Bruce Schneier & Jonathan Zittrain on IT, Security, and Power

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Because it was mentioned at the onset of the lecture.

👍︎︎ 1 👤︎︎ u/sifumokung 📅︎︎ Apr 11 2013 🗫︎ replies

Fantastic lecture, very informative, if you want to see a real example of companies tracking your clicks, get the ghostery app for your browser, it displays it in the top right-hand corner, it's scary how many companies track your browsing habits on large sites.

👍︎︎ 1 👤︎︎ u/duende667 📅︎︎ Apr 15 2013 🗫︎ replies

Captions

well good evening whoa is that too loud no who knew there are official people here in charge of volume um there he is there's the volume and there's another person in charge of quality so we have both things covered okay then my name is jonathan zitrin and uh i am so pleased to be in conversation tonight with bruce schneier bruce is a kind of a really good person to introduce in the sense that he's extremely well known but not for trite reasons it's actually hard to put a bumper sticker on bruce and not simply because he's security conscious i think the closest thing would be uh he's extremely well known for his attitudes and uh common sense around tsa and i believe you actually coined the phrase security theater security theater is mine and that's a great phrase and you can't help but enjoy every episode of security theater as you encounter it now on uh the way and it's also been really interesting to see bruce's evolution from somebody writing a canonical text in applied cryptography kind of has the technical chops then really thinking more systemically including human factors about security and again in his explanations being lucid but not reducing in ways that immediately make good guys and bad guys and sort of simplistic uh slogans and yet still again popular enough that i believe you are an internet meme are you not oddly enough yes there is an internet meme about you look up bruce schneier facts i have nothing to do with them uh exactly or just not now well it's too late um did you guys put these rooms in faraday cages i don't that would be an mit thing to do and yet not because then they would hack the faraday cage but um we just rely on law to keep people honest and it doesn't work so that's a deeper problem than the ones we're going probably to talk about uh tonight the last time bruce and i shared a stage i believe it was 2010 and it was for the intelligence squared debate resolved the cyber war threat has been greatly exaggerated grossly exaggerated grossly exaggerated but it was kind of interesting it was it was myself and mark rottenberg on one side we were the sides of yes is grossly exaggerated on the other side was mike mcconnell used to run the nsa now a big executive boos allen hamilton one of the people who grossly exaggerates cyber war for a living and seems only fitting to be on that side of the debate i actually thought it pretty easy i would present a list of gross exaggerations we'd all vote and then we'd go home it was more complicated and i actually lost that debate it really surprised me but at the end of the hour and a half or something more and the vote was they pulled the audience in the beginning and pulled the audience to the end so you could think about how to game the system let's assume people didn't uh but more more people are convinced that cyborg was a real threat then was grossly exaggerated and it really was thinking about that loss that really got me to understand the cyber war debate you know why we lost and a lot of it was definitional we spent most of the time arguing on the definition of cyber war and i think that is in a lot of ways the policy problem today that we don't know when cyber war starts when it ends what it looks like when it's going on and it's not just you know the debaters or or or researchers it's you know it's policy people don't ha don't have a good definitions so it's real hard to discuss whether the threat is exaggerated unless you know what the is is and i'm gonna go on a little bit this is i mean it used to be in the real world you would judge you would judge the threat by the weaponry right when you saw a tank driving at you you knew it was war because only governments could afford tanks the problem in cyberspace is everyone's using the same weaponry right everyone's using ddos attacks everyone's using exploits everyone's using exfiltration they're all doing the same things you can't look at the weapon or you can't look at the tactics and figure out who you're fighting and this is a problem right because when when you're being attacked and cyber spy you're being attacked in general a lot of people you can call right you can call the police you can call the military you can call homeland security and call your lawyers i guess we're here right and and the regime in which your defense operates depends on exactly two things who's attacking you and why and when you're intact in cyberspace the exact two things you don't know are who's attacking you and why so you were seeing the military use a very expansive definition because they want to you know capture the whole you know the whole gamut of the attacks where i argue very strongly for a much narrower definition and that's that is why i lost that debate you've never heard that um well i think it's because you debated better than i did no in fact you didn't i was haha i was going to say you lost because we hacked the vote thereby proving our side um and uh well more of mcconnell's friends were in the audience yes and right and if of course they voted no to start they would i assume they played fair uh indeed well this isn't a debate in the sense that we often i think share more views than we disagree upon and it's also not a debate in the sense that i think we're wanting to structure this conversation and the one that we'll put out to the entire room uh before too long as thinking aloud more than advancing some particular view and asking people to hammer upon it this really is especially given the collective brain trust i already see in this room this is like a group study uh exercise more than it is a delivery of an academic paper or a thesis that we're then supposed to uh beat up upon um by way of framing though i think it is interesting first just from the remarks as you were getting into substance to already hear you using words like weapon which already seems to me to be conceding a big part of the frame of the debate something that you see the likes of anonymous i think ironically deploying when they talk about the low orbit ion cannon which is i think life imitating art imitating art imitating life because the low orbit ion cannon is itself not a real cannon um but uh i i think also it i hope we'll get a chance to talk about what i perceive at least as a trajectory in your own thinking from the beyond fear phase which captured a lot of your thinking about look it's complicated it's not like there aren't real threats but we're often focused on exactly the wrong stuff to our detriment hence let's get beyond fear so what i think is shaping up to be maybe your next book which you haven't named it yet but as best i can tell the title might be be afraid be very afraid and it's about asymmetric threats very generally from technology not even limited to cyber and again i'm characterizing this because he'll feel free to correct my characterization in a moment but i know you have a lot of worries about the asymmetries between offense and defense and the prospect that as time goes on are normal ways of handling things and including normal is how reasonable technically oriented people would handle them may fall short and thereby leave us with a real dilemma about how to secure ourselves that's at least i think where you're at on the current puzzle so we could start there and work back or start at the beginning and work forward that's a piece of it and it is a small piece but it's something i've been wondering about for a while and i wrote it down and uh you know some of the comments i got was bio you must had a really bad day very generally very generally we accept a certain amount of bad action in society right the right the price of freedom is the possibility of crime we recognize that that in order to be a free society we deliberately limit what the police can do we do a bunch of things to make crime possible and there's a crime rate that we accept the murder rate is not zero and we wouldn't want it to be zero there's a whole lot of reasons why that would be bad and and we have some now we might want it to be zero but we realize that what it would take to make it so would we would that's not the society we wanted we wanted the ill effects right yeah we be too many false or false arrests there'd be a whole lot of reasons why you wouldn't want that so and if you think about this the amount of damage a bad actor can do is vaguely a function of technology i mean that uh terrorists can kill x people as a function of technology one ten a hundred a thousand as their weaponry gets better uh a bank robber can can steal more money or steal more accounts as the amount of damage an individual bad actor can do increases the fewer bad actors we're willing to tolerate right if assuming that effect is constant i mean we want a murder rate of x if the murderers murder 10 times as many people as before then we need one-tenth of them to keep that number i mean this is very hand-wavy and vague this justin bruce will never be running for elective office ever oh god no the whole in fact appointed office is now seriously in question a whole lot of reasons for that so absolutely legalized soon as the amount as the amount of damage increases the number of bad actors we're willing to tolerate decreases and in theory you can imagine it get to the point where even one is bad even one is too much this is the weapons of mass destruction debate right the terrorists can do so much freaking damage that we must rewrite all of our laws to make sure we catch them before they do their bad thing right no more after the fact detection response that works for murder and a lot of other crimes i mean this must be predictive policing this must be arresting people on conspiracy i mean all of those reasons why you have these very invasive uh investigative tools which is to say what used to be a spectrum on a dial of enforcement to try to scale to the nature of the problem becomes a binary choice between doom from terrorist or doom from police state kind of you know so my worry is now doing my best on the bumpers no that's good and and eventually i'll do a bumper sticker because i like them too eventually you get to the point where technology becomes so great and i'm wondering this is now a general rule of civilization we could apply around apply around the galaxy if there becomes a point in any species technological advancement where the amount of damage one lone actor can do is so devastating that it destroys society if that's the case and i'm postulating that destroying is easier than preventing destruction there will be a window in technological advancement where one lone actor or a grupo and actors can destroy society so now what is the chance that society can get beyond that i'm not sure i'm optimistic about the chances i you know it it's you know we we tend to run a pretty wide-tail bell curve around our species so that's in general the worry now what does that mean i'm not sure is it true i mean a lot of things i wrote this to see if people can refute that well right maybe an argument in the last book i spent a whole chapter arguing on the on this notion that uh the attackers have an inherited advantage because they're they're a first mover they're a first move and they can react quicker oh what's an example someone invents the motor car and the police say what a great idea and they have a a committee to study the use of a car they produce an rfp they get bids they buy a car they have a training program they figure how to use it meanwhile the bank robber says oh look new getaway vehicle right the the and we saw this on the internet right you know as soon as the internet appears you suddenly have this new breed of cyber criminal who like emerges organically and figures out how to commit crime on the internet meanwhile the police who have been trained on agatha christie novels it took him what 10 years to figure out how to defend and i'll argue in general there will be this temporal gap as society increases i mean as technology increases where the the bad actors the lone actors the fringe actors are more agile it is interesting though your story is basically good cops and bad robbers are on a similar baseline and then the robbers adopt enabling technology sooner it may also be a little bit the good cops or just cops right very well resourced use that to have an advantage that they might not have in sheer numbers but use the technology to leverage it i can listen in on a conversation that you can't and then the technology has a democratizing effect that levels the playing field but makes it so that the cops no longer have the multiplier they were i guess either way it's the same outcome i don't know i mean i have in other thoughts where we're seeing power use technologies to effects that we didn't imagine before and there are exceptions to this uh fingerprint technologies is an easy exception right this is a technology that benefited the police and didn't bid the criminals at all or really the the thing that advanced policing most probably in the last thousand years is the invention of the radio that it truly that fundamentally changed the way police work works because no longer was a policeman alone actor in the community he was able to radio for backup and that just changed everything uh right you can argue that and i think this is also true while the the the fringe actors are more nimble the uh the state actors the powerful actors have have a greater multiplier they can make use of technology not faster but once they figure it out to greater effect right so we're seeing that now in the government of of syria using facebook to to spy on people or you know using internet technologies for surveillance whereas five years ago the only people using them effectively were the dissidents and now it's not clear where the new balance is well so i want to just bookmark a little bit as we go because we can put a few ideas on the table and then have a larger conversation so one idea on the table is what i kind of called be very afraid another way of describing it is uh asymmetry between offense and defense i'm an inherent optimist so it's weird to sort of have this dystopian essay under my belt well especially because it's not just dystopian it runs in a very different flow from a lot of your other works such as your work on digital feudalism there's a loaded term for you in which you worry a lot about centralization of certain technological functionalities uh either with private actors the googles and apples or whoever of the world or public authorities the syrias of the world and that's the kind of thing for which it's exactly those folks that would want to do that and encourage that centralization that would benefit from fanning the fears of the first topic you know if you want to be protected from these asymmetries come shelter your website under amazon web services come do your email through gmail and let us filter your spam and well where and by the way i think bruce and i may be the only people in the room still using eudora any other eudora users i saw i met a pioneer i wasn't uh my email client is older than yours challenge i knew there'd be pine users i was just there's that one moment in history that we both tend to it's it's going to be sad when we have to give up eudora because nothing else is like it i keep clicking on as many banner ads as possible just to keep it afloat but uh anyway it so like a second cluster of thinking that you have uh recently is around this sort of digital fusion i want to just give you a little space to kind of map that out and say welcome to the club of people worrying about this actually to me this this does echo the stuff that was that was in your book which i actually had to re-look at after forgetting it and re-remembering it that's a that's a blurb worth putting on the back the book's so nice i read it twice after i forgot it the first time it's actually not that bad so the book or the blurb the blurb okay i've been thinking a lot about about power i mean power and power asymmetry and i see increasingly we're living in a computing world that i liken to feudalism right the idea being if you pledge your allegiance to apple and give them your email and your calendar and your address book and your photographs your life is easy right and they in turn i guess they promise to protect you right you can pledge your allegiance to google and a lot of us pledge some of our allegiance to facebook to amazon i mean all these companies that are increasingly controlling our data right as we move them onto these platforms and controlling our end user devices right the the era of general purpose computing seems to be fading right apple controls whatever what is allowed to be on your iphone and ipad right i mean amazon controls what could be in your kindle and we and last year they they forcibly removed the book it was happening in 1984 which was you couldn't write that stuff you couldn't write that stuff and i mean i like the feudal metaphor because in a lot of ways we are pawns so for example i i found this out recently that while i can that google and apple are two feudal lords fighting and one of the effects is that i can run google maps on my iphone but not my ipad google and facebook are fighting and one of the effects is that google reader is disappearing right i mean these things are happening these companies are they're protecting us but they're also selling us they're using us and it is very much and i can i mean feudalist kind of half history and half game of thrones here you know i really mean it as a metaphor not an exact uh and we are members of no house here right right right we are the peasantry right we are we are we are we are collateral damage i mean dropping google reader is collateral damage the fact that i can't get the maps on my ipad is collateral damage and if if you read about historical feudalism it ended with the rise of the nation state with things like the magna carta and what basically happened is a larger government said to the feudal lords look you have all of these rights you now have to have responsibilities that that having just one is you know is fun for you guys but no fun for everybody else and i i'm i want that metaphor to guide what we need to do on the internet so what's the piece of westphalia here i'm not that detailed what i think we need i was just thinking the next book is westphalia it's not just for ham yeah you know but nobody would buy that or the people would buy it expecting something very different now i i think we need to recognize that these corporations are de facto states which now sounds like mark zuckerberg on at least one day he woke up and decided that was an interesting thing to say i don't know how much he stands behind me i know but but i want to regulate him so he's not going to like where i'm going yes right and that we need to reign them in that that you know on the internet there's no such thing as as a public space it's all privately owned that but but we treat these spaces as public we treat these as infrastructure not as as corporations and it's more obscured by the fact that the basic market model which is i buy something you sell to me and we have this this capitalistic change that that really is the base of the system fails because we are not customers of these things we use right we are users we are product whatever you want to call us so a lot of this is obscured so we're laying down markers here as we're laying down this marker that's roughly by your label in the realm of digital feudalism let me just uh mentioned the kinds of pushback that come to this kind of argument that i'm well familiar with since i argued similar things without the same terminology uh in my work it's the bumper sticker it is um uh and it's also a form of futile ism so it has a nice double entendre going on which you appear to need for almost any book cover don't blame me but uh the pushback includes and i'll channel folks like the mercado center or you know name your favorite libertarian um the first objection to that is give me a break you're a communist all right get past that second is we have more technological affordances today than we had yesterday than we had last year isn't most of your worry front loaded to some future that hasn't at least arrived yet so there is a quality of chicken little because i know i can't get google maps on my incredible ipad mini that didn't exist three years ago talk about the glass being one million empty shrubs but it's a lot it's a lot more than that you know we we know that google collects this data i mean i i'm worried a lot about government corporate interaction we know that google collects this data and we know that the government asks them for it i read an article i've been talking about uh i guess the crazy libertarians about uh on the in the gun control you said crazy i'll i will say it again and i will endeavor to prove it if i have to that that the reason we oppose uh registering gun owners is because there'll be lists of gun owners the government used to use to confiscate guns right that's the argument i'm reading this i'm thinking why does the government need to get a list what if they just asked google whether it's asktaxacom and and i think we're seeing more we remember when uh how does google know how many gun owners there are i'm sure i'm sure in google's data if you ask google who owns guns i'm sure they give you a decent list really based on search terms based on on topics discussed based on purchasing history it depends who you ask the the question is and if not now when will it happen i bet it's soon when will the corporate sphere just in the data they're collecting about our actions have that list right we know that uh the tsa when they were trying to do uh not secure secure flight was called in like 0.5 and 06 they wanted to use corporate data to differentially screen passengers they recognized that data that that ex that we are willingly giving these these companies they could use for differential law enforcement in this case and i i wonder if the era of the government needs to know data from us is ending i can imagine the irs saying you know it's hard to figure out how to who to audit we're going to go to a credit bureau we're going to we're going to ask them to run a differential base what they think your income is what you said your income is and we're going to audit people who who mismatch this is a good idea or a bad idea it might be a it might be an effective idea i don't think it's a good idea i mean i mean so but but it's an idea that we should discuss the possibility of before they go decide to do it without telling us yes okay but now so so getting to sort of the question that when things are things are looking really good why are we worried you know we're at a point and a lot of that is the opt out answer you don't like it don't do it don't carry it but i don't that's not really possible i mean you can't not have a credit card you can't you actually really can't not have a cell phone can you not have an ipad you could not have an ipad but but your your choices are few and if the two choices don't compete on the feature you're pissed about you're stuck i mean you can't fly you know more secure airways you're on a background check on everybody or less secure airways we you know hand you a knife when you get on board i mean you you don't have that ability right all cell phone plans are the market has not spoken or or at least the few sellers in the market have decided not to speak on that issue and it might just be some one-time flyers right i mean there isn't a a a a facebook that won't collect your data which is an interesting puzzle by the way why i don't maybe we should just do a quick market test although there's obviously selection bias and who chose to come tonight but uh how many people would be how many people are facebook users all right let the record show a lot how many people um are a little queasy about facebook the record shows more um and how many people would be okay with paying five dollars a month and in exchange facebook will do zip with any data it collects it expunges it as it has it and offers you six bucks we're gonna run an auction now just five bucks is a how many people would pay five now why is that all right first of all very i'd say uh maybe twenty percent of the hands went up because you asked the question wrong oh the question is how many of you willing to pay five bucks to be on a non-intrusive facebook when all of your other friends are on facebook that's the problem it's the network effect if you're not on facebook you don't get invited to parties you don't get dates you don't get late these folks are on facebook and they're not wanting to pay the five bucks whether they're on it because they feel they have to be on it or they're on it because they like it either way they're not willing to pay the five bucks for the most part sure and some are some aren't i mean the problem and then probably have with a lot of these systems is is they accrete you know we're on facebook i happen not to me but i'm a friend i'm the eudora using freak wait who am i friends with then no i do i honestly i i get gonna turn out to be chuck norris i get email i get i get email from people thanking me for friending them on twitter i'm not on twitter so i don't know who you're friends with this does seem poor security doesn't it spoofing it's only so much i can do but now um this leads to the other i think main objection although we may hear more shortly uh on this riff of mark doesn't like what i have to say because i say i want to regulate them a big part of your objection to these loci of concentrations of data is that it's very easy for the government to get it and yet here you are saying let's have the government come in and regulate these guys when's the last time the government came in in this space and did something you thought improved the situation in this space but i mean so i you have to take a long-term view right i mean this is the only quote we shouldn't tell the senators it's a bill about the internet until the very end longer term longer term the the the quote that lets me survive in this world is martin luther king the arc of history is long but bends towards justice might mean a hundred years ago half of us in this room couldn't vote right 200 years ago a bunch of us were slaves i mean in the long term assuming my my dystopian vision doesn't happen governments will do the right thing how long do we have to wait to do the facebook regulation you want you might have to wait 20 years you might have to wait a generation you might play so we haven't even regulated friendster yet but it's like let's keep on let's see how this thing shakes out law okay i mean short term i'm actually very pessimistic i mean i i don't think i don't think government can pass a good law at this point so you're called to testify mr schneier should we get into the business of protecting the defenseless american public from these economic engines called facebook and google and everything should we get into this or should we just keep on walking for 20 years what's your answer you guys you money grubbing senatorial morons you shouldn't do anything definitely not confirmable right i mean we're living in a world with a very dysfunctional government and this is another one of my threats that that that power is now using itself to increase power so while in the near term i i have actually no hope for i mean i mean i think the update of the computer for an abru abuse act would be a disaster because i can't imagine them making it better i'd love it to make it better but i can't imagine it happening i'm terrified that they'll get their hands but if that's the case i just want to pin you down for a moment here slippery i know it so you have a theoretical answer that says there ought to be some regulatory muscle that could be but not always is flexed that answers to something other than a market that answers to a polity to deal with certain market failures you've identified but in the real world at least for the next 19 and a half years you're gonna see it or it's gonna kick in the wrong direction in which case what should we do right now i don't know i mean and i i i don't know if there's an answer in a lot of ways oh well you screwed i mean we mean what what do we do what do we do in the face of of a government i mean a u.s government that that doesn't even follow its own law yes with respect to data collection data retention and data use that that carves exceptions into its laws right i mean we've learned recently that the fbi has been for the past over the decade uh running fake cell towers uh for surveillance uh almost certainly against law right nsa is eavesdropping uh we're pretty sure that the uh the dhs has collected the uh financial records of everybody under a national security letter i mean i mean these things that are happening are you know absence pretty abhorrent and i mean on the other hand i mean what we all we can do is keep up keep fighting uh last week and i've said this to a few people i've talked to i don't know if people read glenn greenwald uh he wrote a really nice essay on gay marriage where he said it was one of those uplifting things i've read in years he said you know look at what's gone on we have for years been been fighting an issue that we had no hope of winning and in a space uh three months what the hell happened it all turned around whereas it's now it seems that winning is inevitable look don't give up which was his his moral which is more general that his moral was that about that and guantanamo and all the other things he yeah he argues about i don't know i have to believe that sooner or later yes you know and and we've got people working i mean well once larry lessig solves the money problem i'm in so you know i i'm just counting here i count on him just to be like a month ahead with the solution yes as long as that happens yeah we're good internet question mark question mark question mark lessig profit got it somebody needs to alert him but this is progress now you mentioned glenn greenwald that's not a bad segue because glenn was one of the people who had been identified as uh an ally of sort of conspirator wikileaks yes to to something and anonymous in turn managed to hack hb gary federal one of the be afraid be very afraid write us a check profit no question mark there um and anonymous was able to completely uh own them get all of their internal corporate email including powerpoint decks where they made their sales pitches to the likes of bank of america and where they proposed a dirty tricks campaign against glenn greenwald and others but yes and others and i'm just curious i'm curious i know that you you have thoughts about leaks and their value in a society but i'm curious to really think about the function of something like anonymous it feels like a powerful entity that has the future of not being harnessed to right the traditional forces that may be not great but it's also not harnessed to anything how do you think about that there's a lot to be said about about non-state actors i mean there's a lot to be said about that whole uh whole escapade it's you know we're living in a world where a bunch of hackers can you know drop a company and and later than a few a few months later and this this made the news less anonymous told nato not to mess with it we're living in a world where a bunch of guys can threaten nato i thought they were kind of freaking interesting because they've also i think weighed in against north korea saying your time has come um i thought you were going to bring up that anonymous had a war within itself and there was a moment if you if you went to one of anonymous's main pages it said there's a guy who used to be us who compromised our server until further notice don't visit our website anymore you might get owned and at that point i was just like yeah the center cannot hold yeah well i don't know who the falcon and the falconer is anonymous is like a lot of movements that that are that are given you know we we as a species like organization so we tend to assume the our enemies organized reminds me of the way the black panthers were treated in the 60s uh the way al qaeda was treated 10 years ago that we assumed it was this organization you know with with roles and hierarchies and an org chart and you drew a salary and got benefits but in all those cases it tends to be random people who pick up the banner and say i'm al qaeda i'm anonymous i'm this and maybe they're loosely connected maybe they're ideologically connected maybe they're just using the name and it's a lot more diffuse so you know there really isn't an an anonymous there are the people who today have done things and said hey look we're anonymous and what's but what's your thinking around that phenomenon uh i i think the the rise of non-state actors is really interesting uh that they can do real damage i mean it's this will be called the next cyber war but you know it's not it's a bunch of guys there's another thought that came out of my head right it's it it says the non-state actors it's their power uh not being tied to a population makes them much more random and i i lost very well it'll kind of i'll share some of my thinking about it which is um there's a paper that talks about an arrangement reached in the american antebellum north and south between political elites about a very contentious issue at the time the return of fugitive slaves and the north agreed to return fugitive slaves in order to keep the larger peace right and it turned out that the north couldn't deliver because there wasn't professionalized law enforcement the way there is today and in order to get pretty much anything done in a law enforcement context like return of fugitive slave you had to convene a posse which was to say he had asked the citizenry to come help and the citizenry was going to be shampooing their cat that day like they were not interested in doing that and it was an interesting way of applying a template that perhaps subsists or persists only now in the tradition of the jury where before you can just put somebody away you get 12 citizens good and true or however many and have them be the last ones to weigh in on this and that is less and less needed as enforcement becomes more push button we see it with anything ranging from youtube takedowns to surveillance to etc you don't need the posse anymore and i'm wondering is the rise of something like anonymous and many counterparts a reintroduction of actually having to get a good portion of the polity in line with something for it to actually happen in the world or is it something else you know i think that they are one of the first examples that we've seen of what civil disobedience looks like in the internet age you know what what it is what it means to protest what a what a sit-in looks like what a picket line looks like what what and do you have a view by the way on ddos is it sit in and should be treated as such what stallman would say or is it but rocking information remember what i said in the beginning yeah i mean it used to be you can tell by the weaponry now you can't so a ddos is either it's been used for extortion uh in in it happens tends to happen most on fringe industries offshore online gambling online gaming online porn there is ddos extortion it is used for uh for for causing damage it is used as protest it is used because school's out and we're bored it you know so it's used for all of these things actually uh there are cases a few years ago the victoria's secret secret website went down not because of a ddos attack but because of a lot of people wanted to see the pictures but you couldn't tell the difference not exactly this just in but but you can't tell the difference if you're on the receiving end you can't tell the difference so anonymous largely i believe engaged in legitimate civil disobedience and should be treated that way not because of less because of what they did and because of who they are and why they did it so and i mean this is hard in the real world we tend to have not different laws but different expectations around civil disobedience so you know that you'll get arrested and you'll you know you'll you may set a few hours in jail and this is all part of of what we do but of course anonymous if it's true to its name wants the impact of civil disobedience without the part of civil disobedience where you go to jail now in fairness going to jail for 40 years for something wasn't in the cards at a counter sit in right because in in the us at least we are and i think we're doing this because of corporate pressure classifying all of this as you know these these horrible crimes against the internet and and are really exaggerating what these are so i mean i would want to remain anonymous too i we really don't have an agreement among all of us of of what a valid protest is i mean defacing a website right could easily be you know i mean you remember greenpeace and they they throw a banner on on a uh on a smoke stack i mean that that's the equivalent of defacing a website you you make a public statement that those who are or is a picket line you make a statement that those who are going to where whatever it is you're protesting have to see it have to interact with it you know but it's but if you do it on the net you are a cyber criminal and and you get uh a really exaggerated sentence i mean bunches of examples and if your view though i just want to dwell on this for one moment if somebody manages online to disrupt things not just in a expressive kind of way vandalism is almost the easiest case for online protest it's the graffiti kind of right but manages to do so in a way that you know paypal or mastercard not just the brochure front page but the actual functionality the apis aren't working for a while and a bunch of commerce grinds to a halt you're saying in your view the motive of such an attack would be material to you in wanting to figure out how to treat it that feels in in line with with with the way law works i mean we do look at motive you know accidental homicide versus murder well in this case it's intentional homicide but one was for a cause and the other was for money okay so so so it's less okay sorry indeed right i mean so i think i think motive actually does matter i mean i think i think it matters in all in all crimes i've always i've always wondered why you can be tried for murder over here with these horrible penalties and attempted murder for here with much less fewer penalties based on like something as weird as how good your aim is does that make any sense i mean it makes no sense to me it seems like if that's what you wanted to do why should like or maybe how how much the wind was blowing or how lucky you know i mean why should your penalty be based on factors that have nothing to do with intent now i'm not an attorney so it's probably good reas because i mean certainly it's easier to measure the effects than the intent right so i mean my guess is that as we we invent law we could do the hard thing but it's way easier to do the easy thing and just hope it fails you on the negative i wonder how much it puzzles you on the positive should we give a nobel prize for an effort like flagstand i'm sorry it didn't pan out but there was a lot of work that went in that was pretty genius it just wasn't true but there's there's a there's a difference there because there you actually are awarding a result right you're not awarding you you're not passing i mean you could give you can it would be funny if somebody accidentally cured cancer and won the nobel prize and the speech was just like it could happen to you too this would be like the beverly hillbillies of science yes that's right black dna gold that would and that would make a great cal tech team that would make a great sitcom because now he's faculty at harvard he doesn't know a thing and he's got to teach and wow a less unusual situation than you would think but so um i feel like we should open it up and uh to do so and it's being recorded i think it's not going live but it will be produced at your hearing we should see is there a at least one hand held so that there won't be the annoying phenomenon of questions are asked but the multitudes who watch it later don't so let's just let these handhelds find repose and i guess my only suggestion aside from the usual try not to speak unduly long is i'm happy to try to engender a conversation more than a ping pong back and forth so we'll weigh in when we're moved but let's have a conversation so here's a hand here's a hand here are mics and also feel free to say who you are or not because it's being recorded okay hi daniel dern i see enough scenarios here that we don't have the week to talk about it but on one hand you know bruce you go to a restaurant you get ready to your hamburger comes and then the guy at the register says i'm sorry mr schneider but the restaurant computer refuses to sell you another hamburger this week because you you know because your medical records say that's all you're allowed until next thursday on the other hand somewhere in the basement of the fbi there's a big master switch that says all cars except ours stop you know cruise creased would say stop and don't move or even which is the more terrifying scenario or even united or even the government says all network routing devices must use our code you know etc and we're not telling you what's in it like china is trying to do i mean right so that's not even that's not even theoretical so i'm i have to choose i'm not sure it's the scenarios and i gotta say bruce does run a semi-annual movie plot contest it's true so you're all ready you got two entries going there and i as i understand the rules it's to come up with as scary and yet realistic a plot as possible but one for which there's no cognizable specific policy that the government could do that it was a res would be a responsibility so the phrase movie plot threat i coined to be and you see these these overly specific scare stories you'll hear in an effort to to make you afraid that you sound like a great showtime series overly specific scare stories well but you remember them remember remember the terrorists with scuba gear the terrorists with almanacs i mean all those sorts of you know they make great movie plots but you don't want to craft policy around them yet those are and when i first did the contest i i got email from saying oh my god how could you give the terrorists ideas like people actually thought that the hard part of terrorism was the idea that once you told them look you can you can bomb a dam they'd say god why didn't i think of that and run off and do it so just on that one point for a moment there is i don't know how many people remember this but back in the day there was that movie independence day they're making a sequel they're making a sequel arbor day they're just going down the whole federal holiday calendar um and the british internationalized counterpart bank holiday bank holiday two anyhow i'm now confusing myself with what my question was independence day the trailer came out and that trailer featured the white house being blown to bits and i don't know how many people happen to have remembered being in the theater the first time you saw that trailer i at least remember feeling like whoa that was intense and the reaction of the rest of the theater was kind of a stunned silence wow even though there's been plenty of b movies that show godzilla tearing cities apart and even within the cycle of that trailer by the time it was getting stale people were laughing at it and of course now i think there are two movies being released this week which is like the white house blows up even more and there is maybe something i wonder about making certain things more thinkable not by a contest right on a blog but by making mainstream certain acts i i think so i want to address the uh the original the hamburger yes basically what we're saying is do we want the government to regulate our choices that's the question and we do all the time right the the pharmaceuticals you can buy uh that hamburger you know can't have more than there's some amount of bug parts that are allowed and some that are too much it's not zero on the selling side you cannot sell raw milk right drugs on the prescription side you know some people can buy this pharmaceutical the rest of us can't because there's a mechanism by which you can you can get it uh we as society i mean there's a long riff here i i think you can make a reasonable argument that modern advertising is an unfair trade practice that it is no longer a seller informing a potential buyer of the virtues of his product and it's now deliberate psychological manipulation i can't think of any other reason i'm buying most of the stuff i buy so working backwards i can't be to blame so i mean i mean along with my riff on on libertarianism is completely wrong is the notion that and there's a lot of psychological studies to back this up that the point of sale is a terrible place to gauge preferences that that we know that on the long term people want to eat better on the short term man that hamburger looks good i mean i ate one of those damn chex mix bags when i came in here now i would have been way happier this session is sponsored by checks right way ha i mean this is why we have this is why we we've adopted term limits right please pass a law to prevent me from exercising my preferences right but that is a truly wacky thing let me interject right here because this so nicely fits into your earlier riff about facebook and google or kind of you can't just say it's market they're kind of have an advantage and that's why government should come in so the analogy here would be one reason they might not sell you the hamburger is because you signed up ahead of time and said no matter what i do please stop me yeah the other reason might be some bloombergian sunstenian nudge or something where they are actually doing their best to remind you of the kind of commitments you want or the burgers have to be served with blue buns and they may get less escalant that way whatever it is but we but that's an example of the government intervening to save us from the market right because so who's worse in this circumstance bloomberg or big gulp but so we as these manipulations are happening i mean in your grocery store store uh products are paying for eye level placement ones that don't pay get high or low uh those big gulps were were designed for you to so if the government intervenes to somehow someone's intervening someone's intervening yeah intervention is happening we can't we can either say no intervention which maybe we can do or we can try i mean and this is where i have trouble with solutions but my guess is that solutions will be the multiple distrustful parties each keeping each other in check so do we want government intervention to limit corporate intervention and i i think some solutions will have a corporate component a government component an ngo component that everybody will be sort of keeping an eye on everybody else of course this could fail i mean i thought this is the way the us government was supposed to work but post 9 11 everybody fell down on the job right the you know congress wouldn't wouldn't keep the president in check the court said i don't know you could keep me out of this but in theory that's the sort of system i want to look well at the very least it means one can retreat to we really need a self-conscious dialogue about what kinds of forces you know that at least you know it's not much but it's something i'm a big fan of this of the sustained nudges because then even though they are manipulation but the manipulation is happening anyway i mean this is this is my under my fair trade practices argument that that we're being manipulated for profit i mean maybe it's not that bad being manipulated for benevolence yeah now the question is of course who decides what benevolence is i mean there's a lot there's a lot of devil in the details but there's a whole lot of devil if you don't do these details well as was promised this is a week's worth of stuff is there anything you want to say about the fbi turning off all our cars which when i put it that way makes it sound absurd but in fact no but you know the more the devices are tethered the more a government can ask but you want to say something about that before and and we've seen requests for that you know in the event of a terrorist emergency can the government shut off the internet i mean this is being asked cars is going to be uh driverless cars high-speed chase we need the ability to turn off cars on this highway for the safety of everybody i mean you can you can see how that could make sense right or at least how that would be requested yeah but uh internet kill switch has been debated i mean to me that's fundamentally crazy for a whole lot of other reasons you know i should say in fairness the at the time it was debated the senators pushing the bill that was said to contain it said this bill doesn't contain that in fact the government has long since had that authority since amendments to the communications act made in the wake of pearl harbor so um there is i think i missed the internet provision in that was passed in the 40s yes um so we should keep the conversation going if the mike's found another home how about over here we've got someone there so this is not my opinion in particular but i've been exposed to the opinion by people in this computer security community that the way in which to deal with these sorts of problems is that rather than is that everybody should be responsible for their own information technology security that everybody should learn the skill set in full and that if you don't learn the skill set that it's your own problem dan gear is one of the people who's talked about an internet driver's license the problem is it's actually not only your problem you know we are we are too interconnected i mean if you think of ddos attacks and bots your security is very directly a function of whether my mother remembers to turn her firewall back on because if she doesn't there are more insecure computers being used for more but i guess one question is how much low-hanging fruit is there in trying to get grandma to turn on the firewall of all the things that make security hard is there some space comparatively i've tried it i'm not a big fan of user education i think user education is a cop-out i think user education is a cop-out when computer security people like me design crap systems i mean you get these you get these warnings right you see them on your computer a complex security thing blah blah blah blah blah do you want to do yes no and you what you read is blah blah blah blah blah make this but make this dialog box go away that's what you read and you click would you like to continue with what you're doing right okay would you like me to stop annoying you you know it is it is rare that the user can make a better decision i can't wait for the firefox plugin called yes man that just answers all dialog boxes okay i'm patenting that you know so so i i want systems that are robust enough to deal with an uneducated user i mean we can't legitimately say you have to you know you you need to pass a skill test to use the internet we it'll be real hard to turn it into something like driving a car and i'm not sure we want so right now just share with us your best conception of the process of a user checking email from a server whoever the provider might be what would be the best practice using today's technology so that the email provider could make it as secure as possible without the user having to be anybody other than grandma you know what we have today is mostly good i i like seeing the additional authentication mechanisms i like seeing the backup authentication mechanisms improved you know it's it's not a lot so you don't see anything out there that isn't already kind of working its way in yeah and this is this is a surprise this is a surprise really from from your with your book when i read your book you made a really good point that that openness is so much better and that that a closed system will be rejected and i believe that too and we got it wrong people love the iphone and iphone is a very close i iphone is giving you more security because they regulate what goes on that platform right and it turns out much to my annoyance that people like that i mean and this is the problem with the feudal metaphor we we we like these feudal systems because my mother does a way better job with her photos on flickr it's really better for her to be on gmail it's better for her her calendar dress book she loses her phone she gets a new one pushes a button it all appears magically and for the average user this feudal trade-off isn't that bad i'd like it to be worse but it turns out not to be right because the cost my mother is paying is largely invisible it's largely long-term right it's it's it's the along solely the dimension of security against third-party attack it may well be more secure oh it certainly is but but even against the thing i'm worried about i'm what i'm more worried about the third party attack is she making a mistake right you know you make a mistake and you lose your photos you lose your email your hard drive no longer works it's robust against the naive user which is really valuable yes because if we want an internet to be socially useful it has to be technologically easy yes ethan zuckerman uh hi guys i i wanted to return to this idea of the asymmetric attack and the notion that the bad guys get way ahead of the good guys and what this makes us think about open and closed environments and bruce i was working on my entry for the movie plot and i put together two current events one current event was this strange little paper where someone claims that they infected a hundred thousand cable set-top boxes and used them to make a map of the internet hard to verify but a fairly convincing paper suggesting that someone built a little worm that was capable of getting into many many many many set cup boxes and roughly at the same time a really big ddos attack using dns amplification which we've all known about for a very long time but swamping spam house are friends and sometimes enemies who try to knock out internet spam under 300 gigabits per second of traffic a level that many of us thought was kind of unfeasible for those things you put the two of those together and you suddenly have a scenario in which everyone's cable box compromised becomes part of a giant ddos network hitting dns and knocking out servers and and for the first you have to have a broadcast fake news then you've got a really good james bond player so as if that's not already happening for the first time people would not notice people might not notice the first time in all of this i found myself sort of looking at this and going maybe i'm actually scared about this maybe i've actually hit the point where these open systems that for years we've known are riddled with holes because we are idiots about security but we are so resilient because we share information very quickly we adapt so on and so forth i find myself wondering if we're hitting a point where not just on the consumer devices where i think you're absolutely right bruce that people in many cases are preferring the safer environments whether we're going to hit this point on the actual core net do we think that we might be reaching a tipping point on this is that part of what's reflected in you writing something that's significantly depressing and the follow-up to this is is this going to shake zit train at all on this who thus far has been really good about sort of coming back and saying yeah in general we're willing to trade a lot to make sure that we have the openness out there and so far it hasn't been this in the butt is this finally the time we get so i i think i mean that's a good example so and my worry is is really that the fear of these things will lead the actuality i mean this whole weapons of mass destruction debate is largely a fear debate the cyborg debate is largely a fear debate these are not based on realistic threats but you know that 10 20 30 years they likely will be uh i'm afraid you have a point um i find myself wanting to say especially when i ran into that spam house situation i find myself wanting to say yes this is exactly what i predicted because my book wasn't things are great except people are paranoid and the paranoia is going to destroy us that was not the theme it was things may be great now but the better they get the higher the stakes are for somebody to find value in making it worse and unless we come up with a defense to it that is constructed along the lines of what made it great to begin with namely a distributed civic defense for a distributed civic network the most obvious defense when the trolls come is going to be a centralized response a militarized response and that's bad so i think that fits the template in the sense of people are a little bit kind of asleep at the switch or a collective action problem there ought to be ways and there have been ways suggested to secure border gateway protocol to secure dns service and dns um uh servers uh because each of those cable boxes contains a dns resolver who knew that is a public proxy like what so these are the kinds of things that either might be so specific a movie plot that it's hard to go just closing doors after horses leave but that actually had been long anticipated and if the community that has roughly existed to build this distributed collective hallucination to begin with could come up with the distributed defense of it so far the way wikipedia has managed to do with the content layer a distributed content generation system that contains its own defense not just against garden variety and accuracy but against every page being turned into an ad for a rolex watch which you can guarantee is being attempted as we speak um that gives me hope i just worry that the paranoia generated by the very real dangers represented by that incident will have us just say we've got to send the marines somewhere and i agree with the paranoia worry i mean any solution is going to look like some form of resilience and whether it's i mean the wikipedia distributed type of resilience whether it's something built into the internet you know there'll be different different aspects of it but in a world i mean we're seeing people today calling the cyber to cyber threat an existential threat to humanity those words are being used by actual policy makers that is fundamentally a crazy thing to say but you know getting past that is going to be a realization that you know 9 11 well you know the the the existential threat was not this terrorist attack was our reaction to it that if if we have a if we come from not from fear but from indomitability i mean imagine if if that's what you know president bush got up and said yes this is horrible yes we're gonna be after them yes we're gonna we're going to achieve justice but our country is better than this we're not gonna you know the things they killed us for are not we're not gonna change because they tried i mean those sorts of ways and i think that rhetoric makes a huge difference but see up to the minute bruce schneier who worries about asymmetric offenses because we have an existential you know we said in the beginning this is not a consistent talk yes well it is and it isn't sorry it's right cheap shot i'm sorry um other mics yes back here hi i'm gilly i'm a senior at the college here in a former burkton um so it seemed that the most pragmatic solution we have come up with as far as to start a discussion um so i want to ask about how to frame that discussion i think that the role of metaphors has sort of come up here and and we talked about war as a metaphor and it's sort of both a conflation of the threat and the use of notions from national security and then another thing that bruce seems to support to me is the public health metaphor in a sense you know the bloomberg intervention and the sort of making sure grandma turns on the the firewall again are there any other metaphors we should be considering and should we be aware of these metaphors and what they imply and how i mean i think metaphors are extraordinarily important i mean i mean just taking the the cyber war metaphor when you use the word war you invoke a certain solution space right right things certain things that wouldn't be considered are reasonable when you're at war uh for for these type of cyber attacks i much prefer a a police metaphor actually for terrorism i much prefer a police metaphor i think it's more accurate and i think that we as a people would make better trade-offs right you know when it's war when the nsa goes to you and says you know can i eavesdrop on every phone call but you don't say whereas you aren't you say okay you know put the stuff in the closet there don't tell anybody and that's because your thinking is war so i you know i find the war metaphor dangerous uh i i like a public i think a public health model i think actually i think biological metaphors are in general useful for the internet that there's a lot of analog i mean not the least of is viruses and it's funny we're starting to see that go back we're starting to see the the term virus came from health we're starting to see these ways that we're thinking about computer viruses going back into the medical community and they're using some of the tools we've developed for computer viruses to look at the spread of actual biological viruses uh right the the metaphor of how the internet is stateless versus stateful not not uh not from a a finite state but for a government perspective i mean the the metaphor of the 90s remember the the the internet is outside of any nation state right it's turning out to be not true at all and there's more censorship than ever and and then now where there's a rise thing that is called the cyber sovereignty movement which would terrify all of us right where countries are are saying look you know the all of every piece of the internet is in somebody's border and the ones that are in my border i get to control and the eye this is the itu getting involved a lot of this i think you fight on the level of metaphor you get the right metaphor magical things happen it really frames the debate these debates are hard they're technical they're confusing and the metaphors matter an enormous amount but what it's worth the metaphor i'm most uh intrigued by these days is mutual aid and if i'm in a uh a military environment i'll call it a nato for cyberspace but elsewhere it's mutual aid that tries to push against the idea of i wrote my check give me internet and if there's a problem with it it's a customer service issue that a lot of what built it was a form of mutuality and there may be useful ways for people to be able to help one another with cycles and bandwidth with expertise and even at the content layer in times of real crisis that is it a good thing to imagine should something happen natural disaster otherwise uh my 3g goes down my wi-fi isn't going anywhere i'm stuck but what if my phone were a two-way radio that could talk to every other two-way radio in the room and what if my facebook credentials were cached and i could then say or any of my facebook friends in this ad hoc network and if they are i'd like to send them a message and is there anybody on the network that has a pre-cached root certificate that says i'm from the government and i'm here to help because i'd like some help those are examples to me of mutual aid in action it's not a solution to every problem but it tends to be overlooked because it isn't all that helpful in many other public safety defense operations that the other metaphors tend to invoke i like to like infrastructure metaphors yeah but sun had the idea of the internet dial tone i kind of like that i mean and i think there's something to be said for starting to realize that the internet is infrastructure is a utility is not you know is not optional it's like water it's like power and i think that's valuable i mean they're i i be british telecom had a great slogan a couple of years ago called innovation at the speed of life and they meant it to mean going really fast and i thought of it and said wouldn't it be neat to have it slow down like that i'm thinking about the cereal um okay so uh why don't we take a few more questions we only have 14 minutes left wow so my suggestion is that we take some thoughts and they're gonna pile up and be specific but uh bruce has a pen he's gonna write some stuff down i just want to get some more voices in um as we go so please uh so i'm less concerned about threats from the internet to humans but threats from humans to the internet um and if you look at world war ii or war one uh where you had you know a global scale conflict you saw um letters sort of being smuggled across borders and there were some communication was possible but it was extremely limited i'm curious what um if the internet can exist post a global scale conflict where nations are rebuilding their networks and whether the internet can exist during a global scale conflict and what your thoughts on that are let's take some other questions wherever the mics happen to be this may i realize favor people on the periphery but yes i'm eric i'm a law student um so you mentioned that speaking about anonymous that we're going to call it the next cyber war but it's not it's just a bunch of random guys um and yet your emphasis on the asymmetry of attack and defense seems to run against the idea that war can't be about random guys and i just like some comments on that got it i was going to ask you about government policy too but we'll let you succeed uh where's the other mike yep i was going to suggest that the reason you got a tepid response to would you pay 60 for a a less data collecting facebook is that it would be a less useful facebook you would be losing all of the people who like x also likewise suggestions that people tend to actually like getting facebook comes back and says for you we'll still keep that for your five bucks would that get your hand up i don't know but it it in other words you think what you hate is also what you like in in general people tend to like the primary uses everyone likes amazon suggesting books they like based on the books they bought what people tend to dislike are the secondary uses that amazon then sells that data to somebody else and it propagates out we tend to be okay with the immediate recommender systems and and the immediate systems although it is interesting to imagine those applied to people suggesting well people who like this will like this other person especially in a real environment rather than just facebook and that is yeah getting really close people who attended this lecture might like to attend the lecture next week yeah um where are the other mics are they yep um on the central anonymous i'm just wondering how much you think anonymous is sort of a reaction to a loss of faith in the government for example with wikileaks people who supported wikileaks didn't have really a standard way of aiding this within the system it wasn't like the fbi was standing up and saying well wikileaks may not be legal but we're going to hunt down these people who are doing ddos on wikileaks so anonymous is sort of people who said well our only option is to go ddos other people and then we can sort of defend i guess this is the batman theory of uh yeah yes the times call for the person is the other mic floating around somewhere oh right there oh sorry yeah um to go back to the feudal metaphor up my name is hal hodson um to go back to the feudal metaphor briefly um i guess the feudal system became bad when people started getting hurt and you could kind of imagine that at the beginning it was rather nice kind of like at the beginning one yeah you can kind of imagine the beginning google was rather nice and it was so what what's the the internet company equivalent of you know killing peasants because you don't you know because you you're pissed off like what's what's going to happen what are what are the damage equivalents for internet companies of this i think the loss of google reader is the one we got right now google reader is hardly you know killing villagers what what's going to hurt me google reader is just inconvenient what's actually going to harm me i don't i don't think you took away my free product i how dare you i don't i don't think you ben and jerry's i want ice cream every day i don't i don't think you get that kind of harm it is the internet i mean it's not the real world so you're not gonna get you're not gonna get facebook as captain kirk would say for how long mr schneier for how long you're not gonna get facebook spearing its users i mean it's just not gonna happen well there's at least a silver lining to his pessimism um now i know we've piled up a lot of questions you wanted is there anything you wanted to say on what's happened so far before we open it up again well i mean the question i thought was that the the notion of of you know can can a bunch of guys declare war they can do something but i think you know war is is a very specific thing and it's something nation-states do i i argue that what a bunch of guys do even if it's damaging and there's a lot of history but organized crime does it can do a lot of damage we what a couple of weeks ago had uh someone assassinate a a prosecutor in texas and then last week and and i think this is very much i i don't know if it's terrorism i don't know what to call it but a couple of days ago another prosecutor has stepped off a case prosecuting the aryan brotherhood because he fears for his life and this is a a violent action to change policy so you know i'm not sure to call it but you know these if these things even though they're they're bad even though they kill people they're not war and war to me is nation state versus nation state and yes there are these new sorts of asymmetric threats and they are important but is the war metaphor the proper way to deal with it and we screwed this up right we we were we were attacked in 911 and in response we invaded a country because that's what militaries do if the fbi were in charge we wouldn't have invaded a country because that's not what the fbi does now we can argue that invading country was the right thing to do but there was no actual debate about it because the war metaphor was immediately invoked it is funny to think if the president in the wake of 9 11 had said we are starting a full criminal investigation the u.s attorney and the southern district which is what we would have been run out on a road this is what we did with every other yeah terrorist attack to date yes that's what we did after uh mumbai that's i mean uh uh not probably the uh uh kenya about right uh right but it is interesting to see that's what happens nearly a decade later that choice which may well have been sort of by democratic accountability a somewhat uh forced one to assign i that's no doubt debatable it was psychologically the right choice unfortunately but it's interesting that choice then persists in the sense that attempts to downshift into a let's try these folks in the criminal system mode still results in a lot of pushback remember that we were trying to bring one terrorist from guantanamo into new york to try him and right there was actual fear we couldn't put him in a u.s jail and i'm thinking what is he magneto i mean he's just a guy yeah but there there's there is is this fear i think obama had had the opportunity to change it yeah when he took office he could have said and it's a perfectly reasonable reaction that went actually the congress actually passed a statute yes authorization act that prevented it yeah um there was one other quick thought too on uh your notion about when you have prosecutors withdrawing from cases out of fear for their physical safety that's what happened in the u.s right the habit that happens in other countries or other countries where you have judges wearing hoods right right i mean that happens in mexico that doesn't happen but it gets back to the question of if our own primary institutions are faltering does that push for alternatives and to me it calls to mind a book uh to be published by yale university press called the cartoons that shook the world a very scholarly treatment peer reviewed of the muhammad carter wow denmark and it included not only the cartoons in question but depictions of muhammad over the centuries and yale university press did a security review prior to going ahead to publication and concluded that it was not safe to publish and insisted that all of the cartoons and all of the other depictions be removed from the book and the book was still published over the objections of the author it was removed the book was published without them and when yale responded to assertions that they were kind of giving in to threats of violence kind of thing they said well you know you can just get to them on wikipedia so what did you need us for it and it's an interesting kind of point that wikipedia there's not even enough of it there there to decide whether to take the cartoons off that they're a click away and in fact there is a discussion a talk tab on the page about the cartoons on wikipedia talking about offending sensibilities not threats of physical violence and they decided it would be a very small thumbnail and then you could click if you wanted that was the wikipedians solution but then that goes to his point of of anonymous being right a lawsuit that's what i mean and i think if you sort of look at at their activism it is both a frustration at the institutions who are who are be who are behaving badly and a belief that the institutions aren't aren't going to follow through and what they should do so my guess is the mics are in two hands currently or about to be let's do those last two mics and then we should wrap where are they uh right here sir adrian gropper you invoked less sig and the gay marriage flip and uh the question is how optimistic can we be that the nation state becomes redefined by the internet in time to save us from this apocalypse that is that is the question so right so the question really is is the relative speed of social change political change and technological change right that's your question it's a really good one detecting a theme in tonight's uh talk yes hi pete devlin i was wondering whether at least in some cases uh we don't have to be so afraid that the government has access to our data so we talked about them using our financial data to decide who to audit and if they're mining through our data everyone's anonymous as they're going through until you are identified as someone likely to have committed tax fraud and whereas before the internet they would have had to break into your house look around see if the pool's in the back or not and that seems to me like a much more fundamental invasion of privacy than just seeing your anonymous data and then pulling out the committers and in a lot of cases you can build you can build privacy preserving systems i mean already we allow the police a remarkable level of intrusion into our lives we do that willingly but we put in a security mechanism right the the warrant process is meant to be a security mechanism so i will allow the police to intrude in my life but they have to first convince a neutral third party that is in society's best interest to do so the rules about telling me they did it after the fact there's a whole lot of mechanisms not to limit what the police can do but to limit how they can do it and so that that's our trade-off to make that work now those sorts of trade-offs are certainly possible in all of these technological type of of surveillances investigations data collections we're not doing any of them uh you know an example is in full body scanners at airports right there that you can either see the picture or you can blur out the the human form and see a stylized picture and just the contraband objects you're looking for right you know they they're both technologically the same uh larry lessig does there's the great point of the license plate right the police say look we need to know who's who driving the cars because the cars are hitting things and killing people and driving away and that sucks our idea the police says is to put everybody's name on the back of the car right someone says wait don't do that that that loses anonymity put a random number on the back of the car we will give you the police the database of random numbers attached to people and that way you can look cars up when you need to right that that's a mechanism that pres that gives the police what they wanted but preserves privacy and there are a lot of really clever things we can do to do that we're just not doing them which also tends to raise the question that often divides engineers and lawyers and you kind of gave the lawyers answer descriptively speaking which is well we can hash it we'll have a table and then the government can consult the table when it has good cause and often the engineering answer is i never trust them to have good cause i want a fake license plate or no license plate or something there's an argument to made to me that one of the solutions here to you know the very invasive police measures is to give the police better tools yeah the reason i mean they're just trying to do their job in most cases yeah and it's a job we want done and the reason they have to be so so expansive is is there's no there aren't that we don't have the surgical tools and if we could design them we'll have a better chance of having them not do the things we don't want them to do so speaking of engineers and lawyers this event is co-sponsored by the center for research on computation and society at the school of engineering and applied sciences and the berkman center for internet and society of harvard university but often identified with harvard law school and i think tonight's conversation has been as kaleidoscopic and free-wheeling as it was promised to be um and we're still trying to figure out how to make the most of a physical gathering like this a gathering augmented by the various technologies we know are happening at the moment in the background there could have been a big twitter feed or something on the screen behind us but these are threads of conversation i think that show first how hard this stuff is and not purporting to have answers where we don't yet have them and that also really cause us i think to ask how many of our solutions can be general type solutions a sort of approach that can work from zone to zone to zone or how much of it is just trying to fix one leak at a time and do so in a way that may feel like your movie plot example which is you just keep closing barn doors but it provides i think a lot of puzzle that we continue to work on in venues very different from a public lecture we're very hopeful that bruce will continue to be in our environments here in cambridge uh and virtually and we'll have chance to continue the kinds of conversations that are happening here and i actually actually really appreciate the conversation this is this is stuff i am as you can tell still trying to figure out so i'm glad it's been it's been taped because i wasn't taking notes but i will listen to this again for that i said stuff i didn't realize i was going to say and you guys there's a bunch of people tweeting stuff that you were friending you on facebook now and we have to tell them it ain't you okay there actually is a facebook account that mirrors my blog and there's a twitter account that mirrors my blog i control a facebook account but not the twitter account someone else set that up but i never actually visit these sites all right then so so don't don't don't don't send me stuff on facebook so please join me in thanking bruce schneier for a very provocative 90 minutes you

Info

Channel: The Berkman Klein Center for Internet & Society

Views: 6,034

Rating: 4.7735848 out of 5

Keywords:

Id: 8IdQzYuhCHA

Channel Id: undefined

Length: 90min 21sec (5421 seconds)

Published: Fri Apr 05 2013