50,890 --> 00:29:53,169 differentiation. Here is the 811 00:29:53,170 --> 00:29:55,359 actually the blue is high latency 812 00:29:55,360 --> 00:29:57,999 sites, all that stuff being done abroad 813 00:29:58,000 --> 00:30:00,339 in the NSA facilities 814 00:30:00,340 --> 00:30:02,169 in Langley or wherever. 815 00:30:02,170 --> 00:30:04,299 And the red stuff is low 816 00:30:04,300 --> 00:30:07,059 latency. So that's local infrastructure. 817 00:30:07,060 --> 00:30:09,159 And in order to be able 818 00:30:09,160 --> 00:30:11,319 to do specific attacks on TCP 819 00:30:11,320 --> 00:30:13,449 IP connections, they need low latency. 820 00:30:13,450 --> 00:30:15,729 So they need very fast reactions 821 00:30:15,730 --> 00:30:18,099 and very fast using 822 00:30:18,100 --> 00:30:20,859 of local infrastructure and plans, 823 00:30:20,860 --> 00:30:22,929 which they control from a 824 00:30:22,930 --> 00:30:25,809 system connecting them in the embassy. 825 00:30:25,810 --> 00:30:27,459 So that's pretty funny and 826 00:30:28,990 --> 00:30:31,089 makes it pretty necessary to look 827 00:30:31,090 --> 00:30:32,979 at the internet connections of the 828 00:30:32,980 --> 00:30:34,899 embassies or the fiber optic cables 829 00:30:34,900 --> 00:30:37,359 connecting them, or 830 00:30:37,360 --> 00:30:39,669 because this is almost cyber warfare. 831 00:30:39,670 --> 00:30:41,919 I mean, this is the active attacks on 832 00:30:41,920 --> 00:30:43,029 connections. 833 00:30:43,030 --> 00:30:45,099 And I discussed this with some 834 00:30:45,100 --> 00:30:47,379 guys from, let's say, other 835 00:30:47,380 --> 00:30:48,939 government and they told me, Yeah, yeah, 836 00:30:48,940 --> 00:30:51,129 you're right. But you know, an embassy. 837 00:30:51,130 --> 00:30:53,049 You could, of course think that just you 838 00:30:53,050 --> 00:30:55,509 build a huge Faraday cage and you 839 00:30:55,510 --> 00:30:58,179 build around it and you'll have a lot of. 840 00:30:58,180 --> 00:31:00,249 Of last, but embassies tend to be 841 00:31:00,250 --> 00:31:02,739 buildings also not only connected, 842 00:31:02,740 --> 00:31:04,839 not only having an air interface to 843 00:31:04,840 --> 00:31:06,999 say to whatever is around, but 844 00:31:07,000 --> 00:31:09,189 also having like electricity connection, 845 00:31:09,190 --> 00:31:11,259 which could be used and not used 846 00:31:11,260 --> 00:31:13,899 for stuff telephone, 847 00:31:13,900 --> 00:31:16,409 internet like fiber as water 848 00:31:16,410 --> 00:31:18,609 drainpipe plumping pumping 849 00:31:18,610 --> 00:31:20,739 might, you know, might 850 00:31:20,740 --> 00:31:22,119 make you think of here. 851 00:31:23,150 --> 00:31:25,239 The system build up on the Congress, but 852 00:31:25,240 --> 00:31:26,919 plumbing has a total different meaning in 853 00:31:26,920 --> 00:31:28,749 this context because if you look at the 854 00:31:28,750 --> 00:31:30,309 traveling of any U.S. 855 00:31:30,310 --> 00:31:32,439 president, if he goes to any other 856 00:31:32,440 --> 00:31:34,749 country, he comes with his own chemical 857 00:31:34,750 --> 00:31:36,909 toilet. He will never sit in 858 00:31:36,910 --> 00:31:39,399 the normal hotels plumping because 859 00:31:39,400 --> 00:31:41,529 from his whatever he extracted from 860 00:31:41,530 --> 00:31:43,659 his body, you can identify his 861 00:31:43,660 --> 00:31:45,909 blood group, his medication, his 862 00:31:45,910 --> 00:31:47,049 whatever his. 863 00:31:47,050 --> 00:31:49,179 He is healthy or is not healthy, his life 864 00:31:49,180 --> 00:31:51,459 expectation and so on, and they don't 865 00:31:51,460 --> 00:31:53,739 want that information to leak. 866 00:31:53,740 --> 00:31:54,740 So 867 00:31:56,410 --> 00:31:58,719 it's a sorry for the holistic approach, 868 00:31:58,720 --> 00:31:59,720 but. 869 00:32:01,490 --> 00:32:04,129 There is there's like many dimensions 870 00:32:04,130 --> 00:32:06,589 of knowing 871 00:32:06,590 --> 00:32:07,590 your enemy. 872 00:32:09,770 --> 00:32:12,229 So the last area 873 00:32:12,230 --> 00:32:14,389 and I got to seemed to need to come 874 00:32:14,390 --> 00:32:16,999 to an end in this review thing is 875 00:32:17,000 --> 00:32:19,279 the implants, the implants 876 00:32:19,280 --> 00:32:21,379 in your own infrastructure in 877 00:32:21,380 --> 00:32:23,899 peering points, exchange points, 878 00:32:23,900 --> 00:32:25,699 but networks, but also in your 879 00:32:25,700 --> 00:32:27,769 infrastructure that you, as 880 00:32:27,770 --> 00:32:30,289 your own country's government, 881 00:32:30,290 --> 00:32:32,719 use falafel interception and monitoring. 882 00:32:32,720 --> 00:32:34,609 Because if that infrastructure is pre 883 00:32:34,610 --> 00:32:36,859 owned, then the NSA doesn't even 884 00:32:36,860 --> 00:32:38,389 need to build up their own monitoring 885 00:32:38,390 --> 00:32:40,039 infrastructure. They just use your 886 00:32:40,040 --> 00:32:41,539 capabilities. 887 00:32:41,540 --> 00:32:43,999 And also, these 888 00:32:44,000 --> 00:32:46,129 implants, of course, have patterns 889 00:32:46,130 --> 00:32:47,119 of phoning home. 890 00:32:47,120 --> 00:32:48,919 They need to be controlled. 891 00:32:48,920 --> 00:32:51,409 They are doing stuff like that 892 00:32:51,410 --> 00:32:53,959 to, uh, are being controlled 893 00:32:53,960 --> 00:32:55,369 by this tableland system. 894 00:32:56,390 --> 00:32:58,579 So the whole paradigm of 895 00:32:58,580 --> 00:33:00,769 national infrastructure, it's 896 00:33:00,770 --> 00:33:02,839 actually something to rethink because 897 00:33:02,840 --> 00:33:04,939 people think and physical locations 898 00:33:04,940 --> 00:33:07,309 and the NSA just totally ignore us, 899 00:33:07,310 --> 00:33:09,289 a country, borders and stuff like that. 900 00:33:09,290 --> 00:33:11,209 They just see technical components they 901 00:33:11,210 --> 00:33:13,489 can use, utilize wherever they are. 902 00:33:13,490 --> 00:33:14,490 And that's it. So 903 00:33:15,830 --> 00:33:17,899 we might have to even redefine 904 00:33:17,900 --> 00:33:20,089 what is a national country and what 905 00:33:20,090 --> 00:33:22,249 is a government and 906 00:33:22,250 --> 00:33:23,539 what is power and so on. 907 00:33:23,540 --> 00:33:25,549 Because if you're just actually paying 908 00:33:25,550 --> 00:33:27,019 the electricity bill for an 909 00:33:27,020 --> 00:33:28,849 infrastructure that they own, well, 910 00:33:30,050 --> 00:33:31,849 then that's not what we want. 911 00:33:34,010 --> 00:33:36,289 There is, of course, one very 912 00:33:36,290 --> 00:33:38,179 dangerous thought from my point of view, 913 00:33:38,180 --> 00:33:41,029 because if we are thinking to military 914 00:33:41,030 --> 00:33:43,549 and that's what these guys sometimes 915 00:33:43,550 --> 00:33:45,739 suggest us to do is 916 00:33:45,740 --> 00:33:48,229 to compare like, for example, networks 917 00:33:48,230 --> 00:33:50,779 with rockets like 918 00:33:50,780 --> 00:33:52,459 controlling each other, country's 919 00:33:52,460 --> 00:33:54,649 territory, flying over infiltrating 920 00:33:54,650 --> 00:33:55,639 and so on. 921 00:33:55,640 --> 00:33:57,799 Because then we find ourselves in 922 00:33:57,800 --> 00:33:59,959 military ideas 923 00:33:59,960 --> 00:34:02,299 of how to defeat 924 00:34:02,300 --> 00:34:03,649 attacks on other countries. 925 00:34:03,650 --> 00:34:06,229 And then we come to strong borders and, 926 00:34:06,230 --> 00:34:08,299 you know, nationalization of traffic 927 00:34:08,300 --> 00:34:10,759 and so on. And that's not what we want. 928 00:34:10,760 --> 00:34:13,099 So there is some dangers in 929 00:34:13,100 --> 00:34:14,988 the specific ways of looking at these 930 00:34:14,989 --> 00:34:15,989 things. 931 00:34:16,760 --> 00:34:18,678 So I'm I'm roughly true. 932 00:34:18,679 --> 00:34:20,899 I have some related thoughts, 933 00:34:20,900 --> 00:34:21,900 which I wanted to 934 00:34:23,179 --> 00:34:24,468 give. 935 00:34:24,469 --> 00:34:26,718 If you can protect stuff, 936 00:34:26,719 --> 00:34:28,549 if you mind if you can protect your 937 00:34:28,550 --> 00:34:30,619 infrastructure, then avoid 938 00:34:30,620 --> 00:34:32,749 putting stuff on it that you don't want 939 00:34:32,750 --> 00:34:34,698 to be in the wrong hands. 940 00:34:34,699 --> 00:34:37,339 That's pretty simple. 941 00:34:37,340 --> 00:34:39,468 It also means that we need to 942 00:34:39,469 --> 00:34:41,539 maybe apply and suggest also 943 00:34:41,540 --> 00:34:43,729 that companies apply a principle of 944 00:34:43,730 --> 00:34:45,919 need to process a limitation of 945 00:34:45,920 --> 00:34:48,799 that data that is required in a process 946 00:34:48,800 --> 00:34:51,408 and not always get the full data set 947 00:34:51,409 --> 00:34:53,269 to somewhere where it's just about 948 00:34:53,270 --> 00:34:55,638 checking the shipment address 949 00:34:55,639 --> 00:34:57,799 or something where you transfer all 950 00:34:57,800 --> 00:34:59,449 the credit records and whatever over 951 00:34:59,450 --> 00:35:00,450 there. 952 00:35:00,860 --> 00:35:03,229 So if you can protect data 953 00:35:03,230 --> 00:35:04,849 being collected and data retention 954 00:35:04,850 --> 00:35:06,829 systems, then don't have them 955 00:35:08,450 --> 00:35:10,229 forget centralized databases. 956 00:35:10,230 --> 00:35:12,379 If these centralized databases 957 00:35:12,380 --> 00:35:14,539 are maybe a pre owned or easily 958 00:35:14,540 --> 00:35:15,540 too accessible them, 959 00:35:17,330 --> 00:35:19,459 forget processing more data than required 960 00:35:19,460 --> 00:35:21,649 and a process for getting national 961 00:35:21,650 --> 00:35:22,849 intelligence collections. 962 00:35:22,850 --> 00:35:25,099 Because if you can protect that, 963 00:35:25,100 --> 00:35:27,529 then you're just like supporting 964 00:35:27,530 --> 00:35:30,499 foreign power, growing 965 00:35:30,500 --> 00:35:32,839 without benefit for your own 966 00:35:32,840 --> 00:35:35,599 people, and also 967 00:35:35,600 --> 00:35:37,639 avoid private collections for marketing 968 00:35:37,640 --> 00:35:38,719 or whatever reasons. 969 00:35:40,790 --> 00:35:43,969 Next to that, there are some situations 970 00:35:43,970 --> 00:35:45,769 that need to be managed that are totally 971 00:35:45,770 --> 00:35:47,419 out of control. That's like if your 972 00:35:47,420 --> 00:35:49,519 citizens data are in foreign systems 973 00:35:49,520 --> 00:35:50,989 and Google and Yahoo and Facebook or 974 00:35:50,990 --> 00:35:52,309 whatever. 975 00:35:52,310 --> 00:35:54,439 The question is, what what can 976 00:35:54,440 --> 00:35:55,429 you do about that? 977 00:35:55,430 --> 00:35:56,780 It's more an open question, 978 00:35:58,070 --> 00:36:00,109 but it needs to be identified to what 979 00:36:00,110 --> 00:36:02,089 extent this is. 980 00:36:02,090 --> 00:36:04,669 Reality also that if your national 981 00:36:04,670 --> 00:36:06,799 companies have their data and 982 00:36:06,800 --> 00:36:09,139 foreign system and cloud providers 983 00:36:09,140 --> 00:36:11,719 that can be identified and taken care of. 984 00:36:11,720 --> 00:36:13,969 And of course, also if 985 00:36:13,970 --> 00:36:16,009 you are in a stage of outsourcing all 986 00:36:16,010 --> 00:36:18,139 your governmental administrative services 987 00:36:18,140 --> 00:36:20,419 to some companies, you might 988 00:36:20,420 --> 00:36:22,519 be doomed as well because you've just 989 00:36:22,520 --> 00:36:24,319 got to find out who is really running 990 00:36:24,320 --> 00:36:26,299 those companies in which jurisdictions to 991 00:36:26,300 --> 00:36:27,709 act and what they do with the data 992 00:36:27,710 --> 00:36:30,109 elsewhere and so on. 993 00:36:30,110 --> 00:36:32,060 So and then next to that. 994 00:36:34,200 --> 00:36:36,029 Not so short To-Do list. 995 00:36:36,030 --> 00:36:38,099 There's the whole range of communication, 996 00:36:38,100 --> 00:36:40,319 security and operational security 997 00:36:40,320 --> 00:36:42,599 where we could also get the idea. 998 00:36:42,600 --> 00:36:45,359 Maybe we should live an hour of shielded 999 00:36:45,360 --> 00:36:47,519 Faraday tents like 1000 00:36:47,520 --> 00:36:49,469 these gentlemen tend to do. 1001 00:36:49,470 --> 00:36:52,199 So this looks maybe 1002 00:36:52,200 --> 00:36:54,329 like it's somewhere in the desert, 1003 00:36:54,330 --> 00:36:56,459 but actually these type of tents they 1004 00:36:56,460 --> 00:36:57,959 built up in the presidential 1005 00:36:59,190 --> 00:37:01,199 lounges of hotels. 1006 00:37:01,200 --> 00:37:02,609 So like they 1007 00:37:03,630 --> 00:37:05,999 create their own small reality 1008 00:37:06,000 --> 00:37:07,920 to not get radiation in and out. 1009 00:37:09,600 --> 00:37:11,759 And this means we 1010 00:37:11,760 --> 00:37:14,219 get to maybe in the intermediate 1011 00:37:14,220 --> 00:37:16,319 phase. Think about how we survive 1012 00:37:16,320 --> 00:37:17,339 on the way. 1013 00:37:17,340 --> 00:37:19,469 I think if we 1014 00:37:19,470 --> 00:37:21,839 realistically see our infrastructure 1015 00:37:21,840 --> 00:37:24,209 and it's all the way compromised, 1016 00:37:24,210 --> 00:37:26,909 we need to start with something 1017 00:37:26,910 --> 00:37:29,279 we can rely on with separate devices 1018 00:37:29,280 --> 00:37:31,679 for strong security requirements 1019 00:37:31,680 --> 00:37:33,929 where we have very far limited hardware 1020 00:37:33,930 --> 00:37:35,399 problems, where we have a hardened 1021 00:37:35,400 --> 00:37:37,019 operating system, where we have strong 1022 00:37:37,020 --> 00:37:39,089 encryption and 1023 00:37:39,090 --> 00:37:41,399 also our own measures 1024 00:37:41,400 --> 00:37:42,869 to handle that like fingerprint 1025 00:37:42,870 --> 00:37:44,699 verifications and so on. 1026 00:37:44,700 --> 00:37:46,919 So in that type of environment, 1027 00:37:46,920 --> 00:37:49,739 if you're thinking tales of a tour, 1028 00:37:49,740 --> 00:37:51,869 everything, that's one that's roughly 1029 00:37:51,870 --> 00:37:52,799 the right direction. 1030 00:37:52,800 --> 00:37:55,319 But the moment you start using the web 1031 00:37:55,320 --> 00:37:57,479 images, scripts, plug ins, forget 1032 00:37:57,480 --> 00:37:59,609 it. You're dead, you're already 1033 00:37:59,610 --> 00:38:02,279 taken over to that type of mission. 1034 00:38:02,280 --> 00:38:04,679 So normal internet user usage 1035 00:38:04,680 --> 00:38:06,929 is like being out in the world by default 1036 00:38:08,610 --> 00:38:10,889 and data processing needs 1037 00:38:10,890 --> 00:38:13,499 scenarios where there is 1038 00:38:13,500 --> 00:38:14,699 limitations. 1039 00:38:14,700 --> 00:38:17,249 What all is being failed? 1040 00:38:17,250 --> 00:38:19,829 And if a single node or someone 1041 00:38:19,830 --> 00:38:22,319 if one of the entities processing stuff 1042 00:38:22,320 --> 00:38:24,899 is being take over it or whatever. 1043 00:38:24,900 --> 00:38:27,029 So that's to be 1044 00:38:27,030 --> 00:38:28,919 honest, of course, just rough ideas. 1045 00:38:30,000 --> 00:38:32,159 This stuff missing lots of 1046 00:38:32,160 --> 00:38:33,209 things. 1047 00:38:33,210 --> 00:38:34,530 Your thoughts and your comments? 1048 00:38:35,550 --> 00:38:37,380 That was that from my side pictures. 1049 00:38:46,210 --> 00:38:48,499 It's not like we have like 50 1050 00:38:48,500 --> 00:38:49,419 minutes or so, right? 1051 00:38:49,420 --> 00:38:52,089 Yes, yes, we have lots of time. 1052 00:38:52,090 --> 00:38:54,909 So if you have any questions 1053 00:38:54,910 --> 00:38:57,039 or if you have any ideas and want to talk 1054 00:38:57,040 --> 00:38:59,259 about what one could do 1055 00:38:59,260 --> 00:39:01,029 if you have a police line up at the 1056 00:39:01,030 --> 00:39:03,189 microphones, also, 1057 00:39:03,190 --> 00:39:06,159 all ideas and comments are appreciated. 1058 00:39:06,160 --> 00:39:08,769 And while I give you time to do that, 1059 00:39:08,770 --> 00:39:11,139 I also want to mention that 1060 00:39:11,140 --> 00:39:13,329 the talk from Sol one is 1061 00:39:13,330 --> 00:39:15,219 going to be streamed here. 1062 00:39:15,220 --> 00:39:17,289 So if you want to see that 1063 00:39:17,290 --> 00:39:19,869 you can stay here and there is no time, 1064 00:39:19,870 --> 00:39:22,179 no need to scramble over for the last 1065 00:39:22,180 --> 00:39:23,319 seat over there. 1066 00:39:23,320 --> 00:39:25,179 It's all going to be streamed over here. 1067 00:39:26,840 --> 00:39:29,329 So any questions from IOC? 1068 00:39:32,320 --> 00:39:33,320 Yes, there. 1069 00:39:38,300 --> 00:39:39,410 Audio, could you? 1070 00:39:41,290 --> 00:39:42,290 Sorry. 1071 00:39:42,850 --> 00:39:44,349 Yes, our questions. 1072 00:39:44,350 --> 00:39:46,419 First one, what did the NSA managed to 1073 00:39:46,420 --> 00:39:47,549 infiltrate Tor? 1074 00:39:47,550 --> 00:39:49,809 If yes, to what extent it is still 1075 00:39:49,810 --> 00:39:51,879 usable against an adversary like the 1076 00:39:51,880 --> 00:39:52,880 NSA 1077 00:39:54,460 --> 00:39:57,159 by default, Taurus not broken, 1078 00:39:57,160 --> 00:39:59,529 but there is so many ways 1079 00:39:59,530 --> 00:40:02,049 to circumvent 1080 00:40:02,050 --> 00:40:04,599 and to try to nice and to exploit 1081 00:40:04,600 --> 00:40:06,669 and control clients 1082 00:40:06,670 --> 00:40:08,859 that it totally 1083 00:40:08,860 --> 00:40:11,709 depends on your Tor clients 1084 00:40:11,710 --> 00:40:14,079 environmental operating systems 1085 00:40:14,080 --> 00:40:15,550 situation, so to say. 1086 00:40:16,780 --> 00:40:18,519 And of course, there is 1087 00:40:19,750 --> 00:40:21,999 possibilities because 1088 00:40:22,000 --> 00:40:24,129 you also in most Tor or 1089 00:40:24,130 --> 00:40:25,750 in many tourist situations, 1090 00:40:26,890 --> 00:40:28,989 you also still leak 1091 00:40:28,990 --> 00:40:30,909 information about the type of system 1092 00:40:30,910 --> 00:40:32,589 you're using. 1093 00:40:32,590 --> 00:40:34,719 You might still have stuff like 1094 00:40:34,720 --> 00:40:36,849 JavaScript enabled, which might 1095 00:40:36,850 --> 00:40:39,009 make you subject to attacks 1096 00:40:39,010 --> 00:40:39,999 and other ways. 1097 00:40:40,000 --> 00:40:42,069 So it also depends if 1098 00:40:42,070 --> 00:40:44,109 you're providing maybe an additional 1099 00:40:44,110 --> 00:40:45,399 attack vector. 1100 00:40:45,400 --> 00:40:47,709 What you do over Tor so 1101 00:40:47,710 --> 00:40:50,349 it's not clear 1102 00:40:50,350 --> 00:40:52,210 all a safe situation. 1103 00:40:55,830 --> 00:40:57,839 Question from number two, please. 1104 00:40:57,840 --> 00:40:58,919 Thank you for the talk. 1105 00:40:58,920 --> 00:41:00,629 I would like to ask you a question if you 1106 00:41:00,630 --> 00:41:02,819 are, let's say you're having a commercial 1107 00:41:02,820 --> 00:41:05,009 institution or a governmental 1108 00:41:05,010 --> 00:41:06,449 and you need to use some kind of an 1109 00:41:06,450 --> 00:41:07,559 infrastructure. 1110 00:41:07,560 --> 00:41:09,749 But then we can suspect that most 1111 00:41:09,750 --> 00:41:11,939 of the major hardware vendors are 1112 00:41:11,940 --> 00:41:13,169 compromised. 1113 00:41:13,170 --> 00:41:15,299 So what other choices do you have 1114 00:41:15,300 --> 00:41:16,409 when you need performance? 1115 00:41:17,880 --> 00:41:20,039 OK, your first page of a question. 1116 00:41:20,040 --> 00:41:22,199 I have no commercial interest involved 1117 00:41:22,200 --> 00:41:24,389 in this directly, but yes, I'm 1118 00:41:24,390 --> 00:41:26,159 involved in a company called Cryptic 1119 00:41:26,160 --> 00:41:28,589 Phone, which tries to do encrypted 1120 00:41:28,590 --> 00:41:29,789 telephony. 1121 00:41:29,790 --> 00:41:32,069 I'm involved in Holland 1122 00:41:32,070 --> 00:41:34,559 Foundation, which tries to support people 1123 00:41:34,560 --> 00:41:36,689 to support, to build 1124 00:41:36,690 --> 00:41:39,299 up actually secure communication 1125 00:41:39,300 --> 00:41:41,459 and also to operate and 1126 00:41:41,460 --> 00:41:44,009 help projects like WikiLeaks to do what 1127 00:41:44,010 --> 00:41:45,059 they are meant to be done. 1128 00:41:45,060 --> 00:41:46,619 And that requires a lot of secure 1129 00:41:46,620 --> 00:41:47,620 communication 1130 00:41:48,750 --> 00:41:50,639 to your second part of the question. 1131 00:41:50,640 --> 00:41:53,069 Indeed, identifying 1132 00:41:53,070 --> 00:41:55,919 hardware manufacturers or, 1133 00:41:55,920 --> 00:41:58,089 let's say, trustworthy hardware 1134 00:41:58,090 --> 00:42:00,179 components to start with is 1135 00:42:00,180 --> 00:42:02,009 actually, I think we are roughly at the 1136 00:42:02,010 --> 00:42:04,479 beginning of that journey because 1137 00:42:04,480 --> 00:42:06,989 just today, the 1138 00:42:06,990 --> 00:42:09,239 series of implants on 1139 00:42:09,240 --> 00:42:12,059 Cisco, Juniper Have and Swann 1140 00:42:12,060 --> 00:42:14,159 was released by The Spiegel, 1141 00:42:14,160 --> 00:42:16,439 and I utterly 1142 00:42:16,440 --> 00:42:18,599 hope that maybe, for example, 1143 00:42:18,600 --> 00:42:20,849 Chinese companies will see their 1144 00:42:20,850 --> 00:42:23,069 chance that the only way out 1145 00:42:23,070 --> 00:42:25,649 of this is to provide trustworthy, 1146 00:42:25,650 --> 00:42:26,650 open hardware. 1147 00:42:27,690 --> 00:42:29,699 Because if we don't have that, well, 1148 00:42:29,700 --> 00:42:31,919 where are we going to end up building 1149 00:42:31,920 --> 00:42:34,499 our luxury security environment 1150 00:42:34,500 --> 00:42:36,899 on sand, which is not helpful? 1151 00:42:36,900 --> 00:42:39,329 So but I don't have a clear 1152 00:42:39,330 --> 00:42:41,489 advice at this moment what I would 1153 00:42:41,490 --> 00:42:43,569 myself consider a secure hardware. 1154 00:42:43,570 --> 00:42:45,689 I maybe I just haven't found 1155 00:42:45,690 --> 00:42:46,690 it yet. 1156 00:42:49,470 --> 00:42:51,000 A question from number one, please. 1157 00:42:52,050 --> 00:42:55,259 Well, not a question, but 1158 00:42:55,260 --> 00:42:57,389 I like the the 1159 00:42:57,390 --> 00:42:59,909 things you showed about Obama 1160 00:42:59,910 --> 00:43:01,979 and how he uses, like all 1161 00:43:01,980 --> 00:43:04,049 these crazy things, and I think 1162 00:43:04,050 --> 00:43:06,119 we have to copy their ideas and 1163 00:43:06,120 --> 00:43:08,099 change them, modify them so that we can 1164 00:43:08,100 --> 00:43:09,100 use them 1165 00:43:10,470 --> 00:43:11,489 in small ways. 1166 00:43:11,490 --> 00:43:12,869 I don't know. 1167 00:43:12,870 --> 00:43:14,579 We have to be more aggressive and 1168 00:43:14,580 --> 00:43:16,889 conscious, counter a spying 1169 00:43:16,890 --> 00:43:19,049 back like, I mean, this thing about 1170 00:43:19,050 --> 00:43:21,359 the embassies. We could have made years 1171 00:43:21,360 --> 00:43:24,029 ago pictures with infrared cameras. 1172 00:43:24,030 --> 00:43:26,129 It's just as 1173 00:43:26,130 --> 00:43:27,779 simple as that. 1174 00:43:27,780 --> 00:43:29,339 You're totally right. 1175 00:43:29,340 --> 00:43:31,409 And actually, I also 1176 00:43:31,410 --> 00:43:33,299 had some exchange with Duncan Campbell 1177 00:43:33,300 --> 00:43:35,369 about it. And I actually 1178 00:43:35,370 --> 00:43:37,589 hope that because I have this list of 1179 00:43:37,590 --> 00:43:40,019 the SARS collection points 1180 00:43:40,020 --> 00:43:42,209 in my wiki and they're like five 1181 00:43:42,210 --> 00:43:43,439 of them. I have pictures. 1182 00:43:43,440 --> 00:43:45,719 So there's a lot more work to do 1183 00:43:45,720 --> 00:43:47,849 in many countries, and this 1184 00:43:47,850 --> 00:43:49,319 can be a crowdsourcing thing. 1185 00:43:49,320 --> 00:43:50,759 We don't need national governments. 1186 00:43:50,760 --> 00:43:52,379 They are helping us. We just need to get 1187 00:43:52,380 --> 00:43:54,449 them out of the way for us to do 1188 00:43:54,450 --> 00:43:55,589 that. 1189 00:43:55,590 --> 00:43:56,819 You're totally right. 1190 00:43:56,820 --> 00:43:58,679 We should have done that long ago. 1191 00:43:59,990 --> 00:44:02,359 And the funny thing is, the Ricky, 1192 00:44:02,360 --> 00:44:04,789 you started, we in our group, 1193 00:44:04,790 --> 00:44:06,799 our local group, we started the same 1194 00:44:06,800 --> 00:44:09,109 things and we didn't know about 1195 00:44:09,110 --> 00:44:11,449 many of the other whiskeys probably 1196 00:44:11,450 --> 00:44:12,269 already existed. 1197 00:44:12,270 --> 00:44:14,059 Just interesting. 1198 00:44:14,060 --> 00:44:15,060 Yeah. 1199 00:44:15,440 --> 00:44:17,119 Well, I'm not sure there was a question, 1200 00:44:17,120 --> 00:44:18,120 but no, 1201 00:44:20,030 --> 00:44:22,339 I'm done. But the point is that 1202 00:44:22,340 --> 00:44:24,109 I mean, building up your own intelligence 1203 00:44:24,110 --> 00:44:26,179 agency and replacing and it's a by the 1204 00:44:26,180 --> 00:44:28,729 galactic hacker community's intelligence 1205 00:44:28,730 --> 00:44:31,039 agency as a neat idea. 1206 00:44:31,040 --> 00:44:33,199 However, there is one problem 1207 00:44:33,200 --> 00:44:34,879 and that while Holland said it with a 1208 00:44:34,880 --> 00:44:37,189 word that is slightly difficult to play 1209 00:44:37,190 --> 00:44:38,780 with those guys making the rules. 1210 00:44:40,160 --> 00:44:42,259 And that's unfortunately true for part 1211 00:44:42,260 --> 00:44:43,300 of that thinking. 1212 00:44:44,390 --> 00:44:45,390 Still. 1213 00:44:47,320 --> 00:44:49,059 You guys should definitely exchange 1214 00:44:49,060 --> 00:44:50,060 information. 1215 00:44:50,860 --> 00:44:52,029 Oh, yeah. Have I seen it before? 1216 00:44:52,030 --> 00:44:53,619 Actually, there's another question for us 1217 00:44:53,620 --> 00:44:54,620 here. Yes. 1218 00:44:55,130 --> 00:44:57,429 Two extra eight. 1219 00:44:57,430 --> 00:45:00,549 So this is a question from Finland 1220 00:45:00,550 --> 00:45:02,649 and starting January 1st, our police 1221 00:45:02,650 --> 00:45:04,839 gets new legislation that enable them 1222 00:45:04,840 --> 00:45:06,729 to engage an active network in 1223 00:45:06,730 --> 00:45:07,929 surveillance. 1224 00:45:07,930 --> 00:45:09,669 Secondly, our government will soon 1225 00:45:09,670 --> 00:45:13,089 publish a new cyber security strategy, 1226 00:45:13,090 --> 00:45:15,549 and they want to initiate 1227 00:45:15,550 --> 00:45:17,409 the signal intelligence operations 1228 00:45:17,410 --> 00:45:20,169 explicitly in the name of 1229 00:45:20,170 --> 00:45:22,599 or for network security and to leverage 1230 00:45:22,600 --> 00:45:24,669 their position in intelligence 1231 00:45:24,670 --> 00:45:26,799 trading with other states. 1232 00:45:26,800 --> 00:45:28,389 What kind of political and technical 1233 00:45:28,390 --> 00:45:30,279 message would you have for the Finnish 1234 00:45:30,280 --> 00:45:32,409 citizens here on video? 1235 00:45:32,410 --> 00:45:34,569 What things and jargon should we keep 1236 00:45:34,570 --> 00:45:36,849 an eye on and what should we demand 1237 00:45:36,850 --> 00:45:38,769 on our government and politicians? 1238 00:45:38,770 --> 00:45:41,049 So in that sense, 1239 00:45:41,050 --> 00:45:43,539 a Google data center we have is 1240 00:45:43,540 --> 00:45:45,130 it's a second collection site. 1241 00:45:47,690 --> 00:45:50,089 So I'm starting with the last one, just 1242 00:45:50,090 --> 00:45:52,399 kind of it is because if Google likes 1243 00:45:52,400 --> 00:45:54,529 it, likes it or not, they are subject to 1244 00:45:54,530 --> 00:45:56,779 U.S. jurisdiction legislation 1245 00:45:56,780 --> 00:45:58,999 and it can get anything they want from 1246 00:45:59,000 --> 00:46:00,000 them. 1247 00:46:00,410 --> 00:46:02,269 And that doesn't mean that Google does 1248 00:46:02,270 --> 00:46:04,369 evil, but yes, they do, because they 1249 00:46:04,370 --> 00:46:06,499 don't encrypt everything in a way that 1250 00:46:06,500 --> 00:46:09,289 only the users have the keys and one 1251 00:46:09,290 --> 00:46:10,849 coming to the more serious other 1252 00:46:10,850 --> 00:46:11,850 questions. 1253 00:46:13,430 --> 00:46:15,110 Indeed, the Swedish 1254 00:46:16,280 --> 00:46:18,439 was it Sweden, Finland, 1255 00:46:18,440 --> 00:46:21,260 Finland? Sorry, the Finnish situation 1256 00:46:22,280 --> 00:46:24,860 got to be evaluated. 1257 00:46:26,210 --> 00:46:28,669 I guess it's very important to first 1258 00:46:28,670 --> 00:46:30,769 understand the cooperation agreements of 1259 00:46:30,770 --> 00:46:33,649 the national intelligence agencies 1260 00:46:33,650 --> 00:46:35,779 because if you don't have them 1261 00:46:35,780 --> 00:46:38,329 on your side and that is true in many 1262 00:46:38,330 --> 00:46:40,459 countries and places, then you 1263 00:46:40,460 --> 00:46:42,349 have them, then they are not part of the 1264 00:46:42,350 --> 00:46:43,849 solution, but part of the problem. 1265 00:46:43,850 --> 00:46:45,589 And then maybe they need to be dissolved 1266 00:46:45,590 --> 00:46:47,779 and the guys need to be imprisoned and 1267 00:46:47,780 --> 00:46:49,729 they need to be handled as traitors of 1268 00:46:49,730 --> 00:46:50,730 national interests. 1269 00:46:52,370 --> 00:46:53,370 So 1270 00:46:54,500 --> 00:46:57,079 having having said that, 1271 00:46:57,080 --> 00:46:58,080 the other 1272 00:46:59,510 --> 00:47:01,699 big question is actually 1273 00:47:01,700 --> 00:47:03,829 what kind of legislation is in 1274 00:47:03,830 --> 00:47:06,169 place to allow or not 1275 00:47:06,170 --> 00:47:08,719 allow foreign telecommunication 1276 00:47:08,720 --> 00:47:10,729 operators to operate in the countries and 1277 00:47:10,730 --> 00:47:13,339 to really list identifier? 1278 00:47:13,340 --> 00:47:14,389 That's a lot of research. 1279 00:47:14,390 --> 00:47:15,829 What countries have, what kind of 1280 00:47:15,830 --> 00:47:18,049 jurisdictional obligations to us to 1281 00:47:18,050 --> 00:47:20,029 understand and what kind of network of 1282 00:47:20,030 --> 00:47:22,249 dependencies you're into? 1283 00:47:22,250 --> 00:47:24,589 I can't give a fast answer 1284 00:47:24,590 --> 00:47:26,209 on the Finnish situation. 1285 00:47:27,560 --> 00:47:30,079 I guess it's a few days of work for 1286 00:47:30,080 --> 00:47:32,239 quite some people, but that is stuff that 1287 00:47:32,240 --> 00:47:33,649 can be done locally and should be done 1288 00:47:33,650 --> 00:47:35,329 locally because that people know better 1289 00:47:35,330 --> 00:47:36,469 what they're dealing with. 1290 00:47:37,970 --> 00:47:40,189 So I hope that 1291 00:47:40,190 --> 00:47:42,259 this idea, as it was giving it 1292 00:47:42,260 --> 00:47:44,209 like procedures for the Finnish people 1293 00:47:44,210 --> 00:47:46,189 and for many other people to, you know, 1294 00:47:46,190 --> 00:47:48,349 do that tasking that that is 1295 00:47:48,350 --> 00:47:50,539 a lot of work, but it got to be 1296 00:47:50,540 --> 00:47:52,789 done country specific anyhow. 1297 00:47:52,790 --> 00:47:55,009 So it's like there's not one 1298 00:47:55,010 --> 00:47:56,150 solution fits it all. 1299 00:47:59,700 --> 00:48:01,739 No, it has a comment or question. 1300 00:48:01,740 --> 00:48:03,179 Please go right ahead. 1301 00:48:03,180 --> 00:48:05,069 OK, well, thank you for your talk, which 1302 00:48:05,070 --> 00:48:07,019 I found pretty inspiring, but I was 1303 00:48:07,020 --> 00:48:08,909 surprised to see you fingerprint 1304 00:48:08,910 --> 00:48:11,069 identification on the list of tips. 1305 00:48:11,070 --> 00:48:12,899 As far as I know your client revoke 1306 00:48:12,900 --> 00:48:14,639 fingerprints, they knew how unique they 1307 00:48:14,640 --> 00:48:16,889 couldn't get her to file false hands. 1308 00:48:16,890 --> 00:48:19,109 So could you comment on that under 1309 00:48:19,110 --> 00:48:21,179 which circumstances it could be wise 1310 00:48:21,180 --> 00:48:23,129 and how to use your fingerprints for 1311 00:48:23,130 --> 00:48:24,130 identification? 1312 00:48:26,030 --> 00:48:28,579 OK. It is true, 1313 00:48:28,580 --> 00:48:30,679 however, that fingerprints 1314 00:48:30,680 --> 00:48:32,809 can be, you know, 1315 00:48:32,810 --> 00:48:35,269 done, exchanged and handled and misused 1316 00:48:35,270 --> 00:48:36,380 in many ways. However, 1317 00:48:38,660 --> 00:48:40,969 in the former times, we 1318 00:48:40,970 --> 00:48:43,069 tended to think that encryption is 1319 00:48:43,070 --> 00:48:45,139 pretty good and so 1320 00:48:45,140 --> 00:48:47,419 on. What I have learned through studying 1321 00:48:47,420 --> 00:48:49,279 the Snowden material is that they have a 1322 00:48:49,280 --> 00:48:51,649 massive global, scalable infrastructure 1323 00:48:51,650 --> 00:48:53,749 for many of the medal games 1324 00:48:53,750 --> 00:48:56,029 for crypto, as a convention 1325 00:48:56,030 --> 00:48:57,949 for playing with our clients, for playing 1326 00:48:57,950 --> 00:49:00,019 whatever is in the middle, getting 1327 00:49:00,020 --> 00:49:02,419 messages from A to B, and without 1328 00:49:02,420 --> 00:49:05,239 verification of 1329 00:49:05,240 --> 00:49:07,289 that, we are working on the same keys 1330 00:49:07,290 --> 00:49:09,349 that this is what this is about and 1331 00:49:09,350 --> 00:49:11,599 fingerprint verification might be one way 1332 00:49:11,600 --> 00:49:14,179 there might be other ways, but that's for 1333 00:49:14,180 --> 00:49:16,529 like the standard scenario JPEG 1334 00:49:16,530 --> 00:49:18,559 stuff into one or two. 1335 00:49:18,560 --> 00:49:20,449 Ah, that's the best we have for the 1336 00:49:20,450 --> 00:49:21,499 moment. How you do that? 1337 00:49:21,500 --> 00:49:22,880 Sorry, I don't have an answer yet. 1338 00:49:24,350 --> 00:49:26,209 It might be very inconvenient, like 1339 00:49:26,210 --> 00:49:28,909 having to do with traveling and 1340 00:49:28,910 --> 00:49:31,189 using unsecure communications are doing 1341 00:49:31,190 --> 00:49:32,190 whatever. 1342 00:49:34,130 --> 00:49:36,379 That's probably better and better 1343 00:49:36,380 --> 00:49:38,000 people than me answering that question. 1344 00:49:41,880 --> 00:49:42,929 I think you're doing fine. 1345 00:49:45,000 --> 00:49:46,679 One last question from IOC, please. 1346 00:49:46,680 --> 00:49:49,139 Or maybe they are more now 1347 00:49:49,140 --> 00:49:50,999 for the moment, it's the last one is 1348 00:49:51,000 --> 00:49:52,979 using non-smart phones better and 1349 00:49:52,980 --> 00:49:54,809 protecting information stored on the 1350 00:49:54,810 --> 00:49:55,949 phone. 1351 00:49:55,950 --> 00:49:56,950 Yes. 1352 00:49:57,360 --> 00:49:59,699 If you can't install any software and 1353 00:49:59,700 --> 00:50:02,309 you don't have the capability to 1354 00:50:02,310 --> 00:50:04,499 run the task or display 1355 00:50:04,500 --> 00:50:06,599 images, that because 1356 00:50:06,600 --> 00:50:08,759 there's no image viewer end when 1357 00:50:08,760 --> 00:50:10,649 there's no imagery can be exploited. 1358 00:50:10,650 --> 00:50:12,779 If there's no scripting language 1359 00:50:12,780 --> 00:50:14,939 and cannot be used if there's no, you 1360 00:50:14,940 --> 00:50:16,589 know, that's all right. 1361 00:50:16,590 --> 00:50:18,869 However, SIM toolkit, 1362 00:50:18,870 --> 00:50:21,059 as we have seen in the NSA implant 1363 00:50:21,060 --> 00:50:23,249 selection program, 1364 00:50:23,250 --> 00:50:25,529 is also a way to play with mobile 1365 00:50:25,530 --> 00:50:27,989 phones so that even totally independent 1366 00:50:27,990 --> 00:50:30,059 from the model of telephone you use, the 1367 00:50:30,060 --> 00:50:32,429 SIM card might be used to track 1368 00:50:32,430 --> 00:50:34,649 your location to 1369 00:50:34,650 --> 00:50:36,779 send covered SMSes 1370 00:50:36,780 --> 00:50:38,789 with a film book entry stored on this SIM 1371 00:50:38,790 --> 00:50:40,079 and other things. 1372 00:50:40,080 --> 00:50:42,449 So maybe 1373 00:50:42,450 --> 00:50:44,369 no telephone is sometimes better than a 1374 00:50:44,370 --> 00:50:45,370 telephone, but. 1375 00:50:47,730 --> 00:50:48,839 Number two, 1376 00:50:48,840 --> 00:50:50,939 one. And yet picking up the 1377 00:50:50,940 --> 00:50:53,459 question from from from Finland, so 1378 00:50:53,460 --> 00:50:55,609 what you would you recommend in general 1379 00:50:55,610 --> 00:50:58,169 for four legislative changes, 1380 00:50:58,170 --> 00:51:00,479 be it like warranties, liability 1381 00:51:00,480 --> 00:51:01,649 in services like that? 1382 00:51:01,650 --> 00:51:03,509 They are some and are strong like 1383 00:51:03,510 --> 00:51:05,549 recommendations on what should be changed 1384 00:51:05,550 --> 00:51:07,649 on the on the legal side of of 1385 00:51:08,700 --> 00:51:10,879 of of of 1386 00:51:10,880 --> 00:51:12,059 of regulating technology. 1387 00:51:12,060 --> 00:51:13,060 And you have technology. 1388 00:51:15,290 --> 00:51:17,299 Well, actually, you'd be the better 1389 00:51:17,300 --> 00:51:19,399 prison to answer some part of it 1390 00:51:19,400 --> 00:51:20,809 because you have been more involved in 1391 00:51:20,810 --> 00:51:22,789 the European legislation of it. 1392 00:51:22,790 --> 00:51:24,949 But I mean, obviously stuff like 1393 00:51:24,950 --> 00:51:27,019 data retention is a 1394 00:51:27,020 --> 00:51:29,299 huge risk because it 1395 00:51:29,300 --> 00:51:31,369 collects data that does not have to be 1396 00:51:31,370 --> 00:51:33,919 collected and it does not 1397 00:51:33,920 --> 00:51:36,199 ensure at all that that data does not get 1398 00:51:36,200 --> 00:51:37,429 on the wrong hands. 1399 00:51:37,430 --> 00:51:39,799 And there's many other like collection 1400 00:51:39,800 --> 00:51:41,929 of data which maybe should 1401 00:51:41,930 --> 00:51:44,090 be general forbidden in such forums 1402 00:51:45,110 --> 00:51:47,209 because it can be 1403 00:51:47,210 --> 00:51:49,309 abused too easily. 1404 00:51:49,310 --> 00:51:51,529 So principles of 1405 00:51:51,530 --> 00:51:53,779 using and storing as less data as 1406 00:51:53,780 --> 00:51:56,479 possible and required and decentralizing 1407 00:51:56,480 --> 00:51:57,979 the infrastructures well, there's no 1408 00:51:57,980 --> 00:52:00,169 central abuse options and 1409 00:52:00,170 --> 00:52:01,170 so on. 1410 00:52:02,060 --> 00:52:04,069 But it totally depends on the area. 1411 00:52:04,070 --> 00:52:05,509 What what we're talking about, what's the 1412 00:52:05,510 --> 00:52:07,669 best solution I'm just 1413 00:52:07,670 --> 00:52:10,279 identifying for me, I think this 1414 00:52:10,280 --> 00:52:12,379 need to process principle set to 1415 00:52:12,380 --> 00:52:14,539 limit whatever data you need 1416 00:52:14,540 --> 00:52:16,639 in a process to really that required and 1417 00:52:16,640 --> 00:52:19,489 not to always carry around 1418 00:52:19,490 --> 00:52:21,709 too many data with you through like 1419 00:52:21,710 --> 00:52:25,069 components that could be compromised. 1420 00:52:25,070 --> 00:52:27,499 That's, I think, an important part of 1421 00:52:27,500 --> 00:52:29,839 a policy to be looking at whatever 1422 00:52:29,840 --> 00:52:31,249 the concrete example is. 1423 00:52:32,390 --> 00:52:33,390 So 1424 00:52:34,700 --> 00:52:35,700 I think. 1425 00:52:36,880 --> 00:52:38,289 My ability to give 1426 00:52:41,000 --> 00:52:43,509 you an extension of 1427 00:52:43,510 --> 00:52:44,530 this was all of our data. 1428 00:52:46,060 --> 00:52:47,709 Also on the security side of it, I mean, 1429 00:52:49,070 --> 00:52:51,159 it's basically dealing with insecurity in 1430 00:52:51,160 --> 00:52:53,439 the technical world. So that's 1431 00:52:53,440 --> 00:52:55,869 also something which could be regulated 1432 00:52:55,870 --> 00:52:57,669 in terms of we have some sort of 1433 00:52:57,670 --> 00:53:00,249 technical regulations in Germany. 1434 00:53:00,250 --> 00:53:02,530 Every school is regulated, so 1435 00:53:03,820 --> 00:53:06,529 there are recommendations to to 1436 00:53:06,530 --> 00:53:09,009 to have the processing of dealing with 1437 00:53:09,010 --> 00:53:10,329 insecurities and dealing with their 1438 00:53:10,330 --> 00:53:11,829 abilities. 1439 00:53:11,830 --> 00:53:14,169 Are there like recommendations, 1440 00:53:14,170 --> 00:53:16,209 how to deal with it in like the 1441 00:53:16,210 --> 00:53:17,210 regulation? 1442 00:53:19,560 --> 00:53:22,979 Yes, I think we're coming to that because 1443 00:53:22,980 --> 00:53:25,349 as we have learned through 1444 00:53:25,350 --> 00:53:28,559 the material, most default 1445 00:53:28,560 --> 00:53:31,139 fireball, a commercial firewall, 1446 00:53:32,310 --> 00:53:35,339 so-called security mechanisms 1447 00:53:35,340 --> 00:53:37,619 must be considered more part 1448 00:53:37,620 --> 00:53:39,479 of the problem than part of the solution 1449 00:53:39,480 --> 00:53:42,059 because they provide the illusion 1450 00:53:42,060 --> 00:53:43,860 that you could protect 1451 00:53:45,570 --> 00:53:47,969 an environment where a lot of 1452 00:53:47,970 --> 00:53:50,189 you know, highly valuable target data 1453 00:53:50,190 --> 00:53:51,190 is there. 1454 00:53:52,590 --> 00:53:55,079 And that illusion of security 1455 00:53:55,080 --> 00:53:56,859 is a lot more danger than, you know, 1456 00:53:56,860 --> 00:53:58,649 there's no fucking way we can protect if 1457 00:53:58,650 --> 00:54:01,439 we are online. So to to 1458 00:54:01,440 --> 00:54:02,760 to simplify it a little bit, 1459 00:54:04,290 --> 00:54:06,539 but I don't really have the set 1460 00:54:06,540 --> 00:54:07,770 of policy 1461 00:54:09,270 --> 00:54:11,399 like I think we need to 1462 00:54:11,400 --> 00:54:13,589 right that actually to to 1463 00:54:13,590 --> 00:54:15,810 write the guidelines on how to secure 1464 00:54:16,950 --> 00:54:18,599 how to provide security 1465 00:54:19,710 --> 00:54:21,239 under these circumstances. 1466 00:54:21,240 --> 00:54:23,609 But actually, I think we are still 1467 00:54:23,610 --> 00:54:25,859 in the status of identifying 1468 00:54:25,860 --> 00:54:27,149 the size of the problem. 1469 00:54:27,150 --> 00:54:29,309 We're not there yet in all areas to 1470 00:54:29,310 --> 00:54:31,589 really say that is the solution 1471 00:54:31,590 --> 00:54:32,590 and. 1472 00:54:34,210 --> 00:54:36,759 Casualties over the last days 1473 00:54:36,760 --> 00:54:38,969 with a couple of those who thought 1474 00:54:38,970 --> 00:54:41,079 all about like doing 1475 00:54:41,080 --> 00:54:43,179 insecurity much, much more expensive 1476 00:54:43,180 --> 00:54:45,429 and security, sure. 1477 00:54:45,430 --> 00:54:47,799 And I think that's the right way to to 1478 00:54:47,800 --> 00:54:48,729 raise the costs. 1479 00:54:48,730 --> 00:54:51,219 But but but if people think that 1480 00:54:51,220 --> 00:54:53,769 I'm exploiting 1481 00:54:55,330 --> 00:54:57,010 millions of clients 1482 00:54:58,030 --> 00:55:00,369 is raising a lot of cost, 1483 00:55:00,370 --> 00:55:02,649 they are wrong. So first, we need to. 1484 00:55:02,650 --> 00:55:04,599 I mean, right now, the exploitation of 1485 00:55:04,600 --> 00:55:06,699 infrastructure is massive. 1486 00:55:06,700 --> 00:55:07,929 It's scalable. 1487 00:55:07,930 --> 00:55:10,059 It doesn't cost a cent for them to do 1488 00:55:10,060 --> 00:55:11,060 it. 1489 00:55:11,320 --> 00:55:12,849 It's just too easy. 1490 00:55:12,850 --> 00:55:14,919 And to raise the cost is quite. 1491 00:55:14,920 --> 00:55:16,959 I totally agree with you on the goal, but 1492 00:55:16,960 --> 00:55:19,449 we need to identify how to get there. 1493 00:55:19,450 --> 00:55:20,469 We're not there yet. 1494 00:55:20,470 --> 00:55:22,840 I think, or only very 1495 00:55:24,010 --> 00:55:25,119 rough. 1496 00:55:25,120 --> 00:55:27,259 OK, two more quick questions. 1497 00:55:27,260 --> 00:55:28,869 Oh gosh, even more. 1498 00:55:30,870 --> 00:55:31,870 Yeah. 1499 00:55:32,290 --> 00:55:34,779 In this context, I see that 1500 00:55:34,780 --> 00:55:36,909 most of the problem is related also to 1501 00:55:36,910 --> 00:55:39,309 the concentration of power that the U.S. 1502 00:55:39,310 --> 00:55:41,710 gained through all the NSA activities. 1503 00:55:42,910 --> 00:55:45,399 In this context, the question is 1504 00:55:45,400 --> 00:55:47,739 shouldn't the national 1505 00:55:47,740 --> 00:55:49,809 security authorities, especially 1506 00:55:49,810 --> 00:55:52,149 law enforcement agencies or even 1507 00:55:52,150 --> 00:55:54,999 the national intelligence agencies 1508 00:55:55,000 --> 00:55:56,799 do something to protect their own 1509 00:55:56,800 --> 00:55:59,559 citizens in their own countries? 1510 00:55:59,560 --> 00:56:00,159 Well, yes, 1511 00:56:00,160 --> 00:56:02,139 that's the theory of their job 1512 00:56:02,140 --> 00:56:03,140 description. 1513 00:56:04,390 --> 00:56:07,449 However, the problem is that 1514 00:56:07,450 --> 00:56:09,609 I mean, I had this discussion with 1515 00:56:09,610 --> 00:56:11,329 a member of the German parliament. 1516 00:56:11,330 --> 00:56:13,689 He asked, You know, should we dissolve 1517 00:56:13,690 --> 00:56:15,789 the intelligence agencies or should 1518 00:56:15,790 --> 00:56:17,979 we give them a lot more money 1519 00:56:17,980 --> 00:56:19,599 so that they can do their job 1520 00:56:19,600 --> 00:56:22,389 independently from the Big Brother? 1521 00:56:22,390 --> 00:56:24,459 And actually, before I 1522 00:56:24,460 --> 00:56:26,649 find myself on the role of advising 1523 00:56:26,650 --> 00:56:28,659 someone from the parliament to get a lot 1524 00:56:28,660 --> 00:56:30,849 more money to the intelligence, 1525 00:56:30,850 --> 00:56:32,799 I want to sleep some nights and think 1526 00:56:32,800 --> 00:56:34,329 about it. 1527 00:56:34,330 --> 00:56:35,330 I'm. 1528 00:56:39,790 --> 00:56:41,110 Just to comment on this, 1529 00:56:42,910 --> 00:56:45,099 using national intelligence to protect 1530 00:56:45,100 --> 00:56:47,139 against foreign to foreign intelligence 1531 00:56:47,140 --> 00:56:48,879 by empowering the national one is 1532 00:56:48,880 --> 00:56:50,349 probably wrong. 1533 00:56:50,350 --> 00:56:52,689 But when we was discussing 1534 00:56:52,690 --> 00:56:54,939 today with me about the fact that 1535 00:56:54,940 --> 00:56:57,489 some law enforcement authorities 1536 00:56:57,490 --> 00:56:59,629 are very upset about all 1537 00:56:59,630 --> 00:57:01,869 this, I about the intelligence because 1538 00:57:01,870 --> 00:57:03,549 they are doing an activity that is 1539 00:57:03,550 --> 00:57:06,009 heavily regulated while the intelligence 1540 00:57:06,010 --> 00:57:07,449 can do whatever they want. 1541 00:57:07,450 --> 00:57:09,369 So there could be some conflict of the 1542 00:57:09,370 --> 00:57:11,679 interest in having the law enforcement 1543 00:57:11,680 --> 00:57:13,599 agencies going against foreign 1544 00:57:13,600 --> 00:57:15,069 intelligence powers. 1545 00:57:15,070 --> 00:57:16,899 You are totally right, but unfortunately, 1546 00:57:16,900 --> 00:57:19,029 that type of conflict often ends if 1547 00:57:19,030 --> 00:57:21,129 the law enforcement guys get 1548 00:57:21,130 --> 00:57:23,139 whatever they want. 1549 00:57:23,140 --> 00:57:25,299 Okay. Like bulk access to all data, 1550 00:57:25,300 --> 00:57:27,559 trillions, you know, 1551 00:57:27,560 --> 00:57:29,079 data, whatever they want, they are kind 1552 00:57:29,080 --> 00:57:30,849 of jealous on the intelligence guys. 1553 00:57:30,850 --> 00:57:32,199 That is true. 1554 00:57:32,200 --> 00:57:34,629 But I'm not sure if that is part of the 1555 00:57:34,630 --> 00:57:37,269 problem solving process to 1556 00:57:37,270 --> 00:57:38,859 make them satisfied with their 1557 00:57:38,860 --> 00:57:39,860 requirements. 1558 00:57:40,900 --> 00:57:43,059 I mean, maybe it is to some extent, 1559 00:57:43,060 --> 00:57:44,649 but not to the extent that they get 1560 00:57:44,650 --> 00:57:45,549 whatever they want. 1561 00:57:45,550 --> 00:57:46,550 I mean, that can be it. 1562 00:57:47,970 --> 00:57:50,039 So it turns out we're actually 1563 00:57:50,040 --> 00:57:52,169 out of time, I'm sorry, but maybe I could 1564 00:57:52,170 --> 00:57:53,639 ask you to come down and 1565 00:57:54,730 --> 00:57:56,009 great question. Go ahead. 1566 00:57:56,010 --> 00:57:57,010 Sure. 1567 00:57:57,480 --> 00:57:59,609 The seals the 1568 00:57:59,610 --> 00:58:02,039 stones of the company Mr Yano Lynell, 1569 00:58:02,040 --> 00:58:05,009 is referred to as 1570 00:58:05,010 --> 00:58:08,009 cybersecurity general in Finland. 1571 00:58:08,010 --> 00:58:10,409 And I think the politicians 1572 00:58:10,410 --> 00:58:12,539 look up to him as some kind of 1573 00:58:12,540 --> 00:58:13,859 authority. 1574 00:58:13,860 --> 00:58:16,509 And there's 1575 00:58:16,510 --> 00:58:17,999 there's a kind of 1576 00:58:19,890 --> 00:58:22,109 commercial connection 1577 00:58:22,110 --> 00:58:23,110 in this. 1578 00:58:25,190 --> 00:58:27,259 To be honest, I didn't really understand 1579 00:58:27,260 --> 00:58:28,489 the question, 1580 00:58:28,490 --> 00:58:30,929 but could you repeat the question? 1581 00:58:30,930 --> 00:58:31,930 And. 1582 00:58:34,470 --> 00:58:37,529 Is it the problem that the 1583 00:58:37,530 --> 00:58:39,689 cybersecurity general is 1584 00:58:39,690 --> 00:58:42,149 a CEO of a commercial company, 1585 00:58:42,150 --> 00:58:44,309 which is not anymore 1586 00:58:44,310 --> 00:58:46,649 finished, but it's sold to 1587 00:58:46,650 --> 00:58:48,779 some foreign 1588 00:58:48,780 --> 00:58:49,780 other company? 1589 00:58:50,880 --> 00:58:51,959 Well, let's say it like this. 1590 00:58:51,960 --> 00:58:54,389 I mean, the militarization of cyberspace 1591 00:58:54,390 --> 00:58:56,459 is obviously there, if we like 1592 00:58:56,460 --> 00:58:57,569 it or not. 1593 00:58:57,570 --> 00:58:59,399 And it's there for quite some time. 1594 00:58:59,400 --> 00:59:01,589 If you look at Israel companies, you will 1595 00:59:01,590 --> 00:59:03,809 be find no technology companies 1596 00:59:03,810 --> 00:59:06,239 where the guys have not been attached to 1597 00:59:06,240 --> 00:59:07,919 the Israel Army Service and so on. 1598 00:59:07,920 --> 00:59:09,389 If they all have to go there and if 1599 00:59:09,390 --> 00:59:11,069 they're good with technology, they end up 1600 00:59:11,070 --> 00:59:11,999 in those departments. 1601 00:59:12,000 --> 00:59:14,129 So and we can like it or not like 1602 00:59:14,130 --> 00:59:16,319 it. If you look at France companies 1603 00:59:16,320 --> 00:59:18,179 like Groupon selling exploits, that's 1604 00:59:18,180 --> 00:59:20,789 also run by, you know, former people 1605 00:59:20,790 --> 00:59:22,589 of the government and firemen, of course, 1606 00:59:22,590 --> 00:59:24,899 they have now only a private, beautiful 1607 00:59:24,900 --> 00:59:27,089 life selling 1608 00:59:27,090 --> 00:59:29,219 weapons to attack all of us. 1609 00:59:30,360 --> 00:59:32,699 Mm-Hmm. So. 1610 00:59:32,700 --> 00:59:35,069 Well, I mean, cyber peace is a good idea, 1611 00:59:35,070 --> 00:59:36,809 and we need to establish principles for 1612 00:59:36,810 --> 00:59:39,029 that and hopefully pointed out that 1613 00:59:39,030 --> 00:59:41,039 I don't like military thinking in these 1614 00:59:41,040 --> 00:59:43,829 ideas because military thinking 1615 00:59:43,830 --> 00:59:45,959 is, you know, you end up 1616 00:59:45,960 --> 00:59:48,269 at best in this Italian triangle 1617 00:59:48,270 --> 00:59:50,489 where different people hold big guns 1618 00:59:50,490 --> 00:59:52,169 to each other's head and then they call 1619 00:59:52,170 --> 00:59:53,309 that peace. 1620 00:59:53,310 --> 00:59:55,409 And relatively it's a stable situation 1621 00:59:55,410 --> 00:59:56,849 like half. 1622 00:59:56,850 --> 00:59:58,229 That's not what I want to end up. 1623 00:59:58,230 --> 01:00:00,359 So we got 1624 01:00:00,360 --> 01:00:02,339 to find our own ways without those type 1625 01:00:02,340 --> 01:00:04,019 of people coming from those type of 1626 01:00:04,020 --> 01:00:05,120 environments. I think so. 1627 01:00:07,150 --> 01:00:09,339 But I think that's good enough for 1628 01:00:09,340 --> 01:00:09,579 today. 1629 01:00:09,580 --> 01:00:10,659 Thank you, Andy. Thank you.