SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez nos Conditions d’utilisation et notre Politique de confidentialité.
SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez notre Politique de confidentialité et nos Conditions d’utilisation pour en savoir plus.
Story about freedom Freedom is something that I care about very deeply about. As a teenager, reading 1984 – I was intrigued. In it, George Orwell depicts this dystopian future Every citizen is being watched by the government through “telescreens” – fictional devices acting both as a television and a surveillance camera It was mandatory to have such a TV screen in your living room. This is very similar to what is happening today. We surround ourselves with smart TVs, smart devices that have camers on them. I don’t see much difference. The only difference is – we bought the smart TVs and installed them ourselves This is going to be a talk about balkanization in the digital age [but first, I would like to take you back into the past]
Can you imagine a world without borders? A world in which human beings managed to evolve because of one main reason: migration. Migration is at the center of human evolution. The story of the ancient Silk Road Silk Road was this trading route connecting three continets Civilizations among the path managed to evolve because of the ancient Silk Road benefited Exchange of goods, merchandise Exchange ideas and phylosophies About religion, life or science Opening long-distance political and economic relations between the civilizations
Same principles (open world, sharing) laid the foundation of the internet. The internet started as a private network between universities It would empower researchers to share their findings freely and in a timely manner Taking science to the next level They all knew eachother and trusted eachother Privacy and security have only been added later, as layers on top of an already shaky foundation This is why the internet is inherently insecure. [fast forward to the present]
Tim Berners Lee quote “I hope we will use the Net to cross barriers and connect cultures”
We live right now in a world in which borders are everywhere By contrast, walls and borders promote segregation, and have a negative impact on economy, creativity, and technology, slowing down progress on every level. While we often praise global collaboration and we find value in sharing information with people from all across the world We haven’t reached that maturity in our society that allows tearing down both physical and fictional walls We take physical borders for granted We are used with this. We take these borders for granted. Every time we travel we have to go through security checks in airports, stay in queues to have our passport checked. [what gives me hope is that]
We’re not ok with any kind of border that is imposed on us Sometimes, we like to jump over some walls Sometimes, we even take these walls down The Berlin wall is a great example of how people managed to become free, when they really want to.
Less than three decades after the Berlin Wall collapsed and ended an era of division between the east and the west, the world right now seems on the brink of making the same mistakes over again. Only this time, in cyberspace.
[what worries me right now]
The internet right now is going through a process called Balkanization. Balkanization – geopolitical term A process through which an area becomes divided in smaller entities These smaller entities not only refuse to cooperate with eachother, but sometimes are even hostile to eachother The internet has a natural tendency to be divided Differences in language or culture In this part of the world w’re all browsing the English speaking internet, In other parts of the world a Chinese speaking person will not use Google to search the internet, they will use Baidu. A Russian speaker will not use Google, they will use Yandex I think this division is OK, as long as it’s happening naturally. No artificial causes. Information is like water – it has the tendency to leak, or to go anywhere it can reach. Just like two communicating vessels will get filled by the same source of water The same way the Internet helps human civilization share knowledge and disseminate this knowledge around the world [unfortunately, not everyone is ok with the current status quo]
More and more countries are building walls on the internet Governments around the world realized they need to control the Internet If you go to China, most websites that you are used with browsing daily are blocked. Accessing them is not allowed. Internet entered China in 1994 The Communist Party back then was very quick to realiz the potential this network has for bringing like minded people together They quicky decided they need to regulate the internet. Only three years later, in 1997, the first version of the Great Firewall of China was up and running – blocking resources, filtering traffic and monitoring internet activity. That’s right – free internet in China lasted for only three years. When Google was still operating in China (BTW, I hear they’re going back now) If you would search for the “tiananmen square” event – you would get beautiful pictures of clear blue skies and nice asian architecture. If you search the same query from anywhere else in the world, you will see the iconic “tank man” picture This picture became a symbol of courage – everywhere around the world, except China [China is not the only place where the internet is not free]
There is a huge technical industry fueling the growth of internet surveillance This is not a China-only problem Unfortunately, in the past two decades more and more countries started following China’s steps Flourishing private industry developing surveillance technologoes Most of these companies are based in the green areas no export restrictions surveillance technology sold to whoever can pay – including countries with very bad human rights track records Every year, more and more such companies are being started-up Their only purpose is to find new ways in which governments can monitor our online communications [this is pretty worrying]
Legally compel iternet companies to hand over data or restrict available content for certain geographies Luckily, some of these companies publish statistics about requests coming from governements In the past years, more and more Silicon Valley based companies have had to make a hard choice When faced with personal information or content takedown requests, they often chose to comply with requests coming from authoritarian regimes, or regimes with a not very good track record when it comes to respecting human rights. Money seems to be the decision maker Refusing to comply with such requests usually means the company will cease to do business in that specific country [maybe the Chinese example is not something that will touch you]
How about something closer to home? [“travel” to Turkey] Meet Barış Pehlivan – an investigative journalist based in Turkey Has been very critical to the government in the past few years He was recently released from prison He spent more than 1 year and a half in prison after his office was raided and the government found incriminating documents on his hard-drive What actually happened here – Baris was not the one to put those files on his hard-drive The weekend before his arrest, someone broke into his office on a Friday night – at 10 PM, when there’s nobody there, computer turned off They physically removed the hard drive from his computer, planted the files there and then put the harddrive back How do we know this? These conclusions were uncovered by security researchers who did the forensic investigation of Baris’s HDD Forensic investigators also uncovered the fact that in the weeks before the arrest, Baris’s computer was remotely attacked 12 consecutive times with Ahtapot – nation-state sponsored malware [why does this matter?]
The reason I wanted to tell you Baris’s story is so that we can better understand the dangers there are when somebody else has access to your data, to your computer. It’s not just a question of someone knowing information about yourself, but it can be a question of freedom. Actual, physical freedom. It’s why the things we do in this industry of ours matter a lot.
Limiting internet freedom is bad for journalism Freedom of press is arguably the most important pillar of modern societies Journalists should be free to do their job Mass surveillance hurts reporting on important issues such as corruption Sources become harder to find and more reluctant to cooperate when they know they are surveilled [But this is part of a bigger picture]
Everyone changes their behavior because of surveillance You don’t need to read an Oxford (even though there is one) to realize that human beings change or restrict their behavior when they know they are being watched Think about it. Is there anyone in this room who hasn’t ever written a Facebook status update only to delete it right before pressing the Post button? What will my friends think if I post, like or share this? Self-censorship can’t lead to anything good, can it?
Human intellect is not the only thing prospering when information is allowed to flow Economies prosper as well A recent McKinsey study shows that the internet is responsible for 21% of the growth in GDP in the past 5 years [And just as civilizations on the path of the ancient Silk Road profited from the trade of goods and ideas]
Modern day Silk Road brought prosperity to Ross ulbrich Ross Ulbricht was guided by extreme libertarianism He believed each individual has to chose what is good and what is bad Underground marketplace Just like Amazon, but for guns, fake IDs and dangerous drugs But of course his site attracted the attention of law enforcement Website got seized, he was arrested. The Silk Road takedown would not have been possible without international cooperation, just like the fight against cyber-crime is not possible without cooperation
Every day, anti-virus researchers discover and analyze more than 300,000 new malware samples daily How do we find the needle in the haystack Is it the smart minds we have in this industry? Is it the resources, the bare metal servers we can afford? More than 10 years ago, when I was young and I joined infosec, the thing that amazed me the most is how researchers from competing companies cooperate with eachother Sharing threat data and generally coming together as one in the fight against malware [when I look around nowadays, I am not sure the future of cooperation is so bright]
Digital nationalism in the form of protectionist legislation making it harder and harder to cooperate. Historically, nationalism is a concept dating from the 18th century. This ideology promotes undiscriminate love and devotion to the interests or culture of a nation or state. Nationalism believes that nation-states are better off working alone than collectively, emphasizing national rather than international goals. This ideology was one of the principal causes that started both WWI and WWII, which killed over 70 million people worldwide. In the last decades, more and more countries have become more divided and nationalistic, with some of them using the Internet against their own people, controlling and restricting information in the name of their nation-states. (Map of nationalistic tendencies in Europe: https://www.bbc.com/news/world-europe-36130006) It is a dangerous ideology, that opposes the main purpose for which Internet was created: cooperation, decentralization and non-discrimination. Manipulation on the Internet is easier than ever, and the commercial and political stakes are becoming higher every year. In 1995, only 0.4% percentage of the world population had access to the Internet. Now, more than half of the planet can surf the web. Most of the people who are on the Internet are using at least one social networking service
Bubbles and Isolation Social networks are built in a way that promotes bubbles and separation. Each of us is connected to their friends and follows the people he or she looks up to. Each individual’s digital world seems to be shaped around them. If we gather together, it’s usually with people like us, while keeping the distance from those who have different views. Interactions between groups are limited, and when they do exists, we are not truly listening to each other, but looking to re-enforce our believes. Digital networks have the power to unite and give political voice to powerless and marginalized groups. But - with nationalism and extremism - on the rise, digital networks can polarize our views and beliefs even more. The inability to understand the differences between us are becoming more prevalent. [what can be done about it?]
Philosophy. Let’s avoid in infosec what happened in Silicon Valley. Philosophy is important. Yes, even for tech people. Where we come from and where are we going. The Internet is giving birth to a new kind of society, changing the way we think about politics, work, money, health or knowledge. It is reshaping our beliefs, behaviours and values. This can both unite us and divide us, bring us peace or war. We have a duty to influence the direction in which this is going. The Internet and - inherently - our society, should be an important matter of debate amongst us. But we need better tools to understand what is going on. Philosophy can help us question the most basic assumptions of our work, and re-define notions of self, nations, freedom and privacy in this digital era. All of us need to take a step back and ask ourselves better questions of what our work means and what is the impact of the code we’re writing for the future of our world. [because we have a huge responsibility]
Computer security and medicine Cybersecurity researchers spend their days finding new vulnerabilities and monitoring the evolution threat actors – all this to protect internet users Cybersecurity researchers are very much like the doctors of the future The same terminology is being used Infection, disinfection, virus, epidemic, quarantine Just as doctors on the battelfield have sworn to protect soldiers and civilians no matter which side of the border they are, security researchers do the same in cyber-space – being neutral in the face of threats against security and privacy.
Manhattan Project This year marks the 73th anniversary of the only times that atomic bombs have been used against human targets–at Hiroshima and Nagasaki, Japan. Most Manhattan Project workers who built and operated the uranium enrichment facilities and reactors did not know what they were doing. Information was compartmentalized and provided on a need-to-know basis, ensuring that only a fraction of workers understood the larger goal of the project: that of killing was enemies. What if those workers and engineers new what they were doing and talked about it in public, voicing their complains against the? undreds of thousands of lives would have been spared. The Internet has such a power, but it’s up to us if we use it or not.
Conclusions I am not here to judge if balkanization is good or bad I am not here to judge if total freedom is good or bad But what I can say for sure is that as human beings, we want to evolve The only way in which we can evolve is if we have real choice There cannot be anything such as real choice as long as we don’t have free, unrestricred access access to information [what keeps me up at night] Governments have already decided what kind of internet they want for themselves. They want an internet in which everyone is monitored and all content is controlled. Remember, the internet was not initially designed to be balkanized I think this is the moment when we, security researchers, have wheigh the same decision. We the researchers have to decide what kind of internet do we want our kids to use in the future. Do we want them to live in a world like George Orwell’s novel 1984, where everybody is being watched and surveilled by their government? Or do we want them to live in a world where things such as free access to information, real privacy and security are basic human rights.
Internet Balkanization: Why Are We Raising Borders Online?