How the NSA betrayed the world’s trust — time to act | Mikko Hypponen

Systeemin vakoilusta, joka kattaa aika käsittämättömän paljon enemmän, kuin ihmiset kännyköineen kaikkineen ovat vielä ymmärtäneet, todella hyvä puhe:


0:12The two most likely largest inventions0:17of our generation0:19are the Internet and the mobile phone.0:22They’ve changed the world.0:24However, largely to our surprise,0:28they also turned out to be the perfect tools0:32for the surveillance state.0:35It turned out that the capability0:38to collect data, information and connections0:42about basically any of us and all of us0:46is exactly what we’ve been hearing0:48throughout of the summer through revelations and leaks0:53about Western intelligence agencies,0:56mostly U.S. intelligence agencies,0:59watching over the rest of the world.1:02We’ve heard about these starting with the1:05revelations from June 6.1:09Edward Snowden started leaking information,1:12top secret classified information,1:14from the U.S. intelligence agencies,1:16and we started learning about things like PRISM1:18and XKeyscore and others.1:22And these are examples of the kinds of programs1:25U.S. intelligence agencies are running right now,1:29against the whole rest of the world.1:32And if you look back about the forecasts1:36on surveillance by George Orwell,1:40well it turns out that1:42George Orwell was an optimist.1:45(Laughter)1:47We are right now seeing a much larger scale1:50of tracking of individual citizens1:52than he could have ever imagined.1:56And this here is the infamous1:59NSA data center in Utah.2:03Due to be opened very soon,2:06it will be both a supercomputing center2:09and a data storage center.2:11You could basically imagine it has a large hall2:14filled with hard drives storing data2:16they are collecting.2:19And it’s a pretty big building.2:21How big? Well, I can give you the numbers –2:23140,000 square meters –2:25but that doesn’t really tell you very much.2:27Maybe it’s better to imagine it as a comparison.2:31You think about the largest IKEA store2:33you’ve ever been in.2:35This is five times larger.2:38How many hard drives can you fit in an IKEA store?2:41Right? It’s pretty big.2:43We estimate that just the electricity bill2:46for running this data center2:48is going to be in the tens of millions of dollars a year.2:51And this kind of wholesale surveillance2:54means that they can collect our data2:57and keep it basically forever,2:59keep it for extended periods of time,3:01keep it for years, keep it for decades.3:04And this opens up completely new kinds of risks3:08to us all.3:10And what this is is that it is wholesale3:13blanket surveillance on everyone.Wholesale blanket surveillance3:18Well, not exactly everyone,3:20because the U.S. intelligence only has a legal right3:24to monitor foreigners.3:26They can monitor foreigners3:28when foreigners’ data connections3:30end up in the United States or pass through the United States.3:34And monitoring foreigners doesn’t sound too bad3:37until you realize3:39that I’m a foreigner and you’re a foreigner.3:42In fact, 96 percent of the planet are foreigners.3:46(Laughter)3:47Right?3:49So it is wholesale blanket surveillance of all of us,3:54all of us who use telecommunications and the Internet.3:58But don’t get me wrong:4:00There are actually types of surveillance that are okay.4:05I love freedom, but even I agree4:08that some surveillance is fine.4:10If the law enforcement is trying to find a murderer,4:14or they’re trying to catch a drug lord4:17or trying to prevent a school shooting,4:21and they have leads and they have suspects,4:23then it’s perfectly fine for them to tap the suspect’s phone,4:26and to intercept his Internet communications.4:30I’m not arguing that at all,4:32but that’s not what programs like PRISM are about.4:34They are not about doing surveillance on people4:37that they have reason to suspect of some wrongdoings.4:41They’re about doing surveillance on people4:42they know are innocent.4:46So the four main arguments4:48supporting surveillance like this,4:50well, the first of all is that whenever you start4:53discussing about these revelations,4:54there will be naysayers trying to minimize4:57the importance of these revelations, saying that4:59we knew all this already,5:01we knew it was happening, there’s nothing new here.5:04And that’s not true. Don’t let anybody tell you5:07that we knew this already, because we did not know this already.5:13Our worst fears might have been something like this,5:17but we didn’t know this was happening.5:19Now we know for a fact it’s happening.5:22We didn’t know about this. We didn’t know about PRISM.5:24We didn’t know about XKeyscore. We didn’t know about Cybertrans.5:27We didn’t know about DoubleArrow.5:29We did not know about Skywriter –5:31all these different programs5:33run by U.S. intelligence agencies.5:36But now we do.5:39And we did not know5:41that U.S. intelligence agencies go to extremes5:44such as infiltrating standardization bodies5:48to sabotage encryption algorithms on purpose.5:53And what that means5:55is that you take something which is secure,5:57an encryption algorithm which is so secure5:59that if you use that algorithm to encrypt one file,6:02nobody can decrypt that file.6:04Even if they take every single computer on the planet just to decrypt that one file,6:08it’s going to take millions of years.6:11So that’s basically perfectly safe, uncrackable.6:13You take something which is that good6:15and then you weaken it on purpose,6:17making all of us less secure as an end result.6:23A real-world equivalent would be that6:25intelligence agencies would force6:28some secret pin code into every single house alarm6:31so they could get into every single house6:32because, you know, bad people might have house alarms,6:35but it will also make all of us6:37less secure as an end result.6:39Backdooring encryption algorithms6:43just boggles the mind.6:46But of course, these intelligence agencies are doing their job.6:50This is what they have been told to do:6:52do signals intelligence,6:54monitor telecommunications,6:56monitor Internet traffic.6:57That’s what they’re trying to do,6:59and since most, a very big part of the Internet traffic today is encrypted,7:02they’re trying to find ways around the encryption.7:04One way is to sabotage encryption algorithms,7:07which is a great example7:09about how U.S. intelligence agencies7:11are running loose.7:13They are completely out of control,7:15and they should be brought back under control.7:21So what do we actually know about the leaks?7:24Everything is based on the files7:26leaked by Mr. Snowden.7:29The very first PRISM slides7:32from the beginning of June7:34detail a collection program where the data7:36is collected from service providers,7:37and they actually go and name the service providers7:40they have access to.7:42They even have a specific date7:45on when the collection of data began7:47for each of the service providers.7:49So for example, they name the collection from Microsoft7:51started on September 11, 2007,7:55for Yahoo on the March 12, 2008,7:58and then others: Google, Facebook,8:01Skype, Apple and so on.8:04And every single one of these companies denies.8:07They all say that this simply isn’t true,8:11that they are not giving backdoor access to their data.8:16Yet we have these files.8:20So is one of the parties lying,8:22or is there some other alternative explanation?8:25And one explanation would be8:28that these parties, these service providers,8:31are not cooperating.8:33Instead, they’ve been hacked.8:36That would explain it. They aren’t cooperating. They’ve been hacked.8:39In this case, they’ve been hacked by their own government.8:44That might sound outlandish,8:46but we already have cases where this has happened,8:48for example, the case of the Flame malware8:51which we strongly believe was authored8:53by the U.S. government,8:55and which, to spread, subverted the security8:59of the Windows Update network,9:02meaning here, the company was hacked9:06by their own government.9:08And there’s more evidence9:10supporting this theory as well.9:13Der Spiegel, from Germany, leaked more information9:17about the operations run by the elite hacker units9:21operating inside these intelligence agencies.9:24Inside NSA, the unit is called TAO,9:27Tailored Access Operations,9:28and inside GCHQ, which is the U.K. equivalent,9:32it’s called NAC, Network Analysis Centre.9:36And these recent leaks of these three slides9:40detail an operation9:42run by this GCHQ intelligence agency9:45from the United Kingdom9:47targeting a telecom here in Belgium.9:51And what this really means9:53is that an E.U. country’s intelligence agency9:57is breaching the security10:00of a telecom of a fellow E.U. country on purpose,10:04and they discuss it in their slides completely casually,10:08business as usual.10:10Here’s the primary target,10:11here’s the secondary target,10:13here’s the teaming.10:14They probably have a team building on Thursday evening in a pub.10:18They even use cheesy PowerPoint clip art10:21like, you know, “Success,”10:23when they gain access to services like this.10:26What the hell?10:31And then there’s the argument10:33that okay, yes, this might be going on,10:35but then again, other countries are doing it as well.10:37All countries spy.Sweden example10:40And maybe that’s true.10:41Many countries spy, not all of them, but let’s take an example.10:44Let’s take, for example, Sweden.10:46I’m speaking of Sweden because Sweden10:47has a little bit of a similar law to the United States.10:50When your data traffic goes through Sweden,10:52their intelligence agency has a legal right by the law10:55to intercept that traffic.10:57All right, how many Swedish decisionmakers11:00and politicians and business leaders11:03use, every day, U.S.-based services,11:06like, you know, run Windows or OSX,11:09or use Facebook or LinkedIn,11:11or store their data in clouds like iCloud11:15or Skydrive or DropBox,11:19or maybe use online services like Amazon web services or sales support?11:23And the answer is, every single Swedish business leader does that every single day.11:27And then we turn it around.11:28How many American leaders11:30use Swedish webmails and cloud services?11:35And the answer is zero.11:37So this is not balanced.11:39It’s not balanced by any means, not even close.11:44And when we do have the occasional11:46European success story,11:48even those, then, typically end up being sold to the United States.11:52Like, Skype used to be secure.11:54It used to be end-to-end encrypted.11:57Then it was sold to the United States.11:59Today, it no longer is secure.12:01So once again, we take something which is secure12:04and then we make it less secure on purpose,12:06making all of us less secure as an outcome.12:12And then the argument that the United States12:15is only fighting terrorists.12:17It’s the war on terror.12:18You shouldn’t worry about it.12:20Well, it’s not the war on terror.12:23Yes, part of it is war on terror, and yes,12:25there are terrorists, and they do kill and maim,12:28and we should fight them,12:29but we know through these leaks12:31that they have used the same techniques12:33to listen to phone calls of European leaders,12:37to tap the email of residents of Mexico and Brazil,12:40to read email traffic inside the United Nations Headquarters and E.U. Parliament,12:45and I don’t think they are trying to find terrorists12:48from inside the E.U. Parliament, right?12:51It’s not the war on terror.12:53Part of it might be, and there are terrorists,12:57but are we really thinking about terrorists13:00as such an existential threat13:02that we are willing to do anything at all to fight them?13:06Are the Americans ready to throw away the Constituion13:09and throw it in the trash just because there are terrorists?13:13And the same thing with the Bill of Rights and all the amendments13:16and the Universal Declaration of Human Rights13:18and the E.U. conventions on human rights and fundamental freedoms13:23and the press freedom?13:25Do we really think terrorism is such an existential threat,13:29we are ready to do anything at all?13:34But people are scared about terrorists,13:37and then they think that maybe that surveillance is okay13:39because they have nothing to hide.13:41Feel free to survey me if that helps.Privacy13:44And whoever tells you that they have nothing to hide13:47simply hasn’t thought about this long enough.13:54(Applause)14:00Because we have this thing called privacy,14:03and if you really think that you have nothing to hide,14:05please make sure that’s the first thing you tell me,14:07because then I know14:09that I should not trust you with any secrets,14:10because obviously you can’t keep a secret.14:17But people are brutally honest with the Internet,14:20and when these leaks started,14:23many people were asking me about this.14:25And I have nothing to hide.14:27I’m not doing anything bad or anything illegal.14:30Yet, I have nothing that I would in particular14:33like to share with an intelligence agency,14:35especially a foreign intelligence agency.14:40And if we indeed need a Big Brother,14:42I would much rather have a domestic Big Brother14:46than a foreign Big Brother.14:49And when the leaks started, the very first thing I tweeted about this14:54was a comment about how,14:56when you’ve been using search engines,14:58you’ve been potentially leaking all that to U.S. intelligence.15:02And two minutes later, I got a reply15:03by somebody called Kimberly from the United States15:06challenging me, like, why am I worried about this?15:08What am I sending to worry about this? Am I sending naked pictures or something?15:12And my answer to Kimberly was15:14that what I’m sending is none of your business,15:17and it should be none of your government’s business either.15:21Because that’s what it’s about. It’s about privacy.15:24Privacy is nonnegotiable.15:25It should be built in to all the systems we use.15:31(Applause)15:38And one thing we should all understand15:41is that we are brutally honest with search engines.15:46You show me your search history,15:48and I’ll find something incriminating15:51or something embarrassing there in five minutes.15:54We are more honest with search engines15:56than we are with our families.15:58Search engines know more about you16:00than your family members know about you.16:03And this is all the kind of information we are giving away,16:06we are giving away to the United States.16:10And surveillance changes history.16:12We know this through examples of corrupt presidents like Nixon.16:16Imagine if he would have had the kind of surveillance tools that are available today.16:20And let me actually quote16:22the president of Brazil, Ms. Dilma Rousseff.16:26She was one of the targets of NSA surveillance.16:29Her email was read, and she spoke16:31at the United Nations Headquarters, and she said,16:34″If there is no right to privacy,16:36there can be no true freedom of expression and opinion,16:39and therefore, there can be no effective democracy.”16:44That’s what it’s about.16:46Privacy is the building block of our democracies.16:52And to quote a fellow security researcher, Marcus Ranum,16:56he said that the United States is right now treating the Internet16:59as it would be treating one of its colonies.17:02So we are back to the age of colonization,17:05and we, the foreign users of the Internet,17:08we should think about Americans as our masters.17:15So Mr. Snowden, he’s been blamed for many things.17:18Some are blaming him for causing problems17:21for the U.S. cloud industry and software companies with these revelations –17:24and blaming Snowden for causing problems for the U.S. cloud industry17:29would be the equivalent of blaming Al Gore17:31for causing global warming.17:33(Laughter)17:36(Applause)17:43So, what is there to be done?17:50Should we worry. No, we shouldn’t worry.17:51We should be angry, because this is wrong,17:54and it’s rude, and it should not be done.17:57But that’s not going to really change the situation.17:59What’s going to change the situation for the rest of the world18:02is to try to steer away18:04from systems built in the United States.18:07And that’s much easier said than done.18:10How do you do that?18:11A single country, any single country in Europe18:13cannot replace and build replacements18:16for the U.S.-made operating systems and cloud services.18:19But maybe you don’t have to do it alone.18:21Maybe you can do it together with other countries.18:22The solution is open source.18:26By building together open, free, secure systems,18:31we can go around such surveillance,18:34and then one country doesn’t have to solve the problem by itself.18:38It only has to solve one little problem.18:40And to quote a fellow security researcher, Haroon Meer,18:46one country only has to make a small wave,18:49but those small waves together become a tide,18:52and the tide will lift all the boats up at the same time,18:56and the tide we will build18:57with secure, free, open-source systems,19:01will become the tide that will lift all of us19:03up and above the surveillance state.19:09Thank you very much.

Leave a Reply

Sulje valikko