privacy is an illusion
and you’re all losers
or how 1984 was a manual for our panopticon society
!
By Cain Ransbottyn - @ransbottyn

End of privacy
•
9/11 attacks invigorated the
concept of terrorist threats
•
Post 9/11 there was a strong
and understandable argument
to prioritise security

End of civil liberties
•
New word: “asymmetrical
threats”
•
Actually means: “please give
up your civil liberties”, in 2001
55% US citizens were pro; in
2011 only 40% (and
declining).
•
Patriot Act changed the world
for good

So, terrorism huh ?
•
systematic use of violent
terror as a means of
coercion
•
violent acts which are
intended to create fear
(terror)
•
perpetrated for a religious,
political, or ideological goal
•
deliberately target or
disregard the safety of noncombatants (civilians)

Global terrorist threat map
Data of 2010. Seems legit.

Year on year doubling in surveillance
budget since the Patriot Act
Except for 2013, then there was a dark budget of US$ 52,6B

Fear. Uncertainty. Doubt.
•
Instilling fear is a premise for
coercion. But to whom ?
•
Mass media works as a
catalyst to bring fear in the
homes of citizens.
•
We all are very shitty at threat
and risk assessments. Pigs or
sharks ?
•
23,589
40
Or terrorist attacks ?
13,200
* 2010 facts and figures worldwide

Are we really capable of
understanding the real
threat level ?
Please demonstrate you can spot a rhetorical question when you see one

The convenience of circular
logic
•
Gov’t: We’re using
surveillance so we can
prevent terrorist attacks
You: I don’t see any terrorist
threat or attack
Gov’t: Awesome stuff, hey ?
•
Him: I’m using this repellent to
scare away elephants.
You: But I don’t see any
elephants.
Him: Awesome stuff, hey ?

quis custodiet ipsos
custodes ?

Total Information
Awareness
The 2002 - 2003 program that began a data mining project, following warantless surveillance decision in 2002

PRISM, XKeyScore, Tempora
!
Thank you Microsoft, Facebook, Yahoo!, Google, Paltalk, YouTube, AOL,
Apple, Skype
Snowden leaks the post 2007 surveillance industry is much worse than anyone could have imagined

The rise of private
intelligence agencies
•
The welcome gift of “social
networks”
•
The thankful adoption rate of
smart phones
•
The cloud as the ultimate data
gathering extension to
governments
•
The phone operators remain a
loyal friend
•
The overt investment strategy of
In-Q-Tel

The In-Q-Tel investment firm
•
Founded 1999 as not-for-profit
venture capital firm
•
So… if you are not looking to make a
profit, what are you looking for then ?
•
Investments in data mining, call
recording, surveillance, crypto,
biotech, …
•
E.g. 2007 AT&T - Narus STA 6400
backdoor = product of In-Q-Tel
funded company
•
Many (many) participations
worldwide (also Belgium)

Social networks as a private
intelligence agency
•
Perfect front offices
•
Facebook as the first global
private intelligence agency
•
Otherwise hard to obtain intel
is being shared voluntarily by
everyone (e.g. hobbies, etc.)
•
US$ 12,7M investment by
James Breyer (Accel), former
colleague of Gilman Louie
(CEO In-Q-Tel)

Smart-phones as the
ultimate tracking device
•
Device you carry 24/7 with you.
With a GPS on board.
•
Android has remote install/deinstall
hooks in its OS (so has IOS)
•
OTA vulnerabilities allow remote
installs of byte patches (e.g.
Blackberry incident in UAE)
•
Apple incident (“the bug that
stored your whereabouts”)
•
Any idea how many address
books are stored on iCloud ? :p

Smart-phones as the
ultimate tracking device
Wi-Fi based positioning has become very accurate and quickly deployed mainstream

Cloud providers as the
perfect honeypot
•
There is no company that is so
invasive as Google
•
Records voice calls (Voice),
analyses e-mail (GMail), knows who
you talk to and where you are
(Android), has all your documents
(Drive) and soon will see through
your eyes (Glass)
•
Robert David Steele (CIA) disclosed
Google takes money from US Intel.
community.
•
In-Q-Tel and Google invest in
mutual companies (mutual interest)

Cloud providers as the
perfect honeypot
•
Not only Google. The latest
OSX Mavericks actually asked
me to… store my Keychain in
the cloud *sigh*
•
While Apple claims iMessage
cannot be intercepted, we
know it is possible because
Apple is the MITM and no
end-to-end crypto is used nor
certificate pinning.

The loyal friend, the phone
operator
•
Needs to be CALEA and ETSI
compliant. Yeah right :-)
•
Operators are both targets of
surveillance stakeholders (e.g.
Belgacom/BICS hack by GCHQ)
and providers of surveillance tactics
(taps, OTA installs, silent SMS, etc.)
•
Does KPN really trust NICE (Israel)
and does Belgacom really trust
Huawei (China) ?
•
Truth of the matter is: you cannot
trust your operator…

Privacy is for losers
If you think you have privacy,
you really are a loser

#dta
If a government needs to understand
its enemy, and we’re being surveilled.
Then, who exactly is the enemy ?

Conspiracy theory ?
!
Whistleblowers showed that reality
is far worse

So now what ?

Change your attitude.
Wake the f*ck up…

Reclaim ownership of your data.
Demand transparency of every
service you use.

Encryption is your
friend

Encryption today is built for security
professionals and engineers.
Not for your mom or dad.

Security and crypto engineers don’t
understand UI and UX

Android and IOS planned. Microsoft Mobile perhaps.

Requirements
•
Must provide strong crypto
•
Must be open source (GitHub)
•
Must be beautiful and easy to use, we
actually don’t want the user to be
confronted with complex crypto issues
•
Provide deniability
•
Provide alerting mechanisms that alert
the user when something is wrong
•
Even when your device is confiscated,
it should be able to withstand forensic
investigation

How it’s built
•
Using tor as transport layer for P2P
routing and provide anonymity (no
exit nodes used).
•
Obfuscated as HTTPS traffic to
prevent gov’t filtering.
•
Using OTR v3.1 to ensure perfect
forward secrecy and end-to-end
crypto.
•
Capable of detecting A5/GSM
tactical surveillance attacks.
•
Extremely effective anti forensic
mechanisms and triggers

How it’s used

Who’s using it
•
Journalists
•
Freedom Fighters
•
Whistleblowers
•
Lawyers and security
professionals
•
…

Why use it ?
•
To protect your human right
on privacy
•
To protect your human right
on freedom of speech
•
Because your communication
needs to remain confidential
•
Because excessive
surveillance is a threat to
modern democracy

Privacy might be for losers, but
that doesn’t mean you are OK
to give up your human rights…