[Parl-user] Video and transcript from the Greens/EFA workshop 'Trustworthy encryption in the European Parliament'

Thu Mar 27 19:34:58 UTC 2014

Dear Pilots,
Dear Jonas,
Dear all,

Please find a link to the video and transcript of the interventions below.

//Erik

Link:
http://www.greenmediabox.eu/archive/2014/03/26/greensefa-4th-document-freedom-day/20140326_dfd_part1_or.mp4

00:02 Rebecca Harms: Okay. Hello, everybody. It's, I would say, a very,
very special meeting which I can open today. And I have the big pleasure
for this, I would say, kind of experiment we are going to do as Greens
together with people from Debian, especially Jonas who's sitting here
close to me. For this very experimental project, we are going to start
today or maybe tomorrow, we will see. I have also kind of prepared a
very experimental speech, and I hope it will work. I found it myself
very nice, and I think it's also kind of a way to create the right mood
for this project which will be very demanding, I can promise you, for
everybody who participates. I think Jochen understood it already
yesterday in his first session with Jonas. So relax. First of all, relax.

01:26 Rebecca Harms: Trust is possible also with machines, and even
after knowing nearly everybody, everything what Mr. Snowden has leaked,
don't give up. We are connected through the Internet, and we will
continue to be connected. Do your part. And this is the very Green
message in it. So, you are responsible for your personal data as much as
may be the state. So do your part. Each one of us can do something, and
together, we can do almost anything.

02:08 Rebecca Harms: Also on security in the Internet, reach out.
Everybody needs a hacker, so go find one in your neighbourhood. Maybe we
found one already. Use free software. So this, I think Jonas is the best
man to explain to you. It's important we, and the ones we trust, must be
able to figure out what our computers, smartphones, and tablets are
doing. I hope I will understand during the project really a little bit
better, because sometimes I feel in the hands of my iPhone... I have not
at all the impression that the iPhone is in my hands. Everything those
machines do, someone has told them to do. Okay? I'm sure this is right
but we will see. And so the very last funny idea we had for the
preparation was it is not magic that we are dealing with. It is not
magic. It is software. It is man made.

03:23 Rebecca Harms: So we will see how this workshop will develop. I
proposed to Erik and to the secretary generals of our group already in
the very beginning of the Snowden whistle-blowing, in the very beginning
to think about how we can work on making our communication safer. It's,
I think, different. There are two different approaches and both are
important. So we have, on the one hand we have the approach very much
followed by Jan Philipp Albrecht who is working on the data protection
rules for Europe. Right now, he's in Washington. Sorry, Obama is right
now here, but Obama out of town gives more space for Jan Philipp
Albrecht to make them understand European standards and what we want to
achieve. But... So as much as I like all those activities, I know
that... So since years in the German discussion I follow closer than the
European discussion. In the German discussion, we had created the word
"daten armut," so poverty of data.

04:43 Rebecca Harms: And so this is one of the key issues which leads to
the idea of responsibility on how you behave in the context of this
worldwide web where you have no guarantee so far that nobody is
listening to you. And so the better our rules, thanks to Jan Philipp
Albrecht, will be, I insist that... So my experience is if there is a
need for a state to go against our rules and you must not always accept
this need, he will go against... The state will go against the rules. If
there is a possibility for bigger companies to earn data against our
common rules, they will decide to break the rules and to use the
technologies they have. So, in this context, I think our safe laptop
project, or 10 laptop project with Debian is only a small step to create
this idea or to develop this idea of our own responsibility, but Greens
are used in big discussions and big battles to go for the first little
steps, and then in the end, we have big success. So, thank you for
participating, and I recommend a lot of passion but also patience in
this project.

[applause]

06:26 Rebecca Harms: Jonas.

06:27 Jonas Smedegaard: Thank you.

06:27 Rebecca Harms: So, now the big Debian man.

06:32 Jonas Smedegaard: So, this project has two parts, the one part is
that to actually get the laptops to work, at all... I have fought for
sometime to install the system, and then we need to have the systems
running and configured for each mail address and getting on the network,
that's one part of the project. That's the thing that most people using
computers, they have other people to do for them. And the other part of
the project is how do you then operate with a machine, how do we send
and receive email in a trusted way.

07:20 Jonas Smedegaard: We need to kick start, we need to start this
project, we need to have the machines, and there are a couple of big
challenges in that. I would have loved today to be able to handout the
machines, have people open the machines, log in and then log into their
email addresses in the European Parliament. Unfortunately, that is not
possible for two reasons, for two kinds of reasons. One of them is that
this institution is not prepared for a machine like this, it's not
prepared for open standard based communication. We have worked closely
with the technical staff of the place, DG ITEC, and continue to do so.
We have a very good communication with the DG ITEC, but we have not
reached yet a situation where we can use these machines.

08:22 Jonas Smedegaard: So, things that I personally take for granted
and most people, consumers on the Internet, when they get an Internet
access, they expect that you can plug in your machine using the open
standards. When you have an email address, you are expected to work with
open standards. It's called the 'Internet' because it's based on a long
list of standards. And unfortunately, this place is not prepared for
that yet. So, that was the one issue that when you get the machines, you
will not, today or tomorrow, be able to use your email address from the
European Parliament, that the European Parliament is offering you. You
need to use a different email address, from Google or from Gandi.net or
from Hotmail or from your Freedom Box if such a thing existed yet. So,
you need to use some other email address that is using open standards.

09:23 Jonas Smedegaard: The other issue, I cannot point any fingers at
others for that, it's on me. The other issue is that the 10 laptops,
there is actually 11 laptops. There is one laptop that was bought for
me, so that I have a reference machine and can test very thoroughly that
everything works smoothly as planned, and then we can install the 10
laptops identical to the one that I have. Unfortunately, the 10 laptops
was bought one month later than the first laptop, and that means, when
I, yesterday or two days ago started installing the machines and had it
running for 30 hours, erasing with random data so that we can have an
encrypted disc. In the end I verified that everything worked by turning
the machine on and I got a blank, black screen. Something, a little
detail is different on the new batch of machines that we got, so that it
doesn't recognize the graphics driver. So, you can have your laptops and
it works fine. I can promise you, but, Johann, just an hour ago came to
me and say, "Hey, I cannot type in my password," because he's not used
to 'the no response'. I mean, on a Window System, you get dots every
time you type a secret character. On these kinds of machines you get
nothing, so you don't get any response. You just get a blank space. So,
you have to trust that you're typing in the right things.

11:00 Jonas Smedegaard: At the moment, with the 10 laptops, you have to
trust that you are doing everything blank including writing your emails,
including sending your emails, including surfing on the web, nothing is
visible. So, sorry, I don't have a machine for you today. It's
embarrassing for me and I have cancelled the things that I have planned
for the next couple of days. I wanna stay in Brussels with some friends
and try to get this thing working. I really want to offer you these
machines. So, I can show you how it looks from the outside. The
machines, like this, I put on a little sticker. You can choose for
yourself if you want the stickers on your machines. I would dearly love
if you would walk around in the Parliament and advertise that this is a
Debian machine.

11:53 Jonas Smedegaard: The swirl is symbol for Debian and the European
Parliament Free Software User Group has... The people, me and Erik, and
other people who have made it possible to set up this machine because we
have done the even more pilot work of trying out a machine for a couple
of years, if it is even possible to operate in this environment. And
then the third sticker... Erik, I think has a couple of these stickers
with the Greens so that you can walk around and advertise it. This is
actually a machine that is not provided automatically by the institution
but it's something that you have pulled out of your budget because you
want something special. The working term for this is, this is The Rock
Star. You know this, the guitar cases when people have all these
stickers of all the places they played with their bands... This I would
imagine that, if you want the 10 pilots, you can be the rock stars of
the European Parliament and walk around with these stickers of who's
involved in this project, if you want to.

12:58 Jonas Smedegaard: There's two kinds of laptops in here. You don't
get to decide. We have decided who gets the black ones and who gets the
red ones. And you actually, you get a black one. This is yours.

13:09 Rebecca Harms: Okay.

13:09 Jonas Smedegaard: But...

13:10 Rebecca Harms: I'm the black block always.

[laughter]

13:24 Jonas Smedegaard: So... So for the practical thing of handing over
the machines, hopefully, I will get it working within a day or two. Then
I will get in touch with each of you and you will have your machine.
Then you will change the passwords. There's a password for encrypting
the whole disc and there's a password for the login for the account. And
then you have to type in your email address and your password for that.
And in theory, that should be all there is to it. Then we just get to
work. And get to work means... You have an email program, it is not the
Microsoft program you are used to in the Parliament here, but it looks
very much the same. I believe you should have no surprises using this
program. It should look very much the same. It's just a boring email
program. There's one...

14:22 S?: Which is the program?

14:24 Jonas Smedegaard: Oh. It's Icedove, Thunderbird, the Debian name
for it. So, it's... There's a... I don't even remember the name of the
plugin, but the GNU Privacy Guard plugin for Thunderbird is installed.
So, what it means for you in plain words is that you have two options.
Whenever you write an email, you can check-mark and say, "I want to sign
this email" or you can say, "I want to encrypt this email."

14:57 Jonas Smedegaard: I don't want to go into details of what this
really means now because the time is up already. But what I will say
now, and I already have said two to three times already to the pilots
is, there's a mailing list, please subscribe to the mailing list. If
you... The mailing list is public. So, that's I know, I understand that
it can be a little embarrassing to talk about your problems in public,
but this project is about exposing the problems. That is the very point
of this project, it's a pilot. So, when you write about your problems,
you are a hero, you are not embarrassing, you are not stupid, you are
really really bold. So, you can also write to me discreetly but think
about it. If you run into a problem, and you write to me discreetly, and
then nine other pilots run into a similar problem and write to me
discreetly, then you are exhausting me and I am your guide in this
project. And I am only working with this voluntarily just as you are.
So, the most efficient way to operate is if you dare use the public
mailing list so that we can collect all the experiences we have with
using this in an open manner.

16:24 Jonas Smedegaard: That brings me to another little issue that this
institution, the way they have chosen to run their email and the way
they have chosen to handle spam means that if you subscribe to the
mailing list with your Parliamentary email address, you will only get
part of the conversation. You will not hear what your colleagues are
writing. You will only hear what you write yourself and then what I
write in response. So, you will lose a lot of the conversation. That's
unfortunate, and we are working to solve this problem. Until then, I
recommend that you subscribe to the mailing list from a different
mailing list... Email address than your Parliamentary email address.
This is really odd. This is a project that goes on in the European
Parliament, and now, I'm telling you that you should use a different
email address than the Parliament one.

17:27 Jonas Smedegaard: I wish it wasn't like that. This is... Again,
this is about open standards not working with the European Parliament's
settings. So, I think I'll stop here. And I hope that people have questions.

17:48 Rebecca Harms: Yeah.

[chuckle]

17:52 Jonas Smedegaard: Most of the things we will be discussing are the
mailing list. Other people in this room who are curious about this, of
course, you are also welcome to subscribe to the mailing list. You're
also welcome to just glance at the archive, the public archive,
web-based archive of the mailing list. It's all happening in public, so
if you have anything to comment or contribute or if you just want to
watch what we're doing, like a zoo, then you're very welcome to do so.

18:22 Rebecca Harms: So thank you, Jonas. Questions? Don't forget Jonas
will not that often sit with the pilots.

18:32 Jonas Smedegaard: Oh yeah, that's what...

18:33 Rebecca Harms: Those who are interested...

18:35 Jonas Smedegaard: I live in Denmark. I don't live here in
Brussels. I live in Denmark and I work from home, so if you have a
problem at 4 o'clock in the night, then drop me a mail or drop a mail to
the mailing list or if it's really urgent, my email address... My phone
number is also written in the bottom of all my emails. But, again, I
warn you, if you abuse it, you will exhaust me and we will all lose from
that. So please be careful, but don't think of me as having office
hours. You can reach me at any time, but I'm remote, so use the mailing
list. And then if I get the chance to get to town, if someone buys my
train ticket to get here, then I would love to take time to tune in to
each of the laptops and make sure that everything runs as smooth as
possible. Yes?

19:36 Guest1: I was just wondering what the name of the mailing list is.

19:39 Jonas Smedegaard: Good point, the shortest way to say this,
there's a Wiki page, wiki.debian.org/DebianParl. Sorry?

19:53 Guest2: I think you got to write it.

19:54 Rebecca Harms: Yeah, you should repeat it.

19:56 Jonas Smedegaard: Oh.

19:56 Guest2: We got to write it down.

19:58 Jonas Smedegaard: Yeah, I think it is in the...

20:01 Rebecca Harms: It's in the program.

20:02 Jonas Smedegaard: It's in the program. The link to the Wiki page
is in the program. On that page is also as referring to the mailing list
also from there. Oh, and a little detail. For those of you who are
exhausted with remembering passwords, when you subscribe to this mailing
list, you don't need to provide a password. If you don't write a
password, an automatic password will be generated for you and it's not
really important. The password is only if you want to do strange things
with the mailing list, not for communicating, sending and receiving
mails. So you can ignore that password for the mailing list.

20:45 Rebecca Harms: Francisco.

20:47 Francisco: Yes. Well, as members also of the staff in the Greens,
of course, it's extremely important for us to have an access to the EP
email address. And so I just wanted to know what are, according to you,
the prospects of somehow advancing in the negotiations with the EP IT
services to get through this because, I mean, of course, this is highly
relevant. And if we do not have an email access, then of course, let's
say, the scope of our involvement will be limited.

21:26 Jonas Smedegaard: Let me sidestep that, but you're right. The
ideal thing is that you can use your European Parliament email address.
But let me sidestep a little bit about what can you really do here. The
project is about trusted email. And writing an email with your European
Parliament address or with any email address to someone who is not
participating in this project will not help you gain trust. Maybe Werner
Koch will correct me a little bit here because there's some things you
can do with... Werner Koch, the author of the program that we're using,
PGP, GNU Privacy Guard, was implementing PGP. The primary aim of this
pilot project is to establish trusted communication using email. And
what we do is we start out with those pilots can email to each other,
you trust it by establishing encryption keys with each other. And you
can do that with other email addresses or you can do that with
Parliamentary email addresses. But really, you cannot send an email to
outside of the trusted group and then keep that same trust.

22:52 Jonas Smedegaard: Other people will not know if it was you sending
a signed email or it was someone else who was faking the signature. So
this is getting into the details of how do we even deal with these trust
issues. But I'm just saying that, yes, it would be much easier for you
to work with your address that you already have in the Parliament. But
this is not about gaining trust towards the ones who wrote it for you as
members of Parliament or other people you are collaborating with outside
of this group really, not yet. You need to establish trust with those
people. So you need anyway to give them some extra data. But
specifically about your question of when will this be fixed, I cannot
say. For my part, I find it very obvious and I find it very simple what
needs to be fixed. There is technically a switch you can turn on in the
system running here in the house, then it will be fixed.

23:55 Jonas Smedegaard: I say "fixed" because I know that this is a big
institution and there's a lot of administration going on, so it's not
just to turn a switch. There's also training of people and there's a lot
of other things going on. But for my part, seeing from the outside, it's
just enabling this feature. I am talking with DG ITEC about what else
needs fixing, and I have not yet gotten an explanation from them of what
is it that they need or what is it that is holding back from enabling
open standards email. So I don't know how long it takes them to realize
that "Just turn on the switch," or how long it takes them to convince me
that "Oh, it is impossible, we cannot do it. We need to shut down the
whole project." I don't know.

24:48 Guest2: I've studied physics and informatics, and I have a
question for encrypted emails. You can broken it, it is no problem...

[background conversation]

24:59 Guest2: Encrypted emails, you can broke it. The encryption is no
problem in Internet. The question is who has access to the data that I
send you via this email that you give me? Me, you, probably Parliament,
European Parliament? And who are the people?

25:30 Jonas Smedegaard: The point of this project is to reset who has
control over the things. Start from zero and then when I give this
laptop to Rebecca, then only Rebecca has control over what is going on,
on this laptop. Not even me, I cannot control her laptop. When she has
taken over and she has replaced the two passwords on this machine, then
the only two parties that has control over this machine is Rebecca
herself and the organization of Debian, the ones who are designing the
software system. So there's automatic upgrades of the system, which is
identical to any other upgrade on the whole Internet. So anybody can
inspect the quality, if there's loopholes, if there's back doors, if
there's security flaws in the operating system. But no one, there's no
technician, not even me, has access to her machine, which is good or bad
because it doesn't mean that we need to rely on Rebecca to handle her
own machine. Then growing from there, when Rebecca then writes an email
and sends it off to you, then thanks to the GNU Privacy Guard, she can
encrypt the email so that only you can open the email.

26:55 Jonas Smedegaard: In reality, if you have gigantic amounts of
resources, then everything is possible. We don't even need to have NSA
to do that. If I have a gun in my pocket, then I can pull out the gun
and then I can point it to Rebecca and I can say, "Give me the password.
Give me the contents of your email." And she will do that because it's
more important to be alive. So when I say that it's only her and only
you who has the data, that is only from the practical level of what is
realistic. I don't have... It's not realistic that I run around with
guns. It's not really the kind of environment that we're talking about
here. But if you're talking extremes, then anything is possible. We're
not talking extremes, we're talking practical reality. And in practical
realities, only Rebecca and only you have access to the data that
Rebecca chooses to encrypt for you, when she starts out with something
that is solely in her control.

27:57 Jochen: I think it's...

27:59 Jonas Smedegaard: Turn on the microphone please.

28:03 Jochen: So it's clear that the ultimate goal of the project is
that we can use the Parliamentary address, and send encrypted emails
from the Parliamentary address. There are a lot of work going on to make
that possible, but there are some difficulties with DG ITEC, which were
collaborative I think quite well until now. But there is a major
obstacle apparently and this has to be surmounted. Even if we have full
access to our European Parliamentary mail, this encrypted mails, we
won't use, if I understand it right, encryption for every single mail.
We would only use encryption for specific mails we wanna send with
trust, if I understand it right. And we can only send it to people which
we... How should I frame that? Which we met personally. Because we
exchange person by person the key. And this will be possible with all
Parliamentary address and all private addresses wherever in the world,
if I understand it right. Please correct me if I'm wrong in that.

29:19 Jonas Smedegaard: Yeah, I'd correct you there and say, yes, you
can send secret messages across the Atlantic to someone you have never
met. Yes, you can do that. But the layer above that is who are you
talking to? If you haven't met the person... If you have no means of
establishing a connection already, you don't know who you are whispering
in the ear. So there's more to it than encryption. It's not just sending
bank boxes, locked boxes around the Internet. There's more to it than
that. And when we dive into it and are serious about these things, it's
not really about encryption only anymore.

30:00 Jonas Smedegaard: It's not even about... It's not about security,
it's about trust. That's the reason for the title of this pilot, is that
it's not about securing things, it's about trusting who has secured it
for what purpose. So, there's more to it than just the secrets. And,
yes, as Rebecca also pointed out in the beginning, you should be
responsible about what secrets you start out creating. Limit the amount
of secrets, then that makes it much easier to manage than trying to
think everything is a secret. Then you have a problem with remembering
the passwords.

[laughter]

30:50 Jochen: What remedy, if I really forget the password, is there
anything I can [...] the machines?

30:56 Jonas Smedegaard: Yes, you can erase... You are free to erase your
hard drive. When you... When you get the laptop, you get two USB sticks
also. One USB stick is for data, and the intention is that we make
backups. When I figure out a good procedure of guiding you in what is
the best way of making a backup because the backup is also vulnerable
for stealing, of course, so you should also think about how do we deal
with that? When you have this fortress and then we take a backup then
we're taking all the valuable things out of the fortress. So, there's
one USB stick for the backup and one USB stick for installation. So, you
can actually repeat the thing that I did before I gave you the laptop.
So, if you forget the encryption for the whole machine you are in the
same place as everybody else, you cannot access the machine anymore. So,
you can wipe the data, start from scratch, and you can start over with
building trust with your friends and your enemies and everybody else and
send emails.

32:09 Guest3: How are you planning to chain keys, to create this trust
in the first place? Some kind of external directory, some kind of trust
parties changing the fingerprints of the keys.

32:25 Jonas Smedegaard: This is a project where the 10 people who are
involved in a project, all of them walk around in this building. So,
even if I'm remote I'm sitting in Denmark, I can actually tell people,
"How about you meet at lunch tomorrow? Oh, only three of you can meet at
lunch, how about the three of you who are in the building at the moment,
how about you meet at lunch and then you do these, these, these things?"
I haven't written these guidelines yet but the underlying current of it,
the underlying mindset of this is whatever you do you need to be able to
follow and reason the sense of what you're doing. If you cannot follow
then it turns magic what you're doing, and the core danger of this
project is that you treat your machine as magic, then you are not
trusting the machine properly, you are applying blind trust.

33:20 Jonas Smedegaard: Blind trust is the enemy of the whole structure,
and I may argue that some of the problems of the NSA problem starts out
with blind trust in institutions all around the world. So, we're trying
to start out with reasonable trust instead of blind trust. And that
means that even for non-technical people, they need to be able to relate
to this box. And everything you do... In Debian, we are famous for doing
the dance, we are making these key exchange passes where we are standing
in line and making a little dance where we are looking at each other's
password parts and stuff. I don't want to instruct them in doing the
dance because that is too complex, and besides, we have stopped doing
the dance in Debian. We have realized that there's actually some
technical flaws in that dance. So...

34:20 Rebecca Harms: Okay. I'm sure there are more questions.

34:31 Gaelle: I'm not part of the pilot but, and I have a Macintosh so
it's okay if I... It's bad, I know it's bad. I mean, I think it's bad
but I have to deal with the fact that I have one. So, is that okay if I
subscribe to the web list and then raise my questions? Because I would
like to find a way with this Macintosh to be able to do something.

34:59 Jonas Smedegaard: Most certainly, yes. And no, drop this whole
logic of "It's bad." Everything is bad in the end. The machines are
cruel because it's made by someone from America. It's bad. Everything is
bad, but we have to operate, we have to navigate in this. You are
starting out with a Macintosh. Fine, start out with your Macintosh,
great. And yes, everybody is welcome to participate on the mailing list.
The worst thing that can happen is that instead of giving you the
answers, I will try to point you away from the list and say, "Hey, try
read over there. Try, talk to these people," if it's something that is
sliding too much away from what I see as being the core of this project
because the important thing is that the 10 pilots must not give up. If
they give up, if it gets too noisy on the mailing list, then we have
failed. So then, you have nobody to collaborate with. So, you want to
hook up to this project, the project needs... It's very fragile in the
beginning. So I might push you away but please do throw the questions.
Don't judge yourself. Let me be the judge of the relevancy of the
questions. So, great.

36:09 Carl Schlyter: Thank you. And we have the first issue of trust.
Rebecca left her laptop here, with me, and it's still safe. Well, my
name is Carl Schlyter. I'm also a member of the European Parliament in
the Greens, and I'm one of the pilots, too. I look forward to getting my
computer and I'll hopefully have something else than a white or black
screen only. I have been following this, you know, open software
licensing and so on for quite a number of years. I'm this first
generation hacker, which had to build our modems even to be able to
hack. But in any case, now I'm just a normal politician. I don't know
anything about computers, so I hope this is easy to use.

36:53 Carl Schlyter: We have four interesting speakers. In your program,
you see a coffee break. That has already passed. You didn't notice it
when it happened, probably, but I suggest we take a five-minute break
for those who need to do breaks. And then, but really, in five minutes,
we will start with the four panellists that will, together with me,
discuss the second part of this day's discussion. So just a five-minute
short break and then we'll be back here, and that's five Swedish
minutes, by the way.