Mike Gerwitz

Activist for User Freedom

summaryrefslogtreecommitdiffstats
blob: d7d401f2f128ecd1dc78d8403a22a465230b8374 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
#+startup: beamer
#+TITLE: The Surreptitious Assault on Privacy, Security, and Freedom
#+AUTHOR: Mike Gerwitz
#+EMAIL: mtg@gnu.org
#+DATE: 26 March, LibrePlanet 2017
#+OPTIONS: H:3 num:nil toc:nil p:nil todo:nil stat:nil
#+LaTeX_CLASS: beamer
#+LaTeX_CLASS_OPTIONS: [presentation]
#+BEAMER_THEME: Warsaw
#+BEAMER_HEADER: \beamertemplatenavigationsymbolsempty
#+BEAMER_HEADER: \setbeamertemplate{bibliography item}{\insertbiblabel}
#+BIBLIOGRAPHY: sapsf plain
#+TODO: RAW(r) DEVOID(v) LACKING(l) DRAFT(d) REVIEWED(R) | READY(+) REHEARSED(D)
#+COLUMNS: %40ITEM %10DURATION{:} %8TODO %BEAMER_ENV(ENVIRONMENT)


#+BEGIN_COMMENT
*Remember the themes!*:
  - Surreptitious
  - User privacy and security
  - Affects on freedom; chilling effects
  - How free software can help

The big players seem to be the [[The Web][Web]] and [[Policy and Government][Government]].
No surprises there.


It would be a good idea to immediately connect with the audience.  So:
  - Most everyone has a mobile device.
    - /This is the most immediate and relatable since it's physically present/
      with them in their travels.
  - Security cameras et. al. during travel.

So start _briefly_ with the topic of pervasive surveillance?
  - That is what the abstract refers to, after all.

*Surreptitious*---many audience members won't consider that they're being
tracked.
  - But by _whom_?

Maybe a gentle introduction that gets increasingly more alarming and
invasive topic-wise.
#+END_COMMENT


* LaTeX Configuration                                         :export:ignore:
#+LATEX_HEADER: \usepackage[backend=biber]{biblatex}
#+LATEX_HEADER: \usepackage{color}
#+LATEX_HEADER: \bibliography{sapsf}
#+BEGIN_LATEX
% citations will be grayed and pushed to the right margin
\let\origcite\cite
% incite = "inline" cite
\def\cite{\hfill\incite}
\newcommand*{\incite}[1]{{%
  \scriptsize
  \raisebox{1ex}{%
    \color{gray}%
    \origcite{#1}%
  }%
}}

\renewcommand*{\bibfont}{\scriptsize}
#+END_LATEX


* LACKING Slides                                              :export:ignore:
** REVIEWED Introduction / Opening                             :B_fullframe:
:PROPERTIES:
:DURATION: 00:01
:BEAMER_env: fullframe
:END:

#+BEGIN_COMMENT
Hello, everyone.
Thanks for coming!

My name's Mike Gerwitz.
I am a free software hacker and activist with a focus on user privacy and
  security.
I'm also a GNU Maintainer, software evaluator, and volunteer for various
  other duties.

And I'm here to talk to you about an unfortunate,
  increasingly unavoidable fact of life.

None of you made it here without being tracked in some capacity.
Some of us are /still/ being tracked at this very moment!

This isn't a tinfoil hat presentation.
It's a survey of facts.
/Actual/ facts, not alternative ones!  (Dig at Kellyanne Conway, for those
  reading this in the future.)
Since time isn't on my side here,
  I'm going to present a broad overview of the most pressing concerns of
  today.
Every slide has numeric citations,
  which are associated with references on the final slides.
I won't be showing them here---you can get them online.
My goal is to present you with enough information that you know that these
  things /exist/,
   and you know where to find more information about them.
Those unknown unknowns.

So: let's start with the obvious.

(Note: You're being "tracked", rather than "watched": the latter is too
often used and dismissed as tinfoil-hat FUD.)
#+END_COMMENT

#+BEGIN_CENTER
  #+BEAMER: \only<1>{You're Being Tracked.}
  #+BEAMER: \only<2>{(No, really, I have references.)}
#+END_CENTER


** REVIEWED Mobile [0/5]
*** REVIEWED Introduction                                 :B_ignoreheading:
:PROPERTIES:
:BEAMER_env: ignoreheading
:END:
**** REVIEWED Introduction                                   :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:15
:BEAMER_env: fullframe
:END:

- <1-> Most people carry mobile phones
- <1-> Synonymous with individual
- <2> Excellent tracking devices

#+BEGIN_COMMENT
How many of you are carrying a mobile phone right now?
Probably most of us.
They are something we carry with us everywhere.
They are computers that are always on.

A phone is often synonymous with an individual;
  they are a part of us.
In other words: they're excellent tracking devices.
#+END_COMMENT

*** REVIEWED Cell Towers [0/2]
:PROPERTIES:
:DURATION: 0:02
:END:
**** REVIEWED Fundamentally Needed
:PROPERTIES:
:DURATION: 00:00:45
:END:
- Phone needs tower to make and receive calls
- Gives away approximate location\cite{pbs:nova:boston}

#+BEGIN_COMMENT
The primary reason is inherent in a phone's design:
  cell towers.
A phone "needs" to be connected to a tower to make and receive calls.

Unless it is off or otherwise disconnected (like airplane mode),
  its connection to the cell tower exposes your approximate location.
If the signal reaches a second tower,
  the potential location can be calculated from the signal delay.
You can also triangulate.
These data persist for as long as the phone companies are willing to persist
  it.

Some people don't use phones primarily for this reason.

rms, for example, said he might use a phone if it could act as a pager,
  where he'd only need to expose his location once he is in a safe place.
You can imagine that such would be a very useful and important feature for
  reporters and dissidents as well.
#+END_COMMENT


**** REVIEWED Cell-Site Simulators
:PROPERTIES:
:DURATION: 00:00:45
:END:
- <1-> IMSI-Catchers
- <1-> Masquerade as cell towers
- <1-> Most popular: Stingray
- <2-> Free/libre Android program AIMSICD available on F-Droid attempts to
       detect\cite{aimsid}

#+BEGIN_COMMENT
Cell Site Simulators have made a lot of news in the past (including my local
  news),
    one of the most popular examples being the Stingray.
These devices masquerade as cell towers.
This allows (for example) law enforcement to get a suspect's phone to
  connect to _their_ device rather than a real tower,
    which allows their location to be triangulated,
    calls to be intercepted,
    texts to be mined,
    etc.
Law enforcement might also use it to record all devices in an area,
  such as during a protest.

The problem is: _every_ phone in the area will try to connect to it;
  it amounts to a dragnet search,
    and is therefore extremely controversial.

The Android program AIMSICD---Android IMSI-Catcher Detector---is being
  developed in an attempt to detect these devices.
It is free software and is available on F-Droid.
#+END_COMMENT


*** REVIEWED Wifi [0/3]
:PROPERTIES:
:DURATION: 0:01
:END:

**** REVIEWED ESSID and MAC Broadcast
:PROPERTIES:
:DURATION: 00:01
:END:
- <1-> Device may broadcast ESSIDs of past hidden networks
- <2-> Expose unique hardware identifiers (MAC address)
- <3-> **Defending against this is difficult**
  - <4-> /Turn off Wifi/ in untrusted places
  - <4-> Turn off settings to auto-connect when receiving e.g. MMS
  - <5-> Use cellular data (e.g. {2,3,4}G)
  - <6-> **MAC address randomization works poorly**\cite{arxiv:mac}

#+BEGIN_COMMENT
What else is inherent in a modern phone design?
A common feature is Wifi.

If you connected to any hidden networks,
  your phone may broadcast that network name to see if it exists.

It exposes unique device identifiers (MACs),
  which can be used to uniquely identify you.

Defending against this is difficult,
  unless you take the simple yet effective route:
    disable Wifi completely,
      at least when you're not in a safe area you can trust.
Some apps will automatically enable networking if they receive,
  for example,
  MMS messages;
    be careful of that.
If you really do need data,
  use your cellular data.
You are already hemmoraging information to your phone company,
  so at least you're limiting your exposure.

Some phones and apps offer MAC address randomization.
That's a good thing in priniciple.
Unfortunately, it seems to be easily defeated.
One study, cited here,
  claims to be able to defeat randomization 100% of the time,
  regardless of manufacturer.

/Segue to next section:/
All these previous risks are _passive_---
  they require no malicious software on your device.
But what if we _do_ have such software?
And of course, we do.
#+END_COMMENT


*** REVIEWED Geolocation [0/3]
:PROPERTIES:
:DURATION: 0:02
:END:

**** REVIEWED GPS
:PROPERTIES:
:DURATION: 00:01
:END:
- <1-> Not inherently a surveillance tool
- <2-> Often enabled by default
  - <2-> Might prompt user, but features are attractive
- <3-> Programs give excuses to track\cite{jots:mobile}
  - <3-> Navigation systems
  - <3-> Location information for social media, photos, nearby friends, finding
         lost phones, location-relative searches, etc.
- <4-> Not-so-good: targeted advertising and building users profiles
- <4-> If phone is compromised, location is known

#+BEGIN_COMMENT
Let's talk about geolocation!
Many people find them to be very convenient.
The most popular being GPS.

GPS isn't inherently a surveillance tool;
it can't track you on its own.
Your GPS device triangulates its location based on signals
  broadcast by GPS satellites in line-of-site.

Because of the cool features it permits,
  it's often enabled on devices.
And programs will track your movements just for the hell of it.
Or give an excuse to track you.

I'm not saying there aren't legitimate uses.
Navigation systems,
  social media,
  photo metadata,
  finding nearby friends,
  finding lost phones---
    all of these things are legitimate.
You just need to be able to trust the software that you are running,
Often times, you can't.
Without source code,
  it's sometimes hard to say if a program is doing other things.
Like using it for targeted advertising,
  and/or building a user profile (which we'll talk about later).
#+END_COMMENT

**** REVIEWED But I Want GPS!
:PROPERTIES:
:DURATION: 00:00:30
:END:
- <1-> Is the program transparent in what data it sends?  (Is the source code
       available?)\cite{jots:mobile}
- <1-> Does the program let you disable those features?
- <2-> Pre-download location-sensitive data (e.g. street maps)
  - <2-> OsmAnd (free software, Android and iOS)\cite{osmand}

#+BEGIN_COMMENT
So you may legitimately want GPS enabled.
It's terrible that you should be concerned about it.

You need to know what data you're leaking so that you can decide whether
  or not you want to do so.
And you need the option to disable it.

Sometimes your location is leaked as a side-effect.
Navigation systems, for example, usually lazy-load map images.
Some apps let you use pre-downloaded maps,
  like OsmAnd,
  which is free software available on both Android and---if you must---iOS.
#+END_COMMENT


**** REVIEWED Location Services
:PROPERTIES:
:DURATION: 00:00:45
:END:

- <1-> No GPS?  No problem!
- <1-> Mozilla Location Services, OpenMobileNetwork, ...
       \cite{mozilla:loc-services,openmobilenetwork}
- <2-> Wifi Positioning System; Bluetooth networks;
       nearby cell towers\cite{w:wps}
  - <2-> Signal strength and SSIDs and MACs of Access Points
         \cite{w:trilateration,acm:spotfi,acm:lteye}
- <3-> Gathered by Google Street View cars
- <3-> Your device may report back nearby networks to build a more
       comprehensive database
- <4-> Works even where GPS and Cell signals cannot penetrate
  - <4-> Can be /more/ accurate than GPS (e.g. what store in a shopping mall)

#+BEGIN_COMMENT
But GPS doesn't need to be available.
Have you ever used a map program on a computer that asked for your location?
How does it do that without GPS?

There are numerous services available to geolocate based on nearby access
  points, bluetooth networks, and cell towers.
Based on the signal strength of nearby WiFi networks,
  your position can be more accurately trangulated.

These data are gathered by Google Street View cars.
Your phone might also be reporting back nearby networks in order to improve
  the quality of these databases.

Sometimes this can be more accurate than GPS.
And it works where GPS and maybe even cell service don't, such as inside
  shopping malls.

So just because GPS is off does not mean your location is unknown.
#+END_COMMENT

*** REVIEWED Operating System [0/3]
:PROPERTIES:
:DURATION: 0:02
:END:

**** REVIEWED Untrusted/Proprietary OS
:PROPERTIES:
:DURATION: 00:00:45
:END:

- <1-> Who does your phone work for?
  - Apple?  Google?  Microsoft?  Blackberry?  Your manufacturer too?
- <1-> Carry everywhere you go, but fundamentally cannot
  trust it\cite{gnu:malware-mobile}
- <2-> Some come with gratis surveillance
  - <2-> BLU phones sent SMS messages, contacts, call history, IMEIs, and
         more to third-party servers without users' knowledge or censent
         \cite{kryptowire:adups}

#+BEGIN_COMMENT
A lot of this boils down to trust.
Who does your phone work for?

Does your phone work for Apple? Google? Microsoft? Blackberry?
Or does it work for you?

The OS situation on mobile is lousy.
You carry around this computer everywhere you go.
And you fundamentally cannot trust it.

Take BLU phones for example.
In November of last year it was discovered that these popular phones
  contained software that sent SMS messages, contact lists, call history,
  IMEIs, etc to third-party servers without users' knowledge or consent.
That software could also remotely execute code on the device.
#+END_COMMENT

**** REVIEWED Free/Libre Mobile OS?
:PROPERTIES:
:DURATION: 00:00:30
:END:
- <1-> Android is supposedly free software
  - <1-> But every phone requires proprietary drivers, or contains
         proprietary software
- <2-> Replicant\cite{replicant}
  - <3> Niche.  Interest is low, largely work of one developer now.

#+BEGIN_COMMENT
Android is supposedly a free operating system.
Unfortunately,
  every phone requires proprietary drivers to work,
  and is loaded with proprietary software.

Does anyone here use Replicant?
I do.
Replicant is a fully free Android fork.
I feel like I can at least trust my phone a little bit,
  but I still consider any data on it to be essentially compromised in the
  sense that I can't be confident in my ability to audit it and properly
  secure the device.
#+END_COMMENT


**** REVIEWED Modem Isolation
:PROPERTIES:
:DURATION: 00:00:30
:END:

- But modem still runs non-free software\cite{replicant:sec}
- Sometimes has access to CPU, disk, and memory\cite{replicant:samsung-bd}

#+BEGIN_COMMENT
But on nearly every phone,
  the modem still runs proprietary software.
And sometimes it has direct access to CPU, disk, and memory.
Replicant closed a backdoor in Samsung Galaxy phones that allowed for remote
  access to the disk.
That backdoor might not have been intentional,
  but it illustrates the possibility,
  and could still be exploited by an attacker.

So even with Replicant,
  I consider the device compromised;
    I put nothing important on it if I can avoid it.
#+END_COMMENT



** REVIEWED Stationary [0/6]
*** REVIEWED Introduction [0/1]                           :B_ignoreheading:
:PROPERTIES:
:BEAMER_env: ignoreheading
:END:
**** REVIEWED Introduction                                   :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:15
:BEAMER_env: fullframe
:END:

#+BEGIN_QUOTE
``If you've got nothing to hide, you've got nothing to
  fear.''\cite{rosen:naked,solove:nothing-to-hide,metro:goebbels}
#+END_QUOTE

#+BEGIN_COMMENT
So let's say you have evaded that type of tracking.
Maybe you don't carry a phone.
Or maybe you've mitigated those threats in some way.

There's certain things that are nearly impossible to avoid.

This quote.  We'll get back to it.
#+END_COMMENT

*** REVIEWED Surveillance Cameras [0/6]
**** REVIEWED Unavoidable Surveillance
:PROPERTIES:
:DURATION: 00:00:10
:END:

- Certain types of tracking are unavoidable
- Security cameras are everywhere
  \cite{intercept:nyc-surveil,cbs:sf-smile,fast:das}
  - Businesses
  - Traffic
  - Streets/sidewalks
  - Public transportation

#+BEGIN_COMMENT
On the way here,
  you likely walked by numerous security cameras.
They could be security cameras for private businesses.
Traffic cameras.
Cameras on streets to deter crime.
#+END_COMMENT

**** REVIEWED Private Cameras in Plain View; Tinerloin, SF
:PROPERTIES:
:DURATION: 00:00:30
:END:

#+BEGIN_CENTER
#+ATTR_LATEX: :height 1.25in
[[./images/tp/sf-cameras.jpg]]
\incite{cbs:sf-smile}
#+END_CENTER

#+BEGIN_QUOTE
``The idea that you can sort of meet in a public place and quietly have a
conversation that we’re sort of accustomed to from spy movies, that is
really not realistic anymore,'' ---Nadia Kayyali, EFF
#+END_QUOTE

#+BEGIN_COMMENT
This is a map of private surveillance cameras in plain view around SF's
  Tenderloin neighborhood.
Obviously your city or town might be different.
Could be worse, even.
And again, these are just the ones that the DA's office found in
  /plain view/!

According to them,
  people who live in this neighborhood could be on camera dozens of times in
  a single day.

Alright, so a bunch of private entities have you on camera;
  So what?
#+END_COMMENT


**** REVIEWED Access to Data
:PROPERTIES:
:DURATION: 00:01
:END:

- <1-> Data can be obtained with a warrant or subpoena
- <2-> Data can be compromised
- <3-> Chilling effect
- <4-> **If you own a surveillance system, be responsible and considerate**
  - <4-> Best way to restrict data is to /avoid collecting it to begin with/

#+BEGIN_COMMENT
Well one of the most obvious threats,
  should it pertain to you,
   is a warrant or subpoena.

Most of us aren't going to have to worry about a crime.
Data can be compromised.
And it isn't possible for you to audit it;
  you have no idea who has you on camera.

This creates a chilling effect.
You're going to act differently in public knowing that someone might be
  watching,
  or could be watching later on if recorded.
And some will be paranoid---you don't know if cameras are around.

If you have a surveillance system,
  or any sort of public-facing cameras,
  please be considerate.
If you only care who is on your property,
  don't record the sidewalk in front of your house.
Or at least restrict motion detection to your property.
The best form of privacy is to avoid having the data be collected to begin
  with.
#+END_COMMENT


**** REVIEWED Domain Awareness System (Intro)                :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:30
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
#+BEGIN_LATEX
\only<1>{What if all those cameras---including private---were connected?}
\only<2>{NYPD---Domain Awareness System\incite{nyc:pspg}}
\only<3>{
#+END_LATEX
#+BEGIN_QUOTE
  Although NYPD documents indicate that the system is specifically designed
  for anti-terrorism operations, any incidental data it collects ``for a
  legitimate law enforcement or public safety purpose'' by DAS can be
  utilized by the police department.\cite{fast:das}
#+END_QUOTE
#+LATEX: }
#+END_CENTER


#+BEGIN_COMMENT
...but what if law enforcement didn't have to go door-to-door?

Let's talk about the NYPD's Domain Awareness System.

It was designed in part from the usual unjustifiable and irrational response
  to terrorism threats after 9/11.
But any ``incidental data'' can be used by law enforcement.
Yeah, sounds familiar; business as usual.
#+END_COMMENT


**** REVIEWED Domain Awareness System
:PROPERTIES:
:DURATION: 00:01
:END:

- <1-> Partnership between the NYPD and Microsoft at a cost of $230M
       in\nbsp{}2013\cite{reuters:nypd-das,nyc:pspg}
  - <1-> Surveillance cameras, license plate readers, radiation detectors,
         911\nbsp{}system, criminal records, \ldots
- <2-> \gt 6,000 surveillance cameras, $2\over 3$ private
       businesses\cite{reuters:nypd-das,pbs:nova:boston}
- <3-> Database of over 16\nbsp{}million plates,
       every car going into Lower Manhatten\cite{reuters:nypd-das,pbs:nova:boston}
- <4-> Can search in seconds for terms like
       ``red baseball cap''\cite{reuters:nypd-das,pbs:nova:boston}
- <4-> Detects ``suspicious behaviors'' like unattended bags and
       circling cars\cite{reuters:nypd-das,pbs:nova:boston}

#+BEGIN_COMMENT
The Domain Awareness System is a partnership between Microsoft and the NYPD.
It's mammoth.
It's pretty amazing---it's like science fiction.
But I care about privacy,
  so instead I'm going to use adjectives like ``Orwellian''.

It contains over six thousand security cameras,
  over two-thirds of which are private closed-circuit cameras.
It includes license plate readers that record everyone going into Lower
  Manhattan, along with a database of over sixteen million license plates.
It can search in seconds for very specific terms,
  like ``red baseball cap'',
  and it can monitor for suspicious behaviors,
  like unattended bags,
  or cars circling an area.
If it finds an unattended bag,
  you can rewind to find who left it.

A lot of us are programmers---
  think about the realtime analysis of all of these frames.
It really is a fascinating field to work in.
But there's serious ethical concerns with how it's applied.

This thing also integrates the 911 system, radiation detectors, criminal
  records, etc.

This is the direction we're heading in---
  these things will only spread.
In fact,
  the NYPD will get 30% of the profits from selling it to others.
#+END_COMMENT


*** REVIEWED Driver Surveillance
**** REVIEWED Automated License Plate Readers (ALPRs)
:PROPERTIES:
:DURATION: 00:00:30
:END:

#+BEGIN_CENTER
#+BEAMER: \only<1>{
  #+ATTR_LATEX: :height 1.5in
  [[./images/tp/alpr-mounted.png]]\incite{eff:alpr}
#+BEAMER: }
#+BEAMER: \only<2>{
  #+ATTR_LATEX: :height 1.5in
  [[./images/tp/alpr-capture.png]]\incite{eff:alpr}
#+BEAMER: }
#+END_CENTER

- Scan passing cars' license plates\cite{aclu:tracked,eff:alpr}
  - Produce alphanumeric representation with timestamp and photograph

#+BEGIN_COMMENT
So before we leave the topic of government surveillance for a little bit,
  I want to talk about a couple issues related to driver surveillance.
These things are a widespread, nasty threat to privacy,
  and they don't need a sophisticated Domain Awareness System to deploy.

The first are ALPRs.
ALPRs are mounted on police cars and objects like light poles.
They scan passing cars' license plates,
  convert them to alphanumeric data,
  record the time and date,
  and possibly an image of the vehcile.
Here's a screenshot of the interface of one;
  we'll get into how exactly we got that in a bit.
The ACLU has an excellent report on it,
  and the EFF has a campaign against it;
    see those two resources for more info.
#+END_COMMENT


**** REVIEWED Automatic Toll Readers
:PROPERTIES:
:DURATION: 00:00:30
:END:
- <1-> Electronic toll booth using RFIDs or ALPRs\cite{eff:golden-gate-toll}
  - <1-> In the North-East we have E-ZPass (RFID)\cite{w:ezpass}
  - <1-> Golden Gate Bridge requires FasTrack or plate-based
  - <2-> /But/ they provide an option for an anonymous FasTrack account
    using cash\cite{goldengate:anon}
  - <2-> (Granted, you're still captured by an ALPR)
- <3-> Routinely used by law enforcement\cite{baynews:fastack-data}
- <4-> They're not very secure,
       either\cite{blackhat:toll-systems,register:rfid-clone}

#+BEGIN_COMMENT
The other is automatic toll readers.

Electronic toll booths are replacing traditional cash-based tolls.
Some places require it,
  like the Golden Gate Bridge.
I was unsettled when I heard my county discussing it.
One option is windshield-mounted RFIDs.
In the North-East, we have E-ZPass.
For the Golden Gate Bridge, FasTrack.

We've already seen that law enforcement uses these data,
  but in the case of FasTrack,
  data are even used in civil suits like divorces.

And they have their security issues;
  many can be easily cloned, for example.
#+END_COMMENT


**** REVIEWED Akin To GPS Tracking
:PROPERTIES:
:DURATION: 00:00:30
:END:

- /United States v. Jones/: GPS tracking constitutes search under
  Fourth\nbsp{}Amendment\cite{w:us-v-jones}

- How is pervasive surveillance different if it achieves essentially the
  same result?

#+BEGIN_COMMENT
In the US Supreme Court case United States v. Jones, the judges unanimously
  ruled that GPS tracking of a vehicle constitutes a search under the
  Fourth Amendment.

Many wonder how tracking as I just described is any different.
If you have ALPRs and other surveillance systems throughout the same area
  within which a warrant for GPS tracking can be executed,
  you would get similar results.
With much less risk, too---no secret device that may be discovered.

That's for a court to eventually decide.
But it's a useful comparison against precedent.
#+END_COMMENT


*** REVIEWED Internet of Things [0/7]
**** REVIEWED Internet-Connected Cameras
:PROPERTIES:
:DURATION: 00:00:45
:END:

#+BEGIN_CENTER
#+BEAMER: \only<1>{Cameras used to be only physically accessible}
#+BEAMER: \only<2>{Today\ldots not always so much}
#+END_CENTER

#+BEGIN_COMMENT
In the past, these cameras were "closed-circuit"---
  they were on their own segregated network.
You'd _have_ to subpoena the owner or get a warrant,
  or otherwise physically take the tape.

Today...that might be the intent, but these cameras are often
  connected to the Internet for one reason or another.
It might be intentional---to view the camera remotely or on a device---or it
  may just be how the camera is set up by default.

Well...
Let's expand our pool of cameras a bit.
Because it's not just businesses that use Internet-connected cameras.
They're also popular among individuals for personal/home use.
Home security systems.
Baby monitors.
#+END_COMMENT

**** REVIEWED The ``S'' In IoT Stands For ``Security''
:PROPERTIES:
:DURATION: 00:01
:END:

- <1-> Shodan---IoT search engine\cite{shodan}
  - <2-> You'll also find other interesting things.  Secure your databases.
         \cite{krebs:mongodb}
- <2-> Can search for specific devices
- <2-> If you are vulnerable, someone will find you
- <3-> Top voted search was ``Webcam'' when I was writing this slide

#+BEGIN_COMMENT
Who here has heard of Shodan?

Shodan is a search engine for the Internet of Things.
It spiders for Internet-connected devices and indexes them.
Okay, that's to be expected.
Maybe that wouldn't be a problem if NAT configuration weren't subverted by
  UPnP.
Or maybe it wouldn't be a problem if these devices even gave a moment of
  thought to security.

It also indexes other interesting things.
For example,
  it was used to find unsecured MongoDB instances so that the attackers
  could hold data for ransom.
Secure your databases.

So people can find your stuff.
If an attacker knows that some device is vulnerable,
  Shodan can be used to search for that device.

At the time I was writing this,
  the top voted search under "Explore" was "Webcam".
Followed by "Cams", "Netcam", and "default password".
#+END_COMMENT


**** REVIEWED Who's Watching?
:PROPERTIES:
:DURATION: 00:00:15
:END:

- Insecam is a directory of Internet-connected surveillance
  cameras\cite{insecam}
- Live video feeds (browser connects directly to cameras)

#+BEGIN_COMMENT
But Shodan isn't the only thing out there.
Anyone heard of Insecam?

It's a site that aggregates live video feeds of unsecured IP cameras.
Your browser connects directly to the cameras---
  literally, they are wide open;
    nothing fancy is going on here.
I can tell you personally that you feel like a scumbag looking at the site.
#+END_COMMENT


**** REVIEWED Insecam Example 1                              :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:30
:END:

#+BEGIN_CENTER
#+ATTR_LATEX: :height 1in
[[./images/insecam-01.png]]
#+LATEX: \hspace{0.1in}
#+ATTR_LATEX: :height 1in
[[./images/insecam-06.png]]

#+ATTR_LATEX: :height 1in
[[./images/insecam-03.png]]
#+LATEX: \hspace{0.1in}
#+ATTR_LATEX: :height 1in
[[./images/insecam-05.png]]
#+END_CENTER

#+BEGIN_COMMENT
Here are some examples.
I blurred any identifying features for privacy.

We have surveillance rooms where people watch their surveillance system!
  Inception-kinda thing going on here.
  Also doesn't help that they are watching the TV on the wall too.

There's many public swimming pools.

Elevators are awkward enough to begin with.
  How about someone watching you in such a vulnerable space?

We have a photolithography lab in my home city.
I have no idea which one, or where exactly.

These are creepy.
Somewhat cool, even.
Let's get a little more personal.
#+END_COMMENT

**** REVIEWED Example 2                                      :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:01
:END:

#+BEGIN_CENTER
#+ATTR_LATEX: :height 1in
[[./images/insecam-02.png]]
#+LATEX: \hspace{0.1in}
#+LATEX: \only<2>{
  #+ATTR_LATEX: :height 1in
  [[./images/insecam-04.png]]
#+LATEX: }
#+END_CENTER

#+BEGIN_COMMENT
How about inside hospital rooms?
This patient has an ice pack strapped to the side of her face.
I'm pretty sure this feed was outside of the United States;
  I can't imagine that this type of thing would make it past HIPAA audits.
I hope.
I couldn't find the feed again to try to figure out what hospital it might
  be to notify them.

How about inside someone's home?
This looks to be a bedroom.
There is a family photo on the wall.
Oh yeah.

I saw someone at the dentist getting a teeth cleaning.
I didn't copy that photo at the time,
  and I can't find it now, fortunately.

This is an excellent example to demonstrate to others why this is such a big
  deal.
This should make anyone feel uncomfortable.

Especially those home cameras.
I wish I knew whose camera that was,
  so that they could be notified.
These people are unaware.
And these manufactuers set them up for this.

Even if you can't find a camera on this site,
  Shodan might have indexed it
    just connect.
#+END_COMMENT


**** REVIEWED ALPRs Wide Open
:PROPERTIES:
:DURATION: 00:00:15
:END:

#+BEGIN_CENTER
#+ATTR_LATEX: :height 1.5in
[[./images/tp/alpr-pips.png]]\incite{eff:alpr}
#+END_CENTER

- John Matherly (Shodon author) noticed many web-accessible PIPS
  control panels
- Other researcher found some accessible via telnet\cite{darius:alpr-telnet}

#+BEGIN_COMMENT
Speaking of just connecting.
Those ALPRs we just talked about.

Turns out that they have web interfaces.
John Matherly, the author of Shodon, found a number of control panels for
  PIPS ALPRs.
Another researcher found telnet access on some.
In both cases,
  license plate data could be extracted,
  and the system could be reconfigured.
#+END_COMMENT


**** REVIEWED Biometrics
:PROPERTIES:
:DURATION: 00:00:45
:END:

- <1-> Humans no longer need to scour video
       feeds\cite{eff:facial-tech,churchix,facefirst,pbs:nova:boston}
- <1-> Facial recognition widely used, even for
       mobile\nbsp apps\cite{register:fb-scan,eff:ios-photo-diff,eff:fbi-bio}
  - <2-> NYPD has a gallery of over 4M individuals\cite{pbs:nova:boston}
  - <2-> Quality can be low and pixelated; various machine learning
        algorithms\cite{pbs:nova:boston,wired:pixel-face,arxiv:google-pixel-res}
- <3-> No face?  Check your gait.\cite{ieee:gait,ijca:gait}
- <4-> No gait?  Well\ldots whatever, just ask Facebook.\cite{newsci:fb-noface}
- <5-> Even fingerprints and iris from high-resolutions photos\cite{bio:iris}

#+BEGIN_COMMENT
Now let's couple that with facial recognition.

Consider the breadth of devices we just covered.
Literally everywhere.
People don't need to manually look for you anymore;
  it's automated.
Hell, any of us can download a free (as in freedom) library to do facial
  recognition and train it to recognize people.
It doesn't even have to be clear---
  there's machine learning algorithms to reconstruct pixelated faces with
  somewhat decent accuracy to be useful.
The NYPD has over 4 million people's images in a database that they compare
  against during facial recognition.

Don't have a face?
You can also be identified by your gait.
No gait?
Facebook famously got even creepier by saying it could recognize people by
  their dress, posture, and hair, without seeing their face.

Your fingerprints and iris data can even be extracted from high-resolution
  photos;
  a cracker used such a method to defeat Apple's TouchID by making a mould.

There's a lot more to say about IoT.
We'll come back to it.
#+END_COMMENT


*** REVIEWED Social Media [0/1]
**** REVIEWED Collateral Damage
:PROPERTIES:
:DURATION: 00:00:45
:END:

- <1-> Please don't put pictures of me on Facebook\cite{rms:facebook}
- <1-> Don't put pictures of my children _anywhere_\cite{techcrunch:fb-baby}
- <2-> That person in the distance is collateral
       damage\cite{register:fb-scan,guardian:fb-scan,pbs:nova:boston}

#+BEGIN_COMMENT
So you don't have any unsecured IoT cameras in your home.
Or in this conference.
But you do have unsecured people running wild with their photos and their
  selfies.

I'm sure you've heard a frequent request/demand from rms:
"Don't put pictures of me on Facebook."
It's excellent surveillance.
What irks me is when people try to take pictures of my kids,
  or do and ask if they can put them online.
Uh, no.  You cannot.
And people are sometimes surprised by that refusal.

Most people are being innocent---
  they're just trying to capture the moment.
What they're actually doing is inflicting collateral damage.
If I'm off in the background when you take a picture of your friends in the
  foreground,
  I'm still in the photo.
#+END_COMMENT


** REVIEWED The Web [0/7]
*** REVIEWED Introduction [0/1]                           :B_ignoreheading:
:PROPERTIES:
:BEAMER_env: ignoreheading
:END:
**** REVIEWED Introduction                                   :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:10
:END:

#+BEGIN_CENTER
\Huge Fleshy You $\Longleftrightarrow$ Virtual You
#+END_CENTER

#+BEGIN_COMMENT
But you're not just tracked in the flesh.
Much of what we do today is virtual.
So, naturally, there are those that want to bridge them.
#+END_COMMENT


*** REVIEWED Bridging the Gap [0/3]
**** REVIEWED FTC: They're Watching You                      :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:30
:END:

#+BEGIN_CENTER
  [[./images/ftc-silver.png]]\incite{ftc:silver}
#+END_CENTER

#+BEGIN_COMMENT
This is a sample letter template from the FTC.
It states: <read paragraph>.
A challenge for advertisers is correlating users across multiple devices,
  and in the real world.

Let's say you saw a commercial for some product Foo on TV.
And then you went online to research Foo.
And then you bought Foo.

Sometimes commercials have you enter promo codes online to know that you
  arrived at the site from a TV commercial.
Or give you a unique URL.
#+END_COMMENT


**** REVIEWED Ultrasound Tracking
:PROPERTIES:
:DURATION: 00:00:15
:END:

#+BEAMER: \only<1>{
#+BEGIN_CENTER
\cdots $\Longleftrightarrow$ TV $\Longleftrightarrow$
Retail Store $\Longleftrightarrow$
Mobile $\Longleftrightarrow$ Web $\Longleftrightarrow$ \cdots
#+END_CENTER

- Correlates users across devices; airgap
  bridge\cite{ubeacsec:paper,wired:ultrasonic}
  - Inaudible to humans
- Could deanonymize (e.g. Tor users)\cite{33c3:talk-behind,bleep:ultrasound-tor}
#+BEAMER: }

#+BEAMER: \only<2>{
#+BEGIN_CENTER
[[./images/tp/silverpush-logo.png]]
#+END_CENTER

#+BEGIN_QUOTE
``Silverpush could generate a detailed log of the television
  content viewed while a user’s mobile phone was
  turned\nbsp{}on.''\cite{ftc:silver}
#+END_QUOTE
#+BEAMER: }

#+BEGIN_COMMENT
Others play inaudible sounds that are picked up by your mobile device or
  computer.

This has other serious implications.
There are concerns, for example, about this method being able to be used to
  deanonymize Tor users.

In that letter, FTC mentions Silverpush by name.
There are other companies too;
  see the references.
#+END_COMMENT


**** REVIEWED Ultrasound Cross-Device Tracking (uXDT)
:PROPERTIES:
:DURATION: 00:00:45
:END:

- <1-> Termed ``Ultrasound Cross-Device Tracking''
       (uXDT)\cite{bleep:ultrasound-tor,ftc:xdt}
- <1-> Mitigations?
  - <2-> SilverDog is a Chromium addon to filter HTML5 audio\cite{ubeacsec:paper}
  - <3-> Researchers propose Android permission system change
  - <4-> Don't install software that keep secrets (proprietary)
  - <5-> Don't run untrusted code on websites (use e.g. NoScript)
  - <6-> Turn off your device when not in use
  - <6-> Keep device away from other media

#+BEGIN_COMMENT
This is termed ``Ultrasound Cross-Device Tracking'',
  or simply ``Cross-Device Tracking''.
How do you go about mitigating this type of threat?

Well, researchers studying this issue wrote SilverDog,
  a Chromium addon to filter HTML5 audio to remove ultrasonic frequencies.
That doesn't help with TorBrowser, though, which is FF-based.
The reserachers also propose a change to the Android permission system for
  audio.

This type of thing only works when you're keeping some serious secrets.
That's easy to do with proprietary software.
Much riskier to do (but not impossible) with free software.
For websites, don't run untrusted JavaScript code;
  block it with an addon like NoScript.
We'll get into that in a little bit.

You can also turn off the device when not in use,
  and maybe keep it away from other media.
This is far from the only mobile threat;
  you may want to take precautions for other things anyway.
#+END_COMMENT


*** REVIEWED Analytics [0/4]
**** REVIEWED Introduction                                   :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:15
:END:

#+BEGIN_CENTER
#+BEAMER: \only<1-3>{\Huge Data Analytics}

#+BEAMER: \only<2-3>{\LARGE (Building User Profiles)}

#+BEAMER: \only<3>{\large (Tracking)}

#+BEAMER: \only<4->{\Huge Spyware}

#+BEAMER: \only<5>{\LARGE (With Science)}
#+END_CENTER

#+BEGIN_COMMENT
This all leads into a larger subject called ``data analytics''.

Which is really just building, analyzing, and aggregating user profiles.

Which is generally called tracking.

...which we usually just call spyware.
But this has science!
#+END_COMMENT


**** REVIEWED Trackers
:PROPERTIES:
:DURATION: 00:00:15
:END:

- <1-> Website owners want to know what their visitors are doing
  - <1-> That in itself isn't an unreasonable concept
- <2-> Methods and data define the issue

#+BEGIN_COMMENT
Website owners want to know what their visitors are doing.
That in itself isn't an unreasonable thing, broadly speaking,
  but how you go about it and what types of data you collect
  defines the issue.
#+END_COMMENT


**** REVIEWED Google Analytics
:PROPERTIES:
:DURATION: 00:00:30
:END:

***** GA Dashboard
:PROPERTIES:
:BEAMER_col: 0.45
:END:

#+BEGIN_CENTER
#+BEAMER: \only<1>{
#+ATTR_LATEX: :height 1.5in
[[./images/tp/ga-dashboard.png]]

\incite{google:ga:features}
#+BEAMER: }
#+BEAMER: \only<2>{
[[./images/analytics-usage.png]]
\incite{w3techs:analytics}
#+BEAMER: }
#+END_CENTER

***** Description
:PROPERTIES:
:BEAMER_col: 0.45
:END:

- <1-> User location, screen resolution, time on page, heatmap,
       etc\cite{w:behavioral-targeting}
- <1-> Unique identifier assigned
- <1-> Fine-grained reporting for site owner
- <2-> Knows many sites user visited across Web\cite{w3techs:google}

#+BEGIN_COMMENT
Take Google Analytics for example.
It is one of the most widely distributed spyware programs in the world.

It collects a variety of user data.
A lot of it really is what website owners want to know:
  geography, screen resolution, time on the page, heatmaps, etc.
Except...

And all of this is known to Google.
And because services like GA, AdWords, etc are so widely used,
  all of this can be used to identify users across the entire web.
#+END_COMMENT


**** REVIEWED Piwik
:PROPERTIES:
:DURATION: 00:00:30
:END:

#+BEGIN_COMMENT
If you must track your users, consider using Piwik, which you can host
  yourself.
This means that your visitor data aren't stored and accessible by Google or
  other companies.
Pwik has some user privacy settings to anonymize, remove logs, respect DNT,
  provide opt-out, etc.
It also gives website owners some privacy by not leaking paths and other
  information about the website:
#+END_COMMENT

***** Dashboard
:PROPERTIES:
:BEAMER_col: 0.65
:END:

#+BEGIN_CENTER
[[./images/tp/piwik-dashboard.png]]

\incite{piwik}
#+END_CENTER


***** Description
:PROPERTIES:
:BEAMER_col: 0.35
:END:

- <2-> Data on **your own servers**\cite{mtg:gitlab-piwik}
- <2-> Visitor privacy settings\cite{piwik:privacy}
- <2-> Privacy as a site owner


*** REVIEWED Social Networking
**** REVIEWED Like Buttons
:PROPERTIES:
:DURATION: 00:00:30
:END:

#+BEGIN_CENTER
#+ATTR_LATEX: :height 1.5in
[[./images/tp/fb-like.png]]\incite{w:fb-like-img}
#+END_CENTER

- <2-> Infecting the Web with trackers under guise of
       community\cite{pnas:predict,w:behavioral-targeting,uld:fb}
- <2-> Tracks regardless of whether you are logged in to Facebook
       \cite{bloomberg:belgum-fb,roosendaal:fb-like}

#+BEGIN_COMMENT
Another popular example are "like buttons" and similar little widgets that
  websites like Facebook offer.
It might help get the word out about your stuff,
  but please don't fall into the trap of betraying your visitors.
Please don't fall into the trap of clicking it, either---
  it's easy to infer a great deal of information about you from what you
  "like".

If a user is logged into Facebook,
  then Facebook now knows that they visited that website,
  _even if they don't click on the button_.

But even if you don't have a Facebook account,
  you are still being tracked.
#+END_COMMENT


*** REVIEWED Fingerprinting [0/3]
**** REVIEWED Summary                                        :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:15
:END:
#+BEGIN_CENTER
\Huge Fingerprinting
#+END_CENTER

#+BEGIN_COMMENT
These methods are part of a broader topic called ``fingerprinting''.
It's just what it sounds like:
  uniquely identify users online.
#+END_COMMENT


**** REVIEWED EFF Research                                   :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:20
:END:

#+BEGIN_CENTER
#+BEAMER: \only<1>{
EFF Research, 2010:\cite{eff:browser-uniqueness-blog,eff:browser-uniqueness}

#+BEGIN_QUOTE
``In our analysis of anonymized data from around half a million distinct
browsers, 84% had unique configurations. Among browsers that had Flash or
Java installed, 94% were unique, and only 1% had fingerprints that were seen
more than twice.''
#+END_QUOTE
#+BEAMER: }
#+BEAMER: \only<2>{
That was seven years ago.

You're really screwed today.*

#+BEGIN_LATEX
\incite{eff:panopti2,eff:browser-uniqueness,mozilla:fingerprinting,%
        chromium:identification,tor:browser-design,stanford:private-browsing,%
        norte:tor-fingerprint,browserleaks,ars:fingerprint,hardware-fingerprint}
#+END_LATEX
#+BEAMER: }
#+END_CENTER

#+BEGIN_COMMENT
Back in 2010,
  the EFF released a paper with results from their fingerprinting research
  project Panopticlick.
Back then,
  they had an 84% success rate;
    even higher with Flash and Java.

But we ain't in 2010 anymore.
We have options.
Very creative ones.
#+END_COMMENT


**** REVIEWED Alarmingly Effective
:PROPERTIES:
:DURATION: 00:00:40
:END:

- Panopticlick (EFF)\cite{panopti:about}
- User Agent, cookies, screen resolution, fonts, language, session storage,
  canvas, WebGL, ad blocker, audio, keystrokes, mouse movement, \ldots
- Can even track separate browsers on the same
  hardware\cite{hardware-fingerprint,ars:fingerprint}

#+BEGIN_COMMENT
Fingerprinting is alarmingly effective.
We don't have time to get into much detail on how it works;
  I provided plenty of resources for that.
But there are some interesting ones.

We don't just have to rely on basic browser-provied information like user
  agent, fonts, and cookies anymore.
How about tracking how the user moves her mouse and scrolls?
What about keystroke analysis?
Random noise from audio?
Time of CPU-intensive tasks like rendering 3D elements?

Some of these methods are hardware-based.
They can fingerprint even if the user opens a different browser,
  or maybe even a different operating system,
  on the same box.

Some are behavioral.
Keystroke patterns will persist wherever the user goes.

We'll get into some defenses in a bit.
#+END_COMMENT



*** REVIEWED Incentive to Betray [0/2]
**** REVIEWED Summary                                        :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:30
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
There is strong incentive to betray
#+END_CENTER

#+BEGIN_COMMENT
So how does tracking happen?
How does this tracking code _get_ on so much of the web?

Incentives to betray users.

Many websites make money through advertising.
It can be lucrative.
And it's _easy_ to do.

Others get addicted to attention and praise.

Others simply want to know what their visitors are doing on their website.

Most website owners don't think or know about these issues.
They're unknowing pawns in the Web of surveillance.
#+END_COMMENT


**** DRAFT Web of Surveillance                               :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
#+BEAMER: \only<1>{
#+ATTR_LATEX: :height 2.5in
[[./images/lightbeam-ex.png]]

\incite{moz:lightbeam}
#+BEAMER: }
#+BEAMER: \only<2>{
#+ATTR_LATEX: :height 2.5in
[[./images/lightbeam-ex-good.png]]

(After mitigations)
#+BEAMER: }
#+END_CENTER


#+BEGIN_COMMENT
And I do mean a Web of surveillance.

This is LightBeam.
It's an addon for Firefox that graphs first- and third-party sites that you
  visit,
  providing you with a visualization of the Web that's hidden from most
  users.
I created a new FF profile and installed the addon;
  none of my privacy settings or other addons I'm used to.
You can see at the top that I visited five websites:
  Washington Post, NY Times from Google, Guargian, and---which you can't see
  here because they're actually disjoint from this graph---The Intercept.
  Good for them!
And yet,
  it hit /86/ third party sites!
NYT alone connected to 47 different third parties!

I was blown away.


Some of these are trackers.
Some of them are remotely hosted scripts and fonts and media.

So let me show you what I'm used to seeing.
This is what happens when I try to mitigate some of these threats.
#+END_COMMENT


*** REVIEWED Mitigations & Anonymity [0/8]
**** REVIEWED Summary                                        :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:05
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
\Huge How Do We Mitigate?
#+END_CENTER

#+BEGIN_COMMENT
So how do we do that?

Well, it depends on your threat model,
  but let's start with the easy stuff.
#+END_COMMENT


**** REVIEWED Disable the Damn JavaScript!
:PROPERTIES:
:DURATION: 00:00:45
:END:

#+BEGIN_CENTER
#+ATTR_LATEX: :height 1.5in
[[./images/tp/noscript.png]]
#+END_CENTER

#+BEAMER: \only<2-3>{
- <2-3> Preempt most sophisticated and damning fingerprinting methods
  - <2-3> Stop hardware profiling
  - <2-3> Stop keystroke/mouse analysis
  - <3> Remember those audio beacons?\cite{bleep:ultrasound-tor}
#+BEAMER: }
#+BEAMER: \only<4-5>{
- <4-> Running arbitrary untrusted, unsigned, ephemeral code
       (/also\nbsp{}from many third parties/)\cite{mtg:rof}
  - <4-> /Restore Online Freedom!/ (My LibrePlanet 2016 talk)
  - <5-> LibreJS blocks non-free, but free doesn't mean free of malice
#+BEAMER: }
#+BEAMER: \only<6>{
- NoScript blocks JavaScript based on URL patterns\cite{noscript}
  - /Warning:/ Allows some sites by default!
  - Also blocks media and fonts; provides XSS and clickjacking prevention
#+BEAMER: }

#+BEGIN_COMMENT
Okay, I can't say this enough.
Disable the damn JavaScript!
The Web isn't broken without it,
  they're breaking the web /with/ it!
I write a lot of JavaScript for a living.
My GNU project is ease.js, which is a JavaScript library.
And yet,
  /I do not allow JavaScript to run 99% of the time!/.
Even on most websites I trust.
Some people run LibreJS.
But note that free software doesn't mean free of malice.

It's probably obvious from the logo that I'm talking about the NoScript
  extension.
It does more than just block JS---
  it also blocks media, custom fonts, prevents against certain types of XSS
  and clickjacking attacks, and more.
If you don't know what XSS and clickjacking is, that's okay.
#+END_COMMENT


**** REVIEWED LightBeam NoScript                             :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:15
:END:

#+BEGIN_CENTER
#+BEAMER: \only<1>{
#+ATTR_LATEX: :height 2.5in
[[./images/lightbeam-ex.png]]

(Before NoScript)
#+BEAMER: }
#+BEAMER: \only<2>{
#+ATTR_LATEX: :height 2.5in
[[./images/lightbeam-ex-noscript.png]]

(After NoScript)
#+BEAMER: }
#+END_CENTER

#+BEGIN_COMMENT
So this was our graph before NoScript.

And here it is after disabling scripts.
Without any other mitigations.

Obviously results will vary depending on the website.

We're going to get back to JS soon.
#+END_COMMENT


**** REVIEWED Block Ads and Trackers
:PROPERTIES:
:DURATION: 00:00:40
:END:
#+BEGIN_CENTER
#+ATTR_LATEX: :height 0.75in
[[./images/tp/privacy-badger.png]]
#+ATTR_LATEX: :height 0.75in
[[./images/tp/ublock0.png]]
#+ATTR_LATEX: :height 0.75in
[[./images/tp/sdcookies.png]]
#+END_CENTER

- /Privacy Badger/ blocks trackers\cite{eff:privacy-badger,lp:2016:privacy-badger}
- /uBlock_0/ filters (primarily) ads\cite{gh:ublock-origin}
- /Self-Destructing Cookies/ clears cookies and
  LocalStorage\cite{moz:sd-cookies}

#+BEGIN_COMMENT
The issue surrounding Ad Blockers is framed such that we're waging war
  against advertisers.
No---they're waging war against /us/.

You'll find that the bulk of what these addons for Firefox browsers handle
  is related to ad networks.
Privacy Badger works to block sites that appear to be tracking you.
Cooper Quintin---developer of Privacy Badger---gave a great talk last year
  here at LP; go check it out.
uBlock Origin describes itself as a ``wide-spectrum blocker'',
  but it serves primarily as an ad blocker.
Self-Destructing cookies clears out a site's cookies and LocalStorage once a
  tab is closed.
There may be better options out there;
  this seems to be useful for me.

I don't have time to go into technical details, unfortunately.
#+END_COMMENT


**** REVIEWED Anonymity                                      :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:15
:END:

#+BEGIN_CENTER
#+BEAMER: \only<1>{
#+BEAMER: {\Huge Anonymity}

\bigskip
Origin is unknown to server; no unique identifier known
by\nbsp{}server\incite{whonix:donot}
#+BEAMER: }
#+BEAMER: \only<2>{
#+BEAMER: {\Huge Pseudonymity}

\bigskip
Origin is unknown to server; unique identifier /is\nbsp{}available/
to\nbsp{}server\incite{whonix:donot}
#+BEAMER: }
#+END_CENTER

#+BEGIN_COMMENT
Another way is to be anonymous or pseudononymous.
In the latter case,
  you assume a pseudoynm online and perform only activities that should be
  associated with that pseudonym.
In the former case,
  there should be no way to ever correlate past or future actions with your
  current session.
#+END_COMMENT


**** REVIEWED IANAAE                                         :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:10
:END:

#+BEGIN_CENTER
#+BEAMER: {\Huge IANAAE}

(I Am Not An Anonymity Expert)
#+END_CENTER

#+BEGIN_COMMENT
This is a difficult topic that's pretty dangerous to give advice on if you
  have strong need for anonymity---for example, if you are a dissident or
  whistleblower.
If your life depends on anonymity,
  please do your own research.
I provide a number of resources to get you started.
#+END_COMMENT


**** REVIEWED The Tor Network
:PROPERTIES:
:DURATION: 00:00:30
:END:

#+BEGIN_CENTER
#+BEAMER: \only<1>{
  #+ATTR_LATEX: :height 1in
  [[./images/tp/tor.png]]
#+BEAMER: }
#+BEAMER: \only<2>{
  [[./images/tp/tor-diagram.png]]
#+BEAMER: }
#+END_CENTER

- <1> The Onion Router (Tor)\cite{tor}
- <1> Helps defend against traffic analysis

#+BEGIN_COMMENT
Most here have probably heard of Tor.
Its purpose is to protect against certain kinds of traffic analysis.

"Tor" stands for "The Onion Router",
  which describes how it relays data through the Tor network.

The packet is routed through a number of servers,
  encrypted with the public key of each server such that the first hop
  strips off the first layer and so on,
    like an onion.
The exit node reveals the packet and delivers it to the destination,
  then begins relaying the reply back to through the network to the
  requesting user.

As long as a sufficient portion of the network can be trusted and has not
  been compromised by an adversary,
  it isn't possible to trace data back through the network.

The most common use of Tor is to route web traffic.

There are lots of other details that I don't have time to get to here,
  but I provide a number of resources for you.
#+END_COMMENT


**** REVIEWED TorBrowser, Tails, and Whonix
:PROPERTIES:
:DURATION: 00:01
:END:

#+BEGIN_CENTER
#+BEAMER: \only<2>{
  #+ATTR_LATEX: :height 1in
  [[./images/tp/torbrowser.png]]
#+BEAMER: }
#+BEAMER: \only<3>{
  #+ATTR_LATEX: :height 1in
  [[./images/tp/tails.png]]
#+BEAMER: }
#+BEAMER: \only<4>{
  #+ATTR_LATEX: :height 1in
  [[./images/tp/whonix.png]]
#+BEAMER: }
#+END_CENTER

#+BEAMER: \only<1>{
- Also need to change browsing habits\cite{whonix:donot}
#+BEAMER: }
#+BEAMER: \only<2>{
- Browser needs to be hardened
  - Remember: browser leaks a lot of
    data\cite{panopti:about,eff:browser-uniqueness}
  - TorBrowser is a hardened Firefox derivative\cite{tor:browser,tor:browser-design}
#+BEAMER: }
#+BEAMER: \only<3->{
- <3-> Operating System needs to be hardened
  - <3-> Tails---The Amnesic Incognito Live System\cite{tor:tails}
  - <4> Whonix---Multi-layer isolation in VMs\cite{whonix}
#+BEAMER: }

#+BEGIN_COMMENT
But Tor alone isn't enough to secure your anonymity.
You also have to change your browsing habits.
That is difficult and nuanced advice to give,
  let alone in a mention in a talk,
  so I defer to my citations.

For some people, that's enough.
If your threat model involves only advertisers and other snoopers,
  you might be okay with Tor and privacy extensions.
For nearly all of my Web traffic,
  that's what I care about.

But if you're a dissident,
  and your life is in danger,
  you have more work to do.
If you are worried about government surveillance or cracking,
  you have more work to do.

It's hard to secure a web browser.

TorBrowser is a hardened version of Firefox.
The Tor browser recommends that you don't rely on a vanilla Firefox for
  anonymity with Tor.

The operating system needs hardening.
There are two major options.
The first one is Tails: The Amnesic Incognito Live System.
It is an ephemeral OS that you can simply boot from USB on any PC.
It routes all traffic through the Tor network.

The second is Whonix.
It is not ephemeral: it requires a host OS (or hypervisor) and runs two VMs:
  one is the guest that the user uses as a desktop,
  and the other is the VM it routes all traffic through,
    which goes through Tor.
If the guest the user is using is compromised,
  an attacker cannot subvert the Tor network.

There's obvious tradeoffs there for both;
  I encourage you to look into both before deciding which is best for your
  threat model.
#+END_COMMENT


** LACKING Data Analytics [0/2]
*** DRAFT Introduction [0/1]                              :B_ignoreheading:
:PROPERTIES:
:BEAMER_env: ignoreheading
:END:
**** DRAFT Introduction                                      :B_fullframe:
:PROPERTIES:
:DURATION: 00:00
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
``Big Data''

(/Your/ Big Data)
#+END_CENTER

#+BEGIN_COMMENT
We've seen adversaries with different motives.
Let's explore what some of them do with all those data.
#+END_COMMENT


*** LACKING Headings [0/3]
**** LACKING Advertisers
:PROPERTIES:
:DURATION: 00:02
:END:

- Most users' threat models don't include the NSA
- Biggest threat to privacy are companies that aggregate data to understand
  you (often /better than you/)

#+BEGIN_COMMENT
The biggest threat to privacy to the average user is by companies that
  aggregate data for the purpose of understanding _you_.
Probably better than you understand you.
I'm sure many of you heard of the story of Target knowing a girl was
  pregnant before she did.

<<user profiles>>
#+END_COMMENT


**** DEVOID Social Media
:PROPERTIES:
:DURATION: 00:01
:END:

TODO

#+BEGIN_COMMENT
(Where you are, what you do.)
#+END_COMMENT


**** DEVOID Governments
:PROPERTIES:
:DURATION: 00:00:30
:END:

TODO

#+BEGIN_COMMENT
(Segue into government surveillance.)
#+END_COMMENT


** LACKING Policy and Government [0/6]
*** DRAFT Introduction [0/1]                              :B_ignoreheading:
:PROPERTIES:
:BEAMER_env: ignoreheading
:END:
**** DRAFT Introduction                                      :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:30
:BEAMER_env: fullframe
:END:

- <1-> Governments have a duty to protect their people
- <2-> Governments have a duty to protect citizens' rights

#+BEGIN_LATEX
\vspace{2ex}
\only<3>{
  \begin{center}
    These duties are often at odds
  \end{center}
}
#+END_LATEX

#+BEGIN_COMMENT
Where to begin.

Governments have a duty to protect their people.
But they also have a duty to know their bounds;
  to protect citizens' rights and privacy.

We know how that story goes.
#+END_COMMENT


*** LACKING Surveillance [0/7]
**** DRAFT History of NSA Surveillance
:PROPERTIES:
:DURATION: 00:02
:END:

- <1-> EFF has been fighting NSA domestic spying
       since 2005\cite{eff:nsa:timeline,mtg:uproar}
- <1-> AT&T technician Mark Klein
- <1-> Dragnet surveillance; NSA-controlled ``SG3 Secure Room''
- <2-> Hepting v. AT&T (2006)
  - <2-> Government and AT&T retroactive immunity through FAA (2008)
- <2-> Jewel v. NSA (2008)
  - <2-> Summary of Voluminous Evidence

#+BEGIN_COMMENT
When we think of the term ``surveillance'',
  the NSA usually comes to mind.

The Electronic Frontier Foundation has been fighting the NSA
  in court since 2006.
In 2005, a former AT&T technician Mark Klein provided ``undisputed
  evidence'' about an NSA-controlled room at AT&T named ``SG-3'', through
  which all traffic passed.

The EFF filed Hepting v. AT&T in 2006.
But in 2008, both the government and AT&T were awarded retroactive immunity
  through the FISA Amendments Act.
The case was dismissed in 2009, along with dozens of other lawsuits.

In response,
  the EFF filed Jewel v. NSA.
The case also benefitted from three additional whistleblowers.
#+END_COMMENT


**** DRAFT Ron Wyden                                            :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:END:

Senator Ron Wyden, 26 May 2011:

#+BEGIN_QUOTE
I have served on the Intelligence Committee for over a decade and I wish to
deliver a warning this afternoon. When the American people find out how
their government has secretly interpreted [the business records provision of
FISA], they are going to be stunned and they are going to be angry.
#+END_QUOTE


**** DRAFT The Leak                                          :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
5 June 2013
#+END_CENTER


**** DRAFT Verizon Metadata
:PROPERTIES:
:DURATION: 00:00:30
:END:

- <1-> 5 June 2013---Guardian releases leaked document ordering Verizon to
  collect ``telephony metadata''

#+BEGIN_QUOTE
  [...] (i) between the United States and abroad; or (ii) wholly within the
  United States, including local telephone calls.
#+END_QUOTE

- <2-> ``Business records'' provision partly declassified by Clapper on 6 June 2013

- <2-> The American people were stunned and angry
  - <2-> But it wasn't a surprise to many

#+BEGIN_COMMENT
June 5th 2013.
I remember where I was.
Does anyone remember what that date represents?

The Guardian newspaper releases a leaked court order,
  which orders Verizon to collect ``telephony metadata'' on /all/ calls,
  /including local/.

That ``business records'' provision of FISA that Ron Wyden was talking about
  was partly declassified by the then-DNI James Clapper on June 6th, 2013.

As Wyden predicted,
  we were pretty stunned.
And pretty pissed off.

But it wasn't a surprise to many security researchers.
You guys can take a look at the references for more information on that.
#+END_COMMENT


**** DRAFT PRISM
- 6 June 2013---Guardian leaks slideshow describing PRISM

- All companies denied involvement

#+BEGIN_COMMENT
But it didn't end there!
Well, obviously, we know that now.

One day later,
  the Guardian releases a leaked slideshow that describes PRISM.

All companies eventually denied involvement in this program.
#+END_COMMENT


**** DRAFT Snowden
:PROPERTIES:
:DURATION: 00:01
:END:

- 9 June 2013---The Guardian reveals Edward Snowden as the whistleblower

- Smear campaign


#+BEGIN_COMMENT
These were serious leaks.
They still are.
And three days later---to our surprise---the source of the leaks was
  revealed.

And the world came to know Edward Snowden through a huge smear campaign.
They pointed out that his girlfriend was a pole dancer.
They tried to discredit his role at the agency.
They tried to paint him as this social loner, and downplay his skills.

Fortunately, that conversation didn't last long, and did not succeed.
I'm not sure how many of you were here last year,
  but Snowden gave the opening keynote to LP2016.
He received a minute-long standing ovation.
The energy in that room was incredible.
#+END_COMMENT


**** DEVOID Tools
:PROPERTIES:
:DURATION: 00:02
:END:

TODO

#+BEGIN_COMMENT
- XKeyscore and others
- Exploits
- Hardware
- Intercepting shipments
- Etc.
#+END_COMMENT


*** LACKING Crypto Wars [0/6]
**** DRAFT Introduction                                      :B_fullframe:
:PROPERTIES:
:DURATION: 00:00
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
\Huge History repeats itself
#+END_CENTER

#+BEGIN_COMMENT
All of that happened behind our backs.

But there is also a war being waged in public.
As if we haven't learned from the past.
The Crypto wars.
#+END_COMMENT


**** DRAFT Export-Grade Crypto
:PROPERTIES:
:DURATION: 00:01:30
:END:

- <1-> Cryptography classified as munitions (Arms Export Control Act; ITAR)
- <1-> ``Export-grade'' cryptography
- <2-> Lotus Notes
  - <2-> 40-bit export-grade symmetric key
  - <3-> Agreement with NSA: 64-bit export, but 24 of those bits a "workload
    reduction factor" for the NSA
- <4-> Phil Zimmerman: PGP (\geq 128 bits)
  - <4-> Formal investigation by US government in 1993
  - <4-> Published source code in a book, which could be OCR'd
- <5-> Still suffer long-term effects today
       (downgrade attacks, e.g. POODLE)\cite{poodle:paper}

#+BEGIN_COMMENT
Back in the 1990s,
  cryptography was classified as munitions.

If you wanted to export it to other countries,
  you essentially had to make it crackable by the NSA.

Lotus Notes is often used as an example of the negative effects of such
  regulation.
Interestingly, it was actually the first widely used software to use
  public-key cryptography.
Due to export restrictions,
  the maximum symmetric key size they could support was 40 bits.
This was easily crackable by the NSA,
  but also feasible for other adversaries.
They compromised with the NSA:
  64-bit keys, but 24 of those bits would be encrypted specially for the NSA
  as a "workload reduction factor".
So you had protection against most adversaries,
  but not the US government.

Then we have Phil Zimmerman, author of PGP.
He didn't consult the NSA.
Instead, he published the source code for PGP in a book with MIT Press,
  and widely distributed it.
If someone wanted to use PGP,
  they could unbind the book, OCR the pages, and compile it with GCC.
The US government opened a formal investigation into the case in 1993;
  the charges were dropped years later.

We are still observing the fallout from export-grade crypto today.
They are called "downgrade attacks",
  where a program such as a browser is tricked into using a weaker
  cipher or keysize,
    allowing an attacker to MitM the connection.
POODLE is an example of this.
#+END_COMMENT


**** DRAFT Bernstein v. United States
:PROPERTIES:
:DURATION: 00:01
:END:
- <1-> 1995: Bernstein v. US Department of Justice\cite{eff:bernstein:doj}
  - <1-> Argued that restrictions violated First Amendment
  - <2-> **Code Is Speech**
- <1-> 1996: Bill Clinton Executive Order 13026 transferred to Commerce
       Control List\cite{fedr:export-controls}
- <1-> Department of Commerce relaxed rules in 2000\cite{doc:rev-export-reg}

#+BEGIN_COMMENT
In order to publish information on encryption algorithms and the like,
  you had to get permission from the government.

In 1995, Daniel Bernstein---then a graduate student---wanted to publish the
  source code and mathematical papers for his encryption algorithm
  /Snuffle/.
Like Zimmerman,
  Bernstein thought export restrictions to be a violation of his First
  Amendment rights.
But instead of blatant defiance,
  he decided to sue the US government.
He was represented by the EFF.
The Ninth Circuit Court of Appeals ruled in his favor.

The following year, President Bill Clinton signed an executive order that
  removed encryption from the munitions list,
    and in 2000 the Department of Commerce relaxed export restrictions.

You might have heard the term "code is speech".
Bernstein v. United States case had wide-reaching consequences,
  not just for cryptography.
Source code is protected under the First Amendment.

(See also Junger v. Daley.)
#+END_COMMENT


**** DRAFT The First Crypto Wars
:PROPERTIES:
:DURATION: 00:01
:END:

- <1-> These incidents part of the first Crypto Wars\cite{w:crypto-wars}
- <2-> DES Originally 64-bit key; NSA wanted 48 bits; compromised at 56.
- <2-> Two version of the browser: 128-bit "U.S. edition" and effective
         40-bit "international".
- <3-> **Clipper Chip** was a hardware backdoor that employed a key escrow
       system
  - <3-> Complete failure
  - <3-> Terribly insecure (property of key escrow in general)
  - <3-> Opposite effect: spurred development of Nautilus and PGPfone

#+BEGIN_COMMENT
These incidents are classified into a period of time informally described as
  the "Crypo Wars".

There's a couple other good examples that I don't have time to get into:
  The DES encryption algorithm, for example, was originally 64-bit;
    the NSA wanted 48-bit, but compromised with 56.
  Netscape had /two versions of their browser/: one with 128-bit SSL and the
    other with 88 of those bits exposed to meet export regulations.
This sounds insane today---because it is.

But there's even more insanity.

The Clipper Chip!
It was the US government's attempt to backdoor communications with hardware.
It used a key escrow system,
  and the algorithm they devised---called Skipjack---was classified,
  and so could not be reviewed by crypto experts at the time.
Backlash was large.
It failed miserably.
Later cryptanalysis yielded scathing flaws,
  as is generally the case with key escrow cryptosystems.
It even had the opposite effect:
  it spurred the development of encrypted communication programs like
  Nautilus and PGPfone (the latter being proprietary).

So,
  why did I go into so much history in a talk meant to deal with today's
  privacy and security threats?
#+END_COMMENT


**** DRAFT Re-repeats Itself                                    :B_fullframe:
:PROPERTIES:
:DURATION: 00:00
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
\Huge History repeats itself
#+END_CENTER

#+BEGIN_COMMENT
Because history repeats itself.

Today's attempted legal/policy assault on privacy and security are enormous.
We've already covered some.
I don't have time to cover more than a small fraction of them.
#+END_COMMENT


**** DRAFT Modern Crypto Wars                                :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
\Huge ``Going Dark''
#+END_CENTER


#+BEGIN_COMMENT
But the big phrase you hear today is "going dark".
Government agencies are fearful of broadening use of encryption
  because they can't read many of those communications.
#+END_COMMENT


**** DEVOID ``Going Dark''

#+BEGIN_COMMENT
Apple v. FBI
VEP
#+END_COMMENT


*** LACKING Espionage [0/1]
**** DEVOID US Can't Keep Its Own Secrets
:PROPERTIES:
:DURATION: 00:01
:END:

TODO

#+BEGIN_COMMENT
- Office of Personnel Management
- DNC
- VEP
#+END_COMMENT


*** LACKING Subpoenas, Warrants, NSLs [0/1]
**** DEVOID National Security Letters
:PROPERTIES:
:DURATION: 00:01
:END:

TODO

#+BEGIN_COMMENT
- Gag orders
- Prior restraint
- Canaries
#+END_COMMENT


*** LACKING Law [0/1]
**** DEVOID Summary                                          :B_fullframe:
:PROPERTIES:
:DURATION: 00:01
:BEAMER_env: fullframe
:END:

TODO

#+BEGIN_COMMENT
- DMCA
  - Risks to security researchers
  - Draconian
- CFAA
#+END_COMMENT


** LACKING Your Fight [0/1]
*** LACKING Headings [0/6]
**** DRAFT Feeding                                           :B_fullframe:
:PROPERTIES:
:DURATION: 00:00
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
We're feeding into all of this!
#+END_CENTER


**** DEVOID SaaSS and Centralization
:PROPERTIES:
:DURATION: 00:01
:END:

TODO

#+BEGIN_COMMENT
- Be sure to mention Cloudbleed and S3
- Who has access to your data?
- The "Cloud"
#+END_COMMENT


**** LACKING Corporate Negligence
:PROPERTIES:
:DURATION: 00:01
:END:

- Companies balance security and privacy on their balance sheets


#+BEGIN_COMMENT
Companies don't care.
They'll balance _costs_ of failure to comply with regulation.
Is it cheaper just to pay up in the event of a data breach?

Governments try, sort of.
They need to catch up with the times.
<<sec regulations>>

<<large-scale breaches>>

(Tie into SaaSS)
#+END_COMMENT


**** DRAFT Status Quo
:PROPERTIES:
:DURATION: 00:02
:END:

- Do people care more about privacy and security since the Snowden leaks?
  - (Cite)
- ``I have nothing to hide''
- ``Report anything suspicious''
- Chilling effects


#+BEGIN_COMMENT
You would think after the Snowden revelations that people would be more
  privacy-centric.

Some are.
Many aren't.
There is complacency with the status quo.
Everything is so _convenient_.

"I have nothing to hide."
A common argument.
One that can be notoriously hard to address.

"Report anything suspicious."
(Example of mathematician on plane.)

These all have chilling effects, conscious or not.
<<Wikipedia articles>>
#+END_COMMENT


**** DRAFT Status Quo Cannot Hold                            :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
**The status quo cannot hold.**
#+END_CENTER

#+BEGIN_COMMENT
I hope I've convinced you that the status quo cannot hold.
That even people who aren't that privacy- or security-conscious recognize
  that there are risks not only at a personal level,
  but also national and global.
#+END_COMMENT


**** DRAFT Push Back                                         :B_fullframe:
:PROPERTIES:
:DURATION: 00:01
:BEAMER_env: fullframe
:END:

#+BEGIn_CENTER
#+BEAMER: \only<1>{We need to push back}
#+BEAMER: \only<2>{\emph{You} need to push back}
#+END_CENTER

#+BEGIN_COMMENT
- Good crypto; no trust
- Lawmakers: this is not something we can win while we fight with our
  governments.
#+END_COMMENT


** Thank You                                                   :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:END:

#+BEGIN_CENTER
Mike Gerwitz

[[mailto:mtg@gnu.org][=mtg@gnu.org=]]

\bigskip

**References Available Online**

[[https://mikegerwitz.com/talks/sapsf]]

\vfill

Licensed under the Creative Commons Attribution ShareAlike 4.0
International License
#+END_CENTER


** References                                                   :B_appendix:
:PROPERTIES:
:BEAMER_env: appendix
:END:

\printbibliography


* Exporting
You should be able to simply export this buffer as a Beamer presentation
(=C-c C-e l P=) and get a slideshow.

Note that this requires =ox-extras=, which is part of Org Mode's
=contrib/=.  Without it, the =:ignore:= tag will not be recognized and the
rendered slides will have incorrect depth.

* Local Variables
# Local Variables:
# org-todo-keyword-faces: (("DRAFT" . org-upcoming-deadline) \
#                          ("DEVOID" . (:inherit org-warning \
#                                       :inverse-video t)) \
#                          ("LACKING" . org-warning) \
#                          ("REVIEWED" . "yellow") \
#                          ("READY" . (:inherit org-scheduled :bold t :underline t)))
# eval: (ox-extras-activate '(ignore-headlines))
# End: