Mike Gerwitz

Activist for User Freedom

summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Gerwitz <mtg@gnu.org>2017-04-02 21:59:29 -0400
committerMike Gerwitz <mtg@gnu.org>2017-04-02 22:04:21 -0400
commitc47121828b2ecd1b0962a15392aa0886d9cc500b (patch)
tree50e83f786e4d39c85b10393d2c5cd6a11fa6fcc5
downloadsapsf-c47121828b2ecd1b0962a15392aa0886d9cc500b.tar.gz
sapsf-c47121828b2ecd1b0962a15392aa0886d9cc500b.tar.bz2
sapsf-c47121828b2ecd1b0962a15392aa0886d9cc500b.zip
Oh, hello
This is a mostly-complete history of the development of my LibrePlanet 2017 talk entitled ``The Surreptitious Assault on Privacy, Security, and Freedom''. I removed timekeeping and miscellaneous notes/outlines, but it's otherwise authentic.
-rw-r--r--slides.org966
1 files changed, 966 insertions, 0 deletions
diff --git a/slides.org b/slides.org
new file mode 100644
index 0000000..c532ed3
--- /dev/null
+++ b/slides.org
@@ -0,0 +1,966 @@
+#+startup: beamer
+#+TITLE: The Surreptitious Assault on Privacy, Security, and Freedom
+#+AUTHOR: Mike Gerwitz
+#+EMAIL: mtg@gnu.org
+#+DATE: 26 March, LibrePlanet 2017
+#+OPTIONS: H:3 num:nil toc:nil p:nil todo:nil stat:nil
+#+LaTeX_CLASS: beamer
+#+LaTeX_CLASS_OPTIONS: [presentation]
+#+BEAMER_THEME: Warsaw
+#+BEAMER_HEADER: \beamertemplatenavigationsymbolsempty
+#+TODO: RAW(r) LACKING(l) DRAFT(d) REVIEWED(R) | READY(+) REHEARSED(D)
+#+COLUMNS: %25ITEM %10DURATION{:}
+
+
+#+BEGIN_COMMENT
+#+BEGIN: columnview :hlines 1 :id local
+| ITEM | DURATION |
+|------------------------------------+----------|
+| * Introduction / Opening | 00:00:30 |
+|------------------------------------+----------|
+| * Mobile [0/5] | 0:04 |
+| ** Introduction | 0:00 |
+| *** Introduction | 00:00:30 |
+| ** Cell Towers [0/2] | 00:01 |
+| *** Fundamentally Needed | |
+| *** Cell-Site Simulators | |
+| ** Wifi [0/1] | 0:01 |
+| *** Wifi | 00:01 |
+| ** Location Services [0/2] | 00:01 |
+| *** GPS | |
+| *** Access Points | |
+| ** Operating System [0/1] | 0:01 |
+| *** Untrusted/Proprietary OS | 00:01 |
+|------------------------------------+----------|
+| * Stationary [0/5] | 0:08 |
+| ** Introduction [0/1] | 0:00 |
+| *** Introduction | 00:00:30 |
+| ** Surveillance Cameras [0/2] | 0:00 |
+| *** Unavoidable | |
+| *** Access to Data | 00:00:30 |
+| ** Internet of Things [0/4] | 0:04 |
+| *** Wide Open | 00:00:30 |
+| *** Lack of Security | 00:01:30 |
+| *** Who's Watching? | 00:00:30 |
+| *** Facial Recognition | 00:01 |
+| ** Social Media [0/1] | 0:01 |
+| *** Collateral Damage | 00:01 |
+| ** Driving [0/3] | 0:02 |
+| *** Introduction | 00:00:30 |
+| *** ALPRs | 00:01 |
+| *** Car Itself | 00:00:30 |
+|------------------------------------+----------|
+| * The Web [0/6] | 0:12 |
+| ** Introduction [0/1] | |
+| *** Introduction | |
+| ** Bridging the Gap [0/1] | 0:01 |
+| *** Ultrasound Tracking | 00:01 |
+| ** Incentive to Betray [0/1] | 0:00 |
+| *** Summary | 00:00:30 |
+| ** Analytics [0/2] | 0:02 |
+| *** Trackers | 00:01 |
+| *** Like Buttons | 00:01 |
+| ** Fingerprinting [0/2] | 0:04 |
+| *** Summary | 00:03 |
+| *** Browser Addons | 00:01 |
+| ** Anonymity [0/3] | 0:04 |
+| *** Summary | 00:01 |
+| *** The Tor Network | 00:01 |
+| *** TorBrowser, Tails, and Whonix | 00:02 |
+|------------------------------------+----------|
+| * Data Analytics [0/2] | 0:04 |
+| ** Introduction [0/1] | 0:00 |
+| *** Introduction | 00:00 |
+| ** Headings [0/3] | 0:04 |
+| *** Advertisers | 00:02 |
+| *** Social Media | 00:01 |
+| *** Governments | 00:00:30 |
+|------------------------------------+----------|
+| * Policy and Government [0/6] | 0:12 |
+| ** Introduction [0/1] | 0:00 |
+| *** Introduction | 00:00:30 |
+| ** Surveillance [0/4] | 0:06 |
+| *** History of NSA Surveillance | 00:02 |
+| *** Verizon Metadata | 00:00:30 |
+| *** Snowden | 00:01 |
+| *** Tools | 00:02 |
+| ** Crypto Wars [0/3] | 0:03 |
+| *** Introduction | 00:00 |
+| *** Bernstein v. United States | 00:01 |
+| *** Makes Us Less Safe | 00:02 |
+| ** Espionage [0/1] | 0:01 |
+| *** US Can't Keep Its Own Secrets | 00:01 |
+| ** Subpoenas, Warrants, NSLs [0/1] | 0:01 |
+| *** National Security Letters | 00:01 |
+| ** Law [0/1] | 0:01 |
+| *** Summary | 00:01 |
+|------------------------------------+----------|
+| * Your Fight [0/1] | 0:05 |
+| ** Headings [0/5] | 0:05 |
+| *** Feeding | 00:00 |
+| *** SaaSS and Centralization | 00:01 |
+| *** Corporate Negligence | 00:01 |
+| *** Status Quo | 00:02 |
+| *** Push Back | 00:01 |
+|------------------------------------+----------|
+| * Local Variabes | |
+#+END
+
+
+#+BEGIN_COMMENT
+*Remember the themes!*:
+ - Surreptitious
+ - User privacy and security
+ - Affects on freedom; chilling effects
+ - How free software can help
+
+The big players seem to be the [[The Web][Web]] and [[Policy and Government][Government]].
+No surprises there.
+
+
+It would be a good idea to immediately connect with the audience. So:
+ - Most everyone has a mobile device.
+ - /This is the most immediate and relatable since it's physically present/
+ with them in their travels.
+ - Security cameras et. al. during travel.
+
+So start _briefly_ with the topic of pervasive surveillance?
+ - That is what the abstract refers to, after all.
+
+*Surreptitious*---many audience members won't consider that they're being
+tracked.
+ - But by _whom_?
+
+Maybe a gentle introduction that gets increasingly more alarming and
+invasive topic-wise.
+
+GOAL: Captivate; Startle
+#+END_COMMENT
+
+
+* DRAFT Introduction / Opening :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:00:30
+:BEAMER_env: fullframe
+:END:
+
+#+BEGIN_COMMENT
+None of you made it here without being tracked in some capacity.
+Some of us are still being tracked at this very moment.
+
+...
+
+Let's start with the obvious.
+
+(Note: You're being "tracked", rather than "watched": the latter is too
+often used and dismissed as tinfoil-hat FUD.)
+#+END_COMMENT
+
+#+BEGIN_CENTER
+ #+BEAMER: \only<1>{You're Being Tracked.}
+ #+BEAMER: \only<2>{(No, really, I have references.)}
+#+END_CENTER
+
+* LACKING Mobile [0/5]
+** DRAFT Introduction :B_ignoreheading:
+:PROPERTIES:
+:BEAMER_env: ignoreheading
+:END:
+*** DRAFT Introduction :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:00:30
+:BEAMER_env: fullframe
+:END:
+
+- <1-> Most people carry mobile phones
+- <1-> Synonymous with individual
+- <2> Excellent tracking devices
+
+#+BEGIN_COMMENT
+How many of you are carrying a mobile phone right now?
+Probably most of us.
+They are something we carry with us everywhere;
+ they are computers that are always on.
+A phone is often synonymous with an individual.
+In other words: they're excellent tracking devices.
+#+END_COMMENT
+
+** LACKING Cell Towers [0/2]
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+*** DRAFT Fundamentally Needed
+- <1-> Phone needs tower to make and receive calls
+- <2-> Gives away approximate location (can triangulate)
+
+#+BEGIN_COMMENT
+The primary reason is inherent in a phone's design: cell towers.
+A phone "needs" to be connected to a tower to make and receive calls.
+
+Unless it is off,
+ its connection to the cell tower exposes your approximate location.
+These data persist for as long as the phone companies are willing to persist
+it. If it's mined by the NSA, then it might be persisted indefinitely.
+
+Some people don't use phones primarily for this reason.
+
+rms said he might use a phone if it could act as a pager,
+ where he'd only need to expose his location once he is in a safe place.
+You can imagine that such would be a very useful and important feature for
+ reporters and dissidents as well.
+#+END_COMMENT
+
+
+*** LACKING Cell-Site Simulators
+- <1-> Masquerade as cell towers
+- <2-> (List them) e.g. Stingray
+
+#+BEGIN_COMMENT
+I'm sure many of you have heard of Cell Site Simulators;
+ one of the most popular examples being the Stingray.
+These devices masquerade as cell towers and can perform a dragnet search for
+ an individual.
+Your location can be triangulated.
+#+END_COMMENT
+
+
+** RAW Wifi [0/1]
+*** RAW Wifi
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+
+#+BEGIN_COMMENT
+What else is inherent in a modern phone design?
+A common feature is Wifi.
+
+If you connected to any hidden networks,
+ your phone may broadcast that network name to see if it exists.
+
+Your mobile device could be broadcasting information like past network
+ connections and unique device identifiers (MAC),
+ which can be used to uniquely identify you.
+
+Access points increasingly line the streets or are within range in nearby
+ buildings.
+
+Can be incredibly accurate for tracking movements,
+ and it is _passive_---it requires no software on your device.
+
+Disable Wifi when not in use.
+You can also randomize your MAC address,
+ and be sure not to broadcast hidden networks.
+#+END_COMMENT
+
+
+** RAW Location Services [0/2]
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+*** RAW GPS
+Oh, but what if we _do_ have software on the device?
+And we do.
+
+Let's talk about location services!
+Many people find them to be very convenient.
+
+The most popular being GPS.
+Because of the cool features it permits,
+ it's often enabled.
+And programs will track your movements just for the hell of it.
+Or give an excuse to track you.
+
+*** RAW Access Points
+But GPS doesn't need to be available.
+Have you ever used a map program on a computer that asked for your location?
+How does it do that without GPS?
+Google scours the planet recording APs.
+It knows based on _what APs are simply near you_ where you are.
+Sometimes this can be more accurate than GPS.
+And it works where GPS and maybe even cell service don't, such as inside
+ shopping malls.
+
+So having radio and GPS off may not help you.
+MAC spoofing won't help since software on your device has countless other
+ ways to uniquely identify you---this is active monitoring, unlike previous
+ examples.
+
+** RAW Operating System [0/1]
+*** RAW Untrusted/Proprietary OS
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+The OS situation on mobile is lousy.
+Does your phone work for Apple? Google? Microsoft? Blackberry? ...?
+
+You carry around this computer everywhere you go.
+And you fundamentally cannot trust it.
+
+I use Replicant.
+Does anyone here use Replicant?
+I feel like I can at least trust my phone a little bit.
+But on nearly every phone,
+ the modem still runs proprietary software.
+And often times has direct access to disk and memory.
+
+So even with Replicant,
+ I consider the device compromised;
+ I put nothing important on it if I can avoid it.
+
+
+* RAW Stationary [0/5]
+** RAW Introduction [0/1] :B_ignoreheading:
+:PROPERTIES:
+:BEAMER_env: ignoreheading
+:END:
+*** RAW Introduction :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:00:30
+:BEAMER_env: fullframe
+:END:
+So let's say you have evaded that type of tracking.
+Maybe you don't carry a phone.
+Or maybe you've mitigated those threats in some way.
+
+There's certain things that are nearly impossible to avoid.
+
+** RAW Surveillance Cameras [0/2]
+*** RAW Unavoidable
+On the way here,
+ you likely walked by numerous security cameras.
+They could be security cameras for private businesses.
+Traffic cameras.
+Cameras on streets to deter crime.
+
+Let's set aside local, state, and federal-owned cameras for a moment
+ and focus on businesses.
+So a bunch of separate businesses have you on camera.
+So what?
+
+
+*** RAW Access to Data
+:PROPERTIES:
+:DURATION: 00:00:30
+:END:
+Well one of the most obvious threats, should it pertain to you, is a
+ subpoena.
+The best form of privacy is to avoid having the data be collected to begin
+ with.
+If law enforcement wanted to track you for whatever reason---crime or
+ not!---they could simply subpoena the surrounding area.
+
+** RAW Internet of Things [0/4]
+*** RAW Wide Open
+:PROPERTIES:
+:DURATION: 00:00:30
+:END:
+In the past, these cameras were "closed-circuit"---
+ they were on their own segregated network.
+You'd _have_ to subpoena the owner,
+ or otherwise physically take the tape.
+
+Today, that might be the intent, but these cameras are often
+ connected to the Internet for one reason or another.
+It might be intentional---to view the camera remotely---or it may just be
+ how it is set up by default.
+
+Well...
+Let's expand our pool of cameras a bit.
+Because it's not just businesses that use Internet-connected cameras.
+They're also popular among individuals for personal/home use.
+Home security systems.
+Baby monitors.
+
+*** RAW Lack of Security
+:PROPERTIES:
+:DURATION: 00:01:30
+:END:
+Who here has heard of Shodan?
+
+Shodan is a search engine for the Internet of Things.
+It spiders for Internet-connected devices and indexes them.
+Okay, that's to be expected.
+Maybe that wouldn't be a problem if people knew proper NAT configuration
+ that isn't subverted by UPnP.
+Maybe it wouldn't be a problem if these devices even gave a moment of
+ thought to security.
+
+Anyone heard of Insecam?
+It's a site that aggregates live video feeds of unsecured IP cameras.
+I can tell you personally that you feel like a scumbag looking at the site.
+There's fascinating things on there.
+And sobering ones.
+And creepy ones.
+Restaurants---families eating dinner; chefs preparing food in the back.
+Public areas---beaches, pools, walkways, city streets.
+Private areas---inside homes; private businesses. Hotel clerks sitting
+ behind desks on their cell phones. Warehouses.
+Behind security desks.
+Behind cash registers.
+Hospital rooms.
+Inside surveillance rooms where people watch their surveillance system!
+ With armed guards!
+Scientific research: people in full dress performing experiments.
+I saw someone at the dentist getting a teeth cleaning.
+Anything you can think of.
+You can literally explore the world.
+There are some beautiful sights! Absolutely gorgeous.
+They remove things that are too deeply personal.
+ Assuming someone reports it.
+
+This is an excellent example to demonstrate to others why this is such a big
+ deal.
+
+*** RAW Who's Watching?
+:PROPERTIES:
+:DURATION: 00:00:30
+:END:
+So that's what your average person can do.
+That's what some of you are going to be doing as soon as you leave this
+ talk, if you haven't started looking already!
+
+That's what law enforcement is going to do.
+That's what the NSA, GHCQ, et. al. are going to do.
+
+*** RAW Facial Recognition
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+Now let's couple that with facial recognition.
+
+Consider the breadth of devices we just covered.
+Literally everywhere.
+People don't need to manually look for you anymore;
+ it's automated.
+Hell, any of us can download a free (as in freedom) library to do facial
+ recognition and train it to recognize people.
+Facebook famously got creepy by saying it could recognize people by their
+ dress and posture, from behind.
+
+You don't need facial recognition, though.
+You can also be identified by your gait.
+
+There's a lot to say about IoT.
+We'll come back to it.
+
+
+** RAW Social Media [0/1]
+*** RAW Collateral Damage
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+
+So you don't have any unsecured IoT cameras in your home.
+Or in this conference.
+But you do have unsecured people running wild with their photos and their
+ selfies.
+
+I'm sure you've heard a frequent request/demand from rms:
+"Don't put pictures of me on Facebook."
+This applies to all social media, really.
+I just mentioned facial recognition---
+ this is precisely what Facebook (for example) made it for!
+To identify people you might know to tag them.
+It's excellent surveillance.
+What irks me is when people try to take pictures of my kids,
+ or do and ask if they can put them online.
+Uh, no. You cannot.
+And people are sometimes surprised by that refusal.
+
+Most people are being innocent---
+ they're just trying to capture the moment.
+What they're actually doing is inflicting collateral damage.
+If I'm off in the background when you take a picture of your friends in the
+ foreground,
+ I'm still in the photo.
+
+
+** RAW Driving [0/3]
+*** RAW Introduction :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:00:30
+:BEAMER_env: fullframe
+:END:
+Okay.
+So you have no phone.
+You sneak around public areas like a ninja.
+Like a vampire, you don't show up in photos.
+And you have no friends.
+
+So how else can I physically track you in your travels here?
+
+Well if you flew here,
+ then your location is obviously known.
+That's not even worth discussing.
+
+But what about if you drove?
+
+*** RAW ALPRs
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+ALPRs possibly tracked your movements.
+Automated License Plate Readers.
+
+<...>
+
+Maybe you try to evade them with special license plate covers.
+If need be, one could just track you by other unique features of your
+ vehicle.
+And those might not just be law enforcement.
+
+Security issues extend to this too!
+<Mention EFF's project>
+
+You could rent a car.
+But the rental place probably took your name, license, and other
+ information.
+You could take a cab and pay with cash.
+But that can get expensive.
+And they might have cameras and such anyway.
+
+
+*** RAW Car Itself
+:PROPERTIES:
+:DURATION: 00:00:30
+:END:
+Maybe your car itself is a tracking device (e.g. OnStar).
+
+(Move into Mobile?)
+
+<...>
+
+
+* RAW The Web [0/6]
+** RAW Introduction [0/1] :B_ignoreheading:
+:PROPERTIES:
+:BEAMER_env: ignoreheading
+:END:
+*** RAW Introduction :B_fullframe:
+:PROPERTIES:
+:BEAMER_env: fullframe
+:END:
+But you're not just tracked in the flesh.
+Much of what we do today is virtual.
+What better way to segue than to bridge the two?
+
+** RAW Bridging the Gap [0/1]
+*** RAW Ultrasound Tracking
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+
+A challenge for advertisers is correlating users across multiple devices,
+and in the real world.
+
+Let's say you saw a commercial for some product Foo on TV.
+And then you went online to research Foo.
+And then you bought Foo.
+
+Sometimes commercials have you enter promo codes online to know that you
+ arrived at the site from a TV commercial.
+Or give you a unique URL.
+
+Others play inaudible sounds that are picked up by your mobile device or
+ computer.
+
+<...>
+
+
+** RAW Incentive to Betray [0/1]
+*** RAW Summary :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:00:30
+:BEAMER_env: fullframe
+:END:
+So how does tracking happen?
+How does this tracking code _get_ on so much of the web?
+
+Incentives to betray users.
+
+Many websites make money through advertising.
+It can be lucrative.
+And it's _easy_ to do.
+
+** RAW Analytics [0/2]
+*** RAW Trackers
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+
+Site analytics is another issue.
+Website owners want to know what their visitors are doing.
+That in itself isn't an unreasonable thing broadly speaking,
+ but how you go about it and what types of data you collect
+ defines the issue.
+
+Take Google Analytics for example.
+A very popular proprietary analytics service.
+It is one of the most widely distributed malware programs in the world.
+
+<<examples of how GA tracks>>
+
+And all of this is known to Google.
+All of this can be used to identify users across the entire web.
+
+<<list others>>
+
+If you must track your users, consider using Piwik, which you can host
+ yourself.
+
+*** RAW Like Buttons
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+
+Another popular example are "like buttons" and similar little widgets that
+ websites like Facebook offer.
+If a user is logged into Facebook,
+ then Facebook now knows that they visited that website,
+ _even if they don't click on the button_.
+
+But even if you don't have a Facebook account,
+ information is being leaked to them
+ you are still being tracked.
+
+Addons like Privacy Badger will block these.
+
+** RAW Fingerprinting [0/2]
+*** RAW Summary :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:03
+:BEAMER_env: fullframe
+:END:
+
+These methods are part of a broader topic called "browser fingerprinting".
+It's just what it sounds like:
+ uniquely identify users online.
+It's alarmingly effective.
+
+<<general fingerprinting stuff>>
+
+<<hardware-fingerprint>>
+Some methods allow fingerprinting even if the user uses multiple browsers
+ and takes care to clear all session data.
+They can do this by effectively breaking out of the browser's sandbox by
+ doing operations that depend heavily on specifics of users' hardware.
+
+*** RAW Browser Addons
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+
+(Merge into other sections?)
+
+So how do we avoid this type of tracking?
+
+<<Talk about browser addons>>.
+
+
+** RAW Anonymity [0/3]
+*** RAW Summary :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:01
+:BEAMER_env: fullframe
+:END:
+Another way is to be anonymous or pseudononymous.
+In the latter case,
+ you assume a pseudoynm online and perform only activities that should be
+ associated with that pseudonym.
+In the former case,
+ there should be no way to ever correlate past or future actions with your
+ current session.
+
+This is a difficult topic that's pretty dangerous to give advice on if you
+ have strong need for anonymity---for example, if you are a dissident or
+ whistleblower.
+If your life depends on anonymity,
+ please do your own research.
+I provide a number of resources to get you started.
+
+
+*** RAW The Tor Network
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+Most here have probably heard of Tor.
+"Tor" stands for "The Onion Router",
+ which describes how it relays data through the Tor network.
+
+The packet is routed through a number of servers,
+ encrypted with the public key of each server such that the first hop
+ strips off the first layer and so on.
+The exit node reveals the packet and delivers it to the destination,
+ then begins relaying the reply back to through the network to the user.
+
+As long as a sufficient portion of the network can be trusted and has not
+ been compromised by an adversary,
+ it isn't possible to trace data back through the network.
+
+The most common use of Tor is to route web traffic.
+Many nodes block most other ports.
+It's also possible to resolve DNS requests through Tor.
+
+There are lots of other details that I don't have time to get to here,
+ but I provide a number of resources for you.
+
+
+*** RAW TorBrowser, Tails, and Whonix
+:PROPERTIES:
+:DURATION: 00:02
+:END:
+Tor alone isn't enough to secure your anonymity.
+
+It's hard to secure a web browser.
+<links>
+
+TorBrowser is a hardened version of Firefox.
+The Tor browser recommends that you don't rely on a vanilla Firefox for
+ anonymity with Tor.
+
+Tails...
+
+Whonix...
+
+
+* LACKING Data Analytics [0/2]
+** RAW Introduction [0/1] :B_ignoreheading:
+:PROPERTIES:
+:BEAMER_env: ignoreheading
+:END:
+*** RAW Introduction :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:00
+:BEAMER_env: fullframe
+:END:
+We've seen adversaries with different motives.
+Let's explore what some of them do with all those data.
+
+
+** LACKING Headings [0/3]
+*** LACKING Advertisers
+:PROPERTIES:
+:DURATION: 00:02
+:END:
+The biggest threat to privacy to the average user is by companies that
+ aggregate data for the purpose of understanding _you_.
+Probably better than you understand you.
+I'm sure many of you heard of the story of Target knowing a girl was
+ pregnant before she did.
+
+<<user profiles>>
+
+
+*** LACKING Social Media
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+(Where you are, what you do.)
+
+
+*** LACKING Governments
+:PROPERTIES:
+:DURATION: 00:00:30
+:END:
+(Segue into government surveillance.)
+
+
+* RAW Policy and Government [0/6]
+** RAW Introduction [0/1] :B_ignoreheading:
+:PROPERTIES:
+:BEAMER_env: ignoreheading
+:END:
+*** RAW Introduction :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:00:30
+:BEAMER_env: fullframe
+:END:
+Where to begin.
+
+Governments have a duty to protect their people.
+But they also have a duty to know their bounds;
+ to respect citizens' rights and privacy.
+
+We know how that story goes.
+
+
+** LACKING Surveillance [0/4]
+*** LACKING History of NSA Surveillance
+:PROPERTIES:
+:DURATION: 00:02
+:END:
+(EFF, <<Klein v. NSA>>)
+
+
+*** LACKING Verizon Metadata
+:PROPERTIES:
+:DURATION: 00:00:30
+:END:
+(Add date)
+
+...
+
+*** LACKING Snowden
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+...
+
+*** LACKING Tools
+:PROPERTIES:
+:DURATION: 00:02
+:END:
+- XKeyscore and others
+- Exploits
+- Hardware
+- Intercepting shipments
+- Etc.
+
+
+** LACKING Crypto Wars [0/3]
+*** RAW Introduction :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:00
+:BEAMER_env: fullframe
+:END:
+All of that happened behind our backs.
+
+But there is also a war being waged in public.
+As if we haven't learned from the past.
+The Crypto wars.
+
+
+*** LACKING Bernstein v. United States
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+...
+(Include export-grade crypto)
+(Code is speech)
+
+
+*** LACKING Makes Us Less Safe
+:PROPERTIES:
+:DURATION: 00:02
+:END:
+Apple v. FBI
+
+- Backdoors
+- Clipper chip
+- LOGJAM, etc from export-grade crypto
+- VEP
+
+
+** LACKING Espionage [0/1]
+*** LACKING US Can't Keep Its Own Secrets
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+- Office of Personnel Management
+- DNC
+
+
+** LACKING Subpoenas, Warrants, NSLs [0/1]
+*** LACKING National Security Letters
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+- Gag orders
+- Prior restraint
+- Canaries
+
+** LACKING Law [0/1]
+*** LACKING Summary :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:01
+:BEAMER_env: fullframe
+:END:
+- DMCA
+ - Risks to security researchers
+ - Draconian
+- CFAA
+
+
+* RAW Your Fight [0/1]
+** RAW Headings [0/5]
+*** RAW Feeding :B_fullframe:
+:PROPERTIES:
+:DURATION: 00:00
+:BEAMER_env: fullframe
+:END:
+We're feeding into all of this!
+
+
+*** RAW SaaSS and Centralization
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+- Be sure to mention Cloudbleed and S3
+- Who has access to your data?
+- The "Cloud"
+
+
+*** RAW Corporate Negligence
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+Companies don't care.
+They'll balance _costs_ of failure to comply with regulation.
+Is it cheaper just to pay up in the event of a data breach?
+
+Governments try, sort of.
+They need to catch up with the times.
+<<sec regulations>>
+
+<<large-scale breaches>>
+
+(Tie into SaaSS)
+
+
+*** RAW Status Quo
+:PROPERTIES:
+:DURATION: 00:02
+:END:
+You would think after the Snowden revelations that people would be more
+ privacy-centric.
+
+Some are.
+Many aren't.
+There is complacency with the status quo.
+Everything is so _convenient_.
+
+"I have nothing to hide."
+A common argument.
+One that can be notoriously hard to address.
+
+"Report anything suspicious."
+(Example of mathematician on plane.)
+
+These all have chilling effects, conscious or not.
+<<Wikipedia articles>>
+
+I hope I've convinced you that the status quo cannot hold.
+That even people who aren't that privacy- or security-conscious recognize
+ that there are risks not only at a personal level,
+ but also national and global.
+
+*** RAW Push Back
+:PROPERTIES:
+:DURATION: 00:01
+:END:
+We need to push back.
+
+- Good crypto; no trust
+- Lawmakers: this is not something we can win while we fight with our
+ governments.
+
+
+* Local Variabes :noexport:
+Just Emacs configuration stuff.
+
+# Local Variables:
+# org-todo-keyword-faces: (("DRAFT" . org-upcoming-deadline) \
+# ("LACKING" . org-warning) \
+# ("REVIEWED" . "yellow") \
+# ("READY" . (:inherit org-scheduled bold :underline t)))
+# End: