The two most likely largest inventions
are the Internet and the mobile phone.
However, largely to our surprise,
they also turned out to be the perfect tools
It turned out that the capability
to collect data, information and connections
about basically any of us and all of us
is exactly what we've been hearing
throughout of the summer through revelations and leaks
about Western intelligence agencies,
mostly U.S. intelligence agencies,
watching over the rest of the world.
We've heard about these starting with the
revelations from June 6.
Edward Snowden started leaking information,
top secret classified information,
from the U.S. intelligence agencies,
and we started learning about things like PRISM
And these are examples of the kinds of programs
U.S. intelligence agencies are running right now,
against the whole rest of the world.
And if you look back about the forecasts
on surveillance by George Orwell,
George Orwell was an optimist.
(Laughter)
We are right now seeing a much larger scale
of tracking of individual citizens
than he could have ever imagined.
it will be both a supercomputing center
You could basically imagine it has a large hall
filled with hard drives storing data
And it's a pretty big building.
How big? Well, I can give you the numbers --
but that doesn't really tell you very much.
Maybe it's better to imagine it as a comparison.
You think about the largest IKEA store
How many hard drives can you fit in an IKEA store?
We estimate that just the electricity bill
is going to be in the tens of millions of dollars a year.
And this kind of wholesale surveillance
means that they can collect our data
and keep it basically forever,
keep it for extended periods of time,
keep it for years, keep it for decades.
And this opens up completely new kinds of risks
And what this is is that it is wholesale
blanket surveillance on everyone.
because the U.S. intelligence only has a legal right
when foreigners' data connections
end up in the United States or pass through the United States.
And monitoring foreigners doesn't sound too bad
that I'm a foreigner and you're a foreigner.
In fact, 96 percent of the planet are foreigners.
(Laughter)
So it is wholesale blanket surveillance of all of us,
all of us who use telecommunications and the Internet.
There are actually types of surveillance that are okay.
I love freedom, but even I agree
that some surveillance is fine.
If the law enforcement is trying to find a murderer,
or they're trying to catch a drug lord
or trying to prevent a school shooting,
and they have leads and they have suspects,
then it's perfectly fine for them to tap the suspect's phone,
and to intercept his Internet communications.
but that's not what programs like PRISM are about.
They are not about doing surveillance on people
that they have reason to suspect of some wrongdoings.
They're about doing surveillance on people
supporting surveillance like this,
well, the first of all is that whenever you start
discussing about these revelations,
there will be naysayers trying to minimize
the importance of these revelations, saying that
we knew it was happening, there's nothing new here.
And that's not true. Don't let anybody tell you
that we knew this already, because we did not know this already.
Our worst fears might have been something like this,
but we didn't know this was happening.
Now we know for a fact it's happening.
We didn't know about this. We didn't know about PRISM.
We didn't know about XKeyscore. We didn't know about Cybertrans.
We didn't know about DoubleArrow.
We did not know about Skywriter --
run by U.S. intelligence agencies.
that U.S. intelligence agencies go to extremes
such as infiltrating standardization bodies
to sabotage encryption algorithms on purpose.
is that you take something which is secure,
an encryption algorithm which is so secure
that if you use that algorithm to encrypt one file,
Even if they take every single computer on the planet just to decrypt that one file,
it's going to take millions of years.
So that's basically perfectly safe, uncrackable.
You take something which is that good
and then you weaken it on purpose,
making all of us less secure as an end result.
A real-world equivalent would be that
intelligence agencies would force
some secret pin code into every single house alarm
so they could get into every single house
because, you know, bad people might have house alarms,
but it will also make all of us
Backdooring encryption algorithms
But of course, these intelligence agencies are doing their job.
This is what they have been told to do:
That's what they're trying to do,
and since most, a very big part of the Internet traffic today is encrypted,
they're trying to find ways around the encryption.
One way is to sabotage encryption algorithms,
about how U.S. intelligence agencies
They are completely out of control,
and they should be brought back under control.
So what do we actually know about the leaks?
Everything is based on the files
detail a collection program where the data
is collected from service providers,
and they actually go and name the service providers
They even have a specific date
on when the collection of data began
for each of the service providers.
So for example, they name the collection from Microsoft
started on September 11, 2007,
for Yahoo on the March 12, 2008,
and then others: Google, Facebook,
And every single one of these companies denies.
They all say that this simply isn't true,
that they are not giving backdoor access to their data.
So is one of the parties lying,
or is there some other alternative explanation?
that these parties, these service providers,
That would explain it. They aren't cooperating. They've been hacked.
In this case, they've been hacked by their own government.
but we already have cases where this has happened,
for example, the case of the Flame malware
which we strongly believe was authored
by the U.S. government,
and which, to spread, subverted the security
of the Windows Update network,
meaning here, the company was hacked
supporting this theory as well.
Der Spiegel, from Germany, leaked more information
about the operations run by the elite hacker units
operating inside these intelligence agencies.
Inside NSA, the unit is called TAO,
and inside GCHQ, which is the U.K. equivalent,
it's called NAC, Network Analysis Centre.
And these recent leaks of these three slides
run by this GCHQ intelligence agency
targeting a telecom here in Belgium.
is that an E.U. country's intelligence agency
of a telecom of a fellow E.U. country on purpose,
and they discuss it in their slides completely casually,
They probably have a team building on Thursday evening in a pub.
They even use cheesy PowerPoint clip art
when they gain access to services like this.
that okay, yes, this might be going on,
but then again, other countries are doing it as well.
Many countries spy, not all of them, but let's take an example.
Let's take, for example, Sweden.
I'm speaking of Sweden because Sweden
has a little bit of a similar law to the United States.
When your data traffic goes through Sweden,
their intelligence agency has a legal right by the law
All right, how many Swedish decisionmakers
and politicians and business leaders
use, every day, U.S.-based services,
like, you know, run Windows or OSX,
or store their data in clouds like iCloud
or maybe use online services like Amazon web services or sales support?
And the answer is, every single Swedish business leader does that every single day.
use Swedish webmails and cloud services?
It's not balanced by any means, not even close.
And when we do have the occasional
even those, then, typically end up being sold to the United States.
Like, Skype used to be secure.
It used to be end-to-end encrypted.
Then it was sold to the United States.
Today, it no longer is secure.
So once again, we take something which is secure
and then we make it less secure on purpose,
making all of us less secure as an outcome.
And then the argument that the United States
Well, it's not the war on terror.
Yes, part of it is war on terror, and yes,
there are terrorists, and they do kill and maim,
but we know through these leaks
that they have used the same techniques
to listen to phone calls of European leaders,
to tap the email of residents of Mexico and Brazil,
to read email traffic inside the United Nations Headquarters and E.U. Parliament,
and I don't think they are trying to find terrorists
from inside the E.U. Parliament, right?
Part of it might be, and there are terrorists,
but are we really thinking about terrorists
that we are willing to do anything at all to fight them?
Are the Americans ready to throw away the Constituion
and throw it in the trash just because there are terrorists?
And the same thing with the Bill of Rights and all the amendments
and the Universal Declaration of Human Rights
and the E.U. conventions on human rights and fundamental freedoms
Do we really think terrorism is such an existential threat,
we are ready to do anything at all?
But people are scared about terrorists,
and then they think that maybe that surveillance is okay
because they have nothing to hide.
Feel free to survey me if that helps.
And whoever tells you that they have nothing to hide
simply hasn't thought about this long enough.
(Applause)
Because we have this thing called privacy,
and if you really think that you have nothing to hide,
please make sure that's the first thing you tell me,
that I should not trust you with any secrets,
because obviously you can't keep a secret.
But people are brutally honest with the Internet,
many people were asking me about this.
I'm not doing anything bad or anything illegal.
Yet, I have nothing that I would in particular
like to share with an intelligence agency,
especially a foreign intelligence agency.
And if we indeed need a Big Brother,
I would much rather have a domestic Big Brother
And when the leaks started, the very first thing I tweeted about this
when you've been using search engines,
you've been potentially leaking all that to U.S. intelligence.
And two minutes later, I got a reply
by somebody called Kimberly from the United States
challenging me, like, why am I worried about this?
What am I sending to worry about this? Am I sending naked pictures or something?
that what I'm sending is none of your business,
and it should be none of your government's business either.
Because that's what it's about. It's about privacy.
It should be built in to all the systems we use.
(Applause)
And one thing we should all understand
is that we are brutally honest with search engines.
You show me your search history,
and I'll find something incriminating
or something embarrassing there in five minutes.
We are more honest with search engines
than we are with our families.
Search engines know more about you
than your family members know about you.
And this is all the kind of information we are giving away,
we are giving away to the United States.
And surveillance changes history.
We know this through examples of corrupt presidents like Nixon.
Imagine if he would have had the kind of surveillance tools that are available today.
the president of Brazil, Ms. Dilma Rousseff.
She was one of the targets of NSA surveillance.
Her email was read, and she spoke
at the United Nations Headquarters, and she said,
"If there is no right to privacy,
there can be no true freedom of expression and opinion,
and therefore, there can be no effective democracy."
Privacy is the building block of our democracies.
And to quote a fellow security researcher, Marcus Ranum,
he said that the United States is right now treating the Internet
as it would be treating one of its colonies.
So we are back to the age of colonization,
and we, the foreign users of the Internet,
we should think about Americans as our masters.
So Mr. Snowden, he's been blamed for many things.
Some are blaming him for causing problems
for the U.S. cloud industry and software companies with these revelations --
and blaming Snowden for causing problems for the U.S. cloud industry
would be the equivalent of blaming Al Gore
(Laughter)
(Applause)
Should we worry. No, we shouldn't worry.
We should be angry, because this is wrong,
and it's rude, and it should not be done.
But that's not going to really change the situation.
What's going to change the situation for the rest of the world
from systems built in the United States.
And that's much easier said than done.
A single country, any single country in Europe
cannot replace and build replacements
for the U.S.-made operating systems and cloud services.
But maybe you don't have to do it alone.
Maybe you can do it together with other countries.
By building together open, free, secure systems,
we can go around such surveillance,
and then one country doesn't have to solve the problem by itself.
It only has to solve one little problem.
And to quote a fellow security researcher, Haroon Meer,
one country only has to make a small wave,
but those small waves together become a tide,
and the tide will lift all the boats up at the same time,
with secure, free, open-source systems,
will become the tide that will lift all of us
up and above the surveillance state.
(Applause)