DEF CON 27 Conference – Senator Ron Wyden – Can You Track Me Now   Phone Cos Are a Privacy Disaster

DEF CON 27 Conference – Senator Ron Wyden – Can You Track Me Now Phone Cos Are a Privacy Disaster


>>Alright. We are gonna get
started here. So up next we have
uh US Senator Ron Wyden. Um he [audience cheers] is the
foremost uut, thank you.
[speaker laughs] [audience applause] So uh Senator Wyden’s
the foremost offender of
America’s uh civil liberties in the US Senate and the tireless
advocate of smart tech policies.
Bef, years before Edward Snowden blew the whistle on the dragnet
surveillance of Americans, Wyden
warned that The Patriot Act was being used in ways that would
leave Americans shocked and
angry. And his questioning of NSA Director James Clapper in
2013 served as a turning point
in the secret surveillance of American’s communications. Since
then, Wyden has fought to
protect American’s privacy and security against unwanted
intrusion from the government,
criminals and foreign ack, uh hackers alike. He has opposed
the government’s efforts to
undermine strong encryption, proposed legislation to hold
companies accountable for
protecting their user’s data, and authored legislation from,
with Rand Paul to protect
American’s fourth amendment rights at the border. Wyden is a
senior member of the senate uh
select committee on intelligence on the top democrat of the
senate finance committee and he
lives in Portland, Oregon. So without further ado, please
work, welcome uh Senator Wyden.
[audience applause]>>Thank you. Thank you. Thank you very much
for that unquestionably
inflationary introduction. [audience laughs] And uh I
believe I’m the only United
States Senator here at DEFCON. So [audience cheers and
applauds] I am so honored to
extend a greeting from one percent of the United States
Senate to all of you. [audience
laughs] We’re gonna get these numbers up in the years ahead
folks, count on it! [audience
cheers and applauds] [clears throat] And I especially wanna
start with a thank you to the
whole DEFCON community. And my sense is that you don’t hear
people with election
certificates say this very often, if at all, but my view is
that white hat hackers are
absolutely irreplaceable in the technological age. [audience
cheers and applauds] And
[applause continues] what I’m gonna go back and tell my
colleagues is white hack hackers
do our country an enormous service. By finding security
lapses and often shaming the
government, and companies and fellow coders into fixing them.
Hackers also make it harder for
the government to hide when it spies on Americans or collects
their information. So my view is
the strength of white hat hackers makes America stronger,
and American’s safer and I wanna
begin tonight by making sure you know this United States Senator
appreciates that. [audience
cheers and applauds] And I do have a history of working with
security researchers I’ve
opposed over the years, expansions of the Computer Fraud
and Abuse Act, wrote Aaron’s Law
to try and roll it back and fought against efforts from the
Clinton Administration that we
embar today to require back doors for encryption. [audience
applauds] Back doors [applause
continues] back doors will leave America less safe folks.
Encryption [audience cheers and
applauds] encryption is not a debate between strong security
and liberty, it’s a debate
between stronger security or less strong security. And if you
want the strongest security in
America you have to be for strong encryption and know back
doors. [audience applause] So
one of the challenges [clears throat] as you know all so well,
is that so often people in
politics basically drive a kind of knee jerk response to
something that will be in the
news. And I understand that because when there are events,
people who get election
certificates feel that they have to quote say something but we’ve
gotta make sure that there is a
greater awareness of technology and, in particular, what you all
at DEFCON have done is made a
concerted understandable effort to increase people’s awareness
of technology and particularly
it is useful in holding off bad ideas that are the knee jerk
reaction. For example when a
tragedy uh hits our country. Speaking of really awful ideas,
I wanna talk about the phone
companies storied into history of violating the privacy of law
abiding Americans. For more than
a century, the phone companies have been willing partners of
government and corporate
surveillance. I’ve sounded the alarm about phone surveillance
in the past, but only in the
past few months has the public learned some of the most
troubling details about how
these telecom giants sell out their customers. And a lot of
the worst has flown under the
radar. So I am gonna describe this kind of contemptuous phone
company conduct with respect to
your private information. And I’m gonna tell ya how to finally
hold these surveillance state
enablers account, accountable. Now this is as I mentioned my
first time at DEFCON. But I do
have a little bit of interesting history with this conference. As
many of you may know DEFCON
played a key role in the public learning that the NSA had been
vacuuming up their phone
records. Seven years ago, then NSA director Keith Alexander,
remember him? He had a lotta
fans here didn’t he? [audience giggles quietly] Seven years ago
Keith Alexander, then NSA
director, spoke at DEFCON. He told the audience, looked at you
straight in the eye, and said
that allegations that the NSA had quote millions or hundreds
of millions of dossiers on
people is absolutely false. Unquote. That statement came
only a few weeks after General
Alexander gave a Speech in Washington DC and said, and I
quote, we don’t hold data on US
Citizens. Now I remember him saying that at this speech and I
said to myself, that is one of
the most untruthful statements ever made in the history of the
United States about government
surveillance. General Alexander was lying. And as a member of
the Senate Intelligence
Committee I knew he was lying. For years along with Senator
Finegold, Udall and Durbin I’d
been fighting to warn the American people that the
government had secretly
interpreted section two fifteen of The Patriot Act. I warned
that when Americans came to
understand how The Patriot Act was being used, they would be
stunned and they would be angry.
Secret interpretations of the law run contrary to everything
the founding fathers believed
in. Secret interpretations of the law corrode democracy and
secret interpretations of the
law must be stopped. Now because this program was classified, my
Intelligence Committee
colleagues and I couldn’t reveal it to the American people. But
thanks to Keith Alexander’s
public claims at DEFCON and all these fabricated statements that
he was making, I finally had a
hook to ask a public question about NSA mass surveillance. So
at the next Public Intelligence
Oversight Hearing, in March 2013, I asked James Clapper the
Director of National
Intelligence if General Alexander was telling the truth.
I bet some of you might remember
the answer. Director Clapper said that the NSA did quote not
wittingly collect data on US
citizens. That was also a lie. As everybody knows NSA was out
there scooping up millions of
innocent American’s phone records. Few months later in the
summer of 2013 Edward Snowden
revealed to the world that the government had in fact been
vacuuming up vast numbers of
American’s domestic phone records. And you might be
interested to know he noted that
he had been watching Mr. Clapper’s false testimony to the
Senate and to the country.
Americans were in fact stunned and angry. Section two fifteen
will be expiring later this year
and Congress is gonna be asked to reauthorize it. It is
extraordinarily important that
Patriot Act phone record surveillance, you know, program
be one in which checks are put
in place so as to protect law abiding Americans in their
checks that are not in place
now. Section two fifteen was not a one off. Telephone companies
had been partnering with the
government to spy on Americans for as long as they’ve ever been
around. Even before the phone
companies existed, phone companies spied on their
customers. Starting in 1919 the
US government’s first code breaking agency, known as the
American Black Chamber,
illegally intercepted international telegrams through
the willing participation of
telegraph companies like Western Union. In 1929 President Hoover,
Secretary of State, Henry
Stimson, shut down the program as soon as he learned about it.
He said gentlemen do not read
other gentlemen’s mail. Now that might be an old fashioned way to
put it but he sure was a patriot
who understood the dangers of indiscriminate domestic spying.
But the problems continued.
Beginning in 1945 the US Army and later the National Security
Agency was given copies of all
telegrams, domestic and international, carried by the
three major phone companies. The
companies only agreed to help after they were personally
assured by the Secretary of
Defense they wouldn’t be prosecuted. They wouldn’t be
prosecuted and their involvement
would be kept secret. That surveillance program was known
as Operation Shamrock and it was
around for thirty years until Frank Church shut it down.
Later, shortly after Nine
Eleven, George W. Bush authorized the NSA to conduct a
dragnet surveillance program
sweeping up both metadata and content of emails and phone
calls. This was a massive
illegal spying program and it could take place only because
major telecommunications
carriers gave the NSA direct access to their networks. Once
this program became public, the
phone companies got sued by the ACLU, by the Electronic Frontier
Foundation they got sued by
everybody in sight. In response Verizon argued in court that it
had a first amendment right to
share it’s customers private data with the NSA. When that
didn’t work the phone companies
got Congress to give them a get out of jail free card. Thirty
one Senators said no sweetheart
immunity deal for the phone companies and I’m proud of one
of those Sena, or Senators being
me. Because it was outrageous that the phone companies got
that deal. [audience applause]
Now, dragnet surveillance basically can’t do it without
the private sector being
willing. Which by the way, Dick Cheyney who I don’t quote all
the time, admitted in a 2008
speech. That brings me to another spying program that
needs some attention. And this
is the Drug Enforcement Administration’s phone spying
program. Earlier this year, the
Justice Department Inspector General revealed that the Drug
Enforcement Administration had
occupied and operated an illegal bolt spying program for more
than twenty years. Now I’ve sat
on the Senate Intelligence Committee for about as long as
anyone in the Senate. And in my
view this was one of the most illegal dragnet surveillance
programs in the history of the
country. Take a guess who signed off on the program. Anybody
wanna throw out a name?>>Bush!
>>The person who signed off on the program was none other than
the current Attorney General
Bill Barr. [Disappointment from the Audience] Back when he was
Attorney General for the first
time in 1992 he said it was just fine for the DEA to subpoena
bulk records of calls between
the United States and certain foreign countries. While the
total number of countries the
program targeted has been hidden from the American people, the
Inspector General said publicly
this year that the surveillance program and I quote involved the
collection of phone call records
for billions of phone calls from the United States to many
different countries. Folks, I
don’t think there’s any question whatcha call that. You call it
mass surveillance. And Mr. Barr
was right in the center of the whole thing. In the twenty years
that the DEA illegally
connected, collected American’s phone records the government
never once went to court. The
governed program relied on a twisted interpretation of the
government’s subpoena power. The
Inspector General made clear the government only served these
subpoenas on phone companies
that it knew would be willing partners. Through the two
decades that the DEA spied on
Americans using this program, not a single phone company ever
pushed back, ever asked if the
subpoenas were legal. One reason the phone companies were such
willing participants. Inspector
General said is they all got paid to fork over your personal
information. I’m not done with
this particular program or Mr. Barr’s various activities and we
can talk about that as well. The
phone companies recently have been in the news and you’ve seen
a fair amount about it with
respect that their sale of location data to uh brokers. And
last summer I conducted an
investigation into the wireless carriers and location data.
Essentially I found that the
wireless carriers were treating their customer’s phones like
tracking tags and selling real
time location data without customers’ knowledge or consent.
They were selling it to sleezy
middlemen who then sold it again to just about anybody who showed
up with a credit card. Now I
discovered that all four major wireless carriers, AT&T,
Verizon, Sprint and T-mobile
were doing this. Were selling location data via data um
brokers to a company called
Securus. Their business is essentially gouging the families
of prisoners by charging them
huge fees to call relatives who are serving time. I discovered
this company had built a web
portal to let prison guards track any phone in the country
without a court order. Once I
exposed this program the phone companies immediately said we’re
shutting down Securus’ access
and pledged to clean up their sale of location data. But as we
kept digging it turned out this
was much bigger than just this one uh company gouging the
families of prisoners. In the
months that followed Mr. Joseph Cox at Motherboard um revealed,
and he deserves much credit for
this, how the carriers and their shady data broker partners were
selling location data to bounty
hunters, used car salesmen and, get this, even stalkers! Phone
companies going along with
something that allows for stalking of people they’re doing
business with became clear the
practice was totally out of control. American’s location
data was available to anybody as
I say who could pay. And by the way phone companies promised
once again to shut it down after
Mr. Cox’s story. And you know a lot of them said well Ron Wyden
didn’t exactly get the date
right that we were talking about when we were gonna shut it down
and all of this, you know, ra,
raz mataz. I think the point really is, it is clear that they
were doing business as usual
with these bounty hunters invading the rights of law
abiding Americans after they
said they’d stopped. And I’ll just tell you, given their track
record, breaking their pledge to
me, I’m not giving them any benefit of the doubt. And
neither should you. [audience
applauds] Now [applause continues] I wanna go just a
little bit further on why the
wireless carriers are so unbelievably bad on privacy. One
thing that frequently comes up
in the debate about privacy, particularly after Cambridge
Analytica’s saying quote if you
aren’t paying for the product, you are the product, this pretty
much explains the privacy
invasions we’ve seen from Facebook. But the phone
companies aren’t offering a free
product. American’s pay a lot for our cell phone plans and
they still get their privacy
violated. Here’s my sense of what is happening. The wireless
carriers depend on government
licensed spectrum to operate. So that gives the government just
by virtue of that, a lot of
power over the companies. The Federal Communications
Commission has historically been
at the beck and call of law enforcement and intelligence
interests. And it’s used it’s
authority to approve or deny licenses as a means to ensure
that other government agencies
get what they want. For example in the early two thousands when
a few companies started to offer
satellite phone service the FCC set on, sat on the license
application from the satellite
phone company at the FBI’s request. It didn’t ok the
license until the company agreed
to put it’s downlink station in the United States instead of
Canada so that the government
could force the company to wiretap calls. Force the
government to wiretap calls.
Americans need a regulator to manage the public spectrum but
the FCC willed the power not in
the public interest but in the government’s interest. It’s no
surprise the phone companies
choose to get paid by the government when they can get it
instead of fighting with the
government. While tech companies like Apple, CloudFlare and Yahoo
have fought the government over
problematic surveillance requests, the government doesn’t
have nearly as much power over
them as it does over the phone companies. That explains the
phone companies willingness to
put the government’s needs over their customers. But what about
the sale of location data to
data brokers? There is a big problem here and um it’s really
two words, Ajit Pai. He’s the
Federal Communications Chairman and he doesn’t believe the
agency oughta be in the business
of regulating the wireless carriers or privacy in cyber
security. Whether it involves
the sale of location data, shady middlemen or the carrier’s
shoddy track record in securing
network from hackers and foreign spies uh exploiting flaws in SS
seven. Chairman Pai has made it
clear he is just gonna sit it out on the sidelines. When you
have the industry’s primary
regulator basically saying he just doesn’t have any interest
in accountability. When it comes
to these industry um violations, what you have is a situation
where the carriers say Hey look!
Let’s just rake in a little bit of extra money by going even
further! Let’s go further. And
in this case sell their customer’s location data to even
more people. So, the status quo
isn’t working so well. The Federal Communications
Commission is an ineffective
regulator run by an ex Verizon lawyer who basically doesn’t
believe in what the job is all
about. Which is accountability and oversight and if
appropriate, regulation. The
Department of Justice is run by Bill Barr. As I mentioned, an ex
Verizon lawyer, who personally
authorized a massive illegal surveillance program and is an
enthusiastic advocate for
unchecked presidential power. Um, if any of you are having
trouble sleeping, I gave a long
speech about Mr. Barr specifically on the floor of the
Senate and talking about his
entire privacy record basically which also um is supplemented by
the proposition that he believes
the president is just above the law. That there are no laws that
really are relevant uh to the
president. This issue fundamentally is about a lot
more than just privacy. The
total absence of any effective privacy regulation combined with
the carriers repeated willing
participation in illegal surveillance programs is
basically serving as the
building blocks for Donald Trump and future administrations to
expand the surveillance state
and use it against their political enemies. Sadly, I have
to tell you that sometimes you
look at this and you say, really doesn’t even matter which party
is in control. Government
agencies will fight any effort to limit their power and most
politicians just aren’t willing
to spend the political capital and the time and the energy to
take em on. But I want you to
know that as long as I have the honor to represent Oregon in the
United States Senate, I gather
we got some Oregonians in the house? [audience cheers and
applauds] Ooohhhh! I don’t wanna
make some of you feel bad, but all the Oregonians in the house
get to participate in the most
logical, sane system of voting in the United States. We vote by
mail and one day everybody in
America’s gonna vote by mail because I’m gonna make sure it
happens. It’s time. [audience
applauds] So we Oregonians will be schmoosin’ on the side when
we’re done. But suffice it to
say I’m just not willing to accept business as usual in this
government overreach
surveillance uh state that I have just described. And here’s
my playbook for how to fight
back. First, Congress must pass comprehensive privacy
legislation that finally gives
the Federal Trade Commission the tools it needs to hold companies
accountable for privacy
violations. It is my view that CEO’s should face jail when they
lie to the government about
their privacy policies. [clap clap] And we [audience applauds]
we, we have had one instance,
you know, after another of these kinds of enormous, enormous,
enormously damaging cases where
uh whether it’s Facebook uh customers or somebody else get
hurt by these privacy
violations. And my privacy bill would give Americans an
effective, easy way to stop
companies from sharing their private information with data
brokers and all of these other
uh bottom feeders. These shady middlemen. Second, phone
companies and really all
companies that hold private customer data must reduce the
length of time that they keep
that data on hand. I proposed that yesterday. And the reason I
did is after the big hacks of
OPM, Equifax and Capital One it’s clear that the only sure
fire way to stop data from being
stolen is to not have it laying around for ages and ages in the
first place. The wireless
carriers keep information about American’s calls and texts and
locations history for far too
long. In AT&T’s case, the company apparently has call
records going back to 1987. This
kind of sort of data retention is a huge, huge gift to hostile
foreign governments that want to
hack our citizens. So I did, as I said, this week, in effect,
write to the wireless carriers.
Told them they oughta delete uh records once they no longer
serve a legitimate purpose and
if they don’t do it, I’m gonna make sure that the Congress gets
serious about stepping in and
doing it for em. It’s a safety and security measure. [audience
applauds] And third, the Supreme
Court, last year, held that the government needs a warrant to
collect location data. But there
are still unresolved questions including whether or not the
court’s decision in the
Carpenter Case even applies to the Intelligence Community. So I
will be introducing an updated
version of my GPS Act in the coming months to ensure that the
government can not track
Americans without a warrant. In each of these efforts, I
certainly have appreciated many
of you and DEFCON giving us technical help. I wanna close by
talking about uh the debate that
you’re going to see uh later this year and why it’s so
important that those who care
about the real need for liberty and security and understand that
the two are not mutually
exclusive. Good policies get you both, bad policies get you
neither. Is that section two
fifteen of The Patriot Act expires in December of this
year. December of 2019. Now, as
sure as the night follows the day, in the United States
Senate, the Senate will wait
until the very last minute. When you all have your Christmas
trees up, and the wrapping paper
is flying every which way, and Americans are debating who will
cook the Christmas Turkey.
Because that’s always what happens. It comes up at the end
of the year and the Office of
National Intelligence says oh my god. If we don’t’ just extend
this bill, Western Civilization
is gonna end. The following bad guys will be striking us, they
will practically be arriving
under our holiday trees to take your children and all kinds of
other things. And I exaggerate
but barely. [audience laughs] Barley. Because that’s what they
do. And as sure as the night
follows the day. So you will see me, as we get into Halloween and
the like, constantly come back
to “Hey folks, we need to have the debate about section two
fifteen in The Patriot Act. We
gotta have it before Christmas Eve. The American people should
know that we can come up with
policies that protect both their liberty and their security.” And
I really would hope that some of
you in DEFCON and all the good work that you’re uh doing will
uh, help us as usual in it. So
as I said, uh last minute there’s always some kind of
claim. In fact, uh one year I
was actually able to get the Office of National Intelligence
to make was, what was an
admission against interest. Where they basically said, when
everybody said it’s all gonna
expire they really said no it’s not going to expire, there’s
authority to have it for, you
know, a longer period. I don’t know what happened to that
lawyer who wrote that but um
suffice it to say this is an incredibly important uh law with
respect to surveillance section
two fifteen of The Patriot Act. Most of the debate will focus on
the call detail record program.
Program in which the government collects metadata about uh
people uh and who they call. And
I am going to push very hard to see if we can put a stake in
this program and close it once
and for all. It has not been used to stop a single terrorist
attack. And it’s even less
useful now, when the bad guys have so many other ways to
communicate. The reason I wanna
finish it off now, is that if you leave spying authority on
the books, nobody knows which
administration is gonna do it, but I don’t want to say trust us
to any administration to have
the power to abuse it. [audience applauds] So the phone records
dragnet is important but there
are other sections of twenty fifteen, of two fifteen that are
important as well. In 2014 the
FBI and Director of National Intelligence confirmed in
unclassified letters to me that
the Intelligence Community used section two fifteen to obtain
historical records of American’s
location data. I made one of those letters public a few weeks
ago. Earlier this year the
Director of National Intelligence also revealed the
Intelligence Agencies still
haven’t been told how they should interpret the Carpenter
Decision, holding that location
data is protected by the fourth amendment. So, here we are,
section two fifteen, one of the
most powerful surveillance laws on the books. A law that has
been abused by the government
before, and the person who is now in charge of the Department
of Justice, Bill Barr. Mr. Barr
has shown an eager willingness to perform legal gymnastics to
let the government spy on
Americans. So before Congress reauthorizes section two
fifteen, I think it’s critically
important that the public be told whether or not the
government believes it still may
use this law to attract, to track American’s phones without
a warrant. If you wanna break
the classic cycle of Congress rubber stamping, Congress needs
to hear from the American people
that this is something they care about. And I’ll just close by
way of saying there is no
question in my mind that white hat hackers, the DEFCON
community really gets it. The
number of stickers and EFF t-shirts and hoodies and
everything I’ve seen walking
around today is the clear signal that everybody here on a Friday
night in Las Vegas for Pete’s
sake! [audience laughs] There are a lot of fun things to do
[audience laughs] in Las Vegas
on a Friday night. And this is a community that understands the
importance of privacy and
oversight of the Intelligence Community and the need for
strong back door free
encryption. And the fact that you’re all here on a Friday
night is an indication to me
that we can work together to make sure that the rest of the
country understands how
important this stuff is. And, in a lot of ways, whistle blowers
and white hat hackers in
particular, in my view are our last line of defense against
government and corporate
surveillance. Americans should never have to trust in just good
will of government or phone
companies or social media. We need black letter laws that keep
our private information safe.
And I want you to know that Congress only acts when the
American people speak out. I
know that this is a community that cares. Please, let’s join
together and make sure that we
mobilize from sea to shining sea, concerned citizens that
share our views, share our
values, share our priorities about pushing back against
unfair uh surveillance. And
thank you for having me. I would like to say that I think by
order of the federal government,
I should give you the rest of the night off. [audience laughs
and applauds] And before I do
that, let’s just together, keep up fighting the good fight.
Thanks everybody! [audience
cheers and applauds] Thank you.

5 comments

  1. Why is my senator so cool? This is the last place I expected to see a Senator. Also, this stuff just makes me mad, so I'm not sure I can even finish the video. ):

  2. Comparatively speaking, most people don't care, much less know, how abusive current/recent systems and trends really are. Bread and circuses, whether govt or corporatocracy, doesn't matter which. Keep the masses fat, dumb, and happy, and make staying on the treadmill just tolerable enough (keep working! You'll get that carrot!), and that's all that's needed. Toss in some recurrent culture war stuff to get people wound up about and at each other's throats instead of realizing what the real scam is about. Sick, sad, and pretty much hopeless if you ask me. Cynical? Sure, why not….

Leave a Reply

Your email address will not be published. Required fields are marked *