privacy is an illusion and
you’re all losers or how 1984 was a manual for our panopticon society ! By Cain Ransbottyn - @ransbottyn
End of privacy • 9/11
attacks invigorated the concept of terrorist threats • Post 9/11 there was a strong and understandable argument to prioritise security
End of civil liberties •
New word: “asymmetrical threats” • Actually means: “please give up your civil liberties”, in 2001 55% US citizens were pro; in 2011 only 40% (and declining). • Patriot Act changed the world for good
So, terrorism huh ? •
systematic use of violent terror as a means of coercion • violent acts which are intended to create fear (terror) • perpetrated for a religious, political, or ideological goal • deliberately target or disregard the safety of noncombatants (civilians)
Year on year doubling in
surveillance budget since the Patriot Act Except for 2013, then there was a dark budget of US$ 52,6B
Fear. Uncertainty. Doubt. • Instilling
fear is a premise for coercion. But to whom ? • Mass media works as a catalyst to bring fear in the homes of citizens. • We all are very shitty at threat and risk assessments. Pigs or sharks ? • 23,589 40 Or terrorist attacks ? 13,200 * 2010 facts and ﬁgures worldwide
Are we really capable of
understanding the real threat level ? Please demonstrate you can spot a rhetorical question when you see one
The convenience of circular logic
• Gov’t: We’re using surveillance so we can prevent terrorist attacks You: I don’t see any terrorist threat or attack Gov’t: Awesome stuff, hey ? • Him: I’m using this repellent to scare away elephants. You: But I don’t see any elephants. Him: Awesome stuff, hey ?
PRISM, XKeyScore, Tempora ! Thank
you Microsoft, Facebook, Yahoo!, Google, Paltalk, YouTube, AOL, Apple, Skype Snowden leaks the post 2007 surveillance industry is much worse than anyone could have imagined
The rise of private intelligence
agencies • The welcome gift of “social networks” • The thankful adoption rate of smart phones • The cloud as the ultimate data gathering extension to governments • The phone operators remain a loyal friend • The overt investment strategy of In-Q-Tel
The In-Q-Tel investment ﬁrm •
Founded 1999 as not-for-proﬁt venture capital ﬁrm • So… if you are not looking to make a proﬁt, what are you looking for then ? • Investments in data mining, call recording, surveillance, crypto, biotech, … • E.g. 2007 AT&T - Narus STA 6400 backdoor = product of In-Q-Tel funded company • Many (many) participations worldwide (also Belgium)
Social networks as a private
intelligence agency • Perfect front ofﬁces • Facebook as the ﬁrst global private intelligence agency • Otherwise hard to obtain intel is being shared voluntarily by everyone (e.g. hobbies, etc.) • US$ 12,7M investment by James Breyer (Accel), former colleague of Gilman Louie (CEO In-Q-Tel)
Smart-phones as the ultimate tracking
device • Device you carry 24/7 with you. With a GPS on board. • Android has remote install/deinstall hooks in its OS (so has IOS) • OTA vulnerabilities allow remote installs of byte patches (e.g. Blackberry incident in UAE) • Apple incident (“the bug that stored your whereabouts”) • Any idea how many address books are stored on iCloud ? :p
Cloud providers as the perfect
honeypot • There is no company that is so invasive as Google • Records voice calls (Voice), analyses e-mail (GMail), knows who you talk to and where you are (Android), has all your documents (Drive) and soon will see through your eyes (Glass) • Robert David Steele (CIA) disclosed Google takes money from US Intel. community. • In-Q-Tel and Google invest in mutual companies (mutual interest)
Cloud providers as the perfect
honeypot • Not only Google. The latest OSX Mavericks actually asked me to… store my Keychain in the cloud *sigh* • While Apple claims iMessage cannot be intercepted, we know it is possible because Apple is the MITM and no end-to-end crypto is used nor certiﬁcate pinning.
The loyal friend, the phone
operator • Needs to be CALEA and ETSI compliant. Yeah right :-) • Operators are both targets of surveillance stakeholders (e.g. Belgacom/BICS hack by GCHQ) and providers of surveillance tactics (taps, OTA installs, silent SMS, etc.) • Does KPN really trust NICE (Israel) and does Belgacom really trust Huawei (China) ? • Truth of the matter is: you cannot trust your operator…
Requirements • Must provide strong
crypto • Must be open source (GitHub) • Must be beautiful and easy to use, we actually don’t want the user to be confronted with complex crypto issues • Provide deniability • Provide alerting mechanisms that alert the user when something is wrong • Even when your device is conﬁscated, it should be able to withstand forensic investigation
How it’s built • Using
tor as transport layer for P2P routing and provide anonymity (no exit nodes used). • Obfuscated as HTTPS trafﬁc to prevent gov’t ﬁltering. • Using OTR v3.1 to ensure perfect forward secrecy and end-to-end crypto. • Capable of detecting A5/GSM tactical surveillance attacks. • Extremely effective anti forensic mechanisms and triggers
Why use it ? •
To protect your human right on privacy • To protect your human right on freedom of speech • Because your communication needs to remain conﬁdential • Because excessive surveillance is a threat to modern democracy
Parece que tem um bloqueador de anúncios ativo. Ao listar o SlideShare no seu bloqueador de anúncios, está a apoiar a nossa comunidade de criadores de conteúdo.
Atualizámos a nossa política de privacidade.
Atualizámos a nossa política de privacidade de modo a estarmos em conformidade com os regulamentos de privacidade em constante mutação a nível mundial e para lhe fornecer uma visão sobre as formas limitadas de utilização dos seus dados.
Pode ler os detalhes abaixo. Ao aceitar, está a concordar com a política de privacidade atualizada.