Earlier this month, our CTO IPVanish here, Josh Gagliardi, had a chance to sit and chat with Nathan White and Drew Mitnick Access Now. A new partner IPVanish, Access Now is an open advocate of the Internet, working tirelessly to help those trapped in circumstances where the free and secure digital communication is unavailable. During the discussion, Nathan and Drew talked about the kinds of issues that directly addresses Access Now (D-OR) pro-crypto US legislation Senator Ron Wyden, social activism of IPVanish, and the growing importance of encryption in day of daily life. Listen to the podcast now or read the full transcript below.
Transcript
Josh IPVanish: agree, we Live
Nathan White of AccessNow :. So ... this is Nathan White, Senior Legislative Director to AccessNow and I'm here with my colleague Drew Mitnick who is our legal counsel of politics in Washington, DC
We are by the annual RightsCon in Silicon Valley and we'll talk a little about what is happening at the conference
first, just by way of introduction ... I really like our origin story and it is one of the reasons I came to work for access [Now], so I like to tell people this story. (0:31) We were founded in 09 during the Iranian election. You may remember he was the one with the green thumb, you saw all the newspapers.
This was before the WikiLeaks really exposed rampant corruption in the Middle East, but people saw corruption. The area was very upset. But it seemed that democracy would take over in Iran. It looked like the election was really change things and it was an exciting time. Unfortunately, this was not the case. The election results were announced and it was not, "Oh, they won by a hair," it was a landslide. We won 97% of victory, or whatever it was. I would have done the check percentage. And so people were really, really upset and really angry.
And in 09, it was when people started using Facebook and Twitter, and they were seen as something that people were wasting time. But now, in this circumstance, when the government controlled much of the media, it was how people shared information on electoral fraud and how they organized demonstrations and rallies, and how journalists able to obtain information about the country. People do not subscribe to a newspaper to get their news, they subscribed to people on Facebook to read (1:42) their updates and blog post.
the government has responded to this new threat by simply cutting the country from the Internet. We were founded by a group of international technicians who have been offended by this and who got together and said we can work around that. They do not do a very good job. It was a DNS failure.
So they started building tools and educate people about tools such as VPNs and how you get around these blocks so you can participate in your democratic rights , your free speech rights. From there ... they institutionalized and formed a global helpline for most at-risk users worldwide.
We have offices in the Philippines, Tunis, and Costa Rica. We follow the sun, so if someone asks us for help we stick with them until we are able to solve their problem. We have helped people in more than 0 countries, nearly 100 countries. I think we work in dozens of languages. And I think we are about 1300 cases of phone support in the past year. I have not looked at the numbers in a short time. This is our first thing that our organization does; However, we continue to find that the people who are most at risk in places like Syria and Saudi Arabia are affected by political decisions made in places like Washington, DC and Brussels.
So, we have expanded to open the stores policy. We operate in New York at the United Nations; Drew and I work in the office of Washington, DC around the Congress and we have an office in Brussels. We also have regional offices in Kenya and Latin America, and our director of world politics is actually based in India. (3:50)
Because we operate this assistance, we do not do technical support for the average person. This is simply an impossible task, especially to the world. We focus on using the most at risk users who have specific problems that we can help. And rather than advertising worldwide, we operate through a network of partners and organizations that are able to recommend that people call us regional.
It is very difficult for us, if someone calls us in Syria to identify who they are and they are who they say they are. Therefore we rely on our partners to say, "Yes, we know who that person is. They are in a situation, you need help. "
Because we have this global network of organizations, we have a deep, I like to think [as an ] ear to the global, we 're able to listen to our friends so that it is difficult for an American operational organization they can care for their partners in the world, but they do not have the same connection
so we organized this conference-.. RightsCon - to to bring together global networks . While people can meet, they can talk with each other, and they also have a chance to interact with high-tech businesses and world leaders who are here.
We currently have about 10 sessions in progress at any given time, but some of the best stories we receive is people say, 'I met someone in a corridor, "or" j 'had a conversation with someone of the global south that I never would have met otherwise. "
I just heard a story of someone who was chatting with a woman in one of our sessions disability who was both blind and deaf. And she had an assistant typing in what was said, and then she read Braille. and then she talked how hard it is for her to participate in civil society because things like Twitter and Facebook are not built for this.
and we were able to hear it, and within 0 minutes, the connect with people on Twitter and Facebook, to discuss the special needs and really make these connections. (5:30)
so what makes it so exciting to be here in RightsCon of these global communities to come together and really tackle issues directly , not 'us will identify problems, "but" we will get to problems we will fix the problems . Let's do it now. "It is a very practical approach.
And the thing I'm most involved here is what we call the CryptoSummit 2.0. It is a bit a side event to RightsCon here, but as I mentioned, our main problem is the global hotline. one of the first things we do with our global helpline is immediately when someone contacts us, we move them to an encrypted channel so that, by contacting us and talk to us, we put them at greater risk.
We use encryption to help people and save lives around the world. So we really understand the value of encryption activist level.
and it is our job, Drew and my job to ensure that this is reflected at the level of world politics. to get him out of the abstract either privacy with respect to safety or security from the security but [that] there are real people who are affected by this. It is illegal to be gay in Saudi Arabia, a court may obtain a mandate, a legal, valid warrant to say "open the phone because we think that this person might be gay. And we will cause problems for them. "Potentially fatal problems. (6:50)
We held the original CryptoSummit in July of last year, we brought together technologists and government officials and law enforcement in civil society to say, "what are the issues that we really face?" There is a very superficial conversation go dark if the law passes the government to force Apple to assist in the enforcement unlock a phone.
This is an important conversation, but there is also a superficial conversation. Because there are many other issues. for example, in the case of the Apple iPhone in San Bernardino, ultimately, they are not, they do not need the help of the court to open this phone because they were able . hack their own
This raises a different set of questions about when the government should hack phones; should they build a team that will hack a phone they need throughout the country? Should we build a great team to break US software as it is released so that they are able to enter it when they need? What are the obligations they have to disclose these vulnerabilities to business? There are a number of deeper issues that we have not been able to enter because we were stuck in this superficial level.
And CryptoSummit 2.0, we challenged people to address these deeper issues. And we had a fantastic day talking with some of the brightest engineers and security people from all over the country. It was a bit tiring because we really did work, but we drove to the results and we are now working to make the results of these conversations in the documents that we can share with the world.
We also heard Bruce Schneier who had great comments. And we had the chance to hear Senator Ron Wyden which addressed the CryptoSummit and talked about the encryption debate in Washington, DC before moving to a larger session RightsCon general and made a truly amazing speech and a pretty important announcement of the policy. And for that, in fact, I feel like I've been drooling for a while, so I think I want to put Drew, if you want to talk about the Senator's speech, if that makes sense?
Drew Mitnick of AccessNow: Yeah, so he gave, I think, as you said to Nathan that the speech of Senator Wyden has been the one of the highlights. And I think it will be one of the highlights of the conference points. And it has always been a strong defender of freedom and liberty, especially about the American context. And we certainly have a lot of international guests to RightsCon, but I hope for them, it's inspiring to see a politician who is so willing to put there.
So he announced a pact for security and freedom in the digital age, which is a five-point plan that he plans to be the essential elements for the protection of liberties and freedoms were placed at the door in some respects by the intelligence community, and the move towards strong safety wall-abstraction protections. (10:07)
And the first element is the Secure Data Act, a bill he introduced in 2014, and that it is prohibited would the government require companies to weaken their security measures in thinking about encryption, in thinking about the case of San Bernardino, where the FBI evidently trying to force Apple to bypass their encryption. This law would prohibit this happening. And I think the appeal of it is people say well, of course, we avoided a major confrontation in this case, but there are a number of other cases in which the FBI is looking for iPhones information and we know now, from Androids and using all writs Act.
Therefore, there is this persistent question Well, what's next. What the FBI is going to do and if we adopted this Secure Data Act, the resolution then. And vision of Senator Wyden, who is a safety issue with respect to enhanced security.
He also spoke of the Third Party Doctrine and tries to go beyond what many people see as an antiquated concept. This idea that if you submit information by a third party service provider, you automatically lose the constitutional protections of privacy ...? It does not sit right. And so, Senator Wyden spoke of the Supreme Court and their approach and what he plans, but I think that is inherent in the construction of a movement that recognizes that we still care about our private information, even if we share through our service providers. And the stronger we are about it, I think it makes a statement both the Congress and the Supreme Court.
He also spoke of the increasing power of Congress to investigate the surveillance. It was one of the few members of the Senate Committee Intelligence was a vocal protector of privacy. And I think he sees part of the problem is the lack of opportunities for staff to actually engage and ask the tough questions in a way that has only been able from time to time. He also spoke of some of the more obscure attempts to increase the authority of law enforcement to access information, so he speaks of what is called Rule 41, which would expand the powers of Court to issue warrants for information from potentially millions of computers in some way in a sweep.
And there was not much resistance to this, because people do not really know about it. So, awareness is so critical to the question of whether it is a movement that is appropriate or not. And he finally just spoke of the need to hire more people with the consciousness of privacy in the law enforcement, so if you think of the Snowden revelations people said, "Well, why not try Snowden go into the higher ups? "and I think the answer is pretty obvious that there was resistance to the idea that what was done was wrong and that it was a violation of human rights .
I think it exposed, which in his opinion would be through these five points would be a radical change and would be an important step for the protection of privacy and freedom and, at least to United States and hope to establish a standard too broadly
:. Josh I think you can see some real energy and some forward progress, and I think this was especially energizing the conference at a time with, when talking about the San Bernardino iPhone, when you can really see that there were a number of articles and claims that were at worst absurd and better at the wrong time or exaggerating. They genuinely prepared in advance and this act of opening only one phone was an excuse to make. And we have a number of emails that became public that indicate the "yes, we need to keep you safe, citizens of rhetoric was prepared.
And we have seen some absurd examples since the phone was broken in now. I did not hear a track whether the pathogenic agent cyber threat is actually going to overwhelm us all, or if they were somehow able to "save us from this."
And so it is energizing to see a room full of people who understand that the story is not necessarily shaped by people with citizens' privacy in mind. We understand that it is the view of enterprises, the view of the government, the citizens' perspective. They all have obligations, including different motivations. And then we need to ensure that people get what they need, it is important for citizens to be part of the conversation.
So this was an opportunity for a lot of people the citizen activist side and the government and enterprises, service providers to talk about what is needed to keep the entire work thing, but at the same time to balance the rights and needs of people in the world, not just in the US
I think it's a good thing if US trends to be an environment welcoming to privacy and security for people everywhere, rather than being considered as the executor where none of your data is safe, I think it was a real danger. Perhaps the real danger to the reputation of the United States in light of the information Snowden, was the idea that we were not being beacon of freedom in a police state
Drew :. Uh- huh
Josh :. And it is good that the law is still strong in the US, but I hope that actions like what Senator [Wyden] took yesterday to swing the pendulum a little more towards compliance the rights of individuals and the needs of individuals, both here and around the world. (4:38 p.m.)
Nathan: Well, Josh, that raises a question for me IPVanish certainly works in this space of digital rights protection people . I know you guys are also quite involved in, I do not know if it's fair to say the part of civil society, but you do more than just sell a product; you get involved, and you participate. And I wondered, why is this? Is it a part of your corporate culture, or is it something that comes over the top, or is it you hired a lot of people who feel passionately and want to get involved
Josh well, I think one of the great blessings of VPN as a business is that it is a situation for us all software engineers libertarian views that we hold from the end of the working day at the beginning are aligned with those we hold during the work day.
so I think we, as technologists and as network providers, we are often irritated by the actions of different groups that seem to impose heavy restrictions on people. And VPN is a situation where we can go out and be a little militant and still be a business.
For example, we discussed earlier, we can see that the Government of Turkey takes a swing toward authoritarianism and begins to try to disconnect from the Internet. It is a situation where we can productively respond by saying, you know, we need all our website translated into Turkish immediately to ensure that our VPN service works well there. And if dialogue about government corruption will happen, we will encourage and enable this dialogue. So even if they are only modest gains in subscribers, the energy to focus on issues such as was and is just a lot of fun as a VPN provider. (18:15)
Nathan: I have no idea how many new customers you would get in Turkey, but I think it's fair to say the least, that customers outside Turkey appreciate this kind of behavior. Because if you use a VPN, these are things that concern you. You want a VPN not an organization that you fear may actually be the NSA in disguise, you want a VPN that truly believes in the things that you use a VPN. And seeing IPVanish get up and help people in Turkey, I think, is reassuring to everyone.
But let me ask you another question. We work with the FCC in Washington DC and we worked on net neutrality issues around the world, and a lot of times we hear, especially Internet service providers, "We must be able to control our network so that it works for everyone. "This could be the deep packet inspection or it could be capping the bandwidth, or perhaps the data cap limitations.
VPN were used to bypass a lot of this. You create an encrypted channel to the Internet so that your Internet service provider, which is hosting your network can not see what you do. How do you manage the network without doing all those things that ISPs claim that they must do to operate the network
Josh. in particular, the desire of the ISP is blocking and inspecting packets If you examine their motives, much less to do with the difficulty of network operations, then it does with the monetization of these flows. (19:50)
Nathan . Uh-huh
Josh what do they really want to do is maintain a model with two business faces, they are not only charge subscribers for access, they are in charge of media companies for access to subscribers and now they 're opening a third business line , mining all subscriber data.
and I think if you look around the actions of the FTC and advertising codes and things like that, what you will see is an industry that is desperately trying to avoid real regulation by claiming self-regulation but be very, very non-transparent about the details of what they do or what they are not. But I think anyone who has had the experience of, for example, looking where they could go for a vacation in one window and have pop-up ads in Facebook immediately in the other window to suggest these places for vacation, know that the level of data sharing is happening is certainly not something that is in the interest of many subscribers. And perhaps it is outside the limits of what we pay our Internet service providers. (20:58)
Because we must remember, ISPs do not give us free access. They charge us for it. Which means they can take certain charges to be really on our side rather than just their own. (21:12)
Nathan : I would say you hire a company to build a driveway for get the last mile of your home. You do not let them follow you wherever you go
Josh :. True
Nathan :. I feel like we should know everything we speak in San Francisco right this moment, the FCC is meeting to consider the opening, they call it a draft decision notice rules on the issue of privacy broadband to establish rules on how ISPs are allowed to follow you and sell the information you have.
We will work with a coalition in Washington, DC, to ensure that these rules are as strong as humanly possible given the political realities of an election year when the commission will reset quickly enough. But we must continue to talk once we see what the FCC does and where he goes
Josh :. I think we will probably see a predictable pattern, where we'll see a crazy race to prevent the regulation followed perhaps some rules in the service industry to be excoriated in public comments and maybe is set to something reasonable
Nathan :. If there's enough time. The president ... is now the end of March, so that means 8 months to get there. ISPs have just run out the clock. And if they can say, "Oh, FCC will regulate the Internet and start coming after the leading vendors," and try to really get upset people, they may be able to slow We'll see what. happens
:. Josh Perhaps, yes. But with IPVanish as VPN provider, we take absolutely the idea that your ISP is not always on your side . and tunneling your packages safely from your ISP is something that, if you want to buy as a collection service, we think you're absolutely right.
Facts the provisions of logging has changed in the world, at some point, in a European country of their directive of the proposed logging was actually connect everything forever - it certainly was 2 years and we have been. approached by a small ISP in this country to say, "We want to differentiate ourselves by not spy on our subscribers, could you please stop any traffic load on your ISP's global network center in Amsterdam ? " So we have, if someone asked the log files, we could simply say, yes we kept the log files on everything and the answer is - everything went straight to IPVanish
Nathan :. Uh-huh [
Josh And so we were a little sad when they fell because we really wanted to do this. We thought encrypted Internet security to all kinds of espionage is something we think is right and we are here to support. (24:02)
Nathan :. I certainly believe that people become more aware of what is happening, they demand more and more
it used to be, even email is not encrypted. If you were on an open Wi-Fi at a Starbucks, people could watch and read your email that you sent out.
0 Komentar