Recent events have highlighted, highlighted and written in bold letters the fact that the United States is conducting covert surveillance of every foreigner whose data passes through an American entity - whether there are suspicions of crime or not. This means that virtually every international internet user is monitored, he says Mikko Hypponen. A significantly angry speech (in TED Talk), wrapped in an appeal: to find alternatives to the use of American companies for the information needs of the world.
The translation into English was done by Chryssa Rapessi and the editing by Dimitra Papageorgiou.
Probably the two greatest inventions of our generation are the internet and the mobile phone. Έχουν αλλάξει τον κόσμο. Όμως, σε μεγάλο βαθμό, προς έκπληξή μας αποδείχθηκε ότι είναι και τα τέλεια εργαλεία για την πολιτεία της παρακολούθησης. Αποδείχθηκε ότι αυτή η δυνατότητα της συλλογής δεδομένων και συνδέσεων για οποιονδήποτε από εμάς και για όλους μας είναι ακριβώς αυτό που ακούγαμε κατά την διάρκεια του καλοκαιριού μέσα από αποκαλύψεις και διαρροές για τις Δυτικές υπηρεσίες πληροφοριών, κυρίως υπηρεσίες πληροφοριών των Η.Π.Α., που παρακολουθούν τον υπόλοιπο κόσμο.
We heard about them starting with the June 6 revelations. Edward Snowden started leaking information, top secret classified information, from the US intelligence agencies, and we started learning about things like PRISM and XKeyscore and stuff. And these are examples of the kinds of programs that United States intelligence agencies are running right now against the entire rest of the world.
If you look at predictions about tracking, by George Orwell, it turns out that George Orwell was an optimist. (Laughter) Right now we're seeing a far greater scale of surveillance of individual citizens than anyone could ever imagine.
And this here is the infamous National Security Agency (NSA) data center in Utah. It is due to open very soon, and will be both a supercomputing center and a data storage center. You can basically imagine that they have a big room full of hard drives that store the data they collect. And it's quite a large building. How big; Well, I can give you the numbers — 140.000 square meters — but that doesn't tell you much. Perhaps it is better to imagine it with a comparison. Think of the biggest IKEA store you've ever visited. That's five times bigger. How many hard drives can you fit in an IKEA store? Correctly; It's quite big. We estimate that the electric bill alone to run this data center will be in the tens of millions of dollars a year. And this kind of mass surveillance means they can collect our data and basically keep it forever, keep it for long periods of time, keep it for years, keep it for decades. This creates entirely new kinds of risks for all of us. And this is mass generalized tracking of everyone.
Okay, not just everyone, because the US intelligence service is legally entitled to watch only foreigners. They can track aliens when their data connections end up in the United States or pass through them. And tracking aliens does not sound so bad until you realize that I am a stranger and you are strangers. In fact, 96 percent of the planet is alien.
(Laughs)
Is not that right;
This is a massive monitoring of all of us, of all of us who use telecommunications and the internet.
But don't get me wrong: There are indeed types of tracking that are okay. I love freedom, but even I agree that partial tracking is okay. If the authorities are trying to find a murderer, or trying to catch a drug lord, or trying to prevent a shooting at a school, and they have evidence and they have suspects, then it's perfectly fine to monitor the suspect's phone, and intercept his internet communications. I don't disagree with that at all, but that's not what programs like PRISM are for. They are not to monitor people they have reasonable suspicions of wrongdoing. It's about going after people they know are innocent.
So the four main arguments in support of this kind of monitoring, the first is that every time you start talking about these revelations, there will be naysayers who will try to downplay the importance of these revelations, saying that we already knew it all these, we knew were happening, are nothing new. This is not true. Don't let anyone tell you we already knew, because we didn't. Our worst fears may have been something like this, but we didn't know it was happening. Now we know for sure that it happens. We didn't know that. We didn't know about PRISM. We didn't know about XKeyscore. We didn't know about Cybertrans. We didn't know about DoubleArrow. We didn't know about Skywriter — all these different programs that the United States intelligence agencies run. But now we know.
And we didn't know that United States intelligence agencies go to extremes by infiltrating standards bodies to sabotage encryption algorithms on purpose. And that means you're getting something that's secure, an encryption algorithm that's so secure that when you useste to encrypt one archive, κανείς δεν μπορεί να το αποκρυπτογραφήσει. Ακόμη κι αν χρησιμοποιήσουν κάθε υπολογιστή στον πλανήτη για την αποκρυπτογράφηση αυτού του αρχείου, θα χρειαστούν εκατομμύρια χρόνια. Έτσι βασικά είναι τελείως ασφαλές, δεν μπορεί να break. You take something that is so good and then weaken it on purpose, ultimately making us all less safe. A real-world equivalent would be for intelligence agencies to forcefully put a secret PIN code on every home alarm so they can get into every home because, you see, the bad guys might have home alarms, but that would make us all less secure as a result. Backdoors in encryption algorithms boggle the mind. But of course, these intelligence agencies are doing their job. This is what they were told to do: intercept signals, monitor telecommunications, monitor Internet traffic. That's what they're trying to do, and since most internet traffic today is encrypted, they're trying to find ways around the encryption. One way is to sabotage encryption algorithms, which is a great example of how the United States' intelligence agencies have gone haywire. They are completely out of control, and we have to get them back under control.
So what do we know about these leaks? All based on the files leaked by Mr. Snowden. The first PRISM slides from early June detail a collection program where data is collected from service providers, and they can go and name those service providers that they access. They also have a specific date of when they started collecting the data for each of these service providers. For example, they say that collection from Microsoft started on September 11, 2007, for Yahoo on March 12, 2008, and then for others: Google, Facebook, Skype, Apple and others.
And every single one of these companies denies it. They all say that's just not true, that they don't give access to their data through the back door. But we have these files. So is either of them lying, or is there an alternative explanation? One explanation would be that these parties, these service providers, are not cooperating. Instead, they've been hacked. That would explain it. They don't cooperate. They got hacked. In this case, they were hacked by their own government. This may sound strange, but we have already seen cases where this has happened, for example, the case with the Flame malware which we strongly believe was written by the US government, and which, to spread, it undermined the security of the Windows update network, which here means that the company was hacked by its own government. And there is more evidence to support this theory. The German Der Spiegel, leaked more information about the functions run by the elite hacking units operating within these intelligence agencies. Within the NSA, the unit is called TAO, Adaptive Access Operations, and within GCHQ, which is the UK equivalent, it's called the NAC, Network Analysis Centre. These recent leaks of these three slides detail an operation run by the GCHQ intelligence agency from the UK targeting a telecommunications company here in Belgium. What this means in effect is that the intelligence service of an EU country breaches the security of a telecommunications company of an EU member state, and they discuss it on their slides quite casually, as a matter of course. Here's the primary goal, here's the secondary goal, here's the grouping. They probably have team building on Thursday night at the pub. They use kitschy PowerPoint clip art images like, you know, "Success" when accessing services like this. What the heck;
And then there is the argument that ok, yes, that may be the case, but on the other hand, the other countries are doing it too. All countries are spying. And maybe that's true. Many countries are spying, not all, but let's look at one example. Take, for example, Sweden. I am talking about Sweden because Sweden has a somewhat similar law to the United States. When the traffic of your data passes through Sweden, the intelligence service has the legal right, by law, to intercept this move. Okay, how many Swedish decision-makers and politicians and business leaders use US-based services every day? such as, you know, running Windows or OSX, or using Facebook or LinkedIn, or storing their data in a cloud like iCloud or Skydrive or DropBox, or maybe using Internet services such as Amazon or support sales? The answer is that every Swedish business leader does this every day. Let's turn it upside down. How many American leaders use Swedish e-mail and cloud services? The answer is zero. So it's not balanced. It is not at all balanced or mindful.
And when we have the occasional European success story, and even these typically end up being sold in the United States. Like Skype was safe. It was end-to-end encrypted. It was then sold to the United States. Today it is no longer safe. So, once again, we get something that is safe and do it less securely, making us all, as a result, less secure.
Then there is the argument that the United States is only fighting terrorists. It's the war on terror. You shouldn't worry about that. Well, it's not the war on terror. Yes, part of it is the war on terror, and yes, there are terrorists, and they kill and maim and we have to fight them, but we know through these leaks that they have used the same techniques to listen to the phone calls of European leaders, to intercept the e-mail of residents of Mexico and Brazil, to read the e-mail traffic inside the UN headquarters and the European Parliament, and I don't think they are trying to find terrorists inside the European Parliament, are they? It is not the war on terror. It may be a part of it, and there are terrorists, but do we really see terrorists as such an existential threat that we are willing to do anything to fight them? Are Americans ready to throw away the Constitution and throw it in the trash just because there are terrorists? The same with the Bill of Rights and all amendments and the Universal Declaration of Human Rights and the European conventions on human rights and fundamental freedoms and freedom of the press? Do we see terrorism as such an existential threat that we are prepared to do anything?
But the world is afraid of the terrorists and then they think maybe this monitoring is okay because they have nothing to hide. Do not hesitate to investigate if this will help. And whoever tells you that he has nothing to hide, he just has not thought it enough.
(Clap)
Because we have this thing called privacy, and if you really think you have nothing to hide, please make sure that's the first thing you tell me because then I'll know that I shouldn't trust you with secrets because it's obviously you can't keep a secret. But people are brutally honest with the internet, and when these leaks started, a lot of people were asking me about it. And I have nothing to hide. I'm not doing anything bad or illegal. But I don't have anything specific that I would like to share with an intelligence agency, especially a foreign intelligence agency. And if we really need a Big Brother, I'd rather have a domestic Big Brother than a foreign Big Brother. When the leaks started, the first thing I tweeted about it was a comment about how when you use search engines, you potentially leak all of this to US intelligence. And after two minutes, I got a reply from some Kimberly from the United States questioning me, why was I worried about this? What am I sending to worry about? Am I sending nude pics or something? My response to Kimberly was that what I send is none of her business, and it shouldn't be her government's business either. Because that's the point. It has to do with the protection of personal data. The protection of personal data is not negotiable. It should be integrated into all the systems we use.
(Clap)
One thing we all need to understand is that we are brutally honest with the search engines. Show me your search history, and I'll find something incriminating or embarrassing within five minutes. We are more honest with search engines than we are with our families. Search engines know more about you than your family members know about you. All such information that we provide, we provide in the United States.
And tracking changes history. We know this through examples of corrupt presidents like Nixon. Imagine if he had the tracking tools available today. And let me quote Brazilian President, Dilma Rousseff. There was a target of NSA tracking. They read their e-mail, spoke to the United Nations Headquarters and said, "If there is no right to the protection of personal data, there can be no real freedom of expression and opinion, and therefore there can be no effective democracy" .
That has to do with it. The protection of personal data is the brick that builds our democracies. And to quote a security researcher colleague, Markus Ranum, said that at the moment the United States is treating the internet as they would manage one of their colonies. So we returned to the era of colonization, and we, the foreign users of the internet, should consider the Americans as our masters.
So Mr Snowden was accused of many things. Some accuse him of causing problems for the American cloud-based industries and software companies, with these revelations, and accusing Snowdon of the problems of American cloud services would be equivalent to blaming Al Gore for causing global warming.
(Laughs)
(Clap)
Well, what can be done? Should we worry? No, we should not worry. We have to remember, because that's wrong and it's rude and should not be done. But that will not really change the situation. What will change the situation for the rest of the world is to try to stay away from systems built in the United States. This is much easier in words than in practice. How do you do that? A country, any country in Europe, can not replace and make replacements for the operating systems and cloud services built in the US.
But maybe you will not have to do it yourself. You may be able to do it along with other countries. The solution is the open source code. By building together open, free, secure systems, we can bypass this monitoring, and then there is no need to solve the problem of a country alone. It has to solve only a small problem. And to quote a security researcher colleague, Harun Mer, only one country has to make a small wave, but these little waves together become a tide, and the tide will pick up all the boats at the same time, and the tide that we will build with secure, free open source systems will become the tide that will raise us all higher and higher than the state of monitoring.
Thank you very much.
