00:00:00.000-->00:00:05.005 >>Alright. 2017 is the year of Linux on the desktop. Uh, lets give Mr. Levinson a hand! 00:00:18.318-->00:00:23.724 >>Yeah, Anyone want to know why it took so long to switch from VGA to HDMI, now you know the 00:00:23.724-->00:00:28.729 answer. Alright folks, my name is Ladar Levinson. Uh, for those who don't already know who I am, 00:00:31.765-->00:00:35.769 I'm the owner and the operator of Lavabit, an encrypted email service that suspended 00:00:35.769-->00:00:40.774 operations in 2013 after being forced to become complicit in a 'man in the middle' attack. Yeah 00:00:43.877-->00:00:48.882 I'm that guy. The last couple of years, I've been working on dark mail but that is a talk for 00:00:57.591-->00:01:04.131 another day. What I'm here to talk about today is really to give you guys a crash course in 00:01:04.131-->00:01:10.771 compelled decryption law. For technical terms, just how the Department of Justice is using 00:01:10.771-->00:01:17.611 the courts to force people to decrypt their data at gunpoint. Over the past three years, I've 00:01:17.611-->00:01:23.283 become an expert on compelled decryption law. I had to learn this information the hard way. 00:01:23.283-->00:01:28.922 Hopefully by sharing it with you guys here today, I'll help some of you avoid some of this pain 00:01:28.922-->00:01:35.562 in the future. Now before I get started, I'd like you to take note that I've compressed this 00:01:35.562-->00:01:40.567 presentation into approximately 3000 seconds. Huffman encoding rules do apply. This means it 00:01:43.136-->00:01:49.276 may feel that you're drinking from a well-endowed fire hose, which looks something like that. 00:01:49.276-->00:01:52.980 But if you're at this conference and you're attending my talk, or you're taking the time to watch 00:01:52.980-->00:01:58.185 this at home, you're probably smart enough to drink in this information without the help 00:01:58.185-->00:02:03.123 from a sippy cup. The problem is easy to express. The Department of Justice has been pwned by a 00:02:06.059-->00:02:11.064 bunch of perverts. More specifically, what I'm saying is that the DOJ has been taken over 00:02:13.066-->00:02:18.505 by a group of individuals who derive sexual gratification from manipulating the law to achieve 00:02:18.505-->00:02:23.510 a specific end. Whether those ends are a benefit or a detriment to society is in the 00:02:29.950-->00:02:35.455 eye of the beholder. I shall leave that for you to decide. What I'm here to talk about 00:02:35.455-->00:02:40.460 today are the legal doctrines, or shall I say the doctrinal versions being used to attack 00:02:42.529-->00:02:47.634 encryption technologies. The issue stems from the believe which is slowly pr- 00:02:47.634-->00:02:52.939 proliferating throughout the ranks of government and law enforcement that they're 00:02:52.939-->00:02:57.944 entitled to all of our data. And when I say our data, I don't mean the cypher text. I mean the 00:02:59.980-->00:03:04.985 plain text. You should also know the DOJ blames the infosec community and our efforts to 00:03:07.254-->00:03:14.161 improve the security and privacy of information as being the problem in and of itself. The 00:03:14.161-->00:03:20.600 bigger the barrier, the greater their demands for assistance. The DOJ believes it can use the 00:03:20.600-->00:03:26.873 courts to compel decryption and/or conscript others to assist them in defeating it. If 00:03:26.873-->00:03:33.113 you subscribe to their belief, then the DOJ is entitled to any information which might assist 00:03:33.113-->00:03:38.118 them in their investigation. The DOJ has argued they can use existing statutes to seek 00:03:40.153-->00:03:45.158 assistance which in case of - where congress has not explicitly prohibit- prohibited 00:03:47.561-->00:03:53.233 a specific action. They like to view the all writs act and some of the other generic language in 00:03:53.233-->00:03:59.072 the statutes as effectively being a blank check. The only thing standing in their way to 00:03:59.072-->00:04:05.378 date, is the courts willingness to exercise its authority. This might be a good opportunity to 00:04:05.378-->00:04:10.383 tell you that about 60% of the sitting judges were former prosecutors. My goal here today 00:04:13.286-->00:04:18.291 is somewhat modest. You should know going into this, that in order to exercise your rights, 00:04:20.360-->00:04:27.067 you may have to go to jail. My hope is that by sharing some of this information with you today, 00:04:27.067-->00:04:32.405 I will increase the possibility or the probability that you will be released should you find 00:04:32.405-->00:04:38.678 yourself on the wrong end of the gavel. My second goal, is to arm you with enough knowledge to 00:04:38.678-->00:04:44.184 have an intelligent conversation with your lawyer. If they tell you your choices are to comply 00:04:44.184-->00:04:49.189 or go to jail, you should probably look for a different attorney. And thats because 00:04:51.324-->00:04:56.329 knowing is half the battle. Now I'm going to cover two major areas of law, and I figure it's 00:04:58.532-->00:05:04.371 good to start out by defining the terms since first party and third party aren't typically 00:05:04.371-->00:05:10.911 terms you hear while standing next to the company watercooler. 'First party' refers to 00:05:10.911-->00:05:16.650 situations where the government seeks to compel decryption from a suspect, in other words, to 00:05:16.650-->00:05:22.422 force them to decrypt their own data. 'Third party' refers to situation where the government 00:05:22.422-->00:05:27.427 seeks to conscript a company, like Lavabit, my own, or Apple, or any of the other secure 00:05:31.198-->00:05:37.904 communications companies, or secure data storage companies out there to assist them in 00:05:37.904-->00:05:42.909 accessing encrypted information without the user's assistance. It's cutting off my notes. 00:05:51.685-->00:05:56.423 What's a presentation without at least a few problems. If you're wondering who the "second party' 00:05:56.423-->00:06:01.361 is, it's the government. Its worth noting that a common strategy is to convert first 00:06:06.800-->00:06:11.805 parties into third parties by granting them immunity. The key phrase to remember here is 00:06:13.974-->00:06:19.779 derivative use immunity. If you believe the government is honest, then typically 00:06:19.779-->00:06:24.784 derivative use immunity is what you need to protect you. Your lawyer can explain the rest. On 00:06:28.922-->00:06:34.527 the other hand, you believe law enforcement is dishonest, and will use the information they 00:06:34.527-->00:06:41.034 obtain against you regardless of where they- they got cued onto a particular line of the 00:06:41.034-->00:06:46.039 investigation, then no amount of immunity can truly protect you. You may find it surprising to 00:06:49.476-->00:06:55.782 know there is no law on the books that specifically grants law enforcement the right to 00:06:55.782-->00:07:02.522 compel decryption. You might find it equally surprising to know we have no right to privacy 00:07:02.522-->00:07:07.527 here in the United States. What we have is the Forth Amendment. Which protec- protects our homes 00:07:11.398-->00:07:18.171 from search and seizure without probable cause. Now the government has been very careful 00:07:18.171-->00:07:23.176 to distinguish that from a right to privacy. Yeah. I'm only going to give you half the 00:07:28.815-->00:07:33.820 presentation. Hmm. There also aren't any supreme court cases yet which deal directly with 00:07:36.389-->00:07:43.296 compelled decryption. What we're going to be talking about are the handful of district and 00:07:43.296-->00:07:49.102 circuit court decisions which attempt to draw from older supreme court decisions which 00:07:49.102-->00:07:54.207 involve corollaries in the physical world to make extrapolations about how they 00:07:54.207-->00:08:00.747 should handle encryption in the modern day. What's important to understand about the law is that 00:08:00.747-->00:08:06.753 only the decisions by the supreme court are binding upon the entire country. Decisions by 00:08:06.753-->00:08:13.026 an appellate court in a specific circuit, would be binding upon all of the courthouses in that 00:08:13.026-->00:08:18.031 particular circuit. Feel free to pick out your own state and see which circuit you happen to fall 00:08:22.068-->00:08:27.073 in. This isn't to say that decisions in other circuits aren't relevant. Quite the 00:08:30.110-->00:08:37.083 contrary. Judges will often consult the opinions from other circuits before making their own 00:08:37.083-->00:08:42.088 decisions. Now before I jump into the cases involving encryption I thought it would be 00:08:46.226-->00:08:51.231 worth starting with two older supreme court cases which have been heavily cited in all of the 00:08:53.299-->00:08:58.304 modern day cases. The first is Fisher v United Stated and it comes from 1976. It gives us the 00:09:03.443-->00:09:08.848 closest thing we have to a fifth amendment right against self incrimination by being forced to 00:09:08.848-->00:09:13.853 decrypt our data. In this particular case, a individual was being forced to surrender 00:09:19.292-->00:09:24.297 documents and what the court said is that the fifth amendment would not be violated by the 00:09:27.000-->00:09:32.705 fact alone that the papers on their face might incriminate someone. For the privilege 00:09:32.705-->00:09:38.445 protects a person only against being incriminated by his own compelled testimonial 00:09:38.445-->00:09:44.284 communications. Because the documents were created voluntarily, the court held they 00:09:44.284-->00:09:49.422 could not be considered compelled testimonial evidence. In other words all of the 00:09:49.422-->00:09:54.961 information on your hard drive already was created voluntarily, and therefore as far as the 00:09:54.961-->00:09:59.966 courts are concerned, is subject to subpoena or search. The only thing standing in its way is the 00:10:02.168-->00:10:07.173 ability to access it. Now in Doe v United States in 1988, we get the origin of the current 00:10:12.011-->00:10:18.618 testimonial doctrine. In this supreme court decision, the court held that a statement is 00:10:18.618-->00:10:24.524 testimonial when the government compels the individual to use the contents of his own mind to 00:10:24.524-->00:10:30.396 explicitly or implicitly communicate some statement of fact. Now I don't know about 00:10:30.396-->00:10:35.401 you, but I keep my passwords in my brain. Some people even call that my mind. Other people say 00:10:39.806-->00:10:44.811 its my girlfriend. She's the one who makes all of the decisions. This particular decision is 00:10:48.581-->00:10:53.586 rather important because what it says is it draws a distinction between information that exists 00:10:56.122-->00:11:01.094 only in your head, versus information that might be somewhere else in the physical 00:11:01.094-->00:11:06.099 world. Now what we get from a much more modern case that actually derived from uh the 00:11:09.502-->00:11:14.507 Clinton's little whitewater scandal, everyone remember that from the 1990s, is that knowing 00:11:20.313-->00:11:25.318 the location of a particular document is in and of itself testimonial. How this gets 00:11:28.354-->00:11:33.359 implied to encryption is that the information on the drive is not protected. What's protected 00:11:36.462-->00:11:41.467 is whether or not you have access to it. If you can decrypt it, and the government can prove 00:11:44.504-->00:11:50.677 that, then effectively your fifth amendment protections begin to fall away. Keep that in 00:11:50.677-->00:11:55.682 mind when you find yourself being questioned by law enforcement. If the government 00:11:58.651-->00:12:03.590 can claim that the production of the information is a foregone conclusion then it holds no 00:12:06.492-->00:12:11.497 testimonial value and thus they can force you to decrypt the information. The first case we 00:12:16.669-->00:12:21.674 have to talk about which directly involves encryption involved Sebastian Boucher and 00:12:24.077-->00:12:29.616 his father as they attempted to cross the Canadian border into the United States. In this 00:12:29.616-->00:12:34.654 particular case, one of the officers found a laptop in the backseat, and without needing to 00:12:34.654-->00:12:40.827 enter a password, he was able to access approximately 40-->000 files on the laptop, some of 00:12:40.827-->00:12:46.633 which appeared to contain pornographic images. An ICE special agent then investigated 00:12:46.633-->00:12:51.137 further by investigating thousands of images of pornography including one 00:12:51.137-->00:12:56.142 labeled in a way to suggest it was child pornography. The laptop was powered down and when 00:12:58.444-->00:13:03.983 the investigators tried to power it back up, they realized they could no longer access it 00:13:03.983-->00:13:08.988 because it was encrypted. In this particular case, they already knew what was on the 00:13:11.791-->00:13:16.796 drive, the only only question was for the courts to consider was whether or not Boucher's 00:13:18.865-->00:13:23.870 knowledge of the password was in fact testimonial. In other words, we create this doctrine 00:13:31.210-->00:13:37.850 of reasonable particularity. If the government can prove that you know how to access the 00:13:37.850-->00:13:42.855 information and it knows what information it's seeking ahead of time, then it can force you 00:13:44.957-->00:13:51.931 to decrypt your hard drive. In this particular case the government's initial request was 00:13:51.931-->00:13:56.936 thrown out. It was n- later narrowed by the prosecutor such that he only required an 00:14:00.506-->00:14:06.846 unencrypted version of the drive and he sought approval of the magistrate judge based on the 00:14:06.846-->00:14:11.851 forgone conclusion doctrine we discussed earlier. The district court reversed this decision 00:14:18.424-->00:14:23.129 saying that you don't need to know the specific contents of the files. You just need to be 00:14:23.129-->00:14:29.969 able to demonstrate that the files exist. In other words, the investigator saw the file names 00:14:29.969-->00:14:34.974 and was able to use that to make a- to overcome the particularity or specificity requirements. 00:14:45.184-->00:14:51.691 What that means is that you may want to start encrypting the names of your files in addition 00:14:51.691-->00:14:56.696 to the files themselves. This particular example was taken from one of my favorite 00:14:59.232-->00:15:04.170 ransomeware applications. Nice to see they're doing some good. The next case we have to talk 00:15:10.309-->00:15:15.314 about goes all the way to 2013. In this particular case, agents raided a suspect's home and 00:15:19.152-->00:15:24.157 seized a hard drive containing files which indicated they might contain child pornography. 00:15:26.325-->00:15:32.298 Initially the demand to decrypt the data was rejected by the court. But upon further review 00:15:32.298-->00:15:37.770 the judge reversed himself after the prosecutor demonstrated ownership and access to the 00:15:37.770-->00:15:43.176 encrypted data by showing the drive contained personal financial information belonging 00:15:43.176-->00:15:49.982 to the suspect, he was able to prove ownership. You should keep this in mind and share this with 00:15:49.982-->00:15:54.987 your fellow Deacon attendees who like decorating their computers with identifying marks. For 00:15:58.624-->00:16:03.563 example, if you're Bob Hoskins and this is your notebook you might have a hard time denying 00:16:06.632-->00:16:12.939 that it's yours. Or Daniel Radcliffe would have a pretty- would need some pretty potent 00:16:12.939-->00:16:19.478 magic to deny this was his computer. Jenifer Lawerence who we know recently learned the 00:16:19.478-->00:16:24.483 value first hand of encrypting your sexy selfies and her collection of carious dick pics, 00:16:26.619-->00:16:31.624 might have trouble denying this was her laptop. In this situat- oh. Moving on to another case 00:16:37.296-->00:16:43.970 which takes us back to a circuit court decision and this is one of the few decisions we have at 00:16:43.970-->00:16:48.541 the circuit level, remember which means that its been binding upon the entire eleventh 00:16:48.541-->00:16:53.546 circuit, involved the situation where the government obtained a warrant to search a hotel room 00:16:55.748-->00:17:00.686 for any electronic devices found in possession of John Doe. They suspected Mr. Doe of sharing 00:17:02.989-->00:17:09.262 kiddie porn. Porn. Certain portions of the drive couldn't be examined by the FBI because 00:17:09.262-->00:17:14.934 they were encrypted. A grand jury subpoena was issued which required Doe to produce the 00:17:14.934-->00:17:21.073 unencrypted contents of the hard drive. Doe claimed fifth amendment- his fifth amendment 00:17:21.073-->00:17:27.580 right against self incrimination. In other words, he tried to exercise the fifth 00:17:27.580-->00:17:33.986 amendment in order to protect him from being forced to testify, that testimonial 00:17:33.986-->00:17:40.526 exception we talked about earlier. The government unilaterally gave him active 00:17:40.526-->00:17:45.097 production immunity to circumvent the claim and thus forced him to decrypt the 00:17:45.097-->00:17:50.102 information. Later on, the appellate court went back and reversed the decision. Saying 00:18:04.684-->00:18:10.323 that the government had not reached the standard of reasonable particularity that is 00:18:10.323-->00:18:15.061 required. In other words, it must prove it knows the existence and location of 00:18:15.061-->00:18:20.199 encrypted files and offer reasonable evidence to suggest the encrypted files will contain 00:18:20.199-->00:18:25.204 the incriminating evidence. Unfortunately part of the slide is cut off. Windows... I like to 00:18:29.075-->00:18:34.080 blame Microsoft for everything. Precisely what qualifies as reasonable particularity remains 00:18:39.251-->00:18:44.323 an open question. For example, if the government knew a spreadsheet found in a file 00:18:44.323-->00:18:51.297 called "corporate financials" would that qualify as reasonably particular in a tax evasion 00:18:51.297-->00:18:56.302 case? We have one of our best tests of this particular doctrine of law currently taking 00:18:59.572-->00:19:04.510 place in Philadelphia. In this particular case, this suspect, a Philadelphia police sergeant who 00:19:08.614-->00:19:13.619 we shall call 'Galileo' was relieved of his duties and has refused to unlock two hard 00:19:16.522-->00:19:21.527 drives that were seized from his home more than seven months ago. He has since been found in 00:19:23.562-->00:19:28.768 contempt of court for refusing to decrypt the drives and currently sits in jail awaiting 00:19:28.768-->00:19:34.673 a decision by the appellate court. In this particular case, the evidence against him 00:19:34.673-->00:19:39.678 consists of a sister who claims she saw images and videos on the drive that were of underage 00:19:43.816-->00:19:48.821 individuals posing in a pornographic nature. A subsequent forensic exam of his 00:19:52.224-->00:19:57.229 Mac found a single image of a young, approximately 12 year old boy in a bathing suit. Now 00:20:02.601-->00:20:07.606 what's interesting about this particular case is that they managed to decrypt the Mac by 00:20:13.879-->00:20:18.884 accessing his iPhone 5s which he gave them the pin code to voluntarily, after which 00:20:23.456-->00:20:28.461 investigators searched the phone and found an app on there, what'd they call it, 'Secret 00:20:32.998-->00:20:37.603 Apps' that was supposed to have protected his information. In other words, don't believe 00:20:37.603-->00:20:43.476 everything you hear about the protection of you information. They managed to circumvent the 00:20:43.476-->00:20:48.481 security of this particular app and they found a screenshot of the recovery key for his Mac 00:20:48.481-->00:20:53.486 Pro. They were able to use that to access the Mac. Like I said earlier, the only incriminating 00:20:56.722-->00:21:02.828 evidence they found on the Mac was that singular image that may or may not have been of an 00:21:02.828-->00:21:07.833 underage boy who was not naked but close to it. They also found evidence in log files that he 00:21:09.935-->00:21:14.940 had visited various groups called Toddler CP, Loli-Cam Hussy, Child Models, a few 00:21:17.843-->00:21:22.848 others that I can't even pronounce. Collectively, they used that as the evidence 00:21:25.718-->00:21:30.723 against him to compel decryption of the two external drives. As I said, the case is currently 00:21:34.059-->00:21:39.064 pending. What this particular case introduces is something that I want to make you guys 00:21:44.470-->00:21:49.475 aware of here today. When you print out, or save off a recovery key, it is subject to 00:21:52.845-->00:21:57.683 subpoena and or search by the government if they can prove its existence and know its 00:21:57.683-->00:22:04.490 approximate location. Now for those who don't know, a recovery key, and in this case I'm using 00:22:04.490-->00:22:10.663 BitLocker from Microsoft, is basically an alternative to your password. In the case of 00:22:10.663-->00:22:15.668 BitLocker it's a 48 digit number, which by my math is approximately a 160 bit key. 00:22:19.805-->00:22:25.644 Now, what is important to know is that initially, when BitLocker first came out, the 00:22:25.644-->00:22:31.550 FBI was quite concerned about it. But when they realized that every user who was going to use 00:22:31.550-->00:22:37.790 it was going creating a paper copy that would circumvent it, and the FBI could thus search a 00:22:37.790-->00:22:42.795 person's home and find the recovery key, it became far less of a concern. As we move into 00:22:45.164-->00:22:49.735 this next area of law, it's important to understand the supreme court has held that 00:22:49.735-->00:22:54.273 certain physical acts involving the surrender of a physical object is not considered 00:22:54.273-->00:23:00.379 testimonial, and thus not subject to protection from the fifth amendment. Giving a blood 00:23:00.379-->00:23:06.185 sample or providing a voice ex- sample, have not been considered testimonial as they do not 00:23:06.185-->00:23:11.190 require the suspect to disclose any knowledge he might have about his or her- her guilt. 00:23:13.759-->00:23:20.099 What this means is that anybody who likes the iPhone touchID isn't very safe. Which is 00:23:20.099-->00:23:25.104 probably about two thirds of you. What you need to do, is compa- com-eh- combine it with a 00:23:30.576-->00:23:35.214 piece of information that is locked away inside your gray matter. Something like a pin 00:23:35.214-->00:23:40.219 code. But unfortunately what we're learning is that even a pin code isn't necessarily safe 00:23:42.621-->00:23:46.992 because the vendor can be compelled to modify the product and make it susceptible to a 00:23:46.992-->00:23:53.132 brute force attack. We'll talk about that more in a little minute- in a- in a couple of 00:23:53.132-->00:23:58.137 minutes. What this all means is that what you really need to do is pair your biometric token 00:24:00.572-->00:24:07.046 with a strong password, at which point you should probably start to ask, what is the point of 00:24:07.046-->00:24:12.051 using your fingerprint in the first place? I'll just briefly say that if an external person 00:24:17.289-->00:24:21.927 or organization can access the information necessary to decrypt your information, in all 00:24:21.927-->00:24:27.533 likelihood they will be forced to surrender it. Turning over user data or data created as a 00:24:27.533-->00:24:32.805 derivative of a user accent- actions is what I call ordinary assistance, and has been common 00:24:32.805-->00:24:39.712 for quite some time. Some of the most simple language that describes this is CALEA, which 00:24:39.712-->00:24:45.050 we don't have time to cover. Instead what were going to talk about is Smith v Maryland very 00:24:45.050-->00:24:51.924 briefly. Its a case from the 1970s which involved a pen register order that was placed 00:24:51.924-->00:24:58.630 on suspects device without first receiving a warrant and the supreme court later came back 00:24:58.630-->00:25:04.636 and said it was legal because A) the information being collected was normally collected by the 00:25:04.636-->00:25:11.176 phone company and B) there was thus no expectation of privacy. That expectation of privacy 00:25:11.176-->00:25:16.181 phrase is key. As a result of that particular ruling, congress decided to pass the pen 00:25:20.886-->00:25:27.559 registered trap and trace statutes. Now it's important to understand that these particular 00:25:27.559-->00:25:32.564 statutes were passed when this is what a pen registered device looked like. There is no way 00:25:36.402-->00:25:42.241 they could have conceived of encryption at that time, let alone that the language they had 00:25:42.241-->00:25:48.247 written, which required providers to provide assistance with the installation of this 00:25:48.247-->00:25:53.919 device as including the necessary and requisite authority to demand an 00:25:53.919-->00:25:58.924 encryption key, unless you're in the Department of Justice. Now, that expectation of privacy is a 00:26:04.763-->00:26:09.768 key phrase because it's the phrase the government has been using to steadily and slowly 00:26:09.768-->00:26:14.773 chip away at all of our collective rights. This particular court opinion ruled 00:26:17.476-->00:26:23.215 that email communications weren't private because somebody assumes the risk that they will 00:26:23.215-->00:26:27.853 leak once they share them. Now I don't know about you, but I consider my email pretty 00:26:27.853-->00:26:34.426 private. The fact that it isn't is probably something that should be shared starting with 00:26:34.426-->00:26:39.431 Hilary Clinton. [Applause] Now, now, before I show this next slide, I'd like to do a little 00:26:45.270-->00:26:50.609 poll. Can everyone please raise their hand that thinks the information on their personal 00:26:50.609-->00:26:55.614 computer is private. Go ahead, raise it. Keep your hands up. Now for all those folks with 00:27:00.185-->00:27:05.190 their hands up, how many of you also connect your computer to the internet. Looks pretty 00:27:08.560-->00:27:13.565 unanimous to me. Well, according to this particular judge in the eastern district of Virginia, 00:27:15.901-->00:27:19.505 the fact that you connect your personal information to the internet means that you have no 00:27:19.505-->00:27:24.510 expectation of privacy. I'm wondering if you can quote him when you get brought up on 00:27:28.313-->00:27:33.318 charges for breaking into his computer and sharing all his information. [Applause] Its 00:27:36.288-->00:27:42.928 kinda how we work in this world. Interestingly enough, my own case happened to occur in the 00:27:42.928-->00:27:47.099 eastern district of Virginia so I'm sure my attorney who is sitting out there amongst you 00:27:47.099-->00:27:52.104 will be happy to explain this to this judge when he gets back home. Now I'd like to briefly 00:27:54.673-->00:28:00.379 talk about my own case. I don't have enough time to go through all of it, but back in 2013 the 00:28:00.379-->00:28:05.217 FBI sought to access encrypted emails that were stored on the Lavabit servers, but which were 00:28:05.217-->00:28:09.555 encrypted using a scheme which made it impossible to access without knowing a users 00:28:09.555-->00:28:14.259 password. Because the messages were encrypted with the user's private key and the private key 00:28:14.259-->00:28:20.766 was secured with the user's password, the FBI sought to intercept that password by 00:28:20.766-->00:28:25.771 compelling the disclosure of TLS key and then conducting a 'man in the middle' attack. Once they 00:28:29.908-->00:28:35.514 had the password, they could in combination with the encrypted user data and the source code, 00:28:35.514-->00:28:40.519 reverse the encryption process. I think that's my lawyer calling me telling me to shut up. To 00:28:43.589-->00:28:48.393 justify this action the FBI relied on three different authorities: the power to 00:28:48.393-->00:28:52.998 subpoena, which they later withdrew, the technical assistance of the pen registered 00:28:52.998-->00:28:59.137 trap and trace statutes, mind you that particular language was written when the device I showed 00:28:59.137-->00:29:04.076 previously was state of the art and by relying on the the stored communications act by claiming 00:29:07.145-->00:29:11.016 that the encryption key belonging to the business was somehow associated with the 00:29:11.016-->00:29:16.922 particular user, and that I couldn't be the one to collect the metadata because not only 00:29:16.922-->00:29:22.828 did they not trust me, but that I couldn't provide it to them in real time. Instead, they 00:29:22.828-->00:29:28.600 thought- sought to access the information themselves. Now it doesn't take a rocket scientist 00:29:28.600-->00:29:33.639 to realize they probably wanted to do more than they were actually authorized to do. 00:29:33.639-->00:29:39.978 Because as Mr Haden points out, once you have access to a network, you implicitly have the 00:29:39.978-->00:29:44.983 ability to modify the information that goes across it. We have a second case to discuss 00:29:49.087-->00:29:54.092 which made a number of headlines earlier this year and it involved the mobile phone. While 00:29:57.562-->00:30:03.201 an initial reading of the headlines may have made the case seem innocuous, a careful 00:30:03.201-->00:30:08.206 reading showed the true colors of the litigation. Specifically, that the FBI was relying on a 00:30:11.910-->00:30:16.915 law from 1789 to claim that they had the authority to compel Apple to modify their products 00:30:21.620-->00:30:27.025 so that their security could be bypassed. Now while I can't prove it, it certainly wouldn't 00:30:27.025-->00:30:31.730 surprise me to learn that the DOJ attorneys who devise this particular strategy were 00:30:31.730-->00:30:38.203 assisted by a powerful hallucinogenic. After all, any attorney can make a good 00:30:38.203-->00:30:44.009 argument. Only an honest one will tell you what the odds of actually winning that argument. 00:30:44.009-->00:30:49.481 But the DOJ, they have an approximate annual budget of around 27 billion dollars and 00:30:49.481-->00:30:55.587 over a hundred and ten thousand people on the payroll. They can afford to take some uh- leaps of 00:30:55.587-->00:31:00.525 faith. The rest of us on the other hand, have to pay for our indulgences. Like the Lavabit 00:31:06.264-->00:31:10.335 case, the DOJ sought to use Apple's source code and encryption keys to circumvent 00:31:10.335-->00:31:15.340 encryption, and then blamed the resulting litigation on Apple, making their products more 00:31:19.644-->00:31:25.951 secure. Now, I originally entitled this lec- this particular section, "How far 00:31:25.951-->00:31:30.956 will they go?" but in June the target of my particular case was unsealed so I decided to change 00:31:33.925-->00:31:38.930 it to how far did they go in their pursuit of Mr. Snowden in my particular case. Now Snowden 00:31:43.235-->00:31:48.607 has stated on several occasions that he would be willing to return to the United States and 00:31:48.607-->00:31:52.811 face a jury of his peers and receive punishment for his crimes, but he doesn't believe 00:31:52.811-->00:31:59.117 that he would receive a fair trial. I can attest to that fact. Because I appeared before 00:31:59.117-->00:32:04.055 the very same judge and across from the very same prosecutor that he would face. Now, I'd 00:32:06.124-->00:32:11.129 like to start my exhibits by showing you this particular order to show cause for failing 00:32:13.231-->00:32:19.671 to allow the installation pen registered device, but as this email show here, and this one, 00:32:19.671-->00:32:24.843 and this one, I was willing to let them install the device. I just was not willing to let them 00:32:24.843-->00:32:30.081 have my encryption key, after all, that is the whole point of encryption, is to protect 00:32:30.081-->00:32:36.955 against eavesdropping. Now when I indicated that I was going to retain a lawyer, and object to 00:32:36.955-->00:32:41.960 it in court, what did the Department of Justice do? Well, first of all, they claimed they 00:32:44.930-->00:32:49.000 weren't able to speak to me, even though I have that email record proving that I was in 00:32:49.000-->00:32:55.440 constant contact with them, on average of about every other day. Then, they went to another 00:32:55.440-->00:33:00.846 judge in the same district and sought an order to install the tap upstream with my service 00:33:00.846-->00:33:05.851 provider before I showed up in court. I had to sue in order to get this particular document. 00:33:08.153-->00:33:14.259 And as these particular records show, installed it two days later, well before I even flew 00:33:14.259-->00:33:19.264 to Washington D.C. Yet, when I arrived, they did not inform the court or myself that they had 00:33:23.068-->00:33:28.073 already installed the particular device. They continued with the proceeding and insisted that I 00:33:30.809-->00:33:36.514 was not in compliance. Now I have more evidence here, but unfortunately I have run out of 00:33:36.514-->00:33:41.519 time to go over it. So, I shall have to skip over all of these slides, and go to this one. I 00:33:49.728-->00:33:55.200 shall endeavor to close with a bit of prose. Perhaps more blokes would still be with their 00:33:55.200-->00:34:00.739 folks if history was considered dope. Live, love, learn what floats your boat, so long as you 00:34:00.739-->00:34:05.744 remember to vote. Question those with power, meh, I can't read. I hate- ok. There, um. Because we 00:34:16.721-->00:34:21.493 the geeks all know the speech with great size, comes great pleasure. Now help me teach the 00:34:21.493-->00:34:27.265 freaks that bigger keys will deliver encrypted bits, which is sure to give snoopy the fix. Its 00:34:27.265-->00:34:32.537 a promissory note for feeling more pleasing than a motorboat. Now go forth and feel free to 00:34:32.537-->00:34:37.542 quote. That is all. [Applause]