privacy is an illusion

and youre all losers

or how 1984 was a manual for our panopticon society
!
By Cain Ransbottyn - @ransbottyn
 End of privacy

9/11 attacks invigorated the

concept of terrorist threats

Post 9/11 there was a strong

and understandable argument
to prioritise security
 End of civil liberties
New word: asymmetrical
threats

Actually means: please give

up your civil liberties, in 2001
55% US citizens were pro; in
2011 only 40% (and
declining).

Patriot Act changed the world

for good
 So, terrorism huh ?
systematic use of violent
terror as a means of
coercion

violent acts which are

intended to create fear
(terror)

perpetrated for a religious,

political, or ideological goal

deliberately target or
disregard the safety of non-
combatants (civilians)
Global terrorist threat map
Data of 2010. Seems legit.
Year on year doubling in surveillance
budget since the Patriot Act
Except for 2013, then there was a dark budget of US$ 52,6B
 Fear. Uncertainty. Doubt.
Instilling fear is a premise for
coercion. But to whom ?

23,589
Mass media works as a
catalyst to bring fear in the
homes of citizens.

We all are very shitty at threat

and risk assessments. Pigs or 40
sharks ?

Or terrorist attacks ?
13,200

* 2010 facts and figures worldwide

Are we really capable of
understanding the real
threat level ?
Please demonstrate you can spot a rhetorical question when you see one
 The convenience of circular
logic
Govt: Were using
surveillance so we can
prevent terrorist attacks
You: I dont see any terrorist
threat or attack
Govt: Awesome stuff, hey ?

Him: Im using this repellent to

scare away elephants.
You: But I dont see any
elephants.
Him: Awesome stuff, hey ?
quis custodiet ipsos
custodes ?
 Total Information
Awareness
The 2002 - 2003 program that began a data mining project, following warantless surveillance decision in 2002
PRISM, XKeyScore, Tempora
!
Thank you Microsoft, Facebook, Yahoo!, Google, Paltalk, YouTube, AOL,
Apple, Skype

Snowden leaks the post 2007 surveillance industry is much worse than anyone could have imagined
 The rise of private
intelligence agencies
The welcome gift of social
networks

The thankful adoption rate of

smart phones

The cloud as the ultimate data

gathering extension to
governments

The phone operators remain a

loyal friend

The overt investment strategy of

In-Q-Tel
The In-Q-Tel investment firm
Founded 1999 as not-for-profit
venture capital firm

So if you are not looking to make a

profit, what are you looking for then ?

Investments in data mining, call

recording, surveillance, crypto,
biotech,

E.g. 2007 AT&T - Narus STA 6400

backdoor = product of In-Q-Tel
funded company

Many (many) participations

worldwide (also Belgium)
 Social networks as a private
intelligence agency
Perfect front offices

Facebook as the first global

private intelligence agency

Otherwise hard to obtain intel

is being shared voluntarily by
everyone (e.g. hobbies, etc.)

US$ 12,7M investment by

James Breyer (Accel), former
colleague of Gilman Louie
(CEO In-Q-Tel)
 Smart-phones as the
ultimate tracking device
Device you carry 24/7 with you.
With a GPS on board.

Android has remote install/deinstall

hooks in its OS (so has IOS)

OTA vulnerabilities allow remote

installs of byte patches (e.g.
Blackberry incident in UAE)

Apple incident (the bug that

stored your whereabouts)

Any idea how many address

books are stored on iCloud ? :p
 Smart-phones as the
ultimate tracking device

Wi-Fi based positioning has become very accurate and quickly deployed mainstream
 Cloud providers as the
perfect honeypot
There is no company that is so
invasive as Google

Records voice calls (Voice),

analyses e-mail (GMail), knows who
you talk to and where you are
(Android), has all your documents
(Drive) and soon will see through
your eyes (Glass)

Robert David Steele (CIA) disclosed

Google takes money from US Intel.
community.

In-Q-Tel and Google invest in

mutual companies (mutual interest)
 Cloud providers as the
perfect honeypot
Not only Google. The latest
OSX Mavericks actually asked
me to store my Keychain in
the cloud *sigh*

While Apple claims iMessage

cannot be intercepted, we
know it is possible because
Apple is the MITM and no
end-to-end crypto is used nor
certificate pinning.
 The loyal friend, the phone
operator
Needs to be CALEA and ETSI
compliant. Yeah right :-)

Operators are both targets of

surveillance stakeholders (e.g.
Belgacom/BICS hack by GCHQ)
and providers of surveillance tactics
(taps, OTA installs, silent SMS, etc.)

Does KPN really trust NICE (Israel)

and does Belgacom really trust
Huawei (China) ?

Truth of the matter is: you cannot

trust your operator
 Privacy is for losers
If you think you have privacy,
you really are a loser
 #dta
If a government needs to understand
its enemy, and were being surveilled.
Then, who exactly is the enemy ?
 Conspiracy theory ?
!

Whistleblowers showed that reality

is far worse
So now what ?
Change your attitude.
Wake the f*ck up
Reclaim ownership of your data.
Demand transparency of every
service you use.
Encryption is your
friend
Encryption today is built for security
professionals and engineers.
Not for your mom or dad.
Security and crypto engineers dont
understand UI and UX
Android and IOS planned. Microsoft Mobile perhaps.
 Requirements
Must provide strong crypto

Must be open source (GitHub)

Must be beautiful and easy to use, we

actually dont want the user to be
confronted with complex crypto issues

Provide deniability

Provide alerting mechanisms that alert

the user when something is wrong

Even when your device is confiscated,

it should be able to withstand forensic
investigation
 How its built
Using tor as transport layer for P2P
routing and provide anonymity (no
exit nodes used).

Obfuscated as HTTPS traffic to

prevent govt filtering.

Using OTR v3.1 to ensure perfect

forward secrecy and end-to-end
crypto.

Capable of detecting A5/GSM

tactical surveillance attacks.

Extremely effective anti forensic

mechanisms and triggers
How its used
 Whos using it
Journalists

Freedom Fighters

Whistleblowers

Lawyers and security

professionals

 Why use it ?
To protect your human right
on privacy

To protect your human right

on freedom of speech

Because your communication

needs to remain confidential

Because excessive
surveillance is a threat to
modern democracy
Privacy might be for losers, but
that doesnt mean you are OK
to give up your human rights