0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/696 Thanks! 1 00:00:13,850 --> 00:00:16,369 Well, tell me, was there any proposal 2 00:00:16,370 --> 00:00:18,979 to censor porn also this year, 3 00:00:18,980 --> 00:00:21,169 there were even I know 4 00:00:21,170 --> 00:00:22,909 I'm quite sure there was, but I don't 5 00:00:22,910 --> 00:00:25,159 trust the cloud, so I'm totally fine 6 00:00:25,160 --> 00:00:27,679 with my partner parties. 7 00:00:27,680 --> 00:00:29,899 Anyways, this talk today will 8 00:00:29,900 --> 00:00:32,449 be about the state of Internet censorship 9 00:00:32,450 --> 00:00:33,679 in 2016. 10 00:00:33,680 --> 00:00:35,959 We got real reserves 11 00:00:35,960 --> 00:00:38,059 and studies and 12 00:00:38,060 --> 00:00:40,069 measures the censorship across the world, 13 00:00:40,070 --> 00:00:42,379 obviously, when he's not in North Korea 14 00:00:42,380 --> 00:00:44,779 and Phillip Phillip 15 00:00:44,780 --> 00:00:46,909 is his just Phillip 16 00:00:46,910 --> 00:00:48,439 and his awesome thanks. 17 00:00:50,960 --> 00:00:52,189 But what needs to change? 18 00:00:55,030 --> 00:00:57,459 All right, yeah, great. 19 00:00:57,460 --> 00:00:59,559 OK, so we're going to 20 00:00:59,560 --> 00:01:01,029 talk about sort of what's changed in 21 00:01:01,030 --> 00:01:02,289 Internet censorship this year 22 00:01:03,490 --> 00:01:05,559 and so many people, I think 23 00:01:05,560 --> 00:01:06,729 sort of the classic view of Internet 24 00:01:06,730 --> 00:01:09,189 censorship is seeing something 25 00:01:09,190 --> 00:01:11,439 like this. This is what one 26 00:01:11,440 --> 00:01:12,699 of the block pages that you might see in 27 00:01:12,700 --> 00:01:13,869 Iran looks like. 28 00:01:13,870 --> 00:01:16,149 And I think sort of the 29 00:01:16,150 --> 00:01:18,159 the high level thing around this 30 00:01:19,900 --> 00:01:21,969 is that this really is the view 31 00:01:21,970 --> 00:01:24,039 of censorship for a very small fraction 32 00:01:24,040 --> 00:01:25,040 of the world. 33 00:01:26,470 --> 00:01:28,209 When you look at the Freedom House report 34 00:01:28,210 --> 00:01:30,819 on on the state of the Web this year, 35 00:01:30,820 --> 00:01:33,369 we see that two thirds of Internet users 36 00:01:33,370 --> 00:01:35,559 experience censorship of some form. 37 00:01:35,560 --> 00:01:37,419 And for most of them, this is not what it 38 00:01:37,420 --> 00:01:38,499 looks like. 39 00:01:38,500 --> 00:01:39,669 Right. 40 00:01:39,670 --> 00:01:42,789 For most people, censorship appears as 41 00:01:42,790 --> 00:01:44,349 content, not loading. 42 00:01:44,350 --> 00:01:46,029 You get a blank page, you get a server 43 00:01:46,030 --> 00:01:48,249 error. It appears as stories 44 00:01:48,250 --> 00:01:49,989 that aren't in your news feed and content 45 00:01:49,990 --> 00:01:52,179 that's not in Twitter or not on Facebook 46 00:01:52,180 --> 00:01:53,259 anymore. 47 00:01:53,260 --> 00:01:54,909 And this is a much more subtle form of 48 00:01:54,910 --> 00:01:56,979 censorship that I 49 00:01:56,980 --> 00:01:58,149 think we're still sort of getting our 50 00:01:58,150 --> 00:02:00,279 heads around that change and whether it's 51 00:02:00,280 --> 00:02:01,629 the same word that describes both of 52 00:02:01,630 --> 00:02:02,630 these things. 53 00:02:04,210 --> 00:02:06,279 So the way we're going to 54 00:02:06,280 --> 00:02:08,409 structure this talk is first try 55 00:02:08,410 --> 00:02:10,489 to pull out some of the trends in 56 00:02:10,490 --> 00:02:12,669 sort of how Censorships evolved over 57 00:02:12,670 --> 00:02:13,670 sixteen. 58 00:02:14,470 --> 00:02:16,449 We'll give you a bunch of sort of the 59 00:02:16,450 --> 00:02:18,759 states of countries around the world 60 00:02:18,760 --> 00:02:20,949 and what things look like in terms 61 00:02:20,950 --> 00:02:22,299 of new laws and new policies that have 62 00:02:22,300 --> 00:02:23,649 gone in place there. 63 00:02:23,650 --> 00:02:25,719 And then in the second half of the talk, 64 00:02:25,720 --> 00:02:27,399 we'll sort of look at how we know these 65 00:02:27,400 --> 00:02:29,109 things, the state of measurement. 66 00:02:29,110 --> 00:02:31,269 And so the projects that are out there 67 00:02:31,270 --> 00:02:33,639 trying to collect data and understand 68 00:02:33,640 --> 00:02:35,379 what's being taken down, where and how, 69 00:02:36,700 --> 00:02:38,649 and then hopefully will we'll end leaving 70 00:02:38,650 --> 00:02:40,509 you with things that you can do to make 71 00:02:40,510 --> 00:02:41,510 the world a better place. 72 00:02:42,850 --> 00:02:45,039 So we've 73 00:02:45,040 --> 00:02:48,129 got this thing of censorship. 74 00:02:48,130 --> 00:02:50,409 I think it's also and this is 75 00:02:50,410 --> 00:02:52,360 that first point again, which is. 76 00:02:54,190 --> 00:02:55,209 The fact that we're using the word 77 00:02:55,210 --> 00:02:56,529 censorship is. 78 00:02:58,150 --> 00:02:59,619 Playing into one narrative, right, 79 00:02:59,620 --> 00:03:02,409 censorship is one view into 80 00:03:02,410 --> 00:03:05,049 information control, into 81 00:03:05,050 --> 00:03:06,580 surveillance, into 82 00:03:07,900 --> 00:03:09,669 the shifting of public opinion. 83 00:03:09,670 --> 00:03:10,629 It's one technique there. 84 00:03:10,630 --> 00:03:12,099 The fact that we're focused on censorship 85 00:03:12,100 --> 00:03:13,689 and it's worth being there's cognitive 86 00:03:13,690 --> 00:03:15,819 through this. This is a very Western 87 00:03:15,820 --> 00:03:16,900 view of a problem. 88 00:03:18,730 --> 00:03:20,829 And this piece of it, 89 00:03:20,830 --> 00:03:22,929 I think in 2016, as much as any 90 00:03:22,930 --> 00:03:24,609 other year is really normalized. 91 00:03:24,610 --> 00:03:25,750 It's really a thing that we 92 00:03:27,070 --> 00:03:29,080 are not going to oppose in any real way. 93 00:03:30,110 --> 00:03:31,999 Um, one thing that I've done a couple of 94 00:03:32,000 --> 00:03:34,129 times, I think it's worth like asking you 95 00:03:34,130 --> 00:03:35,899 guys as well, is by show of hands, do you 96 00:03:35,900 --> 00:03:37,009 think there should be no Internet 97 00:03:37,010 --> 00:03:38,010 censorship? 98 00:03:40,550 --> 00:03:42,169 So that's like about half of the people. 99 00:03:43,170 --> 00:03:45,269 And and think about this crowd, like, 100 00:03:45,270 --> 00:03:47,579 if we're not, like, completely 101 00:03:47,580 --> 00:03:50,349 in favor of this, can we really expect 102 00:03:50,350 --> 00:03:53,009 general society to, um. 103 00:03:53,010 --> 00:03:55,319 And so I wonder if we're really going to 104 00:03:55,320 --> 00:03:57,539 end up in a place where we can have this 105 00:03:57,540 --> 00:03:59,819 absolutist view that 106 00:03:59,820 --> 00:04:01,079 we want an Internet without any 107 00:04:01,080 --> 00:04:02,369 censorship. 108 00:04:02,370 --> 00:04:04,409 Right. We have limits on freedom of 109 00:04:04,410 --> 00:04:05,939 speech in the physical world. 110 00:04:05,940 --> 00:04:08,429 There's limits of it in other media. 111 00:04:08,430 --> 00:04:10,079 And the Internet has been a very special 112 00:04:10,080 --> 00:04:11,519 place for a while. 113 00:04:11,520 --> 00:04:13,649 But I think even now, in sort of 114 00:04:13,650 --> 00:04:15,119 our original community, we're trying to 115 00:04:15,120 --> 00:04:17,278 grapple with, is that 116 00:04:17,279 --> 00:04:18,328 something that's going to be able to 117 00:04:18,329 --> 00:04:19,329 continue? 118 00:04:21,690 --> 00:04:23,849 So we can look at this from a 119 00:04:23,850 --> 00:04:24,989 technical side as well. 120 00:04:24,990 --> 00:04:27,419 We can ask who censors and 121 00:04:27,420 --> 00:04:29,489 where? Where is this limit and its 122 00:04:29,490 --> 00:04:31,379 limits within the network, its limits of 123 00:04:31,380 --> 00:04:33,029 the people we've given power. 124 00:04:33,030 --> 00:04:34,979 The organizations that that run our local 125 00:04:34,980 --> 00:04:37,379 networks will often censor the ISPs 126 00:04:37,380 --> 00:04:38,339 that give us connection to our 127 00:04:38,340 --> 00:04:39,389 organizations censor. 128 00:04:39,390 --> 00:04:41,609 And we have state actors who limit 129 00:04:41,610 --> 00:04:43,379 and they all have different motivations, 130 00:04:43,380 --> 00:04:44,729 although they overlap. Right. 131 00:04:44,730 --> 00:04:45,719 So why do we censor? 132 00:04:45,720 --> 00:04:47,849 We censor to keep content within social 133 00:04:47,850 --> 00:04:49,529 norms or protect things that we think are 134 00:04:49,530 --> 00:04:50,579 important. Right. 135 00:04:50,580 --> 00:04:52,649 This is this is the justification for 136 00:04:52,650 --> 00:04:54,299 for things around pornography or 137 00:04:54,300 --> 00:04:55,619 lewdness. 138 00:04:55,620 --> 00:04:57,869 We we censor because of 139 00:04:57,870 --> 00:05:01,139 economic protection, because we want 140 00:05:01,140 --> 00:05:03,749 our economy to be better. 141 00:05:03,750 --> 00:05:05,669 This is this is or because we want our 142 00:05:05,670 --> 00:05:07,979 services that our ISP provides to 143 00:05:07,980 --> 00:05:09,809 to win over competing ones. 144 00:05:09,810 --> 00:05:11,759 And we censor for our national security 145 00:05:11,760 --> 00:05:14,099 and for for reasons of 146 00:05:14,100 --> 00:05:16,469 protecting ourselves from from hacks, 147 00:05:16,470 --> 00:05:18,209 hackers and other countries or in other 148 00:05:18,210 --> 00:05:19,210 places. 149 00:05:21,340 --> 00:05:22,899 So with that as the backdrop, 150 00:05:24,220 --> 00:05:26,019 let's let's talk through a few friends. 151 00:05:28,490 --> 00:05:30,949 So the first thing is the censorship this 152 00:05:30,950 --> 00:05:33,859 year, I think is pretty much all legal, 153 00:05:33,860 --> 00:05:35,539 right? When we think about censorship, as 154 00:05:35,540 --> 00:05:37,729 you know, from 2002, when the 155 00:05:37,730 --> 00:05:39,289 first Harvard thing came out saying, look 156 00:05:39,290 --> 00:05:41,029 at all of these things China is blocking, 157 00:05:41,030 --> 00:05:43,939 it was very opaque in the sense that 158 00:05:43,940 --> 00:05:44,989 there was this thing happening 159 00:05:44,990 --> 00:05:46,579 technically and there was no one talking 160 00:05:46,580 --> 00:05:47,580 about it at all. 161 00:05:49,040 --> 00:05:50,419 And most of the stuff that we see now, 162 00:05:50,420 --> 00:05:51,830 there is a legal framework behind it 163 00:05:52,880 --> 00:05:54,559 where where the censorship is in line 164 00:05:54,560 --> 00:05:56,719 with the laws of those countries. 165 00:05:56,720 --> 00:05:58,879 We've seen a lot of stuff happen in terms 166 00:05:58,880 --> 00:06:00,979 of the US EU relations. 167 00:06:00,980 --> 00:06:03,169 Safe Harbor went away in twenty 168 00:06:03,170 --> 00:06:05,269 fifteen and we now have an 169 00:06:05,270 --> 00:06:07,579 EU privacy shield that's coming 170 00:06:07,580 --> 00:06:08,580 into place to replace it. 171 00:06:10,340 --> 00:06:13,039 This has new copyright implications. 172 00:06:13,040 --> 00:06:15,589 There's the potential for a requirement 173 00:06:15,590 --> 00:06:18,109 that the content being uploaded by EU 174 00:06:18,110 --> 00:06:20,029 users needs to go through an upload 175 00:06:20,030 --> 00:06:22,339 filter where it will be scanned against 176 00:06:22,340 --> 00:06:24,139 copyrighted material proactively before 177 00:06:24,140 --> 00:06:26,479 it can appear on content. 178 00:06:26,480 --> 00:06:28,579 We're dealing with providers being 179 00:06:28,580 --> 00:06:30,649 more scared about what they take down 180 00:06:30,650 --> 00:06:31,909 there. They're worried about additional 181 00:06:31,910 --> 00:06:33,949 liability and risk because that risk is 182 00:06:33,950 --> 00:06:35,389 shifting to them. They don't have quite 183 00:06:35,390 --> 00:06:37,639 the same level of DMCA safe 184 00:06:37,640 --> 00:06:39,049 harbors and things where they can say 185 00:06:39,050 --> 00:06:40,429 it's user generated and so it's not our 186 00:06:40,430 --> 00:06:42,049 liability. And so you're seeing more 187 00:06:42,050 --> 00:06:43,639 proactive take down from the content 188 00:06:43,640 --> 00:06:44,640 producers. 189 00:06:46,600 --> 00:06:48,939 We also see there was a new 190 00:06:48,940 --> 00:06:51,009 Chinese cyber security law this year 191 00:06:51,010 --> 00:06:53,109 that that adds a bunch of 192 00:06:53,110 --> 00:06:55,389 legal framework behind 193 00:06:55,390 --> 00:06:56,469 really a lot of things that China's 194 00:06:56,470 --> 00:06:57,789 already been doing. 195 00:06:57,790 --> 00:06:59,949 But it regulates 196 00:06:59,950 --> 00:07:01,839 that, that Internet services companies 197 00:07:01,840 --> 00:07:03,459 operating in China need to store logs on 198 00:07:03,460 --> 00:07:04,460 their users. 199 00:07:05,590 --> 00:07:07,839 If you have user content, you should 200 00:07:07,840 --> 00:07:10,209 be storing the real identity 201 00:07:10,210 --> 00:07:11,139 of users you need to collect. 202 00:07:11,140 --> 00:07:13,089 There are their national ID and know who 203 00:07:13,090 --> 00:07:14,090 this person is. 204 00:07:15,190 --> 00:07:16,749 There's requirements supporting 205 00:07:16,750 --> 00:07:18,249 cooperation with government access to 206 00:07:18,250 --> 00:07:19,209 data. 207 00:07:19,210 --> 00:07:21,489 And then I think the thing 208 00:07:21,490 --> 00:07:24,279 that got sort of foreign company 209 00:07:24,280 --> 00:07:26,679 concerned more than most in here 210 00:07:26,680 --> 00:07:28,929 is that there's 211 00:07:28,930 --> 00:07:30,910 sort of this broad class of 212 00:07:32,560 --> 00:07:33,999 sort of critical infrastructure and 213 00:07:34,000 --> 00:07:35,109 critical services. 214 00:07:35,110 --> 00:07:37,059 And if China decides that you are one of 215 00:07:37,060 --> 00:07:38,409 those, then you have to have all of your 216 00:07:38,410 --> 00:07:40,389 data for your service related to Chinese 217 00:07:40,390 --> 00:07:41,919 users stored in country on Chinese 218 00:07:41,920 --> 00:07:42,920 servers. 219 00:07:43,390 --> 00:07:45,609 And so companies are worried 220 00:07:45,610 --> 00:07:47,079 that that their data will be determined 221 00:07:47,080 --> 00:07:48,219 to be critical and that they'll need to 222 00:07:48,220 --> 00:07:50,439 move their data within China, 223 00:07:50,440 --> 00:07:52,209 which which imposes additional 224 00:07:52,210 --> 00:07:54,309 regulation, additional access to Chinese 225 00:07:54,310 --> 00:07:55,310 data. 226 00:07:57,680 --> 00:07:59,809 So earlier this month, we have heard 227 00:07:59,810 --> 00:08:01,819 from a couple of tech companies that they 228 00:08:01,820 --> 00:08:03,919 are starting an effort to create a 229 00:08:03,920 --> 00:08:05,359 shared database. 230 00:08:05,360 --> 00:08:07,879 The purpose of this is to fight terrorist 231 00:08:07,880 --> 00:08:10,369 imagery. So Microsoft, 232 00:08:10,370 --> 00:08:12,439 YouTube, Facebook 233 00:08:12,440 --> 00:08:15,079 came together to create this database, 234 00:08:15,080 --> 00:08:18,019 to basically fight these images. 235 00:08:18,020 --> 00:08:20,329 The way it works is that they hash 236 00:08:20,330 --> 00:08:21,919 these images, they put it in the 237 00:08:21,920 --> 00:08:23,629 database, they have access to it, read 238 00:08:23,630 --> 00:08:25,609 and write access, and therefore it should 239 00:08:25,610 --> 00:08:28,039 be easier to fight terrorist 240 00:08:28,040 --> 00:08:29,040 imagery. 241 00:08:30,410 --> 00:08:32,779 A lot of this is concerning, 242 00:08:32,780 --> 00:08:35,459 most of all, the lack of transparency. 243 00:08:35,460 --> 00:08:37,699 So basically we're being asked to 244 00:08:37,700 --> 00:08:40,158 trust them to do a good job 245 00:08:40,159 --> 00:08:41,369 maintaining this data base. 246 00:08:41,370 --> 00:08:42,829 There is probably very little 247 00:08:42,830 --> 00:08:43,849 accountability. 248 00:08:43,850 --> 00:08:45,589 We won't be able to see what is in the 249 00:08:45,590 --> 00:08:47,779 database and if it, in fact 250 00:08:47,780 --> 00:08:49,609 is being used to fight this terrorist 251 00:08:49,610 --> 00:08:50,539 imagery. 252 00:08:50,540 --> 00:08:51,860 So this is a big problem. 253 00:08:53,270 --> 00:08:55,339 Another problem is that once 254 00:08:55,340 --> 00:08:56,959 you have a database like that, once you 255 00:08:56,960 --> 00:08:59,059 have the mechanism, a lot 256 00:08:59,060 --> 00:09:00,529 of governments are probably already 257 00:09:00,530 --> 00:09:02,449 waiting there, rubbing their hands and 258 00:09:02,450 --> 00:09:04,759 trying to get their piece of 259 00:09:04,760 --> 00:09:06,949 their piece of the cake and 260 00:09:06,950 --> 00:09:08,719 the vague definition. 261 00:09:08,720 --> 00:09:10,429 At this point, we're really just talking 262 00:09:10,430 --> 00:09:12,559 about terrorist imagery is it 263 00:09:12,560 --> 00:09:13,709 enables scope creep. 264 00:09:13,710 --> 00:09:15,499 Right. And it starts by being about 265 00:09:15,500 --> 00:09:16,429 terrorist imagery. 266 00:09:16,430 --> 00:09:18,019 But I'm sure that a lot of file sharing 267 00:09:18,020 --> 00:09:20,149 companies are already very eager to 268 00:09:20,150 --> 00:09:22,069 get in there. So this is another thing 269 00:09:22,070 --> 00:09:23,779 that we have to watch out for, what it 270 00:09:23,780 --> 00:09:25,220 will turn into in practice. 271 00:09:26,570 --> 00:09:28,489 And finally, there are governments, 272 00:09:28,490 --> 00:09:30,679 right? This is a centralized thing. 273 00:09:30,680 --> 00:09:32,809 And I'm sure governments have their very 274 00:09:32,810 --> 00:09:35,119 own idea of what a 275 00:09:35,120 --> 00:09:37,129 database like this can be used for. 276 00:09:37,130 --> 00:09:39,349 So we really have to be vigilant in 277 00:09:39,350 --> 00:09:41,479 the coming months to make sure that 278 00:09:41,480 --> 00:09:42,829 this is actually what it's supposed to 279 00:09:42,830 --> 00:09:44,869 be, what they intended to be used for. 280 00:09:47,220 --> 00:09:49,409 Meanwhile, in Pakistan, 281 00:09:49,410 --> 00:09:51,659 the prevention of electronics crimes 282 00:09:51,660 --> 00:09:54,209 bill was passed again, 283 00:09:54,210 --> 00:09:56,189 the recurring theme of a lack of 284 00:09:56,190 --> 00:09:57,389 transparency. 285 00:09:57,390 --> 00:09:59,579 So while it was drafted, critical voices 286 00:09:59,580 --> 00:10:01,109 weren't really heard. 287 00:10:01,110 --> 00:10:03,239 People proceeded more or less in 288 00:10:03,240 --> 00:10:04,289 isolation. 289 00:10:04,290 --> 00:10:06,509 And the bill has a lot of very 290 00:10:06,510 --> 00:10:07,649 concerning parts. 291 00:10:07,650 --> 00:10:09,719 For example, there is the threat 292 00:10:09,720 --> 00:10:11,849 of seven years in prison for 293 00:10:11,850 --> 00:10:13,859 what is called the glorification of 294 00:10:13,860 --> 00:10:16,259 crimes related to terrorism. 295 00:10:16,260 --> 00:10:18,569 Again, the definition is probably 296 00:10:18,570 --> 00:10:20,879 very vague on purpose, 297 00:10:20,880 --> 00:10:22,259 which means that the government is going 298 00:10:22,260 --> 00:10:24,779 to be able to enforce it on people 299 00:10:24,780 --> 00:10:26,759 whose crimes might have been a little bit 300 00:10:26,760 --> 00:10:28,590 different from what it says now. 301 00:10:30,720 --> 00:10:32,819 Also, in 2016, on the other 302 00:10:32,820 --> 00:10:35,009 side of the world, the citizen 303 00:10:35,010 --> 00:10:37,529 lab was dealing with a 304 00:10:37,530 --> 00:10:39,389 lawsuit of defamation. 305 00:10:39,390 --> 00:10:41,789 So the citizen lab is a research 306 00:10:41,790 --> 00:10:43,889 lab, part of the University of Toronto in 307 00:10:43,890 --> 00:10:46,019 Canada, and it's working 308 00:10:46,020 --> 00:10:48,389 on exposing censorship, surveillance 309 00:10:48,390 --> 00:10:51,089 and digital targeted threats online. 310 00:10:51,090 --> 00:10:52,889 They have done a lot of really great work 311 00:10:52,890 --> 00:10:55,079 on exposing how 312 00:10:55,080 --> 00:10:57,179 companies such as Net Sweeper are 313 00:10:57,180 --> 00:10:58,649 being used in the world. 314 00:10:58,650 --> 00:11:00,419 So net sweeper, for those of you who 315 00:11:00,420 --> 00:11:02,819 don't know, it is a Canadian company. 316 00:11:02,820 --> 00:11:05,159 They are producing web filtering software 317 00:11:05,160 --> 00:11:07,859 and they have the concerningly Laperriere 318 00:11:07,860 --> 00:11:10,259 for who to do business with the citizen. 319 00:11:10,260 --> 00:11:12,539 That was very careful in documenting 320 00:11:12,540 --> 00:11:14,699 what governments Natsui is selling 321 00:11:14,700 --> 00:11:15,899 their technology to. 322 00:11:15,900 --> 00:11:18,179 And as you could imagine, Natsui wasn't 323 00:11:18,180 --> 00:11:19,200 really happy about that. 324 00:11:20,550 --> 00:11:22,619 The citizen that has had problems 325 00:11:22,620 --> 00:11:24,659 with a lot of companies being unhappy 326 00:11:24,660 --> 00:11:26,279 about their research for a long time. 327 00:11:26,280 --> 00:11:28,529 But what is different here is that net 328 00:11:28,530 --> 00:11:31,439 sweeper for the first time went to court. 329 00:11:31,440 --> 00:11:33,839 Luckily they discontinued the lawsuit 330 00:11:33,840 --> 00:11:35,729 three months after it started in January. 331 00:11:35,730 --> 00:11:37,139 Twenty sixteen. 332 00:11:37,140 --> 00:11:39,299 But this is a first so that it actually 333 00:11:39,300 --> 00:11:40,979 went to court and there is probably more 334 00:11:40,980 --> 00:11:42,900 to come in the next couple of years. 335 00:11:45,950 --> 00:11:48,079 Meanwhile, Facebook 336 00:11:48,080 --> 00:11:50,629 is working on a censorship tool 337 00:11:50,630 --> 00:11:53,089 like a lot of other Western countries. 338 00:11:53,090 --> 00:11:55,279 Facebook is very eager to set foot 339 00:11:55,280 --> 00:11:57,019 in China. 340 00:11:57,020 --> 00:11:58,459 Google has tried it in the past. 341 00:11:58,460 --> 00:12:00,079 A lot of other companies have tried it as 342 00:12:00,080 --> 00:12:02,539 well. It turns out to be very difficult 343 00:12:02,540 --> 00:12:04,759 because if you want to set foot in China 344 00:12:04,760 --> 00:12:06,679 as a technology company, you have to 345 00:12:06,680 --> 00:12:08,209 comply with Chinese law. 346 00:12:08,210 --> 00:12:10,069 And there are a lot of cultural 347 00:12:10,070 --> 00:12:12,199 misunderstandings that make it make it 348 00:12:12,200 --> 00:12:14,389 harder to go that way. 349 00:12:14,390 --> 00:12:16,789 Facebook is 350 00:12:16,790 --> 00:12:19,279 now deciding to create a censorship tool. 351 00:12:19,280 --> 00:12:21,499 It is not entirely clear 352 00:12:21,500 --> 00:12:23,599 what that really entails at 353 00:12:23,600 --> 00:12:25,139 this point. 354 00:12:25,140 --> 00:12:27,589 In a news article, someone wrote that 355 00:12:27,590 --> 00:12:29,629 it is supposed to be a tool that enables 356 00:12:29,630 --> 00:12:32,479 the Chinese government to moderate 357 00:12:32,480 --> 00:12:34,849 what is being posted on Facebook. 358 00:12:34,850 --> 00:12:36,749 But again, it's very vague. 359 00:12:36,750 --> 00:12:38,509 There is probably little accountability 360 00:12:38,510 --> 00:12:40,099 or transparency. 361 00:12:40,100 --> 00:12:42,229 And we also have to be aware of 362 00:12:42,230 --> 00:12:44,509 how both China and Facebook 363 00:12:44,510 --> 00:12:46,069 is going to talk about this once it 364 00:12:46,070 --> 00:12:48,199 happens. So we shouldn't get 365 00:12:48,200 --> 00:12:50,329 fooled by China presenting this as 366 00:12:50,330 --> 00:12:52,879 some kind of better relationship 367 00:12:52,880 --> 00:12:54,959 to the West and 368 00:12:54,960 --> 00:12:57,079 there's some kind of victory for 369 00:12:57,080 --> 00:12:58,069 free speech. 370 00:12:58,070 --> 00:13:00,229 So we shouldn't let them fool us 371 00:13:00,230 --> 00:13:02,019 by by phrasing it like that. 372 00:13:04,450 --> 00:13:06,639 Finally, a hot trend 373 00:13:06,640 --> 00:13:08,649 in 2016 was fake news. 374 00:13:09,670 --> 00:13:10,989 This is not entirely new. 375 00:13:12,070 --> 00:13:14,169 And the connection to censorship 376 00:13:14,170 --> 00:13:15,549 is twofold. 377 00:13:15,550 --> 00:13:17,739 So remember that the ultimate goal 378 00:13:17,740 --> 00:13:19,719 of censorship is the suppression of 379 00:13:19,720 --> 00:13:21,879 information. Ultimately, you want certain 380 00:13:21,880 --> 00:13:24,339 bits of information to disappear. 381 00:13:24,340 --> 00:13:26,079 When you think about Internet censorship, 382 00:13:26,080 --> 00:13:28,359 that is usually done by removing block 383 00:13:28,360 --> 00:13:30,939 posts, by dropping network packets, 384 00:13:30,940 --> 00:13:32,589 by getting rid of information 385 00:13:33,730 --> 00:13:35,859 another way, by doing by conducting 386 00:13:35,860 --> 00:13:38,019 censorship is to add information to 387 00:13:38,020 --> 00:13:40,269 basically drown the signal in all 388 00:13:40,270 --> 00:13:41,799 the noise. 389 00:13:41,800 --> 00:13:43,149 We have seen it in the past where 390 00:13:43,150 --> 00:13:45,549 governments hired Spotnitz 391 00:13:45,550 --> 00:13:47,889 to basically hijack discourse 392 00:13:47,890 --> 00:13:49,209 on Twitter, for example. 393 00:13:49,210 --> 00:13:50,769 And in a way, this is a different flavor 394 00:13:50,770 --> 00:13:51,840 of the same problem. 395 00:13:53,290 --> 00:13:56,109 There are opposing voices. 396 00:13:56,110 --> 00:13:57,789 So a lot of people are now saying this is 397 00:13:57,790 --> 00:13:59,409 outrageous. We have to get rid of these 398 00:13:59,410 --> 00:14:01,449 fake news. We have to outlaw it. 399 00:14:01,450 --> 00:14:03,819 Certain countries are looking into that. 400 00:14:03,820 --> 00:14:05,829 But a lot of people are saying this would 401 00:14:05,830 --> 00:14:06,969 be censorship as well. 402 00:14:06,970 --> 00:14:09,489 Right. Publishing news is 403 00:14:09,490 --> 00:14:12,399 a way of free speech, 404 00:14:12,400 --> 00:14:14,439 and that is true to some degree. 405 00:14:14,440 --> 00:14:16,719 It sends fake news isn't a binary thing, 406 00:14:16,720 --> 00:14:19,179 right? A piece of information isn't true 407 00:14:19,180 --> 00:14:21,849 or is not. In fact, it's shades of gray. 408 00:14:21,850 --> 00:14:24,429 Our language allows for ambiguity. 409 00:14:24,430 --> 00:14:26,559 And it's a it's 410 00:14:26,560 --> 00:14:27,999 a degree. Right. You can have something 411 00:14:28,000 --> 00:14:29,859 that is true, but still presented in a 412 00:14:29,860 --> 00:14:32,349 way that it's purposefully misleading. 413 00:14:32,350 --> 00:14:34,509 So it is very difficult to draw the line 414 00:14:34,510 --> 00:14:36,579 here, which explains why Facebook 415 00:14:36,580 --> 00:14:38,919 has been very hesitant in taking 416 00:14:38,920 --> 00:14:39,920 action in this case. 417 00:14:40,840 --> 00:14:43,029 And the big problem here is 418 00:14:43,030 --> 00:14:44,829 that fake news feeds right into 419 00:14:44,830 --> 00:14:46,059 confirmation bias. 420 00:14:46,060 --> 00:14:48,459 So as people, we tend to be willing 421 00:14:48,460 --> 00:14:51,069 to seek out information that confirms 422 00:14:51,070 --> 00:14:52,719 what we already believe and we don't like 423 00:14:52,720 --> 00:14:54,369 to be challenged that much. 424 00:14:54,370 --> 00:14:56,250 And that makes this a very big problem. 425 00:14:58,960 --> 00:15:01,029 So let's move over to another topic 426 00:15:01,030 --> 00:15:03,479 to deep democratization, so DPI 427 00:15:03,480 --> 00:15:05,799 stands for deep packet inspection 428 00:15:05,800 --> 00:15:08,049 and DPI is 429 00:15:08,050 --> 00:15:09,579 becoming cheaper and cheaper. 430 00:15:09,580 --> 00:15:11,359 Companies are offering it. 431 00:15:11,360 --> 00:15:13,029 It is getting easy to buy. 432 00:15:13,030 --> 00:15:15,279 So it is a piece of technology 433 00:15:15,280 --> 00:15:16,749 that is increasingly getting into the 434 00:15:16,750 --> 00:15:18,909 hands of many different 435 00:15:18,910 --> 00:15:20,109 people and governments. 436 00:15:20,110 --> 00:15:22,659 It is very omnipresent at this point, 437 00:15:22,660 --> 00:15:24,969 and this is reflected in 438 00:15:24,970 --> 00:15:27,039 the cases of Internet censorship 439 00:15:27,040 --> 00:15:29,289 that we have seen over the last 440 00:15:29,290 --> 00:15:30,290 year. 441 00:15:31,240 --> 00:15:32,409 One thing that is particularly 442 00:15:32,410 --> 00:15:34,329 interesting at the moment is what is 443 00:15:34,330 --> 00:15:35,620 happening in Kazakhstan. 444 00:15:37,000 --> 00:15:39,519 We know very little at this point, but 445 00:15:39,520 --> 00:15:41,679 what we have read is that 446 00:15:41,680 --> 00:15:44,019 the country, Kazakhstan, deployed a novel 447 00:15:44,020 --> 00:15:45,580 type of deep packet inspection. 448 00:15:46,810 --> 00:15:49,059 We do not yet know from what 449 00:15:49,060 --> 00:15:51,219 vendor. We do not believe that it is home 450 00:15:51,220 --> 00:15:53,769 baked. Instead, some company 451 00:15:53,770 --> 00:15:54,770 supply them with it. 452 00:15:55,900 --> 00:15:57,669 And at this point, there is reason to 453 00:15:57,670 --> 00:15:59,859 believe that standard tor, including 454 00:15:59,860 --> 00:16:01,719 a couple of obfuscation protocols, are 455 00:16:01,720 --> 00:16:03,069 being blocked. 456 00:16:03,070 --> 00:16:04,659 But again, we don't fully understand yet 457 00:16:04,660 --> 00:16:06,879 how it works. So we have a link here 458 00:16:06,880 --> 00:16:08,829 to Tourist Bug Tracker, where there is a 459 00:16:08,830 --> 00:16:10,659 very long discussion about the technical 460 00:16:10,660 --> 00:16:12,189 findings that a couple of people have 461 00:16:12,190 --> 00:16:13,359 gathered so far. 462 00:16:13,360 --> 00:16:15,519 So any help is greatly 463 00:16:15,520 --> 00:16:16,520 appreciated. 464 00:16:17,890 --> 00:16:20,079 We can visualize the block that 465 00:16:20,080 --> 00:16:21,729 we have witnessed so far. 466 00:16:21,730 --> 00:16:23,889 What you can see here is the number of 467 00:16:23,890 --> 00:16:26,289 directly connecting Tor users over 468 00:16:26,290 --> 00:16:28,839 parts of twenty sixteen. 469 00:16:28,840 --> 00:16:31,329 We have seen a couple dozen thousand 470 00:16:31,330 --> 00:16:33,489 users until June twenty 471 00:16:33,490 --> 00:16:35,230 sixteen where there is a sudden drop 472 00:16:36,400 --> 00:16:38,319 and at the same time we can witness an 473 00:16:38,320 --> 00:16:40,299 increase of bridge users. 474 00:16:40,300 --> 00:16:43,389 So bridges are undocumented, unpublished 475 00:16:43,390 --> 00:16:44,379 tor release. 476 00:16:44,380 --> 00:16:47,139 And basically at the same time, when 477 00:16:47,140 --> 00:16:49,719 the network was experiencing this block, 478 00:16:49,720 --> 00:16:51,849 we have seen a sharp increase in users. 479 00:16:51,850 --> 00:16:54,039 So at least that's something. 480 00:16:54,040 --> 00:16:55,809 But still, we have reason to believe that 481 00:16:55,810 --> 00:16:57,729 the obfuscation protocols are being 482 00:16:57,730 --> 00:16:58,029 blocked. 483 00:16:58,030 --> 00:17:01,149 So far, um, 484 00:17:01,150 --> 00:17:03,309 so beyond these sort 485 00:17:03,310 --> 00:17:05,379 of individual countries using 486 00:17:05,380 --> 00:17:07,929 DPI, we see that it's getting into 487 00:17:07,930 --> 00:17:09,939 much smaller organizations and becoming 488 00:17:09,940 --> 00:17:11,709 pretty ubiquitous. 489 00:17:11,710 --> 00:17:14,379 So this is the dashboard on a Ubiquiti 490 00:17:14,380 --> 00:17:15,879 home Wi-Fi setup. 491 00:17:15,880 --> 00:17:18,399 And you can see that by default it's 492 00:17:18,400 --> 00:17:20,889 capturing traffic and is able to identify 493 00:17:20,890 --> 00:17:22,598 just about all of the major services you 494 00:17:22,599 --> 00:17:24,759 use. It's able to pull out the 495 00:17:24,760 --> 00:17:26,469 types of video sharing, the types of peer 496 00:17:26,470 --> 00:17:28,358 to peer. And this is just something that 497 00:17:28,359 --> 00:17:30,459 I think certainly all our large 498 00:17:30,460 --> 00:17:32,679 organizations and now most businesses 499 00:17:32,680 --> 00:17:34,479 starting into the home are expecting this 500 00:17:34,480 --> 00:17:35,769 sort of behavior and the ability to 501 00:17:35,770 --> 00:17:38,199 discriminate, classify network traffic, 502 00:17:38,200 --> 00:17:40,359 prioritize your small web 503 00:17:40,360 --> 00:17:41,709 browsing that you want to be interactive 504 00:17:41,710 --> 00:17:43,389 over the bulk transfer. 505 00:17:43,390 --> 00:17:45,729 Right. There's legitimate like desires 506 00:17:45,730 --> 00:17:47,769 for a lot of this. But we are making this 507 00:17:47,770 --> 00:17:49,059 form of censorship in this form of 508 00:17:49,060 --> 00:17:50,559 traffic discrimination a very common 509 00:17:50,560 --> 00:17:51,609 thing. 510 00:17:51,610 --> 00:17:54,009 The ray of hope in this picture 511 00:17:54,010 --> 00:17:56,079 is that we have more 512 00:17:56,080 --> 00:17:58,239 and more encryption, 20, 16 really 513 00:17:58,240 --> 00:17:59,859 was sort of the year of let's encrypt. 514 00:17:59,860 --> 00:18:02,109 We're passing 50 percent of the web 515 00:18:02,110 --> 00:18:03,489 having SSL now. 516 00:18:03,490 --> 00:18:05,709 We're getting, you know, tens of millions 517 00:18:05,710 --> 00:18:07,269 of new sites with SSL. 518 00:18:07,270 --> 00:18:09,759 And what that's really allowing 519 00:18:09,760 --> 00:18:12,159 is that DPI 520 00:18:12,160 --> 00:18:14,469 is stuck at host based blocking still 521 00:18:14,470 --> 00:18:15,489 for a lot of these things. 522 00:18:15,490 --> 00:18:16,839 Right. We can block a service, but I 523 00:18:16,840 --> 00:18:18,549 can't block specific pages within it 524 00:18:18,550 --> 00:18:19,869 nearly as easily. 525 00:18:19,870 --> 00:18:21,639 As long as that traffic is encrypted, 526 00:18:21,640 --> 00:18:23,769 this is able to defeat many of 527 00:18:23,770 --> 00:18:26,559 the tools that are trying to discriminate 528 00:18:26,560 --> 00:18:28,299 specific services or discriminate 529 00:18:28,300 --> 00:18:29,379 specific types of traffic. 530 00:18:29,380 --> 00:18:30,549 Right. They're limited to being able to 531 00:18:30,550 --> 00:18:32,739 say, I want to block videos. 532 00:18:32,740 --> 00:18:34,239 And so, OK, I'll check these sites that 533 00:18:34,240 --> 00:18:36,459 have videos commonly, but they can't just 534 00:18:36,460 --> 00:18:38,500 block the actual video stream. 535 00:18:39,910 --> 00:18:42,249 And so this, again, 536 00:18:42,250 --> 00:18:43,929 is an arms race. We have this first layer 537 00:18:43,930 --> 00:18:45,279 of encryption that's helping us. 538 00:18:45,280 --> 00:18:47,499 And we'll see a couple examples later on 539 00:18:47,500 --> 00:18:49,689 of countries and how the nation states 540 00:18:49,690 --> 00:18:51,520 are trying to fight back against that. 541 00:18:53,650 --> 00:18:56,019 We mentioned blog posts a lot, I think 542 00:18:56,020 --> 00:18:57,020 social media, 543 00:18:58,270 --> 00:18:59,740 both in terms of 544 00:19:00,760 --> 00:19:02,169 Facebook and these these ways that we 545 00:19:02,170 --> 00:19:03,579 posed to each other. 546 00:19:03,580 --> 00:19:05,559 Also, the mobile apps that we use to 547 00:19:05,560 --> 00:19:07,719 communicate and chat are becoming 548 00:19:07,720 --> 00:19:10,149 more and more at the focus of censorship, 549 00:19:10,150 --> 00:19:12,369 especially around political events. 550 00:19:12,370 --> 00:19:14,979 We saw this happen in Brazil. 551 00:19:14,980 --> 00:19:16,839 WhatsApp got blocked a couple of times in 552 00:19:16,840 --> 00:19:19,479 May and June as the political climate got 553 00:19:19,480 --> 00:19:20,480 less stable. 554 00:19:21,430 --> 00:19:23,559 And that's again, it happened within 555 00:19:23,560 --> 00:19:25,239 a legal framework for the company. 556 00:19:25,240 --> 00:19:27,189 Brazil asked WhatsApp to provide them 557 00:19:27,190 --> 00:19:28,190 with 558 00:19:29,290 --> 00:19:31,809 with logs of chats that they believed 559 00:19:31,810 --> 00:19:33,279 had incriminating information. 560 00:19:33,280 --> 00:19:35,349 And WhatsApp was unfortunately unable 561 00:19:35,350 --> 00:19:36,759 to provide those because they haven't 562 00:19:36,760 --> 00:19:37,899 done encryption. They don't have the 563 00:19:37,900 --> 00:19:39,400 decrypted logs themselves to provide. 564 00:19:40,540 --> 00:19:42,639 And so Brazil 565 00:19:42,640 --> 00:19:44,949 judges have blocked WhatsApp on and off 566 00:19:44,950 --> 00:19:46,329 and in fact, have for a couple of 567 00:19:46,330 --> 00:19:48,639 services threatened 568 00:19:48,640 --> 00:19:50,319 to jail executives of these companies for 569 00:19:50,320 --> 00:19:52,549 not complying and things of that nature. 570 00:19:54,880 --> 00:19:57,069 We also see social networking 571 00:19:57,070 --> 00:20:00,069 in Gabon this September. 572 00:20:00,070 --> 00:20:01,659 Gabon was interesting. 573 00:20:01,660 --> 00:20:04,239 Just after their election, 574 00:20:04,240 --> 00:20:06,429 the Internet went out entirely for a 575 00:20:06,430 --> 00:20:08,019 little bit. Then it came back on with a 576 00:20:08,020 --> 00:20:10,209 curfew where at the routing 577 00:20:10,210 --> 00:20:12,189 layer, it was turned off at 6:00 p.m. 578 00:20:12,190 --> 00:20:14,349 for about five days in a row 579 00:20:14,350 --> 00:20:16,179 and came back on the next morning. 580 00:20:16,180 --> 00:20:17,739 So you would be able to have it well 581 00:20:17,740 --> 00:20:19,779 while working hours, but not for 582 00:20:19,780 --> 00:20:21,399 organizing in the evenings. 583 00:20:21,400 --> 00:20:23,559 And then after that happened and sort of 584 00:20:23,560 --> 00:20:25,119 general Internet connectivity in the 585 00:20:25,120 --> 00:20:26,949 evening was restored. 586 00:20:26,950 --> 00:20:28,569 There were still blocks on Facebook, 587 00:20:28,570 --> 00:20:30,669 Twitter and WhatsApp for a couple 588 00:20:30,670 --> 00:20:31,839 more weeks afterwards. 589 00:20:31,840 --> 00:20:33,309 So these services that people might use 590 00:20:33,310 --> 00:20:35,619 to organize are being focused on 591 00:20:35,620 --> 00:20:37,989 collective action is continues to be 592 00:20:37,990 --> 00:20:40,509 one of the most sort of sensitive 593 00:20:40,510 --> 00:20:42,010 topics for four states. 594 00:20:43,420 --> 00:20:44,859 And then and then we have a very recent 595 00:20:44,860 --> 00:20:46,929 example in Egypt, which 596 00:20:46,930 --> 00:20:49,899 this month decided to block signal 597 00:20:49,900 --> 00:20:51,699 one of the one of the better end to end 598 00:20:51,700 --> 00:20:52,930 encrypted messaging systems. 599 00:20:54,400 --> 00:20:56,559 And luckily, Signal was able to reply 600 00:20:56,560 --> 00:20:58,299 and respond really quickly. 601 00:20:58,300 --> 00:21:00,759 They are using a domain fronting 602 00:21:00,760 --> 00:21:02,709 sort of circumvention technique now in 603 00:21:02,710 --> 00:21:04,269 their latest update, which gets around 604 00:21:04,270 --> 00:21:06,309 this. And so for people who have updated, 605 00:21:06,310 --> 00:21:07,629 though, they'll still be able to access 606 00:21:07,630 --> 00:21:08,019 it. 607 00:21:08,020 --> 00:21:10,149 But we're seeing it's these chat and 608 00:21:10,150 --> 00:21:11,109 these these things. 609 00:21:11,110 --> 00:21:12,479 Yeah, sure thought the cloud. 610 00:21:19,830 --> 00:21:21,629 It's these apps that are more and more 611 00:21:21,630 --> 00:21:23,819 sort of in the targets of of states 612 00:21:23,820 --> 00:21:24,960 wanting to control the dialog. 613 00:21:28,180 --> 00:21:30,339 So distributed denial of service is 614 00:21:30,340 --> 00:21:32,499 something that continues to be with 615 00:21:32,500 --> 00:21:34,989 us, it's alive and well. 616 00:21:34,990 --> 00:21:37,059 One of the big examples of 617 00:21:37,060 --> 00:21:39,429 dogs being used to try and look 618 00:21:39,430 --> 00:21:41,739 for retribution or to take down views 619 00:21:41,740 --> 00:21:43,629 that people didn't agree with was on the 620 00:21:43,630 --> 00:21:45,699 Krebs blog, where a large 621 00:21:45,700 --> 00:21:48,099 Internet of Things I botnet 622 00:21:48,100 --> 00:21:50,649 got sort of weaponized to 623 00:21:50,650 --> 00:21:52,029 manage to take this down for a period of 624 00:21:52,030 --> 00:21:53,649 time despite being hosted on Akamai, 625 00:21:53,650 --> 00:21:55,929 which we would hope that these large CDSs 626 00:21:55,930 --> 00:21:57,609 are sort of above 627 00:21:58,810 --> 00:21:59,769 in terms of their size. 628 00:21:59,770 --> 00:22:00,669 They can handle traffic. 629 00:22:00,670 --> 00:22:02,379 But but we see that botnet can still be 630 00:22:02,380 --> 00:22:03,380 effective 631 00:22:04,720 --> 00:22:05,889 and certainly for smaller things. 632 00:22:05,890 --> 00:22:07,989 So so the Black Lives 633 00:22:07,990 --> 00:22:10,059 Matter movement, we can 634 00:22:10,060 --> 00:22:11,890 see that there's 635 00:22:13,330 --> 00:22:15,909 over 100 incidents that occurred 636 00:22:15,910 --> 00:22:18,669 to their sites over the last year. 637 00:22:18,670 --> 00:22:20,099 And so. 638 00:22:20,100 --> 00:22:22,799 Das is sort of this tool that gets used 639 00:22:22,800 --> 00:22:24,899 when you aren't in the center right. 640 00:22:24,900 --> 00:22:26,279 It's this. It's this. 641 00:22:26,280 --> 00:22:28,469 Maybe you're off on the side 642 00:22:28,470 --> 00:22:29,969 and two people are talking or someone is 643 00:22:29,970 --> 00:22:31,319 talking to an audience where you can't 644 00:22:31,320 --> 00:22:32,669 block their communication. 645 00:22:32,670 --> 00:22:34,709 I'm in another country or I'm not the ISP 646 00:22:34,710 --> 00:22:36,839 itself or I need more anonymity 647 00:22:36,840 --> 00:22:38,129 and I still want to remove that 648 00:22:38,130 --> 00:22:38,549 viewpoint. 649 00:22:38,550 --> 00:22:40,799 And doctors remain sort of an effective 650 00:22:40,800 --> 00:22:42,539 weapon for that attempt at censorship, 651 00:22:42,540 --> 00:22:44,849 where you have resources in money 652 00:22:44,850 --> 00:22:46,589 or in computers or bandwidth, but you 653 00:22:46,590 --> 00:22:48,029 don't necessarily have the position of 654 00:22:48,030 --> 00:22:50,639 power where you can block 655 00:22:50,640 --> 00:22:52,859 an in network communication 656 00:22:52,860 --> 00:22:54,209 or dissemination of information. 657 00:22:57,120 --> 00:22:58,109 There were a bunch more Internet 658 00:22:58,110 --> 00:23:00,209 shutdowns this year, Access Now 659 00:23:00,210 --> 00:23:02,699 is an advocacy group that 660 00:23:02,700 --> 00:23:05,099 monitors the Internet and the situation 661 00:23:05,100 --> 00:23:07,589 and access around the world and tries to 662 00:23:07,590 --> 00:23:10,709 help advocate for for access. 663 00:23:10,710 --> 00:23:13,619 They documented 15 shutdowns 664 00:23:13,620 --> 00:23:15,779 last year and in twenty sixteen, it's 665 00:23:15,780 --> 00:23:17,009 up to 50 one at this point. 666 00:23:18,360 --> 00:23:20,459 This is concerning because it, again, 667 00:23:20,460 --> 00:23:21,989 is talking about sort of this normalization 668 00:23:21,990 --> 00:23:23,999 of countries saying, well, you know, 669 00:23:24,000 --> 00:23:26,129 there have been 50 examples this year 670 00:23:26,130 --> 00:23:27,959 of of other countries that have shut down 671 00:23:27,960 --> 00:23:29,759 their Internet for periods of time, often 672 00:23:29,760 --> 00:23:32,279 around politically sensitive events. 673 00:23:32,280 --> 00:23:34,709 And very few of them have revolted 674 00:23:34,710 --> 00:23:37,019 or had any major consequences. 675 00:23:37,020 --> 00:23:39,419 So this this, again, sort of as these 676 00:23:39,420 --> 00:23:41,399 continue to happen, they they empower 677 00:23:41,400 --> 00:23:42,899 additional countries to say, oh, this 678 00:23:42,900 --> 00:23:44,279 maybe is a solution to this sort of 679 00:23:44,280 --> 00:23:45,280 problem. 680 00:23:46,630 --> 00:23:48,879 Even in the US, we see sort of 681 00:23:48,880 --> 00:23:51,489 continued, uh, 682 00:23:51,490 --> 00:23:53,619 attempts to to have this sort of control, 683 00:23:53,620 --> 00:23:55,239 we want do we want our government to be 684 00:23:55,240 --> 00:23:57,699 able to turn off the Internet in 685 00:23:57,700 --> 00:23:59,559 in situations of national emergency? 686 00:24:01,480 --> 00:24:03,609 This was a debate under Obama and 687 00:24:03,610 --> 00:24:04,610 will continue to be one. 688 00:24:07,200 --> 00:24:09,419 I guess the again, to counter 689 00:24:09,420 --> 00:24:10,980 this sort of depressing narrative, 690 00:24:12,030 --> 00:24:13,979 the thing that maybe provides us with 691 00:24:13,980 --> 00:24:16,079 hope in this sort of situation is, 692 00:24:16,080 --> 00:24:17,369 is cases like Ecuador, 693 00:24:18,450 --> 00:24:20,639 which despite having 694 00:24:20,640 --> 00:24:22,199 the ability to do these shutdowns of 695 00:24:22,200 --> 00:24:24,359 services this 696 00:24:24,360 --> 00:24:26,309 April, there was a large sort of leaks 697 00:24:26,310 --> 00:24:28,529 around the ISPs and 698 00:24:28,530 --> 00:24:30,149 their their cooperation with the 699 00:24:30,150 --> 00:24:30,809 government. 700 00:24:30,810 --> 00:24:32,039 And so it continues to be through the 701 00:24:32,040 --> 00:24:33,599 whistleblowers and through leaks of this 702 00:24:33,600 --> 00:24:35,159 sort of information that we learn about 703 00:24:35,160 --> 00:24:36,899 what's really happening and we're able to 704 00:24:36,900 --> 00:24:38,559 get accountability back. 705 00:24:38,560 --> 00:24:40,439 So one of the major problems here is do 706 00:24:40,440 --> 00:24:41,549 we have accountability and do we 707 00:24:41,550 --> 00:24:43,649 understand these structures and systems 708 00:24:43,650 --> 00:24:45,119 that are being put in place? 709 00:24:45,120 --> 00:24:47,249 I think Ecuador provides 710 00:24:47,250 --> 00:24:48,899 us with one of these examples this year 711 00:24:48,900 --> 00:24:51,629 of how whistleblowing is alive and well 712 00:24:51,630 --> 00:24:53,549 and helps to to provide public insight 713 00:24:53,550 --> 00:24:54,550 and conversation. 714 00:24:56,390 --> 00:24:58,579 So we'll finish sort of what's going 715 00:24:58,580 --> 00:25:00,559 on out there with just a few specific 716 00:25:00,560 --> 00:25:01,759 countries that don't necessarily fall 717 00:25:01,760 --> 00:25:02,760 into these categories. 718 00:25:04,160 --> 00:25:05,160 Thailand 719 00:25:06,230 --> 00:25:08,389 has had for 720 00:25:08,390 --> 00:25:10,759 a long time a set of fairly 721 00:25:10,760 --> 00:25:12,889 narrow. Well, they've had, you know, 722 00:25:12,890 --> 00:25:13,939 their sort of laws. And what really 723 00:25:13,940 --> 00:25:16,339 they've censored is sort of based on 724 00:25:16,340 --> 00:25:18,439 less majesty attacks on the royal 725 00:25:18,440 --> 00:25:20,689 family and defamation there. 726 00:25:22,940 --> 00:25:25,279 With the king dying and the 727 00:25:25,280 --> 00:25:26,779 and his successor being appointed. 728 00:25:26,780 --> 00:25:27,799 There's been tension there. 729 00:25:27,800 --> 00:25:29,479 And so there's been additional sort of 730 00:25:29,480 --> 00:25:30,889 concern around there. 731 00:25:30,890 --> 00:25:32,809 And then this December, they've passed an 732 00:25:32,810 --> 00:25:34,369 additional law giving the government 733 00:25:34,370 --> 00:25:35,370 quite a bit more power. 734 00:25:36,590 --> 00:25:39,169 Over the spring, they floated proposals 735 00:25:39,170 --> 00:25:40,549 that they needed a single Internet 736 00:25:40,550 --> 00:25:42,589 gateway where they would have the ability 737 00:25:42,590 --> 00:25:43,909 to man in the middle with a government 738 00:25:43,910 --> 00:25:46,039 certificate, all of the traffic going 739 00:25:46,040 --> 00:25:47,040 out of the country. 740 00:25:48,200 --> 00:25:49,909 That isn't in the current bill, as I've 741 00:25:49,910 --> 00:25:52,219 read it. But it sounds like that push for 742 00:25:52,220 --> 00:25:54,619 having that additional control continues 743 00:25:54,620 --> 00:25:56,509 and is something that that they're moving 744 00:25:56,510 --> 00:25:58,519 towards. The the current legislation that 745 00:25:58,520 --> 00:26:00,049 passed in December seems to be moving 746 00:26:00,050 --> 00:26:01,909 towards that, though it doesn't get fully 747 00:26:01,910 --> 00:26:02,910 there 748 00:26:04,460 --> 00:26:06,649 in Cuba, the Cuban 749 00:26:06,650 --> 00:26:08,389 Internet remains very expensive and out 750 00:26:08,390 --> 00:26:09,769 of reach for most people. 751 00:26:09,770 --> 00:26:11,959 One sign of good news 752 00:26:11,960 --> 00:26:14,119 there is that recently 753 00:26:14,120 --> 00:26:15,679 Google signed agreements to be able to 754 00:26:15,680 --> 00:26:17,059 put servers in Cuba. 755 00:26:17,060 --> 00:26:18,829 So we're starting to see the ability of 756 00:26:18,830 --> 00:26:21,199 Western and external companies 757 00:26:21,200 --> 00:26:22,880 to locate servers inside and help 758 00:26:23,900 --> 00:26:25,399 invest in infrastructure within the 759 00:26:25,400 --> 00:26:26,419 country. 760 00:26:26,420 --> 00:26:28,339 So maybe this is, I guess we can hope, 761 00:26:30,110 --> 00:26:32,269 an indication that Cuba is going to 762 00:26:32,270 --> 00:26:33,499 start sort of upgrading its 763 00:26:33,500 --> 00:26:34,759 infrastructure and getting more 764 00:26:34,760 --> 00:26:35,760 connected. 765 00:26:38,640 --> 00:26:40,470 Turkey also had a tough year this year. 766 00:26:41,490 --> 00:26:44,729 They're regularly blocking VPN protocols, 767 00:26:44,730 --> 00:26:46,529 they're also blocking Tor and some of 768 00:26:46,530 --> 00:26:47,669 these anonymity software. 769 00:26:48,960 --> 00:26:51,029 And Turkey is the one country 770 00:26:51,030 --> 00:26:52,739 that got downgraded in the Freedom House 771 00:26:52,740 --> 00:26:54,809 report from partially free to not free in 772 00:26:54,810 --> 00:26:56,669 terms of their connectivity. 773 00:26:56,670 --> 00:26:58,829 This correlates to the 774 00:26:58,830 --> 00:27:00,749 political events that we've seen there 775 00:27:00,750 --> 00:27:03,329 and increasing pressure on on 776 00:27:03,330 --> 00:27:05,569 sort of civil society more generally. 777 00:27:08,000 --> 00:27:10,159 Finally, the 778 00:27:10,160 --> 00:27:12,199 U.K. has passed a set of laws and we've 779 00:27:12,200 --> 00:27:13,670 seen sort of additional 780 00:27:14,690 --> 00:27:16,909 restriction, especially in pornography 781 00:27:16,910 --> 00:27:17,910 there. 782 00:27:18,410 --> 00:27:19,849 There's a whole section on this on day 783 00:27:19,850 --> 00:27:21,619 four about sort of what this new set of 784 00:27:21,620 --> 00:27:22,969 laws entail. 785 00:27:22,970 --> 00:27:25,399 But it sounds like it 786 00:27:25,400 --> 00:27:27,649 primarily is a surveillance 787 00:27:27,650 --> 00:27:28,650 thing. 788 00:27:29,420 --> 00:27:32,449 So so your data has to be retained. 789 00:27:32,450 --> 00:27:34,819 There's certainly a chilling effects 790 00:27:34,820 --> 00:27:36,709 of free speech around that of people 791 00:27:36,710 --> 00:27:38,179 trying to second guess what they're going 792 00:27:38,180 --> 00:27:39,180 to say. 793 00:27:39,660 --> 00:27:42,169 But but it's not sort of imposing 794 00:27:42,170 --> 00:27:44,419 major new things of of automatic 795 00:27:44,420 --> 00:27:46,489 takedown of content or removing hosts 796 00:27:46,490 --> 00:27:47,490 beyond what's already there. 797 00:27:50,550 --> 00:27:52,469 A lot has happened in the measurement 798 00:27:52,470 --> 00:27:54,599 space, both in academia and 799 00:27:54,600 --> 00:27:56,639 civil society, so we want to give you a 800 00:27:56,640 --> 00:27:58,889 quick overview of the most exciting 801 00:27:58,890 --> 00:28:00,599 things that have happened over the last 802 00:28:00,600 --> 00:28:01,600 year. 803 00:28:02,220 --> 00:28:04,059 Rooney has made a lot of progress. 804 00:28:04,060 --> 00:28:06,239 So is the open observatory for 805 00:28:06,240 --> 00:28:07,199 Network Interference. 806 00:28:07,200 --> 00:28:08,849 It's a free software project under the 807 00:28:08,850 --> 00:28:10,649 larger umbrella. 808 00:28:10,650 --> 00:28:12,779 And among the more 809 00:28:12,780 --> 00:28:14,579 exciting things that happened is a lot of 810 00:28:14,580 --> 00:28:16,829 outreach and research. 811 00:28:16,830 --> 00:28:19,259 So is based on having 812 00:28:19,260 --> 00:28:21,419 probes, small pieces of software, 813 00:28:21,420 --> 00:28:23,489 often on a Raspberry Pi that are 814 00:28:23,490 --> 00:28:25,289 being deployed in different countries and 815 00:28:25,290 --> 00:28:26,939 in these countries to conduct 816 00:28:26,940 --> 00:28:28,919 measurements and sent them back to 817 00:28:28,920 --> 00:28:31,079 servers where we can analyze them 818 00:28:31,080 --> 00:28:32,250 and visualize the results. 819 00:28:33,420 --> 00:28:34,979 A lot has happened in outreach. 820 00:28:34,980 --> 00:28:37,409 So in more than 10 countries, 821 00:28:37,410 --> 00:28:39,659 there are no partnerships to deploy these 822 00:28:39,660 --> 00:28:41,939 probes and also work on 823 00:28:41,940 --> 00:28:43,949 specific reports about what's happening 824 00:28:43,950 --> 00:28:46,169 in these countries and 825 00:28:46,170 --> 00:28:47,849 when you was also very active on their 826 00:28:47,850 --> 00:28:49,949 blog. So a lot has 827 00:28:49,950 --> 00:28:52,169 happened. We have a URL here, among 828 00:28:52,170 --> 00:28:54,419 other things, in Malaysia, the elections 829 00:28:54,420 --> 00:28:56,069 have been analyzed. 830 00:28:56,070 --> 00:28:58,319 So in that regard, it was 831 00:28:58,320 --> 00:28:59,339 a very exciting year. 832 00:29:00,660 --> 00:29:02,699 There is also a Web interface now. 833 00:29:02,700 --> 00:29:04,919 So if you have an uni probe 834 00:29:04,920 --> 00:29:06,929 and want to help the project, you're not 835 00:29:06,930 --> 00:29:09,029 able to go to this web 836 00:29:09,030 --> 00:29:10,829 interface and both. 837 00:29:10,830 --> 00:29:12,869 It's easier to run and also to analyze 838 00:29:12,870 --> 00:29:13,870 the test results. 839 00:29:15,180 --> 00:29:17,159 The project really went out of their way 840 00:29:17,160 --> 00:29:19,259 that even worked with the UI designer to 841 00:29:19,260 --> 00:29:21,809 make it as easy to use as possible. 842 00:29:21,810 --> 00:29:23,909 And this is what it 843 00:29:23,910 --> 00:29:24,910 looks now. 844 00:29:25,770 --> 00:29:27,899 And there are also a lot of plans for 845 00:29:27,900 --> 00:29:29,339 twenty seventeen. 846 00:29:29,340 --> 00:29:31,589 Among other things, the only 847 00:29:31,590 --> 00:29:33,419 project is thinking about reengineering 848 00:29:33,420 --> 00:29:34,649 the data pipeline. 849 00:29:34,650 --> 00:29:36,629 So a lot of data is constantly being 850 00:29:36,630 --> 00:29:38,999 produced and sent to the central servers. 851 00:29:39,000 --> 00:29:41,879 And there is a series of subsequent steps 852 00:29:41,880 --> 00:29:43,859 of processing that is happening to the 853 00:29:43,860 --> 00:29:45,929 data and ask the amount of data 854 00:29:45,930 --> 00:29:47,849 increases. It's getting harder and harder 855 00:29:47,850 --> 00:29:50,459 to deal with this wealth of information. 856 00:29:50,460 --> 00:29:52,559 And both the project 857 00:29:52,560 --> 00:29:54,779 wants to extract more interesting 858 00:29:54,780 --> 00:29:56,549 information out of these reports, but 859 00:29:56,550 --> 00:29:58,619 also make it easier to process them at 860 00:29:58,620 --> 00:29:59,620 scale. 861 00:30:00,390 --> 00:30:03,389 Another important point is orchestration. 862 00:30:03,390 --> 00:30:05,639 So at this so far 863 00:30:05,640 --> 00:30:07,079 these projects have been mostly 864 00:30:07,080 --> 00:30:07,739 autonomous. 865 00:30:07,740 --> 00:30:09,329 They are sitting somewhere in someone's 866 00:30:09,330 --> 00:30:11,099 basement or at some university in 867 00:30:11,100 --> 00:30:13,319 different countries, and it used to be 868 00:30:13,320 --> 00:30:15,449 really difficult or 869 00:30:15,450 --> 00:30:17,459 to get the right results at the right 870 00:30:17,460 --> 00:30:19,529 time due to the nature 871 00:30:19,530 --> 00:30:21,629 of the autonomous distribution. 872 00:30:21,630 --> 00:30:23,999 So there is a trend towards moving 873 00:30:24,000 --> 00:30:25,979 towards a model where it's easier to 874 00:30:25,980 --> 00:30:28,469 control these probes and 875 00:30:28,470 --> 00:30:30,989 have control over what is being analyzed 876 00:30:30,990 --> 00:30:32,609 and what is coming in there. 877 00:30:32,610 --> 00:30:34,889 And that makes it way more flexible 878 00:30:34,890 --> 00:30:37,109 and easy to get high quality results. 879 00:30:37,110 --> 00:30:38,639 Think about elections, for example. 880 00:30:38,640 --> 00:30:40,289 You don't really want to wait for data to 881 00:30:40,290 --> 00:30:41,519 flow in eventually. 882 00:30:41,520 --> 00:30:43,709 You have probably a very specific idea of 883 00:30:43,710 --> 00:30:45,599 what you're looking for, and that makes 884 00:30:45,600 --> 00:30:47,519 it easier to find probes in a given 885 00:30:47,520 --> 00:30:49,739 region and make them do 886 00:30:49,740 --> 00:30:51,470 the measurements for you in time. 887 00:30:54,110 --> 00:30:57,109 There has also been progress in academia. 888 00:30:57,110 --> 00:30:59,059 We are maintaining a censorship 889 00:30:59,060 --> 00:31:02,029 bibliography and so far in 2016 890 00:31:02,030 --> 00:31:04,459 we counted more than 20 research papers. 891 00:31:05,630 --> 00:31:07,369 There are among all of that. 892 00:31:07,370 --> 00:31:10,369 So both in circumvention and 893 00:31:10,370 --> 00:31:11,630 censorship analysis, 894 00:31:12,650 --> 00:31:13,639 among other things. 895 00:31:13,640 --> 00:31:16,099 We learned about a couple of new insights 896 00:31:16,100 --> 00:31:17,179 about the Great Firewall. 897 00:31:17,180 --> 00:31:19,339 For example, how the DNS poisoning 898 00:31:19,340 --> 00:31:21,439 works on the server side 899 00:31:21,440 --> 00:31:23,269 since people mostly looked at infected 900 00:31:23,270 --> 00:31:24,919 results, but not so much about what is 901 00:31:24,920 --> 00:31:27,379 happening to the poisoned 902 00:31:27,380 --> 00:31:28,669 DNS resolver. 903 00:31:28,670 --> 00:31:31,009 We also learned more about 904 00:31:31,010 --> 00:31:33,709 how the maintainers of the Great Firewall 905 00:31:33,710 --> 00:31:36,439 deal with hardcoded Tor breaches. 906 00:31:36,440 --> 00:31:38,519 So a research group looked into the 907 00:31:38,520 --> 00:31:40,609 blocking delay, which is really exciting 908 00:31:40,610 --> 00:31:42,169 because it gives you some kind of insight 909 00:31:42,170 --> 00:31:44,359 into the operational business that is 910 00:31:44,360 --> 00:31:46,369 going on behind the Great Firewall. 911 00:31:49,070 --> 00:31:51,199 In addition to research, 912 00:31:51,200 --> 00:31:53,539 there has been an ongoing discussion 913 00:31:53,540 --> 00:31:55,939 about the ethics of network measurement. 914 00:31:55,940 --> 00:31:57,859 So a couple of years ago in academia, 915 00:31:57,860 --> 00:31:59,779 almost everything was fair game when it 916 00:31:59,780 --> 00:32:01,669 comes to network measurement. 917 00:32:01,670 --> 00:32:03,319 But two or three years ago, a couple of 918 00:32:03,320 --> 00:32:05,659 controversial research papers came out 919 00:32:05,660 --> 00:32:07,879 that prompted the community to think 920 00:32:07,880 --> 00:32:10,549 deeper about what is acceptable, 921 00:32:10,550 --> 00:32:12,649 in particular because a lot of this 922 00:32:12,650 --> 00:32:14,839 work can actually put people at risk. 923 00:32:14,840 --> 00:32:16,999 And this is something that has been 924 00:32:17,000 --> 00:32:18,429 not entirely ignored. 925 00:32:18,430 --> 00:32:20,629 But people don't think about this as much 926 00:32:20,630 --> 00:32:22,219 as they should be. 927 00:32:22,220 --> 00:32:24,319 One trend is to try and 928 00:32:24,320 --> 00:32:26,299 seek informed consent. 929 00:32:26,300 --> 00:32:28,579 If you work with people on the ground, 930 00:32:28,580 --> 00:32:30,799 it tends to be easy to get consent. 931 00:32:30,800 --> 00:32:32,329 It tends to be a little bit harder to 932 00:32:32,330 --> 00:32:34,759 have to consent be actually informed. 933 00:32:34,760 --> 00:32:35,959 So there are 934 00:32:37,130 --> 00:32:39,379 approaches to make people solve the quiz 935 00:32:39,380 --> 00:32:41,659 before they engage in the measurement 936 00:32:41,660 --> 00:32:43,489 to make sure that they really, really 937 00:32:43,490 --> 00:32:45,140 understand what they're getting into. 938 00:32:46,190 --> 00:32:48,139 Another trend is, of course, to weigh the 939 00:32:48,140 --> 00:32:50,029 risk versus the benefits. 940 00:32:50,030 --> 00:32:51,769 Of course, you always get something out 941 00:32:51,770 --> 00:32:53,929 of an academic research project, 942 00:32:53,930 --> 00:32:56,419 but often there is some risk to it. 943 00:32:56,420 --> 00:32:58,189 Of course, it's difficult because you 944 00:32:58,190 --> 00:33:00,079 cannot just quantify this and come up 945 00:33:00,080 --> 00:33:02,629 with two numbers and put them on a scale. 946 00:33:02,630 --> 00:33:04,759 So this really requires an effort 947 00:33:04,760 --> 00:33:06,829 to get an understanding of on 948 00:33:06,830 --> 00:33:08,299 the ground knowledge. 949 00:33:08,300 --> 00:33:10,609 And this is similar to threat modeling. 950 00:33:10,610 --> 00:33:12,319 Of course, we can look at laws and 951 00:33:12,320 --> 00:33:14,749 countries and try to get a feeling for 952 00:33:14,750 --> 00:33:16,879 what could get people into trouble. 953 00:33:16,880 --> 00:33:18,919 But the way laws are enforced are very 954 00:33:18,920 --> 00:33:20,659 different. So for that, you really need 955 00:33:20,660 --> 00:33:22,759 someone who has a good understanding 956 00:33:22,760 --> 00:33:25,249 of the country and how it interprets 957 00:33:25,250 --> 00:33:26,969 its laws. And this is really difficult. 958 00:33:26,970 --> 00:33:29,209 So the current consensus is 959 00:33:29,210 --> 00:33:31,339 that in case of doubt, academic 960 00:33:31,340 --> 00:33:33,169 researchers tend to air on the side of 961 00:33:33,170 --> 00:33:35,419 caution and ideally just not 962 00:33:35,420 --> 00:33:36,019 do something. 963 00:33:36,020 --> 00:33:38,179 Even though my teachers an interesting 964 00:33:38,180 --> 00:33:39,289 new bit of information, 965 00:33:41,480 --> 00:33:43,579 one exciting project that is happening 966 00:33:43,580 --> 00:33:45,349 in the academic space is this spooky 967 00:33:45,350 --> 00:33:46,350 scan. 968 00:33:46,940 --> 00:33:49,279 So this is a type of network measurement 969 00:33:49,280 --> 00:33:51,409 technique that allows you to 970 00:33:51,410 --> 00:33:53,149 test the connectivity between two 971 00:33:53,150 --> 00:33:55,309 computers, A and B, 972 00:33:55,310 --> 00:33:57,469 say, in China 973 00:33:57,470 --> 00:33:58,609 and in the United States. 974 00:33:58,610 --> 00:34:00,709 And you don't control A or 975 00:34:00,710 --> 00:34:03,109 B, so this is the really exciting part 976 00:34:03,110 --> 00:34:04,789 that it allows you to infer the 977 00:34:04,790 --> 00:34:06,319 connection state between these two 978 00:34:06,320 --> 00:34:07,879 machines, even though you don't control 979 00:34:07,880 --> 00:34:08,880 them. 980 00:34:09,530 --> 00:34:12,169 The way it works is it leverages 981 00:34:12,170 --> 00:34:13,999 a type of site, channel and network 982 00:34:14,000 --> 00:34:15,948 stacks. So some of you might have heard 983 00:34:15,949 --> 00:34:17,928 of the iPad. 984 00:34:17,929 --> 00:34:20,029 It's a feeling the IP header 985 00:34:20,030 --> 00:34:22,908 that is used for fragmentation. 986 00:34:22,909 --> 00:34:24,738 Most modern network stacks tend to 987 00:34:24,739 --> 00:34:25,968 randomize this field. 988 00:34:25,969 --> 00:34:28,488 But a couple of legacy network stacks, 989 00:34:28,489 --> 00:34:30,709 most notably some flavors of windows 990 00:34:30,710 --> 00:34:32,539 and free FreeBSD, have a globally 991 00:34:32,540 --> 00:34:34,009 incrementing counter. 992 00:34:34,010 --> 00:34:36,349 This means that it leaks 993 00:34:36,350 --> 00:34:37,968 information to unrelated network 994 00:34:37,969 --> 00:34:38,899 connections. 995 00:34:38,900 --> 00:34:41,149 And it turns out that you can use that 996 00:34:41,150 --> 00:34:43,488 for the spookies can. 997 00:34:43,489 --> 00:34:45,559 And at the moment, according to the 998 00:34:45,560 --> 00:34:47,178 researchers behind this project, 999 00:34:47,179 --> 00:34:49,249 approximately one percent of the IP 1000 00:34:49,250 --> 00:34:51,408 for address space is affected 1001 00:34:51,409 --> 00:34:53,419 by this. This might not seem like a lot, 1002 00:34:53,420 --> 00:34:55,099 but if you're interested in a certain 1003 00:34:55,100 --> 00:34:57,409 country, one percent is a lot. 1004 00:34:57,410 --> 00:34:59,479 So you're guaranteed to find probably 1005 00:34:59,480 --> 00:35:01,669 a couple of thousand machines that 1006 00:35:01,670 --> 00:35:03,529 can be conscripted to be part of the 1007 00:35:03,530 --> 00:35:05,029 spookies can. 1008 00:35:05,030 --> 00:35:06,949 So all of this is run by Royo at 1009 00:35:06,950 --> 00:35:08,599 Princeton University. 1010 00:35:08,600 --> 00:35:09,869 There is a research paper. 1011 00:35:09,870 --> 00:35:12,109 Another one is in the making 1012 00:35:12,110 --> 00:35:13,969 and we can not have a quick look at 1013 00:35:13,970 --> 00:35:14,970 Hydroxy in detail. 1014 00:35:16,430 --> 00:35:19,099 So in this picture, you can see three 1015 00:35:19,100 --> 00:35:21,409 types of cases, the three types 1016 00:35:21,410 --> 00:35:23,539 of cases that the spookies can can inform 1017 00:35:23,540 --> 00:35:24,469 you. 1018 00:35:24,470 --> 00:35:26,629 And the way it works is we have in 1019 00:35:26,630 --> 00:35:28,279 all three pictures, we have a reflector 1020 00:35:28,280 --> 00:35:29,989 on the left side. It's not under our 1021 00:35:29,990 --> 00:35:30,889 control. 1022 00:35:30,890 --> 00:35:32,959 We have a site on the right side, also 1023 00:35:32,960 --> 00:35:34,219 not under our control. 1024 00:35:34,220 --> 00:35:35,839 But both of these systems have to 1025 00:35:35,840 --> 00:35:38,059 globally incrementing IPID 1026 00:35:38,060 --> 00:35:39,060 counter. 1027 00:35:39,620 --> 00:35:41,179 Then we have a measurement machine at the 1028 00:35:41,180 --> 00:35:43,489 bottom that is under our control 1029 00:35:43,490 --> 00:35:45,769 and also it must be able to spoof IP 1030 00:35:45,770 --> 00:35:46,789 packets. 1031 00:35:46,790 --> 00:35:48,559 That doesn't tend to be a big problem in 1032 00:35:48,560 --> 00:35:50,719 academic networks where you can bribe 1033 00:35:50,720 --> 00:35:52,879 your network operator into 1034 00:35:52,880 --> 00:35:54,289 not doing ingress filtering. 1035 00:35:54,290 --> 00:35:56,689 So that tends to work fairly 1036 00:35:56,690 --> 00:35:57,690 well. 1037 00:35:58,310 --> 00:36:00,739 So the first step, you send a signal 1038 00:36:00,740 --> 00:36:02,599 to the IP segment from the measurement 1039 00:36:02,600 --> 00:36:04,969 machine to to reflector, 1040 00:36:04,970 --> 00:36:07,279 and that way you learn the current 1041 00:36:07,280 --> 00:36:10,129 state of the iPad counter. 1042 00:36:10,130 --> 00:36:12,769 In the next step, you send a spoofed 1043 00:36:12,770 --> 00:36:14,899 packet from the measurement machine 1044 00:36:14,900 --> 00:36:16,369 to the site. 1045 00:36:16,370 --> 00:36:18,979 But the return address of that packet 1046 00:36:18,980 --> 00:36:21,019 is the reflector and not the measurement 1047 00:36:21,020 --> 00:36:22,099 machine. 1048 00:36:22,100 --> 00:36:24,259 So when the site gets to packet, 1049 00:36:24,260 --> 00:36:26,599 it sends the response 1050 00:36:26,600 --> 00:36:28,249 to the reflector instead of the 1051 00:36:28,250 --> 00:36:30,139 measurement machine because it has been 1052 00:36:30,140 --> 00:36:32,329 spoofed and now some 1053 00:36:32,330 --> 00:36:33,859 magic happens in step three. 1054 00:36:33,860 --> 00:36:35,569 We don't know what this is exactly what 1055 00:36:35,570 --> 00:36:36,769 we were trying to learn. 1056 00:36:36,770 --> 00:36:38,989 Either the packets reach from sites 1057 00:36:38,990 --> 00:36:40,819 to the reflector or they are being 1058 00:36:40,820 --> 00:36:42,499 dropped, either a server to client or 1059 00:36:42,500 --> 00:36:43,579 client to server. 1060 00:36:43,580 --> 00:36:46,009 We don't really know, but we can 1061 00:36:46,010 --> 00:36:48,289 know by in the final steps 1062 00:36:48,290 --> 00:36:50,369 and. Another Sinak segment to 1063 00:36:50,370 --> 00:36:53,279 the Reflektor and again measuring 1064 00:36:53,280 --> 00:36:54,989 the iPad counter. 1065 00:36:54,990 --> 00:36:57,419 So we have two states 1066 00:36:57,420 --> 00:36:59,189 of the counter now and we can basically 1067 00:36:59,190 --> 00:37:01,349 determine the difference and the 1068 00:37:01,350 --> 00:37:04,019 difference between before and after 1069 00:37:04,020 --> 00:37:06,179 basically allows us to infer what is 1070 00:37:06,180 --> 00:37:07,529 happening between the site that the 1071 00:37:07,530 --> 00:37:08,530 reflector. 1072 00:37:09,270 --> 00:37:10,949 And it's a little bit complicated. 1073 00:37:10,950 --> 00:37:12,419 It took me a while to wrap my head around 1074 00:37:12,420 --> 00:37:14,249 it, but it's a really powerful technique. 1075 00:37:14,250 --> 00:37:16,079 It doesn't work in all cases, but when it 1076 00:37:16,080 --> 00:37:18,629 does work, it really allows you to 1077 00:37:18,630 --> 00:37:20,639 infer reliably what is happening between 1078 00:37:20,640 --> 00:37:22,229 two remote computers. 1079 00:37:23,250 --> 00:37:25,409 And not only is this possible in this 1080 00:37:25,410 --> 00:37:27,539 isolated scenario, it turns 1081 00:37:27,540 --> 00:37:29,429 out that this is quite scalable. 1082 00:37:29,430 --> 00:37:31,619 Even so, in another 1083 00:37:31,620 --> 00:37:33,839 research project, some 1084 00:37:33,840 --> 00:37:36,749 people deploy the spookies scan at scale 1085 00:37:36,750 --> 00:37:39,239 and this is a visualization of it. 1086 00:37:39,240 --> 00:37:41,129 So a couple of clients in China were 1087 00:37:41,130 --> 00:37:43,229 selected, a source, a couple of 1088 00:37:43,230 --> 00:37:45,239 Turrell's and Web servers were selected 1089 00:37:45,240 --> 00:37:46,439 as destination's. 1090 00:37:46,440 --> 00:37:49,049 And then the people behind this effort 1091 00:37:49,050 --> 00:37:51,119 measured the connectivity between all 1092 00:37:51,120 --> 00:37:53,549 these computers and 1093 00:37:53,550 --> 00:37:55,049 plotted it on the map. 1094 00:37:55,050 --> 00:37:57,119 So green lines means 1095 00:37:57,120 --> 00:37:59,879 unblocked and red lines means blocked. 1096 00:37:59,880 --> 00:38:01,889 And the entire point of this is really 1097 00:38:01,890 --> 00:38:03,629 just to show you that this is scalable. 1098 00:38:03,630 --> 00:38:05,219 So if it's implemented in the correct 1099 00:38:05,220 --> 00:38:07,739 way, it allows you to really 1100 00:38:07,740 --> 00:38:09,840 deploy a spooky scan at planet scale. 1101 00:38:12,770 --> 00:38:14,989 Like all the other or many other academic 1102 00:38:14,990 --> 00:38:17,119 efforts, the researchers had 1103 00:38:17,120 --> 00:38:19,639 to struggle with ethical challenges 1104 00:38:19,640 --> 00:38:21,319 because you don't really want to 1105 00:38:21,320 --> 00:38:23,479 conscript a normal 1106 00:38:23,480 --> 00:38:25,159 Internet users laptop for this 1107 00:38:25,160 --> 00:38:27,859 measurement, because it could be that 1108 00:38:27,860 --> 00:38:29,779 the local government maybe monitors the 1109 00:38:29,780 --> 00:38:31,069 Internet connection and might 1110 00:38:31,070 --> 00:38:33,079 misinterpret what is happening and 1111 00:38:33,080 --> 00:38:35,179 perhaps believe that this user is 1112 00:38:35,180 --> 00:38:36,979 doing something that she's actually not 1113 00:38:36,980 --> 00:38:37,969 doing. 1114 00:38:37,970 --> 00:38:39,409 So as a result. 1115 00:38:39,410 --> 00:38:41,389 This problem was solved, but just going 1116 00:38:41,390 --> 00:38:43,579 to three hops back in the traceroute 1117 00:38:43,580 --> 00:38:45,829 and instead of selecting actual 1118 00:38:45,830 --> 00:38:47,989 end users laptops, 1119 00:38:47,990 --> 00:38:50,059 it selects routers and 1120 00:38:50,060 --> 00:38:52,279 you can model the network load of routers 1121 00:38:52,280 --> 00:38:53,329 to get rid of the noise. 1122 00:38:53,330 --> 00:38:55,339 And that way you can basically get rid of 1123 00:38:55,340 --> 00:38:58,339 the ethical challenges entirely and still 1124 00:38:58,340 --> 00:38:59,750 get meaningful results. 1125 00:39:03,050 --> 00:39:04,969 A project that I've continued to work on 1126 00:39:04,970 --> 00:39:06,109 in the last year is something called 1127 00:39:06,110 --> 00:39:08,029 satellite, which is doing a similar thing 1128 00:39:08,030 --> 00:39:10,519 to spooky scan at the DNS level 1129 00:39:10,520 --> 00:39:12,469 and looking at open DNS resolvers to 1130 00:39:12,470 --> 00:39:14,929 understand DNS consistency 1131 00:39:14,930 --> 00:39:16,320 and issues in DNS resolution. 1132 00:39:17,540 --> 00:39:19,729 There's a paper on this now and we've 1133 00:39:19,730 --> 00:39:21,439 we've got now a couple of years of data. 1134 00:39:22,760 --> 00:39:24,559 A lot of this is sort of incremental. 1135 00:39:24,560 --> 00:39:26,719 So this is how many sites we see 1136 00:39:26,720 --> 00:39:28,519 blocked in Iran in the top ten thousand 1137 00:39:28,520 --> 00:39:29,989 over the last couple of years, since late 1138 00:39:29,990 --> 00:39:32,569 2014 in 1139 00:39:32,570 --> 00:39:34,699 in sort of 2015 was a 1140 00:39:34,700 --> 00:39:35,719 bit before their election. 1141 00:39:35,720 --> 00:39:37,459 We saw a major spike, but it's sort of 1142 00:39:37,460 --> 00:39:39,439 doubled over the course of 2016. 1143 00:39:39,440 --> 00:39:40,759 So there's been a slow, incremental 1144 00:39:40,760 --> 00:39:43,369 uptick in how much is blocked there. 1145 00:39:43,370 --> 00:39:45,499 And the sort of more recent work 1146 00:39:45,500 --> 00:39:47,539 that we've done in that area is trying to 1147 00:39:47,540 --> 00:39:49,639 explain what we think constitutes 1148 00:39:49,640 --> 00:39:51,349 blocking or why something is weird. 1149 00:39:51,350 --> 00:39:52,669 So we want to be able to say we think 1150 00:39:52,670 --> 00:39:54,979 this site is blocked because we found 1151 00:39:54,980 --> 00:39:56,209 fifty nine out of seventy four 1152 00:39:56,210 --> 00:39:57,109 resolutions. 1153 00:39:57,110 --> 00:39:58,999 We're going to an IP that clearly looks 1154 00:39:59,000 --> 00:40:01,129 wrong or because almost all 1155 00:40:01,130 --> 00:40:03,319 resolutions had a reverse 1156 00:40:03,320 --> 00:40:05,509 pointer. The IP address was named 1157 00:40:05,510 --> 00:40:07,639 something that looks fishy or wasn't 1158 00:40:07,640 --> 00:40:10,009 named in the right way, or most 1159 00:40:10,010 --> 00:40:11,629 of the things had the wrong server 1160 00:40:11,630 --> 00:40:13,459 header. When we actually ask about those 1161 00:40:13,460 --> 00:40:15,559 IP addresses rather than having 1162 00:40:15,560 --> 00:40:17,269 the expected server that that we see 1163 00:40:17,270 --> 00:40:18,319 globally. 1164 00:40:18,320 --> 00:40:19,849 And so we're able to start having these 1165 00:40:19,850 --> 00:40:21,739 justifications for why we think something 1166 00:40:21,740 --> 00:40:23,059 is anomalous. 1167 00:40:23,060 --> 00:40:24,349 That data is now getting posted on the 1168 00:40:24,350 --> 00:40:26,359 website and backfilled as we process the 1169 00:40:26,360 --> 00:40:27,360 backlog of all the data. 1170 00:40:29,730 --> 00:40:31,619 There continues to be a bunch of stuff 1171 00:40:31,620 --> 00:40:33,689 that's not coming out of universities as 1172 00:40:33,690 --> 00:40:35,339 well. That's really interesting. 1173 00:40:35,340 --> 00:40:37,439 Great Fire is a project that 1174 00:40:37,440 --> 00:40:38,759 focuses on China. 1175 00:40:38,760 --> 00:40:39,899 They released a new thing called 1176 00:40:39,900 --> 00:40:41,759 Circumvention Central this year, which 1177 00:40:41,760 --> 00:40:43,859 basically provides up to date 1178 00:40:43,860 --> 00:40:45,899 testing of LPNs in China. 1179 00:40:45,900 --> 00:40:47,759 So they have a set of nodes in the 1180 00:40:47,760 --> 00:40:50,039 country. They they try a bunch of popular 1181 00:40:50,040 --> 00:40:52,169 weapons and keep tabs on 1182 00:40:52,170 --> 00:40:53,699 the speed and the stability of those 1183 00:40:53,700 --> 00:40:54,959 things that they see. 1184 00:40:54,960 --> 00:40:56,249 And it's really meant as a resource for 1185 00:40:56,250 --> 00:40:57,959 users in the country to see which tools 1186 00:40:57,960 --> 00:40:58,960 they should be using. 1187 00:41:01,860 --> 00:41:04,259 We also see from from Google this year 1188 00:41:04,260 --> 00:41:06,329 that Google got a step ahead of many 1189 00:41:06,330 --> 00:41:07,529 of the others and released a thing called 1190 00:41:07,530 --> 00:41:09,779 Unfiltered News, which is looking at what 1191 00:41:09,780 --> 00:41:11,699 news stories are more and less reported 1192 00:41:11,700 --> 00:41:12,899 in different places. 1193 00:41:12,900 --> 00:41:14,219 So as you search for something like 1194 00:41:14,220 --> 00:41:16,499 Trump, you see that it's really those 1195 00:41:16,500 --> 00:41:18,839 news stories are read and are 1196 00:41:18,840 --> 00:41:20,999 viewed much more in the US and are seen 1197 00:41:21,000 --> 00:41:22,919 much less from publications in other 1198 00:41:22,920 --> 00:41:24,119 places. 1199 00:41:24,120 --> 00:41:26,459 Whereas if you look at something 1200 00:41:26,460 --> 00:41:28,649 like Syria, you see a very 1201 00:41:28,650 --> 00:41:30,299 different picture of who's seeing it and 1202 00:41:30,300 --> 00:41:31,769 you can start to pull out. 1203 00:41:31,770 --> 00:41:33,359 Where are the missing dots in this 1204 00:41:33,360 --> 00:41:34,499 picture? 1205 00:41:34,500 --> 00:41:36,089 There's like no China in this picture. 1206 00:41:36,090 --> 00:41:37,769 So China just didn't see that news at 1207 00:41:37,770 --> 00:41:39,839 all. And so we're starting to 1208 00:41:39,840 --> 00:41:42,059 to be able to tackle this 1209 00:41:42,060 --> 00:41:44,129 problem of, OK, there's there's news 1210 00:41:44,130 --> 00:41:45,059 that's missing in places. 1211 00:41:45,060 --> 00:41:46,469 What are these views that are that are 1212 00:41:46,470 --> 00:41:47,699 not being seen? 1213 00:41:47,700 --> 00:41:49,019 Right. And so this is the sort of thing 1214 00:41:49,020 --> 00:41:50,489 that we're going to need to be thinking 1215 00:41:50,490 --> 00:41:51,989 about a lot more as we get into. 1216 00:41:51,990 --> 00:41:54,239 OK, so there's content in social networks 1217 00:41:54,240 --> 00:41:55,649 being taken down and there's there's 1218 00:41:55,650 --> 00:41:56,999 individual conversations that aren't 1219 00:41:57,000 --> 00:41:57,959 happening. 1220 00:41:57,960 --> 00:41:59,399 It's not just hosts anymore. 1221 00:41:59,400 --> 00:42:02,459 And this is, I think, an exciting 1222 00:42:02,460 --> 00:42:04,709 project that that helps us sort of 1223 00:42:04,710 --> 00:42:06,419 get past just host based stuff. 1224 00:42:09,040 --> 00:42:10,899 Another another example of a company that 1225 00:42:10,900 --> 00:42:12,489 continues to do great research is, is 1226 00:42:12,490 --> 00:42:14,739 Duine, which monitors 1227 00:42:14,740 --> 00:42:16,299 from its position in network 1228 00:42:16,300 --> 00:42:18,639 infrastructure interruptions 1229 00:42:18,640 --> 00:42:19,839 in routing. 1230 00:42:19,840 --> 00:42:21,699 So when when there are BGP interruptions, 1231 00:42:21,700 --> 00:42:23,919 this is at a level that really 1232 00:42:23,920 --> 00:42:25,209 you need to be a core infrastructure 1233 00:42:25,210 --> 00:42:27,369 provider to know that there's been 1234 00:42:27,370 --> 00:42:28,479 a problem. 1235 00:42:28,480 --> 00:42:30,009 You can you can do some measurements, but 1236 00:42:30,010 --> 00:42:32,199 these routing tables are not necessarily 1237 00:42:32,200 --> 00:42:33,789 propagated fully. And so it's these guys 1238 00:42:33,790 --> 00:42:35,859 who really get to see 1239 00:42:35,860 --> 00:42:37,239 the connections within this country got 1240 00:42:37,240 --> 00:42:39,939 taken down at a routing level. 1241 00:42:39,940 --> 00:42:42,039 So they've got examples of 1242 00:42:42,040 --> 00:42:44,169 there was another one of of as sort 1243 00:42:44,170 --> 00:42:46,089 of final exams happen, countries like to 1244 00:42:46,090 --> 00:42:48,489 take down their networks 1245 00:42:48,490 --> 00:42:49,490 to prevent cheating. 1246 00:42:53,770 --> 00:42:56,259 In addition to technology, there is a lot 1247 00:42:56,260 --> 00:42:57,729 that can be improved when it comes to 1248 00:42:57,730 --> 00:42:59,259 cultural understanding. 1249 00:42:59,260 --> 00:43:01,359 So a couple of weeks ago, I 1250 00:43:01,360 --> 00:43:03,609 was listening to a lecture of a Chinese 1251 00:43:03,610 --> 00:43:05,589 American activists that had a lot of 1252 00:43:05,590 --> 00:43:07,629 really interesting things to say about 1253 00:43:07,630 --> 00:43:09,309 the Great Firewall and how it's being 1254 00:43:09,310 --> 00:43:11,709 perceived by people in the West. 1255 00:43:11,710 --> 00:43:13,779 One of the things that stuck with me is 1256 00:43:13,780 --> 00:43:15,699 he said that people in the West need 1257 00:43:15,700 --> 00:43:17,139 informed empathy. 1258 00:43:17,140 --> 00:43:19,359 So the ability to look 1259 00:43:19,360 --> 00:43:21,129 what the world looks like through the 1260 00:43:21,130 --> 00:43:23,199 eyes of a foreign government, this 1261 00:43:23,200 --> 00:43:25,899 tends to be difficult because of cultural 1262 00:43:25,900 --> 00:43:28,479 misunderstandings and 1263 00:43:28,480 --> 00:43:30,759 things that are not very natural 1264 00:43:30,760 --> 00:43:32,289 to people in the West, but also vice 1265 00:43:32,290 --> 00:43:33,249 versa. 1266 00:43:33,250 --> 00:43:35,469 For example, when it comes to political 1267 00:43:35,470 --> 00:43:37,749 worst case scenarios in the West, 1268 00:43:37,750 --> 00:43:39,849 we tend to be terrified of 1269 00:43:39,850 --> 00:43:41,619 totalitarian governments, for example, 1270 00:43:41,620 --> 00:43:42,639 the Third Reich. 1271 00:43:42,640 --> 00:43:43,869 This is the one thing that we're 1272 00:43:43,870 --> 00:43:45,249 ultimately trying to prevent from 1273 00:43:45,250 --> 00:43:47,409 happening while in China, 1274 00:43:47,410 --> 00:43:48,939 almost the opposite is the case. 1275 00:43:48,940 --> 00:43:50,469 People tend to be terrified of the 1276 00:43:50,470 --> 00:43:52,299 complete absence of authority and 1277 00:43:52,300 --> 00:43:54,549 control, which would completely 1278 00:43:54,550 --> 00:43:56,379 destabilize the country. 1279 00:43:56,380 --> 00:43:58,659 And this is also reflected 1280 00:43:58,660 --> 00:44:00,969 in the way both 1281 00:44:00,970 --> 00:44:03,339 spheres handle their Internet. 1282 00:44:03,340 --> 00:44:05,439 And the ability to understand what we 1283 00:44:05,440 --> 00:44:07,899 are all afraid of would really help 1284 00:44:07,900 --> 00:44:09,280 in in moving forward. 1285 00:44:10,420 --> 00:44:12,669 There is also the popular opinion among 1286 00:44:12,670 --> 00:44:14,769 circumvention people that the truth is 1287 00:44:14,770 --> 00:44:16,989 outside the Great Firewall, and if only 1288 00:44:16,990 --> 00:44:18,879 we could provide the people in China with 1289 00:44:18,880 --> 00:44:20,649 circumvention technology, all of these 1290 00:44:20,650 --> 00:44:23,649 problems would just disappear. 1291 00:44:23,650 --> 00:44:25,149 Needless to say, that is a little bit 1292 00:44:25,150 --> 00:44:27,249 simplistic and patronizing. 1293 00:44:27,250 --> 00:44:29,229 For example, ninety eight percent of 1294 00:44:29,230 --> 00:44:32,709 network traffic in China is domestic, 1295 00:44:32,710 --> 00:44:34,239 and that is the same in many other 1296 00:44:34,240 --> 00:44:36,459 countries. Most people simply have no 1297 00:44:36,460 --> 00:44:38,559 interest in what foreign news is 1298 00:44:38,560 --> 00:44:39,560 saying. 1299 00:44:40,330 --> 00:44:42,459 And so it's not so much 1300 00:44:42,460 --> 00:44:44,739 a constant access denied. 1301 00:44:44,740 --> 00:44:46,719 It's mostly access isn't really wanted in 1302 00:44:46,720 --> 00:44:47,949 the first place. 1303 00:44:47,950 --> 00:44:50,019 And in addition to that, the United 1304 00:44:50,020 --> 00:44:51,669 States, for example, has a history of 1305 00:44:51,670 --> 00:44:53,439 destabilizing foreign governments. 1306 00:44:53,440 --> 00:44:55,089 And this is another reason why a lot of 1307 00:44:55,090 --> 00:44:57,789 countries are a little bit careful of 1308 00:44:57,790 --> 00:44:59,679 the way they're handling Western social 1309 00:44:59,680 --> 00:45:01,809 media, especially after 1310 00:45:01,810 --> 00:45:03,909 what happened with the Arab Spring. 1311 00:45:06,040 --> 00:45:07,779 So to finish off, we're going to talk a 1312 00:45:07,780 --> 00:45:09,849 little bit about what's driving the space 1313 00:45:09,850 --> 00:45:12,129 of measurement and our work here. 1314 00:45:12,130 --> 00:45:14,079 A lot of how we learn about censorship 1315 00:45:14,080 --> 00:45:15,789 remains through word of mouth, through 1316 00:45:15,790 --> 00:45:17,319 conversations that we have at venues like 1317 00:45:17,320 --> 00:45:19,599 this one. People go out to countries, 1318 00:45:19,600 --> 00:45:20,919 they experience stuff. 1319 00:45:20,920 --> 00:45:22,659 They come back to the activist networks 1320 00:45:22,660 --> 00:45:24,549 that they know. And that propagates up to 1321 00:45:24,550 --> 00:45:26,289 measurement research. 1322 00:45:26,290 --> 00:45:27,879 A lot of this remains through through 1323 00:45:27,880 --> 00:45:29,049 these conversations that we have at 1324 00:45:29,050 --> 00:45:30,050 venues like this. 1325 00:45:31,310 --> 00:45:32,569 There's also been a lot that's happened 1326 00:45:32,570 --> 00:45:34,249 from from government funding, 1327 00:45:34,250 --> 00:45:36,229 particularly the US, but but Western 1328 00:45:36,230 --> 00:45:37,969 governments see the Internet as a 1329 00:45:37,970 --> 00:45:40,069 liberation tool potentially, and are 1330 00:45:40,070 --> 00:45:42,289 funding it as such or have. 1331 00:45:42,290 --> 00:45:44,299 And also you see reactions from companies 1332 00:45:44,300 --> 00:45:46,429 that experience censorship from 1333 00:45:46,430 --> 00:45:48,319 an economic view of trying to push 1334 00:45:48,320 --> 00:45:50,239 forward their products. 1335 00:45:50,240 --> 00:45:52,879 So in that space, there's potentially 1336 00:45:52,880 --> 00:45:55,999 uncertainty in the US going forward. 1337 00:45:56,000 --> 00:45:58,249 A lot of that money has come through an 1338 00:45:58,250 --> 00:45:59,479 entity called the Broadcasting Board of 1339 00:45:59,480 --> 00:46:01,939 Governors, which is a congressional 1340 00:46:01,940 --> 00:46:02,869 mandate. 1341 00:46:02,870 --> 00:46:04,669 And that seems to be a little bit up in 1342 00:46:04,670 --> 00:46:07,729 the air in the next funding year where 1343 00:46:07,730 --> 00:46:08,929 there eight hundred million dollars, 1344 00:46:08,930 --> 00:46:11,089 which has gone to things like Radio Free 1345 00:46:11,090 --> 00:46:12,139 Asia. A lot of these sort of 1346 00:46:12,140 --> 00:46:14,029 pro-democracy things is potentially 1347 00:46:14,030 --> 00:46:15,979 getting reshuffled and sort of moving in 1348 00:46:15,980 --> 00:46:17,030 terms of who's controlling it. 1349 00:46:19,100 --> 00:46:21,079 And so we'll see how that goes and how 1350 00:46:21,080 --> 00:46:23,299 that changes and reshapes 1351 00:46:23,300 --> 00:46:24,559 the measurement and the circumvention 1352 00:46:24,560 --> 00:46:25,560 spaces. 1353 00:46:27,460 --> 00:46:29,589 We also, you know, here's an example 1354 00:46:29,590 --> 00:46:31,429 of a new site in Qatar that got blocked, 1355 00:46:31,430 --> 00:46:33,009 you see this sort of service side 1356 00:46:33,010 --> 00:46:35,499 measurement where where news, 1357 00:46:35,500 --> 00:46:37,689 where where other people who provide 1358 00:46:37,690 --> 00:46:39,699 platforms and experience censorship will 1359 00:46:39,700 --> 00:46:41,559 be willing to speak out. 1360 00:46:41,560 --> 00:46:44,139 We see that also from Google, 1361 00:46:44,140 --> 00:46:45,609 who has experienced censorship in places 1362 00:46:45,610 --> 00:46:47,799 and now keeps up to date measurements of 1363 00:46:47,800 --> 00:46:49,209 the traffic that they see and when they 1364 00:46:49,210 --> 00:46:50,499 notice anomalous traffic to their 1365 00:46:50,500 --> 00:46:52,299 services. And so this really is able to 1366 00:46:52,300 --> 00:46:54,459 provide that other half of the coin 1367 00:46:54,460 --> 00:46:56,499 where we can see can we reach you? 1368 00:46:56,500 --> 00:46:58,119 But we don't necessarily know for many of 1369 00:46:58,120 --> 00:46:59,259 these providers. Well, who can reach 1370 00:46:59,260 --> 00:47:00,309 them? 1371 00:47:00,310 --> 00:47:01,719 And so I think one of the things that we 1372 00:47:01,720 --> 00:47:03,849 really need to both be concerned 1373 00:47:03,850 --> 00:47:05,469 about and see as an opportunity is 1374 00:47:05,470 --> 00:47:06,879 engaging with these companies in these 1375 00:47:06,880 --> 00:47:09,129 major services and, you know, 1376 00:47:09,130 --> 00:47:10,449 saying that we expect additional 1377 00:47:10,450 --> 00:47:12,159 accountability and transparency from them 1378 00:47:12,160 --> 00:47:14,469 to help us understand what's happening. 1379 00:47:16,270 --> 00:47:18,399 Right. So so I guess the the 1380 00:47:18,400 --> 00:47:20,650 concerns that I want to leave you with. 1381 00:47:22,040 --> 00:47:23,449 First is the service side measurement, 1382 00:47:23,450 --> 00:47:24,709 how do we understand what's being taken 1383 00:47:24,710 --> 00:47:26,089 down by companies and platforms? 1384 00:47:26,090 --> 00:47:27,949 How do we understand what is not getting 1385 00:47:27,950 --> 00:47:29,029 to them? 1386 00:47:29,030 --> 00:47:30,469 We can do some of this from the client, 1387 00:47:30,470 --> 00:47:32,119 but we really need their participation. 1388 00:47:32,120 --> 00:47:33,919 And I think we are falling behind in our 1389 00:47:33,920 --> 00:47:36,109 engagement with the services and with 1390 00:47:36,110 --> 00:47:37,759 the platforms. 1391 00:47:37,760 --> 00:47:38,899 We're collecting a lot of data. 1392 00:47:38,900 --> 00:47:40,489 We're going to be collecting more data. 1393 00:47:40,490 --> 00:47:41,959 The measurement community, through things 1394 00:47:41,960 --> 00:47:44,599 like spooky scan and these other 1395 00:47:44,600 --> 00:47:46,099 measurement projects is now getting 1396 00:47:46,100 --> 00:47:48,709 longitudinal data that we can use to find 1397 00:47:48,710 --> 00:47:50,639 evidence of censorship at a cost level. 1398 00:47:50,640 --> 00:47:51,769 And the thing we need to be concerned 1399 00:47:51,770 --> 00:47:53,119 about is, is it the right data and is it 1400 00:47:53,120 --> 00:47:54,349 meaningful? 1401 00:47:54,350 --> 00:47:56,689 Is this blocking of hosts of individual 1402 00:47:56,690 --> 00:47:58,879 protocols really 1403 00:47:58,880 --> 00:48:00,109 evidence of censorship? 1404 00:48:00,110 --> 00:48:01,939 Or do we need to somehow get one level up 1405 00:48:01,940 --> 00:48:03,049 to user experience and to the 1406 00:48:03,050 --> 00:48:04,459 conversations that aren't happening? 1407 00:48:04,460 --> 00:48:06,799 And are we able to capture that as well? 1408 00:48:06,800 --> 00:48:08,419 And finally, all of this is within this 1409 00:48:08,420 --> 00:48:09,829 framework of the encryption battle and 1410 00:48:09,830 --> 00:48:12,529 whether we have the ability to have 1411 00:48:12,530 --> 00:48:14,329 communication and the ability to freely 1412 00:48:14,330 --> 00:48:16,429 say what we want to say to people. 1413 00:48:18,440 --> 00:48:21,259 So to leave you with something to do, 1414 00:48:21,260 --> 00:48:23,449 the first is advocacy, find champions 1415 00:48:23,450 --> 00:48:25,519 in government, speak out, find, find 1416 00:48:25,520 --> 00:48:26,520 the local networks. 1417 00:48:27,410 --> 00:48:29,629 And again, it's sort 1418 00:48:29,630 --> 00:48:31,669 of the same final message that we left 1419 00:48:31,670 --> 00:48:32,670 you with last year. 1420 00:48:33,710 --> 00:48:36,049 Arguing for complete lack 1421 00:48:36,050 --> 00:48:38,149 of censorship is going to be a very 1422 00:48:38,150 --> 00:48:39,199 uphill battle. 1423 00:48:39,200 --> 00:48:40,579 Arguing for more transparency and 1424 00:48:40,580 --> 00:48:42,649 censorship and arguing for accountability 1425 00:48:42,650 --> 00:48:43,939 is something that many more people can 1426 00:48:43,940 --> 00:48:44,940 get behind. 1427 00:48:45,580 --> 00:48:48,289 It's about being able to check 1428 00:48:48,290 --> 00:48:50,719 those powers that governments are taking 1429 00:48:50,720 --> 00:48:52,849 or taking more blatantly and being able 1430 00:48:52,850 --> 00:48:54,649 to say that's an overreach and having the 1431 00:48:54,650 --> 00:48:56,119 tools to do that effectively, that we 1432 00:48:56,120 --> 00:48:57,350 need to make sure we have, 1433 00:48:58,550 --> 00:49:00,739 if it's legal, where you are joining 1434 00:49:00,740 --> 00:49:02,809 and measuring Rushdoony probe 1435 00:49:02,810 --> 00:49:05,029 on other tools that are able to measure, 1436 00:49:05,030 --> 00:49:07,039 if you're a coder, develop these new 1437 00:49:07,040 --> 00:49:08,659 tools. There's lots of things we're not 1438 00:49:08,660 --> 00:49:10,939 good at yet, both 1439 00:49:10,940 --> 00:49:13,249 both looking for news and for 1440 00:49:13,250 --> 00:49:14,839 messages that aren't being seen in an 1441 00:49:14,840 --> 00:49:16,819 open source way. That's that's a huge 1442 00:49:16,820 --> 00:49:18,619 effort. Additionally, being able to even 1443 00:49:18,620 --> 00:49:19,969 detect things like net neutrality 1444 00:49:19,970 --> 00:49:21,409 violations and throttling of specific 1445 00:49:21,410 --> 00:49:23,329 services is the thing that we see happen 1446 00:49:23,330 --> 00:49:25,399 a lot. The current tools aren't reliably 1447 00:49:25,400 --> 00:49:26,400 able to detect. 1448 00:49:27,650 --> 00:49:29,689 So we'll leave you there and take some 1449 00:49:29,690 --> 00:49:30,690 questions. 1450 00:49:31,640 --> 00:49:32,640 Thanks. 1451 00:49:44,500 --> 00:49:46,029 So we got another question from the 1452 00:49:46,030 --> 00:49:48,099 Internet. Yeah, the Internet 1453 00:49:48,100 --> 00:49:50,259 wants to know if you can elaborate 1454 00:49:50,260 --> 00:49:52,719 on how the gentle, graceful 1455 00:49:52,720 --> 00:49:54,909 degradation of the use of Todd 1456 00:49:54,910 --> 00:49:56,979 Bridges in 1457 00:49:56,980 --> 00:49:59,319 Kazakhstan can be explained by the packet 1458 00:49:59,320 --> 00:50:01,449 inspection. And if the 1459 00:50:01,450 --> 00:50:03,249 packet inspection triggered, filters 1460 00:50:03,250 --> 00:50:05,349 wouldn't result in a sharp fall off 1461 00:50:05,350 --> 00:50:06,489 of bridge traffic. 1462 00:50:07,870 --> 00:50:10,029 So I think in the very beginning we did 1463 00:50:10,030 --> 00:50:11,889 have a sharp off. 1464 00:50:11,890 --> 00:50:13,779 As for the second part of the question, 1465 00:50:13,780 --> 00:50:14,889 we don't know. 1466 00:50:14,890 --> 00:50:16,659 So this is part of the problem. 1467 00:50:16,660 --> 00:50:17,919 Any help is appreciated. 1468 00:50:25,540 --> 00:50:28,349 OK. The Internet has another question, 1469 00:50:28,350 --> 00:50:31,329 A, it looks like it probably 1470 00:50:31,330 --> 00:50:33,369 if it wasn't most likely covered. 1471 00:50:33,370 --> 00:50:35,860 So do you have any idea how 1472 00:50:37,360 --> 00:50:39,399 I'll have you seen much change in the 1473 00:50:39,400 --> 00:50:41,619 patterns of site blocks by Ross 1474 00:50:41,620 --> 00:50:43,929 Carbonator or what 1475 00:50:43,930 --> 00:50:44,930 they do for blogging? 1476 00:50:46,930 --> 00:50:49,449 So Ross comes, I believe, the Russian 1477 00:50:49,450 --> 00:50:52,299 it's the Federal Telecommunications 1478 00:50:52,300 --> 00:50:54,399 Authority, something I haven't looked 1479 00:50:54,400 --> 00:50:55,539 into that one specifically. 1480 00:50:55,540 --> 00:50:58,839 I know that there continue to be, 1481 00:50:58,840 --> 00:51:00,969 again, degradation and additional 1482 00:51:00,970 --> 00:51:03,039 controls occurring in Russia that have 1483 00:51:03,040 --> 00:51:04,299 progressed over the year. 1484 00:51:04,300 --> 00:51:05,949 But I haven't looked specifically at what 1485 00:51:05,950 --> 00:51:07,419 those are in twenty sixteen. 1486 00:51:08,810 --> 00:51:09,810 Yeah. 1487 00:51:10,300 --> 00:51:11,289 Hi there. 1488 00:51:11,290 --> 00:51:12,759 You mentioned Owen and I really 1489 00:51:12,760 --> 00:51:15,009 appreciate the effort only it takes for 1490 00:51:15,010 --> 00:51:16,539 measuring censorship. 1491 00:51:16,540 --> 00:51:19,389 How about other approaches like Atlas 1492 00:51:19,390 --> 00:51:21,489 IPV for wide scanning, all 1493 00:51:21,490 --> 00:51:23,829 those things that scale to 1494 00:51:23,830 --> 00:51:26,349 to gigabit collaborate 1495 00:51:26,350 --> 00:51:26,679 on that. 1496 00:51:26,680 --> 00:51:28,749 So, so both, both 1497 00:51:28,750 --> 00:51:30,639 spooky scan and satellite that we 1498 00:51:30,640 --> 00:51:33,399 mentioned are using IP for scanning 1499 00:51:33,400 --> 00:51:35,529 component to, to look for available 1500 00:51:35,530 --> 00:51:38,799 services across the web and check on 1501 00:51:38,800 --> 00:51:40,599 what services we can find that run things 1502 00:51:40,600 --> 00:51:43,059 like DNS infrastructure or open proxies 1503 00:51:43,060 --> 00:51:44,109 or these sorts of things that you can 1504 00:51:44,110 --> 00:51:46,869 then reflect and get sort of a full view 1505 00:51:46,870 --> 00:51:47,799 that stuff. 1506 00:51:47,800 --> 00:51:49,869 The major challenge is jumping up to 1507 00:51:49,870 --> 00:51:51,399 IPV six. 1508 00:51:51,400 --> 00:51:52,779 I think there's been a talk recently 1509 00:51:52,780 --> 00:51:54,669 about trying to find active Hosten IPV 1510 00:51:54,670 --> 00:51:56,800 six. That was earlier today or yesterday. 1511 00:51:58,120 --> 00:52:00,549 And that's still sort of the next area of 1512 00:52:00,550 --> 00:52:02,259 development there is can we can we make 1513 00:52:02,260 --> 00:52:03,699 that leap and keep these techniques 1514 00:52:03,700 --> 00:52:05,379 working as we move to a more IPV six 1515 00:52:05,380 --> 00:52:06,380 Internet? 1516 00:52:08,650 --> 00:52:10,449 So with respect to Atlas, you have to be 1517 00:52:10,450 --> 00:52:12,639 a little bit careful because the people 1518 00:52:12,640 --> 00:52:14,469 who run Atlas probes that didn't really 1519 00:52:14,470 --> 00:52:17,139 sign up for censorship measurement, 1520 00:52:17,140 --> 00:52:19,839 Atlas doesn't allow you to conduct 1521 00:52:19,840 --> 00:52:21,429 very comprehensive measurements. 1522 00:52:21,430 --> 00:52:23,199 I think you're limited to four or five 1523 00:52:23,200 --> 00:52:24,549 different types of measurements. 1524 00:52:24,550 --> 00:52:26,949 But still, most people probably 1525 00:52:26,950 --> 00:52:28,629 don't know that there are others out 1526 00:52:28,630 --> 00:52:29,889 there who might use their probes for 1527 00:52:29,890 --> 00:52:30,789 censorship measurement. 1528 00:52:30,790 --> 00:52:32,949 So I would be a little bit careful. 1529 00:52:32,950 --> 00:52:35,019 There have been some there have 1530 00:52:35,020 --> 00:52:36,609 been some papers and some research that's 1531 00:52:36,610 --> 00:52:38,079 been done using Atlas probes. 1532 00:52:38,080 --> 00:52:39,189 And you can definitely learn stuff 1533 00:52:39,190 --> 00:52:40,449 through pinging and trace routing and 1534 00:52:40,450 --> 00:52:41,359 that sort of thing. 1535 00:52:41,360 --> 00:52:43,629 Um, the 1536 00:52:43,630 --> 00:52:45,550 the Atlas sort of 1537 00:52:47,980 --> 00:52:50,169 entity rape has definitely had, I 1538 00:52:50,170 --> 00:52:52,419 think, struggled with where their line 1539 00:52:52,420 --> 00:52:54,849 is of what they're comfortable with and 1540 00:52:54,850 --> 00:52:56,739 realize that that is a huge entity with a 1541 00:52:56,740 --> 00:52:57,759 lot of different interests. 1542 00:52:57,760 --> 00:53:00,519 And some of those interests are not 1543 00:53:00,520 --> 00:53:02,199 excited about that infrastructure being 1544 00:53:02,200 --> 00:53:04,389 used for advocacy if that potentially 1545 00:53:04,390 --> 00:53:05,979 reduces the number and prevents its 1546 00:53:05,980 --> 00:53:07,929 ability to be used for reliability and 1547 00:53:07,930 --> 00:53:09,909 for for understanding network failure. 1548 00:53:12,970 --> 00:53:15,699 Do you have insight into the hijacking 1549 00:53:15,700 --> 00:53:17,469 and can you differentiate between 1550 00:53:17,470 --> 00:53:19,599 hijackers operating 1551 00:53:19,600 --> 00:53:22,089 for commercial gain and sponsorship 1552 00:53:22,090 --> 00:53:23,090 attempts? 1553 00:53:25,420 --> 00:53:27,729 Technically or sort of by looking 1554 00:53:27,730 --> 00:53:29,589 at it and trying to understand what's 1555 00:53:29,590 --> 00:53:30,590 going on. 1556 00:53:31,140 --> 00:53:33,579 Yes, mostly 1557 00:53:33,580 --> 00:53:35,739 technically, but does it take 1558 00:53:35,740 --> 00:53:36,699 human intervention? 1559 00:53:36,700 --> 00:53:38,109 Do you have some kind of automatic 1560 00:53:38,110 --> 00:53:41,149 filtering based on heuristics? 1561 00:53:41,150 --> 00:53:42,549 So, I mean I mean, there's there have 1562 00:53:42,550 --> 00:53:44,619 been examples of 1563 00:53:44,620 --> 00:53:46,689 companies called out for for hijacking in 1564 00:53:46,690 --> 00:53:48,159 ways that people feel is inappropriate. 1565 00:53:48,160 --> 00:53:49,570 There was one around bot nets where 1566 00:53:52,300 --> 00:53:54,639 a security firm sort of took over a space 1567 00:53:54,640 --> 00:53:56,349 that they believed had command and 1568 00:53:56,350 --> 00:53:58,419 control a botnet in a way that the 1569 00:53:58,420 --> 00:54:00,309 rest of the community felt was inappropriate. 1570 00:54:00,310 --> 00:54:01,719 So that's not necessarily monetary gain, 1571 00:54:01,720 --> 00:54:04,089 but rather to either take control 1572 00:54:04,090 --> 00:54:06,219 or limit other things going on 1573 00:54:06,220 --> 00:54:07,479 on the Internet. 1574 00:54:07,480 --> 00:54:09,519 I think, you know, that that's generally 1575 00:54:09,520 --> 00:54:11,019 considered bad behavior in any case. 1576 00:54:11,020 --> 00:54:12,699 And hijacking is one of these things 1577 00:54:12,700 --> 00:54:15,129 that, um, hopefully 1578 00:54:15,130 --> 00:54:16,659 we eventually get to a world with BGP 1579 00:54:16,660 --> 00:54:17,800 security where that becomes harder. 1580 00:54:20,050 --> 00:54:21,519 I got a question in the beginning. 1581 00:54:21,520 --> 00:54:23,559 You mentioned deep packet inspection and 1582 00:54:23,560 --> 00:54:25,629 then afterwards you said, luckily there 1583 00:54:25,630 --> 00:54:27,039 is, let's encrypt. 1584 00:54:27,040 --> 00:54:29,949 But how will that benefit censorship? 1585 00:54:29,950 --> 00:54:31,449 Because you can still see to which 1586 00:54:31,450 --> 00:54:32,409 websites people go. 1587 00:54:32,410 --> 00:54:33,609 Right, let's encrypt. 1588 00:54:33,610 --> 00:54:35,170 This may be good for privacy. 1589 00:54:36,760 --> 00:54:39,399 Yes. So if you're blocking a full site, 1590 00:54:39,400 --> 00:54:40,929 you can do that. 1591 00:54:40,930 --> 00:54:42,579 Deep packet inspection previously has 1592 00:54:42,580 --> 00:54:44,829 allowed for things like keyword blocking 1593 00:54:44,830 --> 00:54:46,749 and for blocking of specific content. 1594 00:54:46,750 --> 00:54:48,609 Right. That's that's really often what 1595 00:54:48,610 --> 00:54:50,949 you see being the blacklist 1596 00:54:50,950 --> 00:54:53,589 that's provided by governments or by 1597 00:54:53,590 --> 00:54:55,059 advocacy groups that that are trying to 1598 00:54:55,060 --> 00:54:56,259 block a specific content. 1599 00:54:56,260 --> 00:54:59,239 It's specific YouTube videos or specific 1600 00:54:59,240 --> 00:55:00,580 news stories that they want blocked. 1601 00:55:01,690 --> 00:55:03,909 Let's encrypt forces, the ISPs 1602 00:55:03,910 --> 00:55:05,139 or the people making that decision to 1603 00:55:05,140 --> 00:55:06,069 block a full site. 1604 00:55:06,070 --> 00:55:07,719 There's much more collateral damage when 1605 00:55:07,720 --> 00:55:10,179 you're blocking the entire domain 1606 00:55:10,180 --> 00:55:11,619 or service rather than being able to 1607 00:55:11,620 --> 00:55:14,229 target specific content and 1608 00:55:14,230 --> 00:55:16,449 has a direct inspection not 1609 00:55:16,450 --> 00:55:18,339 evolved by time that they can now also 1610 00:55:18,340 --> 00:55:20,649 inspect ISPs traffic 1611 00:55:20,650 --> 00:55:22,779 by now only if they 1612 00:55:22,780 --> 00:55:24,849 control a root certificate. 1613 00:55:24,850 --> 00:55:27,129 And so far that 1614 00:55:27,130 --> 00:55:28,899 I think there's very the length of the 1615 00:55:28,900 --> 00:55:30,969 content also, but the length of 1616 00:55:30,970 --> 00:55:33,129 the content potentially, although 1617 00:55:33,130 --> 00:55:34,929 that's a that's harder for videos or that 1618 00:55:34,930 --> 00:55:36,669 sort of thing, you have to wait till the 1619 00:55:36,670 --> 00:55:37,670 end. 1620 00:55:38,080 --> 00:55:40,269 But but I feel like we haven't seen any 1621 00:55:40,270 --> 00:55:42,369 governments acting out badly in that 1622 00:55:42,370 --> 00:55:44,889 way, whether they're misusing 1623 00:55:44,890 --> 00:55:47,019 their government issued search to do sort 1624 00:55:47,020 --> 00:55:49,389 of looking within SSL. 1625 00:55:49,390 --> 00:55:51,459 And so, uh, I 1626 00:55:51,460 --> 00:55:52,359 mean, that's certainly something to watch 1627 00:55:52,360 --> 00:55:53,799 out for. It's something that you see as a 1628 00:55:53,800 --> 00:55:55,689 threat in several countries that are 1629 00:55:55,690 --> 00:55:57,009 proposing laws where they're saying 1630 00:55:57,010 --> 00:55:58,239 they're going to have a single gateway 1631 00:55:58,240 --> 00:55:59,769 and they want to be able to in the middle 1632 00:55:59,770 --> 00:56:01,539 SSL traffic. But we don't see that 1633 00:56:01,540 --> 00:56:03,219 actually happening in practice yet at a 1634 00:56:03,220 --> 00:56:04,220 wide scale. 1635 00:56:08,190 --> 00:56:09,869 I guess we're done great. 1636 00:56:09,870 --> 00:56:10,870 Thanks, everyone.