How the NSA tracks you (SHA2017)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] I am very honored and proud to present you bill binney on this stage and he will be telling us the perspective from the inside of the NSA because he was a technical director of the NSA for many years and worked in the intelligence services for more than 37 years he is a child of the Cold War and worked throughout the Cold War decrypting and breaking ciphers from the adversaries of the US and back then he used to call himself the deductr of the world in a sense so please give it away for how the NSA tracks you with bill Binney [Applause] Hey [Applause] Thank You Ike I'd like to say it's nice to be back in a large with large numbers of people with character and integrity which when I worked at NSA not too many people had and I could get into some of that story mostly I worked I didn't work on the programs that Phil Zimmerman was talking about this is the commercially available stuff I was all looking at military and governmental encryptions and codes and and activity so but the same techniques apply to any system I mean it's not something that and I was on the offensive side not the defensive side and I know I knew snow and the defensive people and I went to talk to them once about saying here I had all these solutions on the offensive Sidon and can you tell me how you're designing the defensive side because I thought that they should be parallel you know we mean what what we were doing they were doing and they wouldn't tell me so that shows you the same kind of there's that kind of communications now like for example for cybersecurity or all the attacks that have come out of vault seven and the NSA exposures hundreds of millions of lines of source code on attacks on you know firewalls switches servers operating systems all of that that's thousands of attacks and we've only seen a few of them so far used to in the world and you can just be ready for a much rougher ride because the offensive side knew all these things were weak in existing the defensive die didn't and they never fixed anything so we were all vulnerable so we all got attacked and so now they say every time you get attacked we need more money more people a more Empire you know so it's a swindle we're all being swindled by our governments if they if they would only fix the things they knew that were wrong we might have some security you know so but instead they don't so at any rate I didn't when I left NSA I did that in at the end of October 2001 because they started spying on individuals and not groups of bad guys okay so that meant they were scooping up everything from everybody in the world and it's much more extensive than anybody thought it's more extensive than even the slideshow but because and in order to store all this material they had to build the Bluffdale 1 1 million square-foot facility for storing data and last year they broke ground for a now a 2.8 million square foot facility on Fort made it took out a 36 hole golf course to do it so I mean the point is if you collect everything as a ever increasing amount of data year after year which means you need ever-increasing data storage facilities the store at all so all you have to do is watch and the way we the way we found out about this was to look at the every time the government wants to build something they have to file an environmental study so when they when they want to put in this very large building they had then also submit an environmental impact statement and study to do it before they did so we're looking at those and seeing what they're building so when they do that we know well this is on Fort Meade and it's the its NSA doing it so you know everything on virtually everything on Fort Meade is NSA anyway so that that game is the knowledge of the scale of what they're collecting and what they're assembling for example in Cisco who sold them the routers to route data to the Utah facility estimated there was a small article they wrote the years ago that estimated that by 2015 the amount of data going into the Utah facility would be 966 exabytes a year that's about as ADA byte so that's why originally years ago I estimated that the capacity of Utah was about five Zeta bytes I mean it's my guess you know it's a lot of bytes anyway so any rate I felt I didn't have to take anything with me because everybody in Congress when I left I you know they all knew me they knew what I was doing most of what they're doing to spy on everybody I designed anyway or had a hand in it so they knew all that so I felt I didn't have to to to bring any material out to to validate anything I was saying because they all knew I did it so I mean I I naively thought that I could do that and go complain through the channels the intelligence committees and the Inspector General's and they would all take some action on it well what I really meant was when it came time to actually hearing what I had to say Congress never invited me in I mean I testified in the Bundestag I testified in the House of Lords in the UK but the Congress would never hear me because then they'd lose plausible deniability that was really their key they needed to have plausible deniability so they can continue this massive spying program because it gave them power over everybody everybody in the world even though members of Congress had power against others they had power on the judges in the Supreme Court the be the federal judges all of them that's why they're so afraid everybody's afraid because all this data they had that's that about them the the central agencies the intelligence agencies they have it and that's why senator schumer warmed President Trump earlier a few few months ago that he shouldn't attack the intelligence community because they've got you know six ways to Sunday to come at you that's because it's like J Edgar Hoover on super steroids they have they have the same kind of data that you read on everybody so it's leverage against every member of parliament and every government of the world that's that's what I thought was from so I I thought like when when average Snowden came out he came out with material and slides and and and publications by the government about the programs they were running that gave me and that was the stuff I left them so it gave me all the opportunity to pull it together and say this is what they're doing this is how they're doing this what it means and that's what I've been trying to do so I assembled some slides here to give you some idea hopefully a better idea of what's going on and I also assembled some slides to show you what they should be doing I have one only one case of an unclassified version of big data analysis which is what they should be doing and they aren't that's why people are getting killed that's why I said in the UK that bulk data kills people because all the analysts in the UK and the end up in mi5 and in and in GCHQ assumed in the FBI and NSA they are buried in data and they can't see what's happening because there's just too much data and they're using the old techniques of word searches and stuff like that that's not the way to do it at all it's social networking is the key to solving all of these problems solving them quickly and making all the data content problem a manageable thing now I'll take you into that so here hmm these are the these are the ways that they basically collect data first it's they use the corporations that run the fiber-optic lines and they get them to allow them to put taps on them and I'll show you some of the taps where they are and and if that doesn't work they use the foreign government to go at their own telecommunications companies to do the similar thing and if that doesn't work they'll tap the line anywhere they can get to it and they won't even know it no the government's know that communications companies will even know they're tapped so that's how they get the into it then again into the fiber lines and this is this is the prism program is really where they have the the the companies involved that's down there and the list of them this came out was one of the first first things that was published out of the Snowden material and they were all focused on prism well prism is really the the minor program I mean the major program is upstream that's where they have the fiber-optic taps on hundreds of places around the in the world that's where they're collecting off the fiber lined all the data and storing it but President was simply there their way of putting out something where Congress and the courts could look at it and say well we're abiding by the law a year we ask these companies for this data and we have a warrant for that to do it so you see we're binding by law when an upstream they were and they were taking everything off the line also they're the muscular program was a parallel one which basically did the for you know yahoo and google and a couple others they unilateral they unilaterally tapped the lines between their data centers when they transferred data to back it up and so on they got everything they had and they didn't know it okay so that was their main thing that the muscular program from those companies plus the upstream is really the main one and prism was only one small input to the data that NSA was collecting worldwide these are the kinds of things they have that I mean it's satellites all kinds of collection the real big one is over there see any computer network exploitation that's where they're implanting either with hardware or software both into switches and servers around the world and they can make them do anything they want because they own them so if you sent data anywhere through those switches or servers and there's tens of thousands of them in the world they basically own the network they they have access to it they get it so all of that is feeding another program that they call treasure map and this one just says well we want to know where everything is in the world every minute of the day so it's not just collecting what you're saying encrypt it or not but it's also monitoring where you are when you do it and that's basically done by this is a kind of the geography of the world and there's the physical layout of the fibers and the microwaves and the satellite towers and everything and then that maps to a physical Network and then logical networks who's communicating across them that maps to be equipment which in turn maps to people and that's how they follow everybody this is also when you have cell phones for example how they take GPS and use the drones to target to target people so I think Jacob Appelbaum was one who said CIA or NSA watches them or tracks them NSA tracks them and CIA whacks them right at em and the way they do that and there's 1.2 million people on the drone list according the last number I saw I mean that's crazy I mean you know if they weren't even they are making they aren't verifying who they're hitting they're not dummy they just go out and kill people all the time this is insane and I keep telling I call that program random slaughter because that's about what it is that misses why I get in their face every time I possibly can in the u.s. because they're doing stupid stuff it's hurting a lot of people any rate that's that's the treasure map all the material they collect from all the sources goes back into these programs back inside NSA over here on that rectangle over there where that's basically a square fundamentally I mean this was the entire design these programs mainway and marina are basically that graphs of social networks that map into the databases and pin well the internet and nucleon the voice there are basically two systems are following public switched telephone network which is all the phones fixed mobile satellite okay any kind of song and the input of that into the that all all that content data then goes into nucleon and it's indexed up there by the Mirena program so that when they want to see who did what they have an index off to everything they ever said in their database so this was the whole design I left them and they haven't changed the damn thing in 15 years 16 years so that's real progress for you but any rate one of the things to look over here and aside is that both CIA and the FBI through the FBI Center in Quantico Virginia have a direct access into these databases and and the entire graph not only do that but they also use that for police around the world so it's a straight violation of everything all this data is collected without warrants so you know it's a basic violation of the rights of every human and a court of law and that's what they're using they're using it the rest people and then they pull the substitution I've got some slides on that too and these are other people who have access to it with the five eyes group over here they have direct access into the into the NSA database right here and so do the Drug Enforcement Administration defense intelligence a deep FBI CIA all these people have direct access to all this data and it's children's data as well as everybody on the line because they take it all so it's nothing there's no distinction they don't filter anything it's just capture everything this is what a general like Xander said and then with hill-station a few years ago he said all we have to do is collect it all and that's what they're doing the problem is once you collect it all and and they have the impression or they give the impression that data is intelligence right when you collect more data add more intelligence it's not the point is you have intelligence when you understand the meaning of what you've collected if you can't do that I mean you have nothing but a bunch of data and that important unfortunately that's that's the perspective they have so they think collecting more is better instead what happens is it buries their analysts and buries the both the police and they and the intelligence people they can't figure anything out so you know what the consequences a planned attacks happen because they don't see them coming and they can't prevent them and so that's why I said when I went to the UK to try to stir them up you know I wanted to get them a upset I said bulk date because they were getting ready to pass the investigative powers bill the bulk acquisition of data on everybody in the UK as well as everything everybody they can possibly get in the world I said bulk data kills people and the reason I said that is because of the inability to stop terrorist attacks for example I mean we continue to see these things today I mean nothing has changed they're still going after more more data more you know more people more of an empire and they still can't figure out what they've got but they're really good after the fact after the fact once they know who did it they've got all the data on him that he could go directly at them the other thing it does give them though is the power to to manipulate anybody they want or do industrial espionage or or if somebody's if somebody is getting a political group together or getting politically active and they don't want them they have the ability to target them are you using this data I mean it's just it's just they're all they have to do is go at it so they can target people and use it against them but they can't look at all of it the figure out who out there is planning an attack on us or its gonna smuggle weapons or smuggle doper and if that they can't do that because they've got too much data and they're using stupid searches like word searches well you know if they use the word bomb you know if they're looking somebody planning a bomb or building a bomb we could say if you say in an email to anybody well you know the quarterback threw a bomb at the last to win the game you know what your your email is gonna be picked up by that word search and it's absolutely irrelevant to anything they're looking for that's the point that's why social networking of focusing in on those networks that are involved in terrorism or the ones you know with the seats you have you can focus in on them and all I would point out that all of the terrorist attacks that have ever happened before or after 9/11 have been by people who were known by either the intelligence and the police or both so why weren't they focusing on them if they were they may have a chance to prevent the attack instead they're looking at this bulk stuff I mean the it does it does spend a lot of money it employs a lot of people so it's a good what I call a happiness management program but the point is that to keep it going sometimes people have to die and that's that's if that's just on its unamerican first of all you know no American would do that no one would sacrifice the lives of anybody for this crap but they do and they do it because there's a big empire behind this I mean to collect all this data the intelligence community mostly NSA has spent somewhere close to 200 billion dollars since 9/11 just to get the data I mean there and they built an empire worldwide to do it and they've got all these all these countries come that are participating in that so and and the big the closest are of course the easier I should point out that you see this date over here down at the bottom right 20 3201 8 that's the eighth day of January of twenty thirty two that means it's the first review classification review for this slide 25 years so if you subtract 25 years from that it's the eight of January of 2007 or 2007 that was the date the slide was created so this was a state of things in 2007 right if you look at all these slides you'll see many times they'll have a date there and you can figure out well this is the date of that of that program you know so any rate this is where they use the things for the rule of four the sod that's the Special Operations Division of the Drug Enforcement Administration the police they they have also the FBI CIA NSA the DHS the IRS all have representatives on the sod and they all look into the NSA day the IRS is supposed to be there for fraud you know and things like that but they use the data against the Tea Party and the and the FBI use against the Occupy group and other political parties were attacked similarly and of course they of course people looking to unmask information about individuals that's done through these kinds of organizations you know or they can request that through directly to NSA so all that's done by see the problem is as a human failing here is that the people given the power over others eventually they use it you know that's historically true it's a weakness in humanity you know that's that's the real problem here there's no way of checking there's no checks and balances at all involved in this at all they Congress says and the courts say they have oversight that's a joke okay they don't have any oversight even in even after the snowed material came out at the head judge Reggie Walton on the FISA Court the Foreign Intelligence relation court said he came out and said try to make an excuse for his court and the judges on it that they really didn't have a lot of the capability of verifying anything at NSA CIA or FBI were telling him in fact he doesn't have very little he has none he's totally dependent on them telling the truth and they only tell them what they want to tell him his same is true with the intelligence a committees in Congress and the same is true in every country of the world no country in the world no government of any country in the world has any control of their intelligence ages they do not know what they're doing and they have no control of really of any of them they can't stop it they they would say they go to oversight but in when they go in all they're told is what the agency wants them to hear so they get the DES story - or the story of the day from from that agency that's the problem I see but so in order to do this you see they don't tell any that attorneys the judges or anything you never sign anything never put it in affidavits there's no documentation that they used NSA data or NSA collected data from all their collaborators to do any of this and so what that means is they have to do a parallel construction they reconstruct data or go out and get data that would they could substitute in a court of law for for the NSA data because then they could use that as a justification for the warrant which they didn't get in first place so but so that basically means they're perjuring themselves in a court of law now this is not just for us in the United States anybody who has a rep who has any relationship with the FBI the DEA worldwide they're all getting insight through these programs and so whatever actions they take are based on the unconstitutional collection of data by the NSA and the CIA but they're still using they we in fact one of the one of the federal agents using this data set commented to a Reuters reporter this is a Reuters slide he said you know this is such a great program I just hope we can keep it secret well what does that mean it means we have a secret government right when you marry when you marry the intelligence agencies with the police you have a secret police now in Germany they call that the Gestapo or the Stasi so I refer to NSA as the new Stasi agency and unfortunately that's you know we haven't been able to do anything I I am attempting to do everything I possibly can against these people I have four times 40 supporting four separate lawsuits against the president at trump a previously against President Obama and the intelligence agencies of the United States for unconstitutional collection of data we have to do it for our laws with our Constitution governs violation of privacy rights of US citizens so we're attacking them that way in a court of law and I just got my first chance with the Third Circuit Court of Appeals to sub-sub submit some of this and NSA data about their own programs into the court of law now it's going to be tough for NSA to deny it because now it's in the federal courts these this is the court that's one one level down from the Supreme Court in the United States and it's at four separate circuit courts the one in the second one in the third one and the ninth one of the 11th so I'm coming at them as many from as many directions as I possibly can and hopefully one of them will get through to the Supreme Court and when it does we'll get to them and if we fix it I mean and if we fix it why hopefully that'll spread around the world to the rest of the countries who've adopted this from because we started it okay you know we started it we Americans were the first one in the bulk collection pit the rest of you came along a little later that's only because we were close in and it was convenient no so we got it first any rate the point is they're all doing the wrong thing for two basic reasons number one it buries their analyst with a with too much data so it makes them totally dysfunctional II can't figure out anything and they're just losing it and I by the way I provided from Edward Snowden's material copies of memos written by internal analysts in NSA and mi5 and various other places saying that they are buried in data they just can't figure out anything they've got too much data well I gave that to all the to the House of Lords as documentation of what I was saying was true and they simply ignored it so but but the main problem I had from the very beginning was it was a total invasion of the privacy rights of everybody on the planet starting with us in the US but to me that was the I mean it took me one week to get out of NSA once I found that out I mean they were using the programs we you know were that were developed in the sicken automation Research Center which I was founder of and the the people I had building those things were the ones they had to depend on to implement them worldwide on a scale that is still growing there was no limitation to the scale I mean we did flat B plus Street type flat threat file indexing schemes with which meant of you if you needed more or more space you simply add in another server spread out the graph you know and so it didn't there was no we saw no limit to anything we could do I mean we'd already taken in trillions of transactions and that wasn't a problem at all so once I found out that they started taking in everything that they can tell the telecommunications companies were having in terms of us communications principally in starting with the public switched telephone network and then starting very later there very shortly after that the internet and the and the basic the World Wide Web it took me I found that out in the second week of October 2001 and it took me the week and a half to get out of the place so I got out Holloway Halla Halloween Day 31st of October 2001 and since then I've been I've been trying to advocate internally in the NSA and the intelligence committees and the Inspector General's of the post Department of Justice and Department of Defense to have them I mean this is obviously this is totally unconstitutional it's a violation of the pen register law Electronic Privacy Act like chronic Security Act any of the laws in place to cover FCC regulations governing any of the telecoms that's why the telecommunications companies had to get retroactive immunity in 2008 because they had so many laws that they were violating every day and you know they're still doing that so so the point was that they were all in it together in each one of the committees and the in the and the courts had to protect one another was a cover-up because they were all involved in this in the White House it was the starter it was actually started by Darth Cheney I call him Darth Cheney because he went to the dark side what he said anyway sorry right in the meantime we had been advocating for a targeted approach where you went after groups of people that were doing bad things that you could easily define it by social networks in the in the world either in the public switch telephone or even in the internet we had no difficulty doing that at wine speeds a fiberoptic race we were able to session eyes fiber-optic rates that stem level transmissions in 1998 so from there on we were able to do deep packet inspection on all that stuff and reconstruct everything on the lines and so we we were we were able to see networks and we built all these social networks using the transmitting the routing data the IPS and and the addressing schemes of the Internet as well as the phone network and we had no difficulty doing a targeted approach then of using that data to filter out what was relevant to targets we were interested in or should be interested in out of the out of the flow of information around the world at whatever rate they were doing it we simply subdivided and conquered it by by the divide and conquer approach so I mean that that was our way of doing it then our targeting approach we even took the Customs and Border Protection after we left the NSA and one of the ways we did that I mean this is the only unclassified version I could take a big data okay it's the only thing I have so we went down there and we had a bureau of industrial security up there of the commerce department published this alert because some military in Iraq over ran the bomb banking factory and they found some some parts in there and it looked the parts they saw that part numbers and I think they traced the part numbers back to companies in the US selling them to Iranian companies in Dubai no the reason they located in Dubai cause it's outside of it ran its outside of the exclusion for a trade and so they they operating out of Dubai they could order these parts you know so the Bureau of industrial security had to alert everybody in the world that this was going on so we took that and used Google and on the web this was some more of the data they had so but but we used it and went on to the web and googled all the things and started looking at at the data this was also given continued now whoops where where did it go wait did I do another one here I lost the slide in the middle perhaps that's what the screws were why the screws were removed okay but this was on our Ian's computer today right we found I can't see it here so it's missing yeah it's missing okay that's what they were doing okay we know what they were doing any rate what we did was we went out we added all kinds of information to that looking at that we added fax numbers phone numbers addresses more data on people involved and more company names involved and then in the end of it just before after the best report came out they they once that was out they took all the names of the companies they had off the web and then and then put put other I kept that date out of the way because then they thought that this that this and accustomed aboard protected we're still we're still looking for the old data they didn't didn't have that confirmed so they removed it and they changed the names but in the process of changing it they they used one of the new numbers phone numbers with some of the old data so that gave us the N and we then traced all to the new data they went and as they went we followed them but we didn't lose the thing of course the customer Border Protection and the Pentagon and various other people intelligence it was it but we used Google and followed them so we provided all that data to them and since we didn't trust the US government to do the right thing we also gave it to our counterparts in Canada because they were using losing people from ie D attacks too so we didn't trust our government to do the right thing so we passed it up there too they of course did the right thing we didn't of course but the whole idea was you we we compiled all this list of information that we got from them and from those approaches and gave it to gave it to Colonel woody at the Pentagon his he was the group that was looking at the AED you know prevention of ie D attacks and so on so we passed all this data down to try to cut the supply of a parts going into him the reason they used different multiple company names to do the construction of the IEDs is because each company would order a different part and the idea was that if the customs of border protection looked at a given company which is the way they do it they would only see one part of an ie D and never deduce that they were putting together an ie D so unless you collapse them down by a common attribute like they're all sharing the same phone number or they're all staying in the same address or something like that to put these multiple companies into one place where you see the whole activity then you sum it all together by their names and you see the IEDs so you can see what they're doing when you do that and so we proposed the custom of the border protection that we do this for them they had a small data set of about a half a billion records over ten years of imports and exports that was like one import could be a thousand cars on a ship you know so it was like half a billion records that and they said it was a real mess because the the data was dirty and all that we looked at there was a goldmine there's all kinds of information here phone numbers on addresses so we could lay out the entire all the entire world's phone numbering schemes and how they change as they changed since they put these things out there so we proposed to them that we scraped the entire world websites and pull together consolidated list of however many million companies that were in the world one to two hundred million something like that and be able to do a collapse on this and study all those and find those who were doing was showing attributes of doing something illegal which is what this multi addressing scheme implies so that would define a set of suspicion zones of suspicion for companies and involved in the world trade and we estimated that from our study of that we scraped the entire website the pars guide was the website in Iran in Dubai listing all the Iranian companies in Dubai there were five thousand thirty two of them and when we did that we found two hundred and twenty two different company names that sub grouped into fifty five different groups that were doing different nefarious things for the uranium government like smuggling dope weapons that kind of thing by getting buying equipment for IEDs and and looking around for things like that would help them with triggers and nuclear stuff and so we needed we passed all that along to and of course our government is just too dense to to really do anything so once we did that we said we'd estimated that the entire world would produce perhaps forty thousand targets for you to do targeted selection of searching of incoming crates and imports and and don't do exports of these companies so we thought we could do that in the first run of our data and it would take us six months to correct all the data and make that happen with Kirk Wiebe myself and two programmers but that was too cheap you see that was they wanted to let a 1.2 billion dollar contract to IBM to do it so they fired us brought in IBM so and they still haven't done this by the way and so anyhow oh here is that this is the Alton the ultimately thing thing that came out was they they indicted everybody it was involved in all this they arrested a few of them in Florida but some of them were back in Iran so they couldn't get to them but they left the indictment out there and but it took him two years to do the indictment from the fact from the time that we found all the data that's a really fast judicial sub process right so but this was something they could do worldwide on everything every possible criminal activity in the world by looking at that social networks looking at targeting approach which would give everybody privacy views that as a filter right up front nobody's data gets taken in unless they are a part of a criminal activity or falling into a zone of suspicion around that activity so it would give everybody in the world privacy and but that's not what they wanted they didn't want privacy they first removed our filter upfront so they could take in everything then they took away all the encryption we used to give privacy to people once we took the data in until we had a warrant and they removed that and then they removed the auditing routine in the back that looked at everybody that came in and what they did when they came there where they went what data they looked at what they did with the data and they removed that because they didn't want anybody to know what they're gonna do they didn't even want internally anybody to know so it's not just that they're keeping secrets from us they're keeping secrets from Congress and everybody else even people inside their agency because the vast majority don't know I think there's only about 3,000 people now inside NSA that really are involved in one way or another or no directly evidence about this this program so that's the that's the sick part of it you know this is like a secret democracy that's not it not a real democracy I mean the Goethe said it pretty well you know he said no one is more hopelessly enslaved than those who falsely believe they're free and that's us sorry rate I put this little thing here I try to get another way hope you can see it I can't see if the what's this thing doing here well we have more details about our startup soon we Kirk and I her in in Europe because we can't get anything done in the US so we're gonna get done we're gonna advise anybody any organization or government on ways you can do privacy and security by design and we're going to help get one of those capabilities up and running here in the in the Europe somewhere because obviously the US and the UK are too dense to realize it can be done actually it's their their agenda is the one that's driving them and that's one that means money power and control and the way you get that is to take in data on everybody in the planet and that gives you that power then you can swing though money because you can let things happen because of the way you're doing business things happen and that's more justification to get more money - it's like a swindle I called the Terrorism thing of trading privacy for security live from the beginning and that's just the way they swindled everybody because when the way they took in all the data that made they couldn't stop anything I mean more people get killed they say they need more money more people maybe bureaucracy to stop it they'd yet that and more people get killed by another attack because they get too much data and they keep dumping more and more on people it's just they're perpetuating the same problem they're not facing the issue they don't realize what the problem really is and and people are dying as a result so we're over here to try to do something about that and hopefully we will get there see I have another slide here right no thank you yeah Thanks okay I guess now we can take some questions anybody have any questions you want to ask yes if you have questions please line up at the two microphones at the front then at this Center there and now gladly yes please just go ahead hey thank you so much one question comes to mind being the technical director that you were how did you end up noticing this rather than approving that or knowing of all that from the very beginning well see as the technical director I was looking at what is the what is the biggest problem that the analyst in E in the NSA had it to solving problems and predicting the intentions that capabilities of people are going to hurt people or criminal activity and it turned out to be the digital explosion of communications cell phones the internet and so on and so I had to design a way of getting into it but but I it was parrot it was pretty clear that in order to do that we we would be violating everybody's privacy unless we did something to eliminate that so that's why I built in a social targeting and pulling out only that information letting everything else go by and that design was one of the things they didn't want they wanted to take in everything so they wanted to get rid of that filter but you see in order for NSA to put that into place and get it running they had to use the same contractors that I did to have my program built because they're the only ones who knew how to put it together and get it up and running nobody else in NSA did and they had no other programs that could handle the massive amounts of data so they had to use my program it's when they did that some of them came to me and said you know what they're doing and he said they're taking in all this data on US citizens down the hall from us and and building these graphs and everything and just doing or analyzing all and violating the privacy of everybody in the United States then of course after that spread to everybody in the world but but that that's how I found out about it and once I did that that was first time to me I had to get out of here I knew no one would do that in NSA without approval from above and that came directly out of Darth Cheney's office yeah question the filtering and targeting of shorter social networks needs a lot of data and then you can extract veterans and then you can throw away the data because you don't need it anymore you said right well you can you see if you there's a couple ways to do it you know one if you have a seed that is you know a bad guy you could look at his social network and build from that and then you could say one degree beyond that as far as I'll go to pull data in it really ends up two degrees from the bad guy but you only pull data in from one degree from him and so that means that you're focused all the rest of the world's data goes right by and that's what you pull and the metadata is the way you pull it out because that gives you the ability to I mean you're looking at the data that's required for the network to route data and if you do that then it's easy to pull all that data out and that's all you really get and it gives people privacy and you get a rich environment for your analysts to succeed that's what they don't understand I'm still curious how can you at veterans from things you have never seen before because actually unexpected yeah we used actually two approaches out of three but it was deductive inductive an abductor approach the deductive approach simply said it's dealing with the graph if you're in the graph and you're close to within proximity of to ops of a known terrorist then you're going to be in a zone of suspicion you'll be looked at it doesn't mean you're guilty it just means you're going to be looked at and then a decision will be made yes or no if yes then what's the reason you know and if you didn't include it then the entire graph will shift if you become a target at that point you see so it's and that was done by software the other was the inductive approach that was the main one that is if you are looking at sites advocating pedophilia or sites advocating jihad or terrorist activities or violence against the West and you keep repeatedly looking at them or look at multiple sites advocating that then that gives you the idea that you are potential zone of sin the falling the zone of suspicion and that means you get looked at so at so that point you get the data coming in but you can do it all having all their attributes encrypted until you can prove that they are in fact a part of the illegal activity last question is isn't it handy that they do have a lot of data about the White House the people who are now in the White House yeah they do yeah they have everything they do including including the codes to decrypt their communications thanks a lot for this question yes please next question hello you mentioned the the immense capacity to store all this data from everyone and I was wondering in what companies and did they incorporate willingly to create such a capacity to store all the data and in particular IBM and so can we still trust our servers and know every one of them and no because in the United States if you're a company United States they can force you by law to give them their data it's only now coming out I mean the the business they call it the business records requisition the first first thing from Edward Snowden was the general warrant issued by the FISA Court to the Verizon company to turn over all the information about their customers over 110 million US citizens you know and that was a violation of the Constitution a direct violation that's why I'm the judge Reggie Walton came out tried to defend the court because of that but they have the power to do that with all of the companies and I would point out that that was B R 13 - 80 which meant it's the 80th order of 2013 two companies to give business records which is the second quarter and it's issued every 90 days so every quarter then order comes out to each individual company so and the way I reckoned and the public switch telephone that were the first two companies in line in the network providing data were AT&T and Verizon so Verizon would get 18 D would get order in quarter one verizon gets ordered to in quarter one and then it gets order eighty in quarter two that means there's 78 companies participating so that 78 companies participating banks you know telecom UK communications company ISPs on the internet and so on and in exchange they received more funding to continue their efforts could you repeat that please so did they get anything in exchange for all the information they passed on to the NSA yeah money they get all these lists they get paid for it yeah there's a whole schedule on a whole schedule on the rate of how much they get paid thanks a lot next question please hello thank you for being here and everything you've done for basically all of us and my question is when you see these testimonies from for example James clapper Keith Alexander when they're being asked directly are you monitoring you can kind of see in their eyes and when you read other press that monitoring means a completely different thing for people within the NSA so my question is how do we make questions more relevant to level the playing fields to make sure that we're all talking about the same thing well it's hard especially when they lie to you I mean you know yes what could not wittingly but you know how do we how how do we make the questions sharper when we say okay we know oui Mon yeah here's here so senator Wyden phrased the question properly I think is what's getting he asked general Alexander how many how many US citizens does he have in his databases that's the right question it's not it you know if you talked about collection well Alexander you know he uses a word game collection means somebody looking at it at NSA so it's not collected til somebody looks at it well that's that's horseshit you know if I collect all your data I've got it in my day-to-day so he asked the right question how many do you have in the year databases well it came back he said he couldn't answer him so he came back in writing this is on the web if you don't go look at it's really a joke he says we we cannot tell you that because it would be a violation of the privacy rights of US citizens this is it's on the web if you google le NSA answer to widens question you know you should get it you could probably get multiple ones but it should be in there yeah hi as an American I'd like to say thank you for your service and I also wanted to ask as a citizen if there's anything we can do to make it easier for agents to blow the whistle or to encourage them to become whistleblowers well I I always advocate the the squeaky wheel gets the oil so complain moan break groaned if your if your congressman or senator comes out for a town meeting confront them with it why are you backing this this is obviously unconstitutional you're violating your oath of office to protect and defend the Constitution and what are you going to do about it or should I work for somebody else and if you aren't going to stop this I'm going to work against you give my money to somebody else and vote to fire you you know and the other wise sue the bastard that's what I'm doing so we do have some more time for questions so please go ahead and yeah I was wondering the NSA have been several leaks to the public which have helped us a great deal know more about the inner workings do you see a cultural change within the NSA that there may be more people who stand up and well choose different paths to choose to reform the NSA from insights or that's it yeah I think I think that's probably happening especially with the younger generation going into NSA the older generation we did a myers-briggs study of personal traits of people at working at NSA in 1992 or something like that and it turned out that 85% of them were eight is TJ's so they're all introverts you know it's like these are the people who like to work in their desks you know I mean mathematicians are that way they're very quiet people look give me a pencil I'll figure it out you know going to court here is the answer you know that's all they do but they're very easy to threaten those are the kind of people you can easily threatened and so that's what really what's been going on inside NSA I mean they have a program now called see something say something about your fellow workers well I mean that's what the Stasi did you know that's what I call Nastase new Stasi yeah they're they're picking up all the techniques from the Stasi and the KGB and the Gestapo and the SS they they just aren't getting violent yet that we know of okay internally in the u.s. outside is another story hello now we know something about the u.s. programs but do we know something about the other nation like Russia we know that China has some internal spying program but do they have capabilities of like external spying yes I had a slide there I think they deleted that I couldn't it wasn't there and listing all the countries cooperating with NSA let's see if I can get back to it there there yeah these are the countries participating with NSA of course the the rest of the the five eyes up there and then everybody else is classified as third parties except for fourth parties which we don't talk about because we don't want anybody know we have relations with them so you know they're off the board but these are the countries and each country has a different relationship with NSA so I mean I think eight or nine of these countries in the third party category are cooperating in the bulk acquisition of data on the internet with NSA and GCHQ in the rest of the five eyes so is that the answer your question yes but we a big one missing a dar is Russia so we should suppose that Russia has some similar secret programs or we don't know about which one are you talking about Russia Russia yes well Russia does the same thing in Reverse you know they're looking at us the same way yeah everybody's doing this it to the to the ability and and the capabilities that they have I guess the standard spying I mean it's why diplomacy was created so we could spy on people you know Thanks yeah so it looks like no more question yes there is one more question great please go ahead would you say that the way that they are doing the wrong thing is in capability or not willing to do the right you mean the other countries no the NSA the u.s. organizations are they not capable of doing the right thing or are they purposefully not doing the right yeah it's they are capable I mean you could see some of these whistleblowers still coming out that so they they are there are people who understand that doing the wrong thing and they could create a way to do it like I did internally the trouble is we have people managing these agencies who are fundamentally corrupt because there's so much money involved in this you know money corrupts and it's just I mean the budget for NSA is like 16 billion a year and if you for the entire intelligence community it's been close to a trillion dollars since 9/11 so that's a lot of money and and there's a whole empire and television's empire that's built up over there over the years in the United States and also in the UK and it's spreading I mean and some of the testimony from B&D and what they're doing with NSA the Bundestag has found out recently about many of the things they're doing so they're all doing the wrong thing in terms of looking to stop things really they're not taking a targeted approach that's a professional disciplined look at your at your job and the target you're supposed to be looking at and watching instead of looking at everybody's spreading your effort across the entire planet you know so they have to they have to learn how to do the right thing too so there we have time that for about two short questions or wait long question what question I don't know if the answer is long you just said that they are able to look at the right target but like they collect information on everything everywhere anytime it's like little kids they were distracted I'm a little curious all that information that is not related to the correct target is related to a lot of other targets and power is to control what is outside of your personal space so mmm the question is very big I'll try to ask about a specific point of view and maybe you can elaborate on that how is it possible that we still have organized crime on a global scale some of this outside of the power of the United States of the direct influence at least I would imagine organized crime from foreign countries should be the subject of this kind of information is it used and we don't know or is it not used and why I would say they attend to use it but if you look at the if you google xkeyscore that which is the query routine going into the databases for most of the people or I see reach I don't know that most of that's out there yet but if you looked at that and you could see the the way they asked the queries it's about putting in words and phrases and just like you do on a Google search so in a Google search you get tons of material back so that approach gives you tons of material which means you've got to go through all the items to try to find it and where is it in this list of so you get a hundred thousand items back where is it is it 90 thousand eighty can you get there no answer's no that's why they were failing so you're saying they're failing because they're not able to interpret the data that's exactly what they can't figure out what they've got because they're taking the wrong approach so I was wondering someone like you or for example mice please can you someone like you or for example Thomas Drake who was a previous version of this event like came from the inside of the NSA and now standing here you talk about the NSA having a lot of data to use as leverage against people so how come you are able to be here yeah yeah why why aren't you dead or at least in jail for something wrong you said or if they've got so much power over anyway yeah well as I said in the movie about me a good American I said you know if they ever do it if they ever do anything like that everyone will know who did it and why so they don't want to expose themselves to that kind of political and you know reaction by the public in the United States because that and now I'm basically well known around the world so they I don't think they I want to get them in court any way I can if they want to do that that's a that's one of the ways at least if they don't terminate me I'll be able to do that basically by making it obvious dare your enemy yes a public exposure to a degree of security you know okay yes thanks for this last question please give a warm round of applause okay [Music]

Info

Channel: SHA2017

Views: 12,440

Rating: 4.9583335 out of 5

Keywords: SHA, SHA2017, hacking, Hacker camp, Netherlands, Scoutinglandgoed, Zeewolde

Id: P1JDqNKMaus

Channel Id: undefined

Length: 59min 18sec (3558 seconds)

Published: Sat Aug 12 2017