Cory Doctorow spoke at the Beaverton City Library on July 8th, 2014
@doctorow
- Detergent anecdote:
-
- “Make a detergent that makes clothes newer”
- actually…
- “Make a detergent that makes clothes LOOK newer”
- But… that’s done with a detergent that eats fiber ends, digesting clothes, and thus actually making them older faster.
- Everything is computerized: cars are mobile computers, houses and buildings are dependent on computerized climate control, without which they are uninhabitable. the boeing 747 is a flying solaris station in an expensive aluminum case.
- in the future…your hearing aide is almost certainly going to be computerized. which means that a computer mediates what you hear: selectively enhancing, and minimizing different things.
- who controls computers? who regulates them?
- back in the 1980s, it was all about copy protection. because software was what was sold back then. copy protection on floppy disks (flaws on media, dongles, look up word in manual, etc.)
- none of it worked.
- why?
- because there was something that was encrypted, and the descrambler had rules about when it would decrypt it.
- but this isn’t real security.
- real security is: alice and bob want to communicate. they’ve got the encrypted text, they know the protocol, and they have the secret key.
-
- Carol can see the encrypted text, can guess the program/protocol. but doesn’t know the key/secret.
- it doesn’t matter that Carol has the encrypted text or the program, only that she doesn’t have the key.
- But in the copy protection world (scrambled book, software, etc.)…
-
- Bob encrypted the program/software/book/video.
- Everyone else in the world is Alice.
- Bob has to provide both the encrypted text and the key. But the key is hidden.
- Someone is the world is always going to find the key.
- And once they do, then it’s broken.
- It’s so prevalent, it’s actually easier to get the one that’s broken without the encryption.
- (Will: easier to bit torrent a TV show that to get netflix player installed and up to date and authorized.)
- Copy protection just doesn’t work. Not for software, books, or video.
- We should oppose breaking computers for the sake of copy protection, which doesn’t work anyway.
- World intellectual property organization: WIPO
-
- WIPO copyright treaty (WCT): modern copyright protection.
- They want to figure out how to control copies.
- We understand this Alice and Bob problem, and we’re going to solve it legally:
-
- we make it illegal to look for the keys. to share the keys. to host the keys. to tell anyone how to look for the keys. to make software to get the keys. etc.
- It is now law virtually everywhere.
- The effect of this law is that it makes it illegal to reverse engineer any of this software.
- Imagine 18 years ago you went into Tower records and bought $1000 worth of CDs and $1000 worth of DVDs.
-
- In 18 years, the value of those CDs actually goes up: you can use them as ringtones, as background music, you can rip them and put them on your computer, store them in the cloud, use them as background music in a home movie, etc. You can do so much more with them.
- In 18 years, you can’t legally do anything more with the DVDs. Want to watch them on a tablet computer? Not legally. You have to buy the movie all over again. Want to use a snippet in a home movie? Not legally.
- DRM meetings: If you want to do something evil, hide it in something boring (like standards docs).
-
- they wanted to flag TV shows so that when broadcast to you, make it so you can only watch it in the same room as the receiver. charge more if you want to watch it somewhere else.
- Because it’s against the law to tell people information about how they can add features to their DVDs, or anything else with DRM.
-
- But that means that it’s also illegal to tell someone about flaws… a security flaw, a computer bug, etc. (Small exception for a certain class of security issues, but the overall effect of the law is so chilling.)
- Heartbleed bug had a tremendous effect… and that was in open software that had been around a long time. How many hidden flaws might exist in this hidden, obscured, illegal to reverse engineer software.
- The purpose of DRM software is to not allow you to do stuff.
-
- “I want to do this.”
- “I can’t let you do that, Dave.”
- Antitransparency is a huge problem
-
- Has to hide features from you.
- Treats the person who owns the computer as the adversary.
- Treated as less trustworthy than the people who made the software.
- If you saw that a HAL9000 program was forcing you to not do stuff you want to do, you’d drag the program to the trash.
- So in order to keep that program running, they hide it from the user.
- SONYBMG in 2005
-
- Didn’t want you to copy your CDs on your computer.
- When the CD was inserted, the first thing it did was run a program that modified your computer so that your computer wouldn’t show you any programs starting with $SYS$.
- The second thing it did was install software named $SYS%something, and it would watch to see if you tried to copy a CD.
- So virus writers started naming their viruses with $SYS$ because Sony had created a blind spot in over 6 million computers.
- So DRM and anti transparency creates security loopholes.
-
- Whenever there is a hole in the immune system, there’s an opportunistic infection. DRM creates intentional holes
- TAO: Tailored Access Operations
-
- People at NSA
- Have a catalog of exploits for all computers, smartphones, etc.
- Tell them what device the target has, they give the agent the right exploits.
- The NSA knew of an iPhone exploit that was serious.
-
- They have a NOBUS (Nobody but us) policy: so they didn’t report the vulnerability.
- The NSA aren’t the smartest people in the world. So you know that bug had to have been discovered and exploited by many other people: criminals.
- RATTERS
-
- they use remove access software
- mostly young men
- mostly target young women
- they try to capture incidental photos of their victims in the nude. also capture their social media account passwords.
- then they blackmail their victims to perform sexual acts or they’ll share the nude photos.
- when some ratters were busted, they had anywhere from 100 to 150 victims each.
- So bugs and exploits aren’t just allowing the NSA to spy on you, they’re allowing garden variety criminals to victimize everyone.
- Lots of people get access to the exploits: other governments, other criminals, other agencies.
- This stuff gets even scarier when it moves out of the computer in your briefcase into the computers in your body, in your car.
- Demonstrated attacks on embedded heart defibrillator, pacemakers.
- General purpose computing
-
- seems to be a universal tendency
- even Page Description Language (PDL) turns out to be scriptable, and can bootstrap an entire computing environment, which means that your printer can be attacked by printing.
- We have turing complete computers. But we don’t have turing complete minus one computers.
- When the Ghaddafi regime fell, they had ton of computers they shouldn’t have had.
- The NSA technicians use their vast surveillance apparatus to spy on cute girls. They do it so much they even came up with a name for it: LUVINT. (like SIGINT, HUMANINT)
-
- It’s not just about the government spying on bad guys, or even spying on us, but abuse of the system.
- We choose. We’re building the systems.
-
- We can choose to build in DRM. To cripple computers. To open backdoors. To create vulnerabilities. To have motes in our computers eyes.
- Or we can choose not to do that. We can say no.
- Netflix:
-
- approaches all major browsers to prevent saving videos to disk.
- Now putting DRM into every browser.
- Creating long-lived reservoirs of flaws and vulnerabilities through obscurity and illegality.
- How can we get the technology that makes us more free? How can we raise the alarm when technology takes away our freedom?
- Work on getting our devices and computers as open and free as possible, pushing back in all ways.
- It’s not that there aren’t problems out there. it’s that the solutions they are coming up with aren’t working. When the australian government came up with a child pornography list of banned websites, it turned out to be 98% not child pornography. When you give the government a tool to censor websites, it turns out they do it.
- It’s urgent, as urgent as things can get. If devices aren’t open or free.
- Today, crypto can protect data. Even if all atoms in the universe were turned into CPUs, working until the heat death of the universe.
- RESET THE NET:
-
- https://pack.resetthenet.org/
- Privacy software for all platforms
- People with nothing to hide must obscure their data, to make it easier for people who actually have things to hide through no fault of their own.
Very thorough! RT @hertling: Notes from Cory @Doctorow talk at Beaverton City Library http://t.co/FaQ64lQaFQ #wcclsreads
RT @hertling: My notes from Cory @Doctorow talk at Beaverton City Library http://t.co/KXPSR0SAoS #wcclsreads
Interesting. I don’t understand the part about it being easier to bit torrent a TV show than to use Netflix. I find Netflix easier.
RT @RealGeneKim RT @hertling: My notes from Cory @doctorow talk at Beaverton City Library http://t.co/cOD8Y8mYQ1 #wcclsreads
It’s easier when Netflix has it. Went to watch an episode of Avatar and found it was no longer available for streaming. 20 minutes later and I had every episode of the show via torrent. :p
When Netflix has it, and you have a reliable Internet connection when you want to watch the show, and you’re on a supported devices with a supported browser.
Fantastic summary: MT @hertling: Notes from Cory @Doctorow talk at @BeavertonLib (Tues. 7/8): http://t.co/FaQ64lQaFQ #wcclsreads