Det arabiske forår i 2011 fangede hele verdens opmærksomhed. Det fik også opmærksomhed fra autoritære regimer i andre lande, som frygtede at en revolution ville sprede sig Som modsvar begyndte de at overvåge aktivister, journalister og opposition som de frygtede ville inspirere til en revolution i deres egne lande. En prominent aktivist fra Bahrain som blev arresteret og tortureret af sin regering har fortalt at forhørslederne viste ham udskrifter af telefonopkald og sms'er.
The 2011 Arab Spring captured the attention of the world. It also captured the attention of authoritarian governments in other countries, who were worried that revolution would spread. To respond, they ramped up surveillance of activists, journalists and dissidents who they feared would inspire revolution in their own countries. One prominent Bahraini activist, who was arrested and tortured by his government, has said that the interrogators showed him transcripts of his telephone calls and text messages.
Det er naturligvis ingen hemmelighed at regeringer er i stand til at aflytte telefonopkald og læse sms'er. Det er derfor at mange aktivister specifikt undgår at bruge telefonen. I stedet bruger de værktøjer som Skype som de tror er umulige at aflytte. De tager fejl. Indenfor de sidste år er der opstået en industri af virksomheder som
Of course, it's no secret that governments are able to intercept telephone calls and text messages. It's for that reason that many activists specifically avoid using the telephone. Instead, they use tools like Skype, which they think are immune to interception. They're wrong. There have now been over the last few years an industry of companies
tilbyder overvågningsteknologi til regeringer specielt teknologi som tillader disse regeringer at hacke computere som tilhører dem de vil overvåge. I stedet for at aflytte kommunikation kan de nu hacke din computer, tænde for dit webcam, tænde din microfon og stjæle dokumenter fra din computer.
who provide surveillance technology to governments, specifically technology that allows those governments to hack into the computers of surveillance targets. Rather than intercepting the communications as they go over the wire, instead they now hack into your computer, enable your webcam, enable your microphone, and steal documents from your computer.
Da regeringen i Egypten blev væltet i 2011 rensagede aktivisterne det hemmelige politis kontorer, og blandt de mange dokumenter de fandt var dette dokument fra Gamma Corporation, af Gamma International. Gamma er et tysk firma, som fremstiller overvågningssoftware og udelukkende sælger det til regeringer. Det er vigtigt at bemærke at de fleste regeringer ikke har in-house kompetencer til at udvikle dette software. De mindre har ikke ressourcer eller ekspertise, og derfor er der et marked for vestlige virksomheder, som gerne vil sælge dem disse værktøjer og teknikker. Gamma er blot én af disse virksomheder. Jeg bør også nævne, at Gamma faktisk aldrig solgte deres software til den egyptiske regering. De sendte en faktura, men egypterne købte det ikke. I stedet brugte den egyptiske regering tilsyneladende den gratis demo version af Gammas software. (Latter)
When the government of Egypt fell in 2011, activists raided the office of the secret police, and among the many documents they found was this document by the Gamma Corporation, by Gamma International. Gamma is a German company that manufactures surveillance software and sells it only to governments. It's important to note that most governments don't really have the in-house capabilities to develop this software. Smaller ones don't have the resources or the expertise, and so there's this market of Western companies who are happy to supply them with the tools and techniques for a price. Gamma is just one of these companies. I should note also that Gamma never actually sold their software to the Egyptian government. They'd sent them an invoice for a sale, but the Egyptians never bought it. Instead, apparently, the Egyptian government used a free demo version of Gamma's software. (Laughter)
Det her screenshot er fra en salgsvideo som Gamma har produceret. De understreger i virkeligheden, i en relativ smart præsentation, at politiet kan sidde i et kontor med air-condition og overvåge andre på afstand uden at de har nogen anelse om hvad der foregår. Lyset på dit webcam vil ikke blive tændt. Der er ikke noget der indikerer at mikrofonen er slået til.
So this screenshot is from a sales video that Gamma produced. Really, they're just emphasizing in a relatively slick presentation the fact that the police can sort of sit in an air-conditioned office and remotely monitor someone without them having any idea that it's going on. You know, your webcam light won't turn on. There's nothing to indicate that the microphone is enabled.
Det her er den administrerende direktør for Gamma International. Hans navn er Martin Muench. Der er mange billeder af Hr. Muench. Det her er nok mit favoritbillede. Jeg zoomer lige lidt ind på hans webcam. Du kan se, at der er et lille klistermærke over hans kamera. Han ved hvilken type overvågning der er mulig, og han ønsker helt klart ikke at det bliver brugt mod ham. Muench har sagt at hans intention er at hans software bliver brugt til at fange terrorister og lokalisere pædofile. Han anerkender naturligvis også at når programmet er solgt til regeringer, har han ingen måde at vide hvordan det bliver brugt. Gammas software er fundet på servere i mange af verdens lande som har en grusom historik, og mange krænkelser af menneskerettighederne. De sælger deres software i hele verden.
This is the managing director of Gamma International. His name is Martin Muench. There are many photos of Mr. Muench that exist. This is perhaps my favorite. I'm just going to zoom in a little bit onto his webcam. You can see there's a little sticker that's placed over his camera. He knows what kind of surveillance is possible, and so clearly he doesn't want it to be used against him. Muench has said that he intends for his software to be used to capture terrorists and locate pedophiles. Of course, he's also acknowledged that once the software has been sold to governments, he has no way of knowing how it can be used. Gamma's software has been located on servers in countries around the world, many with really atrocious track records and human rights violations. They really are selling their software around the world.
Gamma er ikke den eneste virksomhed. Som sagt er det en industri som er 5 mia. USD værd. En af de andre store virksomheder i industrien er et italiensk firma ved navn Hacking Team. Hacking Team har nok den smarteste præsentation. Deres video er meget sexet, og jeg vil vise et klip, bare så I kan få en fornemmelse af både hvad deres software kan og hvordan det er markedsført til deres regeringskunder.
Gamma is not the only company in the business. As I said, it's a $5 billion industry. One of the other big guys in the industry is an Italian company called Hacking Team. Now, Hacking Team has what is probably the slickest presentation. The video they've produced is very sexy, and so I'm going to play you a clip just so you can get a feel both for the capabilities of the software but also how it's marketed to their government clients.
(Video) Fortæller: Du ønsker at se gennem dit overvågingsmåls øjne. (Musik) Du er nødt til at hacke dit mål. ["Mens dit mål surfer på nettet, deler dokumenter, modtager SMS'er, krydser grænserne"] Du er nødt til at ramme mange platforme. ["Windows, OS X, iOS, Android, Blackberry, Symbian, Linux"] Du skal overvinde kryptering og indsamle relevant data. [Skype & krypterede opkald, målets lokation, chats, forhold, web browsing, lyd & video" Mens du forbliver skjult og usporlig. ["Immun overfor sikkerhedssystemer. Skjult infrastruktur til dataindsamling"] Implementeret over hele landet. ["Op til flere hundrede tusinde mål. Styret fra ét sted."] Det er præcis hvad vi gør.
(Video) Narrator: You want to look through your target's eyes. (Music) You have to hack your target. ["While your target is browsing the web, exchanging documents, receiving SMS, crossing the borders"] You have to hit many different platforms. ["Windows, OS X, iOS, Android, Blackberry, Symbian, Linux"] You have to overcome encryption and capture relevant data. [Skype & encrypted calls, target location, messaging, relationships, web browsing, audio & video"] Being stealth and untraceable. ["Immune to any protection system Hidden collection infrastructure"] Deployed all over your country. ["Up to hundreds of thousands of targets Managed from a single spot"] Exactly what we do.
Christopher Soghoian: så, det ville være sjovt hvis det ikke var sandt men faktisk bliver Hacking Teams software solgt til regeringer i hele verden. Sidste år opdagede vi f.eks. at det er blevet brugt til at ramme marokkanske journalister af den marokkanske regering Det er fundet i rigtig mange lande. Så, Hacking Team har også arbejdet for at komme ind på det amerikanske marked for retshåndhævelse. Indenfor det sidste års tid har virksomheden åbnet et salgskontor i Maryland. Virksomheden har også ansat en talsperson. De har deltaget i overvågningsindustriens konferencer hvor embedsmænd indenfor retsområdet også deltager De har talt til konferencerne. Det jeg fandt mest fascinerende var at de faktisk betalte for kaffepausen på en af konferencerne om retsvæsnet tidligere på året. Jeg kan ikke sige med sikkerhed at Hacking Team har solgt deres teknologi til USA, men jeg kan sige, at hvis de ikke har er det ikke fordi de ikke har forsøgt.
Christopher Soghoian: So, it would be funny if it wasn't true, but, in fact, Hacking Team's software is being sold to governments around the world. Last year we learned, for example, that it's been used to target Moroccan journalists by the Moroccan government. Many, many countries it's been found in. So, Hacking Team has also been actively courting the U.S. law enforcement market. In the last year or so, the company has opened a sales office in Maryland. The company has also hired a spokesperson. They've been attending surveillance industry conferences where law enforcement officials show up. They've spoken at the conferences. What I thought was most fascinating was they've actually paid for the coffee break at one of the law enforcement conferences earlier this year. I can't tell you for sure that Hacking Team has sold their technology in the United States, but what I can tell you that if they haven't sold it, it isn't because they haven't been trying hard.
Så, som jeg sagde før, så vil regeringer som ikke har ressourcerne til at bygge deres egne redskaber købe færdigt software til overvågning og af den grund kan du se at f.eks. Turnesien måske bruger samme software som regeringen i Tyskland. De køber allesammen det samme. FBI i USA har et budget til at bygge deres egne overvågningsteknologier og i mange år har jeg forsøgt at finde ud af hvordan FBI hacker computere der tilhører deres overvågningsmål.
So as I said before, governments that don't really have the resources to build their own tools will buy off-the-shelf surveillance software, and so for that reason, you see that the government of, say, Tunisia, might use the same software as the government of Germany. They're all buying off-the-shelf stuff. The Federal Bureau of Investigation in the United States does have the budget to build their own surveillance technology, and so for several years, I've been trying to figure out if and how the FBI is hacking into the computers of surveillance targets.
Mine venner i en organisation kaldet "the Electronic Frontier Foundation"-- de er en civil samfundsgruppe-- har skaffet hundredevis af dokumenter fra FBI som indeholder detaljer om næste generation af overvågningsteknologier. De fleste dokumenter var stærkt censurerede, men som det ses af mine slides, hvis man zoomer ind, så står der: "Remote Operations Unit." Da jeg først så det havde jeg aldrig hørt om den enhed før. Jeg har studeret overvågning i mere end seks år. Jeg havde aldrig hørt om det. Så jeg lavede noget online research, og til sidst ramte jeg en guldåre da jeg gik på LinkedIn, det sociale netværk for jobsøgende. Der var en masse tidligere statslige ansatte som engang havde arbejdet for "the Remote Operation Unit", og som beskrev hvad de havde lavet i deres tidligere jobs overraskende detaljeret i deres Cv'er. (Latter) Så jeg tog den information og gav det til en journalist som jeg kender og stoler på fra Wall Street Journal og hun var i stand til at kontakte flere andre tidligere ansatte i retsvæsnet som fortalte om deres baggrund og bekræftede at FBI har et dedikeret team som ikke laver andet end at hacke computere som tilhører mål for overvågning. Ligesom Gamma og Hacking Team, er FBI i stand til, på afstand, at aktivere webcams, microfoner, stjæle dokumenter, få browsing information og lignende.
My friends at an organization called the Electronic Frontier Foundation -- they're a civil society group — obtained hundreds of documents from the FBI detailing their next generation of surveillance technologies. Most of these documents were heavily redacted, but what you can see from the slides, if I zoom in, is this term: Remote Operations Unit. Now, when I first looked into this, I'd never heard of this unit before. I've been studying surveillance for more than six years. I'd never heard of it. And so I went online and I did some research, and ultimately I hit the mother lode when I went to LinkedIn, the social networking site for job seekers. There were lots of former U.S. government contractors who had at one point worked for the Remote Operating Unit, and were describing in surprising detail on their CVs what they had done in their former job. (Laughter) So I took this information and I gave it to a journalist that I know and trust at the Wall Street Journal, and she was able to contact several other former law enforcement officials who spoke on background and confirmed that yes, in fact, the FBI has a dedicated team that does nothing but hack into the computers of surveillance targets. Like Gamma and Hacking Team, the FBI also has the capability to remotely activate webcams, microphones, steal documents, get web browsing information, the works.
Der er et stort problem med at regeringer begynder at hacke, og det er at terrorister, pædofile pushere, journalister og menneskerettighedsforkæmpere alle samme bruger den samme type af computere. Der er ikke en "pushertelefon" og der er ingen "journalistcomputer". Vi bruger alle den samme teknologi og det betyder at for at regeringer har mulighed for at hacke computere som tilhører fjenderne, også er nødt til at være i stand til at hacke vores enheder.
There's sort of a big problem with governments going into hacking, and that's that terrorists, pedophiles, drug dealers, journalists and human rights activists all use the same kinds of computers. There's no drug dealer phone and there's no journalist laptop. We all use the same technology, and what that means then is that for governments to have the capability to hack into the computers of the real bad guys, they also have to have the capability to hack into our devices too.
Regeringer fra hele verden har tager denne teknologi i brug. De har taget hacking i brug som en teknik til retsforfølgelse men uden nogen reel debat. I USA, hvor jeg bor, har der ikke været nogle høringer i kongressen. Der er ikke vedtaget love som specifikt autoriserer denne teknik, og fordi det er så stærkt et værktøj som har potentiale for misbrug er det vigtigt at vi har en informeret offentlig debat.
So governments around the world have been embracing this technology. They've been embracing hacking as a law enforcement technique, but without any real debate. In the United States, where I live, there have been no congressional hearings. There's no law that's been passed specifically authorizing this technique, and because of its power and potential for abuse, it's vital that we have an informed public debate.
Mange tak.
Thank you very much.
(Bifald)
(Applause)