commit c47121828b2ecd1b0962a15392aa0886d9cc500b Author: Mike Gerwitz Date: Sun Apr 2 21:59:29 2017 -0400 Oh, hello This is a mostly-complete history of the development of my LibrePlanet 2017 talk entitled ``The Surreptitious Assault on Privacy, Security, and Freedom''. I removed timekeeping and miscellaneous notes/outlines, but it's otherwise authentic. diff --git a/slides.org b/slides.org new file mode 100644 index 0000000..c532ed3 --- /dev/null +++ b/slides.org @@ -0,0 +1,966 @@ +#+startup: beamer +#+TITLE: The Surreptitious Assault on Privacy, Security, and Freedom +#+AUTHOR: Mike Gerwitz +#+EMAIL: mtg@gnu.org +#+DATE: 26 March, LibrePlanet 2017 +#+OPTIONS: H:3 num:nil toc:nil p:nil todo:nil stat:nil +#+LaTeX_CLASS: beamer +#+LaTeX_CLASS_OPTIONS: [presentation] +#+BEAMER_THEME: Warsaw +#+BEAMER_HEADER: \beamertemplatenavigationsymbolsempty +#+TODO: RAW(r) LACKING(l) DRAFT(d) REVIEWED(R) | READY(+) REHEARSED(D) +#+COLUMNS: %25ITEM %10DURATION{:} + + +#+BEGIN_COMMENT +#+BEGIN: columnview :hlines 1 :id local +| ITEM | DURATION | +|------------------------------------+----------| +| * Introduction / Opening | 00:00:30 | +|------------------------------------+----------| +| * Mobile [0/5] | 0:04 | +| ** Introduction | 0:00 | +| *** Introduction | 00:00:30 | +| ** Cell Towers [0/2] | 00:01 | +| *** Fundamentally Needed | | +| *** Cell-Site Simulators | | +| ** Wifi [0/1] | 0:01 | +| *** Wifi | 00:01 | +| ** Location Services [0/2] | 00:01 | +| *** GPS | | +| *** Access Points | | +| ** Operating System [0/1] | 0:01 | +| *** Untrusted/Proprietary OS | 00:01 | +|------------------------------------+----------| +| * Stationary [0/5] | 0:08 | +| ** Introduction [0/1] | 0:00 | +| *** Introduction | 00:00:30 | +| ** Surveillance Cameras [0/2] | 0:00 | +| *** Unavoidable | | +| *** Access to Data | 00:00:30 | +| ** Internet of Things [0/4] | 0:04 | +| *** Wide Open | 00:00:30 | +| *** Lack of Security | 00:01:30 | +| *** Who's Watching? | 00:00:30 | +| *** Facial Recognition | 00:01 | +| ** Social Media [0/1] | 0:01 | +| *** Collateral Damage | 00:01 | +| ** Driving [0/3] | 0:02 | +| *** Introduction | 00:00:30 | +| *** ALPRs | 00:01 | +| *** Car Itself | 00:00:30 | +|------------------------------------+----------| +| * The Web [0/6] | 0:12 | +| ** Introduction [0/1] | | +| *** Introduction | | +| ** Bridging the Gap [0/1] | 0:01 | +| *** Ultrasound Tracking | 00:01 | +| ** Incentive to Betray [0/1] | 0:00 | +| *** Summary | 00:00:30 | +| ** Analytics [0/2] | 0:02 | +| *** Trackers | 00:01 | +| *** Like Buttons | 00:01 | +| ** Fingerprinting [0/2] | 0:04 | +| *** Summary | 00:03 | +| *** Browser Addons | 00:01 | +| ** Anonymity [0/3] | 0:04 | +| *** Summary | 00:01 | +| *** The Tor Network | 00:01 | +| *** TorBrowser, Tails, and Whonix | 00:02 | +|------------------------------------+----------| +| * Data Analytics [0/2] | 0:04 | +| ** Introduction [0/1] | 0:00 | +| *** Introduction | 00:00 | +| ** Headings [0/3] | 0:04 | +| *** Advertisers | 00:02 | +| *** Social Media | 00:01 | +| *** Governments | 00:00:30 | +|------------------------------------+----------| +| * Policy and Government [0/6] | 0:12 | +| ** Introduction [0/1] | 0:00 | +| *** Introduction | 00:00:30 | +| ** Surveillance [0/4] | 0:06 | +| *** History of NSA Surveillance | 00:02 | +| *** Verizon Metadata | 00:00:30 | +| *** Snowden | 00:01 | +| *** Tools | 00:02 | +| ** Crypto Wars [0/3] | 0:03 | +| *** Introduction | 00:00 | +| *** Bernstein v. United States | 00:01 | +| *** Makes Us Less Safe | 00:02 | +| ** Espionage [0/1] | 0:01 | +| *** US Can't Keep Its Own Secrets | 00:01 | +| ** Subpoenas, Warrants, NSLs [0/1] | 0:01 | +| *** National Security Letters | 00:01 | +| ** Law [0/1] | 0:01 | +| *** Summary | 00:01 | +|------------------------------------+----------| +| * Your Fight [0/1] | 0:05 | +| ** Headings [0/5] | 0:05 | +| *** Feeding | 00:00 | +| *** SaaSS and Centralization | 00:01 | +| *** Corporate Negligence | 00:01 | +| *** Status Quo | 00:02 | +| *** Push Back | 00:01 | +|------------------------------------+----------| +| * Local Variabes | | +#+END + + +#+BEGIN_COMMENT +*Remember the themes!*: + - Surreptitious + - User privacy and security + - Affects on freedom; chilling effects + - How free software can help + +The big players seem to be the [[The Web][Web]] and [[Policy and Government][Government]]. +No surprises there. + + +It would be a good idea to immediately connect with the audience. So: + - Most everyone has a mobile device. + - /This is the most immediate and relatable since it's physically present/ + with them in their travels. + - Security cameras et. al. during travel. + +So start _briefly_ with the topic of pervasive surveillance? + - That is what the abstract refers to, after all. + +*Surreptitious*---many audience members won't consider that they're being +tracked. + - But by _whom_? + +Maybe a gentle introduction that gets increasingly more alarming and +invasive topic-wise. + +GOAL: Captivate; Startle +#+END_COMMENT + + +* DRAFT Introduction / Opening :B_fullframe: +:PROPERTIES: +:DURATION: 00:00:30 +:BEAMER_env: fullframe +:END: + +#+BEGIN_COMMENT +None of you made it here without being tracked in some capacity. +Some of us are still being tracked at this very moment. + +... + +Let's start with the obvious. + +(Note: You're being "tracked", rather than "watched": the latter is too +often used and dismissed as tinfoil-hat FUD.) +#+END_COMMENT + +#+BEGIN_CENTER + #+BEAMER: \only<1>{You're Being Tracked.} + #+BEAMER: \only<2>{(No, really, I have references.)} +#+END_CENTER + +* LACKING Mobile [0/5] +** DRAFT Introduction :B_ignoreheading: +:PROPERTIES: +:BEAMER_env: ignoreheading +:END: +*** DRAFT Introduction :B_fullframe: +:PROPERTIES: +:DURATION: 00:00:30 +:BEAMER_env: fullframe +:END: + +- <1-> Most people carry mobile phones +- <1-> Synonymous with individual +- <2> Excellent tracking devices + +#+BEGIN_COMMENT +How many of you are carrying a mobile phone right now? +Probably most of us. +They are something we carry with us everywhere; + they are computers that are always on. +A phone is often synonymous with an individual. +In other words: they're excellent tracking devices. +#+END_COMMENT + +** LACKING Cell Towers [0/2] +:PROPERTIES: +:DURATION: 00:01 +:END: +*** DRAFT Fundamentally Needed +- <1-> Phone needs tower to make and receive calls +- <2-> Gives away approximate location (can triangulate) + +#+BEGIN_COMMENT +The primary reason is inherent in a phone's design: cell towers. +A phone "needs" to be connected to a tower to make and receive calls. + +Unless it is off, + its connection to the cell tower exposes your approximate location. +These data persist for as long as the phone companies are willing to persist +it. If it's mined by the NSA, then it might be persisted indefinitely. + +Some people don't use phones primarily for this reason. + +rms said he might use a phone if it could act as a pager, + where he'd only need to expose his location once he is in a safe place. +You can imagine that such would be a very useful and important feature for + reporters and dissidents as well. +#+END_COMMENT + + +*** LACKING Cell-Site Simulators +- <1-> Masquerade as cell towers +- <2-> (List them) e.g. Stingray + +#+BEGIN_COMMENT +I'm sure many of you have heard of Cell Site Simulators; + one of the most popular examples being the Stingray. +These devices masquerade as cell towers and can perform a dragnet search for + an individual. +Your location can be triangulated. +#+END_COMMENT + + +** RAW Wifi [0/1] +*** RAW Wifi +:PROPERTIES: +:DURATION: 00:01 +:END: + +#+BEGIN_COMMENT +What else is inherent in a modern phone design? +A common feature is Wifi. + +If you connected to any hidden networks, + your phone may broadcast that network name to see if it exists. + +Your mobile device could be broadcasting information like past network + connections and unique device identifiers (MAC), + which can be used to uniquely identify you. + +Access points increasingly line the streets or are within range in nearby + buildings. + +Can be incredibly accurate for tracking movements, + and it is _passive_---it requires no software on your device. + +Disable Wifi when not in use. +You can also randomize your MAC address, + and be sure not to broadcast hidden networks. +#+END_COMMENT + + +** RAW Location Services [0/2] +:PROPERTIES: +:DURATION: 00:01 +:END: +*** RAW GPS +Oh, but what if we _do_ have software on the device? +And we do. + +Let's talk about location services! +Many people find them to be very convenient. + +The most popular being GPS. +Because of the cool features it permits, + it's often enabled. +And programs will track your movements just for the hell of it. +Or give an excuse to track you. + +*** RAW Access Points +But GPS doesn't need to be available. +Have you ever used a map program on a computer that asked for your location? +How does it do that without GPS? +Google scours the planet recording APs. +It knows based on _what APs are simply near you_ where you are. +Sometimes this can be more accurate than GPS. +And it works where GPS and maybe even cell service don't, such as inside + shopping malls. + +So having radio and GPS off may not help you. +MAC spoofing won't help since software on your device has countless other + ways to uniquely identify you---this is active monitoring, unlike previous + examples. + +** RAW Operating System [0/1] +*** RAW Untrusted/Proprietary OS +:PROPERTIES: +:DURATION: 00:01 +:END: +The OS situation on mobile is lousy. +Does your phone work for Apple? Google? Microsoft? Blackberry? ...? + +You carry around this computer everywhere you go. +And you fundamentally cannot trust it. + +I use Replicant. +Does anyone here use Replicant? +I feel like I can at least trust my phone a little bit. +But on nearly every phone, + the modem still runs proprietary software. +And often times has direct access to disk and memory. + +So even with Replicant, + I consider the device compromised; + I put nothing important on it if I can avoid it. + + +* RAW Stationary [0/5] +** RAW Introduction [0/1] :B_ignoreheading: +:PROPERTIES: +:BEAMER_env: ignoreheading +:END: +*** RAW Introduction :B_fullframe: +:PROPERTIES: +:DURATION: 00:00:30 +:BEAMER_env: fullframe +:END: +So let's say you have evaded that type of tracking. +Maybe you don't carry a phone. +Or maybe you've mitigated those threats in some way. + +There's certain things that are nearly impossible to avoid. + +** RAW Surveillance Cameras [0/2] +*** RAW Unavoidable +On the way here, + you likely walked by numerous security cameras. +They could be security cameras for private businesses. +Traffic cameras. +Cameras on streets to deter crime. + +Let's set aside local, state, and federal-owned cameras for a moment + and focus on businesses. +So a bunch of separate businesses have you on camera. +So what? + + +*** RAW Access to Data +:PROPERTIES: +:DURATION: 00:00:30 +:END: +Well one of the most obvious threats, should it pertain to you, is a + subpoena. +The best form of privacy is to avoid having the data be collected to begin + with. +If law enforcement wanted to track you for whatever reason---crime or + not!---they could simply subpoena the surrounding area. + +** RAW Internet of Things [0/4] +*** RAW Wide Open +:PROPERTIES: +:DURATION: 00:00:30 +:END: +In the past, these cameras were "closed-circuit"--- + they were on their own segregated network. +You'd _have_ to subpoena the owner, + or otherwise physically take the tape. + +Today, that might be the intent, but these cameras are often + connected to the Internet for one reason or another. +It might be intentional---to view the camera remotely---or it may just be + how it is set up by default. + +Well... +Let's expand our pool of cameras a bit. +Because it's not just businesses that use Internet-connected cameras. +They're also popular among individuals for personal/home use. +Home security systems. +Baby monitors. + +*** RAW Lack of Security +:PROPERTIES: +:DURATION: 00:01:30 +:END: +Who here has heard of Shodan? + +Shodan is a search engine for the Internet of Things. +It spiders for Internet-connected devices and indexes them. +Okay, that's to be expected. +Maybe that wouldn't be a problem if people knew proper NAT configuration + that isn't subverted by UPnP. +Maybe it wouldn't be a problem if these devices even gave a moment of + thought to security. + +Anyone heard of Insecam? +It's a site that aggregates live video feeds of unsecured IP cameras. +I can tell you personally that you feel like a scumbag looking at the site. +There's fascinating things on there. +And sobering ones. +And creepy ones. +Restaurants---families eating dinner; chefs preparing food in the back. +Public areas---beaches, pools, walkways, city streets. +Private areas---inside homes; private businesses. Hotel clerks sitting + behind desks on their cell phones. Warehouses. +Behind security desks. +Behind cash registers. +Hospital rooms. +Inside surveillance rooms where people watch their surveillance system! + With armed guards! +Scientific research: people in full dress performing experiments. +I saw someone at the dentist getting a teeth cleaning. +Anything you can think of. +You can literally explore the world. +There are some beautiful sights! Absolutely gorgeous. +They remove things that are too deeply personal. + Assuming someone reports it. + +This is an excellent example to demonstrate to others why this is such a big + deal. + +*** RAW Who's Watching? +:PROPERTIES: +:DURATION: 00:00:30 +:END: +So that's what your average person can do. +That's what some of you are going to be doing as soon as you leave this + talk, if you haven't started looking already! + +That's what law enforcement is going to do. +That's what the NSA, GHCQ, et. al. are going to do. + +*** RAW Facial Recognition +:PROPERTIES: +:DURATION: 00:01 +:END: +Now let's couple that with facial recognition. + +Consider the breadth of devices we just covered. +Literally everywhere. +People don't need to manually look for you anymore; + it's automated. +Hell, any of us can download a free (as in freedom) library to do facial + recognition and train it to recognize people. +Facebook famously got creepy by saying it could recognize people by their + dress and posture, from behind. + +You don't need facial recognition, though. +You can also be identified by your gait. + +There's a lot to say about IoT. +We'll come back to it. + + +** RAW Social Media [0/1] +*** RAW Collateral Damage +:PROPERTIES: +:DURATION: 00:01 +:END: + +So you don't have any unsecured IoT cameras in your home. +Or in this conference. +But you do have unsecured people running wild with their photos and their + selfies. + +I'm sure you've heard a frequent request/demand from rms: +"Don't put pictures of me on Facebook." +This applies to all social media, really. +I just mentioned facial recognition--- + this is precisely what Facebook (for example) made it for! +To identify people you might know to tag them. +It's excellent surveillance. +What irks me is when people try to take pictures of my kids, + or do and ask if they can put them online. +Uh, no. You cannot. +And people are sometimes surprised by that refusal. + +Most people are being innocent--- + they're just trying to capture the moment. +What they're actually doing is inflicting collateral damage. +If I'm off in the background when you take a picture of your friends in the + foreground, + I'm still in the photo. + + +** RAW Driving [0/3] +*** RAW Introduction :B_fullframe: +:PROPERTIES: +:DURATION: 00:00:30 +:BEAMER_env: fullframe +:END: +Okay. +So you have no phone. +You sneak around public areas like a ninja. +Like a vampire, you don't show up in photos. +And you have no friends. + +So how else can I physically track you in your travels here? + +Well if you flew here, + then your location is obviously known. +That's not even worth discussing. + +But what about if you drove? + +*** RAW ALPRs +:PROPERTIES: +:DURATION: 00:01 +:END: +ALPRs possibly tracked your movements. +Automated License Plate Readers. + +<...> + +Maybe you try to evade them with special license plate covers. +If need be, one could just track you by other unique features of your + vehicle. +And those might not just be law enforcement. + +Security issues extend to this too! + + +You could rent a car. +But the rental place probably took your name, license, and other + information. +You could take a cab and pay with cash. +But that can get expensive. +And they might have cameras and such anyway. + + +*** RAW Car Itself +:PROPERTIES: +:DURATION: 00:00:30 +:END: +Maybe your car itself is a tracking device (e.g. OnStar). + +(Move into Mobile?) + +<...> + + +* RAW The Web [0/6] +** RAW Introduction [0/1] :B_ignoreheading: +:PROPERTIES: +:BEAMER_env: ignoreheading +:END: +*** RAW Introduction :B_fullframe: +:PROPERTIES: +:BEAMER_env: fullframe +:END: +But you're not just tracked in the flesh. +Much of what we do today is virtual. +What better way to segue than to bridge the two? + +** RAW Bridging the Gap [0/1] +*** RAW Ultrasound Tracking +:PROPERTIES: +:DURATION: 00:01 +:END: + +A challenge for advertisers is correlating users across multiple devices, +and in the real world. + +Let's say you saw a commercial for some product Foo on TV. +And then you went online to research Foo. +And then you bought Foo. + +Sometimes commercials have you enter promo codes online to know that you + arrived at the site from a TV commercial. +Or give you a unique URL. + +Others play inaudible sounds that are picked up by your mobile device or + computer. + +<...> + + +** RAW Incentive to Betray [0/1] +*** RAW Summary :B_fullframe: +:PROPERTIES: +:DURATION: 00:00:30 +:BEAMER_env: fullframe +:END: +So how does tracking happen? +How does this tracking code _get_ on so much of the web? + +Incentives to betray users. + +Many websites make money through advertising. +It can be lucrative. +And it's _easy_ to do. + +** RAW Analytics [0/2] +*** RAW Trackers +:PROPERTIES: +:DURATION: 00:01 +:END: + +Site analytics is another issue. +Website owners want to know what their visitors are doing. +That in itself isn't an unreasonable thing broadly speaking, + but how you go about it and what types of data you collect + defines the issue. + +Take Google Analytics for example. +A very popular proprietary analytics service. +It is one of the most widely distributed malware programs in the world. + +<> + +And all of this is known to Google. +All of this can be used to identify users across the entire web. + +<> + +If you must track your users, consider using Piwik, which you can host + yourself. + +*** RAW Like Buttons +:PROPERTIES: +:DURATION: 00:01 +:END: + +Another popular example are "like buttons" and similar little widgets that + websites like Facebook offer. +If a user is logged into Facebook, + then Facebook now knows that they visited that website, + _even if they don't click on the button_. + +But even if you don't have a Facebook account, + information is being leaked to them + you are still being tracked. + +Addons like Privacy Badger will block these. + +** RAW Fingerprinting [0/2] +*** RAW Summary :B_fullframe: +:PROPERTIES: +:DURATION: 00:03 +:BEAMER_env: fullframe +:END: + +These methods are part of a broader topic called "browser fingerprinting". +It's just what it sounds like: + uniquely identify users online. +It's alarmingly effective. + +<> + +<> +Some methods allow fingerprinting even if the user uses multiple browsers + and takes care to clear all session data. +They can do this by effectively breaking out of the browser's sandbox by + doing operations that depend heavily on specifics of users' hardware. + +*** RAW Browser Addons +:PROPERTIES: +:DURATION: 00:01 +:END: + +(Merge into other sections?) + +So how do we avoid this type of tracking? + +<>. + + +** RAW Anonymity [0/3] +*** RAW Summary :B_fullframe: +:PROPERTIES: +:DURATION: 00:01 +:BEAMER_env: fullframe +:END: +Another way is to be anonymous or pseudononymous. +In the latter case, + you assume a pseudoynm online and perform only activities that should be + associated with that pseudonym. +In the former case, + there should be no way to ever correlate past or future actions with your + current session. + +This is a difficult topic that's pretty dangerous to give advice on if you + have strong need for anonymity---for example, if you are a dissident or + whistleblower. +If your life depends on anonymity, + please do your own research. +I provide a number of resources to get you started. + + +*** RAW The Tor Network +:PROPERTIES: +:DURATION: 00:01 +:END: +Most here have probably heard of Tor. +"Tor" stands for "The Onion Router", + which describes how it relays data through the Tor network. + +The packet is routed through a number of servers, + encrypted with the public key of each server such that the first hop + strips off the first layer and so on. +The exit node reveals the packet and delivers it to the destination, + then begins relaying the reply back to through the network to the user. + +As long as a sufficient portion of the network can be trusted and has not + been compromised by an adversary, + it isn't possible to trace data back through the network. + +The most common use of Tor is to route web traffic. +Many nodes block most other ports. +It's also possible to resolve DNS requests through Tor. + +There are lots of other details that I don't have time to get to here, + but I provide a number of resources for you. + + +*** RAW TorBrowser, Tails, and Whonix +:PROPERTIES: +:DURATION: 00:02 +:END: +Tor alone isn't enough to secure your anonymity. + +It's hard to secure a web browser. + + +TorBrowser is a hardened version of Firefox. +The Tor browser recommends that you don't rely on a vanilla Firefox for + anonymity with Tor. + +Tails... + +Whonix... + + +* LACKING Data Analytics [0/2] +** RAW Introduction [0/1] :B_ignoreheading: +:PROPERTIES: +:BEAMER_env: ignoreheading +:END: +*** RAW Introduction :B_fullframe: +:PROPERTIES: +:DURATION: 00:00 +:BEAMER_env: fullframe +:END: +We've seen adversaries with different motives. +Let's explore what some of them do with all those data. + + +** LACKING Headings [0/3] +*** LACKING Advertisers +:PROPERTIES: +:DURATION: 00:02 +:END: +The biggest threat to privacy to the average user is by companies that + aggregate data for the purpose of understanding _you_. +Probably better than you understand you. +I'm sure many of you heard of the story of Target knowing a girl was + pregnant before she did. + +<> + + +*** LACKING Social Media +:PROPERTIES: +:DURATION: 00:01 +:END: +(Where you are, what you do.) + + +*** LACKING Governments +:PROPERTIES: +:DURATION: 00:00:30 +:END: +(Segue into government surveillance.) + + +* RAW Policy and Government [0/6] +** RAW Introduction [0/1] :B_ignoreheading: +:PROPERTIES: +:BEAMER_env: ignoreheading +:END: +*** RAW Introduction :B_fullframe: +:PROPERTIES: +:DURATION: 00:00:30 +:BEAMER_env: fullframe +:END: +Where to begin. + +Governments have a duty to protect their people. +But they also have a duty to know their bounds; + to respect citizens' rights and privacy. + +We know how that story goes. + + +** LACKING Surveillance [0/4] +*** LACKING History of NSA Surveillance +:PROPERTIES: +:DURATION: 00:02 +:END: +(EFF, <>) + + +*** LACKING Verizon Metadata +:PROPERTIES: +:DURATION: 00:00:30 +:END: +(Add date) + +... + +*** LACKING Snowden +:PROPERTIES: +:DURATION: 00:01 +:END: +... + +*** LACKING Tools +:PROPERTIES: +:DURATION: 00:02 +:END: +- XKeyscore and others +- Exploits +- Hardware +- Intercepting shipments +- Etc. + + +** LACKING Crypto Wars [0/3] +*** RAW Introduction :B_fullframe: +:PROPERTIES: +:DURATION: 00:00 +:BEAMER_env: fullframe +:END: +All of that happened behind our backs. + +But there is also a war being waged in public. +As if we haven't learned from the past. +The Crypto wars. + + +*** LACKING Bernstein v. United States +:PROPERTIES: +:DURATION: 00:01 +:END: +... +(Include export-grade crypto) +(Code is speech) + + +*** LACKING Makes Us Less Safe +:PROPERTIES: +:DURATION: 00:02 +:END: +Apple v. FBI + +- Backdoors +- Clipper chip +- LOGJAM, etc from export-grade crypto +- VEP + + +** LACKING Espionage [0/1] +*** LACKING US Can't Keep Its Own Secrets +:PROPERTIES: +:DURATION: 00:01 +:END: +- Office of Personnel Management +- DNC + + +** LACKING Subpoenas, Warrants, NSLs [0/1] +*** LACKING National Security Letters +:PROPERTIES: +:DURATION: 00:01 +:END: +- Gag orders +- Prior restraint +- Canaries + +** LACKING Law [0/1] +*** LACKING Summary :B_fullframe: +:PROPERTIES: +:DURATION: 00:01 +:BEAMER_env: fullframe +:END: +- DMCA + - Risks to security researchers + - Draconian +- CFAA + + +* RAW Your Fight [0/1] +** RAW Headings [0/5] +*** RAW Feeding :B_fullframe: +:PROPERTIES: +:DURATION: 00:00 +:BEAMER_env: fullframe +:END: +We're feeding into all of this! + + +*** RAW SaaSS and Centralization +:PROPERTIES: +:DURATION: 00:01 +:END: +- Be sure to mention Cloudbleed and S3 +- Who has access to your data? +- The "Cloud" + + +*** RAW Corporate Negligence +:PROPERTIES: +:DURATION: 00:01 +:END: +Companies don't care. +They'll balance _costs_ of failure to comply with regulation. +Is it cheaper just to pay up in the event of a data breach? + +Governments try, sort of. +They need to catch up with the times. +<> + +<> + +(Tie into SaaSS) + + +*** RAW Status Quo +:PROPERTIES: +:DURATION: 00:02 +:END: +You would think after the Snowden revelations that people would be more + privacy-centric. + +Some are. +Many aren't. +There is complacency with the status quo. +Everything is so _convenient_. + +"I have nothing to hide." +A common argument. +One that can be notoriously hard to address. + +"Report anything suspicious." +(Example of mathematician on plane.) + +These all have chilling effects, conscious or not. +<> + +I hope I've convinced you that the status quo cannot hold. +That even people who aren't that privacy- or security-conscious recognize + that there are risks not only at a personal level, + but also national and global. + +*** RAW Push Back +:PROPERTIES: +:DURATION: 00:01 +:END: +We need to push back. + +- Good crypto; no trust +- Lawmakers: this is not something we can win while we fight with our + governments. + + +* Local Variabes :noexport: +Just Emacs configuration stuff. + +# Local Variables: +# org-todo-keyword-faces: (("DRAFT" . org-upcoming-deadline) \ +# ("LACKING" . org-warning) \ +# ("REVIEWED" . "yellow") \ +# ("READY" . (:inherit org-scheduled bold :underline t))) +# End: