some recent readings

“Americans spend nearly three hours a day on their mobile devices — checking social media, watching TV and surfing the Web, according to a new study.”

http://nypost.com/2015/10/07/americas-smartphone-addiction-is-only-getting-worse/

http://www.ncdsv.org/images/Wheel_MazeOfCoerciveControl.pdf

/publications_wheel.html

100 Things You Should Know about People

http://alpha411.blogspot.com/2012/04/100-things-you-should-know-about-people.html

http://www.businessinsider.com/100-things-you-should-know-about-people-2010-11?op=1

American Consumerism and the Global Environment

https://www.mtholyoke.edu/~kelle20m/classweb/wp/index.html

ten practical benefits of escaping excessive consumerism in your life

http://www.becomingminimalist.com/escaping-excessive-consumerism/

“The primary question ecology faces today is whether an ecologically oriented society can be created out of the present anti-ecological one.”

http://theanarchistlibrary.org/library/murray-bookchin-social-ecology-versus-deep-ecology-a-challenge-for-the-ecology-movement

“policy proposals”

https://en.wikipedia.org/wiki/Henry_George

“Some people can overcome poverty or addiction or both. But some people can’t. And that is due to a wide variety of ways our society and our brains are fundamentally structured. And that, like losing someone to addiction, is a tragedy.”

http://www.huffingtonpost.com/jen-simon/addiction-poverty-and-the_b_4731613.html

“That community is stable. The men who are missing are missing. The groups who are criminally active stay criminally active. And the incarceration experience has surprisingly little impact on crime.”

http://www.pbs.org/wgbh/frontline/article/todd-clear-why-americas-mass-incarceration-experiment-failed/

“Each year federal, state and local governments spend close to $500 billion on addiction and substance abuse, but for every dollar that federal and state governments spend, only 2 cents goes to prevention and treatment.”

http://www.casacolumbia.org/?gclid=COWAtYfRzcoCFYU-aQod9kMNRg

“In 2013, an estimated 22.7 million Americans (8.6 percent) needed treatment for a problem related to drugs or alcohol, but only about 2.5 million people (0.9 percent) received treatment at a specialty facility.”

http://www.drugabuse.gov/publications/drugfacts/nationwide-trends

http://www.usnews.com/opinion/blogs/policy-dose/2015/06/01/america-is-neglecting-its-addiction-problem

http://www.drugabuse.gov/publications/drugfacts/nationwide-trends

http://www.wnyc.org/story/298330-poverty-race-and-addiction/

the systemic inflammation caused by breathing polluted air is being communicated to the central nervous system. . . . This could have important and troubling implications for people who live and work in polluted urban areas around the world.”

https://www.psychologytoday.com/blog/brain-sense/201107/air-pollution-is-bad-your-brain

Exposure to ambient air pollution is a serious and common public health concern

http://www.hindawi.com/journals/jt/2012/782462/

http://www.globalresearch.ca/making-money-from-addiction-30-million-americans-on-antidepressants-and-20-other-facts-about-americas-big-pharma-nightmare/5399444

http://www.huffingtonpost.com/david-geller/our-wealth-addiction-probl_b_4724873.html

http://www.nytimes.com/2014/01/19/opinion/sunday/for-the-love-of-money.html?_r=0

http://www.sciencedirect.com/science/article/pii/S1463498899000500

http://www.commondreams.org/views/2015/04/27/entitlements-are-bankrupting-america-rich-keep-taking-them

https://en.wikipedia.org/wiki/American_exceptionalism

http://www.senseimarketing.com/social-medias-culture-of-entitlement/

http://www.nationalaffairs.com/publications/detail/american-exceptionalism-and-the-entitlement-state

https://www.psychologytoday.com/blog/the-legacy-distorted-love/201108/narcissism-and-entitlement-do-i-have-stand-in-line

http://www.abc.net.au/news/2015-11-19/ethical-hackers-used-to-test-government-online-security/6956088

https://www.owasp.org/index.php/Insecure_Configuration_Management

“data is a byproduct of our information society socialization”

0:00
welcome to this talk this is Bruce Schneier telling us about
0:03
the NSA their capabilities and countermeasures that we can have against
0:07
them
0:07
thank you very much take an afternoon
0:19
thanks for thanks comment thanks for listening to this I
0:23
to me the coolest thing about all the
0:26
NSA disclosures the past six months to the code names
0:29
i cud interpreting meet there actually are not enough
0:34
code names in our lives and I think we need to sort of learn how to use code
0:37
names better
0:38
I’m out list a few have the code names
0:41
of first code name let talk about his muscular muscular is the code name for
0:47
the NSA
0:48
top-secret program click Google and user data
0:51
by eavesdropping on the trunk lines between the data centers
0:54
this is probably down to help local level 3 Communications level 3 was
0:58
Google’s
0:59
provider we don’t Level 3’s Co it is a code name is little
1:03
think as a general rule is that if your data supplier has an essay codename you
1:08
probably pretty screwed
1:09
this is actually different from the NSA’s program to collect
1:14
Google and Yahoo user data by eavesdropping on the links between
1:18
the well the the browser and the web server
1:22
there another code name for that but that was probably don’t to help %uh
1:26
AT&T and and other telecom companies
1:30
we know ATT’s code name for the summer this is prism
1:33
there’s a lot of code names associated with that with the telcos
1:37
a storm brewing swine best this there’s a bunch there
1:41
this is different from prism a prism
1:45
is the code name for the top CBS a program to collect
1:48
Google and Yahoo user data by asking the companies directly
1:52
that’s one set
1:56
I another really important code name which which people here should learn
2:00
about this quantum
2:01
I’ll all those other code names had to do with passive eavesdropping
2:06
quantum is the NSA program to attend actively
2:09
inject packets into the back bar right so
2:14
that there are these massive computers they have code names like
2:18
tumbled and turbulence and turmoil well
2:21
to halt also allows day to go back in as for just being extracted
2:27
at there’s a lot of different code names so she with quantum
2:32
this quantum in search which is their packet injection
2:36
attack tool %uh the pretty sure this includes
2:40
302 we direct injection on
2:43
DNS packet injection possibly also TCP week
2:46
I rejects this quantum cookie where chill hours
2:51
the NSA to inject a packet in a stream going back to a user
2:55
that forceps I bolger’s cookies and use that to identify users
2:59
are you see many browsing anonymously someone pokes at you and suddenly you’re
3:03
divulge your Facebook
3:05
ran as a key today database a cookie so they know people are
3:08
also the quantum hand we saw that
3:12
in the in the presentation about
3:15
good
3:19
complaint not getting any service tore the
3:22
the position on tore we don’t know what quantum hand does unenglish weaver
3:26
speculates at its command control system
3:28
offering the same malware actually think about a street call you suffer
3:32
objection system I this bunch of other
3:35
quantum contra programs I think what are the things we can do
3:39
usually is think about what a system like
3:43
that like this would look like how it would work what sort of things that
3:47
could do
3:48
that’ll help us to God design around it but decided against it
3:52
and it was probably true that it does
3:55
the things we think it does another code name
3:59
which is related to Spock’s acid factor that is actually wanna call this code
4:02
names that got
4:03
off-ox acid is what they call it exploit orchestrator
4:07
think I’ve Metasploit the budget up
4:13
these are computers that shit on the network
4:16
let something like quantum of forces you to redirect that computer
4:20
it knows who you are spin told offline and it said you different malware
4:25
the matter has all sorts of code names out validate our united break
4:30
of my vote for NSA stupidisco to name
4:33
egotistical giraffe actually did not make that up
4:37
up the particular exploit
4:40
that you are served is determined by a
4:44
program that is code-named ferret Canon validator happens to be the default
4:51
exploit that that’s run against you
4:53
she was a Windows I and after your own their various implants
4:57
and we’ve seen a bunch of these wish our summer these from
5:02
%uh that book up to how implants police are some from a up
5:07
all the mall and but document
5:11
that was released a couple months ago of their lottery the collect
5:15
a implants black hot mineralized vagrant Highlands
5:19
something the design to a lot jump air gaps
5:22
summer to sign chill poll what’s on the screen summer designed to
5:26
passwords or find other things their exploits designed to exploit printers
5:32
i watch a surveillance tools Co traveler
5:36
I a evil olive is an IP location database
5:41
lots of analysis tools machinery know we’ve seen
5:44
in Wailea seen main way I Bowl run
5:48
bull runs the code name NSA program to PC subvert
5:52
internet products and services this a lot here VIII thing anyone’s done the
5:57
full code name glossary
5:58
probably worth doing there are certainly hundreds out by now
6:02
at the documents are just littered with code names
6:06
Summit X don’t even know what they mean just the passing some other doc some
6:12
other pages from that
6:13
talent plant catalog are so full code names are really guess about
6:17
%uh the Metamora hear me this is the best story
6:22
the state industries keep coming I just last week we learned about
6:25
up the %uh the text message database
6:29
I and the collection of up tech specialist
6:33
that’s going on much like an accordion for that one %uh
6:36
the the meta story is the NSA has turned the internet to a giant surveillance
6:40
platform by and what’s important is that
6:43
its robust its robust politically its robust tactically
6:47
its robust legally I mean I started this presentation
6:51
by naming three different programs to collect Google and Yahoo
6:56
email user data these are three different
7:00
tactical accesses relying on agreements
7:04
or this cooperation with three different companies
7:08
and our lineup 3 different a legal justifications
7:12
and that same thing is true I think for cell phone data
7:17
for Internet data for everything else is a lot
7:21
redundancy in the system and we think about solutions support to realize
7:25
that point solutions are are are hard because these are
7:29
point problems the NSA continue to live at its capabilities
7:34
it was we should have which shuttle learning the NSA codebook relying
7:38
by which a learning their there to watch them but update interpretations aborts
7:43
like collects
7:44
or incidentally or target
7:47
or directed so they say things like we don’t collect data they’re actually but
7:52
they mean is
7:53
well we collected but we don’t count is clicked into we actually
7:57
look at its a person looks at it so all the computer stuff is in collecting or
8:02
they say well we don’t
8:03
we got directly target americans it means well you know
8:08
we we get them but dist
8:11
not on purpose or know it incidentally
8:14
up we know they cope programs in multiple code names to hide their
8:19
extended capabilities
8:20
cheers hill different Ste the really the same program a different code names
8:25
and anytime you ever hear from the NSA saying
8:28
we don’t do this under this program are under this authority
8:32
the odds are 100 percent the doing it’s about the program is under authority
8:36
a nothing to stop coming out I think it’s also important as is the data
8:42
sharing there’s a lot of sharing between different organizations
8:46
no the NSA a CIA FBI DEA
8:50
we know some other ish right we we knew from
8:54
there’s a Reuters story actually had it had a slight it as an essay document
8:58
a talked about the NSA sharing data with DEA and instruct them to live at work
9:03
came from
9:04
in court and like really illegal i think is a lot for sharing I’m a TSA and FBI
9:10
Natasha data technologies
9:13
but we know our quite a lot about the FBI’s
9:17
technology dropping on on cell phone calls right stingray
9:21
and some of those so the fake cell phone tower technologies
9:24
we saw the same thinks in the NSA Taio toolkit
9:29
added its its improbable to me that these are being developed independently
9:34
that one person to 1h develops them and they get shared
9:38
I think also legal cover share their companies that will say
9:43
we don’t clobber the NSA i think largely there correct they cooperate with
9:46
the FBI which the front for the NSA for whatever program is being run
9:52
it so that is a lot more moving around between agencies
9:57
and this is mission we know what it is rightly we can see it in
10:01
in the document said Glenn Greenwald gave a talk at
10:04
at CC CE talked about the
10:08
the slow gets collected all know what all exploit it all
10:12
and he sings permeate documents and
10:15
and you could see it in the NSA is almost a
10:19
methodical moving through every communications technology
10:23
try to capture data including your chat rooms in virtual worlds
10:28
you know which sounds ridiculous but let you know if you’re thinking in terms of
10:32
we have to collect everything it makes perfect sense why would you
10:35
believe that by Julie that chattel
10:38
on the shock top and to understand this mission you really have to understand
10:44
the NSA’s history
10:45
when the NSA is born out of the cold war
10:49
red we were singularly interested in
10:52
everything happening the Soviet Union it was almost to flee arrest again chess
10:57
we had to know everything and that collected all mentality
11:01
was focused on the Soviet Union on the Warsaw Pact
11:05
on China on on the countries
11:09
that we were eavesdropping on week like a normal Saturday to
11:13
as lot less data that’s collected all
11:17
notes on made some sets so you had certain trunk lines and you could listen
11:21
on them
11:22
and you get a lot of data right some issues for some it’s not
11:25
tackled a dispatch easy to deal with that she dictator
11:30
I give it much easier typing out the capabilities the new Soviet tank
11:34
the need to protect the fall communist right and social trends are hard
11:40
are that short ubiquitous surveillance that mentality
11:43
really should I did the cold war but I got a new lease on life
11:47
with the terrorist attacks of September 11th
11:51
because intelligence committee was handed impossible mission
11:55
but never again those with their orders
11:59
I never again is ridiculous you can actually do it
12:04
but if you think about its if you get that kinda
12:08
quixotic go love up making sure something
12:11
never happens the only way you could possibly achieve that
12:16
is should know everything that does happen
12:19
exxon never again forces you into
12:23
know everything
12:27
and that mission with was aidid really bite bite the natural trends in
12:31
information technology
12:34
and I think this is another important said we really have to talk to stand
12:38
to fundamentally data is a byproduct the information society
12:43
I everything we do on computers create a transaction record
12:48
data is a byproduct of our information society socialization
12:53
right every time we interact with people using computers
12:56
he creates a transaction record usually
13:00
up the actual conversation right voice is the exception
13:04
but a lot more of our conversations happen
13:08
not recordable form but in recorded for
13:11
at the active have a conversation is in a tech session
13:15
means it is recorded
13:18
did all this data is being increasingly stored increasingly search increasingly
13:23
used
13:24
and this is just more slot data storage drops free data processing traps to free
13:28
it is way easier to save everything that is to figure out what to say
13:33
you all know this is true type your email
13:37
right I remember cuz I’m old enough to remember
13:41
the moment I use to sort my email it throw away which
13:45
need to put in different folders depending on who you’re talking to the
13:48
bank topic have you sorted
13:51
but this year I stop doing that I put everything in one folder
13:55
and that was the year that search became cheaper than sort
13:59
and it made no sense that’s the world we read
14:04
precht and the affections that that we’re all leaving digital footprint
14:07
throughout our lives cloud computing just exacerbates this
14:11
cause our date just moving away from our control
14:15
and lots of things become possible that the notion of wholesale surveillance
14:21
me it’s not a fashion that the NSA is
14:24
putting everyone on the planet under surveillance but they do with that
14:28
because while carrying cellphones
14:31
at the cell phone system by definition
14:34
put us all under surveillance just like
14:37
emailed us just like
14:41
no ATM machines to all those things produce
14:45
data records so wholesale surveillance
14:49
surveillance backwards in time the deaths of several conversation
14:53
we’re not really there yet to be it’s mostly true for politicians are
14:57
are now living in a world is in the US which every politician has someone from
15:01
the opposing party
15:02
following them constantly with a video camera and looking for a gas
15:08
that kind of surveillance will become the norm me
15:12
everywhere been a few years maybe it’s Google glass maybe it’s something else
15:16
but a femoral is gonna disappear
15:21
because the one BD ability have those conversations
15:24
or sisters that never forget I I think this is a probably the biggest change
15:27
that we’re not ready for
15:29
I think a lot of our societal let us aside a lubricant and the fact that we
15:33
have lousy memories
15:36
you know what I can go home and and replay an argument by wife
15:39
two years gotta prove I’m right and not convinced I’m better off
15:44
I think that’s gonna be possible right the result here is a public-private
15:49
surveillance partnership
15:50
is a basic alliance of government corporate interests
15:55
NSA surveillance largely picky tax on corporate capabilities
15:58
already mentioned cell phones I had mentioned internet cookies
16:04
male all those things are happening everywhere
16:07
there’s a a there’s ISA profile happy foot
16:12
that triste geo locate cell phones to access
16:16
transmit location who is separate from
16:19
the NSA program that Russia geo like locate cell phones
16:23
to the cell towers by this overt and covert collection
16:29
I mention global in level 3 and over clutch as a variety of forms
16:33
I we we see cooperation know ask nicely
16:36
we see primary we see threats we see legal compulsion
16:42
but fundamentally surveillance is that this is Molly internet
16:46
right we build systems that spy on people in exchange for services
16:49
that’s the way love the networks and the NSA is happy to piggyback
16:54
on a lot of those capabilities
16:58
that result is to go later spells
17:02
in this this is the Golden Age a surveillance
17:05
even if there wasn’t mouse because of the way our system
17:09
naturally work right
17:12
the out but yesterday again President Obama talked about
17:16
don’t worry it’s only meta-data and I saw the speech he said we’re not missing
17:19
your phone calls
17:20
I’m really getting tired of that medical surveillance
17:25
and easy thought experiment will there’s a shout
17:28
a magic hired detective to spy on somebody
17:31
and that detective the plant a bug in his offices home his car
17:35
you get a report the conversations he had I that’s the president said he’s not
17:39
doing
17:40
if you ask that same detective the put that person under surveillance you get
17:43
if
17:43
report where he went to we spoke chill
17:47
what read what purchase twenty looked at
17:50
right natural meta-data
17:53
meditate call surveillance
17:57
and when you have a list that it I think about it is actually a lot more valuable
18:01
then you shopping data tells you a lot more about what’s going on
18:06
and the SAS a very sophisticated else as tools to deal with
18:09
all this meta-data I wish our summer
18:13
them in the Washington Post article on cell phone
18:17
location data we saw some hints
18:20
at the tools dennis is using in this database and some are pretty cool
18:24
they have us to have a program that looks for phones Cup
18:29
moving towards each other that turn themselves off
18:33
and then turned themselves on again about an hour later moved away from each
18:36
other
18:36
to look for secret meetings it’s kind it
18:41
they have the cell phone
18:44
data love US agents
18:47
which they track and then they look for cell phones that are or sure he’s a cell
18:52
phones
18:53
that are basically paralleling the location looking for tales
19:00
they have a systematic sure how it works but they try to
19:03
chained together burner phone straight burner phone jacks was lethargic
19:08
if you watch the wire in order to go to Burger bonus at
19:11
sup their use a certain amount of time
19:14
but if your personal use is a burner phone think about
19:18
use one that another that another and a private database up though short-lived
19:22
anonymous
19:23
phones I know the location I know that could numbers they’re calling
19:29
I got a pretty good job changing and figure out who the person is
19:34
either using Firefox in that just three examples
19:37
from one database
19:41
me I think about the text text message database thing about the email
19:45
netted a database
19:48
but I put them together you getting a lot of information
19:55
something that I think I think our Caminos but how often have to say this
19:58
specially politically
20:00
that this really not just about the NSA
20:03
just about the United States the me
20:07
it United States spends more intelligence than the rest of the world
20:10
combined
20:12
but now this is what any nation state would do
20:16
we’re better at it we have a very close privileged position on the Internet
20:21
both in terms of the company’s that build and operate the Internet
20:26
add the conductivity tends to flow through the US
20:30
but this Dez these techniques are all general now we know this
20:34
quantum packet injection is a China runs the Great Firewall of China
20:39
we know other countries to do the same sticks to
20:45
me what what’s happened is a stone dockets have given us extraordinary
20:48
window
20:49
into the air into the NSA’s activities and it’s just your too interesting
20:54
not to really look at but other countries do this
20:57
and technology spreads but there’s nothing
21:01
special about these techniques that make them not usable by others
21:05
today’s PSA programs pick up to mars PhD theses
21:09
the next day’s hacker tools so in a lot of ways
21:13
this the stuff we’re seeing %uh the NSA today
21:16
is a three to five year window at the criminals will do
21:20
a lot of those a Tapout tools were in bed
21:24
pieces of hardware you subvert systems
21:27
we’re already seeing those and point-of-sale terminals
21:30
sure credit card numbers
21:34
yeah and this is fundamentally the heart me think about the harm
21:38
here’s where it is we have built-in internet that is secure for everyone
21:43
we even a bold the panopticon be even able
21:47
this ubiquitous surveillance
21:51
a week now half a complete loss of trust the technologies
21:55
lost trust the protocols I mean that in SAP safe toolkit
22:00
is is an interesting example here’s here’s
22:04
area we know that the NSA is influenced a random number generator
22:08
in a popular crypto toolkit means the default
22:12
yup and spend time in the house do that it’s an interesting program
22:17
i think is largely a failure that much largest failed
22:21
because we know we’re hearing much about pox that use that
22:25
a lot of people look and say this is a dumb revenue generating so is not on it
22:29
the standard but that’s certainly not the only one
22:33
the program didn’t stop with that particular suppression
22:38
the problem is we don’t know any others
22:42
which is an enormous loss of trust who do you trust
22:45
we have no idea I were an essay why talked about some the metrics you might
22:50
use to God We Trust
22:52
I big US companies bed a small open source good
22:55
we’re just really making it up I would just try
22:59
we don’t know and also was lost trust in institutions
23:04
here governance models kinda broke right now
23:08
might because it really until now it’s been largely a benign US dictatorship
23:14
under the general belief that the US is act a ring in you know stately the
23:18
world’s best interests we can just let it be that way
23:21
and that turns out not to be true
23:24
and we have nothing to replace it
23:27
social flopping one right now when there’s a lot details we don’t know
23:34
and I think we’ll never know this this there’s nothing about photography the
23:38
documents
23:39
I looked by these
23:42
is really all on the second side is not allowed a coat lotta lotta
23:47
up company names that prism slide was a giant
23:50
the warmest exception generally
23:53
all company names are hidden behind code names and code names are never defined
23:58
this article PCI extremely compartment deformation basically stock
24:05
so we will forever only know
24:08
companies by code names we have some in the telco
24:14
remedies PT is another one now we know some of those
24:18
but a lot which never gonna now
24:21
and a lot of programs we don’t know the documents really a shadow so what’s
24:26
going on
24:28
social gonna be a lot a lot hit but we have to deal with this
24:32
this is what we have to work with
24:36
we have to work with all of this ignorance into what exactly has been
24:40
subverted
24:40
by what exactly has been turned
24:44
and we have a choice to make as people who design the Internet
24:48
using Internet and is not a choice
24:52
and as the NSA spire not it’s a choice between
24:55
at and internet that is vulnerable to all attackers
24:59
already know that a secure for all users that’s our actual choice
25:04
but the problem is we have made surveillance too cheap
25:08
and the solution is to make it expensive again
25:12
it is good news bad news about encryption I N which noted in his first
25:16
interview after his name became public
25:18
talked about this the salary is quote he said encryption works
25:22
properly implemented strong cryptosystems are one of the few things
25:26
you can rely on
25:28
I we know it’s show this lestat or at the NSA can’t break tore
25:32
at piss them off but this the NSA
25:36
this is the moral of the NSA program to collect %uh
25:39
buddy lists from the the browser to web server connection
25:44
you look they had numbers at the data data collected and they clicked in about
25:47
10 times and bad
25:49
data from ya who s from Google which kinda makes no sense because Google
25:53
might have to type something use as a guy who does
25:55
once you realize that Google is using SSL by default
26:00
and ya who isn’t that doesn’t make sense
26:03
at the other cryptic connections a more fruitful this is also less the muscular
26:08
as a great hand-written back to the napkins slide
26:11
where the engineers are describing how they
26:14
get the data from from Google’s backbone
26:18
they point to the space where SSL is removed
26:23
encryption works and assemblies that’s surprising
26:28
but it’s true unfortunately he know than
26:31
Snowden said this is the sense right after you were the one I just read
26:35
he said unfortunately endpoint security is so terrifically week
26:39
the NSA could forget the find ways around it
26:43
this isn’t news to us either
26:48
way to break up to get around it we do know there are some piece a
26:52
cryptanalysis the NSA Haus
26:54
but some some secret thing I this
26:58
this the basic anecdotal evidence by Addison Texas huge investment
27:02
mathematics
27:03
that’s unparalleled anywhere else in the world they hire about the top 10 percent
27:07
pathogens every year
27:08
a US universities
27:12
and more interestingly this there’s a sense out the black budget the
27:15
intelligence budget
27:16
buzz buzz leaked I was stowed document
27:19
thinkin August this attack is August
27:23
and there’s a few pages the budget an entire introduction by James clapper the
27:28
Director of National Intelligence
27:30
and there’s a sense in that dock in his introduction its kind about a context
27:34
but really worth
27:35
listening to for the exact words up he saying we are investing in
27:39
groundbreaking crypt analytic capabilities
27:42
to defeat adversarial could talk for free and exploit Internet traffic
27:47
okay that doesn’t sound like
27:51
we’ve hired a bunch of really smart mathematicians are putting in a room and
27:55
giving them a lot
27:55
appears to get lucky that sounds a lot more like
27:59
we have a piece of we have something
28:03
that’s the ejup I’ll usability and where
28:07
help building the massive computer or doing the massive pre computation or
28:11
deciding the massive hardware
28:13
we’re doing the engineering thing to make it work
28:17
that’s how I read that that they have something
28:21
but their son engineering issue I I have I had three guesses on what it is
28:26
up I was given a fourth a couple days ago
28:31
and to give them all into no real order
28:34
%uh the first one is is elliptic curves I did a lot of math elliptic curves is
28:39
easy to imagine that there is some this
28:41
a lot of math we don’t know about that occurs need to some general advance
28:45
or some advance in certain classes elliptic curves that he could force
28:48
curves into that class
28:49
you have a a leg up on break them we do know that the NSA
28:53
has affected her selection
28:56
so so that that that’s a decent gas
29:00
us second-guess is a is General Tso kinda general factoring technique
29:05
you think about factoring in the academic world it gets better every year
29:08
actor to hear back attend here
29:10
100 there you can plot have tactics approved over the over the years over
29:14
the decades
29:16
you get the NSA five to 10 years bench have you whitewater
29:20
characterize it yes sir thank you where they are
29:25
night the third guess is is rc4
29:29
rc4 commonly used on the Internet
29:33
hostile secure kinda just barely I had lotsa up
29:38
love things we have we don’t know how exploits
29:42
as you can imagine you know another five years a cappella
29:45
advance someone kinda could figure it out
29:49
unlike at last week a bit earlier this week surfers John Kelsey
29:53
who suggested up panorama generators that a lot or item encumbered
29:57
lottery and democrat is have really lousy entropy
30:00
and that is kinda candidate for a massive pre computation attack
30:05
at a future know exactly in what way
30:08
certain our energies are bad you can use that to
30:13
extraordinarily pair Daniel before search so that’s it
30:16
interesting example make even between all this we know that
30:20
most current crypto graffiti frustrates the NSA
30:24
at least scale individually no
30:28
but its scale yes that we know the motion the way an essay break script
30:33
goes by getting around it
30:37
and clapper says that crypto doesn’t give them much trouble
30:40
that’s why he’s talking about to make getting around it
30:43
batted limitations defaulted week keys
30:47
sabotaging standards deliberately
30:50
subverting products and services and and
30:53
but the NSA calls export Trading keys that’s code for stealing
30:58
going into stealing keys
31:02
it’s effective
31:05
and Moshe the NSA relies on a quick to change data
31:09
a lot of this stuff is not encrypt it
31:12
internet data cloud data cell phone data I’ll other third-party data
31:17
its out there in the clear
31:21
as target just learned I guess
31:25
right so here’s the problem right-wing made bulk data collection too easy
31:33
right each year for the NSA to collect everything into target
31:38
now solutions are gonna be complicated right there
31:41
it’s a complicated problem is no easy solution
31:44
includes you know government self correction tackle measures legal
31:48
measures international cooperation
31:51
and I think a major shift in how we think about security and privacy
31:54
I want to run through I think some up the ways I think this will get fixed
31:59
%uh the first 20 of self corrections inside the NSA
32:03
things have changed have to have it is amazingly it may
32:07
as it’s amazing it is to all of us the NSA had no contingency plans for all
32:12
their secrets being leaked
32:14
right a if you remember the NSA’s response the first month I had no clue
32:20
what to say to come like 7 89 weeks to get a PR from the proper security
32:24
clearance
32:25
like I get a good message now they’re good they have
32:28
they have to press releases they have a blog they’re really good at being on
32:32
mesh
32:33
but a long time to get there that that’s over
32:37
at the cost-benefit analysis has changed the NSA i think is gonna have to
32:42
incorporate the risk of exposure
32:44
anything they do by the political blowback has been kinda the norm is here
32:51
from from our allies
32:55
that shit stop documents at the NSA was spying on North Korean the Taliban
32:59
nobody would care
33:01
Russian assay spied on Belgium
33:04
or worse the GCHQ spot and I’ll talk to dislike the bresca spline a Connecticut
33:12
right but but you have to assume that the make
33:15
the nature of secrecy is changing
33:19
that it used to be Intel intelligence YouTube coming out of college you go
33:24
into the club
33:26
you get a job for life you be heart I’ll
33:29
the inner circle and that’s the way secrecy works
33:35
he tell anybody under-thirty job for life and they laugh at you
33:41
I mean Chelsea Manning bus what a four-year tour
33:45
at which no one was a contractor the new they had no job security
33:52
so it’s different and I have to believe that the NSA
33:55
now has to look at their programs and say this coming pump public in three to
33:59
five years
34:00
is it okay and that changes the risk analysis
34:06
i think is a substructure side government person Obama talked a bit
34:09
about that
34:10
yesterday that maybe we shouldn’t do things just because we can do things
34:17
and the collect everything metaphor which was no
34:21
DJ Raj the energy to heighten before him
34:24
you know that maybe that isn’t the right thing to do
34:27
but there are limitations to intelligence yet they’re all these
34:31
studies showing this is not affected
34:35
and I think this is gonna change
34:38
how we view intelligence at the voyeurism just isn’t worth it because it
34:42
costs too great
34:45
the beach there corrections I corporations before snowden
34:48
it question nothing to cooperate the NSA
34:53
if your company and the total cost to distance the forty still throughout the
34:57
Cold War
34:58
cooperate with the NSA is what you did the internet company’s
35:02
were a little more taken aback as Omar fighting back but still
35:05
everyone believed this would never become public
35:08
you could do with impunity and now corporations
35:12
know that’s just not true this enormous are reputational loss when it comes out
35:17
to cooperated
35:17
as non-traditional value in fighting we see
35:21
Apple and Microsoft Yahoo and Google they’re all
35:26
of Twitter Facebook to some extent LinkedIn
35:30
they’re all fighting publicly
35:35
it hard for companies last the telcos almost not at all
35:38
but even even exchanging there’s a pushes against AT&T to the polls what
35:43
you doing to fight back
35:46
and that’s good change the calculus caroline’s cooperation anymore
35:53
that self corrections but there’s a lot things technically
35:58
that we have to do and a lot of this relies
36:02
on on this notion a book lecture I think the NSA might have a larger budget
36:07
everyone else combined but they are not made of magic
36:11
right there constrained by the laws of economics the laws of physics
36:15
la Somme and the our goal has to be
36:19
to make ball eavesdropping more expensive
36:24
on the grill ever eliminate Target collection
36:29
that is a toolkit that we just saw the end of last month in 2008
36:33
shorts a lot better now treated very very good the NSA
36:37
once into somebody’s computer they will get period
36:41
but that starr touch target thats I think that’s okay
36:47
it’s the box stuff we want to deal with
36:51
then there’s a lot of things we can do here
36:54
that involve redesigning protocol to resign defaults
36:59
I even talked about some at this this yesterday
37:02
but the more we can encrypt the backbone the better will do
37:07
bankrupting the backbone mixed quantum go away
37:12
I provide real security and spoke attacks more importantly provides cover
37:16
traffic for those who really needed to stay alive
37:20
right more corruption the cloud more part for its secrecy
37:24
wish more things that raise the cost
37:27
up doing it bach
37:30
anything going to begin to to resign products and services
37:35
and we know usual level application encryption is hard
37:39
twenty-year lesson at PGP is that one click email corruption is one click too
37:43
much
37:45
on the other hand otro is a really good lesson in how to do this successfully
37:50
or hard drive encryption I think I think my mind up big a success story
37:54
encryption
37:56
that it is so easy and so transparent so invisible
38:00
there’s no Israel for everybody not at the hard drives
38:04
never even notice you doing it night comes default in the operating system
38:09
don’t trust those there
38:10
there are various third-party packages
38:14
make more in point security editing documents talk about PSP’s
38:18
personal security products and the they give them trouble
38:22
they don’t like them that so the more we use in the better we are
38:28
but more open standards more open source for things that are hardest
38:32
hard to subvert another big thing I think we need to go back to his target
38:37
dispersal
38:37
we were way more secure when there are a hundred thousand ISP’s in there are 100
38:44
having these massive targets
38:47
is very dangerous
38:50
mean not just technically but legally a single Google single Facebook
38:55
everybody on Gmail
38:59
actually don’t want this
39:03
and the last thing is assurance this is the hardest but this I think the most
39:07
important
39:08
we really need to figure a sure it’s out
39:11
we need to be able to prove demonstrate somehow
39:14
the software we use does what we want to do it and doesn’t do anything else
39:22
that Act II don’t get that’s nowhere near near-term
39:25
creating a restating resembling monarchs offer
39:29
but I extraordinarily important
39:33
thanks a lot of the surveillance rule reliance on
39:37
these hidden capabilities
39:43
but some largely it despite all this this is a political problem
39:48
and it’s a difficult a problem the US we are long past the point
39:53
where simple legal interventions can help
39:57
the essay Obama talked a lot about one particular data
40:00
database that the cell phone call record database
40:04
collected over one particular legal authority 702
40:08
I think archer’s euro
40:11
that that is the only way the essay gets that day
40:16
and if they don’t get it which get it give it to us
40:19
I largely thing at seven two scrambles up
40:23
and that the real capability are behind that
40:26
and we know in general a solution looks like I transparency oversight
40:30
accountability
40:33
but how exactly that works can be really hard
40:36
and our problem is that loss let technology
40:41
the two not challenge always ahead of the legal regime ther to
40:45
restrict so know the NSA’s go is going in these new technologies
40:49
with everything is nothing stopping them
40:53
me as a co GI Joe heighten the previous %uh NSA director said I think get some
40:57
are
40:58
TV interview is talking about his his limitations
41:01
and he says give me the box you allowing operate in
41:05
I’m gonna play the very edge that box that makes sense
41:09
to you realize a technology expands his box
41:12
constantly so he’s pushing the edges
41:16
by the time ball get around noticing the box figure it’s too late
41:20
you reduce the capabilities
41:25
and of course even if we do succeed reining in the NSA only affects United
41:29
States
41:30
it’s not gonna really affect non-us persons spite Obama said yesterday
41:35
stock in effect the are the actions of other countries
41:39
and but I’d like to talk about this in in
41:42
other environments a very often get the shorter spots
41:47
you can’t stop the NSA because if you do that China will do it
41:52
and that’s fundamentally an arms race argument rights is your some game here
41:56
aspersions China where your enemy is Nov we don’t do it they will and they would
42:02
and an attack some really bad position appeared I think and I think it’s a
42:06
wrong way to frame this
42:09
what we have to do is get the world to realize that a secure internet isn’t
42:13
everyone’s best interest that’s not us versus them
42:16
its security person security what she’d do that
42:20
features your some game to positive sum game you have lost the trees
42:24
supportive technology support laws
42:27
you setup other laws the technology deal not quite
42:30
actors state non-state doesn’t make it easy
42:34
but a makeshift like any other one of the heart international problems
42:38
money laundering nuclear lot perforation human trafficking small arms trafficking
42:44
land mines
42:47
it’s very hard to make those work internationally for all the reasons
42:51
you know but at least we all know
42:54
basically the direction we’re moving towards we lost sort of know the goal
43:01
I and the coldest security versus surveillance
43:06
and if you think about that that’s the NSA stylish
43:11
securing our stuff eavesdropping on their stuff
43:15
work great with our stuff was nato in their stuff is wassup packed
43:20
works less well when our stuff in their stuff for the same
43:24
works really badly the administration tells you to
43:28
shop on everybody terrace could be everywhere this strike at any time board
43:33
constantly helper scared
43:36
South the two missions go out a balance
43:41
now we need to do is rebalanced and even more so
43:45
rebalance them waiting security more than surveillance
43:53
frightening surveillance year’s robust
43:56
again politically legally technically
44:00
and we need to solve its not just the NSA but for everybody
44:04
from other governments cybercriminals rogue actors
44:10
I think a secure internet is vital side
44:14
and I i think we need for to get there near-term
44:18
I actually don’t think for a minute we’ll win the stop doing this argument
44:24
we might win the tell us what you doing argument and I think that would be worth
44:30
for aus me to fight futility
44:34
a lot of times I talk to clint black especially from from third world
44:37
countries
44:38
is a lot of utility out there is nothing I can do their fresh
44:41
did nothing that’s wrong that at
44:45
everything we do makes it harder makes it better
44:50
and fighting this individual is real important
44:53
do that we need if we need to a fight the balkanization internet
44:58
ISO were slow back to me as a surveillance the idea that some
45:01
countries
45:01
will make their own internet somehow if that’s possible
45:06
is enormous value in a single global Internet
45:10
and we need to figure out %uh we can trust me to figure out the new
45:14
governance models
45:16
what organizations not the IT you please
45:20
but something
45:23
and I think we eventually will win the protecting is whether shopping argument
45:28
might not be for a ten years but I do believe that is where we’re headed
45:34
and then when someone says well if you don’t do with china will you can say
45:38
just because china dolls and national I just we have to
45:42
now picked up
45:45
because fundamentally that’s what’s true
45:49
and really I’m a star and with this this problem is much bigger than the NSA
45:55
in general this is about data it’s about data sharing
45:59
about surveillance as a as a model business
46:03
as about societal benefits at Big Data first
46:06
individual risks of personal data
46:10
what do we do with data that benefit society is a group
46:15
verses that same data as personal individuals
46:19
thinking that as behavioral avatar behavioral data for advertising
46:23
thing is medical data Education data
46:26
medley track easy way to explain it we put all of our health records in a
46:31
massive database
46:32
that would be enormously valuable for research
46:36
yet incredibly personal how do we deal with that
46:41
how do we extract group benefits data
46:46
while still protecting individuals batch really what this NSA debates about
46:52
and that’s just one of many debates I think this is the fundamental issue
46:56
information site
46:58
I think solving it will take decades and solving it
47:02
is what know the historians up this year a are gonna write about
47:06
because thats sport so thanks I’m happy for
47:10
few questions
47:22
so there’s a microphone in the middle standing there and that’s going to be
47:25
the question Mike
47:26
so you would have to run over there quickly yes
47:29
Italy
47:35
might literally the only one up actually I think it really only one
47:40
figured literally your I work with a up
47:44
PHD physicist is a it did the pretty paranoid guy
47:48
but up he’s utterly convinced
47:51
that the NSA has a functional working classical quantum computer
47:55
that is capable d cryptic SSL
47:58
in real time at line rate on tape okay
48:02
such a show of hands who thinks that physicist is paranoid dreaming
48:05
a so that’s what I thought but i wanna I think she’s Streit
48:10
cocaine I thought apartheid in treating by a lot
48:15
may we can factor like 15 I think
48:18
it quantum computers are
48:21
I’m nowhere near I mean yes of course they have a program to do research mean
48:27
why wouldn’t they be embarrassing if they didn’t
48:29
now this really science fiction the world be
48:32
very different otherwise I I don’t think that’s even remotely possible right now
48:36
be cool if I was wrong with net
48:40
but I just don’t think so but that’s the problem with a lotta stuff right
48:44
on the one hand it’s really really cool that the United States kills people
48:49
flying robots
48:50
on the other hand oh my god we kill people flying robots right
48:54
by this fun
49:02
makes it really hard yes
49:04
occurs one other publicly stated purposes Utah facility
49:08
has 256 you know I got high the YouTube if I at the Utah facility I wouldn’t
49:14
waste time on that
49:15
I you top a silly I please for data storage a source data processing up
49:20
although this meta data that have these massive
49:23
up data mining algorithms
49:27
likes I think I talked about for up for a shot on location data
49:30
and they just need all the data to be
49:34
in ramp somewhere on describing the need to be clocks
49:37
can’t be on tape so they need facilities
49:40
that can move this state around in data processing and two parallel market that
49:44
really officially after I think that is about I mean ATS 256
49:49
is a lot more data then would be there I think I’ll be a waste their time
49:53
in the real hard thing here is analysis not getting more data I
49:58
breaking the message between a to be doesn’t cryptid
50:01
they know the message there that how long it is that’s good enough let’s
50:05
forget which really going on so they’re not just money
50:08
on sorry their I did hear that
50:12
so so they’re not just money bit corny it
50:18
they want to buy bitcoins that use your computer the
50:29
I can you say anything about your meeting with congress earlier in the
50:31
week
50:31
%uh not more than i sat on my blog been the meeting happened
50:36
I it was kind of kind of weird but I mean
50:39
the meeting was we we should be off the record and was a candy dish in
50:42
conversation with people who are reform-minded
50:45
and I’d like to give them as much leeway and ability to do
50:50
what they want to do is as possible so I’m not saying I’m not use to DL
50:56
that kinda good guys all sides of the aisle Susan canny public company
51:04
I heard a lot about
51:30
about private corporation surveillance I’m worried a lot
51:33
else is this fall the internet but I’m worried about me it
51:36
British recently some assembly ish worry less for the NSA
51:40
does it strike against terrorism as opposed to your Facebook and Google who
51:44
are trying to psychologically manipulate you to buy
51:47
thanks thank so on the on the one hand that that makes sense on the other hand
51:53
with the false alarm problem is really different
51:56
right if the if Facebook get stronger shooting at for Chevy you don’t want it
52:00
the NSA gets from the top drone on your head
52:02
I South says differences there I think both
52:06
are worry I think interplay is a big problem and I
52:09
that’s why I think this this is a bigger question the NSA
52:13
yes it is one aspect up this I’m having watches
52:16
waved at me from all directions for the rest %um I am really sorry
52:19
I’ll be out there thank you very much

“Cyberspace has become a full-blown war zone as governments across the globe clash for digital supremacy in a new, mostly invisible theater of operations. Once limited to opportunistic criminals, cyber attacks are becoming a key weapon for governments seeking to defend national sovereignty and project national power.”

http://securityaffairs.co/wordpress/18601/hacking/nsa-foxacid-servers.html

http://www.techworm.net/2015/08/the-top-ten-hacker-tools-of-2015.html

http://www.fromdev.com/2014/09/free-hacking-tools-hacker.html

https://www.youtube.com/user/DEFCONConference/playlists

https://books.google.com/books?id=IYhSAAAAQBAJ&pg=PA204&lpg=PA204&dq=hardware+hacks+uncommon&source=bl&ots=OklY4acSaT&sig=uSZn4LGvHrUmZsrxa6QvIooQfEs&hl=en&sa=X&ved=0ahUKEwiozOzzic7KAhVE_WMKHbOcBxc4ChDoAQg4MAU#v=onepage&q=hardware%20hacks%20uncommon&f=false

http://www.slate.com/blogs/trending/2012/10/04/bacteria_gold_cupriavidus_metallidurans_creates_pure_gold_.html

http://gizmodo.com/5948739/researchers-discover-bacteria-that-can-produce-pure-gold

http://arstechnica.com/science/2008/03/identifying-bacteria-with-gold-nanoparticle-constructs/

 

 

 

 

 

 

 

 

 

 

 

 

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s