keynote 1 - john adams - beyond fbi v apple
TRANSCRIPT
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
1/47
BEYOND FBI VS. APPLEWHATS NEXT IN THE CRYPTO WARS?
JOHN ADAMS
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
2/47
TEXT
INTRODUCTION - WHO AM I?
Disclaimer: These words are my own. I do not speak for these companies.
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
3/47
1977
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
4/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
5/47
EXPORT CONTROLS IN THE 1990S
DONT SHIP THAT FLOPPY.
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
6/47
PHIL ZIMMERMAN AND PGP (1990S)
PGP
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
7/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
8/47
CALEACOMMUNICATIONS ASSISTANCE FOR LAW ENFORCEMENT ACT (1994)
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
9/47
WE WON!
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
10/47
FREAK: MARCH 2015
LOGJAM: MAY 2015
DROWN: MARCH 2016
O RLY?
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
11/47
NSA BULLRUN
NSAS BULLRUN - SNOWDEN REVELATIONS, 2013
! EFF and others won in the courts, US Congress, and public
opinion
! BULLRUN - NSAs effort to bypass democratic mechanismsand sabotage our security anyway (in secret.)
! Hidden vulnerabilities in NIST standard
! Weakening of global cryptography market to ensure peoplehave access only to compromised methods
! Many details still unknown
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
12/47
IN THE DIGITAL AGE, ACCESS TO
AND USE OF ENCRYPTION IS ANENABLER OF THE RIGHT TO PRIVACY.
Amnesty International
AMNESTY INTERNATIONAL
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
13/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
14/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
15/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
16/47
PARIS ATTACKS - NOVEMBER 2015
! Paris attacks / Telegram found on phones
! ISIL's media org, the Al-Hayat Media Group, launched a
website on the dark web, recommending Telegram.
! Such activities could be used as pretext to monitor citizens
and could be used to suppress dissidents.
! We cannot make messaging technology secure for
everyone except for criminals / terrorists.
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
17/47
JAMES COMEY, DIRECTOR, FBI
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
18/47
"ENCRYPTION DOES MAKETARGETED SURVEILLANCEMUCH HARDER. SO DOESCASH, BEARER BONDS, FAKE
MUSTACHES, HATS, HAIRDYE, BLANKETS, HORSES,BOATS, AND FORESTS.
- OLIVER DAY(SECURING CHANGE)
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
19/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
20/47
DARK
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
21/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
22/47
NOT JUST ONEPHONE.
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
23/47
NOT JUST ONE PHONE
63 ONGOING PHONE-UNLOCKING CASES IN US, 175 PHONES IN NYC
April 2016
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
24/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
25/47
TEXT
4/14/2016: BLACKBERRY GLOBAL ENCRYPTION KEY
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
26/47
ARE CRIMINALSTHAT SMART?
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
27/47
CAN YOU HIDE?
HIDING YOURSELF ISNT THAT EASY.
! Disable default device backupsto the cloud.
! Disable default device key backupsto the cloud.
! Disable default device biometric decryption (touchID).
! Avoid sending incriminating evidenceby any non-
encrypted means.
! Disable default cloud storagefor each app.
! Dont call or text anyone(leaving behind metadata)
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
28/47
Source: vocativ
http://www.vocativ.com/307667/encryption-law-europe-asia/
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
29/47
MASS SURVEILLANCE
MASS SURVEILLANCE, A GROWING TREND
Mass
SurveillancePrivacy
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
30/47
MASS SURVEILLANCE BY COUNTRY
! Worst
! China
! Malaysia
! Russia
! Slightly Better
! Singapore
! UK
! Meh.
! Taiwan
! Thailand
! United States.
! Best
! Greece, which was judged to
have 'adequate safeguards
against abuse'
Source: Privacy International 2007
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
31/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
32/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
33/47
WHERE ARE WE GOING?
! Expect companies to introduce additional encryption in
products. Apple is well on their way with secure enclaves
in their hardware.
! Expect governments to attempt to introduce legislation
banning strong encryption and promoting impossible
backdoors
! Oh wait, they already have
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
34/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
35/47
SNOOPERS CHARTER
UK CALLS FOR OUTLAWING NON-BACKDOORED CRYPTO (2015)
! Prime minster David Cameron, Jan. 2015 calls for ban on
end-to-end encryption that the government cannot read.
! If you cant say something to a friend or family memberwithout the fear the government, your neighbor or your
boss will overhear, your free expression is deeply curtailed.
!
There is no such thing as good guy encryption and badguy encryption.
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
36/47
SNOOPERS CHARTER
DRAFT COMMUNICATIONS BILL (UK)
! Snoopers Charter
! maintain records of each user's internet browsing activity
(including social media), email correspondence, voice calls,internet gaming, and mobile phone messaging services and
store the records for 12 months. Retention of email and
telephone contact data for this time is already required by the
Data Retention Regulations 2014.
! The anticipated cost is 1.8 billion.
! UK Home Secretary Theresa May
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
37/47
BURR-FEINSTEIN (USA)
BURR-FEINSTEIN BILL (USA, APRIL 2016)
! Ridiculous.
! Privacy advocates who expected the worst werent disappointed.
! Make all of our online data "intelligible" when presented with acourt order.
! The bill defines intelligible as "decrypted, deciphered, decoded,
demodulated, or deobfuscated"
! As currently written, the draft likely even outlaws forward
secrecy. (source: EFF - More on this in a second.)
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
38/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
39/47
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
40/47
WHAT CAN YOUDO?
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
41/47
WHAT CAN YOU DO?
IN CHARGE OF HTTP-BASED SERVERS AND SERVICES? (OR VPN?)
! Implement proper, always-on HTTPS - you have no excuse!
! Enable HPKP(pinning for TLS certificates)
! Enable HSTS(always talk to me in HTTPS)
! Enable PFS (Perfect forward secrecy)
! Verify your implementation (https://www.ssllabs.com)
! If possible, ask to be added to the HSTS preload list
(chrome)
https://www.ssllabs.com/ -
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
42/47
WHAT CAN YOU DO?
THIS ISNT HARD, ITS NEARLY FREE NOW.
LETS ENCRYPT
MOZILLA RECOMMENDED CIPHER SUITES
https://letsencrypt.org/
https://mozilla.github.io/server-side-
tls/ssl-config-generator/
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
43/47
LETS ENCRYPT
MAKING GOOD PROGRESS - LETS ENCRYPT
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
44/47
WHAT CAN YOU DO?
ARE YOU A DEVELOPER?
! Encrypt data at Rest and in Transit, even inside your
companys network.
! Please dont reinvent the secure messaging wheel.
! Its been done too many times.
! Youre probably (not) a cryptographer.
! Signal is doing it better than you anyway.
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
45/47
WHAT CAN YOU DO?
END-USER
! Know your vulnerabilities and threat model
! Promote end-to-end, encryption-by-defaulton projects that you
work on
! Encrypt your phone, text messages (Signal), and hard disk
! Use strong passwords with a password manager and
promote the use of 2-factorin your organization
! Use Tor.
! Enable and install HTTPS Everywhere, Adblockers, uBlock, etc.
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
46/47
WHAT CAN YOU DO?
POLITICALLY
! Demandthat your representatives in government block
anti-encryption bills
! Help the EFF, ACLU, and other privacy-promotingorganizations with your donations and time.
! We can fight with technology, but fighting them with
legislation and precedent cases will probably be more
effective in the long-run.
! Lets all work together to make the Internet more secure.
-
7/25/2019 KEYNOTE 1 - John Adams - Beyond FBI v Apple
47/47
THANK YOU!JOHN ADAMS @NETIK