Τα πρόσφατα γεγονότα τόνισαν, υπογράμμισαν και έγραψαν με έντονα γράμματα το γεγονός ότι οι Ηνωμένες Πολιτείες εκτελούν κρυφή παρακολούθηση σε κάθε αλλοδαπό, τα δεδομένα του οποίου περνούν μέσα από μια αμερικανική οντότητα – είτε υπάρχουν υπόνοιες για αδικήματα είτε όχι. Αυτό σημαίνει ότι, κατ ‘ουσίαν, κάθε international χρήστης του διαδικτύου παρακολουθείται, λέει ο Mikko Hypponen. A significantly angry speech (in TED Talk), wrapped in an appeal: to find alternatives to the use of American companies for the information needs of the world.
The translation into English was done by Chryssa Rapessi and the editing by Dimitra Papageorgiou.
Probably the two biggest inventions of our generation are the internet and the mobile phone. They have changed the world. But to a great extent, to our surprise it has proved to be the perfect tools for the state of surveillance. It turned out that this ability to collect data and links for any of us and for all of us is exactly what we heard during the summer through revelations and leaks about Western intelligence services, especially US intelligence services, watching the rest of the world.
We heard about them starting with the June 6 revelations. Edward Snowden started leaking information, top secret classified information, from the US intelligence agencies, and we started learning about things like PRISM and XKeyscore and stuff. And these are examples of the kinds of programs that United States intelligence agencies are running right now against the entire rest of the world.
If you look at predictions about tracking, by George Orwell, it turns out that George Orwell was an optimist. (Laughter) Right now we're seeing a far greater scale of surveillance of individual citizens than anyone could ever imagine.
And this here is the infamous National Security Agency (NSA) data center in Utah. It is due to open very soon, and will be both a supercomputing center and a data storage center. You can basically imagine that they have a big room full of hard drives that store the data they collect. And it's quite a large building. How big; Well, I can give you the numbers — 140.000 square meters — but that doesn't tell you much. Perhaps it is better to imagine it with a comparison. Think of the biggest IKEA store you've ever visited. That's five times bigger. How many hard drives can you fit in an IKEA store? Correctly; It's quite big. We estimate that the electric bill alone to run this data center will be in the tens of millions of dollars a year. And this kind of mass surveillance means they can collect our data and basically keep it forever, keep it for long periods of time, keep it for years, keep it for decades. This creates entirely new kinds of risks for all of us. And this is mass generalized tracking of everyone.
Okay, not just everyone, because the US intelligence service is legally entitled to watch only foreigners. They can track aliens when their data connections end up in the United States or pass through them. And tracking aliens does not sound so bad until you realize that I am a stranger and you are strangers. In fact, 96 percent of the planet is alien.
(Laughs)
Is not that right;
This is a massive monitoring of all of us, of all of us who use telecommunications and the internet.
But don't get me wrong: There are indeed types of tracking that are okay. I love freedom, but even I agree that partial tracking is okay. If the authorities are trying to find a murderer, or trying to catch a drug lord, or trying to prevent a shooting in a school, και έχουν στοιχεία και έχουν υπόπτους, τότε είναι απολύτως εντάξει να παρακολουθούν το τηλέφωνο του υπόπτου, και να υποκλέπτουν τις διαδικτυακές του επικοινωνίες. Δεν διαφωνώ καθόλου με αυτό, αλλά τα προγράμματα σαν το PRISM δεν είναι γι' αυτό τον λόγο. Δεν είναι για να παρακολουθούν άτομα για τα οποία έχουν βάσιμες υποψίες για παρανομίες. Αφορά την παρακολούθηση ατόμων που ξέρουν ότι είναι αθώοι.
So the four main arguments in support of this kind of monitoring, the first is that every time you start talking about these revelations, there will be naysayers who will try to downplay the importance of these revelations, saying that we already knew it all these, we knew were happening, are nothing new. This is not true. Don't let anyone tell you we already knew, because we didn't. Our worst fears may have been something like this, but we didn't know it was happening. Now we know for sure that it happens. We didn't know that. We didn't know about PRISM. We didn't know about XKeyscore. We didn't know about Cybertrans. We didn't know about DoubleArrow. We didn't know about Skywriter — all these different programs that the United States intelligence agencies run. But now we know.
And we did not know that the US intelligence services are reaching the ends by penetrating standardization organizations to sabotage encryption algorithms on purpose. And that means you get something that's safe, an encryption algorithm that's so safe that when you use it to encrypt a file, no one can decrypt it. Even if every computer on the planet is used to decrypt this file, it will take millions of years. So basically it's completely safe, it can not break. You get something that's so good and then you weaken it deliberately, making us all end up less secure. A match in the real world would be for intelligence services to forcefully put a secret PIN code in every home alarm so they can get into every home because you understand the bad guys can have home alarms but that will make us all less safe as a result. Backpacks to cryptographic algorithms are raining the mind. But of course, these intelligence services are doing their job. This is what they were told to do: signal duplication, telecommunication monitoring, online traffic monitoring. This is what they are trying to do, and since most of the internet traffic is today encrypted, they are trying to find ways to bypass encryption. One way is to sabotage encryption algorithms, which is a great example of how the United States intelligence services have unleashed. It is totally out of control, and we have to put them under control again.
So what do we know about these leaks? All based on the files leaked by Mr. Snowden. The first PRISM slides from early June detail a collection program where data is collected from service providers, and they can go and name those service providers that they access. They also have a specific date of when they started collecting the data for each of these service providers. For example, they say that collection from Microsoft started on September 11, 2007, for Yahoo on March 12, 2008, and then for others: Google, Facebook, Skype, Apple and others.
And every single one of these companies denies it. They all say that's just not true, that they don't give access to their data through the back door. But we have these files. So is either of them lying, or is there an alternative explanation? One explanation would be that these parties, these service providers, are not cooperating. Instead, they've been hacked. That would explain it. They don't cooperate. They got hacked. In this case, they were hacked by their own government. This may sound strange, but we have already seen cases where this has happened, for example, the case with the Flame malware which we strongly believe was written by the US government, and which, to spread, it undermined the security of the Windows update network, which here means that the company was hacked by its own government. And there is more evidence to support this theory. Germany's Der Spiegel has leaked more information about the operations run by the elite hacking units operating within these intelligence agencies. Within the NSA, the unit is called TAO, Adaptive Access Operations, and within GCHQ, which is the UK equivalent, it's called the NAC, Network Analysis Centre. These recent leaks of these three slides detail an operation run by the GCHQ intelligence agency from the UK targeting a telecommunications company here in Belgium. What this means in effect is that the intelligence service of an EU country breaches the security of a telecommunications company of an EU member state, and they discuss it on their slides quite casually, as a matter of course. Here's the primary goal, here's the secondary goal, here's the grouping. They probably have team building on Thursday night at the pub. They use kitschy PowerPoint clip art images like, you know, "Success" when accessing services like this. What the heck;
And then there is the argument that ok, yes, that may be the case, but on the other hand, the other countries are doing it too. All countries are spying. And maybe that's true. Many countries are spying, not all, but let's look at one example. Take, for example, Sweden. I am talking about Sweden because Sweden has a somewhat similar law to the United States. When the traffic of your data passes through Sweden, the intelligence service has the legal right, by law, to intercept this move. Okay, how many Swedish decision-makers and politicians and business leaders use US-based services every day? such as, you know, running Windows or OSX, or using Facebook or LinkedIn, or storing their data in a cloud like iCloud or Skydrive or DropBox, or maybe using Internet services such as Amazon or support sales? The answer is that every Swedish business leader does this every day. Let's turn it upside down. How many American leaders use Swedish e-mail and cloud services? The answer is zero. So it's not balanced. It is not at all balanced or mindful.
And when we have the occasional European success story, and even these typically end up being sold in the United States. Like Skype was safe. It was end-to-end encrypted. It was then sold to the United States. Today it is no longer safe. So, once again, we get something that is safe and do it less securely, making us all, as a result, less secure.
Έπειτα είναι και το επιχείρημα ότι οι Ηνωμένες Πολιτείες πολεμούν μόνο τους τρομοκράτες. Είναι ο war κατά της τρομοκρατίας. Δεν θα πρέπει να ανησυχείτε γι' αυτό. Ε λοιπόν, δεν είναι ο πόλεμος κατά της τρομοκρατίας. Ναι, ένα μέρος του είναι ο πόλεμος κατά της τρομοκρατρίας, και ναι, υπάρχουν τρομοκράτες, και σκοτώνουν και ακρωτηριάζουν και πρέπει να τους πολεμήσουμε, αλλά ξέρουμε μέσα από αυτές τις διαρροές ότι έχουν χρησιμοποιήσει τις ίδιες τεχνικές για ν' ακούνε τα τηλεφωνήματα Ευρωπαϊκών ηγετών, για να υποκλέψουν το ηλεκτρονικό ταχυδρομείο κατοίκων του Μεξικού και της Βραζιλίας, να διαβάσουν την κίνηση του ηλεκτρονικού ταχυδρομείου μέσα στο αρχηγείο του ΟΗΕ και της Ευρωπαϊκής Βουλής, και δε νομίζω ότι προσπαθούν να βρουν τρομοκράτες μέσα στην Ευρωπαϊκή Βουλή, έτσι δεν είναι; Δεν είναι ο πόλεμος κατά της τρομοκρατίας. Μπορεί να είναι ένα μέρος του, και υπάρχουν τρομοκράτες, αλλά θεωρούμε πραγματικά τους τρομοκράτες ως μία τέτοια υπαρξιακή απειλή που είμαστε διατεθειμένοι να κάνουμε τα πάντα για να τους πολεμήσουμε; Είναι έτοιμοι οι Αμερικανοί να πετάξουν το Σύνταγμα και να το πετάξουν στα σκουπίδια μόνο και μόνο επειδή υπάρχουν τρομοκράτες; Το ίδιο και με τη Διακήρυξη των Δικαιωμάτων και όλες τις τροποποιήσεις και την Οικουμενική Διακήρυξη των Ανθρωπίνων Δικαιωμάτων και τις Ευρωπαϊκές συμβάσεις για τα ανθρώπινα δικαιώματα και τις θεμελιώδεις ελευθερίες και την ελευθερία του τύπου; Θεωρούμε την τρομοκρατία ως τέτοια υπαρξιακή απειλή που είμαστε έτοιμοι να κάνουμε τα πάντα;
But the world is afraid of the terrorists and then they think maybe this monitoring is okay because they have nothing to hide. Do not hesitate to investigate if this will help. And whoever tells you that he has nothing to hide, he just has not thought it enough.
(Clap)
Because we have this thing called privacy, and if you really think you have nothing to hide, please make sure that's the first thing you tell me because then I'll know that I shouldn't trust you with secrets because it's obviously you can't keep a secret. But people are brutally honest with the internet, and when these leaks started, a lot of people were asking me about it. And I have nothing to hide. I'm not doing anything bad or illegal. But I don't have anything specific that I would like to share with an intelligence agency, especially a foreign intelligence agency. And if we really need a Big Brother, I'd rather have a domestic Big Brother than a foreign Big Brother. When the leaks started, the first thing I tweeted about it was a comment about how when you use search engines, you potentially leak all of this to US intelligence. And after two minutes, I got a reply from some Kimberly from the United States questioning me, why was I worried about this? What am I sending to worry about? I send nudes photos or something like this; My response to Kimberly was that what I send is none of her business, and it shouldn't be her government's business either. Because that's the point. It has to do with the protection of personal data. The protection of personal data is not negotiable. It should be integrated into all the systems we use.
(Clap)
One thing we all need to understand is that we are brutally honest with the search engines. Show me your search history, and I'll find something incriminating or embarrassing within five minutes. We are more honest with search engines than we are with our families. Search engines know more about you than your family members know about you. All such information that we provide, we provide in the United States.
And tracking changes history. We know this through examples of corrupt presidents like Nixon. Imagine if he had the tracking tools available today. And let me quote Brazilian President, Dilma Rousseff. There was a target of NSA tracking. They read their e-mail, spoke to the United Nations Headquarters and said, "If there is no right to the protection of personal data, there can be no real freedom of expression and opinion, and therefore there can be no effective democracy" .
That has to do with it. The protection of personal data is the brick that builds our democracies. And to quote a security researcher colleague, Markus Ranum, said that at the moment the United States is treating the internet as they would manage one of their colonies. So we returned to the era of colonization, and we, the foreign users of the internet, should consider the Americans as our masters.
So Mr Snowden was accused of many things. Some accuse him of causing problems for the American cloud-based industries and software companies, with these revelations, and accusing Snowdon of the problems of American cloud services would be equivalent to blaming Al Gore for causing global warming.
(Laughs)
(Clap)
Well, what can be done? Should we worry? No, we should not worry. We have to remember, because that's wrong and it's rude and should not be done. But that will not really change the situation. What will change the situation for the rest of the world is to try to stay away from systems built in the United States. This is much easier in words than in practice. How do you do that? A country, any country in Europe, can not replace and make replacements for the operating systems and cloud services built in the US.
But maybe you will not have to do it yourself. You may be able to do it along with other countries. The solution is the open source code. By building together open, free, secure systems, we can bypass this monitoring, and then there is no need to solve the problem of a country alone. It has to solve only a small problem. And to quote a security researcher colleague, Harun Mer, only one country has to make a small wave, but these little waves together become a tide, and the tide will pick up all the boats at the same time, and the tide that we will build with secure, free open source systems will become the tide that will raise us all higher and higher than the state of monitoring.
Thank you very much.
