Campfire: Thursday, September 5

David S I.

Good morning. Happy Thursday.

BH S.

hello world

Brewster K.

:) Good things are going on here. we are trying to figure out both what we think should be done, and some are aligning to try to get some things done.

David R.

OK Brewster - ONS (Our Name Space) is officially my project, and I will write a design spec for discussion (with special input from Wendy and yourself requested). I'd also like to help with the headset.

Wendy S.

Schneier: Security is hard -- to stay secure, you have to be perfect. Advantage listener.

Christopher M.

Thanks!

Eleanor S.

Two things: First, we need to redesign the systems we build so they don't fail atomically, so they fail more organically. Second, the use case where you only need privacy for a short period is actually pretty common.

Robin C.

Last week I met CEO of http://vencurrency.com/about the distant thrid to bitcoin and ripple. Ven incorporates a carbon exchange, is based on an index of currencies.

Matthew R.

Is there more on this bit coin scenario online?

Robin C.

An interesting comment he made was the rise of m2m transactions using bitcoin. So machines making a currency that is being used by machines.

Eleanor S.

Matthew: an almost endless amount more. It's a ranty (albeit somewhat interesting subject)

Monica W.

www.bitcoin.org

Matthew R.

Thx

Monica W.

:)

Christopher M.

In depth explanation of how Bitcoin works: https://www.grc.com/sn/sn-287.htm - this transcript from this podcast: http://twit.tv/sn287

Steve S.

Paypal is difficult to work with for all businesses, not just crowd sourced ones.

They have very detailed rules for what you are allowed to sell and how you are allowed to sell it.

Dan G.

Andy Greenberg bought some drugs on Silk Road, using Bitcoin, and asked researcher to see if he could be tracked. It was easy. http://www.forbes.com/sites/andygreenberg/2013/...

Carlien R.

European Bitcoin Convention Sept 26/28 in Amsterdam /http://theconference.eu/ with speakers from the Dutch Central Bank

Robin C.

nice elliott: stop clinging to the past and start building the world we want. +infinity We have less and less to lose

Elliot N.

here we are!

introverts unite!

Matthew R.

Word

James V.

Lurkers uncloak!

Elliot N.

Dan Gillmor: it strikes me there must be a "whois privacy" equivalent for bitcoin

Steve S.

We're being surveilled by David.

Elliot N.

the problem at this point is it is primarily trading and not that much transaction

Elliot N.

James V: I always wanted to wear a cloak

we trust service providers all the time

to cut our hair

James V.

Spying on bitcoin: http://www.technologyreview.com/news/518816/map...

Elliot N.

to be doctors

(some of them anyways)

Wendy S.

Can we scale our tools appropriately?

i.e. make reasonable/achievable promises about their security, matched to what we use them for

Eleanor S.

We can build services that let us work with providers without needing to trust them for everything

Elliot N.

no chatham house rules there apparently ;-)

Eleanor S.

That's part of making things not fail atomically.

Christopher M.

Eleanor: sounds like Doc's VRM

Matthew R.

we can multi-task appropriately

Elliot N.

they are in much less competitive markets I note

Eleanor S.

and we can build tools that don't require people to be spooks to get security.

Robin C.

"already" making the shift that they aren't voice companies?

so fast!

James V.

VRM: http://cyber.law.harvard.edu/projectvrm/

Elliot N.

+1

Wendy S.

Brad: larger number of smaller service providers

Elliot N.

relationships are local

Elliot N.

Eleanor Saitta: that is a trust choice

it is ok to make it

but it is a choice

James V.

Doc's recent book, which takes a lot of that VRM stuff is really good: http://www.amazon.com/The-Intention-Economy-Cus...

Brewster K.

love bitcoin because all involved call it an experiment-- lets build on it, and even make the next rev. it is the best show in town.

Eleanor S.

it's been so long since I've been in a meeting that didn't use uptwinkles for silent agreement with points

Robin C.

why business doesn't like modularity is that it enables flight, and doesn't facilitate capture

Eleanor S.

Elliot: Oh, sure, trusting for availability is absolutely a trust choice; I wouldn't make it with everything.

Robin: absolutely! And we need to force them to play in our world.

Wendy S.

Brewster, interesting point re bitcoin experiment

James V.

There are some trust fails in bitcoin.

Elliot N.

Eleanor Saitta: it is ok to make that choice (not to trust anyone with personal data) but I do think it is a valid choice to make. and I have NEVER been to a meeting with uptwinkles. it looks like it would be fun/useful!

Eleanor S.

Elliot: I'll mention it at some point. :-)

Sascha M.

FYI: Monday WH privacy meeting is being convened by President Obama’s Review Group on Intelligence and Communications Technology.

"This meeting will particularly include people and organizations with expertise in privacy and civil liberties."

Eleanor S.

Elliot: I think for bulk storage, there's just not that much reason to do much else. The tools aren't perfect yet, but they're most of the way there.

Monica W.

But did you get yourself invited?

Robin C.

I'd like to see uptwinkles at Obama's meeting with the Intelligence community

Eleanor S.

Sascha: Did you get an invite?

Sascha M.

Monica/Eleanor, yes, I am now invited.

Steve S.

ok, here's what I wanted to say, the cloud "stack" providers, e.g. googles's gmail + android + chrome + maps + keep + gvoice + ... provide a HUGE amount of value and convenience. That's why people flocked to them, including me.

I haven't used an email client in years.

Steve S.

end-to-end is not they way most people think about services any more.

Christopher M.

Steve S: same.

Elliot N.

I think the coup took place YEARS ago and just ebbs and flows

Wendy S.

Sascha: whom do we write to for invites?

Eleanor S.

Steve: I've got a little side project called moonlet.is which is designed to let small groups of people deal with exactly that issue.

Christopher M.

Dewayne says it is personal responsibility not to take easy solution with cloud providers.

Steve S.

Interesting Ella, love to hear more at a break.

James V.

Chris, network effects make that both imperative and difficult

Christopher M.

Fully agre

Sascha M.

Wendy -- I can bring one additional person with me, so I want to bring someone with ridiculously good legal/civil liberty chops.

Steve S.

/agree Chris and Dewayne, but it's a hard tradeoff in terms of time and inconvenience, with real economic cost

Elliot N.

@barry we are :-)

please arrange the political power while we are doing so

Eleanor S.

Steve: It's a huge pain to put together all the open source software to replace one of the stacks, but a collective can hire a sysadmin to balance personal accountability and still provide that experience. Info at http://moonlet.is.

Sascha M.

I don't think there's anyone to write to for invites -- I just pushed several contacts to make the purposeful determination that they were not inviting me... so then they invited me instead.

Wendy S.

(I'll be in DC Mon, but not pushing to be your +1)

Elliot N.

the time of the coup in my opinion

Christopher M.

I think someone could have fallen asleep in 1900 and woken up in 2000 and be quite comfortable with the structure of the economy with regard to monopoly control.

Eleanor S.

The left did eventually get better from it's flirtation with Stalinism. Modern anarchosyndicalism looks much more like the Internet. ;-)

Oh, that "left".

Elliot N.

I want to get back to the smaller and smaller circles. I hope he returns there

Sascha M.

Wendy -- let's chat this eve. I need to get more info on who's already in the room so I can figure out what the most efficacious +1 would actually be.

Steve S.

Its not just corporations, I too strive to increase my own efficiency

Christopher M.

Inefficiency is a brittle supply chain that can be shut down by one storm or climate shift.

Robin C.

Barry: as noted when we talked, I think the Peers Inc structure delivers better efficiency than the closed large entity alone. Maybe not in every sector, but in lots of ways.

Christopher M.

Resilience is more important than efficiency.

Eleanor S.

Christopher: that depends on your time window

Christopher: He's right, quarter on quarter, and wrong decade on decade.

We reward financial performance quarter on quarter, so that's the system we get. Want resilience? Change the financial reward structure.

Elliot N.

a smaller and smaller circle is books

Robin C.

Because these Peers Inc cos are leveraging excess capacity , it changes the economics. Buzzcar has cars across France, which we don't have to buy because we are leveraging existing cars. Car rental can't compete in those geographies. Ditto for Airbnb. Ditto with quirky.com -- the ocmpany is buying just a few hours of a designers time, instead of bringing the person on board full time

James V.

Oh sure, Ella. Next you'll tell us that huge financial upsides for highly leveraged investments leads to fragile economies.

Robin C.

The peers inc delivers resilience and redundancy

Steve S.

++ Robin

Christopher M.

Focus on efficiency has slaughtered jobs - working class, middle class, and soon lawyers, maybe docs?

Wendy S.

efficiency focus -> economies of scale -> scaled-up regulatory capture

Christopher M.

Wendy +1

James V.

regulatory capture -> less efficiency

Wendy S.

heh

Eleanor S.

Robin: if the hub was a non-profit, I'd find the model much more interesting.

Elliot N.

we need to throw in the stew the fact that the Internet makes scale less efficient relatively

Christopher M.

James: leads to Robin's opportunity for disruption. Circle of efficiency.

Elliot N.

the secret to Ting (and Hover) is that customer service inherently has diseconomies of scale

and the Internet allows for efficiencies at small scale in much of the rest of the business

Robin C.

the structure is neither good nor bad. It will depend on practice. There are definitely best practices. Stretching the idea, I see open data as a peers inc. the APIs provide the structure. But definitley lots to be concerned with. I'm trying to make the case that doing the right thing is the way business SHOULD decide to go -- more participation, more innovation, etc.

James V.

Chris, regulatory capture protects the incumbent from disruption, which is what allows them to be inefficient.

Elliot N.

that is lean manufacturing!

Eleanor S.

Robin: Structures have real effects on the world, or it would not be interesting in the first place.

Elliot N.

it is a feature not a bug :-)

Christopher M.

James: to a point, it slows progress and does great damage but is important to note that is not the end of time.

James V.

Robin, is Amway an example of Peers, Inc?

Chris, sure.

Robin C.

Ella: agreed. A sentence I love: Infrastructure is destiny. True for our bad transportation system and obesity and climate change, true for internet construction and privacy.

Dan G.

Robin: Infrastructure is intertia, anyway...

Steve S.

Here's a good example, touring cyclists (and those that like them), opening their homes to each other. It's a non-profit. https://www.warmshowers.org/

Robin C.

James: I think Amway is, except, the Peers Inc offers much more autonomy is the participation, and can scale at a pace Amway simply can't. At least that is what I'm saying now...

Sascha M.

The efficiency-fragility tradeoff.

Eleanor S.

Sascha: If centralization is your only tool for coordination. Decentralized coordination is more complex, but not necessarily less efficient.

Robin C.

but with peers inc you don't have that trade off sascha. For airbnb or buzzcar, no one bad peer can take it down.

Elliot N.

all of this runs smack into the maker movement and 3d printers and cnc routers (http://www.shopbottools.com/)

Robin C.

This is anohter reason for companies to adopt the peers inc model, to give themselves resilience and redundancy

Wendy S.

Makerbots as essential infrastructure!

Christopher M.

Elliot: do we need Ting to get very much larger or to have more people create their own Tings?

Eleanor S.

Robin: Yes, but the company side of the structure can still destroy it, and the profit motive is the biggest structure that pushes them in that direction; hence why a nonprofit is more interesting as a hub.

Christopher M.

Many economists get it - they just don't work for Ivy league schools (with exceptions) or get on the TeeVee

Rick W.

+1 wendy and elliot. Moto sees a vision of democratizing/decentralizing the hardware engineering and building world, much as the Net has enabled on the websites/software/apps side.

James V.

Robin, thanks. I need to think about that a little more.

Christopher M.

Rick: why no ad hoc wireless with Moto?

Elliot N.

post-autistic??

Robin C.

Ella: I do agree. I'm feeling pragmatic, and beleiving in evolution, and thinking that we just have to fight for peer power. I can't take it so far, or I'll be pegged a communist, socialist, and people will stop listening. All part of the plan.

Wendy S.

It would be great to bring Eric von Hippel here to talk about user-innovation

Rick W.

chris: give us time and some breathing room from the carriers. we have a lot to rebuild.

Carlien R.

+1 robin

Robin C.

Ella: one more thing. If the Inc side doesn't play nicely enough, the peers won't play and another platform for participation can rise

Christopher M.

Thanks Rick: was curious more than poking you.

Elliot N.

Christopher Mitchell: we think we can scale Ting at least two orders of magnitude without even thinking about that. Even at that point we would be <2% of the market. please re-ask then :-)

James V.

Rick: will unlocked moto have ad hoc?

Eleanor S.

Robin: there's still lock-in in terms of brand awareness and network size. It's hard for someone to undermine AirBnB in that market at this point; it still acts as a company in the market on that end.

Steve S.

spot on, bad risk analysis

Elliot N.

this is back to ella's point at timeframes

James V.

short term thinking because of short term rewards

Steve S.

Better risk analysis plus a focus on efficiency

Christopher M.

We give big corporations too much credit at their intelligence.

Rick W.

Unlocked "modular" Moto is still a year plus away, but early plans are to allow ad hoc wireless.

Wendy S.

how much is the "it's ok to take the same risks as your competitors" mindset?

James V.

That's an interesting thought, wendy. I think it's a lot.

Eleanor S.

Rick W: I'm extremely happy to hear that. I hope that survives to market.

Christopher M.

For instance, many working for Comcast/AT&T/ et al actually believe the things their coin-operated think tanks produce. They are eating their own shit.

Steve S.

When Ontario power went out in a big storm in the mid 00s, after 2 days all data centers sent down. They all had contracted for fuel for their generators from the same large suppliers. When diesel went out, they went down. Bad risk analysis on the supply chain.

James V.

Rick: good to hear

Steve S.

I do believe from what I have seen, the field of risk analyis on supply chain management is improving.

Christopher M.

You save money now by consolidating supply chain. Disruption likely happens in years - when it will be "someone else's" fault.

Elliot N.

literally

Eleanor S.

So we need non-Newtonian accounting.

Robin C.

Ella: correct that right now AirBnb owns it. Ignoring that they have created a peer communications tool this last week, let us imagine if they didn't. If airbnb started to get too greedy, taking too much of the pie, not listening to host needs, etc. A new co could start up, and if it did a much better job, hosts would use both and then switch over. As I understand it, Etsy started with disgruntled and unvalued eBay sellers.

Elliot N.

shareholders who look at accounting information are also deeply misled

especially eps

Matthew R.

When your product is a real time product, your support system(supply chain) must be diversified

Ram M.

SteveS: +1

Elliot N.

they are laughing. they did it well. they made billions

they shifted the risk

James V.

Robin: interestingly, Etsy started by serving a niche better than the generalized Ebay could. Now that Etsy is growing beyond its initial niche, it is having trouble serving the niche well.

Barbara C.

I just read a book this summer about the history and influence of double-entry accounting on modern finance. It's Jane Gleeson-White (2011), Double Entry: How the Merchants of Venice Created Modern Finance (New York, NY: W.W. Norton & Company).

James V.

(that overstates Etsy's problems, but the tension is there)

Levi M.

Robin, Craigslist is an example of a greedy, inflexible, closed player that cannot seem to get knocked off its pedestal.

Eleanor S.

Robin: but all the harm happens in the Delta between when a company becomes a problem and when a new one reaches the same market penetration.

Steve S.

Well, and James V, Robin, the warmshowers site I linked is a response to airbnb being too general public. I may trust a touring cyclist in my home, but not anyone who users a horizontal site.

... I mean uses a horizontal site

Robin C.

Craigslist. Let time tell. They are inflexible, and we will see if they survive or change

James V.

In time, everything changes or dies.

Robin C.

ella: there is so much room for bad things. All the time, throughout the entire life cycle.

James V.

and dies, really

Eleanor S.

Robin: sure. The world has room for a near-infinite amount of inflicted suffering.

Robin C.

Steve s: funny and true. same thing happened with craigslist. so big, loss of trust.

Levi M.

I hope a better alternative comes along and gets traction but somehow CL has maintained a near monopoly for far longer than it should have in a competitive space

Elliot N.

in telecom it has always been the case

an industrial revolution concept

Eleanor S.

"natural"? That word is always an interesting tell.

Dan G.

Levi: hard to dislodge a competitor thas has critical mass and doesn't charge for its service..

Elliot N.

no concentration in web hosting

web design

Steve S.

So is a view of the Peers Inc concept is to be a incubator, platform and/or cookbook for people to start smaller, perhaps vertically focused peer sharing networks? The ones that succeed get larger, eventually perhaps get too large, and new ones start in niches when the time is right?

Elliot N.

no concentration in all crafts

the Internet removes economies of scale

Christopher M.

Laws that were ENFORCED

Robin C.

spreading fixed costs over more transactions -- this is what the peers inc platforms can do and SHARE with the peers.

Elliot N.

MEH

Christopher M.

not always, but more often.

Levi M.

Dan G, so if CL is so entrenched and all they have is critical mass, it is orders of magnitude harder to dislodge a bad actor in an industry which requires infrastructure and investment (ie telecommunications)

Christopher M.

Or was it a social contract coming out of WWII?

Elliot N.

the meh was that laws were enforced

Robin C.

giving individuals the power of the corporation

Elliot N.

sometimes yes, sometimes no

it is ebb and flow

Eleanor S.

...and then we saw a democractic governance structure be captured by the next generation of companies that weren't willing to have that happy to them.

Christopher M.

Elliot: agree, but my reaction is that we still have some of those laws

Elliot N.

we do

Christopher M.

People on Win: start with this software: http://www.gpg4win.org/

For public key cryptography

Steve S.

I'd be interested to know about a GOOD browser-plugin that would allow me to do it with gmail without the need of using an email client program.

James V.

Steve, that doesn't exist yet.

There are lots of reasons why it's a non-trivial problem

Steve S.

James: that's what I found when I searched. And. Might not be a bad thing to create.

THere are some plugins that you can select a section of text and either sign or encrypt it, before hitting send.

That seems in the right direction, but the projects seem clunky and buggy.

Steve S.

I guess this is one of those areas where one could be suspicious of google's failure to create this capability.

Sascha M.

Encrypt everything!

Rick W.

What is our objective, and then how do we accomplish it? Through legal/political/grassroots/PR/technical means.

Elliot N.

I am stumped as to how to protect the infrastructure up to level 3

what does success look like?

Sascha M.

Did somebody say www.commotionwireless.net ?

Maps...

Elliot N.

Sascha Meinrath: was that to me?

does commotion do that externally ie. once I am off the local mesh?

Sascha M.

Nope -- commotion != silver bullet. ;)

Sascha M.

A galactic Internet!

Eleanor S.

anonymity and the right to be forgotten

Christopher M.

Am I the only one that is nervous about the idea of a "safe" Internet?

Will Disney run it?

SOB

re galactic internet - http://en.wikipedia.org/wiki/J._C._R._Licklider

James V.

I've never really understood the right to be forgotten. Whenever somebody mentions it, I picture a farmer trying to shove a bunch of horses back into a burning burn.

SOB

right to be forgiven == hide my pact

s/pct/pst

SOB

s/pst/past

Carlien R.

We = tech community?

Christopher M.

Agree James - does your right to be forgotten mean I have to remove images from my site that you appear in? Always struck me as censorious.

James V.

I think "we" here is the people in the room.

Sascha M.

Demilitarization of cyberspace.

Ubiquity?

Wendy S.

Chris M: you're not alone. "Safe" is often a byword for censored and restricted.

SOB

right to be forgotten is the right to lie about what you have done - sounds rather like the soviets photoshopping (before photoshop) people out of pictures

i.e. making history even less reliable

James V.

Legit and accountable police. I like it.

Christopher M.

SOB - and storming into your house to remove the photos you have

Wendy S.

at some point we'll need to address the tradeoffs among these "wants"

Sascha M.

Digital literacy.

Elliot N.

sensible name space is in the eye of the beholder and will be a black hole

Sascha M.

Individual locus of control?

Christopher M.

VRM

Elliot N.

I don't know what democratic means

Wendy S.

available to and chosen by indviduals on equal basis

Elliot N.

it is public today

it is protocols

James V.

elliot, I think people are saying public down to the pipes

Christopher M.

Elliot: Accountable

Elliot N.

I really dislike the use of democracy

Wendy S.

Elliot, say more?

Aleecia M.

Of the people, by the people works for me

James V.

Elliot: it is *very* American to use Democracy in this sense.

Elliot and maybe you dislike it because you're not really American.

Wendy S.

the ideal of democracy, not its current instantiation in governments

Christopher M.

Technically Elliot is definitely American. Just not from the USA

James V.

We're kind of blinded by our socialization and culture to invest the word "democracy" with a lot more meaning than people from other countries tend to.

Sascha M.

Free, safe, ubiquitous communications for everyone on the planet... and beyond!

Elliot N.

James V: I think as soon as we introduce "democracy" we are looking backwards

Christopher M.

Sasch: been watching Toy Story much lately?

Josh L.

Chris don't dis Toy Story

James V.

I'm a fan of sortition, so moving beyond democracy sounds good to me.

Elliot N.

one world. one Internet

(for steve c)

James V.

one world, one internet, many black helicopters

Monica W.

The problem with democracy is the majority can be led to bad results. See: US House of Representatives.

Christopher M.

Monica: Problem with US House is that it reps a minority of the population... see gerrymandering etc.

Aleecia M.

I wonder if we can create groups of interests and break into smaller groups to get into details

Christopher M.

So does the Senate in fact. <sigh>

James V.

We have the tech for real-time direct democracy via a system of narrow proxies. We can do democracy without districts if we want.

Aleecia M.

As long as Facebook requires real names, it is not safe for people on the fringes

Christopher M.

James: I like the districts, just not uncompetitive ones.

James V.

Chris: why should we organize elections solely by geography? Don't people ally on interests across other criteria?

Christopher M.

Aleecia: agree - anonymity is essential choice

James: Much of politics is local

James V.

If you were in the PGP session, please send an encrypted email to james@jamesvasile.com. My key is on key servers. It's short fingerprint is AEBA2758.

Chris: and much isn't, especially at the Federal level.

Christopher M.

James: Yes, but I think much less should be done at the federal level.

James V.

Chris: senatorial parochialism is often the main problem on a bunch of issues

Ken Z.

NYT just published story on home page: "NSA Foils Much Internet Encryption" http://www.nytimes.com/2013/09/06/us/nsa-foils-...

Christopher M.

James: what is good server to seed local client with for GPG?

Eleanor S.

power equalizing is an emergent property.

James V.

Chris: pgp.mit.edu

Elliot N.

minutes after I generate a key the NSA foils me! I must know something

James V.

Eleanor: agreed

Elliot N.

the means was checks and balances which is what leads to gridlock

parliamentary democracy has other warts but not that one

James V.

Gridlock is an unwarranted perjorative

Aleecia M.

"privacy for the weak, transparency of the strong"

Elliot N.

James V: do nothing-ness? :-)

Josh L.

this is feeling weird to me

Elliot N.

inability to make policy/law/change?

Josh L.

shouldn't the network of networks be essentially value-less?

Christopher M.

Gridlock is a continuum. But I say that about everything.

Elliot N.

Josh Levy (Free Press): +1

Josh L.

creating an open network that guarantees "privacy for the week, transparency of strong" feels antithetical to all that

Elliot N.

well there are some values inherent

Eleanor S.

Josh: there's absolutely no such thing as a valueless network.

Josh L.

Elliot Noss:

Elliot N.

yes

Josh L.

and Elly - yes. What I mean is, the values must be low-level: Open, free, etc.

ella

building in power dynamics is a step above that

Eleanor S.

No

We need to know power dynamics

because the power dynamics of the network we have now are broken

and that's what we're trying to fix

and if we're not going to look at that, we're going to fail.

Josh L.

agreed

the network we have now is broken, in part *because* there are power dynamics baked into it

SOB

Common Bearer Service

Rick W.

Why are we spending time on the attributes of something new, rather than define the current surveillance problem and quickly move to potential cross-functional solutions? I fear we are not operating in a constructive fashion.

Christopher M.

Rick +1

SOB

key points of hourglass

simple

hide network features

can use existing physical networks

Rick W.

IP is applications/content and networks agnostic.

I don't think we are talking about dumping IP and starting anew. If so, we need a much longer session.

SOB

rather much longer session

Josh L.

+1 to the +1

Brough

http://upload.wikimedia.org/wikipedia/commons/b...

Eleanor S.

Rick: I think this is telling us a lot about what we care about. If we go to a much more operationalized session, it'll be much clearer.

Robin C.

Josh L: what is a url for your upcoming campaign/march?

Steve S.

Did someone say martini? :)

Josh L.

We haven't updated the site yet - should be next week - but it will live at www.stopwatching.us

which is the petition we launched after PRISM, etc.

Brough

Aleecia M.

"I want my data; my data is mine" (reminds me of Jewish wedding vows)

Rick W.

Eleanor: I hope you are right. The time in the IP hourglass just seems to be slipping away from us....

Christopher M.

This might be valuable, but very unsure it is the best use of our time. As I write this, I realize I'm not sure what the best use of our time is. Reinventing the Internet just doesn't seem to be it. The net works but is owned by hostile powers.

Wendy S.

BULLRUN, eh?

Aleecia M.

http://www.theguardian.com/world/2013/sep/05/ns...

Rick W.

I think Barbara has nailed (part of) it: as a technical matter, how do we deal with the surveillance problems without destroying the positive emergent properties we all want to promote?

Aleecia M.

http://www.nytimes.com/2013/09/06/us/nsa-foils-...

Jim B.

Pew's latest survey on anonymity, privacy and security online

http://pewinternet.org/Reports/2013/Anonymity-o...

Eleanor S.

"Protocols, not platforms"

Eleanor S.

If we have a choice between innovation and freedom, do you really want to pick innovation?

Christopher M.

How many "infrastructures" are officially regulated as though there were competition?

Tried with electricity and that was a pretty dismal failure

Elliot N.

the Internet hasn't failed us. the NSA/gov't has

Christopher M.

Elliot: Bingo

Carlien R.

what is the story behind sewers as part of the public infrastructure?

Rick W.

+1 Elliot

Christopher M.

Carlien: I don't know of a competing sewers ... I know that a few towns have both a publicly owned and a private water system but unsure if that includes wastewater.

I think we need overlapping networks. Should have public and private. May not make sense with other infrastructure but can work here - at the expense of imaginary notions of efficiency.

Robin C.

brad: what about airbnb. they are taking value created by others (as is buzzcar). Is that what you mean?

re twitter, we were talking at lunch -- what about the idea of structural separation

Elliot N.

http://www.sewerhistory.org/

Robin C.

you can't do both the platform, AND the apps/subplatforms operating within that ecosystem that is open to competition. This means you have an unfair advantage over the others working on the platform.

Elliot N.

Robin Chase: that is called vertical integration

sometimes it is good and sometimes it is bad

Christopher M.

Frankly, I don't know what we are doing anymore. But opening conduit will enable a few networks that will predictably cherry pick or cream skim in many cases.

Christopher M.

It is more complicated than "just" doing something.

There is physical scarcity in ducts and conduit.

Robin C.

so for pat's rule: does the private sector have to wait for a public failure before it is allowed to compete?

Monica W.

And negotiating with munis owning the conduit can be onerous.

Christopher M.

If we have overlapping networks, they don't all have to operate in the public interest. But there has to be a larger plan recognizing predictable problems of cream skimming.

Robin C.

for the public infrastructure, that is where regulation comes in.

aparna: that is saying that the platforms that are public are only those that have high cost of entry?

Elliot N.

and rights-of-way should be at some cost of common carriage

Robin C.

are there no infrastructures that we consider public that don't cost a lot?

Elliot N.

specifically........

Christopher M.

Yeah, we all make mistakes. Let's not create a dynamic where people are afraid to contribute.

(Though I love Barbara's energy and grasp of history)

Elliot N.

ok I still don't know what was wrong

aparna is very sensitive about not being there when al gore invented the Internet. he will rue the day!

Monica W.

States and municipalities need to have infrastructure plans that recognize existing broadband assets (conduit, dark fiber) and create policies in the public good about how they can be utilized. Right now, they're simply responding to ROW requests without long-term plans for broadband infrastructure or understanding how each negotiation will affect long-term accessibility of that asset and remaining space in the conduit.

Rick W.

a troubling thought: this is the discussion/debate the nsa was hoping we would have this week. :(

Robin C.

Barbara: what particularly would you like us to get right in this conversation?

Christopher M.

Pat seems to be articulating a theory close to what I understand as Locke's theory on property. You got a right to it if you a) own it b) use it.

Steve S.

Rick +1

So I've posted the NYT and Guardian pieces to facebook, g+ and emailed my tech friends. I'd encourage everyone to do the same

Sascha M.

I just want to get to the getting stuff done... the collaborations, the cocktail napkin sacrifices.

Elliot N.

Rick W: are you eavesdropping on the NSA?

Steve S.

Here's what I said, my words to get my friends to pay attention: "Not liking what I'm seeing here about the NSA colluding with vendors to get them to weaken networking devices so they are exploitable. Making companies more hackable is not a good use of my tax dollars, even (or especially) if it's the US government wants to hack into them."

Eleanor S.

Barbara: If you can recommend a bibliography, I'm all ears.

Christopher M.

If it is easier for USG to hack in, it is easier for everyone to hack in.

Steve S.

Exactly Chris.

Rick W.

Yes Elliot, I'm wearing the brand new Google Glass Plus(tm), with special octopus-camouflaged frames, and two-way listening devices tied directly to Langley, VA.

Elliot N.

NSA brings you the Internet!

Christopher M.

NSA should invest in teaching digital literacy so it would be easier to spy on everyone.

Elliot N.

common carriage applies to infrastructure, not the Internet. the Internet rides on infrastructure.

Christopher M.

Some great actors! Full Channel, XMission, Sonic.Net, CityLink, ... if we had more, fewer local governments would get involved.

Need more light in here.

stage lights

Eleanor S.

+++++

Eleanor S.

Christopher: Why do you think State spends so much money on digital equality programs overseas?

Aleecia M.

cch.law.stanford.edu

Christopher M.

Eleanor: Probably a variety of competing reasons... but mostly to enrich whoever has the contract to deliver that service.

Christopher M.

Given the many pieces of data we submit as surf, are cookies that big a deal? We can be uniquely identified even without cookies.

Aleecia M.

Are cookies a big deal: yes. Are they the only deal: no. Can I solve for all issues at once: no.

Christopher M.

Gotcha

James V.

It might be that cookie protections and fingerprint munging are mostly useful when done together.

Aleecia M.

James: EFF is working on fingerprinting javascript calls that do fingerprinting. There may be tools available in near-term

Eleanor S.

Christopher: No. They do it because the ideology of the Internet is closer to the ideology of the US than most of the countries in question, so it accomplishes goals of cultural shift and alignment with US interests, and it also adds more sensor points for NSA.

James V.

Aleecia, we need to put that stuff in proxies so we can do it on behalf of users at the infrastructure level. I shoved https-everywhere into privoxy. I'll look at EFF's work to see if we can do likewise with fingerprint munging

Christopher M.

We sort of ended Palmer raids

Aleecia M.

Awesome!

James V.

Amanda, I'm aware or panopticlick to see the fingerprint. But I took what you said to mean EFF is working on obfuscating that fingerprint. Can you provide a pointer?

Aleecia M.

James, I assume you know Peter Eckersley. If not, please send me a note designed for me to forward to Peter to introduce you (aleecia@aleecia.com)

Eleanor S.

Christopher: did they produce any useful intelligence product?

James V.

Yep, I know Peter.

Christopher M.

Eleanor, I'm not sure what you mean, but I believe some of those countries were quite close to a working device.

Aleecia M.

This was not to obfuscate the fingerprint (Tor does, though) but rather to learn who is doing fingerprinting.

Christopher M.

The best precedents we can come up with are not particularly helpful it seems.

Eleanor S.

Christopher: Sorry, I mean the Palmer raids.

Christopher M.

Dunno. It may not even have been the point - just to disrupt.

Wendy S.

TAILS -- putting Tor into a live-CD virtual machine -- is Tor's best effort to make fingerprints more uniform

Eleanor S.

This is my response to the question of unwinding surveillance: https://medium.com/weird-future/9b913057c28c

Christopher M.

Need to stop illegal surveillance? To develop a guide for what kind of surveillance is acceptable?

Eleanor S.

We can't get rid of surveillance entirely and keep the Westphalian state.

I disagree

Aleecia M.

For anyone playing our home game, James and I are talking about: http://panopticlick.eff.org Summary - browsers leak small bits of innocuous data, e.g. the order your fonts load, screen size, etc., that can be combined to uniquely ID a given browser.

Christopher M.

NSA ability to lie to Congress is what set me off.

James V.

I'm interested in teaching proxies to munge that fingerprint as they proxy for you.

Chris, the NSA is sort of required to lie to Congress.

Robin C.

We need rules, and these rules need to be followed.

Christopher M.

Robin: yes. Last night Bruce suggested we both need better rules and to recreate our intelligence apparatus because it is beyond simple reform at this point.

Sascha M.

Who thinks secret courts are always a bad idea?

James V.

I do

Eleanor S.

DEA SOD

Aleecia M.

For proxies that munge fingerprint data, see how https://www.torproject.org/projects/vidalia works with javascript calls

Robin C.

bad idea

James V.

I'll look at that. Thanks much.

Monica W.

We also need accountability and transparency. What has the NSA accomplished with their $250 million per year?

Elliot N.

it is the hoovering up of the whole Internet that most bothers me

Eleanor S.

Monica: 14B.

Christopher M.

hoovering is very close to hovering

Aleecia M.

I pitched the idea of pulling the code out independently and there is not time / resource, but I believe it is all open

Elliot N.

and can we make it murder or kidnapping instead of drugs?

Robin C.

and then keeping the data forever, just in case you want to go back and look at it one day. no statute of limitations?

James V.

I thought vidalia was a gui layer, not a layer at which things like fingerprint munging would happen.

Christopher M.

I'm waiting for next week's Bruce column to get totally appalled.

Christopher M.

Just an FYI, 99 years since Rockefeller used Colorado militia to kill innocents during a strike. http://en.wikipedia.org/wiki/Ludlow_Massacre - it could be much worse.

SOB

the frog gets used to the temperature of the water

Steve S.

Bad survey design

James V.

Privacy's end is inevitable. Why fight it? Heck, why even worry about it at all?

Eleanor S.

James: Because we can't live without it.

Christopher M.

I *think* we are horrified at lack of rule of law. Not privacy violations.

Steve S.

Well said Steve C

Eleanor S.

Christopher: disagre.

e

James V.

Chris, I think we're horrified that all of this is legal under our rules of law

Eleanor S.

Then we're all gonna have to change the way our brains work, because we can't live without it.

Christopher M.

Government reaction seems to suggest they aren't very proud of their legal justifications for these programs

Robin C.

I'm horrified by the shirking of law and the lying and deception. And what htey are doing is too far -- it couldn't shouldn't be done legally.

Christopher M.

Eleanor, not arguing that some privacy loss is meaningless. Just that the conversation last night was more focused on rule of law rather than potential privacy violations of our data on a hard drive that may or may not be viewed by a contractor.

Eleanor S.

and let's destroy all freedom of speech because terrrists

Aleecia M.

If we want deterrence, why make it secret?

James V.

Aleecia: fear of secret capability is deterrence?

Wendy S.

and the flip-side of deterring "bad guys" is chilling the freedom of all of us

Christopher M.

When I encrypt a message for someone, that is a public message?

Elliot N.

how is me talking on the phone in my house a public place?

Robin C.

what was teh public place? my gmail? my phone calls?

Elliot N.

or using skype to talk?

Sascha M.

The logic of "worse things would have happened if we hadn't done X" is a poor argument -- often untestable and unknowable... give me data that backs up what the NSA's work actually accomplished, not fearmongering.

Aleecia M.

I'm not seeing a deterrence case for sooper skeret projects

Eleanor S.

If the Internet is a public place at all times, we have no non-public places left, and you're arguing that we can't ever have non-public places.

We get to decide if we want the internet to be a public place.

Wendy S.

I want parts of it to be available as public forum; not all of it as non-private place. Instead, we're getting the worse on both ends.

James V.

Wendy: +1

Christopher M.

Free Press has been working closely with Issa. More talking with each other than most realize - but our media hypes the idea of polarization.

SOB

if the question is secret then one can not have the discussion that is being talked about

Aleecia M.

Third party doctrine is a mess. Humans don't treat privacy as binary (either it's private to one person only, or it's public to all.) Instead, we have privacy-within-groups. Families are a basic unit there.

Ram M.

Not expecting governments to snoop sounds a bit naive. They have done that since they existed. However, I have a real problem with the breaking of the rule of law, with the loss of trust, and with the hypocrisy. But - I think David's question was poorly framed, which causes me to say "I think what's going on is terrible," and "I'm not sick to my stomach" at the same time...

Steve S.

Facebook tracks you, whether you're a member or not, from the pictures your friends post of you.

Sascha M.

New tag line: "Analog... for privacy!"

James V.

Steve: I solve that one by being aggressively unphotogenic.

Christopher M.

James, you are crazy photogenic - especially your head.

James V.

Ram: gov't snooping has always existed and always been bound by practical limits. Those limits have receded because we're putting all our comms in snoopable places. So re-establishing limits makes sense.

Chris: bald and shiny != photogenic!

Christopher M.

James: Do we need technological limits or limits in law?

Ram M.

James + 1

Christopher M.

James V: Also your glasses break up your head nicely.

Eleanor S.

Surveillance got cheap. Either we have way more surveillance, or we make it expensive again.

Christopher M.

sorry - meant my question for Ram, not James

Steve S.

Good practice James

James V.

Chris: dazzle!

Ram M.

Christopher: re-establishing limits in law, imo, is more durable. Technological limits get overrun, it's tech's natural state.

Eleanor S.

absolutely not

they do not obey the law

James V.

Ran

Ram: we need both

Aleecia M.

Or we could decide this is insanity to not be able to trust the tools we built

Eleanor S.

or rather, they currently "obey" the law, but not the spirit.

Ram M.

JamesV: We may want tech, but it seems to be easy to overrun. We can need it, but not sure if we can get it

Eleanor S.

Ram: Law will not stop this. Economics might stop this. Tech might stop this. Law has already be demonstrated to be useless. Why do you want to rely on it?

James V.

Ram: I am more optimistic than you are because even with all this, Bruce tells us the math still works.

Christopher M.

Not sure law has done a good job of preventing the doing of what is possible. I like to think it can but evidence of it working fails to come to mind.

When it comes to tech, what is possible seems to set limits.

Ram M.

Evidence is that tech has not stopped it. Economics might be a mightier force. I'm not relying on law (alone), I'm simply relying on _knowing_ that tech can be overrun

Aleecia M.

Relatives who lived in countries with oppressive governments are careful not to talk in front of the wrong people, careful not to leave written records, and found this a major part of the experience of living in an oppressive regime. What I'm hearing is we're self-inflicting that and saying it's ok.

James V.

Ram: Tech shifts the economics

Ram: tech can make it more expensive and require focused use of resources

Christopher M.

Supreme Court ruled that local police cannot put GPS devices on suspects to track all their movements. http://online.wsj.com/article/SB100014240529702...

Eleanor S.

Ram: we had our arms twisted into building tech that was broken, in many cases in ways we even knew about.

Ram: We can rebuild it.

Christopher M.

Ahem - I mean the police need a warrant. That is the rule of law.

Ram M.

Economics shifts the tech; it's possible to subvert tech, intentionally or not. Most tech has flaws, since computing is not an exact science, and programming is inherently filled with holes

James V.

Chris: IIRC, that's not quite what the opinions said. Read it.

Wendy S.

How do we re-introduce transparency? We need accountability for the use of warrants, so we can exercise the right controls over them.

James V.

Ram: yes, it goes both ways

Ram M.

JamesV: yes, tech can make it more expensive. that's deterrence, though, not limits. I picked law as better because things that people care about (freedom, liberty, consequence, etc.) can be attached as consequential outcomes. The pendulum has swung the wrong way in that area now.

James V.

Wendy: in a world where unwarranted search is punished by evidentiary rules and civil liability but not much else, it's hard to imagine warrants being the real answer.

Wendy S.

JamesV: agreed

Eleanor S.

Ram: But they can't.

Ram: How do you constrain NSA with law? It has never worked.

Ram M.

JamesV: Bruce also told us last night that if they want to penetrate you, they will, and you'll not be the wiser.

James V.

Ram: You're right. deterrence != hard limits

Christopher M.

Eleanor: What do you mean it has never worked? How long as NSA been around? Has this level of surveillance been the norm for that full time?

James V.

Ram: I don't think that's true. If you are sufficiently paranoid and skilled, you can still do content-secure communication

Christopher M.

James V: It helps not be to a person of interest also. Lesson from last night: if you are a high profile target, there is little you can do. Have to be perfect.

Wendy S.

warrants aren't the whole answer; but can forcing disclosure of the use of surveillance tech let the legislative public choose what to prohibit, and where even warrants don't justify it?

Eleanor S.

Christopher: No, because they were not technically capable of it. We have never seen law roll back an operationally and technically deployed, cost-effective, intelligence-generating program.

James V.

Chris: yes. high profile targets will have a harder time

Ram M.

JamesV: I tend to agree with you. That level of paranoia requires special effort, however. Not what the average or even above average Internet user does. Convenience > privacy for most

James V.

Wendy: yes, that's the worthwhile part of it

Christopher M.

According to Bamford, the data collection capacity of NSA has always been staggering. Measured their computers by acres in 1981, I recall.

Eleanor S.

Wendy: there's no such thing as a warrant in espionage.

Christopher M.

Jean Valjean!

Though he did do it. Doh.

Aleecia M.

I do not understand why we are working on either / or (law, tech, econ) -- it seems very likely we need ALL.

Ram M.

Eleanor: I'm not sure I'm as pessimistic as you re. NSA being forever unbounded. We've seen several institutions taken down due to excess. What are realistic limits though?

James V.

Chris: he was absolved by the church, so he was morally innocent

Eleanor S.

Ram: who?

Wendy S.

Ella: no, indeed. I was referring to the drug example. And the FISA court's transparency hasn't given us anything either

Ram M.

Aleecia: Agree - it's not either/or. The fear is that ALL may not be enough!

Eleanor S.

Ram: Not national intelligence. That's a categorically different beast.

James V.

If you've ever seen the inside of a white collar case, you might not agree that the 1% still get that presumption

Christopher M.

Aleecia: yes. We need all. Need to push on multiple fronts at same time.

Aleecia M.

A reasonable fear. Meanwhile, let's try it all. We have different backgrounds, knowledge, skills, and interests.

Christopher M.

White collar cases may not get presumption but prosecuting them is really friggin hard and may not be worth the resources. So the SEC seems to have determined.

James V.

They are picking their battles to be sure

Ram M.

Ella: Yes, it's a different beast. But what is the national conscience about it? Should we not foster a national conscience that says that "this is wrong". "this is not moral".

Christopher M.

The existence of that data invites abuse.

Ram M.

Ella: Perhaps I'm just more optimistic (naive?) that we still matter, and the people's opinions can carry the day

Eleanor S.

Ram: Oh, let's foster the conscience. That's great. But let's no pretend to ourselves, when we're being honest in private, that it's going to make two bits of difference.

James V.

Chris: that data is also archived to large and significant degree on Google/FB/etc's servers. And the existence of that data invites abuse too.

Christopher M.

James: we should have access to data related to us... as a first step.

Ram M.

Ella: Change comes fast, if the value-system is altered. That's what I am advocating we should work on changing. We must accept that they are fearsome in their capabilities; that doesn't mean that we only try to outrun them (which is what I see doing more tech as)

James V.

Chris: NSA as free backup for all. It's the killer app that really kills!

Eleanor S.

Ram: we have no evidence that change comes. There's no historical evidence for it. I'm not going to say we shouldn't look at that, but I don't have any reason to believe it'll work.

Robin C.

how can Obama move in international circles given these regulations? US credibility is shot. I wonder what the lede is on foreign press

Elliot N.

NSA buys Dropbox!

James V.

I wonder if Pepper can give insight in to how Cisco is selling overseas right now.

Steve S.

Yeah Robin, was just reading about Brazil cancelling US visit in October and considering cancelling F18 purchacehttp://rt.com/news/brazil-cancels-us-tr...

Robin C.

le monde just translates nytimes and guardian stories without editorial. maybe tomorrow we will get the eidtorializing

Ram M.

Ella: Governments have fallen and presidents resign when value systems are altered. Isn't this the history of most revolutions over the ages?

Desiree M.

Dropbox powered by NSA

Eleanor S.

Ram: sorry, let me clarify: we don't get a rollback *without breaking regime change*

James V.

DropBox backdoored by NSA (or maybe just NSL'd)

Eleanor S.

Ram: I may be a radical, but revolutions suck to live through.

Christopher M.

If it is not possible to stop the NSA, what is to be done?

When all hope is lost, there is nothing left to worry about.

Monica W.

That's the million $ question

Eleanor S.

Christopher: Note that I was very specific in my wording: cost-effective.

James V.

Chris: change the landscape

Eleanor S.

We can change the ROI of surveillance, and we can defund.

Those we have historical evidence for working.

Ram M.

Ella: agree re. need for regime change, but i'm adding that there is also a value-system change needed. just regime change won't be enough

Christopher M.

Eleanor: You seem to have just made the point that there is no precedent for defunding.

Barbara C.

FYI, the book I was referring to is "Creation of the Media" by Paul Starr.

Christopher M.

James V: Please clarify

Eleanor S.

Ram: I'm not suggesting regime change, necessarily. I'm suggesting that the landscape we can fight on is the techno-economic one.

Aleecia M.

My vote is that there needs to be specific, particularized concern with judicial review prior to data collection

That's it.

Ram M.

we have evidence that successive regimes won't change effective/successful intelligence/surveillance techniques

Steve S.

true Ram

James V.

Creation of the Media, summarized: http://www.nytimes.com/2004/05/30/books/review/...

Eleanor S.

Christopher: not defunding specific projects. Defunding NSA as a whole has happened, and they've changed their minds historically on what's cost effective in reaction to it.

Desiree M.

Here is a good overview how FISAA intervenes with EU data protection efforts http://www.youtube.com/watch?feature=player_emb...

Eleanor S.

Allecia: That's not intelligence.

Christopher M.

Eleanor: I'm confused about what you think we should do. And how to do it.

Eleanor S.

We change infrastructure so it's more expensive to surveil, and we work specifically at funding reductions.

Christopher M.

Data collection, eavesdropping on Dr. King and KKK members is all related to intelligence.

James V.

Chris: make wholesale surveillance harder, force NSA to make real choices and commit real resources, provide some measure of secure comms for some classes of vulnerable people

Aleecia M.

Within the US, that is what we've claimed to do for a very long time

Christopher M.

How can we change the infra?

Steve S.

As stated before, it's ironic that the tea party / libertarians would be the ones politicians that would be most likely to want to restrain this.

Eleanor S.

Aleecia: domestic policing is not the same as intelligence.

James V.

Chris: end to end would be a good start

Decentralizing would help

Aleecia M.

So you define intelligence as requiring mass surveillance?

Robin C.

what you just said is how more americans are feeling. Arab american, brown americans, young americans wearing hoodies.

Christopher M.

I am all for decentralizing. Is end to end the public key crypto?

James V.

secure by default rather than insecure on purpose

Chris: end to end is crypto

Christopher M.

Secure by default seems to invite NSA monkeying with OEMs.

Ram M.

Ella: i'm skeptical of fighting this primarily on techno-economic, we need to add legal and morality/value components as well for this to stick

Monica W.

But how to we mandate decentralizing infrastructure?

James V.

Chris: free and open source software + decentralizing takes care of a chunk of that

Christopher M.

Monica: not a mandate.

Eleanor S.

Christopher: then we start looking at supply chain security and hardware attestation and we go to the next layer. We fight it into the metal.

Ram: Oh, in the public narrative, I absolutely very strongly agree -- I wasn't being flip earlier.

Christopher M.

Eleanor: "We fight it into the metal" is pretty awesome.

Ram M.

JamesV: decentralizing will help. but need more - deconstructing will be needed too

Monica W.

Yeah, I'm just skeptical that otherwise we won't get it to happen.

Elliot N.

quite famously, tom wheeler is apparently a nice guy

Christopher M.

Monica: won't happen for all. Need people to step up. Who can mandate action that runs counter to what fed gov wants?

James V.

Monica: we need business models around decentralization

Elliot N.

don't hate the player, hate the game says bob

Christopher M.

Elliot: took longer than expected for TW to show up here

Sascha M.

Very decent people do very evil things... they're as decent as they are evil.

Elliot N.

hehe

Eleanor S.

Ram: And the legal stuff may not hurt. But it's not where to concentrate.

Monica W.

That was my point. Mandating is impossible, and voluntarily, it will only make a dent. I'm all for fighting a fight that's winnable, but not sure that's the most effective route.

James V.

They're decent people just going with their inventives.

Monica W.

I think the legal approach is easily to sell to Congress.

James V.

"I was just following my pay check" is the new "I was just following orders"

Ram M.

JamesV: decentralized could simply mean it takes longer to gather up all the threads. deconstructed+decentralized raises the barrier, and changes the economics

Monica W.

*easiest*

Elliot N.

I had a lovely ride last month with some retired pre-apartheid south african secret policemen. really charming gentlemen. truly.

James V.

Ram: would you define deconstructed?

Elliot N.

cracked skulls no doubt, but they were decent and charming

Christopher M.

Aparna notes that incentive for elected leaders is to cover their ass in case of terror attack.

James V.

Elliot: service with a smile

Elliot N.

don't forget the portuguese!

Eleanor S.

One of the reasons why I like spending time in the London is it's full of people who care about seeing the world is run properly, regardless of how they want it to run.

Christopher M.

Brewster: "I kinda like the American experiment."

Elliot N.

the Internet is so much more resilient

Ram M.

JamesV: deconstructed: construction of services from disparate, separately accessed sources, dynamically, with each instance constructed uniquely

SOB

not just the internet - that is just one of the targets

James V.

Periodic reminder: If you made a key today or otherwise want to participate in key signing, please email me your key: james@jamesvasile.com

(or just send me a signed or encrypted message)

http://home.cc.umanitoba.ca/~altemey/

Ram M.

JamesV: oh, and with appropriately strong crypto

James V.

The authoritarians ^^^

Ram: sources == data stores?

Lucifer effect: http://www.lucifereffect.com/

Eleanor S.

james: add mine to the list?

james (local sign only, obviously)

James V.

Eleanor: we didn't get in to local signing and I don't know we will explain that wrinkle

Barbara C.

Another book is by Philip Zimbardo, The Lucifer Effect that examines how "evil" behavior can arise from good people.

Eleanor S.

bleh.

James V.

Protocol will be sign and return

Ram M.

JamesV: sources = URIs that may point, directly or not, to data stores

Eleanor S.

James: I guess I'm not going to participate then.

James V.

Eleanor: fair enough. Basically, I don't know how to ensure local sign in all those clients

Ram: yep, that's makes sense

Ram: there are a few projects working on that end of the problem

James V.

Privly comes to mind

Elliot N.

http://en.wikipedia.org/wiki/Simon_Cameron

Christopher M.

I don't get how, as bad as things are, people cannot use the existing protocols to keep the Internet going, if only in isolated areas. Or does the Internet require a critical mass to keep thriving?

Sascha M.

Ummm... surveillance is worse than was ever possible in prior eras... Tom, you clearly haven't read (recent) history.

Elliot N.

"An honest politician is one who, when he is bought, will stay bought."

Christopher M.

Is that the actual threat: that people will be afraid to use the Net? I feel like we haven't really covered this in depth.

Elliot N.

+! tom

and +1

Eleanor S.

Christopher: I have plenty of friends who won't use the net for specific things, and some who won't use it at all whenever possible.

Sascha M.

Patronizing people who have concerns about contemporary problems = lame.

Christopher M.

But are we at risk of Bruce's mom signing off? It doesn't appear so.

Ram M.

JamesV: would love to get some pointers

Steve S.

I'm getting lots of fb and g+ likes on my link.

Sascha M.

When do we get to talk about what we're actually going to do?

Desiree M.

After the break?

Christopher M.

That sounds like Sascha's strategy at Open Tech Institute

Desiree M.

for later: http://www.youtube.com/watch?v=CKQ3sKuirkw

Aleecia M.

that's kind of amazing

Brough

Thoughtworks' View the world from the perspective of the poor, the oppressed and the invisible and

Robin C.

s. africa office: I wonder about the choice of saying it would be 80% black programmers. I've been part of a new urban school. We found we could handle 30% "free school lunch" and create a first class school. But in later years, the rules changed and it became 80% low income, and this percentage resulted in too many problems, flight of higher income families, and the end of the school with a large activist and pushing parent community. So, the percent of the challenging population has had everything to do about the ability to move the whole forward.

Brough

Thoughtworks' 3rd pillar: Advocate passionately for social and economic justice.

Brough

Which is achieved by telling their staff to: View the world from the perspective of the poor, the oppressed and the invisible and aid them.

Robin C.

and act on their behalf

Brough

thx

Eleanor S.

...we still need business models for our decentralized infrastructure. I sympathize, but this is also useful.

Eleanor S.

Best information we have is that Tailored Access Operations is NSA's internal set of hackers.

Sascha M.

When do we get to the part where we actually formulate constructive responses?

Christopher M.

If a exec refused to cooperate, would be interesting to see what charges were levied against them. Not cooperating with a program that doesn't exist?

Eleanor S.

Christopher: In Nacchio's case, insider trading.

Christopher M.

Or perhaps Nacchio just stopped getting away with the things so many of them do but are not busted for.

Eleanor S.

Sascha: I've got a dozen shovel-ready projects that are just waiting for funding at scale. I'd be happy to talk about them.

Sascha M.

Number 1 story on Google News??? Nope, not NSA, "George Zimmerman's wife files for divorce in Florida, lawyer says"

(but NSA is #2...)

Christopher M.

Goog News top story for me is Syria

James V.

zimmerman for me

Josh L.

it's interesting that we judge a story's strength by whether and how the mainstream media picks it up

Josh L.

they're still powerful

Wendy S.

Reflections on Trusting Trust http://cm.bell-labs.com/who/ken/trust.html

Josh L.

great graphic: http://www.nytimes.com/interactive/2013/09/05/u...

Eleanor S.

Fortunately, now we've got IDA Pro.

Christopher M.

I'm struggling to match specific threats (crypto cracking, companies working hand in glove with USG, OS exploits, vacuuming up Internet) to who they threaten and how we should react.

Sascha M.

I'm *really* rather interested in the "what do we do now" topic.

Josh L.

Sascha let's introduce that topic right now

Eleanor S.

yes

Christopher M.

What do we do now??

Desiree M.

What to do? Schneir tried to answer it earlier with quantum computer question in an earlier article

Symmetric ciphers are thought to be far more resilient to quantum computing, so using 256-bit symmetric keys still has 128-bit effective key length when brute-forced by quantum computer (in currently known modes), meaning it's still secure.

Eleanor S.

Desiree: We don't know that the math has changed at all.

Christopher M.

Will us using crypto save the Internet?

Eleanor S.

The point of this article is that they're not going through the math.

Desiree M.

He assumes that NSA does not have a quantum computer yet.

Eleanor S.

We need to get the implementations right.

Sascha M.

Things to do: at the individual level -- enable end-to-end encryption applications

Desiree M.

These news will make others more careful, and crypto can help a bit in the "meantime"

before we fix the judicial system

Aleecia M.

Unless someone has a better idea, it sounds like we need to start from scratch with different assumptions and redesign. And the estimates in this room is 15 years. If these are both correct (and maybe not) that suggests a set of approaches, both short- and longer-term

Desiree M.

legal system

Christopher M.

Using crypto seems like the "change your lightbulbs" path to solving global warming

Aleecia M.

Using crypto is telling the NSA to See Figure 1

Christopher M.

We don't need more stories. We need a plan. Phase one: use crypto

Sascha M.

Red phone, cryptocat, enigmail, OTR -- what else do people use?

SecureText...

James V.

I use gpg a lot

Desiree M.

Christopher Mitchell - it is not the answer

Eleanor S.

We need: adversary modeling. meainingful cross-domain security. scalable nation-state malware analysis. opsec consulting. usability consulting for crypto projects. studies of intercept hardware and tools. incident response for high risk users.

Wendy S.

full-disk encryption. ssh tunnels

Eleanor S.

plus support for a pile of specific projects or roles.

Desiree M.

but it could be a short term answer

James V.

ssl that doesn't rely on the ca hierarchy

VPNs

Christopher M.

Any guess whether we will talk about things we can do or tell stories about how the things we know have already happened happened?

Sascha M.

Oh yeah, truecrypt, dejadup...

Eleanor S.

Many of the applications we need to see improved and made more universal already exist; they need to be much better and ubiquitous.

Christopher M.

This one time, at I got hacked camp...

Eleanor S.

Those projects need funding, and the support for those projects need funding.

Aleecia M.

Suggestion: contribute to https://prism-break.org if you have new information.

Eleanor S.

This is all stuff that can get started within six months if the money turns up.

James V.

I'm also using duckduckgo for search, though that is more privacy than security

Sascha M.

I like the LEAP project's security bingo page...

Josh L.

We need a movement of pissed off people!

technology is NOT going to save us

Christopher M.

Tech is a piece, not the puzzle.

Eleanor S.

In the two-year term, we need a pile of new applications pushing things further on, replacing the core of the stuff we rely on now.

Sascha M.

https://leap.se/en/2012/security-bingo

Eleanor S.

Josh: and not having tech will definitely doom us.

Sascha M.

Beyond the individual level is far more complicated.

Christopher M.

Is any of this tech going to be usable by Bruce's mom? Who is new tech aimed at?

Eleanor S.

Christopher: If we can't get it there, there's no hope.

Josh L.

Ella: we can go around in circles about this. Isn't have tech what did this to us in the first place? :)

Eleanor S.

I think it can get there.

Josh: *shrug*

Josh: You think you can change the laws of physics with a memo, have fun.

Josh L.

Ella: If you think you can change government policies with encryption...

this is fun!

Christopher M.

So yeah. Josh is working on policy, Ella on tech. Others?

Josh L.

We're talking about different scales of change

Josh L.

1. Individuals need to arm themselves with tools to protect themselves. That will help in the short term and for a small scale

Christopher M.

We need to be talking about different scales of change

Josh L.

2. Communities can't expect everyone to take the first path. They need to band together to create policy change.

Eleanor S.

So, I dunno about lobbying, but software costs real money. To start doing a credible effort to help high-risk users and to change the culture of the development world, I'm putting a dollar cost of about US$150M a year.

Josh L.

That's like a steak for an AT&T lobbyist

Eleanor S.

Awesome. Wanna help me find someone who can write a check? I'll stop harassing you about rule of law. ;-)

Christopher M.

Eleanor: who will fund that? Few corporations that care about the Internet want to see users able to go dark and keep their info private

Sascha M.

Communities should build their own networks...

and supply their own IT infrastructure.

Christopher M.

Sascha: supply their own IT infra?

Eleanor S.

Christopher: Well, there's a bunch of folks who've made some real money on having a free internet. It'd be a shame if anything happened to it.

Christopher M.

OTI have a router project?

Desiree M.

We've been talking about this scenario - communities building their own networks for ages - this is already happening

Christopher M.

Eleanor: wish it worked that way.

Sascha M.

Things like the chambana.net project

Christopher M.

Desiree: Yes, but it seems they are buying infrastructure that is already compromised.

Desiree M.

True.

Christopher M.

So simply building a community network right now with gear that NSA has secretly modded may not get us as far as we thought last week.

Eleanor S.

Well, if no one wants to pay for the cost of what it takes to engineer tools for freedom, then they're not gonna get to keep that Internet. Sucks to be them. And us.

Sascha M.

Or use: Riseup.net

Christopher M.

Eleanor - we have been fighting this battle for years. Only we have hoped to raise 10% of what you propose and we have not been able to

Eleanor S.

Christopher: a) I'd hope that folks might be feeling a little bit more motivated this week.

Christopher: b) and this is why the state of software for internet freedom is, frankly, a pathetic shambles of useless code.

Desiree M.

It would help if someone would publicly protest about what is happening...

Christopher M.

folks yes. But Google and Facebook, for instance, really don't want to see people taking control of their communications.

Aleecia M.

Desiree, we have protested publically

Publicly, too

Eleanor S.

Christopher: Bezos is a guy. Thiel is a guy.

Christopher M.

Protesting publicly requires motivating people.

Desiree M.

Aleecia: I am sure you and other orgs have - but am talking about masses.

Aleecia M.

Not literally true but: if it isn't on TV, it didn't happen

Christopher M.

There are zero surprises, but yet most in this room seem staggered by it.

Unable to respond in ways beyond "I remember when" stories.

Aleecia M.

How did something this vast stay quiet so long

Christopher M.

Aleecia: very good question. Never would have believed it now that you bring it up.

Eleanor S.

Aleecia: This is what the entire US black state has been bent toward protecting. They destroy the lives of everyone you love if you say anything.

Aleecia M.

Maybe because unless you had root, you didn't know the whole picture. And that's part of the jaw-dropping, right, the different layers. So if you only know one piece, it doesn't seem the same

MainChat — Thursday, September 5

MainChat

People in this transcript

Files in this transcript