0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/324 Thanks! 1 00:00:09,920 --> 00:00:11,150 Thank you for the introduction. 2 00:00:12,560 --> 00:00:14,239 This is embarrassing. I need to fix my 3 00:00:14,240 --> 00:00:15,240 screen. 4 00:00:19,930 --> 00:00:20,930 OK. 5 00:00:25,130 --> 00:00:26,859 OK, that fixed, yes, OK. 6 00:00:26,860 --> 00:00:28,489 Computer scientists are excellent 7 00:00:28,490 --> 00:00:29,419 technology. 8 00:00:29,420 --> 00:00:30,420 OK, so 9 00:00:31,550 --> 00:00:33,739 this is a panel with so I am the least 10 00:00:33,740 --> 00:00:35,599 renowned person on the stage. 11 00:00:35,600 --> 00:00:37,489 So I'm going to introduce our lovely 12 00:00:37,490 --> 00:00:38,779 panelists and then I'll explain what 13 00:00:38,780 --> 00:00:40,069 we're doing here. 14 00:00:40,070 --> 00:00:42,139 So to my right 15 00:00:42,140 --> 00:00:44,359 is Julia Angwin, who is 16 00:00:44,360 --> 00:00:46,639 an awesome investigative 17 00:00:46,640 --> 00:00:48,469 journalist at ProPublica, which is a 18 00:00:48,470 --> 00:00:50,809 nonprofit investigative journalism 19 00:00:50,810 --> 00:00:52,969 organization. She has written a 20 00:00:52,970 --> 00:00:54,889 book about surveillance called Dragnet 21 00:00:54,890 --> 00:00:55,879 Nation. 22 00:00:55,880 --> 00:00:57,529 She used to be at the Wall Street Journal 23 00:00:57,530 --> 00:00:59,239 where she led a privacy investigative 24 00:00:59,240 --> 00:01:01,369 team. So she is awesome 25 00:01:01,370 --> 00:01:03,740 and super great to. 26 00:01:11,180 --> 00:01:12,739 Next, we have Jack Gillum, who is an 27 00:01:12,740 --> 00:01:14,719 investigative reporter at the AP, the 28 00:01:14,720 --> 00:01:17,209 Associated Press, and he focuses 29 00:01:17,210 --> 00:01:18,739 on technology and surveillance and 30 00:01:18,740 --> 00:01:20,449 government accountability. 31 00:01:20,450 --> 00:01:22,289 He spent the last year uncovering a U.S. 32 00:01:22,290 --> 00:01:24,439 government plan to overthrow Cuba using 33 00:01:24,440 --> 00:01:25,639 fake social media. 34 00:01:25,640 --> 00:01:27,109 So you may have heard about this story 35 00:01:28,700 --> 00:01:30,319 and to. 36 00:01:37,580 --> 00:01:39,649 And I think our last panelist needs no 37 00:01:39,650 --> 00:01:42,019 introduction here, but I'll do so anyway. 38 00:01:42,020 --> 00:01:44,059 Laura Poitras is a documentary filmmaker, 39 00:01:44,060 --> 00:01:45,769 a Pulitzer Prize winner, a Polk Award 40 00:01:45,770 --> 00:01:48,019 winner, an Oscar nominee for citizen 41 00:01:48,020 --> 00:01:49,759 for the film that we'll be showing right 42 00:01:49,760 --> 00:01:50,760 after this. 43 00:01:59,910 --> 00:02:02,249 And my role here, as it was explained, 44 00:02:02,250 --> 00:02:03,629 I live in the ivory tower and I 45 00:02:03,630 --> 00:02:05,759 pontificate about cryptography, so that 46 00:02:05,760 --> 00:02:08,219 would be my role here is to be the ivory 47 00:02:08,220 --> 00:02:10,169 tower cryptographer. 48 00:02:17,050 --> 00:02:19,209 So the genesis of this panel was 49 00:02:19,210 --> 00:02:21,189 I for some reason was at a bar a few 50 00:02:21,190 --> 00:02:23,289 months ago with Julia and 51 00:02:24,670 --> 00:02:26,169 we sort of introduced ourselves and she's 52 00:02:26,170 --> 00:02:28,149 like, I hate cryptographers. 53 00:02:28,150 --> 00:02:29,859 And I was like, why we're so harmless? 54 00:02:29,860 --> 00:02:31,719 And I mean, her explanation is basically 55 00:02:31,720 --> 00:02:32,769 that every time she talks to a 56 00:02:32,770 --> 00:02:35,169 cryptographer, they sound like this 57 00:02:35,170 --> 00:02:37,149 some long winded story about Alice and 58 00:02:37,150 --> 00:02:39,219 Bob that has no relationship to reality. 59 00:02:40,690 --> 00:02:42,909 And so 60 00:02:42,910 --> 00:02:44,379 and she started telling stories and I 61 00:02:44,380 --> 00:02:45,489 thought these stories were amazing. 62 00:02:45,490 --> 00:02:47,679 And also they sort of changed my idea of 63 00:02:47,680 --> 00:02:50,049 how sort of cryptography related to 64 00:02:50,050 --> 00:02:52,029 how journalists actually practice. 65 00:02:52,030 --> 00:02:54,309 So we decided 66 00:02:54,310 --> 00:02:56,079 to organize something where we could have 67 00:02:56,080 --> 00:02:58,809 a conversation with the community about 68 00:02:58,810 --> 00:03:01,239 how cryptography and journalism interact. 69 00:03:01,240 --> 00:03:02,859 And this is sort of if you can think of 70 00:03:02,860 --> 00:03:05,469 this as Kiwa testing for 71 00:03:05,470 --> 00:03:07,270 you guys, that you have a bunch of 72 00:03:08,560 --> 00:03:10,689 sort of Kiwa testers who have 73 00:03:10,690 --> 00:03:11,649 done some things and they have some 74 00:03:11,650 --> 00:03:12,579 feedback for you. 75 00:03:12,580 --> 00:03:14,079 And maybe we can have a conversation. 76 00:03:14,080 --> 00:03:16,599 You can suggest some ideas for 77 00:03:16,600 --> 00:03:18,099 what they could be doing to secure 78 00:03:18,100 --> 00:03:19,449 themselves better, and they can give you 79 00:03:19,450 --> 00:03:20,949 some ideas of problems that they have 80 00:03:20,950 --> 00:03:22,899 that are not being solved. 81 00:03:22,900 --> 00:03:25,299 So that said, 82 00:03:25,300 --> 00:03:27,099 OK, let's 83 00:03:28,360 --> 00:03:29,360 let's do this. 84 00:03:30,460 --> 00:03:33,249 All right. So if you are thinking about 85 00:03:33,250 --> 00:03:36,279 journalists from the perspective of 86 00:03:36,280 --> 00:03:38,569 a, say, cryptography practitioner 87 00:03:38,570 --> 00:03:40,909 or like a security professional, 88 00:03:40,910 --> 00:03:42,639 you think, OK, what what is the task that 89 00:03:42,640 --> 00:03:44,769 a journalist is trying to accomplish? 90 00:03:44,770 --> 00:03:46,779 They need to communicate confidentially 91 00:03:46,780 --> 00:03:48,429 with their sources confidentially, 92 00:03:48,430 --> 00:03:50,649 meaning like some eavesdropper 93 00:03:50,650 --> 00:03:52,989 can't view the conversation 94 00:03:52,990 --> 00:03:54,099 that they're having. All right. 95 00:03:54,100 --> 00:03:55,100 Step number one. 96 00:03:55,960 --> 00:03:57,789 And Bob, install some crypto software. 97 00:04:01,630 --> 00:04:03,459 And I think the thing that we're trying 98 00:04:03,460 --> 00:04:05,619 to get at here is that, you know, Laura 99 00:04:05,620 --> 00:04:08,049 and Glenn had really an amazing 100 00:04:08,050 --> 00:04:10,509 source and Edward Snowden, I mean, just 101 00:04:10,510 --> 00:04:12,789 hang in the moon goldmine 102 00:04:12,790 --> 00:04:14,499 of a source, really great documents 103 00:04:14,500 --> 00:04:16,639 really uncovered a lot of government, 104 00:04:16,640 --> 00:04:18,009 you know, malfeasance. 105 00:04:18,010 --> 00:04:19,569 But maybe this is boring sounding and 106 00:04:19,570 --> 00:04:21,189 covering the federal bureaucracy that is 107 00:04:21,190 --> 00:04:22,088 Washington. 108 00:04:22,089 --> 00:04:24,069 But most of the time, it's a guy named 109 00:04:24,070 --> 00:04:26,259 Bob who's like five years away 110 00:04:26,260 --> 00:04:27,939 from retirement and just can't fucking 111 00:04:27,940 --> 00:04:28,959 take it anymore. 112 00:04:28,960 --> 00:04:31,209 And he wants to find a way to get you 113 00:04:31,210 --> 00:04:33,429 a document like, you know, a two 114 00:04:33,430 --> 00:04:35,289 page PDF that he barely knows how to 115 00:04:35,290 --> 00:04:37,419 print on the local printer, that 116 00:04:37,420 --> 00:04:39,609 he needs help from an assistant 117 00:04:39,610 --> 00:04:40,689 photocopying. 118 00:04:40,690 --> 00:04:42,819 And it's that sort of, you 119 00:04:42,820 --> 00:04:45,249 know, OPSEC involved there, because 120 00:04:45,250 --> 00:04:47,049 if he keeps putting out these documents, 121 00:04:47,050 --> 00:04:48,639 he's the same Bob who logs in from his 122 00:04:48,640 --> 00:04:50,709 work computer and goes, you hear that? 123 00:04:50,710 --> 00:04:52,839 You've got mail because he still uses 124 00:04:52,840 --> 00:04:54,529 AOL 15 years later. 125 00:04:54,530 --> 00:04:56,829 Like, those are the people that we 126 00:04:56,830 --> 00:04:58,749 deal with on a regular basis. 127 00:04:58,750 --> 00:05:01,069 And and it's the little breadcrumbs that 128 00:05:01,070 --> 00:05:03,129 they they want to impart to 129 00:05:03,130 --> 00:05:05,339 you. And so when you I guess 130 00:05:05,340 --> 00:05:06,909 we're going to start getting at is it 131 00:05:06,910 --> 00:05:09,129 when you then sit down and go, OK, so 132 00:05:09,130 --> 00:05:11,169 you're going to need to install GPG tools 133 00:05:11,170 --> 00:05:12,609 of using Windows Cleopatra, you're going 134 00:05:12,610 --> 00:05:14,739 to need to do or revocation like 135 00:05:14,740 --> 00:05:16,869 the minute they heard install revocation 136 00:05:16,870 --> 00:05:18,399 key, they're like, no, 137 00:05:19,690 --> 00:05:21,339 we're done. I mean, and that's and that's 138 00:05:21,340 --> 00:05:22,899 happened before. And then they take the 139 00:05:22,900 --> 00:05:24,219 easy way out. And that can lead to 140 00:05:24,220 --> 00:05:25,220 trouble, I think. 141 00:05:26,180 --> 00:05:28,369 Unfortunately, unfortunately, the easy 142 00:05:28,370 --> 00:05:30,829 way out is that they are unsafe, 143 00:05:30,830 --> 00:05:33,079 right, and so they so one 144 00:05:33,080 --> 00:05:35,179 of the challenges for journalists is 145 00:05:35,180 --> 00:05:37,279 that we are 146 00:05:37,280 --> 00:05:39,109 trying to keep our sources from making 147 00:05:39,110 --> 00:05:41,029 mistakes that will then hurt them and 148 00:05:41,030 --> 00:05:43,159 also hurt us, but more them often. 149 00:05:43,160 --> 00:05:45,229 And so, you know, 150 00:05:45,230 --> 00:05:47,689 all the time people send me things 151 00:05:47,690 --> 00:05:50,119 from their Gmail account at work 152 00:05:50,120 --> 00:05:51,859 on their work computer, thinking somehow 153 00:05:51,860 --> 00:05:54,169 that was some secret transmission 154 00:05:54,170 --> 00:05:56,209 and that their bosses will never find 155 00:05:56,210 --> 00:05:58,819 out. And and it's just 156 00:05:58,820 --> 00:06:00,649 unfortunate. So the thing is, what we're 157 00:06:00,650 --> 00:06:02,659 what we want to talk about is sort of how 158 00:06:02,660 --> 00:06:04,729 the bar is so much lower than 159 00:06:04,730 --> 00:06:07,579 you guys can maybe understand 160 00:06:07,580 --> 00:06:09,589 in terms of like what we're dealing with. 161 00:06:09,590 --> 00:06:11,239 And Edward Snowden obviously was like 162 00:06:11,240 --> 00:06:13,009 this perfect source who came fully 163 00:06:13,010 --> 00:06:15,259 encrypted and have yet to meet a source 164 00:06:15,260 --> 00:06:16,219 like that. 165 00:06:16,220 --> 00:06:17,220 I'm waiting. 166 00:06:21,390 --> 00:06:22,859 So one of the things I remember hearing 167 00:06:22,860 --> 00:06:24,359 about is that often sources don't even 168 00:06:24,360 --> 00:06:25,679 realize that their sources. 169 00:06:26,990 --> 00:06:27,469 Right. 170 00:06:27,470 --> 00:06:29,629 So this is this is one of the things 171 00:06:29,630 --> 00:06:31,220 this first date problem that 172 00:06:33,020 --> 00:06:34,759 Nadia and I were talking about at the bar 173 00:06:34,760 --> 00:06:36,889 was that, you know, you 174 00:06:36,890 --> 00:06:38,539 meet somebody in the course of your 175 00:06:38,540 --> 00:06:40,729 reporting and you're like, hey, let's get 176 00:06:40,730 --> 00:06:42,769 a drink. And maybe you even met them 177 00:06:42,770 --> 00:06:44,659 through writing something very innocuous. 178 00:06:44,660 --> 00:06:46,729 And then you're at a bar 179 00:06:46,730 --> 00:06:48,829 and you're like, so like, what do 180 00:06:48,830 --> 00:06:50,959 you think about setting up 181 00:06:50,960 --> 00:06:52,849 an encrypted channel? 182 00:06:52,850 --> 00:06:55,399 And they're like, what? 183 00:06:55,400 --> 00:06:57,499 And it's a little bit like 184 00:06:57,500 --> 00:07:01,009 asking for sex on the first date. 185 00:07:01,010 --> 00:07:03,439 You know, it's a little too much 186 00:07:03,440 --> 00:07:04,689 too soon. 187 00:07:07,280 --> 00:07:09,059 So I was telling Nadia this and that I 188 00:07:09,060 --> 00:07:10,939 think was probably the genesis for this 189 00:07:10,940 --> 00:07:12,199 panel was that line. 190 00:07:13,280 --> 00:07:15,199 So and I've done this right. 191 00:07:15,200 --> 00:07:18,049 And I've tried to convince people and 192 00:07:18,050 --> 00:07:19,729 they're like, this is I don't even 193 00:07:19,730 --> 00:07:21,170 actually know what you're talking about. 194 00:07:22,280 --> 00:07:23,519 Sometimes it's successful. 195 00:07:23,520 --> 00:07:24,520 You never know. 196 00:07:25,430 --> 00:07:27,919 But but a lot of times 197 00:07:27,920 --> 00:07:30,439 it's it's really a psychological 198 00:07:30,440 --> 00:07:31,909 problem. This person is thinking like 199 00:07:31,910 --> 00:07:33,259 they might help you because they want to 200 00:07:33,260 --> 00:07:34,789 make sure the story is correct or they 201 00:07:34,790 --> 00:07:36,199 just sort of want to provide you one 202 00:07:36,200 --> 00:07:38,179 fact, but they don't want to be thought 203 00:07:38,180 --> 00:07:40,249 of in their own mind as a source. 204 00:07:44,190 --> 00:07:45,719 I mean, I'd like to just say a couple of 205 00:07:45,720 --> 00:07:47,189 things, sort of from the journalist 206 00:07:47,190 --> 00:07:48,959 perspective or sort of our kind of 207 00:07:48,960 --> 00:07:51,179 progression of actually how we 208 00:07:51,180 --> 00:07:52,079 learn these tools. 209 00:07:52,080 --> 00:07:53,970 And so I went through 210 00:07:55,110 --> 00:07:57,209 a period where so I made 211 00:07:57,210 --> 00:08:00,019 a film in Iraq and then I was put 212 00:08:00,020 --> 00:08:00,839 on a watch list. 213 00:08:00,840 --> 00:08:02,189 So I knew that I had to sort of be 214 00:08:02,190 --> 00:08:04,169 careful, but I didn't really know what 215 00:08:04,170 --> 00:08:05,039 that meant. 216 00:08:05,040 --> 00:08:06,869 And so the film that I made after that, I 217 00:08:06,870 --> 00:08:09,269 made in Yemen and it was in Yemen 218 00:08:09,270 --> 00:08:11,339 and in Guantanamo, and I 219 00:08:11,340 --> 00:08:12,779 knew that, like, digital communication 220 00:08:12,780 --> 00:08:13,499 was not safe. 221 00:08:13,500 --> 00:08:15,689 So I was like sort of danger zone. 222 00:08:15,690 --> 00:08:17,559 And but I didn't know quite actually how 223 00:08:17,560 --> 00:08:19,709 to to to respond to that or how 224 00:08:19,710 --> 00:08:21,509 to sort of work around that. 225 00:08:21,510 --> 00:08:23,759 And and I was trying to get 226 00:08:23,760 --> 00:08:24,719 access at that point. 227 00:08:24,720 --> 00:08:26,609 I was trying to get access to a film 228 00:08:26,610 --> 00:08:28,619 crew, to Guantanamo and to film. 229 00:08:28,620 --> 00:08:30,209 And I had gone through the official 230 00:08:30,210 --> 00:08:32,569 channels. I won't try the front door and 231 00:08:32,570 --> 00:08:33,749 I just never got anywhere. 232 00:08:33,750 --> 00:08:35,308 I just sort of like delay, delay, delay. 233 00:08:35,309 --> 00:08:36,869 And then my name was on all the requests 234 00:08:36,870 --> 00:08:37,859 and that wasn't going anywhere. 235 00:08:37,860 --> 00:08:39,359 And then I was like, all right, I need to 236 00:08:39,360 --> 00:08:41,158 try the side door, you know, like, how 237 00:08:41,159 --> 00:08:43,259 can I get to Guantanamo through the 238 00:08:43,260 --> 00:08:45,389 side door, which was, you know, 239 00:08:45,390 --> 00:08:47,459 created like this sort of, 240 00:08:47,460 --> 00:08:49,589 you know, efforts to kind of like sever 241 00:08:49,590 --> 00:08:51,599 metadata, like have the person like I 242 00:08:51,600 --> 00:08:53,669 hired somebody to sort of be the 243 00:08:53,670 --> 00:08:55,379 person who sent in the letters and they 244 00:08:55,380 --> 00:08:56,819 called from their cell phone and not 245 00:08:56,820 --> 00:08:58,919 never from my office and did these kind 246 00:08:58,920 --> 00:09:01,229 of things to kind of, you know, 247 00:09:01,230 --> 00:09:03,389 not have a direct connection 248 00:09:03,390 --> 00:09:05,219 between me and these requests that were 249 00:09:05,220 --> 00:09:06,329 going in. 250 00:09:06,330 --> 00:09:08,699 And for for that whole film, I really 251 00:09:08,700 --> 00:09:11,039 kind of almost resorted to like an analog 252 00:09:11,040 --> 00:09:13,679 way of working. Like, I I was 253 00:09:13,680 --> 00:09:15,659 sending grant applications, but I would 254 00:09:15,660 --> 00:09:17,219 never send any over email. 255 00:09:17,220 --> 00:09:19,079 I was like, everyone got a hard copy and 256 00:09:19,080 --> 00:09:20,219 these kinds of things. And it wasn't 257 00:09:20,220 --> 00:09:22,529 actually until, um, working 258 00:09:22,530 --> 00:09:25,049 on the film that 259 00:09:25,050 --> 00:09:27,089 I'm going to show later that I actually 260 00:09:27,090 --> 00:09:28,799 learned some tools and it wasn't that 261 00:09:28,800 --> 00:09:30,419 easy to actually find out what were the 262 00:09:30,420 --> 00:09:32,159 correct tools, because like, you know, 263 00:09:32,160 --> 00:09:34,109 you do a search and like a lot of things 264 00:09:34,110 --> 00:09:36,179 come back in terms of what 265 00:09:36,180 --> 00:09:38,339 is recommended. So it actually took quite 266 00:09:38,340 --> 00:09:40,379 a long time where I was working kind of 267 00:09:40,380 --> 00:09:42,629 in the dark, not knowing what tools 268 00:09:42,630 --> 00:09:45,029 I could trust to have anonymity 269 00:09:45,030 --> 00:09:47,399 and and security and 270 00:09:47,400 --> 00:09:49,079 to do the work that that I was doing. 271 00:09:49,080 --> 00:09:51,389 And then, you know, luckily I 272 00:09:51,390 --> 00:09:52,679 had some very good teachers. 273 00:10:00,720 --> 00:10:02,090 So what does work or 274 00:10:03,730 --> 00:10:06,299 does it say to you, 275 00:10:06,300 --> 00:10:07,859 is there anything that does work? 276 00:10:07,860 --> 00:10:10,849 Anything that doesn't work does does. 277 00:10:10,850 --> 00:10:12,149 It does work. 278 00:10:12,150 --> 00:10:13,829 I how do you mean? 279 00:10:13,830 --> 00:10:16,109 Like I mean, 280 00:10:16,110 --> 00:10:18,419 Jake, Jake Appelbaum and I are doing 281 00:10:19,440 --> 00:10:20,819 a talk tomorrow and we'll talk about some 282 00:10:20,820 --> 00:10:22,940 things in terms of Bitburg, so. 283 00:10:25,190 --> 00:10:26,359 So there's one last problem that I 284 00:10:26,360 --> 00:10:28,039 remember discussing about the 285 00:10:28,040 --> 00:10:29,809 difficulties of installing crypto 286 00:10:29,810 --> 00:10:31,099 software, which is that if you were at a 287 00:10:31,100 --> 00:10:32,809 bar, imagine you're at a bar and you pull 288 00:10:32,810 --> 00:10:34,249 out your phones, you're installing a 289 00:10:34,250 --> 00:10:35,250 software. 290 00:10:36,030 --> 00:10:38,179 All right, so one time I did manage 291 00:10:38,180 --> 00:10:40,159 to get someone convinced to do this on 292 00:10:40,160 --> 00:10:42,949 the first day at a bar, and 293 00:10:42,950 --> 00:10:45,019 I thought that an encrypted 294 00:10:45,020 --> 00:10:46,909 messaging app would probably be the 295 00:10:46,910 --> 00:10:47,869 easiest thing. 296 00:10:47,870 --> 00:10:48,949 A cell phone app. 297 00:10:48,950 --> 00:10:51,259 This is it was silent 298 00:10:51,260 --> 00:10:52,879 text at the time. 299 00:10:52,880 --> 00:10:55,039 And so I sat down with 300 00:10:55,040 --> 00:10:56,329 my source and I was like, this is going 301 00:10:56,330 --> 00:10:57,569 to be so much fun, which is this just 302 00:10:57,570 --> 00:11:00,319 like fun, you know, be like a fun way to 303 00:11:00,320 --> 00:11:01,189 communicate. 304 00:11:01,190 --> 00:11:02,190 And so 305 00:11:03,350 --> 00:11:05,419 so, you know, it's 306 00:11:05,420 --> 00:11:07,189 one of those things where sort of it 307 00:11:07,190 --> 00:11:09,469 takes a long time to download and then 308 00:11:09,470 --> 00:11:11,599 do a lot of verification, actually, 309 00:11:11,600 --> 00:11:12,889 that you have to do. 310 00:11:12,890 --> 00:11:15,019 So there was 311 00:11:15,020 --> 00:11:17,179 a verification key that 312 00:11:17,180 --> 00:11:18,799 like we had to exchange with each other 313 00:11:18,800 --> 00:11:20,989 and for some unknown reason, we just took 314 00:11:20,990 --> 00:11:22,939 an hour to do this. 315 00:11:22,940 --> 00:11:24,199 And by the end of it, we were both sort 316 00:11:24,200 --> 00:11:26,609 of like covered in sweat and exhaustion 317 00:11:26,610 --> 00:11:28,669 and like it was a little like sex on 318 00:11:28,670 --> 00:11:29,119 the first date. 319 00:11:29,120 --> 00:11:30,120 And we were 320 00:11:32,060 --> 00:11:34,099 and, you know, the thing is that 321 00:11:35,390 --> 00:11:37,459 silent circle we 322 00:11:37,460 --> 00:11:39,049 were using it, it was really the early 323 00:11:39,050 --> 00:11:40,309 days and had just come out because it 324 00:11:40,310 --> 00:11:42,349 wasn't that much krypto that I felt like 325 00:11:42,350 --> 00:11:44,359 I couldn't ask this person to try to use 326 00:11:44,360 --> 00:11:45,439 GPG. 327 00:11:45,440 --> 00:11:47,569 So so 328 00:11:47,570 --> 00:11:49,400 we had these calls 329 00:11:50,810 --> 00:11:53,029 that it was like the 70s, you know, were 330 00:11:53,030 --> 00:11:55,159 like I would talk and then they'd be like 331 00:11:55,160 --> 00:11:56,569 a five second delay. 332 00:11:56,570 --> 00:11:58,879 And then she would reply 333 00:11:58,880 --> 00:12:01,729 and I realized 334 00:12:01,730 --> 00:12:03,289 that it was too painful. 335 00:12:03,290 --> 00:12:05,509 And we both kind of gave 336 00:12:05,510 --> 00:12:07,969 up using it after 337 00:12:07,970 --> 00:12:10,099 several months. And so but 338 00:12:10,100 --> 00:12:11,869 we gave it a really good try. 339 00:12:11,870 --> 00:12:14,479 And but it's just sitting at a bar 340 00:12:14,480 --> 00:12:16,219 trying to do this when you've had two 341 00:12:16,220 --> 00:12:18,499 glasses of wine and we 342 00:12:18,500 --> 00:12:20,689 probably weren't at our best 343 00:12:20,690 --> 00:12:21,690 for these tools. 344 00:12:25,440 --> 00:12:27,749 OK, so once Alice and Bob 345 00:12:27,750 --> 00:12:29,879 have successfully installed some crypto 346 00:12:29,880 --> 00:12:31,439 software, the next thing they do is 347 00:12:31,440 --> 00:12:32,789 exchange keys. 348 00:12:33,960 --> 00:12:36,209 This is one of the great things in 349 00:12:36,210 --> 00:12:37,799 the greatest developments in cryptography 350 00:12:37,800 --> 00:12:40,349 ever. Public key cryptography exchange 351 00:12:40,350 --> 00:12:41,639 keys. It solves the key management 352 00:12:41,640 --> 00:12:42,640 problem. 353 00:12:43,470 --> 00:12:45,329 And unfortunately, the reality of the key 354 00:12:45,330 --> 00:12:47,699 management problem today even 355 00:12:47,700 --> 00:12:50,190 still looks like this. 356 00:12:53,280 --> 00:12:55,889 So so my family, including 357 00:12:55,890 --> 00:12:58,289 a relatively named Nameless, 358 00:12:58,290 --> 00:12:59,849 likes to use, you know, the different 359 00:12:59,850 --> 00:13:00,989 search engines out there that are 360 00:13:00,990 --> 00:13:03,749 installed on a browser like Bing 361 00:13:03,750 --> 00:13:05,309 Jack, if you have you Bing this day. 362 00:13:05,310 --> 00:13:06,939 And I have no idea what she's saying. 363 00:13:06,940 --> 00:13:08,729 And these are the people who we are 364 00:13:08,730 --> 00:13:11,069 dealing with in Washington who have 365 00:13:11,070 --> 00:13:12,389 this rudimentary understanding and have 366 00:13:12,390 --> 00:13:14,639 their kids fix her iPhone or, you know, 367 00:13:14,640 --> 00:13:15,809 even younger people don't really 368 00:13:15,810 --> 00:13:16,709 understand this. 369 00:13:16,710 --> 00:13:18,779 So when you say 370 00:13:18,780 --> 00:13:20,819 the words open up terminal or open up the 371 00:13:20,820 --> 00:13:22,949 command line in windows, again, 372 00:13:22,950 --> 00:13:23,879 like we were saying earlier, I mean, 373 00:13:23,880 --> 00:13:25,649 that's when they sort of freeze. 374 00:13:25,650 --> 00:13:27,869 And part of this is and maybe 375 00:13:27,870 --> 00:13:29,129 maybe something that isn't correct me if 376 00:13:29,130 --> 00:13:31,409 I'm wrong, but in windows, 377 00:13:31,410 --> 00:13:33,599 you know, which I have to use for my 378 00:13:33,600 --> 00:13:35,699 work, Cleopatra, you can't, 379 00:13:35,700 --> 00:13:38,309 out of the gooey create a revocation key. 380 00:13:38,310 --> 00:13:39,809 So at least that I haven't been able to 381 00:13:39,810 --> 00:13:42,209 find. And so and that's obviously 382 00:13:42,210 --> 00:13:43,589 a very critical part. 383 00:13:43,590 --> 00:13:45,449 If your laptop gets stolen or compromised 384 00:13:45,450 --> 00:13:47,309 or whatever, you need that revocation key 385 00:13:47,310 --> 00:13:48,479 and just even explain it. 386 00:13:48,480 --> 00:13:50,909 It's a very smart, you know, almost 387 00:13:50,910 --> 00:13:52,619 tech savvy coworkers are like, well, 388 00:13:52,620 --> 00:13:54,549 wait, what it needs to hyphens with the 389 00:13:54,550 --> 00:13:55,550 app. 390 00:13:55,950 --> 00:13:58,409 And it's just that that that complicated 391 00:13:58,410 --> 00:14:00,059 message, you know, for us, you know, it's 392 00:14:00,060 --> 00:14:01,619 maybe not that hard to describe the 393 00:14:01,620 --> 00:14:03,839 terminal and type of command and bash and 394 00:14:03,840 --> 00:14:06,329 be done with it. But it's that critical 395 00:14:06,330 --> 00:14:07,799 step that people tend to bypass. 396 00:14:07,800 --> 00:14:08,759 I think we're going to talk about the 397 00:14:08,760 --> 00:14:10,859 shortcuts that people take to when these 398 00:14:10,860 --> 00:14:12,959 things get hard beyond what they're what 399 00:14:12,960 --> 00:14:14,939 they're used to and not to our industry. 400 00:14:14,940 --> 00:14:16,679 You know, a lot of journalists are are 401 00:14:16,680 --> 00:14:17,789 Dundar busses or something. 402 00:14:17,790 --> 00:14:19,319 But, you know, we're set in our ways. 403 00:14:19,320 --> 00:14:21,629 I mean, where we spend 404 00:14:21,630 --> 00:14:23,909 10, 20, 30 years, we know how to report 405 00:14:23,910 --> 00:14:25,199 a story, how to turn the screws on 406 00:14:25,200 --> 00:14:27,089 people, how to get the documents, how to 407 00:14:27,090 --> 00:14:28,739 file the public records request. 408 00:14:28,740 --> 00:14:30,539 And we're sort of been doing that, you 409 00:14:30,540 --> 00:14:32,279 know, chugging along for a long time. 410 00:14:32,280 --> 00:14:33,959 And all of a sudden, you know, you know, 411 00:14:33,960 --> 00:14:35,159 and particularly after the Snowden 412 00:14:35,160 --> 00:14:37,079 disclosures made us realize more than 413 00:14:37,080 --> 00:14:38,549 anything and after, you know, my 414 00:14:38,550 --> 00:14:40,559 colleagues at the AP to boot where their 415 00:14:40,560 --> 00:14:41,789 phone records were subpoenaed by the 416 00:14:41,790 --> 00:14:43,799 Justice Department, I mean, sometimes 417 00:14:43,800 --> 00:14:44,979 they really are out to get you. 418 00:14:44,980 --> 00:14:47,069 And, you know, this is this is this is 419 00:14:47,070 --> 00:14:48,359 critically serious. 420 00:14:48,360 --> 00:14:50,999 So it's, I think, trying to 421 00:14:51,000 --> 00:14:53,399 teach an old and young dog new tricks. 422 00:14:53,400 --> 00:14:54,509 And it's very difficult. 423 00:14:54,510 --> 00:14:57,419 I think also, I just want to 424 00:14:57,420 --> 00:14:59,669 confess, I don't 425 00:14:59,670 --> 00:15:01,829 have a vacation 426 00:15:02,880 --> 00:15:05,399 sorry, or a separate 427 00:15:05,400 --> 00:15:07,679 of key I've been meaning to. 428 00:15:09,480 --> 00:15:11,099 But honestly, I find it kind of 429 00:15:11,100 --> 00:15:11,579 challenging. 430 00:15:11,580 --> 00:15:14,009 I've taken me two years, 431 00:15:14,010 --> 00:15:15,989 three years of really working at using 432 00:15:15,990 --> 00:15:18,329 GPG, and I feel like I kind 433 00:15:18,330 --> 00:15:19,949 of have my little system duct taped 434 00:15:19,950 --> 00:15:20,339 together. 435 00:15:20,340 --> 00:15:22,919 And so and 436 00:15:22,920 --> 00:15:25,049 lest you think less of me, which I'm 437 00:15:25,050 --> 00:15:27,299 sure you do, I am probably the most tech 438 00:15:27,300 --> 00:15:29,759 savvy journalist in every newsroom 439 00:15:29,760 --> 00:15:30,719 I've been in. 440 00:15:30,720 --> 00:15:33,029 I grew up in Silicon Valley. 441 00:15:33,030 --> 00:15:34,529 I started programing and basic in fifth 442 00:15:34,530 --> 00:15:36,569 grade. I do actually have some 443 00:15:36,570 --> 00:15:38,639 credentials, but I find this stuff 444 00:15:38,640 --> 00:15:39,840 incredibly challenging. 445 00:15:43,240 --> 00:15:44,949 Just one question, how many people in 446 00:15:44,950 --> 00:15:47,049 this room understand everything that's on 447 00:15:47,050 --> 00:15:48,050 the screen right now? 448 00:15:51,240 --> 00:15:52,240 Yes, 449 00:15:53,310 --> 00:15:54,630 we need more sources, like you 450 00:15:58,650 --> 00:15:59,650 said. 451 00:16:01,600 --> 00:16:03,189 How many of you guys understand 452 00:16:03,190 --> 00:16:04,359 everything that's on the screen right 453 00:16:04,360 --> 00:16:05,360 now? 454 00:16:08,940 --> 00:16:11,199 I'm the guy I went to the 455 00:16:11,200 --> 00:16:13,209 Linux users, groups, parties growing up 456 00:16:13,210 --> 00:16:14,319 and had no friends. 457 00:16:14,320 --> 00:16:17,019 So I understand this a little bit, 458 00:16:17,020 --> 00:16:18,639 but I loved it and I wouldn't change it 459 00:16:18,640 --> 00:16:19,789 for the world. But I, 460 00:16:21,430 --> 00:16:22,430 I think I understand it. 461 00:16:24,310 --> 00:16:25,389 That doesn't mean I succeed. 462 00:16:27,990 --> 00:16:30,359 OK, so once Alice and Bob 463 00:16:30,360 --> 00:16:31,979 have exchanged public keys, they need to 464 00:16:31,980 --> 00:16:34,199 verify the authenticity of these keys so 465 00:16:34,200 --> 00:16:36,329 they, Alice and Bob need to verify 466 00:16:36,330 --> 00:16:37,330 fingerprints. 467 00:16:40,150 --> 00:16:41,919 Laura, you should tell it like the best 468 00:16:41,920 --> 00:16:43,259 case scenario, right? 469 00:16:43,260 --> 00:16:45,489 Yeah, I don't know how many 470 00:16:45,490 --> 00:16:47,619 people Michael Lee, who works 471 00:16:47,620 --> 00:16:49,779 with me at The Intercept, wrote 472 00:16:49,780 --> 00:16:52,329 a lengthy piece about how 473 00:16:52,330 --> 00:16:54,549 he helped my 474 00:16:54,550 --> 00:16:56,559 initial contact with with Snowden. 475 00:16:56,560 --> 00:16:58,839 And what had happened 476 00:16:58,840 --> 00:17:01,239 was Snowden 477 00:17:01,240 --> 00:17:03,789 had tried for a while to get Glenn 478 00:17:03,790 --> 00:17:05,229 on encryption that didn't work. 479 00:17:05,230 --> 00:17:07,358 And then actually the way that Snowden 480 00:17:07,359 --> 00:17:09,489 found me is he emailed the Freedom of 481 00:17:09,490 --> 00:17:11,049 the Press Foundation, which is an 482 00:17:11,050 --> 00:17:14,318 organization that I'm on the board of and 483 00:17:14,319 --> 00:17:15,909 trying to get in touch with me and get my 484 00:17:15,910 --> 00:17:17,979 key. And I think also wanting to somewhat 485 00:17:17,980 --> 00:17:19,869 verify that the key that he got was 486 00:17:21,310 --> 00:17:22,209 was correct. 487 00:17:22,210 --> 00:17:23,769 And so then Michael sent me an email, an 488 00:17:23,770 --> 00:17:25,749 encrypted email and said, hey, some guy 489 00:17:25,750 --> 00:17:28,029 or some person who didn't know gender 490 00:17:28,030 --> 00:17:29,619 wants to get in touch with you. 491 00:17:29,620 --> 00:17:30,699 Can I give you a key? 492 00:17:30,700 --> 00:17:31,879 And I said, sure. 493 00:17:31,880 --> 00:17:34,299 And then he 494 00:17:34,300 --> 00:17:36,759 then emailed and we did a first exchange, 495 00:17:36,760 --> 00:17:37,839 his first email to me. 496 00:17:37,840 --> 00:17:39,579 It was to my true name account. 497 00:17:39,580 --> 00:17:41,679 It was at Gmail maybe. 498 00:17:41,680 --> 00:17:43,419 I don't think I said that before, but it 499 00:17:43,420 --> 00:17:44,420 was. 500 00:17:45,070 --> 00:17:46,070 And 501 00:17:47,950 --> 00:17:49,299 then actually. But that email has already 502 00:17:49,300 --> 00:17:50,589 been published, his email that he sent it 503 00:17:50,590 --> 00:17:50,809 to. 504 00:17:50,810 --> 00:17:52,929 So then so then he said 505 00:17:52,930 --> 00:17:55,389 something that was like certainly 506 00:17:55,390 --> 00:17:57,549 got my attention, which I 507 00:17:57,550 --> 00:18:00,279 think was that 508 00:18:00,280 --> 00:18:02,859 he was in the government and 509 00:18:02,860 --> 00:18:04,659 that he wanted to share information and 510 00:18:04,660 --> 00:18:06,669 that no matter what happened to him, the 511 00:18:06,670 --> 00:18:08,049 information should make its way to the 512 00:18:08,050 --> 00:18:09,129 American public. 513 00:18:09,130 --> 00:18:10,750 And so that certainly got my attention. 514 00:18:12,160 --> 00:18:14,379 So then he asked me to 515 00:18:14,380 --> 00:18:16,569 create a new account, 516 00:18:16,570 --> 00:18:18,969 an anonymous account, and to contact 517 00:18:18,970 --> 00:18:20,139 him. 518 00:18:20,140 --> 00:18:22,749 He sent me a fresh 519 00:18:22,750 --> 00:18:24,969 as he sent he contacted me at a new email 520 00:18:24,970 --> 00:18:27,189 address with a fresh key, asked for 521 00:18:27,190 --> 00:18:29,459 one, and then he asked me to 522 00:18:29,460 --> 00:18:31,959 to figure out a way to 523 00:18:31,960 --> 00:18:33,339 to verify it. And he gave me some 524 00:18:33,340 --> 00:18:34,749 options. And one of them was to have 525 00:18:34,750 --> 00:18:35,679 someone tweet it. 526 00:18:35,680 --> 00:18:38,079 And so he he actually recommended 527 00:18:38,080 --> 00:18:40,149 that Mica tweet the fingerprint. 528 00:18:40,150 --> 00:18:42,099 So then I emailed the fingerprint to Mike 529 00:18:42,100 --> 00:18:44,169 and I said, Ted, hey, you know, 530 00:18:44,170 --> 00:18:46,269 I didn't say too much about the 531 00:18:46,270 --> 00:18:47,499 you know, the first email. I just said, 532 00:18:47,500 --> 00:18:48,819 you know, would you mind just putting 533 00:18:48,820 --> 00:18:50,169 this in your Twitter account? 534 00:18:50,170 --> 00:18:52,179 And and he did. 535 00:18:52,180 --> 00:18:54,399 And so that was how Snowden was able 536 00:18:54,400 --> 00:18:57,699 to verify my fingerprint. 537 00:18:57,700 --> 00:19:00,909 And that was, you know, a couple 538 00:19:00,910 --> 00:19:02,469 probably a week or two weeks after we 539 00:19:02,470 --> 00:19:03,459 started corresponding. 540 00:19:03,460 --> 00:19:05,859 And then we were sort of on an anonymous 541 00:19:05,860 --> 00:19:07,989 you know, both my communications 542 00:19:07,990 --> 00:19:10,239 were were severed from 543 00:19:10,240 --> 00:19:11,829 my true name, but I'm still using the 544 00:19:11,830 --> 00:19:13,239 same computer. 545 00:19:13,240 --> 00:19:15,309 And then the next email that I got after 546 00:19:15,310 --> 00:19:17,799 that one was the sort of holy shit email, 547 00:19:17,800 --> 00:19:19,539 which is when I realized that I really 548 00:19:19,540 --> 00:19:22,179 need to create sort of a real blockade 549 00:19:22,180 --> 00:19:23,889 between anything that was tied to my true 550 00:19:23,890 --> 00:19:26,509 identity and these communications. 551 00:19:26,510 --> 00:19:27,510 And that's when 552 00:19:28,570 --> 00:19:30,759 that I that I moved over to tale's 553 00:19:30,760 --> 00:19:32,469 to the tail's operating system. 554 00:19:32,470 --> 00:19:33,879 So thank you. If there are any tale's 555 00:19:33,880 --> 00:19:35,289 developers in that room. 556 00:19:35,290 --> 00:19:36,290 Thank you. 557 00:19:41,810 --> 00:19:42,810 And 558 00:19:44,160 --> 00:19:45,439 I can continue on a little bit on the 559 00:19:45,440 --> 00:19:48,069 story and then we can come back so so 560 00:19:48,070 --> 00:19:50,079 then so he actually snowed in and said, 561 00:19:50,080 --> 00:19:52,449 you know, for most security 562 00:19:52,450 --> 00:19:54,529 you should use tale's and I, I, 563 00:19:54,530 --> 00:19:56,589 I've known of it, but I wasn't using it 564 00:19:56,590 --> 00:19:57,309 at that time. 565 00:19:57,310 --> 00:19:59,529 And so but I did have a bit of a dilemma 566 00:19:59,530 --> 00:20:01,659 with it because I didn't really have 567 00:20:01,660 --> 00:20:03,729 confidence of how to verify 568 00:20:03,730 --> 00:20:04,119 this. 569 00:20:04,120 --> 00:20:05,709 The download the certificate. 570 00:20:05,710 --> 00:20:07,839 And and I actually was back in 571 00:20:07,840 --> 00:20:09,909 Berlin and I was a friend 572 00:20:09,910 --> 00:20:11,619 of a friend when one of the friends is in 573 00:20:11,620 --> 00:20:14,079 the in the room gave me the name 574 00:20:14,080 --> 00:20:15,909 of another person whose last name I 575 00:20:15,910 --> 00:20:18,159 actually never knew, who set up 576 00:20:18,160 --> 00:20:20,439 a tale's disk for me 577 00:20:20,440 --> 00:20:22,899 on a computer, which was a computer that 578 00:20:22,900 --> 00:20:24,789 I purchased with cash 579 00:20:26,200 --> 00:20:27,399 in New York. 580 00:20:27,400 --> 00:20:29,509 So it was was nothing tied to 581 00:20:29,510 --> 00:20:32,679 my name in the correspondence 582 00:20:32,680 --> 00:20:33,680 from then on. 583 00:20:36,550 --> 00:20:39,159 So that's like above and beyond levels of 584 00:20:39,160 --> 00:20:41,479 verification and trust verification. 585 00:20:43,690 --> 00:20:45,429 And then you can I guess I'm going to 586 00:20:45,430 --> 00:20:47,769 play the part of the complete 587 00:20:47,770 --> 00:20:49,809 with one here. But I did the I thought 588 00:20:49,810 --> 00:20:50,890 one of my sources, I thought 589 00:20:51,910 --> 00:20:53,769 he verification in terms of numbers would 590 00:20:53,770 --> 00:20:55,599 be too hard. So we tried to do the shared 591 00:20:55,600 --> 00:20:57,639 secret on. 592 00:20:57,640 --> 00:20:59,829 I managed to get this person on our end 593 00:21:01,000 --> 00:21:03,249 and I 594 00:21:03,250 --> 00:21:05,079 thought that it would be really easy if 595 00:21:05,080 --> 00:21:07,209 we we didn't set up a shared secret in 596 00:21:07,210 --> 00:21:08,379 advance. I just thought we would be able 597 00:21:08,380 --> 00:21:09,429 to come up with one. 598 00:21:09,430 --> 00:21:11,619 So I said, when do we first 599 00:21:11,620 --> 00:21:13,869 meet and then or 600 00:21:13,870 --> 00:21:15,039 where where did we first meet? 601 00:21:15,040 --> 00:21:16,359 What location? 602 00:21:16,360 --> 00:21:18,519 And the person answered wrong. 603 00:21:18,520 --> 00:21:20,229 And then the person answered asked me a 604 00:21:20,230 --> 00:21:21,909 question of where we first met, and I 605 00:21:21,910 --> 00:21:23,409 answered it wrong that we had no idea 606 00:21:23,410 --> 00:21:24,520 where we had first met. 607 00:21:26,260 --> 00:21:27,279 So that didn't work. 608 00:21:31,450 --> 00:21:32,859 How many people in this room have had 609 00:21:32,860 --> 00:21:33,860 that problem? 610 00:21:36,340 --> 00:21:37,340 I feel better. 611 00:21:41,410 --> 00:21:42,399 All right. 612 00:21:42,400 --> 00:21:44,409 So now we've successfully verify the 613 00:21:44,410 --> 00:21:45,729 authenticity of our keys and our 614 00:21:45,730 --> 00:21:46,730 software. 615 00:21:47,950 --> 00:21:49,809 Step number four in a confidential 616 00:21:49,810 --> 00:21:51,519 communication is Alice and Bob actually 617 00:21:51,520 --> 00:21:53,259 initiate confidential communication with 618 00:21:53,260 --> 00:21:54,260 each other. 619 00:22:06,130 --> 00:22:07,959 You all understand why this entire talk 620 00:22:07,960 --> 00:22:10,030 is illustrated with CDs, slides, 621 00:22:12,100 --> 00:22:14,259 and even even at the AP, depending 622 00:22:14,260 --> 00:22:16,719 on which version of software you install, 623 00:22:16,720 --> 00:22:18,309 it either does inline PGP. 624 00:22:18,310 --> 00:22:21,009 It attaches it as an attachment 625 00:22:21,010 --> 00:22:22,839 or and you can't read them. 626 00:22:22,840 --> 00:22:24,849 And there's UTF to ASCII character 627 00:22:24,850 --> 00:22:27,009 conversions. And that's just among four 628 00:22:27,010 --> 00:22:28,749 people I work with. 629 00:22:28,750 --> 00:22:31,329 And that's, you know, it's 630 00:22:31,330 --> 00:22:33,129 yet another headache. I think we're not 631 00:22:33,130 --> 00:22:34,269 bagging on this entirely. 632 00:22:34,270 --> 00:22:36,549 I mean I mean, this the story, 633 00:22:36,550 --> 00:22:38,559 the Cuba story that that Nadia was 634 00:22:38,560 --> 00:22:40,869 mentioning, we used extensively 635 00:22:40,870 --> 00:22:43,059 when we did work in countries of, shall 636 00:22:43,060 --> 00:22:45,159 we say, aren't really very 637 00:22:45,160 --> 00:22:46,869 favorable toward the press. 638 00:22:46,870 --> 00:22:49,129 We used other tools, which I'm sure 639 00:22:49,130 --> 00:22:50,800 and talk about in the future, 640 00:22:51,910 --> 00:22:54,009 community voice communication tools 641 00:22:54,010 --> 00:22:55,749 like whisper systems, the signal. 642 00:22:55,750 --> 00:22:57,969 We use that quite a bit 643 00:22:57,970 --> 00:23:00,159 and it worked very well and 644 00:23:00,160 --> 00:23:02,259 other sort of tools. So so don't take 645 00:23:02,260 --> 00:23:03,429 away the impression that this is all 646 00:23:03,430 --> 00:23:05,199 garbage and we're throwing up our hands. 647 00:23:05,200 --> 00:23:07,299 It's just that your mileage may 648 00:23:07,300 --> 00:23:08,300 vary. 649 00:23:11,230 --> 00:23:13,269 But I mean, I guess I could just bring 650 00:23:13,270 --> 00:23:15,429 in, like, yet another sad story, so 651 00:23:16,540 --> 00:23:18,399 one time I was really proud because I was 652 00:23:18,400 --> 00:23:20,049 really getting like a good 653 00:23:21,460 --> 00:23:24,039 communication going with 654 00:23:24,040 --> 00:23:24,669 somebody. 655 00:23:24,670 --> 00:23:26,889 And then 656 00:23:26,890 --> 00:23:28,839 all of a sudden we started dropping 657 00:23:28,840 --> 00:23:29,589 plaintext. 658 00:23:29,590 --> 00:23:32,199 And basically it turned out that 659 00:23:32,200 --> 00:23:34,599 one of us had it set only 660 00:23:34,600 --> 00:23:36,669 to accept, OK, I'm going to 661 00:23:36,670 --> 00:23:38,949 get the technology wrong as MYM and 662 00:23:38,950 --> 00:23:41,139 PGP and one of us was not 663 00:23:41,140 --> 00:23:42,939 accepting this MYM. 664 00:23:42,940 --> 00:23:45,009 And so so the whole thing 665 00:23:45,010 --> 00:23:47,079 fell apart. And 666 00:23:47,080 --> 00:23:49,059 once again, I just felt like every time I 667 00:23:49,060 --> 00:23:51,249 think I've climbed some way up 668 00:23:51,250 --> 00:23:52,809 the mountain, it turns out I'm really 669 00:23:52,810 --> 00:23:53,810 just at base camp. 670 00:23:56,350 --> 00:23:58,449 I will confess that 671 00:23:58,450 --> 00:24:00,129 I have dropped plaintext with people on 672 00:24:00,130 --> 00:24:01,130 the stage 673 00:24:04,750 --> 00:24:05,989 and see. 674 00:24:10,810 --> 00:24:12,040 So, OK. 675 00:24:15,010 --> 00:24:17,079 I guess let's see, we can we can 676 00:24:17,080 --> 00:24:18,879 talk about once, once, once we've moved 677 00:24:18,880 --> 00:24:21,509 on from confidentiality, 678 00:24:21,510 --> 00:24:22,449 we've talked about this a little bit 679 00:24:22,450 --> 00:24:24,909 already of another property 680 00:24:24,910 --> 00:24:27,129 that journalists need with sources 681 00:24:27,130 --> 00:24:28,359 is anonymous communication. 682 00:24:28,360 --> 00:24:30,309 Laura was talking about anonymous, 683 00:24:30,310 --> 00:24:31,540 unthinkable communication. 684 00:24:33,040 --> 00:24:35,379 So what this looks 685 00:24:35,380 --> 00:24:37,719 like is, say the 686 00:24:37,720 --> 00:24:39,789 simplest case, even 687 00:24:39,790 --> 00:24:42,309 not using so much cryptography, 688 00:24:42,310 --> 00:24:43,989 is if you want an unthinkable thing. 689 00:24:43,990 --> 00:24:45,039 This is what Laura just did. 690 00:24:45,040 --> 00:24:47,799 She purchased a device with cash 691 00:24:47,800 --> 00:24:49,989 and then install software on it. 692 00:24:49,990 --> 00:24:52,239 So, Alice, our journalists 693 00:24:52,240 --> 00:24:54,819 might purchase a burner phone with cash, 694 00:24:54,820 --> 00:24:56,829 maybe install some encrypted 695 00:24:56,830 --> 00:24:59,169 communication applications on it, install 696 00:24:59,170 --> 00:25:00,669 all the contacts that they've been 697 00:25:00,670 --> 00:25:02,979 verified by her, and then say mail 698 00:25:02,980 --> 00:25:05,049 bob his special burner phone and then 699 00:25:05,050 --> 00:25:07,209 Bob can use his burner phone to securely 700 00:25:07,210 --> 00:25:09,279 communicate with Alice. 701 00:25:09,280 --> 00:25:10,779 This is this is straightforward. 702 00:25:10,780 --> 00:25:13,359 This is taking all of the responsibility 703 00:25:13,360 --> 00:25:15,909 for installation and verification 704 00:25:15,910 --> 00:25:18,999 away from Bob, our hapless source. 705 00:25:19,000 --> 00:25:21,369 So how does this work in practice? 706 00:25:23,210 --> 00:25:24,210 Yeah, so 707 00:25:25,550 --> 00:25:26,899 colleagues of mine actually think that 708 00:25:26,900 --> 00:25:28,369 this is a true burner phone, 709 00:25:29,570 --> 00:25:31,039 I it's not 710 00:25:32,150 --> 00:25:33,109 particularly when they do it on their 711 00:25:33,110 --> 00:25:35,209 phone, they tie it to their Apple ID 712 00:25:35,210 --> 00:25:36,739 and then make what they think are 713 00:25:36,740 --> 00:25:37,740 anonymous phone calls. 714 00:25:38,660 --> 00:25:40,489 This was sort of by accident that he put 715 00:25:40,490 --> 00:25:42,619 the slide in because that one used the 716 00:25:42,620 --> 00:25:44,629 burner actually is in the side burner. 717 00:25:44,630 --> 00:25:46,879 Had, as it's obvious, 718 00:25:46,880 --> 00:25:49,069 is an app where you can select an area 719 00:25:49,070 --> 00:25:50,989 code and for a certain amount of credits, 720 00:25:50,990 --> 00:25:52,619 create a phone number that, you know, 721 00:25:52,620 --> 00:25:54,919 masks or masquerades from that 722 00:25:54,920 --> 00:25:55,939 that area code. 723 00:25:55,940 --> 00:25:57,589 Well, that masquerades and they can call 724 00:25:57,590 --> 00:25:58,519 you back on it. 725 00:25:58,520 --> 00:26:00,889 And I remember once dealing with a former 726 00:26:00,890 --> 00:26:03,019 Washington official, we got a document 727 00:26:03,020 --> 00:26:05,149 how he's got some big payout from 728 00:26:05,150 --> 00:26:07,429 an organization and he wouldn't 729 00:26:07,430 --> 00:26:09,079 obviously pick up my Toyota. 730 00:26:09,080 --> 00:26:10,519 That's a Washington, D.C. 731 00:26:10,520 --> 00:26:12,619 area code. Phone number one, pick 732 00:26:12,620 --> 00:26:14,059 up a block number. Wouldn't do it. 733 00:26:14,060 --> 00:26:15,769 So I figured out where he lived in a 734 00:26:15,770 --> 00:26:18,049 rural in his rural state where he retired 735 00:26:18,050 --> 00:26:20,119 to. And I got that that area 736 00:26:20,120 --> 00:26:22,069 code and called him up and he called me 737 00:26:22,070 --> 00:26:23,899 and he answered in a tizzy because he 738 00:26:23,900 --> 00:26:26,209 thought, I swear to God, he thought I was 739 00:26:26,210 --> 00:26:28,429 the plumber who was running late to come 740 00:26:28,430 --> 00:26:29,959 fix it because he probably, like, picked 741 00:26:29,960 --> 00:26:31,849 up the phone, OK? 742 00:26:31,850 --> 00:26:33,019 And he's like, I just got done with a 743 00:26:33,020 --> 00:26:34,429 workout or are you still coming over at 744 00:26:34,430 --> 00:26:36,499 10:00 AM like Mr. 745 00:26:36,500 --> 00:26:37,819 So-and-so, it's great to get you on the 746 00:26:37,820 --> 00:26:39,919 phone. We're preparing a story in an hour 747 00:26:39,920 --> 00:26:41,269 that says you did it. 748 00:26:41,270 --> 00:26:43,609 See, and like that's I think the only 749 00:26:43,610 --> 00:26:45,829 time that I mean, this is not a do 750 00:26:45,830 --> 00:26:47,089 not use this for anonymous 751 00:26:47,090 --> 00:26:49,609 communications. I mean, it's to basically 752 00:26:49,610 --> 00:26:51,739 I mean, in my my experience, it's 753 00:26:51,740 --> 00:26:53,899 to, you know, hit him with 754 00:26:53,900 --> 00:26:56,059 Erica that they think is friendly fire 755 00:26:56,060 --> 00:26:57,169 or is friendly. 756 00:26:57,170 --> 00:26:58,170 No. When it's not. 757 00:27:00,980 --> 00:27:03,209 So one time I bought a burner and did 758 00:27:03,210 --> 00:27:04,769 the sort of Alice and Bob thing you just 759 00:27:04,770 --> 00:27:06,959 laid out, and I sent it in the mail 760 00:27:06,960 --> 00:27:09,029 to my source, an executive at a company 761 00:27:09,030 --> 00:27:11,039 who is trying to share all sorts of 762 00:27:11,040 --> 00:27:13,229 damning information about his company. 763 00:27:13,230 --> 00:27:15,329 And we met in a cafe and I said, 764 00:27:15,330 --> 00:27:17,039 I'm going to be sending you a phone. 765 00:27:17,040 --> 00:27:18,539 And he agreed this was not a first date 766 00:27:18,540 --> 00:27:20,669 problem. We'd been talking for years. 767 00:27:20,670 --> 00:27:22,799 So he was willing to set up this 768 00:27:22,800 --> 00:27:24,149 encrypted channel. 769 00:27:24,150 --> 00:27:27,359 And and then 770 00:27:27,360 --> 00:27:29,489 I would call I would text 771 00:27:29,490 --> 00:27:29,879 nothing. 772 00:27:29,880 --> 00:27:30,799 No response. No response. 773 00:27:30,800 --> 00:27:32,579 I finally had to call me, like, what are 774 00:27:32,580 --> 00:27:34,859 you doing with the burner phone is, oh, 775 00:27:34,860 --> 00:27:36,659 I never bring it anywhere with me and 776 00:27:36,660 --> 00:27:38,369 just leave it at home. 777 00:27:38,370 --> 00:27:40,439 So they never, you know, 778 00:27:40,440 --> 00:27:41,819 just like it didn't have enough room in 779 00:27:41,820 --> 00:27:43,439 his pockets. You one phone. 780 00:27:43,440 --> 00:27:45,509 And so, you know, 781 00:27:45,510 --> 00:27:47,399 once again I was like I would end up 782 00:27:47,400 --> 00:27:49,649 calling to tell 783 00:27:49,650 --> 00:27:51,449 him to go pick up the burner phone. 784 00:27:51,450 --> 00:27:54,569 And so that was a pointless exercise. 785 00:27:54,570 --> 00:27:56,669 And a burner thing is difficult, too. 786 00:27:56,670 --> 00:27:59,489 I mean, you know, particularly, 787 00:27:59,490 --> 00:28:01,319 you know, at least in the States. 788 00:28:01,320 --> 00:28:02,979 I mean, the stereotyping that's it's like 789 00:28:02,980 --> 00:28:04,439 you must be a drug dealer if you're 790 00:28:04,440 --> 00:28:06,689 getting a burner phone with cash and 791 00:28:06,690 --> 00:28:08,339 you really look like the I mean, I'm a 792 00:28:08,340 --> 00:28:10,109 journalist by training out of care, you 793 00:28:10,110 --> 00:28:11,369 know, I look like an odd duck for a 794 00:28:11,370 --> 00:28:12,779 living. And that's fine. I'm fine being 795 00:28:12,780 --> 00:28:13,709 the weird guy. 796 00:28:13,710 --> 00:28:15,179 But like, when you're there, the you 797 00:28:15,180 --> 00:28:17,219 know, the AT&T store, whatever your 798 00:28:17,220 --> 00:28:19,319 topping up your SIM card and you're like 799 00:28:19,320 --> 00:28:22,109 the guy pulling out wads of cash 800 00:28:22,110 --> 00:28:23,579 and you don't really want to give your 801 00:28:23,580 --> 00:28:25,469 driver's license because you don't really 802 00:28:25,470 --> 00:28:27,389 have to. And you're given a name that the 803 00:28:27,390 --> 00:28:29,519 guy knows is not your real name. 804 00:28:29,520 --> 00:28:30,919 And you're doing this weird dance. 805 00:28:30,920 --> 00:28:33,059 And just like it's just like 806 00:28:33,060 --> 00:28:34,439 it's like a terrible Christmas dinner, 807 00:28:34,440 --> 00:28:35,789 just like I just want to go home, just 808 00:28:35,790 --> 00:28:37,169 give me the thing and go. 809 00:28:37,170 --> 00:28:39,119 And you got to do that to fill it up. 810 00:28:39,120 --> 00:28:40,120 And it's, you know. 811 00:28:43,090 --> 00:28:46,449 So basically, we need to normalize 812 00:28:46,450 --> 00:28:48,759 the burner phone or something 813 00:28:48,760 --> 00:28:50,200 we don't have used for. 814 00:28:51,940 --> 00:28:53,289 Yeah, oh, yeah, all the time, 815 00:28:54,560 --> 00:28:56,679 I guess we heard Laura success story with 816 00:28:56,680 --> 00:28:57,680 tales. 817 00:28:59,260 --> 00:29:00,729 I mean, I don't think any of us could do 818 00:29:00,730 --> 00:29:01,779 our work without her. 819 00:29:01,780 --> 00:29:03,549 I mean. I mean, really. 820 00:29:03,550 --> 00:29:03,759 Yeah. 821 00:29:03,760 --> 00:29:06,039 I mean, I think we use it every day and 822 00:29:06,040 --> 00:29:07,959 and even for for people who don't 823 00:29:07,960 --> 00:29:10,239 understand, you know, DNS, 824 00:29:10,240 --> 00:29:12,279 all I do is I don't know why I use this 825 00:29:12,280 --> 00:29:13,259 website. 826 00:29:13,260 --> 00:29:14,619 I put them down. 827 00:29:14,620 --> 00:29:16,959 I go, you know, particularly since the AP 828 00:29:16,960 --> 00:29:18,549 has their own net block and, you know, 829 00:29:18,550 --> 00:29:20,409 you reverse look up that address, it says 830 00:29:20,410 --> 00:29:22,509 The Associated Press, you know, whatever. 831 00:29:22,510 --> 00:29:24,099 Thirty Third Street, New York, New York. 832 00:29:24,100 --> 00:29:26,349 And you go to IP chicken, 833 00:29:26,350 --> 00:29:28,269 dot com or whatever, like, look, you 834 00:29:28,270 --> 00:29:29,859 know, somebody who's monitoring a 835 00:29:29,860 --> 00:29:31,479 government email or a government web 836 00:29:31,480 --> 00:29:33,729 server, you know, you're immediately 837 00:29:33,730 --> 00:29:35,349 tipping them off that you're hitting 838 00:29:35,350 --> 00:29:35,539 them. 839 00:29:35,540 --> 00:29:37,619 I mean, there's many uses for tor besides 840 00:29:37,620 --> 00:29:39,309 that, but just the little things that 841 00:29:39,310 --> 00:29:41,359 always seems to like they're grasping 842 00:29:41,360 --> 00:29:42,939 like, oh, they really know it's me. 843 00:29:42,940 --> 00:29:45,099 I'm like, yeah, they they know 844 00:29:45,100 --> 00:29:45,789 it's you. 845 00:29:45,790 --> 00:29:48,009 I mean, so actually 846 00:29:48,010 --> 00:29:50,439 Tale's is like the my favorite 847 00:29:50,440 --> 00:29:52,509 sort of success 848 00:29:52,510 --> 00:29:53,169 story. 849 00:29:53,170 --> 00:29:55,809 So with fellow journalists actually 850 00:29:55,810 --> 00:29:57,939 who don't who find 851 00:29:57,940 --> 00:30:00,099 all this other encryption difficult, 852 00:30:00,100 --> 00:30:02,169 I find that actually showing tales is 853 00:30:02,170 --> 00:30:03,639 easier because it's sort of this 854 00:30:03,640 --> 00:30:04,779 controlled environment. 855 00:30:04,780 --> 00:30:06,459 So I've had some success getting some 856 00:30:06,460 --> 00:30:08,769 colleagues to use tales 857 00:30:08,770 --> 00:30:09,819 because it's sort of simple. 858 00:30:09,820 --> 00:30:12,579 The idea is a little bit simpler. 859 00:30:12,580 --> 00:30:13,839 The idea you just have this separate 860 00:30:13,840 --> 00:30:15,639 machine that you just do this and it sort 861 00:30:15,640 --> 00:30:17,829 of all the box is built 862 00:30:17,830 --> 00:30:19,899 as a default to make you kind of make the 863 00:30:19,900 --> 00:30:20,799 right choices. 864 00:30:20,800 --> 00:30:22,000 And so 865 00:30:23,170 --> 00:30:25,390 it's probably my favorite tool. 866 00:30:29,420 --> 00:30:30,949 I think that sideways into sort of the 867 00:30:30,950 --> 00:30:33,589 last journalists task, which is 868 00:30:33,590 --> 00:30:36,139 keeping notes and data and 869 00:30:36,140 --> 00:30:38,509 of course from the perspective of 870 00:30:38,510 --> 00:30:40,999 the hapless cryptographer, this is easy. 871 00:30:41,000 --> 00:30:42,409 Alice wants to keep some notes. 872 00:30:42,410 --> 00:30:44,299 She encrypts the data to her private key. 873 00:30:44,300 --> 00:30:45,710 Nobody but her can decrypt it. 874 00:30:47,810 --> 00:30:50,419 So then, of course, 875 00:30:50,420 --> 00:30:52,189 situation No. One, collaboration with 876 00:30:52,190 --> 00:30:53,190 fellow journalists. 877 00:30:57,350 --> 00:30:58,969 I mean, there are times I'm just thinking 878 00:30:58,970 --> 00:31:00,559 of in recent memory, and we've had I 879 00:31:00,560 --> 00:31:01,669 mean, the AP is a global news 880 00:31:01,670 --> 00:31:03,109 organization where people all over the 881 00:31:03,110 --> 00:31:05,689 world and and, you know, 882 00:31:05,690 --> 00:31:07,219 you know, sometimes we need to 883 00:31:07,220 --> 00:31:08,299 communicate securely. 884 00:31:08,300 --> 00:31:10,099 And like I was talking about earlier and 885 00:31:10,100 --> 00:31:12,229 again, this is you know, this is no 886 00:31:12,230 --> 00:31:13,699 it's not malicious that people do this, 887 00:31:13,700 --> 00:31:14,749 but they you know, they're just so used 888 00:31:14,750 --> 00:31:16,969 to picking up the phone, using plain 889 00:31:16,970 --> 00:31:18,649 old telephone service and just dialing, 890 00:31:18,650 --> 00:31:20,899 you know, 011 the number, what have 891 00:31:20,900 --> 00:31:22,219 you. 892 00:31:22,220 --> 00:31:24,409 And I just remember, you 893 00:31:24,410 --> 00:31:26,509 know, coming close, wants to be 894 00:31:26,510 --> 00:31:28,009 on a call where people were calling in 895 00:31:28,010 --> 00:31:30,229 from, shall I say, hostile 896 00:31:30,230 --> 00:31:31,579 countries toward journalists and their 897 00:31:31,580 --> 00:31:33,709 sources. And we were all calling 898 00:31:33,710 --> 00:31:35,989 in using these unsecured lines. 899 00:31:35,990 --> 00:31:37,439 And then we all sort of realized that 900 00:31:37,440 --> 00:31:39,109 what we were doing and it was, you know, 901 00:31:39,110 --> 00:31:40,579 it's like, you know, we all sort of 902 00:31:40,580 --> 00:31:42,199 realize, you know, oops, we left the 903 00:31:42,200 --> 00:31:43,789 backdoor up and I think the cat just got 904 00:31:43,790 --> 00:31:45,979 out and it's too late, but 905 00:31:45,980 --> 00:31:47,449 not quite because we didn't really we 906 00:31:47,450 --> 00:31:48,439 were about to, you know, we weren't going 907 00:31:48,440 --> 00:31:50,509 to say so. Confidential Source X lives on 908 00:31:50,510 --> 00:31:52,759 whatever street in Venezuela. 909 00:31:52,760 --> 00:31:54,469 You know, we didn't get to that point. 910 00:31:54,470 --> 00:31:56,719 But, you know, even even when we're 911 00:31:56,720 --> 00:31:58,279 sort of used to it, you know, after 912 00:31:58,280 --> 00:32:00,349 Snowden has sort of showed us 913 00:32:00,350 --> 00:32:02,479 that and the AP subpoenas 914 00:32:02,480 --> 00:32:04,669 it, you know, people really 915 00:32:04,670 --> 00:32:06,419 want your data. 916 00:32:06,420 --> 00:32:07,639 They will get access to it. 917 00:32:07,640 --> 00:32:09,149 And this is no laughing matter. 918 00:32:09,150 --> 00:32:11,419 I mean, and 919 00:32:11,420 --> 00:32:13,129 even, you know, people who do it all the 920 00:32:13,130 --> 00:32:14,749 time sometimes forget about it just by 921 00:32:14,750 --> 00:32:16,909 force of habit. And I think that's, 922 00:32:16,910 --> 00:32:17,899 you know, a problem. 923 00:32:17,900 --> 00:32:19,519 Obviously, we need to correct ourselves 924 00:32:19,520 --> 00:32:19,999 internally. 925 00:32:20,000 --> 00:32:21,739 But it's one of these things, actually. 926 00:32:21,740 --> 00:32:23,119 It's sort of like the mindset in 927 00:32:23,120 --> 00:32:25,429 journalists newsrooms is sort of is is 928 00:32:25,430 --> 00:32:27,739 outdated. So the 929 00:32:27,740 --> 00:32:31,219 sort of rule of thumb in a newsroom, 930 00:32:31,220 --> 00:32:33,409 most newsrooms would be if you're filing 931 00:32:33,410 --> 00:32:35,659 a story based on a confidential 932 00:32:35,660 --> 00:32:37,959 source, your editor and oftentimes 933 00:32:37,960 --> 00:32:40,129 the editors up the chain need 934 00:32:40,130 --> 00:32:41,929 to know the identity of that source. 935 00:32:41,930 --> 00:32:43,729 And that's a general practice. 936 00:32:43,730 --> 00:32:45,559 And the problem is your editor may be in 937 00:32:45,560 --> 00:32:46,910 another country. And so, 938 00:32:48,230 --> 00:32:50,299 you know, in at The Wall Street Journal, 939 00:32:50,300 --> 00:32:51,649 where I worked for 14 years, you know, 940 00:32:51,650 --> 00:32:53,839 sometimes like it just wasn't 941 00:32:53,840 --> 00:32:55,969 possible for the journalist to convey 942 00:32:55,970 --> 00:32:57,889 to the management in New York who the 943 00:32:57,890 --> 00:32:59,659 source was in a secure way. 944 00:32:59,660 --> 00:33:02,029 And sometimes before a story would run, 945 00:33:02,030 --> 00:33:04,489 that journalist would actually fly 946 00:33:04,490 --> 00:33:06,679 to New York to talk to the editors and 947 00:33:06,680 --> 00:33:09,559 say, this is the real story. 948 00:33:09,560 --> 00:33:10,459 You should publish it. 949 00:33:10,460 --> 00:33:14,089 And of course, that delays publication 950 00:33:14,090 --> 00:33:15,229 and is very expensive. 951 00:33:15,230 --> 00:33:17,299 And so it's it's 952 00:33:17,300 --> 00:33:19,579 just a challenge within the structure of 953 00:33:19,580 --> 00:33:20,580 newsrooms. 954 00:33:21,980 --> 00:33:24,199 Yeah. I mean, I certainly experienced 955 00:33:24,200 --> 00:33:26,269 this these kinds of problems working 956 00:33:26,270 --> 00:33:29,329 on on this story before 957 00:33:29,330 --> 00:33:31,459 right before going to Hong Kong. 958 00:33:31,460 --> 00:33:33,769 The Washington Post got very nervous 959 00:33:33,770 --> 00:33:35,029 and there were a bunch of lawyers that 960 00:33:35,030 --> 00:33:36,019 were making phone calls. 961 00:33:36,020 --> 00:33:37,369 They were all in the clear and they were 962 00:33:37,370 --> 00:33:39,529 sending emails about what was going on. 963 00:33:39,530 --> 00:33:41,269 And I mean, I really freaked out because 964 00:33:41,270 --> 00:33:43,189 it seemed to me this was the most risky 965 00:33:43,190 --> 00:33:44,989 time to to be having these kind of 966 00:33:44,990 --> 00:33:47,090 communications over anything electronic. 967 00:33:50,800 --> 00:33:52,269 Let me I want to say something about the 968 00:33:52,270 --> 00:33:54,459 sort of collecting of notes, because 969 00:33:54,460 --> 00:33:56,559 as a filmmaker, I mean, what I do 970 00:33:56,560 --> 00:33:58,749 is I actually usually, you 971 00:33:58,750 --> 00:34:00,759 know, filming. And so, I mean, one of the 972 00:34:00,760 --> 00:34:02,679 things that I would love if somebody 973 00:34:02,680 --> 00:34:04,779 could someday develop is 974 00:34:04,780 --> 00:34:05,980 if you can record 975 00:34:07,840 --> 00:34:10,299 video to an encrypted 976 00:34:10,300 --> 00:34:12,789 media. And so you don't have unencrypted 977 00:34:12,790 --> 00:34:14,859 media on you because that's pretty risky, 978 00:34:14,860 --> 00:34:16,178 depending on what situation, if you 979 00:34:16,179 --> 00:34:17,529 happen to be, for instance, filming a 980 00:34:17,530 --> 00:34:19,809 protest and you're not able to, you know, 981 00:34:19,810 --> 00:34:22,238 pull out an SD card in time. 982 00:34:22,239 --> 00:34:24,280 When I was in Hong Kong, I was 983 00:34:25,449 --> 00:34:27,009 I was concerned that we would be raided. 984 00:34:27,010 --> 00:34:28,599 And so every day I was backing up the 985 00:34:28,600 --> 00:34:30,249 media and putting it onto encrypted 986 00:34:30,250 --> 00:34:32,079 drives. But then I was had to physically, 987 00:34:32,080 --> 00:34:34,119 like, destroy the SD cards because I 988 00:34:34,120 --> 00:34:36,218 didn't want, you know, the 989 00:34:36,219 --> 00:34:38,049 raw footage to ever fall in anyone else's 990 00:34:38,050 --> 00:34:40,388 hands. And and it happens 991 00:34:40,389 --> 00:34:41,649 a lot when you have people who are 992 00:34:41,650 --> 00:34:43,739 working in, you know, whatever 993 00:34:44,800 --> 00:34:47,738 in protests in Egypt, for instance, 994 00:34:47,739 --> 00:34:49,749 if if they get your camera, they can get 995 00:34:49,750 --> 00:34:51,369 potentially get a lot of information if 996 00:34:51,370 --> 00:34:53,499 you can't get your media out in time 997 00:34:53,500 --> 00:34:54,500 and do something with it. 998 00:35:08,750 --> 00:35:10,959 So I think 999 00:35:10,960 --> 00:35:13,129 we're almost done here, so 1000 00:35:13,130 --> 00:35:14,779 with the slides, so start preparing your 1001 00:35:14,780 --> 00:35:16,489 questions and your answers to all of us, 1002 00:35:17,540 --> 00:35:18,540 I think. 1003 00:35:19,220 --> 00:35:20,599 Well, what Laura story just 1004 00:35:22,010 --> 00:35:24,679 segued into the legal coercion problem 1005 00:35:24,680 --> 00:35:26,299 that one of the big threats that 1006 00:35:26,300 --> 00:35:28,489 journalists face is coercion 1007 00:35:28,490 --> 00:35:30,859 from governments, either forceful 1008 00:35:30,860 --> 00:35:32,210 or legal or any other way. 1009 00:35:37,420 --> 00:35:39,069 Does our AP representative want to talk 1010 00:35:39,070 --> 00:35:41,319 about the problems that the A.P. 1011 00:35:41,320 --> 00:35:42,489 has faced? 1012 00:35:42,490 --> 00:35:45,369 Yeah, I mean, just 1013 00:35:45,370 --> 00:35:48,099 generally speaking, I mean, I think 1014 00:35:48,100 --> 00:35:50,229 I mean, it's not I mean, it is 1015 00:35:50,230 --> 00:35:52,089 a little bit of a hostile time and maybe 1016 00:35:52,090 --> 00:35:52,989 that's understating it. 1017 00:35:52,990 --> 00:35:55,419 I mean, for journalists, I mean and 1018 00:35:55,420 --> 00:35:57,459 I apologize. I come from very American 1019 00:35:57,460 --> 00:35:59,139 centric point of view because a 1020 00:35:59,140 --> 00:36:00,039 Washington journalists. 1021 00:36:00,040 --> 00:36:02,229 But I mean, this is it's sort of 1022 00:36:02,230 --> 00:36:03,999 conversely the most transparent 1023 00:36:04,000 --> 00:36:06,249 administration in global history. 1024 00:36:06,250 --> 00:36:07,929 But, you know, we were talking about M.C. 1025 00:36:07,930 --> 00:36:09,549 catchers, the other, you know, an earlier 1026 00:36:09,550 --> 00:36:11,359 panel. And, you know, this is the same 1027 00:36:11,360 --> 00:36:12,609 meanwhile, government that turns around 1028 00:36:12,610 --> 00:36:14,409 and tells my colleague and I found out 1029 00:36:14,410 --> 00:36:16,089 that there's local law enforcement. 1030 00:36:16,090 --> 00:36:17,769 They can't even release details about 1031 00:36:17,770 --> 00:36:19,179 what the local police do. 1032 00:36:19,180 --> 00:36:21,109 And, you know, it's very secretive about, 1033 00:36:21,110 --> 00:36:22,419 you know, getting like when they got our 1034 00:36:22,420 --> 00:36:23,379 phone records. 1035 00:36:23,380 --> 00:36:25,659 You know, they're it's, you know, 1036 00:36:25,660 --> 00:36:27,429 people even coming down to sources and 1037 00:36:27,430 --> 00:36:28,929 sort of like the bottom line here, where, 1038 00:36:28,930 --> 00:36:30,819 you know, why this matters so much is 1039 00:36:30,820 --> 00:36:32,979 it's not the Segway into it's not just, 1040 00:36:32,980 --> 00:36:34,029 you know, about the intelligence 1041 00:36:34,030 --> 00:36:35,919 community here. It's not about, you know, 1042 00:36:35,920 --> 00:36:38,019 a you know, an NSA contractor in 1043 00:36:38,020 --> 00:36:40,389 Hawaii who dumps all the 1044 00:36:40,390 --> 00:36:42,279 top secret classified documents is 1045 00:36:42,280 --> 00:36:42,939 important as it is. 1046 00:36:42,940 --> 00:36:45,219 I mean, these are people who work in 1047 00:36:45,220 --> 00:36:47,239 state houses and companies. 1048 00:36:47,240 --> 00:36:49,329 I mean, as as Julie was saying, you know, 1049 00:36:49,330 --> 00:36:51,459 like a company that's crooked and 1050 00:36:51,460 --> 00:36:53,589 and, you know, people lose their jobs 1051 00:36:53,590 --> 00:36:54,789 for this. I mean, they lose their 1052 00:36:54,790 --> 00:36:56,559 mortgages. They can't pay their bills. 1053 00:36:56,560 --> 00:36:57,549 They can't feed their families. 1054 00:36:57,550 --> 00:37:00,069 I mean, these are very real effects 1055 00:37:00,070 --> 00:37:02,439 of talking to the press, just talking 1056 00:37:02,440 --> 00:37:03,459 to us. 1057 00:37:03,460 --> 00:37:05,529 And and I think we owe it to 1058 00:37:05,530 --> 00:37:07,599 sources to do a better job at 1059 00:37:07,600 --> 00:37:09,519 this. I mean, we have the tools at our 1060 00:37:09,520 --> 00:37:11,619 disposal and with the help of 1061 00:37:11,620 --> 00:37:13,809 the crypto community, I think we can you 1062 00:37:13,810 --> 00:37:15,909 know, we really do it right and 1063 00:37:15,910 --> 00:37:17,319 make this better so we can have better 1064 00:37:17,320 --> 00:37:18,849 journalism and hold people accountable. 1065 00:37:18,850 --> 00:37:20,469 It's so cliche to say, but that's the 1066 00:37:20,470 --> 00:37:21,639 reason why we do what we do. 1067 00:37:21,640 --> 00:37:23,739 And, you know, we can't just go 1068 00:37:23,740 --> 00:37:25,389 back to a plain text world when 1069 00:37:25,390 --> 00:37:27,459 encryption is clearly the next 1070 00:37:27,460 --> 00:37:28,460 forefront. So. 1071 00:37:37,380 --> 00:37:38,759 I just want to add one thing, which is 1072 00:37:38,760 --> 00:37:40,100 that I 1073 00:37:41,320 --> 00:37:43,539 I think that newsrooms 1074 00:37:43,540 --> 00:37:45,839 I know that journalism is also 1075 00:37:45,840 --> 00:37:48,029 under financial pressure, but I believe 1076 00:37:48,030 --> 00:37:50,129 we have a moral obligation to invest more 1077 00:37:50,130 --> 00:37:51,629 in these types of tools. 1078 00:37:51,630 --> 00:37:53,789 Right. It's heartbreaking to me 1079 00:37:53,790 --> 00:37:55,979 whenever I learn how few people 1080 00:37:55,980 --> 00:37:58,049 support the tools that I 1081 00:37:58,050 --> 00:38:00,479 use every day and how underfunded 1082 00:38:00,480 --> 00:38:01,299 they are. 1083 00:38:01,300 --> 00:38:03,359 And I personally try to donate, but 1084 00:38:03,360 --> 00:38:05,489 I don't have I I'm a journalist, 1085 00:38:05,490 --> 00:38:06,839 right? I'm not I'm not going to be able 1086 00:38:06,840 --> 00:38:08,579 to pull this by myself. 1087 00:38:08,580 --> 00:38:10,739 And but I think our newsrooms would 1088 00:38:10,740 --> 00:38:13,259 be well served to see these tools as as 1089 00:38:13,260 --> 00:38:15,239 central to our work and to invest in 1090 00:38:15,240 --> 00:38:16,240 them. 1091 00:38:24,900 --> 00:38:25,979 All right, last slide, the four 1092 00:38:25,980 --> 00:38:28,049 questions, the last issue that a 1093 00:38:28,050 --> 00:38:29,489 lot of you run into is crossing 1094 00:38:29,490 --> 00:38:30,490 international borders. 1095 00:38:33,750 --> 00:38:34,890 OK, well, 1096 00:38:38,550 --> 00:38:40,709 yeah, I mean, it's no man's 1097 00:38:40,710 --> 00:38:41,129 land. 1098 00:38:41,130 --> 00:38:43,049 I mean, in terms of legal, I mean, you 1099 00:38:43,050 --> 00:38:45,129 have no protection. And they and they 1100 00:38:45,130 --> 00:38:47,159 they use it. I mean, the US government, 1101 00:38:47,160 --> 00:38:49,889 when I say they and, 1102 00:38:49,890 --> 00:38:52,049 you know, in my case, you know, it's over 1103 00:38:52,050 --> 00:38:53,969 six years detained every time I return to 1104 00:38:53,970 --> 00:38:55,229 the country. And, you know, they'd 1105 00:38:55,230 --> 00:38:57,569 photocopied my books and threatened 1106 00:38:57,570 --> 00:38:58,619 to take electronics. 1107 00:38:58,620 --> 00:38:59,969 Many times they would stack them in a 1108 00:38:59,970 --> 00:39:02,069 pile. And, you know, I would say that 1109 00:39:02,070 --> 00:39:03,509 I was a journalist and would have long 1110 00:39:03,510 --> 00:39:04,859 fights and they would say things like, 1111 00:39:04,860 --> 00:39:07,019 well, you know, this will go much faster 1112 00:39:07,020 --> 00:39:07,979 for you if you just give us your 1113 00:39:07,980 --> 00:39:09,629 passwords. And that's, you know, that's 1114 00:39:09,630 --> 00:39:11,129 not happening. And then they'd say, well, 1115 00:39:11,130 --> 00:39:12,329 if you don't answer our questions, we'll 1116 00:39:12,330 --> 00:39:14,009 find our answers on your electronics. 1117 00:39:14,010 --> 00:39:15,179 You know, that was one of my favorite 1118 00:39:15,180 --> 00:39:16,180 quotes. 1119 00:39:16,830 --> 00:39:18,749 I mean, ultimately, I moved to Berlin 1120 00:39:18,750 --> 00:39:21,089 because of this problem, because 1121 00:39:21,090 --> 00:39:22,679 because of the project I was working on. 1122 00:39:22,680 --> 00:39:24,809 I couldn't I didn't feel that I could 1123 00:39:24,810 --> 00:39:26,579 protect the source material I had and 1124 00:39:26,580 --> 00:39:27,899 cross the U.S. border. 1125 00:39:27,900 --> 00:39:30,689 And so I started I was shooting and 1126 00:39:30,690 --> 00:39:31,409 filming. 1127 00:39:31,410 --> 00:39:33,569 And then I would leave footage 1128 00:39:33,570 --> 00:39:35,369 outside of the country, back it up and 1129 00:39:35,370 --> 00:39:37,439 then return home and did that for 1130 00:39:37,440 --> 00:39:39,119 a while. And then once I needed to start 1131 00:39:39,120 --> 00:39:41,519 editing, then I came to Berlin 1132 00:39:41,520 --> 00:39:42,869 and started working there. 1133 00:39:42,870 --> 00:39:45,149 So it really was, you know, created a 1134 00:39:45,150 --> 00:39:47,809 huge problem for 1135 00:39:47,810 --> 00:39:49,509 for me to be able to do the work in the 1136 00:39:49,510 --> 00:39:50,510 U.S.. 1137 00:39:53,380 --> 00:39:54,879 I think there's a question that we don't 1138 00:39:54,880 --> 00:39:56,679 know how to answer. Is it safer to bring 1139 00:39:56,680 --> 00:39:58,749 data across a border with your person 1140 00:39:58,750 --> 00:40:00,190 or to send it electronically? 1141 00:40:01,580 --> 00:40:02,659 Maybe the answer is just no. 1142 00:40:06,080 --> 00:40:08,359 I mean, I think I think to a 1143 00:40:08,360 --> 00:40:10,579 trusted, you know, second party 1144 00:40:10,580 --> 00:40:12,139 would be probably the safest. 1145 00:40:15,590 --> 00:40:16,999 If there are no more stories that our 1146 00:40:17,000 --> 00:40:19,399 other panelists want to tell. 1147 00:40:19,400 --> 00:40:20,519 Well, I mean, I haven't 1148 00:40:22,040 --> 00:40:23,329 obviously left the country. 1149 00:40:23,330 --> 00:40:25,399 I still live in New York, but I have for 1150 00:40:25,400 --> 00:40:27,679 the past several years after 1151 00:40:27,680 --> 00:40:29,809 one source called me and said, look, I 1152 00:40:29,810 --> 00:40:31,729 know you're about to go on your annual 1153 00:40:31,730 --> 00:40:33,439 trip to India. I go every year to visit 1154 00:40:33,440 --> 00:40:35,719 my husband's family in India at Christmas 1155 00:40:35,720 --> 00:40:36,049 time. 1156 00:40:36,050 --> 00:40:37,999 And this person said, I just can't have 1157 00:40:38,000 --> 00:40:40,069 your my name in your 1158 00:40:40,070 --> 00:40:41,719 contact list if you're going to bring 1159 00:40:41,720 --> 00:40:43,639 your phone across the border. 1160 00:40:43,640 --> 00:40:46,489 And at that moment, I realized, 1161 00:40:46,490 --> 00:40:48,799 oh, my God, I can't I can't bring 1162 00:40:48,800 --> 00:40:51,109 anybody's name across in my contact 1163 00:40:51,110 --> 00:40:51,319 list. 1164 00:40:51,320 --> 00:40:53,539 So I realized I had to leave 1165 00:40:53,540 --> 00:40:55,669 my phone behind and I have 1166 00:40:55,670 --> 00:40:57,769 continued to leave my phone behind 1167 00:40:57,770 --> 00:40:59,989 on every international trip and 1168 00:40:59,990 --> 00:41:01,279 and also my computer. 1169 00:41:01,280 --> 00:41:03,979 I have a what I call a zero data policy 1170 00:41:03,980 --> 00:41:05,989 crossing borders, which, by the way, 1171 00:41:05,990 --> 00:41:08,269 means I don't have anything right. 1172 00:41:08,270 --> 00:41:10,579 So it's really inconvenient to 1173 00:41:10,580 --> 00:41:11,579 come with no data. 1174 00:41:11,580 --> 00:41:13,309 It means that I get less work done, I'm 1175 00:41:13,310 --> 00:41:15,469 less productive. I bring a tale's 1176 00:41:15,470 --> 00:41:17,629 machine and then I have some 1177 00:41:17,630 --> 00:41:18,979 documents I might want to work on on a 1178 00:41:18,980 --> 00:41:21,079 stick. But it's not a 1179 00:41:21,080 --> 00:41:23,299 great and convenient way to do reporting. 1180 00:41:23,300 --> 00:41:25,429 And my editors, despite, you 1181 00:41:25,430 --> 00:41:27,679 know, supporting me, are really annoyed 1182 00:41:27,680 --> 00:41:29,120 when I don't reply to their e-mails. 1183 00:41:32,400 --> 00:41:34,229 All right, so I guess with that will open 1184 00:41:34,230 --> 00:41:36,689 up for questions and answers from 1185 00:41:36,690 --> 00:41:37,690 you. 1186 00:41:47,990 --> 00:41:50,179 So before we start the questions, first 1187 00:41:50,180 --> 00:41:52,429 of all, if anybody is leaving right 1188 00:41:52,430 --> 00:41:54,529 now, please do so very quietly, take your 1189 00:41:54,530 --> 00:41:55,639 trash with you. 1190 00:41:55,640 --> 00:41:57,649 And also, it would be nice if you would 1191 00:41:57,650 --> 00:41:59,569 not let any martyr bottles fall over. 1192 00:41:59,570 --> 00:42:01,819 Thank you for the demonstration. 1193 00:42:01,820 --> 00:42:03,949 And also, if 1194 00:42:03,950 --> 00:42:06,019 you have free seats now, then please 1195 00:42:06,020 --> 00:42:08,179 already try to defragment a 1196 00:42:08,180 --> 00:42:10,339 bit like move inwards in your 1197 00:42:10,340 --> 00:42:12,709 respective rows and 1198 00:42:12,710 --> 00:42:14,829 make room on the sides. 1199 00:42:14,830 --> 00:42:16,969 We will not let anybody inside 1200 00:42:16,970 --> 00:42:18,349 this room yet before 1201 00:42:19,550 --> 00:42:21,679 the next section, but basically 1202 00:42:21,680 --> 00:42:23,309 the film is going to start. 1203 00:42:23,310 --> 00:42:25,549 So doing the Q&A, please try 1204 00:42:25,550 --> 00:42:27,769 to be a bit quieter than right 1205 00:42:27,770 --> 00:42:28,759 now. 1206 00:42:28,760 --> 00:42:29,760 A bit quiet, 1207 00:42:30,980 --> 00:42:31,980 please. 1208 00:42:32,570 --> 00:42:33,570 OK. 1209 00:42:42,700 --> 00:42:44,800 So then, hey, 1210 00:42:46,810 --> 00:42:49,299 let's start with microphone one. 1211 00:42:49,300 --> 00:42:51,489 So if you're so 1212 00:42:51,490 --> 00:42:54,069 much in the focus of, uh, 1213 00:42:54,070 --> 00:42:55,989 agencies and so on, like Laura, 1214 00:42:57,280 --> 00:42:59,329 what do you do about endpoint security? 1215 00:42:59,330 --> 00:43:01,029 Let's say you do everything correct with 1216 00:43:01,030 --> 00:43:03,459 encryption, but now you have this AACAP 1217 00:43:03,460 --> 00:43:05,649 device lying in your home and 1218 00:43:05,650 --> 00:43:08,619 like, do you always carry it with you or 1219 00:43:08,620 --> 00:43:10,959 do you sleep with it under your pillow? 1220 00:43:10,960 --> 00:43:12,459 Or how do you make sure that it doesn't 1221 00:43:12,460 --> 00:43:13,460 get bugged? 1222 00:43:17,260 --> 00:43:19,069 I would never answer that question. 1223 00:43:19,070 --> 00:43:21,579 OK, so would you have any advice 1224 00:43:21,580 --> 00:43:23,830 for people who want to 1225 00:43:24,940 --> 00:43:26,079 who have that problem? 1226 00:43:26,080 --> 00:43:28,239 Like, I mean, what oh, 1227 00:43:28,240 --> 00:43:30,549 how would they find out what 1228 00:43:30,550 --> 00:43:31,550 they should do? 1229 00:43:32,320 --> 00:43:33,669 I mean, obviously it's a question of 1230 00:43:33,670 --> 00:43:34,599 threat model. Right. 1231 00:43:34,600 --> 00:43:35,600 You know, and. 1232 00:43:41,130 --> 00:43:42,809 I mean, you know, there I mean, I don't 1233 00:43:42,810 --> 00:43:44,339 know if Sarah Harrison is here, I know 1234 00:43:44,340 --> 00:43:45,929 she's giving a talk, but she's off. 1235 00:43:45,930 --> 00:43:47,489 She carries a lot of computers with her. 1236 00:43:47,490 --> 00:43:49,109 I mean, that's sometimes what we do there 1237 00:43:49,110 --> 00:43:50,669 times when you carry a lot of computers 1238 00:43:50,670 --> 00:43:53,309 with you. And I think that 1239 00:43:53,310 --> 00:43:54,839 there are times, you know, where it 1240 00:43:54,840 --> 00:43:57,089 depends where that might be more 1241 00:43:57,090 --> 00:43:59,549 necessary than others, depending 1242 00:43:59,550 --> 00:44:00,989 on what you're working on and or the 1243 00:44:00,990 --> 00:44:02,819 political context in which you're 1244 00:44:02,820 --> 00:44:03,919 working. 1245 00:44:03,920 --> 00:44:06,209 So, I mean, obviously, 1246 00:44:06,210 --> 00:44:07,829 I mean, what people will say is that if 1247 00:44:07,830 --> 00:44:10,019 you never lose possession 1248 00:44:10,020 --> 00:44:12,149 of it, it would 1249 00:44:12,150 --> 00:44:14,309 be, you know, the sort of, you 1250 00:44:14,310 --> 00:44:16,499 know, absolute secure recommendation. 1251 00:44:19,080 --> 00:44:21,209 Thank you. Microphone to please. 1252 00:44:21,210 --> 00:44:22,439 Hello. 1253 00:44:22,440 --> 00:44:24,179 I was left with the impression that 1254 00:44:24,180 --> 00:44:26,279 burner phones are viable option for 1255 00:44:26,280 --> 00:44:28,859 informants. I would dispute that view 1256 00:44:28,860 --> 00:44:30,299 as the problem. 1257 00:44:30,300 --> 00:44:33,389 But the problem I see with burner phones 1258 00:44:33,390 --> 00:44:35,609 is that in the data 1259 00:44:35,610 --> 00:44:37,829 mining is very easy to identify a burner 1260 00:44:37,830 --> 00:44:40,079 phone because like, let's say if we have 1261 00:44:40,080 --> 00:44:41,279 a burner phone, there are two cases who 1262 00:44:41,280 --> 00:44:43,349 travel with a burner phone, then you 1263 00:44:43,350 --> 00:44:45,179 quickly identify a burner phone as a 1264 00:44:45,180 --> 00:44:46,439 burner phone because of movement. 1265 00:44:46,440 --> 00:44:49,049 Pattern is very similar or identical. 1266 00:44:49,050 --> 00:44:51,089 You see like the same base stations. 1267 00:44:51,090 --> 00:44:53,340 So you can identify not only that, 1268 00:44:54,540 --> 00:44:56,459 you can identify which person has the 1269 00:44:56,460 --> 00:44:58,259 burner phone. And because you know the 1270 00:44:58,260 --> 00:44:59,969 identity of that person, you can identify 1271 00:44:59,970 --> 00:45:02,009 that it's that person's burner phone. 1272 00:45:02,010 --> 00:45:04,079 And even for the stationary case, for 1273 00:45:04,080 --> 00:45:06,749 example, leave the burner phone at home, 1274 00:45:06,750 --> 00:45:08,279 the burner phone has a very distinct 1275 00:45:08,280 --> 00:45:09,989 communication pattern because you 1276 00:45:09,990 --> 00:45:11,669 essentially just communicate to one 1277 00:45:11,670 --> 00:45:14,069 person, which is extremely unusual. 1278 00:45:14,070 --> 00:45:16,019 So together with the location in, you 1279 00:45:16,020 --> 00:45:17,279 know, for example, OK, the person's 1280 00:45:17,280 --> 00:45:19,409 living, let's say, in the radius of a 1281 00:45:19,410 --> 00:45:21,389 kilometer or something, but you have 1282 00:45:21,390 --> 00:45:23,219 these special phones that only talk to 1283 00:45:23,220 --> 00:45:24,989 one person. 1284 00:45:24,990 --> 00:45:27,449 So I don't think there is a good scenario 1285 00:45:27,450 --> 00:45:29,069 for burner phone should be avoided. 1286 00:45:29,070 --> 00:45:31,169 I would just say that on burner 1287 00:45:31,170 --> 00:45:33,179 phones that it depends on your threat 1288 00:45:33,180 --> 00:45:35,249 model. Right. For a state actor 1289 00:45:35,250 --> 00:45:37,199 who can see the whole cell network, 1290 00:45:37,200 --> 00:45:38,039 you're completely right. 1291 00:45:38,040 --> 00:45:40,289 I wouldn't recommend burner phones, but 1292 00:45:40,290 --> 00:45:42,059 I was using a burner phone in this 1293 00:45:42,060 --> 00:45:43,529 particular instance for a corporate 1294 00:45:43,530 --> 00:45:45,059 source. Right. And I don't think his 1295 00:45:45,060 --> 00:45:47,279 company was going to be able to get 1296 00:45:47,280 --> 00:45:49,559 the cell companies to give up 1297 00:45:49,560 --> 00:45:50,489 that information. 1298 00:45:50,490 --> 00:45:52,799 I wanted him just to not use his 1299 00:45:52,800 --> 00:45:54,839 corporate paid cell phone, which is what 1300 00:45:54,840 --> 00:45:56,999 he previously was using to talk to me. 1301 00:45:57,000 --> 00:45:58,499 Right. So it depends on your threat 1302 00:45:58,500 --> 00:46:00,599 model. For some people, a burner 1303 00:46:00,600 --> 00:46:01,919 could be fine. 1304 00:46:01,920 --> 00:46:02,920 OK, thanks. 1305 00:46:04,500 --> 00:46:06,719 Thank you. So let's get a question 1306 00:46:06,720 --> 00:46:07,770 from the Internet. 1307 00:46:13,300 --> 00:46:15,639 Can you give the can you activate 1308 00:46:15,640 --> 00:46:17,949 the microphone now it's activated. 1309 00:46:17,950 --> 00:46:19,059 Hello? 1310 00:46:19,060 --> 00:46:21,519 Well, there are a thousand questions 1311 00:46:21,520 --> 00:46:23,679 on the IOC channel, and 1312 00:46:23,680 --> 00:46:25,839 I hope it can at least relay a few of 1313 00:46:25,840 --> 00:46:26,799 them. 1314 00:46:26,800 --> 00:46:28,869 Well, a lot of them are going 1315 00:46:28,870 --> 00:46:31,389 about training for journalists, like 1316 00:46:31,390 --> 00:46:33,459 are there any 1317 00:46:33,460 --> 00:46:36,099 journalism schools or universities 1318 00:46:36,100 --> 00:46:37,749 that are teaching crypto as an 1319 00:46:37,750 --> 00:46:38,750 obligatory. 1320 00:46:40,000 --> 00:46:41,709 Yeah. Basic skill? 1321 00:46:41,710 --> 00:46:44,559 Or what can a technical 1322 00:46:44,560 --> 00:46:46,749 journalism journalist do 1323 00:46:46,750 --> 00:46:49,119 to learn more of 1324 00:46:49,120 --> 00:46:51,219 their fellow students 1325 00:46:51,220 --> 00:46:53,649 into some crypto parties? 1326 00:46:53,650 --> 00:46:54,760 And also. 1327 00:46:56,860 --> 00:46:57,159 Yeah. 1328 00:46:57,160 --> 00:46:59,229 How many days or weeks or 1329 00:46:59,230 --> 00:47:00,909 years do it? 1330 00:47:00,910 --> 00:47:02,829 Does a journalist in your experience, 1331 00:47:02,830 --> 00:47:04,899 need to really also get the 1332 00:47:04,900 --> 00:47:07,149 point of encryption or a secure 1333 00:47:07,150 --> 00:47:09,579 communication to be also comfortable 1334 00:47:09,580 --> 00:47:11,649 with it? So this is all about 1335 00:47:11,650 --> 00:47:13,119 this huge field. 1336 00:47:14,140 --> 00:47:16,239 I mean, I know journalism schools 1337 00:47:16,240 --> 00:47:18,579 up to five years ago, like their prime 1338 00:47:18,580 --> 00:47:20,889 technological feat, besides doing, 1339 00:47:20,890 --> 00:47:22,779 as we would call beat reporting, was 1340 00:47:22,780 --> 00:47:25,359 teaching people how to use Adobe Flash 1341 00:47:25,360 --> 00:47:27,489 and like that, tick the box with 1342 00:47:27,490 --> 00:47:29,019 like the technology that needed to be 1343 00:47:29,020 --> 00:47:31,419 learned. And and again, 1344 00:47:31,420 --> 00:47:33,399 maybe it's an old dog, new tricks thing. 1345 00:47:33,400 --> 00:47:34,569 Or people have been in the business and 1346 00:47:34,570 --> 00:47:36,099 they're like this crypto thing. 1347 00:47:36,100 --> 00:47:37,449 I mean, those include journalism 1348 00:47:37,450 --> 00:47:39,449 professors who never had to use this, 1349 00:47:39,450 --> 00:47:40,689 never had to face this reality. 1350 00:47:42,460 --> 00:47:44,599 I know Columbia University has a 1351 00:47:44,600 --> 00:47:46,539 computational journalism track. 1352 00:47:46,540 --> 00:47:48,519 I know there's been I'm not the expert on 1353 00:47:48,520 --> 00:47:49,899 this. Maybe somebody else says, I know 1354 00:47:49,900 --> 00:47:51,909 that this has been at least a discussion 1355 00:47:51,910 --> 00:47:53,319 in, like the American journalism 1356 00:47:53,320 --> 00:47:55,419 education community about, you know, it's 1357 00:47:55,420 --> 00:47:57,639 not just the crypto to it's, you know, 1358 00:47:57,640 --> 00:47:59,469 digital public records requests and 1359 00:47:59,470 --> 00:48:01,839 analyzing, you know, big data, 1360 00:48:01,840 --> 00:48:03,849 you know, how to pass through it. 1361 00:48:03,850 --> 00:48:05,289 All these sorts of things that, you know, 1362 00:48:05,290 --> 00:48:07,419 that that go beyond the, you know, 1363 00:48:07,420 --> 00:48:09,639 notebook assisted reporting of 1364 00:48:09,640 --> 00:48:10,599 days of yore. 1365 00:48:10,600 --> 00:48:12,669 You know, and and I I'm 1366 00:48:12,670 --> 00:48:14,619 sure that's a discussion somewhere. 1367 00:48:14,620 --> 00:48:16,659 So I'm working with the Columbia 1368 00:48:16,660 --> 00:48:18,069 Journalism School right now. 1369 00:48:18,070 --> 00:48:19,999 Actually, I'm writing a chapter for their 1370 00:48:20,000 --> 00:48:22,269 book that's coming out on what types 1371 00:48:22,270 --> 00:48:24,489 of techniques journalists can use. 1372 00:48:24,490 --> 00:48:27,729 And they are beefing up their 1373 00:48:27,730 --> 00:48:29,799 crypto programs, but it's 1374 00:48:29,800 --> 00:48:31,059 not mandatory. 1375 00:48:31,060 --> 00:48:33,129 And the truth is 1376 00:48:33,130 --> 00:48:35,769 that there's a lot of confusion 1377 00:48:35,770 --> 00:48:38,169 out there about what are the best crypto 1378 00:48:38,170 --> 00:48:39,039 tools. 1379 00:48:39,040 --> 00:48:41,229 And there's one 1380 00:48:41,230 --> 00:48:42,909 thing that's upsetting to me is that 1381 00:48:42,910 --> 00:48:44,649 there are you know, every day I get an 1382 00:48:44,650 --> 00:48:46,809 email from a new crypto program and 1383 00:48:46,810 --> 00:48:49,509 some of them are not really as encrypted 1384 00:48:49,510 --> 00:48:50,679 as they seem. 1385 00:48:50,680 --> 00:48:52,839 And so I think there's a lot of confusion 1386 00:48:52,840 --> 00:48:54,639 in the regular public about what they 1387 00:48:54,640 --> 00:48:56,919 should use, which is why and 1388 00:48:56,920 --> 00:48:58,959 you guys probably already know know all 1389 00:48:58,960 --> 00:49:01,269 this, but essentially I did a ranking 1390 00:49:01,270 --> 00:49:03,759 with F of crypto tools 1391 00:49:03,760 --> 00:49:05,859 on seven criteria just to provide 1392 00:49:05,860 --> 00:49:07,269 some sort of benchmark of what people 1393 00:49:07,270 --> 00:49:09,549 might think we might consider actually 1394 00:49:09,550 --> 00:49:10,550 safe. 1395 00:49:12,750 --> 00:49:15,029 Thank you, so microphone three, 1396 00:49:15,030 --> 00:49:16,109 please. 1397 00:49:16,110 --> 00:49:18,839 Hello. Thank you very much for your talk. 1398 00:49:18,840 --> 00:49:21,329 I want to raise a question about 1399 00:49:21,330 --> 00:49:23,489 a power structure that was not part of 1400 00:49:23,490 --> 00:49:24,989 the discussion so far. 1401 00:49:24,990 --> 00:49:27,449 I once gave a party at a big 1402 00:49:27,450 --> 00:49:29,369 Dutch News Corporation for the Dutch 1403 00:49:29,370 --> 00:49:31,539 people in the office, and 1404 00:49:31,540 --> 00:49:33,179 the journalists were super enthusiastic. 1405 00:49:33,180 --> 00:49:34,469 They want to get started right away. 1406 00:49:34,470 --> 00:49:36,209 And I said, OK, let's get started with 1407 00:49:36,210 --> 00:49:36,859 installing Thor. 1408 00:49:36,860 --> 00:49:38,729 And we are not allowed to do that on our 1409 00:49:38,730 --> 00:49:40,199 machines. 1410 00:49:40,200 --> 00:49:42,269 But luckily, there were some tech people 1411 00:49:42,270 --> 00:49:44,159 and I was in the room and and we looked 1412 00:49:44,160 --> 00:49:45,299 at them like, can you help them out? 1413 00:49:45,300 --> 00:49:46,449 Can you give them permission? 1414 00:49:46,450 --> 00:49:48,509 Is that we could, but we're not 1415 00:49:48,510 --> 00:49:49,799 allowed because it's not part of our 1416 00:49:49,800 --> 00:49:52,229 budget to install this and everything's 1417 00:49:52,230 --> 00:49:53,669 actually closed down. And if we change 1418 00:49:53,670 --> 00:49:55,529 anything, it will all fall together and 1419 00:49:55,530 --> 00:49:56,759 looked kind of panicked. 1420 00:49:56,760 --> 00:49:58,589 And then it turned out the management had 1421 00:49:58,590 --> 00:50:00,179 to come in, but they were nowhere to be 1422 00:50:00,180 --> 00:50:02,309 found. And that seemed and maybe 1423 00:50:02,310 --> 00:50:04,049 you can relate to that in a lot of News 1424 00:50:04,050 --> 00:50:06,119 Corp, there's this management 1425 00:50:06,120 --> 00:50:08,669 layer that in the end needs to be 1426 00:50:08,670 --> 00:50:10,929 like part of this whole transition into, 1427 00:50:10,930 --> 00:50:12,239 like, secure communication. 1428 00:50:13,320 --> 00:50:15,019 Yeah, yeah. 1429 00:50:16,110 --> 00:50:17,999 That's a that's a really, really, really 1430 00:50:18,000 --> 00:50:20,369 great question, because 1431 00:50:20,370 --> 00:50:22,859 having worked for American news companies 1432 00:50:22,860 --> 00:50:25,619 where they are cut to the bone, 1433 00:50:25,620 --> 00:50:27,059 that is a very real concern. 1434 00:50:27,060 --> 00:50:28,619 I mean, you have almost two parts I would 1435 00:50:28,620 --> 00:50:30,869 say are two sort of 1436 00:50:30,870 --> 00:50:32,849 issues. One is the money issue, 1437 00:50:35,190 --> 00:50:36,809 because, you know, from an I mean, you 1438 00:50:36,810 --> 00:50:37,799 know, from a newsroom point of view, 1439 00:50:37,800 --> 00:50:39,509 we're like, well, it's a great source. 1440 00:50:39,510 --> 00:50:41,639 Let's do it, you know, pay any cost, 1441 00:50:41,640 --> 00:50:43,379 bear any burden. We're going to do it. 1442 00:50:43,380 --> 00:50:45,059 But then they're like, no, we only have X 1443 00:50:45,060 --> 00:50:47,129 amount for fiscal year, whatever. 1444 00:50:47,130 --> 00:50:49,289 And by the way, our exchange mail servers 1445 00:50:49,290 --> 00:50:50,759 are basically smoking. 1446 00:50:50,760 --> 00:50:52,139 You can see one smoking. 1447 00:50:52,140 --> 00:50:53,519 That's where the money has to go right 1448 00:50:53,520 --> 00:50:55,139 now. The other one is to. 1449 00:50:56,250 --> 00:50:57,749 Yeah, exactly. And that's the 1450 00:50:57,750 --> 00:51:00,179 counterargument to that is it doesn't 1451 00:51:00,180 --> 00:51:01,559 and it's not what they're used to. 1452 00:51:01,560 --> 00:51:03,179 They're not used to doing this. 1453 00:51:03,180 --> 00:51:05,219 And so at least that the success that 1454 00:51:05,220 --> 00:51:06,689 we've had or I've had in some news 1455 00:51:06,690 --> 00:51:09,059 organizations, others have either as 1456 00:51:09,060 --> 00:51:11,249 well, is sort of the 1457 00:51:11,250 --> 00:51:13,439 and now general investor Matt 1458 00:51:13,440 --> 00:51:15,959 Waite used to be a reporter and Florida 1459 00:51:15,960 --> 00:51:17,729 has this thing called demos, not memos 1460 00:51:17,730 --> 00:51:19,889 like do this organic from the bottom up 1461 00:51:19,890 --> 00:51:21,239 and sort of show how it works. 1462 00:51:21,240 --> 00:51:23,249 Do you a test case, you know, use free 1463 00:51:23,250 --> 00:51:25,619 software, use TOR, you know, 1464 00:51:25,620 --> 00:51:27,489 use the Tor browser, the IP checking 1465 00:51:27,490 --> 00:51:28,589 thing that I was taught, whatever you 1466 00:51:28,590 --> 00:51:30,389 want to use. And then people sort of have 1467 00:51:30,390 --> 00:51:32,069 these little epiphanies like, oh, OK, 1468 00:51:32,070 --> 00:51:33,059 that makes sense. 1469 00:51:33,060 --> 00:51:35,129 And then that, you know, and 1470 00:51:35,130 --> 00:51:36,719 I've seen it happen even very recently, 1471 00:51:36,720 --> 00:51:38,459 it starts bubbling up to the top. 1472 00:51:38,460 --> 00:51:39,989 You know, combined with the other news 1473 00:51:39,990 --> 00:51:42,359 just in general about how, you know, 1474 00:51:42,360 --> 00:51:44,369 the government is basically looking over 1475 00:51:44,370 --> 00:51:46,829 our shoulder and, you know, ideally 1476 00:51:46,830 --> 00:51:47,969 that starts to collide. 1477 00:51:47,970 --> 00:51:49,889 And, you know, the selling point for them 1478 00:51:49,890 --> 00:51:52,349 is like Tor, it's our tails, 1479 00:51:52,350 --> 00:51:54,579 it's free. You know, the cost of a DVD. 1480 00:51:54,580 --> 00:51:57,149 I'll I'll give you a ten on the house. 1481 00:51:57,150 --> 00:51:59,369 Just download it, you know, and I think 1482 00:51:59,370 --> 00:52:01,559 it's just just a different mindset 1483 00:52:01,560 --> 00:52:02,639 that they're not used to, just like 1484 00:52:02,640 --> 00:52:03,629 reporters are used to. 1485 00:52:03,630 --> 00:52:03,779 Yeah. 1486 00:52:03,780 --> 00:52:05,249 But also I mean, there's a problem with 1487 00:52:05,250 --> 00:52:07,109 it departments in newsrooms being total 1488 00:52:07,110 --> 00:52:08,729 control freaks and not letting anyone 1489 00:52:08,730 --> 00:52:09,869 touch any machines. 1490 00:52:09,870 --> 00:52:12,179 And that's just not about cost or or, 1491 00:52:12,180 --> 00:52:13,709 you know, not understanding how it works. 1492 00:52:13,710 --> 00:52:15,899 They're just, you know, not don't 1493 00:52:15,900 --> 00:52:17,189 want anyone touching any machine. 1494 00:52:17,190 --> 00:52:18,989 And they want to keep access to every 1495 00:52:18,990 --> 00:52:20,339 machine that goes out of a newsroom. 1496 00:52:20,340 --> 00:52:21,509 And that just needs to stop. 1497 00:52:21,510 --> 00:52:23,819 I mean, I think I was at Democracy 1498 00:52:23,820 --> 00:52:25,889 Now and and and 1499 00:52:25,890 --> 00:52:28,019 Jake was trying to install Otara 1500 00:52:28,020 --> 00:52:29,399 and someone's you know, he said, oh, you 1501 00:52:29,400 --> 00:52:30,959 should have Otara so we can talk. 1502 00:52:30,960 --> 00:52:33,509 And he started to install it and 1503 00:52:33,510 --> 00:52:35,699 that kind of freaked out it person 1504 00:52:35,700 --> 00:52:37,109 came into the room is like, what are you 1505 00:52:37,110 --> 00:52:38,159 doing to this computer? 1506 00:52:38,160 --> 00:52:39,989 So they were they were actually they were 1507 00:52:39,990 --> 00:52:41,879 able to know that that was happening. 1508 00:52:41,880 --> 00:52:42,989 That's sort of fucked up. 1509 00:52:42,990 --> 00:52:45,039 And it'd be then why would you ever stop 1510 00:52:45,040 --> 00:52:45,349 that? 1511 00:52:45,350 --> 00:52:47,459 And it's funny because then people do the 1512 00:52:47,460 --> 00:52:49,349 work arounds, right? Like I was in a news 1513 00:52:49,350 --> 00:52:51,959 organization once where I, I 1514 00:52:51,960 --> 00:52:52,919 couldn't it was locked down 1515 00:52:52,920 --> 00:52:54,239 administratively. I could install 1516 00:52:54,240 --> 00:52:56,339 anything. So I just brought in my home, 1517 00:52:56,340 --> 00:52:58,569 my my whatever power about whatever 1518 00:52:58,570 --> 00:52:59,489 it was at the time. 1519 00:52:59,490 --> 00:53:01,169 And I installed it and they were so 1520 00:53:01,170 --> 00:53:02,669 concerned about security, security, 1521 00:53:02,670 --> 00:53:04,289 security. But then I just took the 1522 00:53:04,290 --> 00:53:06,479 Ethernet cable and just bam right 1523 00:53:06,480 --> 00:53:08,129 into the wall and got right onto the 1524 00:53:08,130 --> 00:53:10,259 network. I'm like, OK, so 1525 00:53:10,260 --> 00:53:11,549 like on one end we're concerned about 1526 00:53:11,550 --> 00:53:12,719 security here, but I'm here. 1527 00:53:12,720 --> 00:53:13,889 I can. It's no problem. 1528 00:53:13,890 --> 00:53:14,890 OK, 1529 00:53:16,290 --> 00:53:17,939 thank you. Another question from the 1530 00:53:17,940 --> 00:53:19,269 Internet, please. 1531 00:53:19,270 --> 00:53:19,979 Yeah. 1532 00:53:19,980 --> 00:53:22,619 As I just touched the 1533 00:53:22,620 --> 00:53:25,049 journalists, I now go to developers 1534 00:53:25,050 --> 00:53:26,939 as the target group. 1535 00:53:26,940 --> 00:53:29,819 So what tools 1536 00:53:29,820 --> 00:53:32,279 would you need or would other 1537 00:53:32,280 --> 00:53:33,959 journalists need that open source 1538 00:53:33,960 --> 00:53:36,029 developers can develop 1539 00:53:36,030 --> 00:53:38,009 and make better? 1540 00:53:38,010 --> 00:53:40,199 And like what features are 1541 00:53:40,200 --> 00:53:42,359 really most important to you 1542 00:53:42,360 --> 00:53:44,459 to help you make your 1543 00:53:44,460 --> 00:53:45,460 job? 1544 00:53:50,250 --> 00:53:52,799 I think that actually 1545 00:53:52,800 --> 00:53:55,079 investment in GPG itself 1546 00:53:55,080 --> 00:53:57,209 would be great, because I love the 1547 00:53:57,210 --> 00:53:59,549 fact of the public key infrastructure, 1548 00:53:59,550 --> 00:54:01,679 the fact that you and your source don't 1549 00:54:01,680 --> 00:54:02,680 have to 1550 00:54:04,740 --> 00:54:05,969 don't have to know each other. 1551 00:54:05,970 --> 00:54:06,209 Right. 1552 00:54:06,210 --> 00:54:08,279 Because if you if somebody reaches out to 1553 00:54:08,280 --> 00:54:09,899 you the way that Snowden reached out to 1554 00:54:09,900 --> 00:54:12,119 Laura, he there was a way, even 1555 00:54:12,120 --> 00:54:14,279 though it's clunky, it seems to me 1556 00:54:14,280 --> 00:54:16,349 that that method of sort of 1557 00:54:16,350 --> 00:54:18,719 overcoming that first date problem 1558 00:54:18,720 --> 00:54:21,089 of finding somebody and verifying 1559 00:54:21,090 --> 00:54:23,039 them in a public way is still sort of our 1560 00:54:23,040 --> 00:54:23,909 best hope. 1561 00:54:23,910 --> 00:54:25,679 Those are the sources that we want to 1562 00:54:25,680 --> 00:54:28,049 attract to us, is 1563 00:54:28,050 --> 00:54:29,969 somebody who just thinks they might want 1564 00:54:29,970 --> 00:54:30,839 to share something. 1565 00:54:30,840 --> 00:54:33,209 And if we could make that easier, 1566 00:54:33,210 --> 00:54:35,519 I would be really in favor of that. 1567 00:54:35,520 --> 00:54:37,649 I still use GBG much 1568 00:54:37,650 --> 00:54:40,019 more than I use any other tool, despite 1569 00:54:40,020 --> 00:54:42,509 my constant frustrations 1570 00:54:42,510 --> 00:54:43,229 with it. 1571 00:54:43,230 --> 00:54:45,269 Yeah, I mean, I would just echo again 1572 00:54:45,270 --> 00:54:47,459 what Julia said earlier about tales and 1573 00:54:47,460 --> 00:54:48,900 what and what a great 1574 00:54:51,030 --> 00:54:53,159 device that is for us to do the work. 1575 00:54:53,160 --> 00:54:54,989 Because what I found when I started doing 1576 00:54:54,990 --> 00:54:56,819 the reporting then it wasn't just me who 1577 00:54:56,820 --> 00:54:58,319 needed it. But then you have a circle of 1578 00:54:58,320 --> 00:54:59,879 people who you're also reporting with 1579 00:54:59,880 --> 00:55:01,319 that you have to bring up to speed. 1580 00:55:01,320 --> 00:55:02,969 And you could actually, you know, I ended 1581 00:55:02,970 --> 00:55:04,349 up making a lot of tale's disks and 1582 00:55:04,350 --> 00:55:06,419 circulating them to people so that I 1583 00:55:06,420 --> 00:55:08,069 had people in my circle that I needed to 1584 00:55:08,070 --> 00:55:09,929 talk to and that was became, you know, 1585 00:55:09,930 --> 00:55:10,919 relatively large. 1586 00:55:10,920 --> 00:55:13,379 And to have a tool that actually is 1587 00:55:13,380 --> 00:55:15,899 sending things by default with encryption 1588 00:55:15,900 --> 00:55:17,339 that that you can just say, here's a 1589 00:55:17,340 --> 00:55:19,529 computer, this is how you find me, 1590 00:55:19,530 --> 00:55:21,629 was the most valuable tool for doing 1591 00:55:21,630 --> 00:55:22,630 this reporting. 1592 00:55:24,400 --> 00:55:26,619 Thank you, so microphone 1593 00:55:26,620 --> 00:55:27,620 four, please. 1594 00:55:28,540 --> 00:55:29,589 Good. 1595 00:55:29,590 --> 00:55:31,179 So I just wanted to make a couple of 1596 00:55:31,180 --> 00:55:33,279 comments, positive comments about the use 1597 00:55:33,280 --> 00:55:34,280 of burner phones. 1598 00:55:35,590 --> 00:55:37,719 Ideally, both 1599 00:55:37,720 --> 00:55:39,819 parties will have a burner phone that 1600 00:55:39,820 --> 00:55:42,069 was bought in cash from a brand 1601 00:55:42,070 --> 00:55:43,839 where you don't have to show I.D. 1602 00:55:43,840 --> 00:55:46,359 and you don't have to deal with a human. 1603 00:55:46,360 --> 00:55:48,549 In the US, these are track phones usually 1604 00:55:48,550 --> 00:55:50,709 where you just go into a 1605 00:55:50,710 --> 00:55:52,179 convenience store or something like that. 1606 00:55:52,180 --> 00:55:54,579 You buy something in cash, you buy some 1607 00:55:54,580 --> 00:55:55,929 minutes that you add onto there 1608 00:55:57,070 --> 00:55:58,179 and that's that. 1609 00:55:58,180 --> 00:56:00,279 OK, so ideally, as the first 1610 00:56:00,280 --> 00:56:02,469 comment actually pointed out, is that if 1611 00:56:02,470 --> 00:56:03,909 you're carrying these around all the 1612 00:56:03,910 --> 00:56:06,039 time, the social graph, it 1613 00:56:06,040 --> 00:56:07,659 becomes very easy because, you know, 1614 00:56:07,660 --> 00:56:08,770 Julia's social graph 1615 00:56:10,210 --> 00:56:12,309 calls she's making, where she's at, which 1616 00:56:12,310 --> 00:56:14,409 cell tower she's hitting will match up 1617 00:56:14,410 --> 00:56:16,269 identically with her burner phone. 1618 00:56:16,270 --> 00:56:18,579 And that's absolutely not what you want. 1619 00:56:18,580 --> 00:56:20,469 Ideally, you would want to have a set 1620 00:56:20,470 --> 00:56:22,779 time where you have your battery 1621 00:56:22,780 --> 00:56:24,999 into the phone and all other times it's 1622 00:56:25,000 --> 00:56:26,199 off on both ends. 1623 00:56:26,200 --> 00:56:28,419 So if you say, you know, Saturday from 1624 00:56:28,420 --> 00:56:30,609 seven to nine every week, please put 1625 00:56:30,610 --> 00:56:31,539 your battery in the phone. 1626 00:56:31,540 --> 00:56:33,729 If I don't call, OK, if I do call, 1627 00:56:33,730 --> 00:56:35,979 OK. And all of the times 1628 00:56:35,980 --> 00:56:37,000 just keep it unplugged. 1629 00:56:38,110 --> 00:56:39,849 And that's a really good way to ensure 1630 00:56:39,850 --> 00:56:41,919 that, you know, hopefully you're both 1631 00:56:41,920 --> 00:56:43,629 making calls outside of the house. 1632 00:56:43,630 --> 00:56:45,969 So maybe it's even slightly less 1633 00:56:47,020 --> 00:56:48,579 trackable. But also, if you're in a big 1634 00:56:48,580 --> 00:56:49,779 city like New York, it doesn't necessarily 1635 00:56:49,780 --> 00:56:51,309 matter. This is also what drug dealers 1636 00:56:51,310 --> 00:56:53,049 do. You might recognize this method from 1637 00:56:53,050 --> 00:56:54,050 there. 1638 00:56:54,670 --> 00:56:56,649 I'm super excited to meet the source 1639 00:56:56,650 --> 00:56:57,969 who's going to comply with those 1640 00:56:57,970 --> 00:56:59,169 directions. 1641 00:56:59,170 --> 00:57:00,909 Please put your battery on this phone 1642 00:57:00,910 --> 00:57:03,459 from seven to nine on Saturday. 1643 00:57:03,460 --> 00:57:04,929 I'm sure that person is out there. 1644 00:57:09,040 --> 00:57:10,989 All right, another question from the 1645 00:57:10,990 --> 00:57:12,289 Internet, please. 1646 00:57:12,290 --> 00:57:14,409 Following up on this, like, 1647 00:57:14,410 --> 00:57:16,089 what should it suicide do? 1648 00:57:16,090 --> 00:57:18,219 What is the most sensible way 1649 00:57:18,220 --> 00:57:19,869 to contact a journalist? 1650 00:57:19,870 --> 00:57:22,089 And what, in your experience, are the 1651 00:57:22,090 --> 00:57:24,549 typical and maybe most fatal 1652 00:57:24,550 --> 00:57:25,929 mistakes they make? 1653 00:57:31,910 --> 00:57:32,910 It's a great question. 1654 00:57:33,800 --> 00:57:35,899 You know, it depends 1655 00:57:35,900 --> 00:57:38,959 on how secure you want to be. 1656 00:57:38,960 --> 00:57:41,299 It's very difficult to make first contact 1657 00:57:41,300 --> 00:57:43,999 without using the journalists existing 1658 00:57:44,000 --> 00:57:46,369 email address. So you are going to have 1659 00:57:46,370 --> 00:57:48,739 some or 1660 00:57:48,740 --> 00:57:50,389 some known way to reach them. 1661 00:57:50,390 --> 00:57:52,249 I actually advise people to use the 1662 00:57:52,250 --> 00:57:54,169 postal mail. 1663 00:57:54,170 --> 00:57:55,579 No return address. 1664 00:57:55,580 --> 00:57:58,009 And I read my mail. 1665 00:57:58,010 --> 00:57:58,999 I get it. 1666 00:57:59,000 --> 00:58:00,589 I get a lot of mail. 1667 00:58:00,590 --> 00:58:02,119 Most of it is an interesting, but some of 1668 00:58:02,120 --> 00:58:03,049 it's really interesting. 1669 00:58:03,050 --> 00:58:05,899 And then you can put a disposable 1670 00:58:05,900 --> 00:58:08,179 email address in there or a phone number 1671 00:58:08,180 --> 00:58:10,609 and I will reach out. 1672 00:58:10,610 --> 00:58:12,949 I think it's an underestimated tool. 1673 00:58:19,170 --> 00:58:21,359 Yeah, yeah, and you get you get 1674 00:58:21,360 --> 00:58:23,509 I mean, I get letters all the time from 1675 00:58:23,510 --> 00:58:25,219 that, all the time, but from people who 1676 00:58:25,220 --> 00:58:26,719 do want to make that first contact, if I 1677 00:58:26,720 --> 00:58:28,069 haven't already met them at a previous 1678 00:58:28,070 --> 00:58:30,049 social occasion, I mean, again, this is 1679 00:58:30,050 --> 00:58:31,399 very specific to Washington because 1680 00:58:31,400 --> 00:58:32,899 everybody talks to everyone. 1681 00:58:32,900 --> 00:58:34,969 But I mean, then they will send me 1682 00:58:34,970 --> 00:58:36,979 a note and, you know, ask me in touch 1683 00:58:36,980 --> 00:58:37,980 with them, I guess. 1684 00:58:39,710 --> 00:58:41,999 We have time for two quick questions, 1685 00:58:42,000 --> 00:58:43,909 so first, microphone one, please. 1686 00:58:45,120 --> 00:58:47,369 Regarding the request for encrypted 1687 00:58:47,370 --> 00:58:49,769 video, the Magic Lantern Project, 1688 00:58:49,770 --> 00:58:51,899 which is a opensource firmware 1689 00:58:51,900 --> 00:58:54,299 for the Canon SLR cameras, 1690 00:58:54,300 --> 00:58:56,969 already supports RSA encryption of 1691 00:58:56,970 --> 00:58:59,069 the still images, but not yet the 1692 00:58:59,070 --> 00:59:00,199 video. 1693 00:59:00,200 --> 00:59:02,039 But if you reach out to us, we'd be happy 1694 00:59:02,040 --> 00:59:03,479 to talk about whether or not that's a 1695 00:59:03,480 --> 00:59:04,679 possibility. 1696 00:59:04,680 --> 00:59:06,159 That's fantastic. Thank you. 1697 00:59:06,160 --> 00:59:07,160 Thank. 1698 00:59:14,890 --> 00:59:16,899 OK, that was more of a comment and a 1699 00:59:16,900 --> 00:59:17,799 question, but thank you. 1700 00:59:17,800 --> 00:59:20,259 So microphone three, last question, 1701 00:59:20,260 --> 00:59:21,189 please. 1702 00:59:21,190 --> 00:59:23,739 As you mentioned, circulation 1703 00:59:23,740 --> 00:59:25,030 problem and 1704 00:59:26,140 --> 00:59:27,399 thank you. 1705 00:59:27,400 --> 00:59:30,129 So what would you think of 1706 00:59:30,130 --> 00:59:32,439 systems which basically allow 1707 00:59:32,440 --> 00:59:34,989 you to set up a passphrase 1708 00:59:34,990 --> 00:59:37,539 and encryption passwords, which 1709 00:59:37,540 --> 00:59:40,359 are basically a fake one, which would 1710 00:59:40,360 --> 00:59:43,119 make sure that are definitely unusable 1711 00:59:44,140 --> 00:59:45,820 if you ever use it? 1712 00:59:48,980 --> 00:59:51,319 Is it actually a good solution 1713 00:59:51,320 --> 00:59:54,079 for the question issue? 1714 00:59:54,080 --> 00:59:55,909 You mean that would destroy your data? 1715 00:59:55,910 --> 00:59:58,399 Like if you get hand over this password, 1716 00:59:58,400 --> 00:59:59,539 it would destroy everything? Is that what 1717 00:59:59,540 --> 01:00:01,279 you're saying? Yeah. 1718 01:00:01,280 --> 01:00:04,159 I mean, in the context of the UK, 1719 01:00:04,160 --> 01:00:06,889 that would probably be something that 1720 01:00:06,890 --> 01:00:08,959 because I think they can hold you if you 1721 01:00:08,960 --> 01:00:11,089 don't if you don't comply with that, it 1722 01:00:11,090 --> 01:00:12,229 depends on the context. 1723 01:00:12,230 --> 01:00:14,449 But I think that would, I think, 1724 01:00:14,450 --> 01:00:16,219 be very valuable. 1725 01:00:16,220 --> 01:00:17,239 I don't know 1726 01:00:18,800 --> 01:00:19,800 if it's been done. 1727 01:00:24,310 --> 01:00:25,599 Would you guys do such a thing? 1728 01:00:26,680 --> 01:00:27,759 I would love to have such a thing. 1729 01:00:27,760 --> 01:00:29,769 I think it's fun to have the idea of the 1730 01:00:29,770 --> 01:00:32,079 escape handle like stop 1731 01:00:32,080 --> 01:00:32,529 the train. 1732 01:00:32,530 --> 01:00:33,339 Right. 1733 01:00:33,340 --> 01:00:35,439 Because then also I would sort of feel 1734 01:00:35,440 --> 01:00:38,289 maybe better about bringing my 1735 01:00:38,290 --> 01:00:40,359 devices over the border if I could 1736 01:00:40,360 --> 01:00:42,729 feel very confident that I could destroy 1737 01:00:42,730 --> 01:00:43,810 it at a moment's notice. 1738 01:00:44,860 --> 01:00:47,019 Was it Hillary Clinton advocating 1739 01:00:47,020 --> 01:00:48,429 for like a kill switch, knowing what was 1740 01:00:48,430 --> 01:00:49,749 there? There was a kill switch idea, but 1741 01:00:49,750 --> 01:00:51,009 that was something else. Never mind. 1742 01:00:51,010 --> 01:00:53,319 Yeah, I'm pretty sure if you've already 1743 01:00:53,320 --> 01:00:55,479 had a legal demand, that would be a risk 1744 01:00:55,480 --> 01:00:57,549 of contempt of court to use such a 1745 01:00:57,550 --> 01:00:58,550 thing, right? 1746 01:01:00,280 --> 01:01:01,479 Yeah. 1747 01:01:01,480 --> 01:01:03,399 OK, then we're finished. 1748 01:01:03,400 --> 01:01:04,629 Thank you very much. 1749 01:01:04,630 --> 01:01:06,489 Give them again the warm applause.