|
SPEAKER |
TC IN |
TC OUT |
TEXT |
|
DANIEL
LEGAULT |
10:00:13:17 |
10:00:28:22 |
Welcome
to Metro-Optic, one of Montreal's main telecom centres, which is a well-kept
secret... ...a major Internet data centre serving the province and part of
Canada. |
|
DANIEL LEGAULT |
10:00:31:19 |
10:00:43:16 |
This
room is located beneath train tracks in the bowels of Montreal. About 75% of
Internet traffic travels through here. |
|
DANIEL LEGAULT |
10:00:46:18 |
10:00:59:07 |
Here
we have "more private" clients, as it were, with their own
exclusive room, who wouldn't want it filmed. So we'll move on. |
|
DIRECTOR |
10:00:59:10 |
10:01:03:14 |
- Who
are they? A government agency? You can't say? |
|
DANIEL LEGAULT |
10:01:03:17 |
10:01:08:05 |
-
They... Yeah. It's very private. |
|
NARRATOR |
10:01:08:08 |
10:01:35:18 |
-
Privacy, today, no longer exists. Take a look behind the scenes of the
internet, and you’ll see a great surveillance engine, which is continuously
amalgamating billions of data points on all of us. |
|
NARRATOR |
10:01:35:19 |
10:01:45:02 |
Surveillance
today is no longer solely the business of States. The web, in its totality,
is today driven by the collection of personal data. |
|
NARRATOR |
10:01:48:22 |
10:02:01:04 |
Web
giants, like Google and Facebook, they know everything about you. Your
travels, your friends, your chronic illnesses, your financial situation, your
political opinions, your sexual preferences, all your little secrets. |
|
NARRATOR |
10:02:01:07 |
10:02:10:07 |
And
just think about all of these other highly sophisticated services that you
can use for free. They are fighting to get access to your data. |
|
NARRATOR |
10:02:10:10 |
10:02:26:05 |
But
the internet today also includes your televisions, which are now connected,
your smart speakers like Alexa, who are listening in on you every second of
the day, your new vacuum cleaner, which is mapping out your home, your
child’s Hello Barbie doll, which is recording her voice somewhere up in the
“cloud”. |
|
NARRATOR |
10:02:26:08 |
10:02:35:06 |
Wherever
you go, whatever you do, you’ve become a generator of data. Data stored who
knows where and used who knows how. |
|
NARRATOR |
10:02:35:09 |
10:02:45:11 |
And all of this data, is it secure? Every month, a new company
gets hacked, leaking all of your personal information, which then becomes
available to the highest bidder. |
|
NARRATOR |
10:02:45:14 |
10:03:02:11 |
Bell
Canada, 2017, 1.9 million leaked accounts. Ashley Madison, 2015, 10 million
accounts. LinkedIn, 2016, 117 million leaked accounts. Equifax, 2017, 143
million accounts. Yahoo, 2013, 3 billion accounts. |
|
NARRATOR |
10:03:02:13 |
10:03:07:03 |
No one
can guarantee that your personal data is safe. |
|
NARRATOR |
10:03:14:06 |
10:03:29:08 |
But
there is still some hope for privacy. And hackers are the ones showing us the
way. The internet is their playground. We must listen to them, so they can
help us imagine an internet free from surveillance. |
|
JEAN-PHILIPPE
DÉCARIE-MATHIEU |
10:03:44:11 |
10:03:57:07 |
- Of
course... the hoodie's a classic. So trite, huh? Anonymous mask, a series of
ones and zeros, numbers, hexadecimals. |
|
JEAN-PHILIPPE DÉCARIE-MATHIEU |
10:03:57:08 |
10:04:12:07 |
That's
often considered a bad thing, a crime, that kind of thing. Not so. There's
more to it. There are different kinds of hackers. Some do it for the money,
some do it professionally, some do it for fun, some work for the government. |
|
JEAN-PHILIPPE DÉCARIE-MATHIEU |
10:04:12:08 |
10:04:23:04 |
There's
no such thing as a typical hacker, because there are different kinds. Hackers
seen in the movies are just one type. It's important to make a distinction. |
|
NARRATOR |
10:04:35:03 |
10:04:44:22 |
-
Hackers form a global community. They get together during large and festive
gatherings, where the topic of surveillance and privacy is on everyone's
mind. |
|
STEVEN
RAMBAM |
10:04:52:02 |
10:05:43:08 |
-
First of all, I’d like to welcome you all to New York. I want you all to feel
comfortable. I want to ease your mind. You are constantly being protected.
First of all, we have thousands of surveillance cameras. They’re only for
your safety, only for your safety. There are right now 11,000 cameras and
growing. In the city, in the city, there’s about 700,000 cameras. 11,000 of
them are linked in to law enforcement now. Not only do these cameras go out
24/7, 365, and film license plates, 60,000 per hour, 60,000 per hour, but
they keep the data, they share the data with other companies like Vigilant,
which we’re going to talk about. So far, New York has a buffer of four years.
So if you forget where you parked your car, not a problem, we can help you
out. |
|
STEVEN
RAMBAM |
10:05:43:11 |
10:06:24:07 |
Privacy
is really dead. Privacy... there’s almost no point talking about it. You
know. So when I see people sharing their whole lives on Facebook and on
Google and posting a gazillion photos and putting up 12 year-old kids photos
that I would never get any other way and that sort of thing, you know, my
feeling is "thank you, I appreciate it". You know, you’ve done me a
big favor as an investigator. On the other hand, as a citizen, this... this
non-stop oversharing of data creeps me out. You’ve surrendered that information, you can’t get it back. You can’t put the
genie back in the lamp. |
|
CYBORG
MAN |
10:06:34:05 |
10:06:41:23 |
- This
is a custom wearable computer. It now appears like basically there’s an iPad
floating a couple feet in front of me. |
|
PRIVORO |
10:06:43:03 |
10:07:32:16 |
- You
have trends that are going off there, like Facebook Messenger and Amazon
Alexa, that are listening in to everything that they have to say. So we’ve
gone off and we've created a solution that securely jams all of your
microphones and your cameras inside of your phone so that your phone is not
going to be used as a digital eavesdropping device in the world today. “Hey,
how are you doing?”, you can do this or it’s “Smile, take a selfie ” or “Hey Google, make us dinner reservations”.
When it goes down from here, it securely jams each one of the microphones in
here to a level that’s never been seen before, that no one will be able to
listen in to your phone whatsoever. And then we also have a cover over here
that allows you to be able to do, hum... It’s a Faraday bag or a Faraday
cage, so when you slide this over, this blocks your cell phone, so you can be
underneath a cell phone tower, right next to a Wi-Fi hotspot, etc. you are
invisible to the world that is out there. |
|
GABRIELLA
COLEMAN |
10:07:44:08 |
10:08:04:23 |
-
Groups were hacking into NATO, they were telling the FBI every week to fuck
off. Hum... exactly! And, you know, I... I actually, during this period, was
having nightmares that the FBI was going to visit me as someone who studied
them, right? |
|
GABRIELLA
COLEMAN |
10:08:05:03 |
10:08:29:12 |
There’s very
different types of hackers. There are those precisely who break into systems
to improve systems. There are those who want to write free- and open-source
software. There are those who are into making hardware. And then there’s a
group of them who are really involved in the fight against surveillance and
for privacy. |
|
GABRIELLA
COLEMAN |
10:08:29:14 |
10:08:59:02 |
One of
the reasons why a lot of hackers are aware of these issues is precisely
because they know how easy it is to surveil people.
Hackers get together at events such as Hackers On Planet Earth, the Chaos
Computer Club Conference, and they give impassioned speeches about the
importance of privacy and fighting surveillance. |
|
RICHARD
STALLMAN |
10:08:59:05 |
10:09:12:11 |
- We
need heroes like Edward Snowden. Three cheers for Edward Snowden! Hip hip hurray! Hip hip hurray! Hip
hip hurray! |
|
RICHARD
STALLMAN |
10:09:16:07 |
10:09:48:05 |
I
believe that it’s fundamentally inadequate as a solution to restrict the use
of the data once accumulated. The data will be misused. It will be misused
officially, because our government’s rules for using it have such loopholes
that it can get away with doing anything it wants. We need to do more than
limit the use of these databases, we need to prevent them from being made. |
|
RICHARD
STALLMAN |
10:09:48:08 |
10:10:17:19 |
The
level of surveillance imposed on us today is more than in the former Soviet
Union. It’s so much that there is little room for dissent or for
whistleblowers. And that puts democracy in danger. We have to reduce the
overall general level of surveillance to the point where the State doesn’t
know where each person goes, and the State doesn’t know who talks with whom. |
|
RICHARD
STALLMAN |
10:10:18:16 |
10:11:19:20 |
I will
never use Uber unless it’s fundamentally changed. It snoops on people. Which
means Uber keeps tracks of who goes where. This should be illegal. Because
it’s too threatening to fundamental freedoms that are needed for democracy.
So companies like Uber should be told either allow people to get rides
anonymously and pay with cash and not have to use any device that tracks them
or shut down. You’re gone. Because when it comes to something as important as
maintaining our democracy, we need a stronger defense than just saying that
companies have to ask users to give up their freedom. Getting the user’s
consent for treating users in a way that threatens democracy does not excuse
it, does not make it legitimate. |
|
DIRECTOR |
10:11:19:23 |
10:11:22:05 |
- And
do you yourself consider... yourself a hacker? |
|
RICHARD
STALLMAN |
10:11:22:08 |
10:11:46:12 |
- Of
course. I enjoy playful cleverness. That’s what it means to be a hacker. To
enjoy playful cleverness. Everybody’s first hack is trying to walk the wrong
way on the escalator. Because you’ve got a system that was designed to be
used one way and you’re trying to make it do something different, which it
wasn’t designed for. That’s the hacker spirit. |
|
JEAN-PHILIPPE
DÉCARIE-MATHIEU |
10:12:05:21 |
10:12:27:12 |
- The
pessimist in me thinks the battle has been lost for some time. The mere fact
that everyone carries a cellphone, the optimal surveillance device beyond
George Orwell's wildest dreams when trying to imagine an omniscient
panopticon. This is also fuelled by social media. I do it, too. Everyone
does. |
|
JEAN-PHILIPPE
DÉCARIE-MATHIEU |
10:12:27:15 |
10:12:54:06 |
Anything
that can be monitored is monitored, as well as monetized. And the prevailing business
model for all high-tech companies now is the selling of personal information.
It remains a cash cow for these companies. And all this is based on data
collection, mass surveillance, and the slow but steady erosion of privacy. |
|
JEAN-PHILIPPE
DÉCARIE-MATHIEU |
10:12:54:09 |
10:13:15:21 |
It's
an Orwellian nightmare of sorts. And I think I can help in that regard,
through Crypto.Québec, what we produce, with our
podcast, articles, training, and what we say to the media. These matters
affect everyone, though people may not realize it. They affect everyone, so
this must be addressed. |
|
GENEVIÈVE LAJEUNESSE |
10:13:15:23 |
10:13:22:05 |
-
Welcome to the 37th edition of Crypto.Quebec's
Watchdogs podcast. Hosted by Geneviève Lajeunesse. |
|
|
10:13:22:08 |
10:13:25:21 |
- Luc Lefebvre. - Jean-Philippe Décarie-Mathieu. - And
Sophie Thériault. |
|
GENEVIÈVE
LAJEUNESSE |
10:13:25:23 |
10:13:45:04 |
- We
have a lot to talk about today. I simply wanted to look back on a little trip
we made last week - myself, Jean-Philippe and Luc - to the nation's capital,
Ottawa. We visited CSIS and CSE headquarters. Just to check them out. |
|
- JEAN-PHILLIPE DÉCARIE-MATHIEU - LUC LEFEBVRE |
10:13:45:06 |
10:13:48:15 |
- From
outside. -
Well, you tried. |
|
JEAN-PHILLIPE
DÉCARIE-MATHIEU |
10:13:48:18 |
10:13:50:06 |
- Can
you see the building back there? |
|
GENEVIÈVE
LAJEUNESSE |
10:13:54:22 |
10:14:10:23 |
- Kinda. I really didn't expect to see Canada's cyber elite
across from Loblaws. For real, it's... Imagine... Like, a huge, magical
airport next to the Quartier DIX30. It's kind of like that. |
|
JEAN-PHILIPPE
DÉCARIE-MATHIEU |
10:14:11:03 |
10:14:12:21 |
-
That's exactly it. - It’s... |
|
- JEAN-PHILIPPE DÉCARIE-MATHIEU - GENEVIÈVE LAJEUNESSE - LUC LEFEBVRE |
10:14:12:23 |
10:14:16:21 |
- With
nice bay windows... - It's
awesome. - Bay
windows? |
|
JEAN-PHILIPPE DÉCARIE-MATHIEU |
10:14:16:23 |
10:14:20:01 |
- Of
course. They're all about transparency. |
|
GENEVIÈVE LAJEUNESSE |
10:14:20:03 |
10:14:34:14 |
-
There they are. Those who must be stopped. Those who track your aunt's
metadata when she goes jogging, because she happens to be related to a person
of interest. They work there. |
|
JEAN-PHILIPPE
DÉCARIE-MATHIEU |
10:14:34:14 |
10:14:48:16 |
- That's
it. I would tell an ordinary citizen that they're the cyber strong arm of the
government. To work there is to be part of the problem, really. Because
they're really knee-deep in the global surveillance network. |
|
GENEVIÈVE LAJEUNESSE |
10:14:48:19 |
10:14:51:20 |
- I
wonder what happens when we reach the no-filming zone. |
|
JEAN-PHILIPPE DÉCARIE-MATHIEU |
10:14:51:23 |
10:14:58:07 |
- If
we don't go beyond the sign, we should be okay. But we will in about eight
seconds. |
|
- GENEVIÈVE LAJEUNESSE - JEAN-PHILIPPE DÉCARIE-MATHIEU |
10:14:58:10 |
10:15:02:20 |
-
There you go. "Breakin' the law." -
Story of my life. |
|
DIRECTOR OF PHOTO |
10:15:03:00 |
10:15:05:04 |
- Wait. |
|
CST
AGENT |
10:15:08:02 |
10:15:10:15 |
- You
didn’t film me did you? Just wondering. |
|
DIRECTOR
OF PHOTO |
10:15:10:18 |
10:15:12:15 |
- No,
no, I didn’t film you. |
|
NARRATOR |
10:15:16:07 |
10:15:38:07 |
- It’s
no surprise that we’re not allowed to film our Canadian NSA. What is
surprising, however, is the fact that this building is the priciest piece of
public architecture in the history of Canada. It cost us 1.2 billion dollars.
This confirms that internet surveillance does not only concern the United
States and its NSA. |
|
LEX GILL |
10:15:38:10 |
10:16:19:06 |
-
Intelligence agencies, like CSIS and the CSE, have far more permissive powers
to engage in surveillance. And part of the problem with how those agencies
operate is that a lot of not only their activities but also the legal
frameworks which authorize those activities exist in secret. There is a track
record of abuse and misconduct of these types of powers, of overreach and of
interference with the democratic process and with, you know, lawful advocacy
organizations that I think is well evidenced. Right? There is really clear
material around that. I mean, we also have recently seen cases in Quebec
where there was government surveillance of journalists. |
|
NARRATOR |
10:16:19:09 |
10:16:39:06 |
-
Here, we are referring to the surveillance of journalist Patrick Lagacé as well as at least 9 other journalists who were
placed under surveillance by the Montreal Police as well as the Québec
provincial police. But this is just one out of many examples that show how
intelligence and law enforcement agencies frequently abuse their
cyber-surveillance powers. |
|
NARRATOR |
10:16:39:09 |
10:16:58:16 |
Through
the Snowden Revelations, we also learned of the existence of numerous mass
surveillance programs in Canada, set up by our intelligence agencies, with
little to no legislative oversight. In 2017, the Trudeau government
introduced Bill C-59, supposed to better regulate the powers of these
agencies. But for the critics, this was unconvincing. |
|
LEX
GILL |
10:16:58:19 |
10:17:42:23 |
- The
problem is that the framework they’ve set up is profoundly permissive. Right?
So I’ll give you one example. There are frameworks that allow for the capture
of what the government has called "publicly available information"
or "publicly available data". And the definition of that is
effectively any data that could be accessed publicly in any manner at all, or
can be purchased. Right? So if you could imagine every possible bit of data
that could be known or purchased about you that is in some way justifiably
public, you know, whether that’s something that you put on Facebook or
something that you said in a radio interview 20 years ago or, you know, the
path you walk to school 'cause there’s neighbourhood surveillance cameras
everywhere. You know, this starts to get deeply, deeply invasive. |
|
NARRATOR |
10:17:45:20 |
10:18:03:19 |
-
Another chapter can be added to this list: "IMSI Catchers". These
devices can intercept data from your mobile phones, and in April 2017, it was
reported that at least 8 IMSI Catchers were operating in Ottawa. The RCMP
later admitted it was using IMSI Catchers all across the country. |
|
NARRATOR |
10:18:03:22 |
10:18:17:14 |
An
IMSI Catcher is a small box that mimics a cell phone antenna. Your phone
connects to it automatically and allows the IMSI Catcher to intercept your
phone’s unique identifier, or the IMSI, for "International Mobile
Subscriber Identity". |
|
NARRATOR |
10:18:20:05 |
10:18:24:01 |
Some
IMSIs can also intercept calls and text messages. |
|
LEX
GILL |
10:18:24:04 |
10:18:50:01 |
- IMSI
Catchers are tremendously invasive mass surveillance tools, but they are a
tiny, tiny fraction of the range of technologies available to an agency like
CSE. And I think that we need to put that in context. So
if your question is “How can I be surveyed in the world?”, my answer to that
is “Use your imagination”. You know? |
|
GENEVIÈVE
LAJEUNESSE |
10:19:06:20 |
10:19:20:13 |
- The
reason we came to the march against police brutality was to see what kind of
surveillance was conducted on protesters. Would surveillance methods be more
conventional, more technological? |
|
GENEVIÈVE LAJEUNESSE |
10:19:22:20 |
10:19:30:19 |
So the
CryptoPhone is the device that was used in Ottawa
when IMSI-Catchers were found. Same device. |
|
GENEVIÈVE
LAJEUNESSE |
10:19:34:15 |
10:19:42:17 |
I
think it's highly likely the Montreal Police uses this type of equipment. Here too, I'd wager. |
|
RECORDED POLICE MESSAGE |
10:19:45:07 |
10:20:06:19 |
- This
is a warning from the Montreal Police Department. Some protesters persist in
breaking the law. Due to offences committed, protesters are ordered to
disperse and leave the scene. Otherwise, we will be forced to step in. |
|
GENEVIÈVE
LAJEUNESSE |
10:20:06:22 |
10:20:21:01 |
- I'm
opposed to the use of IMSI-Catchers, because it not only affects the targeted
individual, but everyone within range of the IMSI-Catcher. So everyone around
can be overheard, can be tracked down here. |
|
GENEVIÈVE LAJEUNESSE |
10:20:22:09 |
10:20:30:09 |
There
isn't much to see, the readings are not showing anything abnormal. |
|
GENEVIÈVE LAJEUNESSE |
10:20:30:12 |
10:20:46:06 |
Seems
IMSI-Catchers weren't used tonight. For years, the police denied using them.
So they were being manufactured and sold, but to no one. |
|
PROTESTOR |
10:20:45:03 |
10:20:47:19 |
- They
caught me and took my cell! |
|
GENEVIÈVE LAJEUNESSE |
10:20:47:22 |
10:20:49:03 |
- Interesting. |
|
NARRATOR |
10:20:57:04 |
10:21:04:20 |
- The
Montreal hacker scene is alive and well. Montréal is becoming an important
node in the global hacker network. |
|
NARRATOR |
10:21:09:23 |
10:21:26:16 |
Each
year, over 400 hackers gather in Montreal to participate in the largest
on-site hacking competition in North America: NSEC. The goal is simple: score
points by solving challenges and bypassing security systems and obstacles. |
|
TEAM
HACK TOUTE |
10:21:31:06 |
10:21:48:01 |
The
scenario is a thinly veiled parody of North Korea, I guess. Elections are
being held in the fictional kingdom of Rao. It's rather unclear. Seems we can
either help the regime or the rebels. Now, we're helping everyone to get more
points. |
|
GABRIEL TREMBLAY |
10:21:52:04 |
10:22:01:08 |
- Rao
is basically a fictional character. People will think he's North Korean, but he's
really based on Mao, so more Chinese. |
|
VOLUNTEER
NSEC |
10:22:01:11 |
10:22:09:15 |
-
Everyone okay? What you working on? Ah, nice! Nice challenge. |
|
GERMAN
TEAM |
10:22:09:18 |
10:22:14:18 |
- You
brute-forced here? - Six
points! - Yes! |
|
GABRIEL
TREMBLAY |
10:22:14:21 |
10:22:48:09 |
- NorthSec is a somewhat elitist organization. Since the
event was launched, we're the first to question people's abilities. They
should hone their skills to help, because cybersecurity is about helping
people. 30 to 40 % of our challenges are won by all teams. So about 60% of
them go... unsolved by the end of the weekend competition. So
people come here because they know they're really gonna
bust their humps. They'll really challenge themselves. And it's nonstop. |
|
- NSEC VOLUNTEER - PARTICIPANT |
10:22:48:12 |
10:22:51:07 |
- All
hail Rao. - All
hail Rao. |
|
- NSEC VOLUNTEER - PARTICIPANT |
10:22:52:08 |
10:22:56:18 |
- We
can only vote once. - Yes.
All hail Rao. |
|
GABRIEL
TREMBLAY |
10:22:59:18 |
10:23:12:12 |
- I
think most people with NorthSec are against the
idea of mass surveillance. Essentially, it's problematic, giving so much
information to people who have no business having it. |
|
GABRIEL
TREMBLAY |
10:23:16:16 |
10:24:12:03 |
I was
what's known as a penetration tester, a professional hacker, in the banking
world, for several years. When you work in this field, in cybersecurity, you
realize that every scrap of information is a key. The more keys you have, the
more powerful you are. And if this information is misused, mishandled, it can
become a weapon for many people. So, of course, most cybersecurity experts
are troubled by mass surveillance, because they know the stakes. Why do it
when it's probably pointless? Surveillance as well as intelligence agencies
already exist. In Canada, we have one with a relatively decent reputation.
Why do they need more information? Is it because they're... ... caught short?
Or are they simply really lazy? Maybe they’re lazy. |
|
NARRATOR |
10:24:26:13 |
10:24:38:04 |
- The
Montreal hacker scene also includes groups like Subgraph and Peerio, who develop internationally renowned applications
and platforms, which aim to protect their users from surveillance and data
collection. |
|
MATTHIEU
LALONDE |
10:24:38:08 |
10:24:46:05 |
- Subgraph
is a Linux-based operating system designed to thwart malicious attacks. |
|
FLORENCIA HERRA-VEGA |
10:24:46:07 |
10:25:06:03 |
- Peerio aims to provide easy-to-use beautiful end-to-end
encrypted communication and collaboration tools for teams. Our goal is really
to be sort of a suite and a whole environment of tools that teams and
organizations can use in order to secure their work. |
|
MATTHIEU
LALONDE |
10:25:06:06 |
10:25:17:23 |
-
There are two kinds of surveillance: Mass surveillance, dragnets; and
targeted surveillance. We try to prevent targeted surveillance. |
|
FLORENCIA HERRA-VEGA |
10:25:18:03 |
10:25:35:11 |
- If
you’re a journalist, if you’re a lawyer, if you’re a therapist and you have
all this communication that’s highly confidential, we try to make sure that
communications that are understood to be private between parties are actually
private and they’re private from us. |
|
MATTHIEU
LALONDE |
10:25:35:14 |
10:25:56:12 |
-
There's very little privacy. Even people who are very... shrewd about their
Internet usage, their use of technology, even they have very little privacy.
Among other things, even if they're careful, someone they know is posting
information about them without their knowledge. |
|
FLORENCIA HERRA-VEGA |
10:25:56:15 |
10:26:18:22 |
-
Platforms that were meant to provide some kind of joy and value for users are
being monetized in a way that’s almost adversarial to the users that are actually
using it. Right? Your user, who you thought was going to be your customer,
suddenly became your product. I find that quite tragic. |
|
NARRATOR |
10:26:23:08 |
10:26:33:16 |
- As
elsewhere, the Montreal hacker scene was born in the 1980s and gave rise to several
hacks that became legendary. Rob Masse comes from this period. |
|
ROB
MASSE |
10:26:38:16 |
10:28:03:01 |
- So I
started in computers when I was five, on an Apple II Plus. And I started
telecommunications and understanding how phone systems work when I was about
nine. There’s no necessarily rules at that time
about how to use computers and how to leverage computers. And you know, my
main goal, when I was nine was, “How do I download video games, for free?”
The first component, at that age, when I was nine, was phone phreaking. Back
then, there was no internet, but there were other types of networks, of
interconnected systems, and we would use the phone phreaking to kind of get
into those networks and then leverage that. A lot of the video games I would
play, like Dungeons and Dragons, at the time it was Ultima. And in those
games, the goal is to kind of, you know, explore the land and then you’d get
into castles and take gold and fight dragons. So that’s the video game right.
It’s important to understand that context. In the hacking world at that time,
you would connect to the X25 and network datapack
and you’d be able to go into castles and take information and leverage that
information. So for me, it was a question of just, you know, hacking into
systems just for fun. There was never any malicious intent. It was just a
question of learning. I started going into systems around the world. It just
happened to upset a lot of people. |
|
NARRATOR |
10:28:03:04 |
10:28:17:05 |
- At
the age of 15, Rob Masse connected to a State network belonging to the Soviet
Union. The year was 1989. The Cold War was still ongoing. The RCMP quickly
took notice of this hack. |
|
ROB
MASSE |
10:28:17:08 |
10:28:46:02 |
- So,
when I was in grade 10, 15 years old, RCMP came to my house, did a full raid
and then after that, I had to kinda work with law
enforcement, ultimately over that year. I would go to the Ottawa police
college, the RCMP would sponsor me, other law enforcement agencies from
around the world would come just to listen to me speak. Like, “Hey, we caught
this hacker, come see the hacker and he’ll tell you all about what goes on in
the hack world.” |
|
DIRECTOR |
10:28:46:04 |
10:28:49:03 |
- Did
you work for the intelligence agencies after that? |
|
ROB
MASSE |
10:28:49:07 |
10:28:57:15 |
- You
know, I’ve been engaged by various people to help them. So that’s the answer. |
|
NARRATOR |
10:29:00:23 |
10:29:13:05 |
-
Today, Rob Masse is a professional hacker, working to compromise systems and
individuals. The traces we leave of ourselves on the internet have become one
of the main resources he can leverage. |
|
ROB
MASSE |
10:29:16:17 |
10:30:03:09 |
- I
would say the two main components of my background, personally, is on the
incident response side as well as what we call offensive cyber-security. So
breaking into things. And we have a 100% success ratio. Unfortunately, I
don’t think it’s necessarily because we’re that great. I just think that many
of the organizations right now have the same challenges, on the business side
and on the security side. And you know, we’re kind of losing the war on
cyber-security right now. My personal opinion on privacy is that there’s
almost none. If you are using social media or any of those other services
where you’re not a paying customer, you’re not the client or the customer,
you’re the product. And as such, you’ve traded your personal data for that
usage. |
|
NARRATOR |
10:30:08:11 |
10:30:25:12 |
- To
break free from surveillance, hackers try to regain control over computing
and democratize it. In hackerspaces, they dismantle and dismember everything
they can to better understand computer systems. Here, the motto is “Program
or be programmed”. |
|
DANUKERU |
10:30:40:23 |
10:31:11:12 |
- Foulab is a hackerspace. It's really a collective that
offers its members resources, and, above all, know-how. So human capital...
...in terms of knowledge, for the sharing of ideas and techniques. In hacker
culture, access to information is fundamental, in order to understand a
system. I call it an open-source think-tank. |
|
MATTHIEU
LALONDE |
10:31:14:08 |
10:31:55:14 |
- Now
we'll rid this computer... ...of its malicious piece of software. The
computer comes with software, which users are usually unaware of, installed
by the supplier. For example, the NSA and ThinkPad could have conspired to
install software to access the computer remotely. So we'll replace this with
open-source software to ensure there's no backdoor, or to simply make changes
and change the computer's features. |
|
NARRATOR |
10:31:58:10 |
10:32:39:11 |
- A
"backdoor" is a point of entry, unknown by the user, that provides
secret access to a computer system to the person who has the key. Here,
Matthieu knows that a backdoor is present in a component of his ThinkPad, the
BIOS. The BIOS is the first set of functions that the computer performs at startup. A backdoor in the BIOS would give full access to
the computer to the key holder. Several people could leverage this backdoor:
IBM, that produces the ThinkPad, Intel, that produces the BIOS, the company
that bought all of the ThinkPads for its employees,
the NSA or CSE, or malicious hackers, who are easily able to exploit this
vulnerability. |
|
MATTHIEU
LALONDE |
10:32:41:01 |
10:33:23:04 |
-
There. I have a copy of the previous BIOS, so I could configure a new one
here. So I'll get OpenBIOS or Coreboot.
I need to know the ins and outs of a computer, because I can't... BIOS is at
the core of a computer. It controls... all functions. So if we don't know how
it works and can't guarantee its operation, we can't guarantee the computer's
integrity. So you can have the most secure operating
system ever, but if the BIOS isn't secure, unfortunately, the rest won't be
either. |
|
MATTHIEU LALONDE |
10:33:40:02 |
10:33:45:01 |
- Let
me know if you need help. |
|
NARRATOR |
10:33:46:03 |
10:33:55:18 |
- DIY,
"do it yourself". This often means that things won’t go exactly as
planned. Hackers have become the masters of trial and error. |
|
- DANUKERU - MATTHIEU
LALONDE |
10:33:59:18 |
10:34:06:07 |
-
Yeah, Mathieu... If you could... hold it. - Need
help? -
Yeah. Thanks. |
|
NARRATOR |
10:34:13:11 |
10:34:22:02 |
- Danukeru is building a drone. From top to bottom. If he
can get his drone to fly, he'll use it to perform security experiments. |
|
DANUKERU |
10:34:22:21 |
10:34:53:12 |
- It'd
be fun - it's been done before - to crack WiFi
networks from above. So build a drone that flies over and cracks WiFi networks. Another thing would be, just to prove it
can be done, to use an aerial cellphone surveillance device, like that used
by the police, known as a StingRay. Essentially, we
do this to detect critical flaws in the infrastructure. That's why most
people would do this. |
|
NARRATOR |
10:34:53:14 |
10:35:12:17 |
- If
he is able, alone and with his limited resources, to compromise residential
Wi-Fi routers, using a drone pieced together with styrofoam,
it’s because there are important security flaws in our infrastructures. We
need hackers to seek out and find these flaws that threaten our privacy, so
they can be quickly patched. |
|
DANUKERU |
10:35:12:20 |
10:35:45:10 |
- The
issue of what society considers private and public will define our
generation. What really worries me is when neighbours start pointing fingers.
We may well eventually reach the point where someone could download a program
as powerful as a military weapon and use it against their neighbour. Against
their spouse, even. That's what worries me most. |
|
MATTHIEU |
10:35:59:08 |
10:36:04:19 |
- 3,
4, 5, 6, 7, 8, ground. |
|
NARRATOR |
10:36:04:22 |
10:36:55:11 |
- Réseau Libre is a group trying to re-build the internet,
one antenna at a time. This is called a mesh network. Someone who puts up an
antenna can connect with the other antennas nearby. These users can connect
whatever they want to their antennas: a hard drive, a local internet site or
other services. And all of this without the need for an internet service
provider or for costly fiber-optic cables. Simply by connecting people
directly to one another. Each antenna acts as a relay. A person can connect
to another, more distant person, by tracing a route through all of the
antennas. As it grows, the mesh network can cover an entire city or even an
entire region, as is the case with the Guifi.net mesh network in Spain, which
is now 35,000 antennas strong. We could call this a local, grassroots and
totally distributed network. |
|
ANTOINE
BEAUPRÉ |
10:37:00:02 |
10:37:15:14 |
- A
mesh is a distributed network. The idea is to have rooftop antennas to create
a network alongside commercial Internet service and connect homes directly.
Like, connect neighbours together. |
|
- FENWICK
MCKELVEY - MATTHIEU
LALONDE |
10:37:15:17 |
10:37:20:15 |
- So
you can just buy metal bands that go around. -
Yeah, at some point. |
|
FENWICK
MCKELVEY |
10:37:20:18 |
10:37:29:15 |
- I
mean it wouldn’t be hard to get back up on the roof and do that. Just so you
can have a clear conscience that this is not a permanent solution. |
|
ANTOINE
BEAUPRÉ |
10:37:29:18 |
10:37:54:01 |
- I'm
kind of discouraged. Honestly. People must change their mentality, but they
seem unwilling. They want "ubiquitous computing." They're willing
to be monitored by Amazon 24/7 at home through a device, which they can order
from at the push of a button. They use Gmail; Google knows their every move,
their location, everything. |
|
- MATTHIEU
LALONDE - ANTOINE
BEAUPRÉ |
10:37:54:04 |
10:38:01:01 |
- What
they think. - Same
with Facebook. They're dominated by computer technology, unwittingly. Even
when they know, it's: "I can't do anything about it." |
|
ANTOINE
BEAUPRÉ |
10:38:01:03 |
10:38:04:19 |
So!
Done! |
|
ANTOINE
BEAUPRÉ |
10:38:04:22 |
10:38:08:02 |
Isn't
that fucking beautiful? |
|
-
FENWICK MCKELVEY -
ANTOINE BEAUPRÉ -
FENWICK MCKELVEY |
10:38:08:06 |
10:38:14:10 |
-
Yeah, like I said, I gotta... -
There is a plan... there is a phase 2. - There
is a phase 2 here, yeah. Yeah. |
|
ANTOINE
BEAUPRÉ |
10:38:14:12 |
10:38:19:08 |
- Basically,
it's a lot easier to monitor everyone when they're in the same room. |
|
MATTHIEU LALONDE |
10:38:19:11 |
10:38:22:21 |
- We're
gonna run about 10 feet of cable down. |
|
ANTOINE BEAUPRÉ |
10:38:23:00 |
10:38:42:07 |
- Google,
Facebook and the like centralize information, making surveillance easier. If
services are distributed, it's more difficult for a hostile party - be it the
government or "black hats" - to spy on you. |
|
10:38:39:09 |
10:38:53:16 |
- It doesn't prevent targeted
surveillance of a particular individual, or even a group, but it makes
dragnet surveillance a lot more complicated. Monitoring everyone at once,
then targeting someone in particular. |
|
|
- ANTOINE BEAUPRÉ - MATTHIEU
LALONDE |
10:38:53:20 |
10:39:07:12 |
- Okay, the tester's hooked up. Let's
check it again? - Let's do it. - 1, 2, 3, 4, 5,
6, 7, 8, ground. - Done! |
|
- MATTHIEU LALONDE - ANTOINE BEAUPRÉ |
10:39:07:15 |
10:39:13:07 |
- Excellent. It works. It’s all good. - Great. I’ll plug into the well. |
|
ANTOINE BEAUPRÉ |
10:39:13:10 |
10:39:57:17 |
- The big problem now is that huge
corporations, the world's most powerful companies, like Amazon, Google,
Facebook, Microsoft and Apple, their goal now, their lobbying, is geared
toward destroying the Internet. Facebook's goal is to replace the Internet...
by Facebook. They want you to go on Facebook and stay there. They entice you
to stay on Facebook and away from ordinary sites. Google is similar. They...
When you use search engines, sometimes you're stuck within Google instead of
going to the real site. So there are a lot of forces at work preventing us
from re-distributing the Internet and make it the horizontal platform it was
devised to be. |
|
ANTOINE BEAUPRÉ |
10:39:57:20 |
10:40:26:19 |
There it is: relais.reseaulibre.
It’s the original version of the Internet. When I first went online in '96,
it was free. We didn't pay for Internet access and... ...Internet access also
meant having a web page. That was it, really. It was about checking out your
friends' web pages. What did he post? "Hi. I'm Antoine. I play
guitar." With a pic of your guitar. |
|
ANTOINE BEAUPRÉ |
10:40:26:22 |
10:41:20:23 |
People had all kinds of stuff. Then they
started sharing increasingly interesting things. And it grew, turning into
Wikipedia, into Google, and so on. But it started with someone in their
garage. Google started out with a web page. And I've always done that. It's good
enough for me. That's it. I don't need to connect with all my friends on
Facebook 24/7, know the latest news, the latest opinion, Trump's latest fake
news, this and that on Facebook. I don't want to be online 24/7. For me, it's
something you turn on, you go online, you're online, then you turn it off and
you're offline. I'm not always connected, and I choose when to go online. I
call the shots. |
|
NARRATOR |
10:41:21:02 |
10:41:52:20 |
- But we are not about to collectively
disconnect. Quite the opposite. So, how can we make sure our privacy is
protected on the web? For many hackers, encryption is the best, if not the
only solution. The first hackers who made encryption a political issue were
called the Cypherpunks. Montreal made an important
contribution to the history of the Cypherpunks and
it was in great part because of this man. |
|
IAN GOLDBERG |
10:41:52:23 |
10:42:37:03 |
- So the Cypherpunks,
particularly in the mid-nineties, were a group of people who believed that
security and privacy should come through technology, through the laws of
mathematics, not through the legal system. And the reason is that legal
systems change from place to place and time to time. One of the main mottos
of the Cypherpunks was that “Cypherpunks
Write Code”. And the point was to actually not just talk about these things
but to produce software that protected people’s privacy and security. And a
lot of what I did over those years was produce software like that. |
|
NARRATOR |
10:42:37:06 |
10:42:54:05 |
- The 1990s was the decade of the Crypto
Wars. The US government had made it illegal for cryptographers to freely
distribute their encryption software under penalty of imprisonment. To avoid
legal issues, many Cypherpunks fled the US. Many of
them came to Canada. |
|
IAN GOLDBERG |
10:42:54:08 |
10:43:05:12 |
- This was definitely one of the major
reasons that when I finished my PhD at Berkeley, I returned to Canada. So
what brought me to Montreal was Zero Knowledge System. |
|
AUSTIN HILL |
10:43:07:13 |
10:43:57:08 |
- When we’re on the internet, with email,
we say personal things. We talk about things we might not say in other
places. The internet is the worst place to do that right now because that
email is not private at all. So what Zero Knowledge
has done is it has gone back and said “Let’s make that private. Let’s give
you all the benefits of being able to communicate and still have your
privacy.” So we wrap your messages in strong cryptographic envelopes and we
make sure the delivery of those envelopes is private. Privacy is going to be
the most fundamental battle in the next hundred years. It will be the battle
over your personal space. The ability to say, “Although I exist in a global
community, this belongs to me, this is private. You don’t get to see this part
of my life.” And if we don’t lay that groundwork now, the ability to say
that, to make that statement, twenty years from now, won’t exist. |
|
IAN GOLDBERG |
10:43:57:11 |
10:44:18:20 |
- They sought me out. And they wanted to
build a product based on the ideas I had in my PhD thesis. So I said,
"OK, I am going to help make the internet better, help make it so people
can communicate privately online" and thus started the Freedom Network. |
|
NARRATOR |
10:44:18:23 |
10:44:29:06 |
- The Freedom Network. It was developed
here in Montreal. For the first time, it was possible to use the internet
with privacy built-in. |
|
IAN GOLDBERG |
10:44:29:09 |
10:44:36:14 |
- There should be no way to communicate
in an insecure fashion. The network should just provide the security and privacy
for you. |
|
NARRATOR |
10:44:36:18 |
10:45:43:19 |
- The Freedom Network was short-lived.
But many of its technical innovations were integrated into what became the
most important anonymity tool in the world: the Tor Network. Tor stands for
"The Onion Router". Basically, it’s a web browser that allows you to
use the internet anonymously. Normally, when you access a website, the
connection goes from your computer to your internet provider, and then to the
server where the website is located. It's easy for anyone who wants to keep
an eye on you to know which sites you visit, at what time and what
neighborhood you live in. But by going through the Tor network, the signal
has to go through 3 relays before reaching the desired website. Each relay
only sees the immediate source of the signal and the immediate destination of
the next signal. And of all of this is encrypted, of course. Using Tor, it
becomes extremely difficult to know who is accessing what. But Tor also runs
what is called "hidden services". These are websites ending with .ONION. They can only be reached through the Tor
browser. Often, news outlets like FOX NEWS give a bad image of ONION sites,
describing them like this. |
|
ARCHIVE FOX NEWS |
10:45:43:21 |
10:45:50:22 |
- It’s a secret world used by criminals
to buy and sell drugs, guns, sex, just about anything you can imagine. |
|
NARRATOR |
10:45:51:01 |
10:46:13:02 |
- But this blanket criticism suggests
that all .onion websites are used by criminals, when
in fact, many activists, journalists and community groups heavily rely on
these services to do their work. And guess what. The code that maintains
these services is made possible by the work of only two Tor employees, including
one who lives here in Montreal. |
|
DAVID GOULET |
10:46:14:10 |
10:46:27:05 |
- I'm currently coding... ...what's known
as next-generation hidden services. It's being completely re-engineered to
improve security. |
|
DAVID GOULET |
10:46:27:08 |
10:47:04:08 |
The concept of privacy is extremely
important. Increasingly so. If people are being monitored... Today, it's not
that people aren't aware of it. They know and accept it. They're not acting
in bad faith or ignorant. It's just the new normal. When you know you're
under surveillance, unconsciously or not, you change your ways. It really
controls society. So the beauty of Tor is, whatever you do online... ...your
privacy is protected to some extent. |
|
DAVID GOULET |
10:47:06:05 |
10:47:38:01 |
I requested access to information from
the federal government, for all my personal information. They sent me this
letter, which basically said: We have your information on file - maybe, maybe
not... I'm under investigation. I was kind of proud, because I must be doing
something right. I'm doing something useful, and the powers-that-be clearly
aren't too happy about it. So it's a vindication of sorts. |
|
- DIRECTOR - DAVID GOULET |
10:47:40:15 |
10:48:02:05 |
- What's the conference in Montreal
about? - Okay, we're currently holding our
biannual Tor meeting. We invite everyone, staff and the community, to get
together, convene, and over the course of five days, we problem-solve, rally,
seek to improve Tor. |
|
DIRECTOR |
10:48:02:08 |
10:48:06:13 |
- Any particular reason it's in Montreal
this year? |
|
- DAVID GOULET - DIRECTOR |
10:48:06:15 |
10:48:20:21 |
- Yeah, a lot of people refuse to go to
the Five Eyes, including Canada. But especially since Trump, I'd say at least
half our team refuses to go to the U.S. - Half the team refuses-- |
|
- DAVID GOULET - DIRECTOR |
10:48:21:01 |
10:48:26:11 |
- Minimum. - Can you explain why we can't film the
meeting? |
|
DAVID GOULET |
10:48:26:14 |
10:48:44:05 |
- Right. I mean, these people are for
privacy. They don't want to end up on Facebook, have anyone know they came.
Some people here literally can't be filmed, because they're coming here at
their peril. So, overall, their privacy must be respected. |
|
NARRATOR |
10:48:44:08 |
10:48:58:17 |
- Some of the hackers and volunteers who
support Tor want to maintain a certain level of discretion. But that doesn’t
make them hooded paranoids. Quite the contrary. This is a community that has
understood that change is only possible through public debate. |
|
JENNIFER |
10:48:58:19 |
10:49:06:10 |
- So my name is Jennifer Helsby and I am
the lead developer of Secure Drop, which is a whistleblowing platform that
uses Tor. |
|
ARTURO |
10:49:06:13 |
10:49:29:05 |
- Hi, my name is Arturo Filastò. I am a Tor developer I guess. From Italy. We
monitor the internet and measure when and how internet censorship occurs,
around the world. That is our Quattro, as we call him, which is our mascot.
The OONI Octopus. |
|
PATRICK |
10:49:29:08 |
10:49:41:11 |
- Yeah, so my name is Patrick. I live in
San Francisco, but I am originally from Ireland. And I run some exit capacity
on the Tor network as part of an organization called NoiseTor,
with some volunteers. |
|
WILL |
10:49:41:14 |
10:49:48:22 |
- My name is William Budington
and I am a technologist and security engineer at the Electronic Frontier
Foundation. |
|
JENNIFER |
10:49:49:01 |
10:50:05:04 |
- Well, we’re at the point now where many
major governments have mass surveillance systems. For just a few million
dollars, you can set up a mass surveillance system in your country. And we
need to take steps to protect civil liberties in this situation. |
|
WILL |
10:50:05:07 |
10:50:20:04 |
- So if you’re at danger, in a repressive
regime for instance, then you can access the web and access the internet in a
way that doesn’t put you in danger by your government. |
|
PATRICK |
10:50:20:07 |
10:50:33:18 |
- It’s useful also for people doing
research, even domestically, that they want necessarily associated with their
name. I personally don’t want all of my search history to be associated with
my identity because you never know how that might come back to bite you. |
|
JENNIFER |
10:50:33:20 |
10:50:47:07 |
- Tor is the best way to protect people’s
anonymity. Without it, we couldn’t do the work that we do, making sure that
sources can talk to journalists in a secure and anonymous way. |
|
DINGLEDINE’S PRESENTER |
10:50:53:10 |
10:51:02:12 |
- So what is the
future of internet privacy, when we all have things to hide, in an age of big
surveillance. Please join me in welcoming Roger Dingledine. |
|
ROGER DINGLEDINE |
10:51:09:06 |
10:51:52:05 |
- How many people here know the phrase
“the dark web”? OK, so there’s this really cool - from the journalist
perspective - thing where you get people all excited and scared. And they
don’t understand, but there’s this dark web and... So basically, they end up
with this terrible picture of an iceberg, where you didn’t know but there are
99 other internets out there and they’re all other things. And that’s true, a
lot of the web pages on the internet are things that Google can’t get to. But
approximately 0% of them have anything to do with Tor in any way. Nonetheless,
Time Magazine was like: picture of Tor, picture of spiderweb, picture of
iceberg, "you should be scared" and facts have very little to do
with any of this. |
|
NICK MATHEWSON |
10:51:56:14 |
10:52:43:23 |
- I think people are very interested in
privacy today. People also feel, to a certain extent, that privacy can be a
lost cause. We see private information about people being collected... not
only collected and sold, which is the primary business of most of the data
collectors, but also collected and lost, misused, abused. Generally treated
as though it were an abundant resource that there’s no need to protect. But I
think there is also a lot of hope. I think more people are using encryption
to talk to each other now than ever before, I think if you want to have a private
conversation with someone on the other side of the world, there has never
been a better time in history to do it. |
|
ROGER DINGLEDINE |
10:52:44:03 |
10:53:58:03 |
- Who here knows the phrase "lawful
intercept"? A couple. OK, more hands than for "Bluecoat". So
lawful intercept is the phrase they use for the backdoors in all the
telephony infrastructure and the internet routers and so on. And the goal is,
if somebody does a bad thing, then we should be able to tap them and there
should be judges involved and so on. And maybe that’s OK in the Western
world, but exactly the same infrastructure gets sold to Saudi Arabia. And the
guy in Saudi Arabia is like, “What's that port for?”. And the answer is, “Oh,
that’s the lawful intercept port”. And he says, “Well, I am the law, plug it
in!”. The internet is more centralized than you think. There are only so many
cables that go underneath oceans. If you’re in Peru and you want to send an
internet connection to Ecuador, it’s going to go through Miami. That’s just
how the internet is built. And that means that there are so many bottlenecks,
there are so many places where large intelligence agencies can go in order to
grab traffic, compared to what you think. You might imagine the internet is
kind of like the world where there are a lot of different countries and
everything is spread out. And I’d like an internet that’s built that way, but
that’s not how we built ours. |
|
NICK MATHEWSON |
10:53:58:05 |
10:54:20:16 |
- Writing software is a fun and easy way
to help the world. If you’re good at writing software then there are lots of
things you can do that aren’t collecting data on people and helping people
control each other. You can help people be free. It’s a good thing to do with
your talent, if it’s a talent you have. And it’s a good life to live. |
|
NARRATOR |
10:54:34:07 |
10:55:05:23 |
- Tor is one of the most important tools
in the fight against surveillance. But it’s far from being the only one. For
almost every application and platform you use daily, there are alternatives
that protect your privacy online. For messaging, replace Facebook Messenger
with Signal. For your emails, use ProtonMail or
install GnuPG and encrypt emails yourself. Replace
Skype by Jitsi. And Google by DuckDuckGo or StartPage. The alternatives already exist and their
numbers are constantly growing. |
|
NARRATOR |
10:55:10:04 |
10:55:30:04 |
Most of these tools are free software or
open source software. Free software is developed by online communities of
volunteers. They freely publish and tinker with the source code of the
software and usually distribute them for free. For Richard Stallman, free
software is the main solution to surveillance. |
|
RICHARD STALLMAN |
10:55:30:07 |
10:56:17:15 |
- The alternative to proprietary software
is free, "libre" software. Software that is controlled by its
users, that therefore respects those users’ freedom. If you’re using a free
program, you, as one of a community of users, are collectively exercising
control also. If people are enthusiastic about removing the snooping, which
they probably are, they will spread that version around and you will
eventually get it just in the normal course of upgrading from time to time.
This is how free software creates a defense against malicious
functionalities, for instance snooping. And it’s the only known defense. |
|
GABRIELLA COLEMAN |
10:56:17:18 |
10:57:07:22 |
- And what open-source projects do is
give you the source code, and that’s why it’s free. So you can take the
source code. And that really matters precisely because it allows outsiders to
vet that source code. And let people know you can trust this. Facebook is not
open source. At all. And you don’t know precisely what their software is
doing. You don’t know how their algorithms are functioning. So you don’t know
why you see what you see. If it was open-source, if it was open-source the
way that Tor is open source, you could really do an audit of it and you could
understand how it works and you could pick it apart. It’s a black box; open
source is a transparent box. |
|
PROJET THINK PENGUIN |
10:57:19:23 |
10:58:25:21 |
- Light. It’s only 1.1 kilos in weight.
This is a fully functioning computer. This is a laptop, 3D printed, so you
can turn the computer card into a laptop. All right? You have the right to
repair as well as modify. So 3D printed, you can just go down to your local
maker thing and repair your own laptop. If you get fed up with the fact that
this is not fast enough in a couple of years, just buy a replacement computer
card, an upgrade, double the ram, double the speed, double the processors,
etc. Instead of throwing away the whole 500 dollar
laptop, you buy a 50 dollar computer card. So it’s eco-conscious as well as
save money and bla-bla-bla, etc. Now, the other
thing is, we’ve researched the processors on here so that the source code for
everything, for the entire boot process, is available online. So there’s no
NSA backdoors in their processors like there are in Intel ones. It’s
full-source code. So... |
|
STEVEN RAMBAM |
10:58:32:07 |
10:58:50:23 |
- Facebook just won a court case in
Belgium. They spent millions and millions and millions of euros to maintain
their right to build profiles on every Belgian. You’re worth money. You’re
worth a lot of money. You may have a right to be forgotten but you’re not
going to be forgotten. |
|
SPECTATOR |
10:58:51:02 |
10:58:54:01 |
- If privacy is an illusion and it’s dead
and everything, what we do now? |
|
STEVEN RAMBAM |
10:58:54:04 |
10:59:45:08 |
- Ok, there has to
be a sea-change in public attitude. There has to be
some - and I hate to say this because I am the most libertarian, you know,
free-commercial activity believing type guy on the planet - but there has to
start being regulation on Facebook and on Google. The problem is, you and
everybody else, look at them as if they’re a public utility. We have water, we
have electricity, we have the telephone, we have Google. They’re a private
company. They own your data, they sell your data.
They sell the essence of who you are. And there is zero regulation. There’s
no regulation. There’s not a single law in the United States that allows you
to say, "No", or "not that", or "too much". |
|
STEVEN RAMBAM |
10:59:45:11 |
11:00:19:15 |
Google and Facebook really don’t give a
damn. They have the vast bulk of all information out there. Private entities.
Google, Facebook, Acxiom, Information USA, Microsoft, Apple. There’s about twenty companies that have the bulk of the
world’s PII, "personally identifiable information", and all the
related stuff. And there is no law and no regulation, nothing that governs
how they use it. |
|
NARRATOR |
11:00:22:19 |
11:00:40:08 |
- In May 2018, the European Union
implemented the General Data Protection Regulation, which aims to better
regulate the use of our personal data by major service providers. Meanwhile,
in the US, Congress became interested for the first time in Facebook's
business model. |
|
MARK ZUCKERBERG |
11:00:40:11 |
11:01:02:03 |
- It’s clear now that we didn’t do enough
to prevent these tools from being used for harm as well. And that goes for
fake news, for foreign interference in elections and hate speech, as well as
developers and data privacy. We didn’t take a broad enough view of our
responsibility and that was a big mistake, and it was my mistake, and I’m
sorry. |
|
NARRATOR |
11:01:05:19 |
11:01:14:18 |
- This is also true for Canada. Our laws
have to change to better protect us against abusive data collection. But why
isn’t this already the case? |
|
LEX GILL |
11:01:14:21 |
11:01:59:21 |
- Government doesn’t have the technical
skills or the resources to build a Facebook and make you adopt it, right. But
they’re perfectly happy to take advantage of the fact that a Facebook exists
and they can use it to harvest information for investigative and intelligence
purposes. So I think that it’s right to acknowledge that there is a bit of a
symbiotic relationship between these corporate actors and the State. I don’t
think it’s right to think about it in some sort of conspiratorial way, but
just to say that I think that government, when they see these private actors
having access to this kind of personal data, they want to get their cut too.
So yeah, that’s probably part of the reason there isn’t a huge amount of
political willpower to reign those kinds of behaviors in. |
|
MATTHIEU
LALONDE |
11:02:00:01 |
11:02:40:20 |
- Projects like Tor, like Subgraph, aren't
winning. Obviously, this great surveillance machine is prevailing. Clearly.
Of course, there's pushback now. But I think we're 20 years behind our rival,
as it were. The forces at work behind this security and surveillance campaign
are very powerful. We're talking huge corporations, governments, and so on.
So it takes tremendous effort... to make a real impact. |
|
NARRATOR |
11:02:42:17 |
11:03:10:16 |
- A new world is unfolding right before
our eyes. A world in which all our actions and thoughts are monetized and
where it becomes truly impossible to be hidden from view and to be truly
alone. But the internet could not have turned into this surveillance machine
without our help. This internet that monitors everything, we made it happen,
all together. It's up to us to invent the internet that will replace it. |
|
IAN
GOLDBERG |
11:03:10:19 |
11:03:42:11 |
- A lot of people, when they think of
privacy, they just think of, “Oh, what do I have to hide?”, and that’s not
what privacy is at all. Or it’s the tiniest part of privacy. Privacy is about
freedom, privacy is about autonomy, privacy is about self-determination.
Privacy is about being able to think the thoughts for yourself and not be
coerced into behaving or thinking in a certain way. It’s about growing as a person,
especially for young people. And it’s about growing as a society. |
|
RICHARD STALLMAN |
11:03:42:13 |
11:04:01:17 |
- The fundamental thing is the
willingness to say no. When you’re offered something and the price is your
freedom, say no. The willingness to do that is crucial. It’s a sacrifice that
I make to keep my freedom, it’s worth it. |
|
GABRIELLA COLEMAN |
11:04:11:02 |
11:04:43:18 |
- More than anyone else, Edward Snowden
and his willingness to come forward with very concrete details about
surveillance has helped us grasp the bigger picture. He has helped us sharpen
our understanding of the harms of pervasive surveillance. And helped us see
how new technologies facilitate ubiquitous spying. These issues are vitally important and this is why I want you to join me not just
in welcoming but in thanking Edward Snowden for opening up the space to
discuss and debate these topics. |
|
EDWARD SNOWDEN |
11:05:02:06 |
11:05:52:06 |
- The days where they could monitor
everyone everywhere all the time, simply, what the government calls by means
of “bulk collection”, which is the government euphemism for mass
surveillance. They say, “we just want to collect everything in store in case
we want to search it later”. Those days are numbered. We are going to move
towards a freer and fairer future rather than simply the one that has already
been laid out for us. We are at a decision point, and we can have a very dark
future or a very bright future. But the ultimate determination of which fork
in the road we take won’t be my decision, won’t be the government’s decision,
it will be your generation’s decision. And I’m looking forward to seeing what
it is that you guys actually decide. |