Cooperation Working Group session 2
6 November 2014
2 p.m.

CHAIR: Hello everybody. We are going to wait a few minutes before the session starts. We're waiting for a person.

MEREDITH WHITTAKER: Welcome to Cooperation Working Group number 2, we're going to have four really interesting presentations about 20 minutes each with a lot of options for question and answers. So, there you are.

I think we're going to start with a presentation from Randy Bush. Just giving us an update on the Cryptech project which is relevant to a number of policy debates and a number of technical debates. As a number of people would like that they were actually separate. I think they are never separate so this is case and point, Randy is going to be talking about secure hardware and the challenges and efforts that are going on there. So welcome Randy.

RANDY BUSH: So, hardware ‑‑ most of you have heard much of this, so I'm going to run through the beginning quickly. Hardware Security Modules are used as a lock box for private keys, encryption, VPNs, etc.. the private keys are protocols that are used for protocols like the IETF protocols, but also PGP, Tor, etc..

The need and what ‑‑ the need we're trying to address is that the Hardware Security Modules that you are using today for all those things are made by defence contractors for governments that we no longer are comfortable trusting making those things which we use for our privacy and security.

So we're not comfortable with this. And there's a little joke about it, it's not ‑‑ you know the mean nasty Chinese. It's the mean nasty anybody. I think you are only safe if you are in Andorra or something.

So, some people in the IETF said, hey, we're doing these protocols. Could you ‑‑ could I ‑‑ start a project to make open and transparent hardware designs to support the IETF protocols that require them. But this is not an IETF ISOC etc. Project. In fact it's mostly centred in Sweden. But we have people from Russia and the States, etc..

The funding so far is from these kind people, and your logo can go here, or I'll put it over here ‑‑ we'll make the logo smaller, more of them will fit. It's supported randomly, and diversely. So far it's Europe and the States. But ‑‑ and no single funder can have, we won't accept donations over 100 grand just because no single funder should have too much of the share.

So, let's get to technology. So, at the bottom is what's known as a field programmable gate err A and this has the math in it. And the basic CRYPTO algorithm AES, Kay melee, etc., etc., basic public key algorithms. The world of these CRYPTO algorithms are divided in two. One is encryption and one is key signatures.

Random number generator I'm going to talk about today, and it's technically interesting. And some math. And then as a close Stakeholder of this hardware, is a normal like maybe an arm core that takes these primitives and does things like make it into key stores and the PKS garbage and does signing verification. Then we start to get towards the application layer and then finally the applications.

So, just to give you an idea. This is a typical hardware manufacturer's prototyping board. That's an FPGA, and it has lots of nice little lights and switches, which seems to appeal to people of my gender. So this is the development board we're actually working on now, because it's got a lot more fun things on it. This is essentially a laptop motherboard that has an FPGA on it, that is unused but it's very close in hardware to it, so essentially what we have is an entire development system with the FPGA included on, which was very nice, convenient, the whole thing is about this big.

So, the big problem is that I'm going to mostly bore you with today is, how do you make random numbers? And you don't have a safe really random number unless you have a physical process, algorithms and digital stuff doesn't do it. In this case, this is a board that has ‑‑ this is a transistor with a zener diode that's being run purposely way outside its specification, so it screams in pain and that screaming is, in fact, random physical noise.

So, here we glue it on the board as a daughter board. And so now the FPGA can get to a source of physically generated randomness. But how do we deal with that to produce useful things and how can we make it so that the process of doing so is verifiable. So the architecture we have here, we have random values is going to come out the other end. And in here we have the external physical noise. Now, we also have another internal noise source, by internal I mean it's on the FPGA using a gang of ring oscillators, all beating on each other and they are producing something which is also considered a physical noise source. So, what we have here is the noise, and I specifically call it noise instead of Entropy, gets turned into Entropy by being, whitened, it's turned into a reasonable digital signal, and it's producing so many bits per second, etc., of Entropy. So, that's then ‑‑ you can have multiple sources and they are mixed in a mixer, mainly using a well known hashing algorithm, SHA‑512 and that provides seeds to a Crypto random number generator, in this case we're using the ChaCha algorithm. Unlike the president who shared a last name with me, I can walk and talk at the same time.

So ‑‑ but what we want to know, these are lots of nice gadgets, why do I trust it? Oh, one more thing is, you can take the output of the CSPRNG and use it as an input for another random seed, just for giggles. Let's not talk it too seriously. This things operates in two modes. Production mode and test mode.

When you are in test mode, you want to be able to look at the Entropy sources and see them. You want to be able to continuously test, okay. You want it to be able to inject things and see what comes out. You want to generate values, but the real problem is, if you can do that, somebody could inject those values while the thing is running. No, no, no. Very bad.

So, what you do is you have a big switch and it's in test mode or in production mode. And when it's in test mode, you can inject ‑‑ you can access the noise from the Entropy and you can inject fake Entropy etc. To see what comes out, but if it goes in production mode, these circuits are actually switched off dead. And when that switch happens, as a matter of fact, all the values are wiped so you can't load it with bad values and then a start it. And then you go from production to test, it's wiped so you can't get the values it had. It's a black box, or a white box, and the data are cleaned between the two.

So here is listening to the Entropy, and online alarms and things if one of the Entropy collectors goes bad, etc.. here is the mixer, so we can inject fake Entropy, we can see what's coming of the mixer and inject fake seeds, etc. And the same thing for the stream cipher that's actually taking the seed and producing random values you can test, you can inject, you can test.

So, another thing we have to think about is what's known as side channel attacks. Think of this as the main channel. Well what's funny is that there are three basic forms of side channels, things this might do accidentally that would let somebody learn parts of your key or your data. One of them is timing leaks. I can send you data and depending upon the values of the data, your algorithm might run in different time. So having algorithms that run in constant time are very important. There was power leakage. I was recently at the computer ‑‑ the Crypto hardware conference, a guy demonstrated your laptop, when they want to take a signal to ground, it actually goes through the chassis. He can be 10 metres away on the ethernet or USB cable, send you a message that's encrypted in your PGP key and when you decode it he can get your key in something like 14 seconds. Because PGP had a timing algorithm problem that leaked that could be detected on the power. Of course, I can intact these things physically.

So there you detect the tamp. Your algorithms are careful and you detect your tampering. But side channel attacks are now the subject of major conferences, so you put the thingy on a carrier with this, it's wrapped in screen, it's potted in plastic and if anybody touches it, it wipes itself.

So, right now we're dealing with the tool chain basic design, etc. Next year we'll have all the ciphers, we have many of them now, and we'll have little things you can play with. And then solid packaging etc., later.

And that is my story.

CHAIR: Before we turn over for questions, I just have one question Randy: When are these in production?

RANDY BUSH: There is no production. What we're producing is Open Source design. You can produce it. You can get your own. But you can ‑‑ in a month or so you are going to be able to get ‑‑ you can order one of those laptop boards from Bunney and we'll make, you know, 50 of the little noise boards, and you can start playing with this stuff and it will do useful things. We're hoping within two, three months to be able to sign DNS. I'm trying to convince people to get together ‑‑ our engineering gang to get together and work with somebody who will produce a little PCI card so that you can do TLS or do signing etc. But we are not trying to make a product. We're trying to make a design, an open source design. Vesna?

VESNA MANJOLOVIC: What can we do to help?

RANDY BUSH: Send cash of course. I'm an American. We would really appreciate ‑‑ I mean, there is somebody probably sitting here, I can't see well with this bright light. Benedikt ‑‑ anyway, there are Crypto and hardware people from all sorts of places helping us. Dan Bernstein and Tonya Landa, etc., etc. So Crypto expertise, hardware expertise, software tool chain expertise, I didn't go into that branch here, cash of course, and help ‑‑ you know, I shouldn't be up here trying to raise cash, I'm not very good at that, so we're trying to organise some people who wear better clothes to go around and get cash.

CHAIR: Anyway, do we have any more questions for Randy?

AUDIENCE SPEAKER: Shane Kerr. So, I may have missed it, but what are the plans for certification from ‑‑

RANDY BUSH: There are no direct plans for certification. We do have Phipps in mind, we don't currently plan to run through Phipps ourselves. Somebody using our designs to make a product it's who should be running through Phipps. Does that make sense?

SHANE KERR: That's fair, yeah. I just want this everywhere, so...

AUDIENCE SPEAKER: I'm Sasha from Greenhouse. My question is: It is great to have Open Source designs, but as long as the whole production process, especially of Silicone is so much surrounded by patenting, etc., aren't we shifting the security problem to the production part of things?

RANDY BUSH: I'm not too worried about the patents. One of the people that's helping us is a professor from KTH in Stockholm and she is an expert in poisoning and Trojans in FPGAs in A6. That's what I'm worried about securitywise. Patents, we do have a lawyer that we can call on to if we are concerned about Patent areas, but so far we seem to be fairly clean on ‑‑ we do our best to use, you know, well‑known open algorithms.

AUDIENCE SPEAKER: My question was more also about how do you make sure that the thing you design is actually built in that ‑‑

RANDY BUSH: That is a wonderful theoretical problem and one I worry about a lot and we're trying to get some work on it, so let me rephrase your question for those that didn't follow it.

Here is a design. So Rudiger goes to Juniper and he says put that on the board so that I can encrypt at line rate. And Juniper says great, here it is just pace us 2 million dollars, how does Rudiger know he is getting that design? How do you formally verify that? Okay. And this goes back to a whole lot of Crypto research and there is no glib answer, but there are things you can do to do that. Part of it is design for testability. Just as the random number generator is designed for testing, you design the rest of the process to be testable. And monitor is sitting here saying I'm out of time.

MEREDITH WHITTAKER: Networks I was actually going to plug my BoF which is going to talk about caring for core infrastructure but one of the big issues that I think that will be brought up is auditability and auditing resources and how to validate that, you know, security and other properties are actually existent in the underpinning.

AUDIENCE SPEAKER: Patrik Felstrom. So to continue on what you just said, now when you are doing the specification, are you working together with any of the certification agencies like for common criteria, whatever was one of those certification things to ensure that what you are producing can be used by them?

PATRIK FELSTROM: And if you answer no, I'm happy to help.

RANDY BUSH: We are specifically and intentionally not working with the certification agencies. We are working with and have on the team people who have gone through that. So we are silly enough to believe we know how to design for certification. But we are trying not to ‑‑ we're trying to be careful in our engineering process as to how strongly we are influenced by any particular part of the culture. And for instance, on that note to Vesnay's question, what can you do, is get us engineers from other places. We do have somebody from ‑‑ who designs Crypto hardware for Russia on our team. And it's amusing some days, we talk about let's do X and he says no. And we say why? And he says, I cannot tell you. Just don't do that. But, sadly we can't get somebody from China, because they are all too near the PLA and they are not allowed to talk or travel. Next?

CHAIR: Thank you very much, Randy. I just want to add that I am very proud for my organisation SunNet to be part of this project, so now we have the next speaker, Amelia, who is a former member of the European Parliment. She will talk about technology and policy and the need of engagement on a local level.

AMELIA ANDERSDOTTER: Hello. As I was kindly introduced, I have been a member of the European Parliment for two and a half years representing the Swedish Private Party. The mandate as at least some you will be aware ended in May of 2014, so, now I'm no longer professionally active in the Brussels institutions, but I nevertheless believe myself solve some experiences from that there could benefit perhaps a broader range of people.

One of the big challenges for the Brussels political institutions is how do you make local constituencies involved in decisions that we were making that technically impacts them in their daily activities? I think this is a challenge also facing the technical community when you are developing standards be it for cryptography or DNS things, you had this entire IANA discussion in the morning and I'm sure many of you will be aware that this will impact a much broader range of people than those who are this this room. Who gets the power to make what decisions and on behalf of whom and who those decisions mean? Actually has a huge impact on people's ability to express themselves, political freedoms, what they are able to do, whether they are able to start their own company or even just engage normally with their family and friends and I think this is a general governance problem that is persistent throughout technical community discourses. How do we ensure that people impacted by decisions are aware that the decisions are being made by whom they are being made, and what that means for them.

And so after spending a couple of years in the ‑‑ a couple of years in the European Parliment making people interested in whatever I was doing there. A lot of it was actually focused around the time of technical governance topics that you would be addressing here, but like, how the European community is involved in that.

And so, now that I'm in my post‑parliamentary phase and I no longer sit in meetings for eight hours a day, I have been thinking about how do we address these things with citizens? What is the meaningful way of explaining to people what happens.

I wanted to start out by making a small comment on the differences between governments and parliaments because you have in the Cooperation Working Group, specifically designated a categorical representatives that comes from regulators or governments. A parliament is a very different sort of institution. We are directly elected by citizens and therefore directly accountable to citizens, we don't get to continue our work as elected representatives unless we are able to convincingly make a case that we have been somehow useful. A Government representative is often more comfortably employed, the same goes for regulators. They take their mandates and their imperatives from above, there is some political master of every regulator that tells the regulator what to do. The same goes for Government officials.

Members of parliament, be they national or European, have a relatively large freedom to what they what they want. We can represent that thing if we think it's morally right and go out and make other people believe the same issues. So that means that my mandate was for all intents and purposes extremely free. I could make exactly whatever decisions I wanted in whatever way I wanted depending on what assessment was of the general public interest. It is my belief that many of these institutions could be complimented by having a parliamentary perspective I have incorporated and also being able to appreciate the very big difference between parliaments and governments that exist in our Government structure for the political society.

And I hope that this is something that many of you will bring into other institution that is work on similar tasks.

So now, how do you influence a parliament? And how do you get people to be involved in discussions? You bring them down to a level where people are actually affected by decisions that are being made. I wanted to exemplify this with a discussion that is relevant to more people in the room that many you you want to acknowledge. It's the fact that the European Commission will make a copyright proposal within six months. We had the Commissioner going in front of the German parliament saying that the commission is moving ahead. They will be setting out a course for activities that the commission will undertake including a legislative reform. Within six months starting sometime earlier this week, we are on a pretty are short time schedule here. To be fair, it's also a reform that we have been waiting for for a long time. It couldn't possibly come to a surprise ‑‑ come as a surprise to anyone in the room that copyright is by far one of the most contentious information policy issues around. It's also the only digital policy issue or which is even remotely connected to Internet governance which is made 2.5 million people go out on the streets in the middle of January to pro test that something was moving in the wrong direction. So it's very contentious, it has a lot of public participation and it impacts its way that you are making decisions about your business activities or standardisation activities whether you want to or not.

There has been no better time, I think, to involve citizens at the same time in both technical can policy making and European policy making than what we're coming up with the copyright reform. I would like to encourage everyone to go out and think about ways in which they can engage with local libraries or schools or other educational facilities that are already in the framework for society to think about ways in which we can engage sits cents in discussing how does ‑‑ how does the DNS layout is impacted by the copey right legislation? We all know that it is. We have had the UK Government saying that they would go to someplace to get the, whatever UK registrar, to undertake measures if they didn't comply with copyright law. This clearly impacts what people have to do when they manage technical infrastructures. The entire copyright framework assumes that at someplace at the enter of everything there will be an institution or somebody that is able to control everyone else further down the chain and what they do with information. So, that would be like all of you in this room that will at some point be compelled by the legislative framework to undertake an action, a forceful action against somebody else to control them in the way that they communicate. Is there a way in which we can make this visible to citizens? And I think yes, it's basically just people going out into their normal environments talking with people locally about how they are impacted. Then my theory, although this is in construction, is that the key to getting to the European Parliament and the Council of Ministers and eventually governments is you have to get the local politicians on your side. If you are somebody who is running a company that is based in a city, go to your local City Council. Don't try to go to the European Parliament directly because there is already 1,000 people trying to get their attention everyday. But local politicians normally vote on the lists for the European Parliament inside of their political parties, so it should be fairly efficient to use the City Council as a way, if you don't have the resources to do your lobbying directly, and maybe some of you represent companies that can, but if you can't do that, at least your City Council members should be able to contact the European Parliment member and they will have a strong incentive to listen, otherwise they won't get re‑elected in 2019. I have been thinking about that method specifically because it's circumvents the Government departments in the member states of the European Union. So if you think that taking on the Ministry of Justice is too big a task, a local Council could then simply go straight for elected representatives in the European Parliment and hopefully that will be reverberate into the Government. I think this is also something not possible to do simply by myself. And it's something that I think most of us have a strong incentive to start organising fairly quickly. Bear in mind that the last time we had any kind of larger scale copyright reforms in the urine urine union was 2001. It's been 15 years of no evaluation of whether the legislation worked. No evaluation of whether it was efficient. If we are not able to mobilise sufficiently, the local constituencies to take an interest in these issues now we may be waiting for another few decades before we have another chance. And so this is a very good opportunity I thought and I hope that this message is well placed. And I will leave sometime for questioning because I have this sign telling me that there is not so much time left.


MEREDITH WHITTAKER: Thank you so much for that. Do we have any questions? I think I see some questions.

AUDIENCE SPEAKER: Thank you very much for visiting and talking to us. But, did I get right you are talking about completely European Union, because for example in Russia which you visited when you were member of the European ‑‑ and no publish actions could lead to this.

AMELIA ANDERSDOTTER: The former president of the Russian federation was one of the outstanding international leaders of copyright reform and it's the only significant policy leader who has ever brought up the possibility of reforming the burn convention in a more liberal direction. And so I think at least, unfortunately it wasn't carried over into the present presidency of the Russian federation. But I believe that with an appropriate amount of leadership, also from Russia, this could be a good opportunity to perhaps collaborate on how to make, especially information society, architectures better suited for citizens in both the Russian federation and in the European Union. That said, of course, I carry a bias towards Brussels because it's where I have been active.

AUDIENCE SPEAKER: Okay. And a little comment about asking the communities to communicate ‑‑ to work with local communities. Do you think should the Internet services Internet infrastructure became something like utility services for everyone? Should it be regulated of the same way and like this? Because, okay, if I think the European Parliament or European Council decides that you should pay taxes on flushing toilets, not just two and a half million people go out to protest.

AMELIA ANDERSDOTTER: So, then I guess that's more a question of what is my personal assessment of that, which I ‑‑ I would normally, before, like a pro‑competitive legislation for the telecommunications sector. I believe that on lines, like Information Society Services, as defined in the European Legislation of 1998 /34 something, I think, that they are underregulated and we need to consider if the European Union needs to engage with that as well. That said, I don't think that telecommunications services and Information Society Services should be regulated in the same way. I don't generally, for instance, support the critical infrastructure ideas about telecommunications. I think it's better if you just regulate them in a way that allows as many people as possible to contribute with their own services and networks. So something like a very pro competitive market regulated stance, I could be accused of being a liberal even. How would you engage the local community? And that is actually quite interesting because in Sweden we have a big discussion about city networks and should they be open or not. How do you make it visible to people that live in municipality, that the Government policy, European policies and the decisions made by Council members locally actually impact the way that they connect or are able to connect or enjoy services in their local municipality. Right now a lot of those discussions are theoretical fluff discussions that occur in papers that are submitted to members of apartment such as I used to be. But I think there is certainly a space to go into municipalities to talk directly with people directly about stuff that concerns them. We would need some better think tank or civil society infrastructure to do that properly. And I don't think it's being done. I don't think that it's being done enough.

AUDIENCE SPEAKER: Thank you very much because my questions was questions of curiosity for how things going on in different countries. So thank you.

AUDIENCE SPEAKER: Carsten Schiefner. I would assume, and most likely you know that better than I even can possibly imagine, that MEPs or any kind of parliamentarian are being targeted, even bombarded, with a lot of issues, ideas and so forth, so, assuming what you just said, like if local communities are sort of engaged in the process already, how ‑‑ what would your recommendation be to make themselves heard by parliamentarians, whether it's the European Parliament or any European country parliament?

AMELIA ANDERSDOTTER: Well, I normally think about all of Brussels as kind of flattery economy, whoever is able to grab the most attention will end up winning in the policy profit. Either you accomplish this by having lots of lobbyists in Brussels that are persistently able to visit parliamentarians. Alternatively you find somebody whose attention to the member is very, very valuable. And so, whose attention would be ‑‑ like, who would be valuable for a member of parliament to dedicate time to? And bearing in mind that different jurisdictions can work differently, at least in Sweden it would typically be the case that a political party decides internally what a list is going to be like for an election. And if you are not in the right place on the list for the election you are just not going to be elected. You need to be somewhere normally for the European elections on spot 1 to 5 or you don't stand a chance. So what you do is you go to ‑‑ because municipal councilmen from the political parties get to vote on the lists for the European Parliament caring about what municipal people care about is advantageous to the MEPs. How do you make municipal council care about what happens in Brussels is the question. I have never seen a regional organisation that made a demand or a particular complaint in Brussels lose. A lot of members feel very strongly connected to their local communities as opposed to in the United States where you have a lot of campaign financing motivations for what members of Congress or the Senate does, in European Parliment we don't normally have that so the European Parliment is actually highly influenceable from the local level. You cop even find out, that would be a very sinister kind of lobby strategy, you would find out what particular municipality member of parliament is from and then you ensure that people in that constituency, like the city where they come from, care about the topic which would then stress the MEP out because they would have to answer every time they go back to their house area you not doing this, or that, are you going to make this choice, how do you see this issue? And so, that would be my general idea of how to influence ‑‑ right now we are also in an advantageous position on the copyright issue at least because we have the European Commission effectively on our side. Or at least on our side insofar as people in this room also want a more liberal copyright framework, otherwise we may not be on the same side. So the commission wants to reform copyright now in towards more accessibility. Easier use of copyrighted material, less control for the top. Make Council people talk the same way and request this they get in touch with the European Parliament also, so that the local politicians actually understand how they can help you with your concerns and hospitally you want a local politician to write and e‑mail to their member, going a member of my constituency raised this important issue with me and would I just like to to know if you are working on that, if so, how? Something like this.

MEREDITH WHITTAKER: One more question.

AUDIENCE SPEAKER: George Michaelson. I may be misremembering this but when you mentioned copy in the commission, my mind is drawn to a sense that either last year or a year before there were some truly all of proposals coming out of some aspect of the European Parliament about copyright reform that required a large amount of local agitation to feed and it seems to me this quality around technology and policy is very double edged sword in this room of course technology is the answer to everything, I live and breath this but when I go home and become an ordinary person I'm extremely sceptical of the value of technology and its effect on human policy and social relations. I have grave fears for where we go with some of this. I like the idea that they are promoting a good copyright policy now but I have in my mind, in the past it has not always been so and Berthelsmen and the publishing houses of European Parliment are huge industrial combines and they have enormous lobbying power. So whilst they are promoting something that's seem socially equitable now, by the time it comes to drafting it could look completely different.

AMELIA ANDERSDOTTER: I agree with you that there is certainly some amount of justified criticism that can be placed on European copyright policy. Look up the self‑regulation report if you are interested by the office 6 harmonisation of the internal market because I have been led to believe that some of the measures proposed therein may be less than conducive a cooperate spirit for technologies. That said there was also a consultation from the European Commission from December 5, 2013 and 5th March 2014, so ‑‑ and that ended up very well. We had in the end 5,662 private citizens contributing with their answers to the European Commission. The European Commission has published a summary of the responses that came to the consultation where, if you look at the way the commission summarises user, like private citizens responses some of the measures are actually extremely good, and the citizens have made a lot of very positive remarks to the European Commission about what kind of information society they would like to live in. Now, the problem for these 5662 individuals is they don't have a way to defend themselves in Brussels. How can they ensure that the European Commission takes their voices into account. How can they ensure that the European Parliament is alerted to the in fact that that he sat down and wrote most low not in their native language on an approach how they would like information society to function and the only way that they can do that is people with the resources or the interest allow them to from their local municipalities. We don't have a way to directly reach these people any more. They mostly visited a website called which continues its activities now. But I do believe that ‑‑ and this is where the challenge is right. Like, how do you ensure that these opinions which have already been raised continue to be raised in Brussels? There is not really any private sector parties that have the interest to defend citizens and even if they wanted to they couldn't do it credibly. There is no institutions, libraries, museums and the likes have been very copyright reformists. It's not in their interest to compromise position to advocate user interests. Even digital rights initiatives normally find it challenging to address the copyright issues that you say they are contentious recollect the only place you could possibly get support for there are is going to citizens in your local town and ask them to address with local Council members how these decisions can be defended with respect to the European Parliament and unless that is being done in many different jurisdictionings of European Parliment, there is certainly a very large risk that the European Parliament had fall victim to the very strong voices of the film and publishing industries. But it's something that can, at this point, be contravened. We have six months until we even know what the commission proposal is going to be. And after that, I'm guessing it's a lobbyist and whoever is more persistent or able to organise local communities will win or lose. And this is why it's so incredibly urgent that more people dedicate time to this proposal now even if you find it uncomfortable, even if you find it contentious because this is where a large part of the moral framework for the information society will in fact be determined.

MEREDITH WHITTAKER: Thank you so much. Now, we want to introduce Sacha van Geffen from Greenhouse and he is wonderful follow‑up to this. He's going to present how to be a socially responsible ISP. And a number in this room, I imagine, are thinking wait, aren't those two separate things? He is going to talk about how he has combined them and what he's doing to protect privacy, work with activists and make sure that the services he provides respect the needs of his customers or constituents.

SACHA VAN GEFFEN: I was wanting to talk a bit about what we're doing, but I ended up with presenting a talk of why we're doing it and why you should care as well.

So, to start with why we are doing this. So, I think most of the people believe in this like basic principles of liberal society as we know it since the French revolution, so it's basically liberty, equality and solidarity. And but what has happened over the past few years. I think people really became aware, and a lot of people here I think were already aware that we're basically changing our society from, and Snowden actually made that more, created more awareness for the general population, that something was added to this value and what was added was the surveillance state. I personally think that that's super problematic, and in this mix I really don't know how we can preserve some of the modern values we have in our society. So, we want to see how we can actually do something about it, not we alone, but also a general how society can do something about it.

So, some of our basic things are actually protected by basic human rights and states usually more or less still hold up to them. But then the question is, is it still states that are actually providing that space where inpeople actually move or is that space provide by others, provide by companies or by platforms? And so what does that do to our freedom of speech?

Not only because those platforms can take content down, for instance, by their own or on their own terms by doing their own pleasing base policing terms by their terms of service, but also by the ways technology shapes the platform, it might also shape the way we are able to communicate to each other. And also ‑‑ so changes the richness of the debate that you can have. On the other hand technology is not always the most terrible thing because it also means that we are are able to enrich data and tell stories as they are happening in a way that we think they should be told. And so there is a large movement towards radical transparency and towards, I would say, counter surveillance to make more, to make it more seen at least what is going on around us and how that Government that was forced here to serve us is now here to serve its own purposes.

So, what can we do? Well, we can do stuff like this, so make people aware of what's really going on by opening up information. We can also try to see, or make clear to people how power relations play a role in our daily lives and I find this one interesting because I think this is a physical representation of things that are going on on the Internet, right. This is the in a way, and walls have always been used by those in power to block or to constrain those who are not in power.

So, it's the physical world that actually still is the most important to us all. It's the world in which we actually live, meet, greet, and talk to each other. This is Tahir square, it wasn't Facebook that started revolutions, it wasn't technology in the end. It was people on squares putting their own body into something that made a difference. Also, the arts are playing a role. Art is a form of communication which we can engage people to understand something in a way that matters to them. And also, to come more into terms with technology and how it affects our lives. So these are all interventions that can be used to change the society we're living in, and the times we're living in.

Sometimes people always try to ‑‑ try to make tools to make collectivism something that actually works. I'm not necessarily endorsing this kind of toolsetting but at least it's interesting to see how people try to come to terms with a world in which technology has such an impact as it has today.

So, looking at that background, we are a group of people that mostly are from a technical background and we came together and we thought that we don't want to work during the day for those same companies that actually create a world that we might not want to live in, spending our evenings and nights trying to do good things by building tools that actually help people.

So what we want to do is do that during day and night and also maybe have some time for other things as well.

So, some of the things we ‑‑ I think one of the things that's very important is working with ‑‑ is educating people so we wrote a book about how to be more secure on the Internet for normal users and journalists. We have been ‑‑ when the directive for the retention of logging data in the EC became effective and became effective in national law, we set up a platform to convince providers that they should just not log any data, so they could also not retain it, which we did ourselves as well with log data. So, another intervention we did was when the pirate bay had to be blocked by some providers in the Netherlands, we opened a plug in for WordPress that everybody could install, so they could circumvent censorship not only to the private bay but also to sites like Amnesty International and others that are blocked all around the world by governments. So this was also to show that blocking and filtering is something that's politically very problematic to do in the western world if at the same time you want to say, yeah, but China, you shouldn't be blocking and filtering the Internet.

So, another thing we do is actually try to engage with activist communities and work with the issues that people are facing to see how we can use our technologies as a socially responsible provider to better help them and suit them. So, when ‑‑ so we set up a sub example at OHM, a big hacker camp that had gotten some critique because it was sponsored by an organisation that had a lot to do with supporting the Dutch state with surveillance techniques.

So... and then the CCC decided not to come but we wanted it to be there because we think that the kids, those who make tomorrow's technology would be there anyway, so, we should be there to tell a different story and tell that you do not necessarily, if you want to do cool things in technology, you do not necessarily have to work for intelligence agencies or for blue coat or others but can actually work for companies that make super exciting, and organisations that make super exciting software and projects that are also very technologically challenging.

This is another thing we do, we have we have a monthly meeting with journalists activists etc. In which we discuss all kinds of things and also try to engage technologists that are working in various organisations to like join on this bandwagon to actually further the power of citizens and the people on the Internet and not that of big corporations and governments.

So, what we also tried to do more internal in our organisation is work with our customers and with organisations to provide things that actually fit a purpose more by working with them, or co‑developing a solution instead of just throwing technology at people, because there is no technology that will ever provide security or will ever provide any safety if the only thing that can make you more secure or safe is actually a way in which you work, or a way ‑‑ so it's more of a social process in which technology is, of course, very important, I will not say to you guys that technology is not important in that sense, especially in this day and age. But, it's only a part of that equation, so you should definitely really look to work with the actual users to get real security.

So, this is basically publics platform that works with journalists, newspapers, etc., to be able to leak information for people in a secure way, and we all developed that with the journalists and with possible end users to make sure that this is more secure.

Another thing we do is, try to stand firm against things that are happening, so we have been ‑‑ we are in a lawsuit together with privacy international and a group of other ISPs to sue GCHQ basically because it has proven they have probingen into your computers to gain access to the networks that you manage, which we think is not only an I think infringement of our privacy, but also a very dangerous way of getting that information, not only because it's ‑‑ it could not only be happening by GCHQ, but it could be happening by other governments as well. So they should actually fix the holes instead of using them and abusing them.

So, that is it in a ‑‑ in a very short roundabout way you should do this.

So, how you can help?

First of all, make your networks friendly for activist communities. You could, for instance, just start with setting up or allowing a Tor exit node on your network. Educate users. And make sure that they understand technology and empower them instead of disempowering that. Technology can be superdisempowering to people. That's super‑important. Let's all work together to improve laws and make sure that the laws are supporting the freedoms that are so important to support. And push for more secure standards when we're doing it here. I'm not going to mention techniques for better and secure, more secure Internet, because I think you all know them. And of course, most of you might be working not as the head of your organisation, so I would say, challenge management. You are important to your organisation. You are the tech persons in the tech environment. They can't do without you so if you want to change stuff, just challenge them and say, yeah, well, no, maybe we should just do this because I think it's important. I can go, grab my things and work somewhere else.

And last of all, I'm not the bearer of all good ideas. So please insert your own ideas and give the next presentation next year about what things you came up with.

Thank you.


MEREDITH WHITTAKER: We have a little time for questions and I think that was a really lovely lens on the sort of impact of a lot of technology that gets abstracted out during some of the granular discussions we have here, so I would love to see some questions for Sacha before I introduce the next speaker.

AUDIENCE SPEAKER: Hello. Chris Baker from Dyn. One of the challenges we are trying to run large networks is Tor may be very good and aid people in the situations where they need to get information out not world but it vastly aids criminals, as we degrees our logging, an increase anonymity. What other tools do we have to keep BotNets and other banking trojans and things like that in check?

SACHA VAN GEFFEN: Highways are also good to get people from A to B but they also cater criminals. But to really answer your question, there are some very good exit policies you can set to Tor exit nodes so they become less of a problem. We run a Tor exit node and, ourselves, and we do get, I think about two abuse mails per ten ambit per month of Tor exit traffic. So just to give you a bit of an idea of what you are up to if you would start. That. But, yes, there is some colateral damage on that I do agree. On the other hand, I also believe that those, like the big criminals and etc., also have more and more sophisticated means of doing the work except for using Tor.

AUDIENCE SPEAKER: The other thing I also suggest is, there seems to be a lot of emphasis Ontario and it's in the news a lot more than other technologies. But if you also look out there at some other forms of anonymity software, it's good to hedge across a large area, expecially as the reason it exists the US navy needed to way to create shadows on the Internet. Heading away from that would be good strategist like using an SD not endbined together .

SACHA VAN GEFFEN: Absolutely. I completely agree with that, the diversity of technology and tools is very important in this ecosystem. I think that's where, why the e.g. is in this remark.

MEREDITH WHITTAKER: So I don't see any other questions. I think that means I'm going to introduce the last speaker which I think ties it all together. We can't understand the impact of technology, we can't direct the impact of technology, we can't ask our parliamentarians for specific ends if we don't understand what's happening. And here is Colin Anderson is going to talk about some research that he's done to illuminate more clearly what's happening specifically in US networks, but this is research that I think is applicable more broadly and I will let him kick it off from there.

COLIN ANDERSON: I get to be the last session in that wonderful period where the hangovers have lifted and everyone is well fed. So, I'm looking forward to a lot of critical feedback.

So, implicit in this conversation is the role of measurement, and I would say that you know, firstly, you should find measurement lab a resource, but this talk is not going to necessarily be about measurement lab specifically. More so, a set of study and a set of engagements that have come out in the past couple of weeks and how their implication interacts with some US policy considerations.

So, I want to actually use as little time focusing on the nuances of measurement lab and just talk about what we gain from it in this respect and how it exists as a resource.

Measurement lab is one of the largest open data sets. It hosts about 16 tools across multiple points of measurement across the world. We got on the order of about 200,000 tests per day. Largely as a result of either implementations in tools provided by regulators to SS performance of consumer broadband or other sorts of platforms that use it in order to fine tune their communicationings over the Internet. There is a wide cross section of consumer performance on a wide cross‑section of networks around the world.

For our purposes, although we have 16 tools, for our purposes today we are going to focus on one tool which is the measurement diagnostic tool which exists simply as a ten second TCP stream that tries to push as much traffic across the network and looks at how the behaviour changes. And, again, this is interesting and it's useful and it's pertinent, but what we're looking at is relative changes in measurement across time and how they interact with different variables. So for our purpose what is we're looking at is, we are looking at, for example, inter‑connections.

This is a diagram of inter‑connections which everyone knows to be incredibly simplistic so forgive me in that respect. But inter‑connections in the United States are an incredibly lively policy debate, especially considering how much they sort of exist as an opaque structure of the Internet for the majority of users. This is largely as a result of some changes that have happened in the United States having to do with the regulatory environment around consumer access at large. Because of certain court cases, the network neutrality rules were struck down and there is newer consideration of how the Internet should be regulated in the United States.

At the same time that this is occurring, there is a conversation that has cropped up because of the interaction between particular content providers and the transit and access ISPs in the United States. Because of changes in performance across time.

So, for our purposes, this is something that we can measure and this is something that's interesting because this is something in which there is real consumer performance and there is a regulatory interest in how they sort of interact with the economy, interact with the politics, interact with development policies in the United States.

So, we can design a simple methodology, a simple cross‑section. And so, you know, the United States we have in the orders of tens of thousands of tests on a daily bases from a diversity of ISPs to a diversity of transit providers. In this model what we can do is we can say, okay, if a user is having poor performance across one particular access ISP to one particular transit ISP, we can start to narrow down the possibilities. So, we can say okay, if the user goes to another transit provider, is there the performance that would be expected under normal conditions, under our normal broadband network? You know, you don't have to necessarily say is it 10% or is it 90% of what it should be, but is it 50% percent, so is it within the possible range of what you would expect from a broadband connection?

Okay, let's say in this case you get normal connectivity. United States normal connectivity, not your sweet European connectivity. So, okay, we have more users. So, let's say, users on another access provider go to the same access, or transit provider which we have a host in that was previously having issues. And they get normal performance as well. So, when this starts to happen, tens of thousands of times on a daily basis across a large section of time, this starts to look like what is happening is that somewhere near the inner connection, if not the inter‑connection itself. There is congestion, there is some sort of performance degradation that is occurring and if we go across sites and say not just to this site and this transit ISP, but in Seattle, in New York where there is less likelihood of a technical, shared technical infrastructure, it looks a lot more like this is not a technical problem so much as it's a business relationship problem.

So this actually matters. For all of the right reasons, because as in the United States especially starting in spring 2013, users started to complain. They started ‑‑ and end users are sometimes actually a lot more technical than we give credit for, especially the ones that are speaking up. So people took to the forums of you know of the ISPs themselves, of POP laugh broadband forums and they started showing, they started going through the process and they started saying, look, here is with my problem is, here is when it's happening throughout the day. I talked to this person, I talked to this person, this person talked to the other person, the other person talked to this person. I can't get a resolution. I don't know what's happening in the network. And I have no possible way of getting alternative connectivity. So, what can I do? So in this case, this is a sort of dramatic example, it's somebody who works in a hospital, and has to use a VPN to get into work and is talking about how they have to just go into their work because their VPN doesn't work. And there is desperation, how can I fix this? How can I fix this?

So, we can step through this methodology and we can start to look at how this performed. So we can say, again, using a methodology although it's a more simplistic model, we can go through it and say, okay, so, for ‑‑ let's not use cogent, let's use alternative network, this is the transit provider B in our model, internab actually, what is the performance? Across time, looks pretty consistent. You know, there is some variation, but that's what happens in measurement. But we see a consistency. Okay, so let's not use any of the major access ISPs. Let's use a local provider to cogent. There is some dips, probably just, you know, what you expect out of measurement. But looks pretty normal. So, then let's look at the consumer access ISPs, the major consumer access ISPs under question, and let's look at their accumulative performance over cogent. That's not right. That's all of a sudden a persistent degradation across time that has happened in spring of 2013 and it widely affects performers. I don't have it, but we have multiple sites, and you see this consistent theme of access providers. But, because we have alternatives, because we have cogent and cox, we don't think that it's congestion within the cogent network. No access ISP performance poorly across all transit providers. So this is transit providers on are the rows, access ISPs are the columns. No access ISP or no transit ISP performance poorly in every scenario. So what you have is, it doesn't look like the access ISPs edge networks are congested. It doesn't look like the transit ISP providers or just core networks are congested. It looks like there is problem with the inter‑connection. In this case this graph shows measurements ‑‑ a number of measurements and then a particular tier. The red is subbroadband performance, a Century Link is a DSL provider, so it naturally it's going to weigh on the left side. So what we see is there is always going to be a baseline that says that there is regular performance across all of these networks under different scenarios.

Furthermore, we can also start to look at diurnal trends; user behaviour, user consumption patterns that we would expect interacts with the nature of content consumption which consumers. We would expect in a really provisions network more or less with a little bit of deviation, that across times, across the hours of the day that performance would remain fairly consistent. We would expect instead that under a congested inter‑connection using that methodology, that during peak hours, the level of performance would decrease as users vie for the same fixed amount of resources that are under provisioned, therefore making it worse for everyone. Sure enough, what we see, again using cogent in the major access ISPs, we see considerable degradation that increases across time, and to the point where effectively the only time in which you are getting broadband performance between that pair, is in the early morning of the day. Work hours, evening hours, and especially starting in evening hours, we see degradation. In this case what we see actually by January 2014, during the evening hours, the performance over these inter‑connections were often the median at least was half a megabit per second.

And we see that these diurnal performance trends start to augur degradation over all across time. So the peak performance before overall performance decreases peak performance tends to decrease, the dark is peak performance and then the middle shade is the median and then the lighter is off peak. So what we see is in this case if we just looked at overall friends per day it would look fairly normal until May 2013, but what we see is if we look at peak, actually there was always underperformance to the effect of about 50% of normal performance during the evening hours.

Moreover, this isn't just a cogent problem. We see plenty of cases, some of which are ongoing, so the one I just showed you was level three horizon. We see for example XO and Time Warner and we see these same patterns of degradation. These are also interesting providers, transit providers based off of whose content was going over there, those networks.

We also, by collecting a lot of data, start to find very interesting trends, very interesting patterns. So, a lot of you might have noticed that actually the leavation of congestion was pretty sync niced across the access ISPs. That wouldn't fall within the scope of the notion that it was an inter‑connection problem. That would at least sort of superficially lead one to believe that that was a transit provider problem. Because this is also synchronised but by collecting massive amounts of data and looking at the data we found that in fact all of a sudden there are indicators that something has changed in the network. In this case what we see over the cogent inter‑connections we see the DSCP bit start to set. We go from 9 percent of incoming connections having having the DSCP bit set to 85 percent statement. So, what this leads us to believe, and sure enough it was later confirmed and you might enjoy the discussion on our mailing list, that in response to rampant congestion within the cogent network the company started to apply quality of service based off of the tag recommendations on dealing with congestion. But this is only made possible by large amounts of pools from ‑‑ data from consumers that are retained and openly available to public researchers.

So, we released a report and I think that I hope that there is engagement, but we also released a set of tool kits based off of this attempting to open data. We released telescope, which is a Python framework for downloading large amounts of data from measurement lab, which has been previously kind of difficult to access because it's in big query or in raw tarbol sitting on Cloud storage. And we also ‑‑ in order to try and foster consumers to be able to assess their own performance ‑‑ released the observe tree, and this is the visualisations of the things that I was showing before that is more openly accessible to people who wouldn't necessarily know how to run a Python framework. You get different views of the data. This is going to be expansion hopefully in terms of geographic location and feature set.

So, to summarise, what we find is that our data shows that at least for different access ISP and transit ISP pairs, we see significant congestion that has consumer performance impact, and that this is, degrades the quality of service for a lot of consumers and sort of feeds into this broader policy question. I kind of want to go back to Randy Bush's comment, this is a measurement study not an answer study. So that a lot of the sort of FCC questions and these sorts of things are outside of the scope of what the research is, but these things map, and they do feed into a public debate and if you look at the comment forums on this article for example, you see confirmation of users saying, I had this problem. You know, this is exactly what I was going through. Thank you I thought that I was crazy but you also see that this plays a role in the public debate.

I certainly want to especially given the capacity of the people in the room, say that we are not attributing specific pieces of hardware, we're not saying that it's this point of the inter‑connection or it's this instance or this site. We have pathed at it; we naturally collect path data that occur from the measurements against measurement lab. They were looked at but aren't a part of the report. That will come up. And we can't say that it's not a broken router. But what we can say is that at near this point of inter‑connection, there appears to be degradation, that this degradation occurs across sites so it's less likely to be a technical problem rather than an organisational problem or a business problem or a political problem (technical) and that's the scope of the data. And that's measurement lab's role in that public discourse.

I encourage you guys, if you have the capacity to host a measurement lab site, to look at telescope. To argue within our forums about our methodology or to trawl, please, it's entertaining, and measurement lab has about a petabyte of data and there's a lot here from all sorts of countries, under all sorts of circumstances and so if you don't even care about inter‑connection I invite to you start to explore the data because I think there is a lot more of public policy implications, you know, that sort that are described within this data set and it's openly available.

Thank you.



AUDIENCE SPEAKER: Shane Kerr from Dyn. So this is very interesting. But we're the Cooperation Working Group not the measurement Working Group, right, so... sorry, my brain is rebooting now. So, it seems to me that this is ‑‑ you are actually doing the work that the regulators should be doing in the US specifically, right? And I wonder how much impact in the terms of directing policies this is actually going to have. Ideally of course the regulators and the politicians, elected officials that they work for would look at the actual data and use that as guidelines, but that doesn't really seem to be the case. Not only in the case of the Internet, but just in a more general sense. So, I guess my question is, what is your recommendation for the next step here? I guess you're here kind of as a call‑to‑action or call‑for‑support outside of just the raw measurement, is that true?

COLIN ANDERSON: I think you partially answered it for me. The success of this study is not even based off ‑‑ it's not citations, right, it's not based off of the normal academic parameters: Success of the studies should be based off civil society organisations citing it, based off regulators interacting with the data. Success is being a neutral platform for measurement lab, such that we're being cited by both sides of a public debate. But we inform the public debate. I think that ‑‑ I live in Washington DC, so I have a certain amount of empathy for regulators, I have empathy for regulators especially in a time of austerity. And so what I think we provide is we provide an infrastructure that a lot of governments cannot afford right now, and we provide expertise that they cannot retain at this point, especially competing against maybe even some private sector. And so success is playing a role in terms of feeding into governmental conversations based off of civil society conversations, and I think you know, this study has only been out for about a week and a half. And what we have is we have a fair amount of press converge that's increasing in terms of the scope and people are digging in. And even yesterday there was, you know, there is articles, there is a lot more that's going to come off based off of people starting to dig into the findings and I think on top of that, we can't be expected ‑‑ you know, we have ‑‑ we developed the telescope tool but I don't think that anyone is ever going to use this. I think that ‑‑ I can only hope that they use this. And so it's also making the data more simple and so that somebody who doesn't have the time for it, they can understand this, right? Probably anything more advanced than this is not going to be as accessible, but this is the objective of the Observatory. If it's not accessible then we have failed, but if a policy maker can go no it and say oh, something has happened there, that's worth exploration, then I would consider that the ultimately objective.

MEREDITH WHITTAKER: We have a couple of minutes left. Any other questions? I hear no, I hear snack time. All right. Well, thank you so much, Colin, and thank you Sacha and Amelia and Randy; it was really excellent.


CHAIR: Well, thank you very much everybody. And I hope to see you next time with the Cooperation Working Group at the next RIPE meeting. Thank you.