Surveillance

Pepijn Le Heux
pepijn@leheux.com @lehoax

Surveillance: Close observation of a person of a group

Privacy: A state in hich one is not observe!

"ho is big brother#

- $SA government# - $SA military %intelligence&# 'SA ( C)A - Securitate* S+)* +omanian political ( business elite# )s it one group# - ,oogle# - All of them#

All your !ata is compromise!

"hat !ata# Compromise! by Ho ho# or-# !oes the internet

,oogle* Apple ( .aceboo /he companies you !on0t -no 1ther governments 'SA is special 'SA capabilities

"hat can
La Political ( social change

e !o#

+ealise the real cost of loosing our !ata 2ecentralisation 1pen source soft are %( har! are& /or 3ncrypt the 4ournalism ( eb histleblo ing

"e generate a lot of !ata

3mails* chats* sms* phone calls Location !ata Smart phone Clic- history 3boo-s* cars 5eta!ata 5e!ical !ata

"hat is a !ata 6breach7#

"hat about electronic me!ical recor!s# "here !oes your !ata go# 8999 computers on 8 net or-# 8999 net or-s# 8999 computers on 8999 net or-s# 2o you loose all your !ata forever# Ho !o you solve the security problem#

'othing to hi!e#
"e all nee! privacy A free society nee!s the right to privacy )nformation : control : po er

;ac- to: ho

much !ata#

)n the past cameras just ma!e vi!eo

'o a!ays vi!eo is just one of the sensors that can be a!!e! to a !evice

"ill

e get sensors in our house#

Smart meters

5obile is not secure

)t is !esigne! as a trac-ing !evice that also ma-es phone calls

<9= of apps collect location !ata >>= !oes it continuously

6People get hung up that there0s a targete! list of people* it0s really li-e e0re targeting a cell phone. "e0re not going after people* e0re going after their phones* in the hopes that the person on the other en! of that missile is the ba! guy7
64S1C ac-no le!ges that it oul! be completely helpless ithout the 'SA con!ucting mass surveillance on an in!ustrial level7

;ran!on ;ryant* former 4S1C !rone sensor operator

5eta!ata: 6/he )talian job7

Abu 1mar
Abu 1mar as ab!ucte! in 5ilan on .ebruary 8?* @99A* by the C)A in one of the many cases of extraor!inary ren!ition as a part of the everlasting global ar on terrorism. He as transferre! to 3gypt an! torture!. Hel! for 8B months ithout charge.

C)A meta!ata failure

18 agents used 30 phones for 1 month They took the phones to their hotels 1 used a phone 1 time with her other SIM-card 1 booked a hotel in his own name ocation data! Sur"eillance on #bu $mar for a month %hone shows up in &gypt ' days after abduction

Culnerabilities:
.irm are 1S ApplicationsDspy are Local net or-DrouterDmo!em LocalDregionalDbac-bone )SPs CablesDexchange point Clou!

Companies:
.aceboo-* "hatsApp Apple* 1SE* iPhone* i1S* 5ac* iClou!* i"or-* Safari* i/unes

Companies:
.aceboo-* "hatsApp Apple* 1SE* iPhone* i1S* 5ac* iClou!* i"or-* Safari* i/unes 5icrosoft* "in!o s* )3* "in!o s Phone* 5S 1ffice* ;ing* 5S5 ,oogle* Chrome 1S* Chrome bro ser* An!roi!* ,oogle 5aps* ,oogle search* ,oogle clou!* ,oogle !ocs* Foutube

Companies you !on0t -no

Acxiom Palantir /echnologies 3xperian 3psilon

,overnments are still orse Ho about +omania#

Securitate
/elephone monitoring 5ail monitoring Censorship )nformants ;lac-mail people to become informants )solation* harassment* threats* intimi!ation Ciolence

Ho

po erful is the S+)#

Presi!ent ;asescu# 'ational Council for stu!ying the Archives of the Securitate# S+) still in control of the files# S+) involve! in politics# Coiculescu# Secret C)A torture prison in +omania# Ho about 2,)P)#

"hat ma-es the $SA special#

'SA : 'ational Security Agency

(S# was formed by e)ecuti"e order 1*+' The e)ecuti"e order was classified ,(o Such #gency Tasked with the global monitoring. collecting. decoding. translation and analysis of information and data for foreign intelligence and counterintelligence purposes. including sur"eillance of targeted indi"iduals in the /S

Geith ;. Alexan!er ( 4ames +. Clapper

Ho po erful is the $S intelligence community#

Clapper ( Alexan!er lie! to congress* no problem 1bama promise! reforms )llegal spying* torture* -illing* ren!ition Spying on politiciansDcivil rights lea!ers Political oversight 4u!icial oversight

/his

ee-:

0I# spied on the SS0I 1Senate Select 0ommittee on Intelligence2 that was in"estigating 0I# torture 0I# deleted 800 docs from SS0I computers 3rennan4 SS0I shouldn5t ha"e access to this data SS0I doesn5t care if billions of people are spied on. now it happens to them So o"ersight is already limited to a "ery small group of people. they don5t get full access 6 they are being spied on

(ancy %elosi4
%elosi credited 7einstein for her ,courage- for taking on the intelligence community ,3ut you don5t fight it without a price. because. they come after you! #nd they don5t always tell the truth about it0(( on 13-03-'018

.)SA court
(S# lies to the 7IS# court Secret court. hears only the go"ernment Secret laws Secret interpretation of laws 6 words Secret decisions9warrants 33!*8* re:uests submitted since 1*;* 33!*8' warrants issued

"hy is the 'SA special#

$SA has colonise! the internet

Companies:
.aceboo-* "hatsApp* )nstagram Apple* 1SE* iPhone* i1S* 5ac* iClou!* i"or-* Safari* i/unes 5icrosoft* "in!o s* )3* "in!o s Phone* 5S 1ffice* ;ing* 5S5 ,oogle* Chrome 1S* Chrome bro ser* An!roi!* ,oogle 5aps* ,oogle search* ,oogle clou!* ,oogle !ocs* Foutube

"hy is the 'SA special#

$SA has colonise! the internet 'SA has compromise! the hole internet 'SA has compromise! all your !evices ;u!get ( capabilities are unbelievable 'onHAmericans !on0t have value Are 'SA capabilities to!ay the future capabilities for other a!versaries#

'SA
%I ,CHJ D five eyes&

capabilities

http:DDcryptome.orgD@98BD98DnsaH co!enames.htm
#lterego 3lackhart 3ulldo<er 0yclone #ngr neighbor 3linddate 3y<antine =ades 0rossbeam >anderspirit

0ottonmouth

>arkthunder >ropmire &gotisticalgiraffe &cotisticalgoat 7erretcanon 7irewalk

http:DDcryptome.orgD@98BD98DnsaH co!enames.htm
7lying pig ?eofusion 7o)acid ?reat e)pectations =ush puppy Stu)net

7ree<epost 7unnelout =allu)water =ammermill =owlermonkey @uantum insert

Turbopanda Turmoil Aaterwitch Bellowpin

,CHJ: /empora

 AK million gigabytes per !ay L99 million 6telephone events7 per !ay <>9 999 'SA employeesDprivate contractors have access

Social change %la Dpolitics&

'othing0s

rong

ith 6probable cause7

'o secret la s 'o secret courts 'o secret interpretations Political oversight Human rights#

History
'etherlan!s in "1 )) Securitate D Stasi .;) D 4. 3!gar Hoover 'elson 5an!ela

)s it all about terrorism#

"hat is terrorism any ay#

Copenhagen climate summit

"hat is it really about#

"hat is it really about#

Po er Control 5oney

Fou can either try to protect information or try to breacommunication security. /hey are opposites* you can0t have both

"e have to ma-e other choices

;ecause Fahoo ants your !ata* the 'SA also gets it %an! so !oes every !ictator ( hac-er& Ho !i! ,oogle have >Lbn revenue last year# 2ata retention 2ecentralisation Privacy by !esign .ree soft are .ree har! are

Some people really nee! tools to stay alive

1ther companies you !on0t -no : ;lue coat ,amma ,roup Hac-ing /eam

"e have to ma-e other choices

;ecause Fahoo ants your !ata* the 'SA also gets it %an! so !oes every !ictator ( hac-er& Ho !i! ,oogle have >Lbn revenue last year# 2ata retention 2ecentralisation Privacy by !esign .ree soft are .ree har! are

prismHbrea-.org
Linux D /ails PrivacyHconscious email services P,P

HHHH;3,)' P,P P$;L)C G3F ;L1CGHHHHH Cersion: ,nuP, v8.B.8@ %,'$DLinux&

P,P
%pretty goo! privacy&
2ata encryption .or instance email 3n! to en! encryption Public -ey Geyserver Private -ey Signing

mJ3';.3S@bB;CACJK5xyx;xIE8bcC@cpvS9)2SM9G>xDK'PpCLEFAbg/,A4oIED5 1!3$$LL oi-LmrGovj2,NEu1fS"K$h,<nmaulI@x)Etoere$@!tfDPCHFvL8DsuB $PLOK;JuI-C3y/; FBb!MsG)evbc!1fx9FDpe<cHP!4IC5J?@.nBAm$<<M4hOLtA K."/-ACx<Cf'sLP@cH)Luye8!u-;MuD2vD@ojE IHHv)cMOD>tCgc"KLsgP3E? y OaCL<PcP1;.8LA1ucHffEyuCSFKf,/$Kugnyo.AAo1oIP?S1;5ge SNCt!D95hc< g2$mMg9rD3-pA))"-yGLFSl,8Pu8.yMIL$$+A;3;AA,9)l;lc,lNbi;5OS;)OECB )2x OE;pam>Ab,CoOECBLm'vb/L4A/<33 3CAC-.Al3S@bBC,y<.CJ9pugAHC -) ; 5CAJFCCA)4Cgs3.g)2AJ)eAJ)EgAAGC+C;E$i,-rh+;A-p;DBL>@A 3'4lI ,$ ;4pCmhNC9"x9L1L-/4!FlxbmtxlvtnP.bCE3ljLj;P95bn;x;B93!5OPnCEr5@D> opI,pf2AGfGCE2g"?AENLC$>D>sLt-M+g3p;sp4JegC28l2g3F/4>J,ESAAaf9hG fNc./b+9Ao8y SlfPEotcI>H5umo>j@juSs$C"rv,KCECD9;fJA!A51JCE/ub21P b8svsG5Mc"l'$2s4O;NM13+$Ar1aLPG>n<8h'gyAO+;>gEayNJLBH;Ku'L-fFgtP sj1iJF$FsypEA<FAhvG' LEg/gH1C4@gMNx$N9n>Hc@$Do+>E2'iEHr>13L!Hij

2/e<b@g@i3F33;3CAAF.Al3S@vAACg-J@>gCHh8+GjD/fACggym@r4GK$9fDx!'F C+t>4SJbfO9An9itJI2.a;?HL+K++ANhbh8nS2>9iJ)c;;A;CAA,;J4+D?s$AAo4 3;LL<9-jG+4lr@APD8>Scnpu$HBs5).c5ntsiKjo!?B/BaC"e<+ExC;,n.3L1>DH epjCpC H/>hiKBO,G@u2y+icKC$/a'K8"le;p?Is"5'')De83CmP>3C?M<)D,F3t SmfI" FmHS1g;fnAo9sKl,vaSD)-A3L51eABLCHBAI>A@<nAG;OpSl3NP/4$ggr/ 51!B.AP'fNbE/;CS9it""bMF?mbnmG/a9.pIxsn;O!8>inF.Ki$mg9v<<+;K NG< IBt2tr2hjtH!eLLFS-1c/v,P,AhLPH+x5P/!CcSsH!2$xOPB fv)Chu)IP1AyEMo bL3p2i4sO9LJrfru)baJ.M/ynfAL>o9SxLh'2ax9+a;A 5JD-LrA1.a OI??Mv@+ gpxLLD1JmbHCB"DB>te!5De31A"pMt,DF/rx>Js@lC8s'n5JMox-$utNfA2fH$t/ yL@CMDxP,?LlJuSofcKHvF/FAx2C2gF)>/$P> v41 @OSSyp2AL bhCs+ep-.L?v v<$+Sbng).Cbl9!gruu@iv>uO!La5LrI@OGEr;34M).5/tLA-el AfBsBm@f A@C"DKm!EF,B9eS4b+)tNDyNOnc? L-G?fL2eS'FIL>$s8$tCLO>xSDGLBI1M>P?. yvM4LJjc!O?-<HfCnp,aL;'1944uA<8b,J 2r$h;rxyai5@hCe@a$f<-lbs!uJ3' ;.3S@bB;CACL<P-+$e>.l31,pFxE1MMee4!tAfL5?A4<f>El-5,,HA1Pr$LLKo5a mE)@s/hCGfvr"sstEl<)CehC9,r'u3IAboK"KneE4h4P-LIOv;Il9"H$"N,aE,?? GyE4Hfs-i;xEPJKP2bx5acCm'!us@jMD<;Ao;5" 3?cG<-@FCl8l>b2<AM.x4,j; <"5a/AP"COrMtu +F>.fKLiJ@Ag@<LKc!)BN$$)>et.O"meDC Ctxg-S"s/rOOx; fP<A+!Gx Mfa>MrpIr$ ?Cge;p"aCLcgp14OIv/,LCobLAAL<t?sA8reKaJPMA

Ml8NL$HAvpnLA1'g2FaMxCa P>mNIM,fA;3;AA,4A-J3,A3CAA<.Al3S@bBC,yB. CJ9pugA;GJ-JgC8)hpGB$JfAESA3,J3CAAF.Al3S@bBACg-Jbm4e3m8JG@4L'JfI 5>O5SSAiO$"Pa5n?eKF5"ni4fp"bEJ2o.,Ecc.lpJoJ$>F1F@4HJ?9rO hu4Pn'C H4imyhpusGC 89C91.EjNIAr!hufM>j"Amop@m8!LAC8E/puD;M;3F e'CLfBSyj jg;4/)bInjv)Nx.ovP9O!xCf<AlI$3D5?DbLebLFul@t5pLS>AB Ipyi<91u9)3M @amI+-9j<"$pj89Kgr"A+2B3J-3Oro)?E4BLe5o38/GDcmE>BSAF3LnC5AeKy+Nm JSraEh+PtS+K4AmJ8JD1M@>92PlLpAgvuLffGKKNg3)iMF5hLcgNlPbc"3hfLu2/ ,'P'GSp>-PA8DK5'Au)yAmhx;DK<v-f>gcOP8l2>p/,! ) b/aL!89L)FNAEbPv@ -p'C/JfOc555I9LJL!/cOvtI8$tF'<<F3EePsAg?rAtmt!OfGL! $ a3L?EK?94G Mf2oPCS<BsLHCv3JbaN8E-mL"KnsE)soM"?"etC.BeL5+)9tS;!'KAmM"M9y@D58 C>J?I3+)uKE, 5<tu5K'<IllALy989fy oJK!+ulbNC Jh5F2tv>sfE"tCC$$jx2 c+!4HK)JoFbxKl$Si'v A!G2<"B.9Kxhtlyt?n-hAAN4xMHF@,L5).rrrc38JA3p mp)MApxM>NfAHa.LJ")ox<l'c;lnn;o8EgN''tomp1h!L4B) :Ir-' HHHHH3'2 P,P P$;L)C G3F ;L1CGHHHHH

prismHbrea-.org
Linux D /ails PrivacyHconscious email services P,P 2is- encryption HttpsHevery here

HttpsHevery here

prismHbrea-.org
Linux D /ails PrivacyHconscious email services P,P 2is- encryption HttpsHevery here 1/+ /or

/or
.ree open source soft are Comes ith specs ( full !ocumentation $S nonprofit .un!ing >999 relays 8999 exit relays

/or ;ro ser

)nfo about 1SDbro ser version /ime Mone Coo-ies ;ro ser plugins Screen siMeDcolourD!ept .onts

panopticlic-.eff.org

panopticlic-.eff.org

"ho uses /or#

aw enforcement uses Tor to "isit target websites without lea"ing go"ernment I% addresses in their web log

Ahistleblowers use Tor to anonymously contact media organi<ations #cti"ists use Tor to organise. to get outside information or to get information out %eople who are censored use Tor to read en write without go"ernment interference

"ho uses /or#

awyers use Tor to communicate with their clients safely

Military or agents abroad use Tor to stay safe 0ompanies use it against industrial espionage Cictims of abuse or stalking use it to be able to anonymously use the internet 3ad people use it too

"ho uses /or#

Ae all need Tor #nonymity needs company Ae are talking about the right to read and write without 1go"ernment2 interference Aithout anonymity all dissent will be crushed in an early stage! #nonymity is necessary for social change 6 it5s a human right

,overnments try to bloc- /or

3locking directory authorities 3locking relay I% addresses 7iltering based on Tor5s network fingerprint %re"enting user from finding Tor software

"histleblo ing

"i-iLea-s

"i-iLea-s
0ollateral Murder #fghan Aar >iary Ira: Aar ogs ?uantanamo 7iles 0ablegate Syria 7iles Spyfiles 1-3

"histleblo ing ( journalism

Accountability Historical archive 'o !emocracy transparency ithout

Ho

!oes Sno !en effect 'SAH spying#

(S# will change it5s beha"iour %oliticians will ha"e to do something Media attention worldwide Ae ha"e a chance to make better choices >e"elopers ha"e a chance to de"elop better tools 3usiness model for ,collaborators- will change %ri"acy might find a business model

"hat is the real goal#

/o eliminate all privacy orl! i!e

Fou can either try to protect information or try to breacommunication security. /hey are opposites* you can0t have both

Pepijn Le Heux
pepijn@leheux.com @lehoax