One of the biggest threats to your security privacy and anonymity online is potentially Unfortunately

your own.

Go home and this threat is coming from a number of fronts.

The two main fronts one is the push to weaken and regulate encryption and the other is to legalize it

I guess legitimize mass surveillance and spying on its citizens.

Many countries are talking about implementing policies that limits encryption and policies to legitimize

and legalize spying.

That has been going on anyway illegally for years.

And in fact by the time you listen to this because it's moving so fast in your particular country things

may have changed and it may now be more legal to spy on you and encryption may be regulated to a
further

extent this regulation and mandating of insecurity and legalised spying is going on in many places United

States the U.K. China Russia Brazil India etc..

The UK has got the data communications bill which includes recording 12 months of Internet history and
the Orwellian measures.

Other examples that show the tide of change in other countries.

You have whatsapp being banned for 48 hours in Brazil because of the encryption by the government.

India India has some very strong ideas on limiting encryption Kazakstan legally requiring back doors

encryption is fundamentally mathematics.

It cannot be banned.

The horse has already left the stable it's been created.

It cannot be weakened just for a terrorist or a criminal or for someone who you want to have weak
encryption.

Those people will just use the strong encryption that's already out there and everyone else will be

stuck with weakened security and weakened encryption because they're forced to use the weakened
grips.

If it is weakened or back doored is weakened for everyone including the hackers trying to compromise

our systems something like this was actually tried already as the crypto wars in the 1990s something
called the Clipper Chip was proposed by the U.S. government and the floor was found in it.

And luckily there was no widespread adoption because this chip was going to be put into you know
every

electronic device that was going to do encryption.

So the government could bypass encryption and look at what it is you were doing.

So if that had happened that would have been a complete disaster because of the vulnerability that was

found.

This is the problem.

If you weaken encryption you can weaken it for everybody.

Terrorists and criminals will continue to use strong encryption even if normal citizens are banned.

There is no evidence that weakening encryption will help at all.

And to add to all that we have no feasible technical way of achieving this.

Unfortunately all of this stuff is perhaps too complicated for people to really grasp.
Those people that make decisions on these things or maybe they do understand it but because of
political

agendas they're still pushing forward.

This is Matt Bley speaking to a U.S. congressional committee on the feasibility of these plans.

And it's definitely worth a watch.

So I'm going to play it now.

It's only five minutes long.

Dr. Blix.

Five minutes.

Thank you Mr. Chairman.

As a technologist I'm finding myself in the very curious and participating in a debate over the desirability

of something that sounds wonderful which is security systems that can be bypassed by the good guys
but

that also reliably the bad guys out and we could certainly discuss that.
But as a technologist I can't ignore this stark reality which is simply that it can't be done safely.

And if we make wishful policies that assume and pretend that we can there will be terrible consequences

for our economy and for our national security.

So it would be difficult to overstate today the importance of robust reliable computing and
communications

to our personal commercial and national security.

Modern computing and network technologies are obviously yielding great benefits to our society and we

are depending on them to be reliable and trustworthy in the same way that we depend on power and
water

and the rest of our critical infrastructure today.

But unfortunately software based system is the foundation on which all of this modern communications

technologies is based are also notoriously vulnerable to attack by criminals and by hostile nation states

large scale data breaches of course are are literally a daily occurrence and this problem is getting

worse rather than better as we build larger and more complex systems and it's really not an exaggeration
to characterize the state of software security as an emerging national crisis.

And the sad truth behind this is that computer science my field simply does not know how to build
complex

large scale software that has reliably correct behavior.

And this is not a new problem it has nothing to do with encryption or modern technology.

It's been the central focus of computing research since the dawn of the programmable computer.

And as new technology allows us to build larger and more complex systems the problem of ensuring
their

reliability becomes actually exponentially harder with more and more components interacting with each

other.

So as we integrate in secure vulnerable systems into the fabric of our economy the consequences of
those

systems failing become both more likely and increasingly serious.

Unfortunately there is no magic bullet for securing software based system.

Large systems are fundamentally risky and this is something that we can at best manage rather than
than
fix outright.

There are really only two known ways to manage the risk of unreliable and in secure software.

One is the use of encryption which allows us to process sensitive data over in secure media and in secure

software systems to the extent that we can.

And the other is to design our software systems to be as small and as simple as we possibly can to
minimize

the number of features that a malicious attacker might be able to find flaws to exploit.

And this is why proposals for law enforcement access features frighten me so much cryptographic
systems

are among the most fragile and subtle elements of modern software.

We often discover devastating weaknesses in even very simple cryptographic systems years after they're

designed and fielded with third party access requirements to do is take even very simple problems that

we don't really know how to solve and turn them into far more complex problems that we really have no

chance of reliably solving.

So backdoor cryptography of the kind advocated by by the FBI you know might solve some problems if
we

could do it.

But it's a notoriously and well-known difficult problem we've found subtle flaws even in systems
designed

by the National Security Agency such as the clipper chip.

Two decades ago and even if we could get the cryptography right we'd be left with the problem of
integrating

access features into the software design and requiring designers to design around third party access

requirements will basically undermine our already tenuous ability to defend against attack.

It's tempting to frame this debate as being between personal privacy and law enforcement.

But in fact the stakes are higher than that.

We just can't do what the FBI is asking without seriously weakening our infrastructure.

The ultimate beneficiaries will be criminals and rival nation states.

Congress faces a crucial choice here to effectively legislate mandatory insecurity in our critical
infrastructure

or recognize the critical importance of robust security in preventing crime in our increasingly connected

world.

Thank you very much.

This here is a good paper to read.

And it's from a number of top crypto experts including some of the people that actually design the crypt

that we're going to talk about on the course on why mandating insecurity is a bad idea.

So if you want to dig deeper into that.

Give the readers your homework and other quick Darkman that you can read is the case against
regulating

encryption technology.

Only a couple of pages.

And to give you more of a background.

And this is a good read this is the nine epic failures of regulating encryption.
It was a great report to give you an idea of the number of crypto products out there by Bruce Schneier.

This is world wide survey of encryption products give the google the PTF version which is here.

There's also an Excel version that excels pretty cool because you can sort by the type so you can look

all the different of crypto products and maybe where we get to those sections and those products you

can see all the ones that are out there it finds 865 hardware and software products and co-option
encryption

from 55 different countries so obviously if you have a law in one country something affects all the

other countries and you know people who do use the crypto from whichever country they choose to use

it for them let's move on to the legalization of spying and mass surveillance.

Now I think we can start with some quotes from Edward Snowden So we have here arguing that you
don't

care about the right to privacy because you have nothing to hide.

It's no different than saying you don't care about free speech because you have nothing to say.

He continues people who use the I have nothing to hide line.

Don't understand the basic foundation of human rights.

Nobody needs to justify why they need a right.

The burden of justification falls on the ones seeking to infringe upon the right.

If one person chooses to disregard his right to privacy that doesn't automatically mean everyone should

follow suit.

Either you can't give away the rights of others because they're not useful to you.

More simply the majority cannot vote away the natural rights of the minority.

My view is this.

When people know they will be watch they are being spied on.

They alter what they do.

They are no longer free.

Terrorists want us to lose our freedom by creating mass surveillance to prevent terrorism by creating
mass surveillance infrastructure.

We lose the very freedom we are trying to protect.

But the counter-argument to this is that we will be more secure from mass surveillance will be more

safe from mass surveillance.

But the evidence is thin to support that.

The former head of the NSA global intelligence gathering operations Garko old Bill Binney.

He says that mass surveillance interferes with the government's ability to catch bad guys and that the

government's failure in terms of 9/11.

The Boston bombing the Texas shooting and other terrorist attacks because it was overwhelmed with
data

from mass surveillance.

For me the issue of mass surveillance is about giving away too much power to a government.

Key questions to consider and ask can you trust all the people government offices agencies companies

and contractors with your personal and private data gathered through this mass surveillance.
Can you trust that they will always have your best interests at heart and that they will act justly

with this power.

This new power that they will have and not just now but in the future and with your children because

your children will inherit a watched world.

This data will be kept and any slight deviation from what is considered acceptable could be used against

you if you oppose those in power.

Consider the civil rights movement.

If mass surveillance is going on during that political movement how would it affect a political change

for black people in the United States.

Would civil rights have happened much slower more violently because of the mass surveillance.

Or would it have been crushed completely so they wouldn't even exist now if we had mass surveillance.

Things to consider.
Also consider donating to some of these privacy causes.

If privacy is something that you are particularly interested in and passionate about regulating encryption

mandating insecurity and legalizing spying is unfortunately an active threat that's potentially on your

threat landscape that you need to be aware of.

If your ability to use encryption is reduced then your security will be reduced as well and you will

need all the mitigating controls.