The tragic terrorist attacks in Paris have fueled, even more than before, a strong campaign against widespread adoption of encryption tools, even if it soon became clear that the terrorists hadn't used any. While in USA plans for the adoption of compulsory backdoors, in order to circumvent encryption, have been apparently abandoned, many European States seem to perceive encryption software and devices as one of the worst evils. Which is the role of FOSS and FOSS developers in this scenario? How can we enhance communication privacy, without breaking any regulations?

1. Free as in freedom.
The importance of FOSS
in the surveillance era
Avv. Giovanni Battista Gallus
LL.M. Ph.d. ISO 27001 Lead Auditor

2. 2
The “Circolo dei Giuristi Telematici", founded
in 1998, is the oldest Italian association of
“cyberlawyers”
Very active mailing list, with many members,
including attorneys, in-house lawyers,
consultants, law professors and forensics
experts.
More information (Italian only):
info@giuristitelematici.net
http://www.giuristitelematici.it
@CircoloGT

3. @gbgallusAvv. Giovanni Battista Gallus

4. @gbgallusAvv. Giovanni Battista Gallus

5. @gbgallusAvv. Giovanni Battista Gallus
Exactly one year ago...

6. @gbgallusAvv. Giovanni Battista Gallus
(Council of Europe
Commissioner for human
rights)

7. @gbgallusAvv. Giovanni Battista Gallus

8. @gbgallusAvv. Giovanni Battista Gallus

9. @gbgallusAvv. Giovanni Battista Gallus

10. @gbgallusAvv. Giovanni Battista Gallus

11. @gbgallusAvv. Giovanni Battista Gallus
"Even though the prime minister has declared that "there are presently no
plans to attack [Tor-type] anonimizaton", we expect that the coming laws
(for instance the one extending for another 3 months the state of
emergency) might include anti-strong crypto provisions, either directly
in the law project or through amendments during the Parliamentary
deliberation. We consider that this is the most critical issue on the
agenda of digital issues stricto sensu (the rest belonging to the no
less worrying domain of general tramping on fundamental rigths).”
Philippe Agrain, La Quadrature du Net

12. @gbgallusAvv. Giovanni Battista Gallus

13. @gbgallusAvv. Giovanni Battista Gallus
Simplified
workflow for the
war on terror
May be
used by
terrorists
X
(device,
infrastructure,
software...)
BAN!!! OK!
START
STOP
Yes No

14. @gbgallusAvv. Giovanni Battista Gallus
Should we ban all
black Seat?

15. @gbgallusAvv. Giovanni Battista Gallus
What about Ford
F250 and Toyota
pickup trucks?

16. @gbgallusAvv. Giovanni Battista Gallus

17. @gbgallusAvv. Giovanni Battista Gallus
By NicoBZH from Saint Etienne - Loire, France [CC BY-
SA 2.0, via Wikimedia Commons
Let me be crystal clear:
Weakening encryption or taking
it away harms good people who
are using it for the right reason
Tim Cook
16 January 2016 (Encryption in France)
France may prohibit strong encryption.
If that happens, I may be unable ever to
go to France again.
RMS
Very unlikely allies ...

18. @gbgallusAvv. Giovanni Battista Gallus

19. @gbgallusAvv. Giovanni Battista Gallus
●
If we can't have a
backdoor or ban
encryption, we'll use ...

20. @gbgallusAvv. Giovanni Battista Gallus
●
"The easiest way for someone to
eavesdrop on your communications
isn’t to intercept them in transit
anymore; it’s to hack your computer.
And there’s a lot of government
hacking going on.”
Bruce Schneier, Data and Goliath,
2015

21. @gbgallusAvv. Giovanni Battista Gallus
●
The
“Bundestrojaner”
(aka State Trojan)
Photo by Leralle

22. @gbgallusAvv. Giovanni Battista Gallus
●
UK Draft Investigatory
powers bill

23. @gbgallusAvv. Giovanni Battista Gallus
●
Food for thoughts
It is a lie that the state of emergency
protects democracy. Historians do
know that it is the opposite.
The state of emergency is the
device which has been used by
totalitarian regimes in Europe
Giorgio Agamben, Le Monde

24. @gbgallusAvv. Giovanni Battista Gallus
●
Food for thoughts
The "security" they talk about does not aim at
preventing terrostist act (which is really
difficult [...]), but rather to establish a
widespread and limitless controll on the
population (that's why they are so focused on
the total control of citizens' data, including
full access to the content of any device)
Giorgio Agamben, Le Monde

25. @gbgallusAvv. Giovanni Battista Gallus
What can we do?
Ludovic Hirlimann

26. @gbgallusAvv. Giovanni Battista Gallus
●
Develop secure SW
"The real problem is that few
developers learn how to develop
secure software, even though nearly
all programs are under attack
(because they connect to the Internet
or take data from the Internet)”
David A. Wheeler
How to Prevent the next Heartbleed

27. @gbgallusAvv. Giovanni Battista Gallus
●
Use a standard FLOSS
license
"I believe that much more code
review and many more contributions
would occur if OpenSSL used a
standard widely-used license.”
David A. Wheeler
How to Prevent the next Heartbleed

28. @gbgallusAvv. Giovanni Battista Gallus
●
What can we do?
Fight the FUD!
Become active citizens, and raise
awareness
Develop better & simpler tools
Support all advocacy groups which are
fighting the costly battle for
fundamental rights

29. @gbgallusAvv. Giovanni Battista Gallus
By NicoBZH from Saint Etienne - Loire, France [CC BY-
SA 2.0, via Wikimedia Commons
He who sacrifices [free software] freedom for
security deserves neither
Benjamin Franklin meets RMS

30. @gbgallusAvv. Giovanni Battista Gallus
Questions?Questions?

31. @gbgallusAvv. Giovanni Battista Gallus
●
Thank you
Avv. Giovanni Battista Gallus
gallus@array.eu @gbgallus
Unless stated otherwise,
all texts are distributed
under a Creative Commons
Attribution – non
commercial – sharealike
3.0 Unported license