Story about freedom
Freedom is something that I care about very deeply about.
As a teenager, reading 1984 – I was intrigued.
In it, George Orwell depicts this dystopian future
Every citizen is being watched by the government through “telescreens” – fictional devices acting both as a television and a surveillance camera
It was mandatory to have such a TV screen in your living room.
This is very similar to what is happening today. We surround ourselves with smart TVs, smart devices that have camers on them. I don’t see much difference.
The only difference is – we bought the smart TVs and installed them ourselves
This is going to be a talk about balkanization in the digital age
[but first, I would like to take you back into the past]
Can you imagine a world without borders?
A world in which human beings managed to evolve because of one main reason: migration.
Migration is at the center of human evolution.
The story of the ancient Silk Road
Silk Road was this trading route connecting three continets
Civilizations among the path managed to evolve because of the ancient Silk Road benefited
Exchange of goods, merchandise
Exchange ideas and phylosophies
About religion, life or science
Opening long-distance political and economic relations between the civilizations
Same principles (open world, sharing) laid the foundation of the internet.
The internet started as a private network between universities
It would empower researchers to share their findings freely and in a timely manner
Taking science to the next level
They all knew eachother and trusted eachother
Privacy and security have only been added later, as layers on top of an already shaky foundation
This is why the internet is inherently insecure.
[fast forward to the present]
Tim Berners Lee quote
“I hope we will use the Net to cross barriers and connect cultures”
We live right now in a world in which borders are everywhere
By contrast, walls and borders promote segregation, and have a negative impact on economy, creativity, and technology, slowing down progress on every level.
While we often praise global collaboration and we find value in sharing information with people from all across the world
We haven’t reached that maturity in our society that allows tearing down both physical and fictional walls
We take physical borders for granted
We are used with this. We take these borders for granted.
Every time we travel we have to go through security checks in airports, stay in queues to have our passport checked.
[what gives me hope is that]
We’re not ok with any kind of border that is imposed on us
Sometimes, we like to jump over some walls
Sometimes, we even take these walls down
The Berlin wall is a great example of how people managed to become free, when they really want to.
Less than three decades after the Berlin Wall collapsed and ended an era of division between the east and the west, the world right now seems on the brink of making the same mistakes over again. Only this time, in cyberspace.
[what worries me right now]
The internet right now is going through a process called Balkanization.
Balkanization – geopolitical term
A process through which an area becomes divided in smaller entities
These smaller entities not only refuse to cooperate with eachother, but sometimes are even hostile to eachother
The internet has a natural tendency to be divided
Differences in language or culture
In this part of the world w’re all browsing the English speaking internet,
In other parts of the world a Chinese speaking person will not use Google to search the internet, they will use Baidu. A Russian speaker will not use Google, they will use Yandex
I think this division is OK, as long as it’s happening naturally. No artificial causes.
Information is like water – it has the tendency to leak, or to go anywhere it can reach.
Just like two communicating vessels will get filled by the same source of water
The same way the Internet helps human civilization share knowledge and disseminate this knowledge around the world
[unfortunately, not everyone is ok with the current status quo]
More and more countries are building walls on the internet
Governments around the world realized they need to control the Internet
If you go to China, most websites that you are used with browsing daily are blocked. Accessing them is not allowed.
Internet entered China in 1994
The Communist Party back then was very quick to realiz the potential this network has for bringing like minded people together
They quicky decided they need to regulate the internet.
Only three years later, in 1997, the first version of the Great Firewall of China was up and running – blocking resources, filtering traffic and monitoring internet activity.
That’s right – free internet in China lasted for only three years.
When Google was still operating in China (BTW, I hear they’re going back now)
If you would search for the “tiananmen square” event – you would get beautiful pictures of clear blue skies and nice asian architecture.
If you search the same query from anywhere else in the world, you will see the iconic “tank man” picture
This picture became a symbol of courage – everywhere around the world, except China
[China is not the only place where the internet is not free]
There is a huge technical industry fueling the growth of internet surveillance
This is not a China-only problem
Unfortunately, in the past two decades more and more countries started following China’s steps
Flourishing private industry developing surveillance technologoes
Most of these companies are based in the green areas
no export restrictions
surveillance technology sold to whoever can pay – including countries with very bad human rights track records
Every year, more and more such companies are being started-up
Their only purpose is to find new ways in which governments can monitor our online communications
[this is pretty worrying]
Legally compel iternet companies to hand over data or restrict available content for certain geographies
Luckily, some of these companies publish statistics about requests coming from governements
In the past years, more and more Silicon Valley based companies have had to make a hard choice
When faced with personal information or content takedown requests, they often chose to comply with requests coming from authoritarian regimes, or regimes with a not very good track record when it comes to respecting human rights.
Money seems to be the decision maker
Refusing to comply with such requests usually means the company will cease to do business in that specific country
[maybe the Chinese example is not something that will touch you]
How about something closer to home? [“travel” to Turkey]
Meet Barış Pehlivan – an investigative journalist based in Turkey
Has been very critical to the government in the past few years
He was recently released from prison
He spent more than 1 year and a half in prison after his office was raided and the government found incriminating documents on his hard-drive
What actually happened here – Baris was not the one to put those files on his hard-drive
The weekend before his arrest, someone broke into his office on a Friday night – at 10 PM, when there’s nobody there, computer turned off
They physically removed the hard drive from his computer, planted the files there and then put the harddrive back
How do we know this?
These conclusions were uncovered by security researchers who did the forensic investigation of Baris’s HDD
Forensic investigators also uncovered the fact that in the weeks before the arrest, Baris’s computer was remotely attacked 12 consecutive times with Ahtapot – nation-state sponsored malware
[why does this matter?]
The reason I wanted to tell you Baris’s story is so that we can better understand the dangers there are when somebody else has access to your data, to your computer. It’s not just a question of someone knowing information about yourself, but it can be a question of freedom. Actual, physical freedom. It’s why the things we do in this industry of ours matter a lot.
Limiting internet freedom is bad for journalism
Freedom of press is arguably the most important pillar of modern societies
Journalists should be free to do their job
Mass surveillance hurts reporting on important issues such as corruption
Sources become harder to find and more reluctant to cooperate when they know they are surveilled
[But this is part of a bigger picture]
Everyone changes their behavior because of surveillance
You don’t need to read an Oxford (even though there is one) to realize that human beings change or restrict their behavior when they know they are being watched
Think about it. Is there anyone in this room who hasn’t ever written a Facebook status update only to delete it right before pressing the Post button?
What will my friends think if I post, like or share this?
Self-censorship can’t lead to anything good, can it?
Human intellect is not the only thing prospering when information is allowed to flow
Economies prosper as well
A recent McKinsey study shows that the internet is responsible for 21% of the growth in GDP in the past 5 years
[And just as civilizations on the path of the ancient Silk Road profited from the trade of goods and ideas]
Modern day Silk Road brought prosperity to Ross ulbrich
Ross Ulbricht was guided by extreme libertarianism
He believed each individual has to chose what is good and what is bad
Underground marketplace
Just like Amazon, but for guns, fake IDs and dangerous drugs
But of course his site attracted the attention of law enforcement
Website got seized, he was arrested.
The Silk Road takedown would not have been possible without international cooperation, just like the fight against cyber-crime is not possible without cooperation
Every day, anti-virus researchers discover and analyze more than 300,000 new malware samples daily
How do we find the needle in the haystack
Is it the smart minds we have in this industry?
Is it the resources, the bare metal servers we can afford?
More than 10 years ago, when I was young and I joined infosec, the thing that amazed me the most is how researchers from competing companies cooperate with eachother
Sharing threat data and generally coming together as one in the fight against malware
[when I look around nowadays, I am not sure the future of cooperation is so bright]
Digital nationalism in the form of protectionist legislation making it harder and harder to cooperate.
Historically, nationalism is a concept dating from the 18th century. This ideology promotes undiscriminate love and devotion to the interests or culture of a nation or state.
Nationalism believes that nation-states are better off working alone than collectively, emphasizing national rather than international goals.
This ideology was one of the principal causes that started both WWI and WWII, which killed over 70 million people worldwide.
In the last decades, more and more countries have become more divided and nationalistic, with some of them using the Internet against their own people, controlling and restricting information in the name of their nation-states. (Map of nationalistic tendencies in Europe: https://www.bbc.com/news/world-europe-36130006)
It is a dangerous ideology, that opposes the main purpose for which Internet was created: cooperation, decentralization and non-discrimination.
Manipulation on the Internet is easier than ever, and the commercial and political stakes are becoming higher every year. In 1995, only 0.4% percentage of the world population had access to the Internet. Now, more than half of the planet can surf the web.
Most of the people who are on the Internet are using at least one social networking service
Bubbles and Isolation
Social networks are built in a way that promotes bubbles and separation. Each of us is connected to their friends and follows the people he or she looks up to.
Each individual’s digital world seems to be shaped around them. If we gather together, it’s usually with people like us, while keeping the distance from those who have different views. Interactions between groups are limited, and when they do exists, we are not truly listening to each other, but looking to re-enforce our believes.
Digital networks have the power to unite and give political voice to powerless and marginalized groups. But - with nationalism and extremism - on the rise, digital networks can polarize our views and beliefs even more.
The inability to understand the differences between us are becoming more prevalent.
[what can be done about it?]
Philosophy. Let’s avoid in infosec what happened in Silicon Valley.
Philosophy is important. Yes, even for tech people. Where we come from and where are we going.
The Internet is giving birth to a new kind of society, changing the way we think about politics, work, money, health or knowledge. It is reshaping our beliefs, behaviours and values.
This can both unite us and divide us, bring us peace or war.
We have a duty to influence the direction in which this is going.
The Internet and - inherently - our society, should be an important matter of debate amongst us. But we need better tools to understand what is going on.
Philosophy can help us question the most basic assumptions of our work, and re-define notions of self, nations, freedom and privacy in this digital era.
All of us need to take a step back and ask ourselves better questions of what our work means and what is the impact of the code we’re writing for the future of our world.
[because we have a huge responsibility]
Computer security and medicine
Cybersecurity researchers spend their days finding new vulnerabilities and monitoring the evolution threat actors – all this to protect internet users
Cybersecurity researchers are very much like the doctors of the future
The same terminology is being used
Infection, disinfection, virus, epidemic, quarantine
Just as doctors on the battelfield have sworn to protect soldiers and civilians no matter which side of the border they are, security researchers do the same in cyber-space – being neutral in the face of threats against security and privacy.
Manhattan Project
This year marks the 73th anniversary of the only times that atomic bombs have been used against human targets–at Hiroshima and Nagasaki, Japan.
Most Manhattan Project workers who built and operated the uranium enrichment facilities and reactors did not know what they were doing.
Information was compartmentalized and provided on a need-to-know basis, ensuring that only a fraction of workers understood the larger goal of the project: that of killing was enemies.
What if those workers and engineers new what they were doing and talked about it in public, voicing their complains against the?
undreds of thousands of lives would have been spared.
The Internet has such a power, but it’s up to us if we use it or not.
Conclusions
I am not here to judge if balkanization is good or bad
I am not here to judge if total freedom is good or bad
But what I can say for sure is that as human beings, we want to evolve
The only way in which we can evolve is if we have real choice
There cannot be anything such as real choice as long as we don’t have free, unrestricred access access to information
[what keeps me up at night]
Governments have already decided what kind of internet they want for themselves. They want an internet in which everyone is monitored and all content is controlled.
Remember, the internet was not initially designed to be balkanized
I think this is the moment when we, security researchers, have wheigh the same decision.
We the researchers have to decide what kind of internet do we want our kids to use in the future.
Do we want them to live in a world like George Orwell’s novel 1984, where everybody is being watched and surveilled by their government?
Or do we want them to live in a world where things such as free access to information, real privacy and security are basic human rights.