while we were rallying around trayvon ened with martin we had a rally in cincinnati, i got a text message introducing re legislation in columbus for ohio ground so we your are fighting and we launched 10,000 signatures and we are issues.g those but the black caucuses do have an agenda and our agenda is to get permanent things in the constitution. we are challenging our friends and coalitions. we have been there with you. we ask that you be there with us make these things permanent. >> the reason i think that is a is because in ue v gore decision in 2000 calia said the constitution doesn't question a person the right to vote. if ays you cannot be denied

you are a person of color or if it comes to your sex. have figured out if you pass a constitutional state, voting our law is based on what happens statewide versus nationally. >> i'm president of the baltimore teachers union. i'm the only non-elected state official here. there are others. labor and we th a great progressive state but we believe that civil right and that it is important that we great teachers to our students. that doesn't union support great education. we support haven't teachers in classroom and we know the to way out of poverty is

have great teachers in front of our students. rid of bad get teachers and educators? >> absolutely. to be a due process to have them find another place of employment. no, i say find another profession. believe me, there has to be a ot of staff development for teachers. we have different programs that certifications. these teachers need support. we can't just give them six training or two weeks of training and think they are able to educate our children. there are a lot of culture differences. don't degree up in the neighborhood you don't understand when when say what's up. we need professional development. that is what we are about. we are about supporting classroom and he making sure there are choices

parents. we are about building coalitions and working with the community wraparound services. teachers ve in great but some people have to go. i know some administrators that go.e to i find many journalists -- let's be clear. .e is next >> one of the things i heard these issues is education and charter schools with charter m schools -- and i'm not opposed to them. mind andin terms of my perspective on education but they are not required to offer and reduced lunches or transportation. they are resegregating our system economically, racially and in many other respects. all, some.of is that it your state or every

state? and many others. the thing we need to look at is system may ucation be failing african-americans our system is failing all americans. stem forces t the f signs and places like shanghai is scoring well we ought to be talking about day and ng the school year round schools and get tivizing education to the best and brightest teachers n the classroom and the top 5% are there. not that we don't appreciate those there today but many glass ceilings have been broken and ome that would have attracted education 40 years ago are going to other mainstream opportunities. >> why can't we talk about all opposed to saying talk about this, what i'm saying s i think that is part of the

problem. what should be on the table is traditional and public, khaertd, -- charter, magnet. ome school, online, voucher, then once you get in education in erent teaching methods terms of one size fits all. the ave what happened with kit method. i believe what works works. when we start limiting the we are limiting opportunities and i get your point about competing with but i'm talking about in america when black kids are behind theirr kids white counterparts i can't worry if i'm mebody in china worried about somebody in the suburb and i live in dallas. don't disagree. we have to have an open mind. if we don't have a child reading grade we know when they are in eighth and ninth they will drop out and then they will other criminal activities and probably be in the department of corrections.

learned with the civil rights movement when the barriers were torn down is that have capital, access to capital, entrepreneurship. access to credit. to broaden our perspective to look at pportunities to empower wealth building within the african-american and latino communities. >> i agree. build workers if you don't have a high school diploma. >> i agree. i was in prison for 4 1/2 years. first of all i want to thank you a chance to look at you for four years on cnn. >> they have tv 1 in the prison, ok. legislator.rmer i'm glad i went to prison because i got a chance to meet the brothers. a lot of folks thinking crack cocaine babies and lah, blah, blah

da-da-da. i had a chance to do some research and found out who do it to us and it really hurt me because it was us who did it to ourselves. len bias. after he died you saw those passed and many members voted for them not effect. be the >> a bill never passed that fast. speaker.ll feels the his district went home, came with n 24 hours congressional black caucus joined with him and put it together. if you had like a half ounce ou got five years, 10 years, mandatory. judge couldn't do anything about it. the point is this. brothers were good there, they taught me a lesson. they taught me a lesson that didn't like us because we didn't have a relationship with them. making is we've got to get the family back together. folks are not our

voting because they don't have any respect for us or with us.hip we know they have done some things they maybe shouldn't have done. some are innocent as my friend said here as well. we are a t pull -- football team and have our folk are not in the game. e have to get them become in the game and -- back in the game game.et them back in the we have to read the book by the hlaw and in im crow c.c.a., idaho just showed what you to do. kick them out. i'm going iate t. over here with a question. i'm coming back to you. row. to the front >> i'm tanya cook from nebraska.

half of the ne black caucus in the nebraska community. >> i was going to say there are five of you in the whole state. i jeff stated so there are two overstated so there are two. >> one-third of the black omaha live in poverty. i was a question invited by your question. adopted charter school legislation. is written policy now there is no expressed rohibition from going out and creating a charter school. our challenge -- and we had a lack of a ght for better way to describe it this paying nebraska -- is for public education in a state taxes e rely on property and supplement it with state aid from seams and income tax -- tax. and income certainly i want to include any nd all techniques and institutions and access mechanisms to public education

a good education. how do we pay for it? i describedady what as fighting on the floor for rumbs to subsidize our education. out there.ut this whenever i hear that particular also remind folks is there is a failing school that is getting some money some way. so, when i look at numbers, i don't base it on test scores. we know how kids are reading and happening with math. if there is a school that has 80% or 00 students and 90% failure rate in the school, formula that he particular school is getting a budget allocation. a question of t don't take money out. what is happening at that school that $3,000 or $6,000 per

how i look at is is at it. i'm looking at what is failing and how you deal with that versus if you have a school where you have a 50% that is a different conversation. >> i don't want to walk out of as the charter school guy because i -- >> i have no problem with it. a lot of aspects of charter schools that don't work any agree with roland school that is not working needs surviving.ouble but in terms of funding and resegregation observations made, i get confused by those concerns sometimes. n the resegregation under you look at atlanta where 10 years yearsere were about -- 15 ago -- there were 60,000 children in the public schools 5,000 were white. children all e attended, 90%, attended about four schools in the city and the

black children were scattered in all the other schools that were 99% black. i'm oversimplifying a little but is basically that way. today, 15 years later, you have children in the public school system. the population is growing, back what it was 40 or 50 years ago, the public school population is going down. those abandoning public schools are middle class african-americans because the time folks left a long ago. now you have whites like me coming become in through some -- back in. but when i hear some concerned ra charter schools are restkpwraeutding the -- resegregating the schools, segregated ols were already it is the traditional system that went back to being a overwhelming l overwhelmingly segregated world. i don't know how it can be that further native ends up segregating something that is -- t 100% cigarette

segregated. >> schools are based on a eighborhood concept and when they are largely white, black or hispanic your school will be that. you are going to bus people or make it against the neighborhood wuone and i don't think we are going in that direction. legislators schools should be hugely cautious about there will be people who will start charter schools for bad purposes and there's got to be something that polices against that. a rigorous process. >> the ku klux klan shouldn't be start a charter school we all agree. you know what i'm saying. said is the nd basic answer and that is it really is, i think, a red to say charter schools are taking money from conventional public schools. money around and moving money away from schools people whatever reason are less inclined to go to and there are some possible problems.

these are public schools that everybody can attend. the money that goes to them is still money that is going to public schools. hey don't significantly increase the cost of systems. if they do somehow but it means more seats in classes where children are learning, i don't know how you can argue that. >> question? >> statement. >> statement. >> from st. louis, missouri, house of representatives. missouri is we have this fight with education as well. is a huge fight with labor and all of the educators, principals that are involved. we had a problem with charter schools. fear that in charter schools spread to every part of the state it will cause failure schools because charter schools were not performing. were hough public schools not good charter schools were not performing at the level

public schools were. we had a couple of charter schools that began, they are for-profit even though public we had a couple of closed withols that significant amounts of money and the kids were left standing that issue had to be addressed. one of our legislators, used to nbcfl, but we had a charter school refo reform. so we put some things in place. didn't say we didn't want charter cancels any more. we -- schools any more. we said if we are going to have them we put legislation in place to protect children. new we are addressing an issue about virtual schools. important but at the same time the focus needs it be on the children. facing issue that we are in education is we are asking the parents to weigh in because pass education reform this session starting in january parents. asked the

so, parents are getting together to writing what they want see in legislation for their children. think that we as legislators we represent a bid of people and formula back to the that the government is for the the people,e say we let the people get involved in ly t we are doing legislative because they hired us to do a ob and we forget aware making decision -- we are making decisions for them but not including them. parent groups provided information they want to see in legislation. i think that will be the answer. 100%.gree y six nieces go it a virtual school. three elementary school, middle school, high school. the driving to get them here and there it is like ou go it school at home on the laptop. but the thing is what is the

choice. and does it work. that is is one thing it bills down to. last statement or question we could take. i will leave with you there because we talked about in terms of narrative and strategy and i can tell you some of you in the and i know ne this alicia i have had her on my radio show how and and senator vincent houston of depending on the issue. one thing you should accept a ht now is there is significant block media iparatus in this country that think many of you are not utilizing. if you look at the fact that you tom joyner, yolanda, reverend sharpton, i have a sends indicated show. haoubley. -- black would

be sites. you have an apparatus that is to get ere you are able information out. when something happens in florida, alan williams will text call me and say this is what is happening. we need some attention on this here. not using the apparatus you are not going to get the story out. means being able to make contact with folks at those places. it, ssume cnn didn't cover stocks, abc, "washington post," "new york times" but when you ook at the number of black websites and the number of block radio stationsck we have a substantial apparatus that is there. so, if we don't know what is happening in your state, if we is, t know what the issue you can't system that we do. when something happens in ohio ahreulicia says this is going down, we need 300,000 signatures

stop that from going in effect we put the word out and it was like we need it in a week. i would encourage you when you you ck as an organization, should put together really what apparatus ck media and who are all the contacts and et your members any so when something happens they are e-mailing us and letting us know able e that is how we are to respond to something. hit me after the fact when a passed in louisiana and north carolina does nothing. defensive.on the letting us know before something asses when it is in committee and going up for a vote allows audiences nize our and folks to bring in troops and support. they couldn't depend on to be the onlyon voice so we need your help, this s fine, give me the

information. as an organization i will leave with you this charge. ou should put together that national black media apparatus and every member gets it so you how to contact people to get those stories out there to inform folks. to thank our panel. give them a round of applause, please. pl [applause] being with us.r mr. president, we are done. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2014]

>> our message was this. as mothers we are concerned. ladies we are committed. world we s of the pledge to do all that is possible to stop this scourge. >> however different we may appear there is far more us than divides us and we are here to find common that we may help bring womengnity and respect to and girls all over the world. such a vital are part of that very conversation all se in the coming years of you will be building the pwebusinesse businesses. making the discoveries and draft being the moveand policies that will our countries and our world forward for decades to come.

starting january 13 our original series first ladies and image returns with the favor most recent first throughrom nancy reagan michelle obama. that is man 9:00 eastern on c-span 3 and c-span c-span.org. >> next a group of security authors and privacy advocates discuss privacy and intelligence. from the chicago ideas week this is a little more than an hour and a half. please s and gentlemen, welcome this afternoon's host, founder of hor and mrs. rebeccaonline mckinnon. realize this but 95% of people who are out there their internet using

smart phones and so on can be just fied and profiled by four interactions. through their mobile device. tweet, check your bank ccount, check -- ccount, check your e-mail or news feed some network has profiled you. the problem is a lot of collecting the did the -- data cannot live up to the and the data is you will ha vulnerable to hacking and any device can be hacked. computers or smart phones or tablets but that are ly our cars connected to the internet, home security system, medical devices, power plants, et cetera are all vulnerable to hacking. hacking is not just for criminals. hackers ts all employ

to dig up information on people country and people inside their country. as we have found from edward snowden, the security analyst ho has leaked a large trove of documents, our government, the national security agency, a lot of hacking techniques to acquire information. cases they don't even actually have to employ a company is e if in the jurisdiction of a government and the government legal authority to ask for this information, they can company.nd it from the so, there we are. so, i'm rebecca mckinnon voices er of global online and international itizens media network and also authority of "consent of the networks the worldwide struggle

internet freedom" and i will sign book of the the session is over. five brilliant individuals and all of us are you some e telling things that are a little bit scary. but the point is that knowledge is power. and if we want to change the way things are today, if we want to a world that we want to live in, you have to start by how this digital environment works, what the hreats are, who is exercising power. so, with that, i'm going to story in january of 1990, when very few people were internet. was anybody here using the internet in 1990? very good. in 1990 the berlin wall came down. and these photographs on the left and right are the ransacked offices of the secret police in

germany. as east germany again to fall went into these offices and ransacked the file. two years later the unified government declassified and people could finds out who had been spying on for all of those years. they found out that neighbors, lovers, es, sometimes sometimes spouses, styles a parents or -- sometimes a parent child had been informing on them to the secret police. very traumatic. 2009, the on to dny -- unified democratic berlin a politician exercises his right under german law to data from his mobile phone provider deutsche telekom movements over a six-month period. he takes this, gives it to a

and they create an interactive graphic which you on line still and it s got an entire log of his movements throughout that entire six-month period. the stazi's urse wet dream, right? and it didn't require neighbors lovers to betray anybody. dossier is digital being collected by all of us hat we are relying on for pretty much everything in our liv lives. a dick difference 2010 tatter ship and democracy ultimately in there digital age e do we have control over collected tion is over us? are we able to hold the information collectors accountable? do we understand who is collecting the information, how with whom ithared,

is being shared and how it is being used? f there is accountability around that and if this is happening with some consent of a citizenry, then you have chance of being a democracy. if not, you are going toward pretty fast. san francisco to pwhrblower who le was a former employee of at&t chiklein disclosed that agency hadl security uilt a secret room in that buildi building and the communication of millions of ordinary were being siphoned off into this secret room as hey passed through that building. and a number of organizations tried to sue the government. lawsuits still have yet to go anywhere. started to ting we

begin to get a picture of the that was going on, which of course how large that extent of the surveillance we are now coming thanks stand more fully to the leaked information by edward snowden. these n.s.a. facilities are country.re around the they are collecting data on a americans.ntage of now, of course, the internet, phones, are revolutionary. let's not deny that. technology has been used by citizens to overthrow get opposition leaders elected who would had no chance otherwise. technology is very empowering. at the same time, governments doing everything they can to use their power over the

networks that are within their jurisdictions to fight back. photos are from state security headquarters outside of 2011, soon after the where activists got in the headquarters and agents documents, left them behind. people were posting this on twitter. and er, there were rooms rooms of files left intact. people got in there and some found their own files. what did they find? text of stem cell script, message, skip conversation logs hey thought were secure, information about data they had been uploading and downloading on their nternet all service provider and mobile phone networks. that the nology egyptian government will bought naris by pany called boeing whose technology was used

n.s.a. in the at&t facility we later found from leaker. so, what is the point here? increasingly hat the relationship between citizens and their government is through the -- mediated through the internet and related technologies which largely developed, owned and operated by the private sector. you cannot assume that the is going to evolve in a way that empowers the citizen. to e want the internet evolve in a way that is compatible with democracy, with rights and kinds of ociety we want to live in, in which individual freedom is protected, we have to fight for it. for like you have to fight freedom if you don't engage in your society is being governed, whoever makes the most society shape that will shape it in a way to their greatest advantage. to be what we need

working on. now, as i mentioned, the confidentialing the sovereignty -- challenging the in reignty of nation states a lot of very important ways and governments are trying to fight back. but interestingly, this is a map that was developed recently by the oxford internet institute. this is, is they took -- resized all the countries internet heir populations and color each country according to which is the most visited website in that country. the red, those are all countries where google is the most popular. all of the blue is where facebook is the most popular. is a big green because that is the chinese internet

company. see is really interesting that except for hina, kazakhstan russia and korea the most dominant in the other are american. now, you combine that information with what we are n.s.a. has out the toatively unfetterred access information of communications websites. on these and while there are arguably how they can over access and what they can do with american ation of citizens and so-called u.s. in ons or those who reside the united states, there is virtually no meaningful control how whether they do and they collect information of non-u.s. persons. person andnot a u.s. you are looking at this map and you are thinking about this map

context of what we learned from edward snowden, you ight be starting to get pretty mad and you might be starting to eel there is a real power imbiologici imbalance her. in fact governments are pretty mad. this is the president of brazil unitedently spoke to the nations and accused the united international g law for completely failing to of anybody privacy who is not an american on the internet. why does this matter? if you are a an american why do you care if the privacy rights non-americans are being disregard disregarded. is the international telecommunications union. they govern the international system.e and satellite last year they tried to assert control over how the internet is

and how it is standards are developed. a u.n. government and bloc of governments. bloccame close but another of governments, democracies and sets th companies fought back because right now the way the internet is governed coordinated is very decentralized. t involves engineers and companies and nongovernmental institutionless. and there was an effort to say to reassert eed sovereignty over the internet. t was blocked last year, but unfortunate unfortunately, because of the a lot of the ion governments that were actually democratic ore decentralized internet are st t tarting to rethink and talk about something called data overeignty, which means that governments are now discussing , if aws that would require

a internet service or telecommunications service wants service the citizens of a particular country, the data and managed tored in that country. mean in does that practice? they are doing this because they on't want the n.s.a. to have access to it. but there is a troubling side of there is ones that country that is already sovereignty over data, it is called china. this one of the results. blocked in china. there is what you get when you facebook from inside china because facebook thatnot house its services are meant to serve chinese .ustomers inside china you can't access it. his is the kinds of world that would become much more of a acsimile of the international

telecom system rather than a tprafree internet. that is because you have a lot of people who feel like their violated.e being i arc we pwbbecome -- book need to start taking charge and think of ourselves as citizens internet and citizens of this network world and not just before users. to start telling governments and the companies hat run our services that we want our rights to be respected if only recognize that some people's rights are respected and not others then nobody's rights are ultimately going to be respected and the hole environment will be degraded and we need a movement akin to the environmental ovement, which fortunately is starting to emerge. actually, on october 26, very a n, there's going to be march on washington to demand an end to unaccountable

n.s.a. and by the people can also begin to join a of the international movements. there is global voices on line of.h i'm part but one way an american can start it get involved with these the electronic frontier foundation. a lot go there and get of information about what is going on but some tips on how to protect yourself, fight for the futu future, a lot of petition information about rallies you can attend and a number of other organizations abscess and stop watching us. determine how our cess and stop watching us. it is up to us determine how our internet evolvecess and stop wa us. it is up to us determine how our internet evolves.cess and stop us. it is up to us determine how our internet evolves.acess and stop us. it is up to us determine how our internet evolves.cess and stop g us. it is up to us determine how our internet evolves. if you want chicago to be that respects ay the citizens. if the citizens have no idea how

chicago is governed, who is exercising power and how, over you are not going to changese able to effect in that governance. you have to patch and be involved and -- you have to be involved and make your views known. as a consumer we can exercise a we are doingr than right now, not only in terms of what you choose to use or not as a shareholder and .lso as a vocal critic a lot of these companies do respond to public criticism. exercise our power around not be passive users. citizens become active of this network world we are in. moving on, there are some people are so upset about the abuse of government and corporate in our digital lives and who also have technical skills,

group called ed anonymous. heard e many of you have of it. their slogan is we are we are a legion. we do not forget. their battle cry since from a rged around 2008 number of message boards where eople began to post their conversations and opinions with not giving their real name. epic in thisely an community about the importance of anonymity. but they have gone after a lot of organizations and governments that they don't like, that they abusive, including the scientology, government agents of the united tunisia, sony, et cetera.

of parmi olsen is the author "we are anonymous inside the of the global cyber insurgen the gency" this is called insider account as a hacker m. she is here to share with us of her stories from her book and to talk about some of her new work on mobile tracking. thank you very much. come on out. >> thank you so much for that introduction. is a privilege to be here at chicago ideas week. how exciting. i'm a journalist with forbes. i started in radio journalism years ago i joined forbes in their london bureau writing about business and and currencies. then a few years ago i started

echnology.n topblg then a couple of years ago i anonymous.ting about i wrote book about it. forbes magazine probably isn't that youof publication would expect one of their journalists to write about a young people who go on the ubverting things internet and don't make much money at all. wrote explain why i about anonymous in 2010 forbes opened up a blogging platform to allow journalists like me to focus on a topic that we were interested in and write about it with as much frequency as we wanted. same lucky because in that year, december, anonymous arried out one of its most notorious attacks against a .eries of financial companies to avenge wickly leaks and

arrest of julian assange. i got tired of wreaked by rehashed articles online so i some of therviewing supporters. eventually i made contact with ome senior organizers and realized that this was not just a group. culture with whole a issue and its own language and jargon. me. really fascinated so i became obsessed with tracking them and ended up in contact with some enior figures who created a splinter group of hackers. day tracking them every behind the scenes and what they were doing in the public eye againstre cyber attacks sony pictures, fox news, even the f.b.i. and c.i.a. next phenomefew months i had threatening to destroy the company. i watched my sources get

paranoid. i was able to watch some of them face to face through communication and some got arrested. it was quite emotional at times. what i learned is a lot of them men, unemployed and quite isolated in society. extraordinarily intelligent but also often lacking in common essential. full of contradictions. for example, this is jake davis to face before -- while he was still part of it before he was arrested. online he was topiary. the s the one of co-founders in this company. he was a o face scrawny young man who was not particularly good at socializing quite shy. he is not like that any more. this was a while ago. a website called four 10. you will here it from cole striker my colleague. it is one anonymous started.

it has been called -- i won't the - the armpit of internet because it hosts a lot of porn and graphic violence. is a place time it where performance come to honestly discuss their fears and and proclivities inhibitions. one of my interviewees who i book and liam in the he allowed me to take a picture went on 4 his face, chan every day. his is where he could honestly talk about things with performance in such a way he could not in the adjust line world. it was a community even though he knew no nicknames or anything. i will give you a brief rundown on some of the key things i learned about anonymous and what it was. first of all, when we were first readings reports about anonymous referred to as group of hackers which is not true. group. not a it was more of a network of ever shifting nodes and most of them

programming langua languages. most of them were actually very trolling or knew the community very well. the attacks they carried out were easy. they would download simple web from the internet which had been previously created for i.t. ation testing by security guys, subvert the tools nd use them to launch cyber attacks. surgeon easy to -- super easy to use. the er thing i learned is huge amount of fear that existed in anonymous. paranoia. hot part of it was getting arrested fare -- ff riding or riding was getting doxed have your online identity unveiled and real identity attached to it. they would spends sometimes more than a year cult invitationing a line with a personality and everything else. so, as soon as your real name

revealed the value of the online identity was lost. his is the case with people like jake davis when they were found out to be the real topiary. nobody wanted to be doxed but around. being tossed in hindsight, that raises a lot of questions about privacy. a lot of think for these guys anonymity was the one experience privacy when corporation and governments us than ever t before. last december, about two years i moved rote my book from forbes in london to san rancisco where i started studying and research being obile technology in silicon valley. i can't begin to tell you what a was in the deep end that and how surprised i was by the blas attitudes i was encountering among executives and start-ups and entrepreneurs

privacy of consumers they were building technology for. fundamental reason is because of the way our personal data signs.ates into dollar it took an executive at nuance a voice recognition company to put it succinctly for me this particular attitude. was an the privacy economic consideration. this executive was helping nuance, which does the voice recognition technology for the -phone series, to create a personal assistant technology eparate to that that could go beyond theory had cross therencing the data between apps on the phone like a butler who has the keys to all the your house to make them that little better. i said wouldn't consumers find this odd to have their privacy -- infringed lake that. he answered -- i feel like this

-- strates the attitudes when do people feel their privacy has been breached. he said when information has taken from them without value and exchange. all that information that cloud can be parsed and anticipated and thought through and synergies that i never thought b. there is an astonishing amount of value in that information. a lot.talk in value other than maybe my d.n.a. it it is where i am and what i do and who i talk with, all my relationships. forming a structure that is quite a rich definition for who i am. i think it is true data goes a ong way it defining us as individuals as well as things we own and say and thing. but what does it men for our and identities? if someone else knows about those things without our express permissi permission. suppo supporters of anonymous often better with privacy infringement. they often said information

the d be free but then organizers of anonymous with keep their names secret and at attack a company like sony pictures and release of ions of passwords consumers along with e-mail addresses and names and cite collateral damage. so there is some complexity about whether kind of information should be free. information in the public interests? about institutions, individuals? that debate is raging on. one thing i know for certain is information about us is being traded more and more behind the scenes. increasingly even a price is being put on your head every mobile app like candy crush. i don't know if anybody plays there. avoided downloading there game. in the past the developer of a like candy crush would sell insurance and ad the network would sell a few thousand impressions which is

seen by a of being few thousand people to an advertiser like nike. changing now. hey can insert a tool that tracks how people are using the app to make it better but so an better target that person with ads. so the developer can make money. of the biggest players in this game is a company called flurry. you might not have heard of them. tool theyan analytics give it developers and because 1.2 billion s on smart phones in the world today. apps on each of 10 fun it has more mobile data than facebook and google. flurry triangulates that between the appearance appears and creates personas and aligns each phone with a category. here is where it gets interesting. ad network to be an

but now it is an ad exchange as companies like a stock market for selling mobile ads. nstead of showing it to thousands of users it holds an in matic auction to decide .1 second which ad should be a person when they open candy crush. withone person. crucially, flurry knows a little bit about there person. a woman, hat she is she is a new mother, a traveller .nd she likes fashion in a split second an ad for shows up. flurry says this is how you show the perfect ad. do with the adto but the person seeing it. lurry says it doesn't know names. cross is possible reference one other piece of identifying information with another and a security breach

can get names. flurry's c.e.o. told me that the it is creating about people are getting better. now. have 50 personas by the end of the year it will have 100. who knows, at some point it taking in third party data like location data to apersonas.e personna there is this d tension between privacy and security. there is a wider potentially more sinister onflict between privacy and convenience? consumers love free. they love things to be convenient. more and more apps are becoming ree and developers are increasingly making money through ads and ad exchanges like flurry. i don't know how far certain technology companies in silicon divey will take their deep into our data and individual identities. i don't know how far they are

we g to get to knowing who really are and doxing us all. supporters of anonymous but our ability to keep an identity private boils the anonse same thing were trying to achieve which is control. control do i have over my perform data? data.- personal what decisions are being made about me that i don't know b. decisions affect me in the future. anonymous was an unconscious that attacking and huge division of people taking public ivate lives through platforms like facebook and youtube. backlash is something that comes from young people because they see things as they are. they are not bogged down by baggage and systems and experience. bunch of young people started to bully and way protest all the wonderful and

terrible things that make us human.ly they did so when it was becoming increasingly difficult to become anonymous online and in some pockets of modern society to be human as well programs. with so many allege rhythms and quants and trading desks that are helping determine what we lick on, what news articles we click on or music we listen to or what movies we are going to on tv.r what we watch there is a famous theory posited computer human sing layerity by 2025. maybe if another network like anonymous is created by a new iseration of people my guess they won't gather online any more because the very definition to forgoonline will be any privacy or anonymity. maybe they will shut down the devices, open the door and go and meet one another face to face. thank you very much.

applause] >> thank you. that was great, parmy. deeper and deeper into the subject. i was reminded as she was talking of a conversation i had a person who works at a company i won't name and i asked this person why doesn't your do this, that and the other thing that would help your users.acy of the response is really interesting. doesn't want to devote resources to doing anything that our customers are demanding. because customers and users were not demanding these privacy it was not prioritized. that is just a little crumb of for thought about we are these silently allowing things to take place. o come back to the issue of anonymity because we're going to delve deep are into that in a

think of the sentence have you ever thought what would if le out there think of me they knew i loved and fill in the blink. if you can go on line and be meet other u can people who love that thing that maybe is sort of an odd hobby your friends might make fun of you about, maybe something th political preference you don't want your employers to now about, whatever it is, the ability to communicate and connect with performance anonymously online allows groups form around interests that people may have a very good reap attached to their real life's identity and made public. so, there are some people that means lack of accountability, we need identity to have accountability. but there is this other issue of an you escape pervasive

surveillance and oversight and aknowledge that if numberity is lost. hat is the angle that cole striker is exploring. he is author of a become hacking privacy, identity and anonymity on the web. oftalks about the importance elieve able to achieve anonymity for to reasons which he will shortly explain. cole striker. me.hanks for having i'm an author based in new york. i spent the last couple of years studying anonymity first through parmy has been working on studying communities that operate under the anonymity for various reasons for good and bad.

a ecided to talk about history of anonymity. one reason, i think there are the audience who are of the opinion if i have done nothing wrong i have nothing to hide. that is a wide spread opinion in american society shared by a lot of my close friends and family before my book came out. -- that book was dedicated to them. i have a rule not to talk much about technology when there ponytail talking after me. so i will focus on history. anonymous was this group of traeufrpbpranksters that were basically litigate up the i -- that were lighting up the internet. hey started to take this pseudopolitical bent they were going after people that they censoring web. this is a picture of what they with oing around the time

mountain dew where they invited the internet to name the new and the winner was hitler did nothing wrong which is to our f you come on internet and try to capitalize from our creativity this is what return. get in .

>> so basically my family and friends couldn't understand. they said there should be a law that people can't say these nasty things about you online. that doesn't seem fair. that was a widespread view. i dedicated the book to randy zuckerberg, the sister of mark, the founder of facebook. she said i think anonymity should go away. here is another example, randi and others say if you have done nothing wrong, you have nothing to hide. without further ado, i would like to open up with my favorite quote from emily dickinson. which was a widespread opinion of women of her day. there were reasons why people wanted to be anonymous and

uphold modesty. someone that didn't want to take work from himself to take attention from his creator who was trying to praise through his work. the author lewis carol, that wasn't his real name. charles ludwig dodson, didn't want to associate his childish stories with his academic work. he was a mathematician. he had a pragmatic view of his identity. there are countless examples of stymied sexists. charlotte bronte says i want to be judged as an author, and not as a man or woman. in those days, being a woman

author invited an unimaginable amount of prejudice against one's work. and another is marion evans that you know as george elliot. she used her identity as a tool that can be dropped at any moment that ceased to be useful for her. i had a friend that wrote under hack the lobbyist. she spent a year talking about the seedy lobbying in d.c. as soon as they found out she was a woman. her comment section became a landfill of people calling her fat, ugly, a pig. basically something that would never happen to a man because men in our society are valued more in the ideas they bring to the table and women are valued based on their looks. so i think to say this is something we no longer have to deal with is a position that can

be driven by privilege and ignorance. the examples here are like the godfathers of the anonymous group. gull ver's travels written by jonathan swift who is basically molotov cocktails at the establishment, whether it is the crown or church. he wrote an essay about the starving irish would eat their children as using a way of using satire to attack the governing ways of the english people that obviously would have gotten him killed or put in jail for life had the sentiments been associated with his real name. and most importantly, in my opinion, one might want to be anonymous to allude the news. this is thomas paine. we'll get to him in a second. i don't have a ton of time, i will buzz through the bullet

points. 1538, everything printed has to be run through a royal analyst to make sure it doesn't say anything nasty about the crown or church. sometime later, printers included. it wasn't good enough to go after the author. if you were caught printing something by someone that had something nasty to say, also your neck was on the line. 1579, one of my favorite stories john stubs wrote the discovery of a gaping gulf war into lauonn is likely to be thrown by another french marriage. it is particularly interesting, because they cut off his hands, his name was stubbs it was almost a perfect outcome. and martin marprelate was

criticizing them in a way publicly that they couldn't fight back because he was anonymous. and another in 1643, is when they will decide what is printing or thrown in jail. treason act, more of the same. john twin printed something by an anonymous author, his head put on the spike and his body parts were put on the corners of the town. to discourage people from doing things like that. cato's work, two works influential on the founding fathers. 1734 john zenninger is acquitted. that is one of the first turning points where people in

governance say we might want to cool it with putting people in jail. thom thomas paine writes under a pseudonym. many are using anonymity to speak out against the powers that be. fast forwarding up to the 1958 we've got a couple of court cases that were important. naacp versus alabama. the naacp said hell no, if you get the list, all of our members will have burning crosses on their yards in the morning. the court favored naacp. the antipamphleteering rules.

that was overturned. skipping ahead to '94 you see it in the digital realm. the first fruits of the antiscientology movements that we have seen blown up with anonymous. and the dot-five, a finish anonymous e-mailer. had their doors kicked in by the f.b.i., hard drives seized, which was really a trigger for the hackers being really hack-ativits were born here, fighting for freedom of speech. in '97, aclu versus bill miller. the state of georgia, basically saying nobody can use the internet under a pseudonym. and the courts decided georgia,

you don't own the internet, you don't run the show here. chill out. going alongside the history, we have the history of cryptogra cryptography. i won't get it into because i only have four minutes. it is the cryptography was used mainly as a military tool. you have the public now able to conceal digital messages. this happened because of economic reasons, banks needed to secure financial data. over time, it get to be every man, provided he has the tech savvy can now use this information this technology to conceal their information. so today, a lot of people in very powerful positions, like i said, are basically saying why do we need privacy? i think this is really concerning. so here is a guy, this is a very

super prestigious journalist that said if you are not a pedophile, you don't need privacy, never seen anyone using privacy for a good cause. i would hope if the journalist had seen the last 10 minutes of my talked feel differently about it. a microsoft researcher that wants driver's licenses for the internet. any hacker would laugh at you. it would work like a log in to facebook, where you log into the internet, instead of the individual websites. very unlikely that would happen, but people that would like to see it happen. back to the question, if i have nothing wrong, i have nothing to hide. isn't this just a fake problem that doesn't matter to people that don't worry about putting

food on the table? my concern is anonymity and privacy issues are most concerned to people on the fridges, most marginalized, least privileged people. if you are a homosexual teenager living in iran, you could likely be rounded up and shot. that happened. i wouldn't call that person someone in a privileged position. the [indiscernible] pedophiles, cyber thieves, cyber terrorists, things like that, what will happen if we allow for a world with anonymity, won't they run rampant? i have news for you, we live in that world. any measures taken to track people are easily circumvented by people with enough technical know-how to get around them. my opinion is hackers will always be one step ahead of the feds, even though feds employ

various more hackers, we should never underestimate the ability of people to break systems. and finally, but i live in america. we don't have censorship, your hand won't be cut off if you disagree with obama. that is true. but the nsa leaks, the fact that nsa has unfettered access into the technological platforms we use on a daily basis should be a concern. even if we trust obama and our benevolent overlord today, who will say what it looks like 10, 20, 30 years down the line. the decisions we make now are far-reaching. basically, this is all setting up to what i would like to call identity wars, which is the title of my last book. we have a bunch of likely or loosely related collectives,

like electronic frontier foundation, wikileaks and other activists groups. tour and silence circles that protect identities. and cards like anonymous and the crowd where they're trying to create ways to perform commercial transactions anonymously. and on the other side, facebook, google, nsa, f.b.i., governments like chinese and corporations like chevron and at&t. i put chevron on there because they're trying to force yahoo and google to share e-mails from nine years. that kind of threat can come from any powerful company. i have done nothing wrong, i have nothing to hide is a decision informed by privilege. if that is how you think, you're

not thinking of the homosexual teenager living in iran or the homosexual teenager living in alabama and doesn't want his parents to find out. there are plenty of good reasons to want different identities that are contextual and look different and different platforms. i will leave you with this story. i read that mark zuckerberg bought the piece of property adjacent to his home because he wanted more privacy. i think that says it all. thank you. >> thanks so much, cole. that story about zuckerberg and his property, that really does say it all, doesn't it? so going deeper, we particularly in this country, we're really fascinated by what people like to call smart technology. technology that can think on its own. artificial intelligence. but what happens when that

technology starts to do things that you didn't know it could do? and that you didn't consent for it to do? what happens if the technology turns on you? turns against you? there is plenty of science fiction movies about that kind of thing happening, but it is actually not just the stuff of science fiction. robert femosi wrote when gadgets betray us. the dark side of our infatuation with technologies. he's realized how disconnected we are with the gadgets and services we use all the time and we have come to depend on. he believes it is absolutely important to educate people about the capabilities of technologies we're using as well as real risks to privacy and security that we must be aware

of, if we want to be empowered users of technology and not just passive subjects for the technology to use us. he's here to give us a glimpse of how this all works, robert, thank you very much. >> thank you. [applause] >> i'm robert femosi. i have credit as an expert. i am a security analyst for a device company out of san francisco. as we just found out, i'm the author of win gadgets petraeus and i'm in a movie about hacking called code 2600. and a graduate of northwest university. it is great to be back home in chicago, and to be here for chicago idea week with all of you. thank you. i will talk on a subject

different than what cole and parmy set up. i will talk about privacy, but from the idea that all the gadgets we have are being connected to each other and the internet, what the consequences might be. i see it as a new playground for digital thieves. so with every new technology, you're always going to have this tradeoff between security and convenience. you want the cool factor, but what are you giving up in the meantime? what sort of behavioral privacy might be collected by these new gadgets coming into our lives? we're in a time of great experimentation. if you think back 10 years ago, when facebook was first around, people put their addresses and all sorts of personal information up there because they wanted to share with the world what was going on. we realized bad idea, let's backtrack, don't want to do that anymore. what is going on passively with

a lot of the gadgets we own? what is being collected that we're not really thinking about ... yet? so there are some gadgets that are designed to collect data. it is important, life critical. talking about medical devices. certainly a convenience factor. if you live in rural north dakota and don't want to drive four hours to have the medical practitioner adjust something on the medical device, you can do it over the internet, great. more time with the grandkids and more time to live and not be in transit doing something. but how secure are the devices? there was a researcher, barnby jack, he looked into insulin pumps. he's one of the first researchers to look at the security of an insulin pump. and contributed to the knowledge of what is going on with heart defibrillators. he found basically they were not protected. they were not designed to be protected from the internet, yet

they were connected to the internet. he died unfortunately before he was going to present at def conand other events in this country. he had the opportunity to work with the medical device manufacturers and hopefully his legacy will be that the manufactures start including more security to make the devices resilient to pranksters who may want to throw a pacemaker into arithmetic state and potentially damage someone's heart. my company, the mcconna corporation did a pen test on commercially available digital tv's in 2010. they found the data collected on the tv's was stored on the tv. data at rest and in transit was in the clear. no encryption. what is the big deal? if you subscribe to a service like netflix, now your user name

and password is available, someone can find the digital tv signature, take your service and watch shows that you are watching. maybe not a big deal to you, but we will see other examples of gadgets that connect to the internet that beget information and the consequences are more and more severe. in 2009, the government put an incentive in front of a lot of the utility companies said roll these out. make sure every home and business have smart meters. my concern was hey, did we bother to test the devices before we roll them out? no, we roll them out. every home and business has the smart readers in them. well, did we look at the basic security of them? did we find out what is being collected? i guess further extension of that is now that they're out there, what can we do with the data being collected? that is interesting about these

gadgets when they connect to the internet, we think of the convenience of immediately having access to them. but five years from now, what can be done with the data? 10 years from now, what can be done with the data? kind of interesting. the bottom part of the slide is what you see from a smart meter, every 20 seconds, sometimes as often as two seconds, it pulses out data about the energy usage in your home. the idea is as a homeowner or business, you can look to see that refrigerator is not efficient, i should replace it with something more energy efficient. you see steady blocks like an air conditioner going on and off or the valley when it is evening and the person is away from home and wisely turning off the ac while they're gone. there are jagged peaks in there. what is interesting about the peaks is researchers delved in and found digital tv's give particular signatures and when

they're watching tv shows. researchers can say maybe 80% accuracy, what were you watching, just based on your power usage, wow, who knew? as i said before, a lot of the devices don't protect data at rest. don't protect data in motion. so some german hackers had fun with it. the top chart is an example of that, where they manipulated the readings from the smart meter that would display on the graph. if you can't see it, what they're saying there is: you have been hacked. you can have fun and games, you can lower your energy usage at home. the neighbor that is causing you a lot of problems, you raise the usage so they get billed more. we are exhausting all of the i.p. addresses. we are transitioning to i.p.v 6. consider all the grains of sands

on all the beaches of the world. that is how many addresses will be available under i.p. v6. one company has ruled out light bulbs that are using i.p. v 6 addresses. this is great. you can regulate the lumins onity into your home. is an opportunity to eavesdrop. it is not well protected from lurchers. i can know when you are home or not, or maybe just know how you like your lighting. if we have i.p. addresses, we will connect everything, including a toaster. what could possibly go wrong? i'm talking about in my book, a lot of different gadgets in the home as we may not think about as connecting to the internet. digital cameras have the

capability, they have their own web server and internet address. what can be done with that? well, a couple things. researchers have scanned the internet and identified the particular cameras, some cases they could go into the camera, into the sd card and take the photographs off the card. you are thinking, great, someone has pictures of my puppy running around my living room. no big deal. actually, it is a big deal, because the digital file format that is being used collects longitude and latitude to the location data and puts it in the photograph. if i get a bunch of photographs from you, i can start to trace your behavior. i can plot on a map where you live, most likely where you work, what parks you like to go to, what activities you engage in, just based on the photographs i have taken off your camera. i don't have to go to your camera. i can go to your website and pull down photographs, because a lot of the mobile phones, by

default, still track location data. you can turn that off. good news on that. you may not have thought of that before. so let's leave the home, take a walk. in london, recently, the company that makes digital displays on the side of the garbage cans decided they wanted to go a step further and wanted to collect data about the people that pass by the particular garbage cans. they started collecting the mac address. every device has a mac address. the first couple digits identify the manufacturers and last couple digits are unique identifier. this isn't going to tell you who is walking by the garbage can, but it will start to build a profile. you know every day at 12:00 samsung whatever that number is walks by the particular garbage can and another garbage can that picked up the signature two minutes later. they get a path.

how fast they're walking, collect a lot of random data without knowing who that person is. what will we do with this data? i don't know. it is good to be aware that this type of data is collected and good to know that people like the mayor of london quickly shut this down once he found out this was going on in the city. there are conveniences in having the dashboard navigation, certainly. not knowing where you are going, i open my book with the case of the woman that got lost in england, and the consequences were that she basically didn't know she was on a railroad track and the train destroyed her car. she was ok, but the car was totally destroyed. more on that in the book. there is a company tomtom, in 2011, used the data it was using and handed it to the dutch police. they could tell by how fast you got to a destination, how fast you were going.

so we had virtual speed traps. they publicly apologized said they would never ever do that again. think about that the next time you use siri or google now or a navigation service. they have an idea of how far it is from point a to point b, and if you get to point b faster than expected you can infer you were probably speeding to get there. the things that go on in your car are being recorded. 2001, forward, cars in the united states have had black boxes in them. they exist further back in time in the 1970's when air bags first came out. the engineers used black boxes to reconstruct what was happening. if you remember in the 1970's, people died from the early air bags. they didn't understand how to do that. since 2012, the owner's manual have to declare that is the case of the black box. and there have 40 pieces of data

collected by the typical black box. were you wearing a seat belt, did you have your turn indicator on, did you have the stereo on. how loud was the music playing in the car at the time of the crash? that type of data is now being recorded. that is something to think about the next time you are driving, you are being watched whether you want to or not. so what can you do? you can't really stop data collection, but you can minimize it. you can turn off unnecessary settings in the device configuration. examples would be my data plan is pretty liberal. i turn off wi-fi. why let my phone connect to a random network than the carrier. turn off geo locations in photographs as i said before. if you are really paranoid don't take the same path to work. shake it up, go a different route. the device is being tracked

maybe they think different people are doing that. turn off your devices, occasionally. maybe not use technology so much. i don't know about you, but i love technology and i really won't start doing that. my take-away is think about what the device might be collecting and learn to live with it. be comfortable with what you are using. if you don't like it, push back, don't buy that device, don't use that technology. push back and maybe we will see changes. remember, the gadgets don't control us, we control them. thank you very much. [applause] >> thank you. so much. one point of information, actually, if your cell phone battery is still in your cell phone, it can be turned on remotely and be used as a tracking device even if it is turned off. if you really want to not be tracked, leave it at home or get a cell phone that you take the

battery out of. so moving along swiftly and more deeply, we're now turning to arvand [stammering] i'm sorry, i should have asked you. arvand nariana. there we go. who is concerned about the problem that companies make false claims about their security. they claim they've got your data secure. they claim they've taken all these measures, but is it really all that secure? and he is dedicated to holding companies accountable for the claims they're making about your security and your privacy. and as he said, in some of his research, the level of anonymity that customers can expect is fundamentally unrealizable, compared to the claims that are being made. so i turn it over to arvand, who is going to explain this

further. thank you. [applause] >> rebecca didn't mention a book, that is because i don't have one. this left me with a conundrum, i could talk about any privacy topic. what i felt would be most useful for me to share with you today is online tracking and how companies are tracking online as we browse and what concrete steps to take about it. let me show you this cartoon. do you remember this? nobody knows you're a dog? that was the early innocent days of the internet. makes you feel nostalgic. can you imagine what it would sound like if the cartoon were published today. would probably be something like, it's the internet, of course they know you're a dog. they know your favorite brand of pet food and the name of the cute poodle at the park that you have a crush on. this is the reality we live in today. i want to give you bad news and

good news. the bad news is we live in a world with exploding complexity of online tracking. i have a team of undergraduate and graduate students at princeton that i work with, where i'm a professor, and we're tracking online, we can describe our feeling as morbid fascination. i want to give you a good news, it is not a message of doom and gloom. you have a lot of power in situation. there are a lot of things you can do. i want to share that with you as well. so what i want to talk about specifically, when i talk about online tracking is what i call third party online tracking, which i consider the most insidious form of online tracking, where sites, other than the one you're visiting, that are typically invisible, you don't see them, are collecting profiles or dossiers other than where you are

visiting. let me show you a screen shot -- this is from a definitive study. you will see in this picture, how many areas are highlighted in red. these are all content that is being served by sites other than "the new york times." when this happens, your browser connects to a bunch of other sites. seven that you can see in the picture, lots more that are concealed invisible. all of the other sites know you visited "the new york times" and whatever sites you visited and how that is how they compile dossiers on you. one study revealed on the average website, there are 64 independent tracking mechanisms. and so just to drive home this point of how subtle these trackers can be, let me show you the screen shot. let me show you what some of these different third parties can be that are tracking you. it could be facebook, google, well-known companies, companies that you probably never heard of. loci, rev site.net.

do you remember remember visiting this website? they remember you, because they're in the business of remembering you. so here's this screen shot of the u.k. national health service. you are looking at their syphilis page. a lot of good information, but what i wanted to point you to is there is a facebook like button on there and five people have clicked it. i don't know, i guess i'm missing out. joking aside. the scary part here is not that five people have clicked it, but hundreds of thousands of people that have visited this page and very sensitive pages like it were not aware that there was a facebook tracker on this page. of course facebook typically has your identity, knows who you are, because you left your browser logged into facebook, right? like most of us do. so if that doesn't convince you,

and the factor is so many invisible tracker, let me summarize why one might want to worry about this kind of online tracking. there is basically our intellectual privacy. because studies have shown that people behave differently when you know there are hundreds of people watching what you do. that is an important freedom to protect. there is also behavioral profiling and targeting. you might have seen the article on how target knew a teenage girl is pregnant before her dad does. and there is claims that it is used for price discrimination. you might say i don't care about it, i want to be safe from the government. tell me about the nsa. that is the privacy leak that worries me. i have news for you. in the recent leaks, one of the things they're using to track you is double click tracking cookies. the third-party tracking companies are doing the nsa's

work for them. so scary stuff, but let's pause for a moment. i have been working in the onlike tracking space for about four years now. i have found in what works and what doesn't work in terms of how to protect yourself. one piece of good news is that something that does work is public opinion. this might seem tontological, but many care if there is privacy backlash, numerous instances of companies being shut down because of people not liking it. you remember google buzz? another that is closely related to third-party tracking we were talking about. there was facebook instant personalization. i considered this probably the most privacy intrusive feature facebook ever released. the point of instant personalization, when you go to that site, that site and facebook talk silently in the

background. facebook tells them who you are, various things about you, your location, what movies you like, whatever. many privacy experts complained about this. i am happy to say i had a role in this. the organization of the frontier foundation, who we heard about picked up the costs. because of that, facebook limited it to a beta rollout. and this is fortunately not happening today. the internet could be much worse place for privacy if some of these were allowed. public opinion did work. we're not living in the reality of facebook instant personalization. that is good news. on the other hand, here is something that didn't work. efforts for privacy advocates and tracking companies to sit down together don't work. let me tell you the story about do not track. if you read the blurb about he, it says i'm i'm one of the researchers behind do not track.

it is saying if you're worried about tracking, we're ok with that, because we believe most people will be convinced of the advantages of tracking but will not opt out. there are hundreds of tracking companies, it is unfeasible to opt out individually. the browser settings will let you opt out at once. this setting is in every browser. look at firefox, in the privacy tab, it is the first privacy setting. it is called do not track. there are two years of constant negotiations of what do not track means and what tracking companies are obligated to do and not obligated to do. as of a week or two ago, everybody agreed the negotiations are going nowhere. this idea of being on the same page and talk about it together, that hasn't worked out. i would say even though i invested a lot of time and many others, but as for do not track,

it is time to move on. we're in the world where the interest of tracking companies and consumers are fundamentally misaligned. i'm ok with that. we tried but it didn't work to bring everybody to the table on the same page. i will tell you there are a bunch of blocking tools for online tracking. the blocking tools worked well. ad block plus and ghost tree are some i use. there are more. i will tell you about these. these are typically browser add ons to employ. when i tell people about blocking tools, one of the things they say is, oh, this is not a good solution for me, because there are new privacy intrusions all the time, so i have to go and change the settings or have to install yet another blocking tool and so on. well, here's my answer to that, here's how i solve that problem. i'm not necessarily on top of all the privacy inclusions going on, here's what i do.

there are a lot of organizations that are in the business of staying on top of this, and telling you about them. the electronic frontier foundation is one. there is a privacy company child avine that i like. this is a few others, there are others. get on the twitter feed or rs feed of the companies that are in the business of knowing when there is a new privacy invasion, and telling you in simple steps what to install or what setting to change. that is a method that can work for most people. in other words, to put it differen differently, the price of online privacy is internal vigilance. this internal vigilance is a problem that has been solved by technology people give you when they hear you have to change your privacy settings all the time. i have been doing that. set aside an hour or two of

budget per month, to stay on top or get on the news feed of organizations like the electronic frontier foundation. that is an easy applicable tool everybody can use. in my years of research and this one other sort of point that has come out is people say oh, this will get into an arms race. i say, if it is an arms race, bring it on. that is not a problem. the balance of power is with consumers. let me give you a quick example of why. this is kind of because of a legal nuance, the example i will give you. safari had a feature to block third party cookies that you can have turned on by default. google in one of the tracking featured circumvented this by safari. an independent researcher found this out. who i'm going to show you in a second. and because of that, the federal

trade commission was able to swoop in and say this is a circumvention of an existing privacy tool, google was slapped with a huge fine and backed off of that now. if it gets into the arms race, there are legal mechanisms to protect against that, such as the federal trade commission. an arms race is nothing to worry about. go ahead, be comfortable in installing the privacy tools and protect yourself. just quickly. a success story is research engineering by independent researchers has helped a lot in revealing the state of online tracking. these are a couple of guys that are heros of the new way of research. my own research at princeton has been inspired by the success they had. let me summarize the three take aways i have for you. in sort of increasing order of importance. the first one is to support privacy groups, it is through these groups that a lot of the good tools or news about what to do about privacy comes to us. and the second one will be to

voice your concerns to companies and regulators because we've seen time and again, that public opinion has been a powerful force for companies to change their privacy policies. and the first and most important one is that the blocking tools like browser add ons and blocking cookies really work. the caveat is pick the right tools and stay updates. yes, it involves a little bit of effort. even though the price of privacy is internal vigilance, it is not a problem. get on twitter, get on rss feeds, follow the news feeds, that will take care of the problem for you. you won't feel like you are drowning, you will feel like you're in control, you will find out about things as soon as they happen, and know how to protect yourself. i will leave you with that thought, thank you for your time. >> thanks so much. thanks so much. i use a few of the blocking tools on different browsers and i have to say, yeah, they're

pretty impressive in how they work. last but not least, while google may be a household name, there is another search engine called sho-don that many have not heard of. this is a search engine not for websites but devices connected to the internet. this search engine is scanning the internet for i.p. addresses of various devices and enabling people to search for these devices. the next speaker dan hedler will talk about the research she does to determine network security logistics and to perform penetration testing for his clients using this sho-don search engine, among other things. he's here to share with us how we can use this information,

actually, in empowering ways to carry out preventive -- preventative practices of our own. here's here to tell us about the rather amazing things one can find just by searching the internet. thanks, dan. >> thank you. hello. i'm dan hentler. i will be your pony tail for this evening. over the last, say, two years, i have had the habit of finding things on the internet. and displaying them and presenting them at talks like this. this is a very short compilation of some of the things i found on the internet people put there willingly. it is easy to find interesting stuff on line, if you know the right place to look. you don't need special tools or special skills you basically need a browser. a lot of the stuff can be found by searching google, even, but more so, that there is search

engine called sho-don that is available that will find things based on the port that they're exposing to the internet versus the web page. there is more than just websites on the internet. there is a bunch of stuff. a lot of it, tons. this is the front end of sho-don. you type your query, like google, essentially. the intention of the tool is to show you what is connected beyond web servers. the fun place to start. imagine the internet like america's freeway system. if you were to get out, look around, step out over a freeway pass, you could look inside of every truck bed and convertible car. the internet is similar in the same way. people are exposing things willingly or unknowingly and everyone can look, if they know where to look. the first foray into this is internet cameras.

this web cam is inside someone's office. someone put this web cam there and put it in the internet. why? i found it and here it is you can have it. this is another system. network system. i believe this is in france. if i have done all the translations correctly. it is actually a gold mine. why? i don't know. this is the meta for this evening. this is a camera in the building of the manufacturing company that makes the cameras watching two guys talk about parts of the camera i'm watching them with. ok. too much. this is a hydrogen fuel cell. why someone would want to put a hydrogen fuel cell on the internet is beyond my comprehension. it is there, you can get to it if you want to. these tend to be found at the base of 3 g, 4 g cell phone towers. when the power goes out, they're keep the cell phone connected to the internet.

wind farms are connected to the internet. point your browser, watch it go. this could be italian, some very large industrial system controlling something that looks like it could be under pressure, publicly accessible to the internet, i could control the pumps. don't let me control the pumps, it is a bad idea. this is a problem i wish i had. this is a private residence that is big enough to warrant an industrial control system to maintain the air-conditioning and hvac system. this is a home. cool. this may look like, if you see the thermostat might look familiar. this is a thermostat made by honeywell. this is directly connected to the internet. they have touch panels to control via dnc protocol. you can change the temperature on people, if you feel up to it.

a larger system, like systems in buildings, large like this one, this is the semen system that is available. you don't want nefarious people getting a hold of it. it has been online for years, if a bad guy wanted to bad stuff with it, why haven't they already? to take it a step further. today's other speakers have elaborated, you can defer information, you can put pieces together, and cross link to find more interesting stuff. this is a camera system i found somewhere in the united states that is using another marks interface, the top is the ptv, pan tilt zoom, i can control it on the internet upon i can pan around and spy on the girl

working the front desk and look around the room and look at the lobby. so i did. there is a cool tool you can put into chrome called chrome ultimate flag. it will tell you small details about the website, like what city, the i.p. address, whether it is scary or not. you can validate where this thing lives. in this case, it is in massachusetts. using that information and going to -- panning the camera to the front door, which laughably says security integrators. security companies exposing stuff to the internet. rad! i could use that information and their city, i was able to find out on google where they are. this is as close as google maps would let me get to them. this is done with a browser. nothing but google chrome to do this. no special tools, just playing on the internet oss is open

source intelligence. this is a term used for gathering intelligence using stuff that is freely available on the internet, such as these guys. you can take it up a notch and do simple social engineering. amazing what you can do. this wasn't me, the screen shots were sent to me. amazing to say hi, we are watching you on the camera, you can do some stuff. i have been giving this version of the talk for a while. based on the web camera, some people on the internet decided to use tools. one of them was inside the pizza place. you could see the monitor on the far left is covered in brown paper. they had told this girl there was something wrong with the computer and to fix it, put brown omghax. and apparently this made it on a prank radio show.

there she is waving. hi, you can see me. so massive cooling equipment can be found on the internet. i never worked in an industrial setting before. this building has 15 massive evaporative coolers. if you can tell me the name of the guy that admins this when i'm not connected to it, i will give you a dollar. dennis. i know he uses a mac book pro. i know more than him that talks the controller. laughably he e-mailed me because my computer landed on this list when as a controller. that is fun. things that are keeping track of and loosely logging in places when not a lot of people looking. something to keep in mind. this is a protocol that was

designed to bring together hvac systems running in businesses like this one. if you want to talk to the garage or something like that, you can use lawn works to do that. so simons so there is a company in denmark that has one controller, controlling all of its customers, controllers all over the city. the lower controllers were password protected, but the upper one was not. so i found a place called gig t gigantium a convention center, under the basketball floor is an ice rink you can defrost if you are up to it. why they're online, i'm not sure. maybe it is for the convenience of the organization. they should have taken five minutes to think about what they

were doing before they put it on the internet and i found it. they have conveniently placed their floor plan on the website, if you want to mess with certain parts of the building, you can. other organizations that are controlled by this system was a place called head of strand camping. another is controlled by the same unit, you get into one, you can control the rest. if you think your phones are safe, maybe it depends. this is a screen shot of an application, you can install on the android web cam. i suspect it is free, you can get it in the mark. this is a phone somebody set up in the living room, publicly accessible, monitoring the living room. you can watch what they're doing in the living room. the bottom says click here to play audio in the external media player. you can watch the video and eavesdrop on the room. if you want to scare them, you can click to turn the flash on

d off. you can morse code at them with the phone. there is that, too. online, public, all you need is a browser, right? so stoplights are also on the internet to sober you guys up a little bit. you can put them in test mode. you can mess with stoplights. why someone would put this on the internet is beyond me. my guess is they went back to the '90's, i will put it on the internet and nobody will know about it. well, for almost free, you can scan the entire internet over and over. i will keep doing it and i will laugh at the guys that do this. but the idea you can put it online and will be safe if you don't tell anybody is not a good idea. auto plate is another fun find, you can see there the second asterisk line with no security. that is good.

the units deployed have web interfaces. they keep track of every car that drives through the intersection. at first, i thought these were red light cameras. they're not. they take pictures of everybody. you can hilariously change the destination of where the pictures go. you can make law enforcement people very sad. this is a french hydro electric plant i found connected to the internet. i didn't let java run because it was defaced. i was told it wasn't, i should run java. this is a french hydro electric plant that is on the internet still today. i have a story about getting our government and french government involved in talking and they said eh. they left it. i got two governments involved. the french really, really like their hydroelectric plant being on the internet inspect is an article about the previous slide describing how other people have

found this hydro electric plant and broken it and caused it to flood people and apparently it is still open and people still get to it. so i put that on twitter. dhs called me. at least they're listening. the french really do like to leave the power plants online. here is another one. and a third. and a fourth. it is like -- after four i gave up. satellite systems online as well. storage arrays. emergency telecommunications equipment. home automation systems. you can control this guy's garage door if you wanted. swimming pools. why would you put a swimming pool on the internet, i don't know. why would you give me control of the pump by the system. you can put it in manual mode, put acid in the pool. anyone that knows the ip address can dump acid in the pool.

i don't know why you would do that, didn't think about it. if anyone is seeing this, this is a system linked together for m.r.i. and imaging systems. all together. wikipedia has an article in it has 27 different pieces of software talking together. some genius thought it would be good to put that on the internet. medical stuff, imaging. i went looking for it. i found a lot of them. directly connecting to the internet. this is the shodan interface. this is what it looks like if you look for them and the results. zoom in. i could see stuff. i was looking at this stuff. what is cad stream. it looks like a model name or vendor name of something. it is a breast, liver, imaging tool. this is publicly accessible. heart monitors.

i'm two minute it is over. i'm sorry. >> you have invaded my brain are telling me that i have to thank you very much. >> well, thank you for the time. i appreciate it. >> thank you so much. >> coming up this morning on c-span, "the wall street journal." after that michael needl discusses the state of the republican party and the group's agenda on newsmakers and david andolin talks about imperial from past and present. ..

the first lady is staying behind to celebrate her 50th birthday. among the agenda items for congress, a number of the president's nominees, including janet yellen, expected to be confirmed as the next fed chair. the issue of immigration is what we will be focusing on in the first 25 minutes.