1 00:00:00,000 --> 00:00:08,469 foreign 2 00:00:00,500 --> 00:00:08,469 [Music] 3 00:00:11,760 --> 00:00:15,660 thank you all for bearing with us while 4 00:00:13,860 --> 00:00:17,580 we ironed out a few Tech bugs and 5 00:00:15,660 --> 00:00:19,560 welcome to this afternoon's last 6 00:00:17,580 --> 00:00:21,779 presentation which is called how to talk 7 00:00:19,560 --> 00:00:24,600 to cryptographers presented by Dan 8 00:00:21,779 --> 00:00:26,519 Shearer they will be around 10 minutes 9 00:00:24,600 --> 00:00:28,980 left at the end so if you have any 10 00:00:26,519 --> 00:00:31,380 questions please note them and ask them 11 00:00:28,980 --> 00:00:33,660 when the time arises so quickly to 12 00:00:31,380 --> 00:00:36,180 introduce Dan Dan has a long career in 13 00:00:33,660 --> 00:00:39,300 open source their current project is 14 00:00:36,180 --> 00:00:41,340 lumo SQL which embeds a new form of data 15 00:00:39,300 --> 00:00:44,820 security into the widely used embedded 16 00:00:41,340 --> 00:00:46,739 database SQL Lite today Dan shares with 17 00:00:44,820 --> 00:00:49,020 us the Lessons Learned working with 18 00:00:46,739 --> 00:00:51,170 developers on this security project 19 00:00:49,020 --> 00:00:54,660 please welcome Dan 20 00:00:51,170 --> 00:00:57,660 [Applause] 21 00:00:54,660 --> 00:01:00,480 well thank you Amy thank you Amy so 22 00:00:57,660 --> 00:01:03,719 there's been one or two little Mix-Ups 23 00:01:00,480 --> 00:01:06,960 um I'm very happy to continue uh with 24 00:01:03,719 --> 00:01:09,600 either but in fact this is the a very 25 00:01:06,960 --> 00:01:11,520 related talk uh of enforcing privacy 26 00:01:09,600 --> 00:01:14,580 rights against big Tech and big 27 00:01:11,520 --> 00:01:16,740 surveillance so um I suppose if I was 28 00:01:14,580 --> 00:01:19,380 there I'd ask for a show of hands 29 00:01:16,740 --> 00:01:22,020 um Amy can you hear me there are you 30 00:01:19,380 --> 00:01:24,840 expecting everybody uh how to talk to 31 00:01:22,020 --> 00:01:27,360 cryptographers or The Wider enforcing 32 00:01:24,840 --> 00:01:30,240 privacy rights because that is what I am 33 00:01:27,360 --> 00:01:32,400 good to go on so sorry about the mix-up 34 00:01:30,240 --> 00:01:35,960 I'm happy to listen to anything it's all 35 00:01:32,400 --> 00:01:41,040 good uh it looks like this is a unicast 36 00:01:35,960 --> 00:01:43,079 presentation here basically lumosql is a 37 00:01:41,040 --> 00:01:46,140 project that I've been working on now 38 00:01:43,079 --> 00:01:49,079 for three years mostly launched at Linux 39 00:01:46,140 --> 00:01:51,299 confer you 2020 and soft launch before 40 00:01:49,079 --> 00:01:55,619 that but that was the big deal 41 00:01:51,299 --> 00:01:57,960 and it turned out one little 42 00:01:55,619 --> 00:01:59,399 technical project 43 00:01:57,960 --> 00:02:02,340 um in the corner with two or three 44 00:01:59,399 --> 00:02:06,000 people has some very big uh and very 45 00:02:02,340 --> 00:02:08,280 significant ramifications and so this 46 00:02:06,000 --> 00:02:11,640 talk is to document the journey that 47 00:02:08,280 --> 00:02:13,920 we're on how it relates to privacy 48 00:02:11,640 --> 00:02:16,560 rights in Australia and around the world 49 00:02:13,920 --> 00:02:18,660 and how a different approach from the 50 00:02:16,560 --> 00:02:20,760 bottom up might be what we're looking 51 00:02:18,660 --> 00:02:23,340 for to solve some of the most pressing 52 00:02:20,760 --> 00:02:24,540 and Urgent issues 53 00:02:23,340 --> 00:02:27,060 um and so 54 00:02:24,540 --> 00:02:29,700 this is not necessarily what we see 55 00:02:27,060 --> 00:02:31,980 every time 56 00:02:29,700 --> 00:02:35,280 why do we care about privacy what is 57 00:02:31,980 --> 00:02:37,980 privacy there are some basic 58 00:02:35,280 --> 00:02:40,680 fundamentals about the nature of privacy 59 00:02:37,980 --> 00:02:43,680 that I suddenly found myself going back 60 00:02:40,680 --> 00:02:45,360 to about halfway through the lumo SQL 61 00:02:43,680 --> 00:02:46,500 project 62 00:02:45,360 --> 00:02:50,160 um 63 00:02:46,500 --> 00:02:52,860 the notion of privacy is more about a 64 00:02:50,160 --> 00:02:55,260 tummy feeling now a two-year-old can 65 00:02:52,860 --> 00:02:57,959 understand this and I really did have to 66 00:02:55,260 --> 00:02:59,879 look up some psychology on Toddlers and 67 00:02:57,959 --> 00:03:02,700 this sort of thing the notion of privacy 68 00:02:59,879 --> 00:03:05,640 as a visceral feeling that psychologists 69 00:03:02,700 --> 00:03:08,040 study is about 70 00:03:05,640 --> 00:03:09,420 um no you don't want to be dashed in on 71 00:03:08,040 --> 00:03:11,459 when you're maybe sitting on the 72 00:03:09,420 --> 00:03:13,019 bathroom or or doing something very 73 00:03:11,459 --> 00:03:15,480 intimate like that and it starts to 74 00:03:13,019 --> 00:03:18,480 develop about two to three years old and 75 00:03:15,480 --> 00:03:20,400 we still have it as uh as an innate 76 00:03:18,480 --> 00:03:22,739 feeling that there are some things which 77 00:03:20,400 --> 00:03:24,959 are very personal to ourselves we feel 78 00:03:22,739 --> 00:03:26,879 uncomfortable if we're sharing them we 79 00:03:24,959 --> 00:03:29,040 can set boundaries we decide who we 80 00:03:26,879 --> 00:03:34,260 share these things with 81 00:03:29,040 --> 00:03:36,239 um that is the notion of privacy as as a 82 00:03:34,260 --> 00:03:39,720 feeling and that's a very long way away 83 00:03:36,239 --> 00:03:42,180 from legislation and Tech and my my 84 00:03:39,720 --> 00:03:45,780 laptop and my phone and things like that 85 00:03:42,180 --> 00:03:49,500 uh whereas anonymity is the idea of 86 00:03:45,780 --> 00:03:52,680 hiding my identity so that I can act 87 00:03:49,500 --> 00:03:55,560 um or or indeed not act without anybody 88 00:03:52,680 --> 00:03:57,659 knowing who it is who's doing those 89 00:03:55,560 --> 00:03:59,400 things or who it is who holds that 90 00:03:57,659 --> 00:04:02,879 information 91 00:03:59,400 --> 00:04:04,440 um whilst related it's not that 92 00:04:02,879 --> 00:04:05,940 um toddler tummy feeling I'm going to 93 00:04:04,440 --> 00:04:10,140 keep coming back to 94 00:04:05,940 --> 00:04:13,500 and naturally security is related to the 95 00:04:10,140 --> 00:04:16,079 both of the above but the point of 96 00:04:13,500 --> 00:04:17,100 security is that 97 00:04:16,079 --> 00:04:20,459 um 98 00:04:17,100 --> 00:04:23,100 it allows privacy to exist you can have 99 00:04:20,459 --> 00:04:25,320 privacy without security uh it's not so 100 00:04:23,100 --> 00:04:27,960 common that it is possible but generally 101 00:04:25,320 --> 00:04:30,300 speaking imagine if we had a hotel and 102 00:04:27,960 --> 00:04:32,340 we had a very loquacious receptionist 103 00:04:30,300 --> 00:04:35,100 and that receptionist decided to ring up 104 00:04:32,340 --> 00:04:36,900 and tell everybody uh in the newspapers 105 00:04:35,100 --> 00:04:39,419 who was staying at the hotel well 106 00:04:36,900 --> 00:04:42,060 clearly that's a privacy breach 107 00:04:39,419 --> 00:04:45,780 but to fix it we go and have a word with 108 00:04:42,060 --> 00:04:47,340 the receptionist and say really that's 109 00:04:45,780 --> 00:04:49,199 not the way to behave and then we've 110 00:04:47,340 --> 00:04:51,060 fixed the security problem so there is 111 00:04:49,199 --> 00:04:52,860 no more privacy breach 112 00:04:51,060 --> 00:04:54,720 and so these things are very separate 113 00:04:52,860 --> 00:04:58,199 and 114 00:04:54,720 --> 00:05:00,540 in trying to figure out how can we do 115 00:04:58,199 --> 00:05:03,780 something about what is basically an 116 00:05:00,540 --> 00:05:06,360 epic ruling disaster of of privacy that 117 00:05:03,780 --> 00:05:08,820 affects us all with our children 118 00:05:06,360 --> 00:05:14,160 um we had to find the details 119 00:05:08,820 --> 00:05:15,780 of how do we uh Define these things so 120 00:05:14,160 --> 00:05:19,139 basically 121 00:05:15,780 --> 00:05:22,320 who has a right to privacy in indeed is 122 00:05:19,139 --> 00:05:25,560 privacy a right and the answer is yes 123 00:05:22,320 --> 00:05:27,120 and no now there's a lot of stuff on the 124 00:05:25,560 --> 00:05:29,940 screen right now we'll come back to that 125 00:05:27,120 --> 00:05:31,620 in a minute but all sorts of exciting 126 00:05:29,940 --> 00:05:34,199 things are up here about a Declaration 127 00:05:31,620 --> 00:05:37,139 of Human Rights and Australia has done 128 00:05:34,199 --> 00:05:40,139 things like sign and ratify and say what 129 00:05:37,139 --> 00:05:40,800 a wonderful thing about all of these in 130 00:05:40,139 --> 00:05:44,160 fact 131 00:05:40,800 --> 00:05:45,539 the answer is no we don't have a right 132 00:05:44,160 --> 00:05:49,320 to privacy 133 00:05:45,539 --> 00:05:52,560 not as a right in Australia enshrined in 134 00:05:49,320 --> 00:05:56,600 law now there are discussions about 135 00:05:52,560 --> 00:05:58,440 aspects of privacy in various laws there 136 00:05:56,600 --> 00:06:00,660 isn't really anything in the 137 00:05:58,440 --> 00:06:03,900 Constitution and there's quite a few 138 00:06:00,660 --> 00:06:05,880 court cases about aspects of privacy 139 00:06:03,900 --> 00:06:07,020 but what if you're not an Australian 140 00:06:05,880 --> 00:06:09,960 citizen 141 00:06:07,020 --> 00:06:11,100 uh what if you're an Australian citizen 142 00:06:09,960 --> 00:06:14,100 overseas 143 00:06:11,100 --> 00:06:16,080 and so who you are worldwide 144 00:06:14,100 --> 00:06:18,180 and where you are 145 00:06:16,080 --> 00:06:20,160 depends on whether you have a right to 146 00:06:18,180 --> 00:06:23,039 privacy which seems a bit strange if 147 00:06:20,160 --> 00:06:24,780 this is starting from a place of I feel 148 00:06:23,039 --> 00:06:25,979 like I have things that make me 149 00:06:24,780 --> 00:06:28,259 uncomfortable 150 00:06:25,979 --> 00:06:30,120 if other people were to know them why 151 00:06:28,259 --> 00:06:31,740 should that change whether I've taken 152 00:06:30,120 --> 00:06:33,240 one step to the left and I'm in the 153 00:06:31,740 --> 00:06:34,979 border of another country 154 00:06:33,240 --> 00:06:37,860 except if you're in an island like 155 00:06:34,979 --> 00:06:39,180 Australia all right and so 156 00:06:37,860 --> 00:06:40,919 um 157 00:06:39,180 --> 00:06:43,560 there we're going to have a look at all 158 00:06:40,919 --> 00:06:45,060 the different grades if you like of 159 00:06:43,560 --> 00:06:51,000 people 160 00:06:45,060 --> 00:06:54,539 um but the general notion here is that 161 00:06:51,000 --> 00:06:56,100 if you are in Europe then you have lots 162 00:06:54,539 --> 00:06:58,860 of Rights they're written down in law 163 00:06:56,100 --> 00:07:01,139 it's very very clear even if you're a 164 00:06:58,860 --> 00:07:02,039 visitor even if you're there as a 165 00:07:01,139 --> 00:07:05,759 student 166 00:07:02,039 --> 00:07:07,500 uh or even if you're a EU citizen 167 00:07:05,759 --> 00:07:09,900 traveling elsewhere 168 00:07:07,500 --> 00:07:13,259 if you're in some countries that copy 169 00:07:09,900 --> 00:07:15,720 Europe in some ways then you have a 170 00:07:13,259 --> 00:07:17,520 lesser version of that South Korea would 171 00:07:15,720 --> 00:07:19,740 argue it has a better version of that 172 00:07:17,520 --> 00:07:23,039 that's arguable and then the other 173 00:07:19,740 --> 00:07:25,740 countries go down from there so yes and 174 00:07:23,039 --> 00:07:29,160 no do you have a right to privacy a lot 175 00:07:25,740 --> 00:07:33,840 less than you might think 176 00:07:29,160 --> 00:07:36,479 um and this is really a significant a 177 00:07:33,840 --> 00:07:40,440 bigger pardon a significant issue 178 00:07:36,479 --> 00:07:43,319 because most people seem to feel until 179 00:07:40,440 --> 00:07:45,960 it's a little bit too late but yes they 180 00:07:43,319 --> 00:07:49,800 have a right to privacy 181 00:07:45,960 --> 00:07:52,080 um now in 2017 182 00:07:49,800 --> 00:07:54,479 there's a fundamental case in Australia 183 00:07:52,080 --> 00:07:56,220 called the grub case where a journalist 184 00:07:54,479 --> 00:07:59,580 named Grubb 185 00:07:56,220 --> 00:08:02,940 um said to Telstra I'd like access to 186 00:07:59,580 --> 00:08:06,060 all of the metadata about me 187 00:08:02,940 --> 00:08:07,440 so that is the information about my 188 00:08:06,060 --> 00:08:10,199 personal information 189 00:08:07,440 --> 00:08:12,300 and it went up to the high court there 190 00:08:10,199 --> 00:08:14,580 was uh quite an argument about this and 191 00:08:12,300 --> 00:08:18,360 the answer was no 192 00:08:14,580 --> 00:08:20,639 no you cannot because metadata isn't 193 00:08:18,360 --> 00:08:23,340 really identifying the individual it's 194 00:08:20,639 --> 00:08:25,199 more about how Telstra provides the 195 00:08:23,340 --> 00:08:28,560 services to the individual that was a 196 00:08:25,199 --> 00:08:31,620 disastrous decision because metadata is 197 00:08:28,560 --> 00:08:34,740 at the core of a quality privacy regime 198 00:08:31,620 --> 00:08:37,860 and to take the European example which 199 00:08:34,740 --> 00:08:39,479 is uh some some countries have indeed 200 00:08:37,860 --> 00:08:42,060 taken on 201 00:08:39,479 --> 00:08:45,720 it's the concept is it's an ever 202 00:08:42,060 --> 00:08:48,360 expanding cloud of information so it's 203 00:08:45,720 --> 00:08:50,339 that which would tend to identify a 204 00:08:48,360 --> 00:08:55,620 person specifically 205 00:08:50,339 --> 00:08:58,260 uh and that changes by the day as yet 206 00:08:55,620 --> 00:09:01,019 another device comes along uh with yet 207 00:08:58,260 --> 00:09:02,700 another way of innovatively using my 208 00:09:01,019 --> 00:09:05,519 personal data and giving it to 209 00:09:02,700 --> 00:09:07,740 corporations like how many steps I take 210 00:09:05,519 --> 00:09:10,260 we're all familiar with that one yes but 211 00:09:07,740 --> 00:09:11,820 what about the way I walk that is unique 212 00:09:10,260 --> 00:09:16,200 to me 213 00:09:11,820 --> 00:09:19,860 um what about uh in in a very very 214 00:09:16,200 --> 00:09:21,779 genuine case that I was involved in 215 00:09:19,860 --> 00:09:23,880 um there's a 216 00:09:21,779 --> 00:09:25,440 a global name brand 217 00:09:23,880 --> 00:09:27,060 um charity 218 00:09:25,440 --> 00:09:30,120 that 219 00:09:27,060 --> 00:09:32,600 um often has a humanitarian mission 220 00:09:30,120 --> 00:09:35,459 there's a disaster in some country 221 00:09:32,600 --> 00:09:38,040 these people will turn up of a half 222 00:09:35,459 --> 00:09:39,360 dozen or so Global organizations they'll 223 00:09:38,040 --> 00:09:40,740 be there 224 00:09:39,360 --> 00:09:43,080 um there's been a hurricane there's been 225 00:09:40,740 --> 00:09:46,860 a there's been a total wave there's been 226 00:09:43,080 --> 00:09:48,779 a a war or whatever it may be 227 00:09:46,860 --> 00:09:51,420 um and then after this this terrible 228 00:09:48,779 --> 00:09:53,100 thing there's people who need help and 229 00:09:51,420 --> 00:09:54,480 what we need is information what help do 230 00:09:53,100 --> 00:09:55,740 they need how can we deliver what they 231 00:09:54,480 --> 00:09:59,100 need and so 232 00:09:55,740 --> 00:10:00,720 21st century we give our helpers tablets 233 00:09:59,100 --> 00:10:02,160 it has a survey and we go and ask 234 00:10:00,720 --> 00:10:04,200 questions 235 00:10:02,160 --> 00:10:07,320 what do you need 236 00:10:04,200 --> 00:10:09,600 uh how many people are in your household 237 00:10:07,320 --> 00:10:12,000 and how many children do you have a 238 00:10:09,600 --> 00:10:14,820 house does it have a roof 239 00:10:12,000 --> 00:10:17,519 is the roof tin or plastic 240 00:10:14,820 --> 00:10:20,640 do you have a goat these are really 241 00:10:17,519 --> 00:10:23,760 really important things and so then the 242 00:10:20,640 --> 00:10:26,040 food and shelter another Aid comes in 243 00:10:23,760 --> 00:10:27,899 and the humanitarian mission is underway 244 00:10:26,040 --> 00:10:31,380 and that's terrific but then what 245 00:10:27,899 --> 00:10:32,640 happens if two years later as that 246 00:10:31,380 --> 00:10:33,540 region is starting to pull itself 247 00:10:32,640 --> 00:10:36,720 together 248 00:10:33,540 --> 00:10:38,220 somebody decides that they're in charge 249 00:10:36,720 --> 00:10:40,800 and they'll be a government thank you 250 00:10:38,220 --> 00:10:42,959 very much and they've got a gun to say 251 00:10:40,800 --> 00:10:44,880 so and they would really like all of 252 00:10:42,959 --> 00:10:48,180 those surveys 253 00:10:44,880 --> 00:10:50,459 and that's when the information about 254 00:10:48,180 --> 00:10:52,500 your information you may not even have 255 00:10:50,459 --> 00:10:54,540 identified a particular child but you 256 00:10:52,500 --> 00:10:55,800 said they were there or we can maybe 257 00:10:54,540 --> 00:10:58,860 calculate 258 00:10:55,800 --> 00:11:01,860 the nature of the People by the kind of 259 00:10:58,860 --> 00:11:05,540 food that they said that they would like 260 00:11:01,860 --> 00:11:09,600 that is where we have a very direct 261 00:11:05,540 --> 00:11:13,440 implication of metadata getting into the 262 00:11:09,600 --> 00:11:15,420 wrong hands with an active life or death 263 00:11:13,440 --> 00:11:17,640 security risk and that's a very real one 264 00:11:15,420 --> 00:11:21,060 that non-government organizations are 265 00:11:17,640 --> 00:11:22,860 dealing with fairly often these days 266 00:11:21,060 --> 00:11:25,500 no 267 00:11:22,860 --> 00:11:27,959 um yes we should share yes we should be 268 00:11:25,500 --> 00:11:30,480 aware yes we should care 269 00:11:27,959 --> 00:11:33,779 and yes it's deeply related to things 270 00:11:30,480 --> 00:11:37,160 that we can feel unfortunately it just 271 00:11:33,779 --> 00:11:37,160 seems so abstract 272 00:11:37,260 --> 00:11:42,480 um and this is where 273 00:11:39,779 --> 00:11:44,459 we have to look at how things are and 274 00:11:42,480 --> 00:11:48,120 indeed how things are today 275 00:11:44,459 --> 00:11:53,100 in many ways is not so great and so what 276 00:11:48,120 --> 00:11:56,339 we're going to do uh is is consider 277 00:11:53,100 --> 00:11:58,200 if I'm in Australia what is the 278 00:11:56,339 --> 00:12:00,779 framework available to me and the answer 279 00:11:58,200 --> 00:12:03,600 is well there's laws at Federal level 280 00:12:00,779 --> 00:12:06,360 there's laws at state level there's some 281 00:12:03,600 --> 00:12:08,600 bold undertakings uh by the the current 282 00:12:06,360 --> 00:12:12,000 federal government that they're going to 283 00:12:08,600 --> 00:12:15,779 review various aspects of privacy 284 00:12:12,000 --> 00:12:18,959 um at the end of uh end of 2022 there 285 00:12:15,779 --> 00:12:20,160 was a very helpful sounding law passed 286 00:12:18,959 --> 00:12:21,779 about 287 00:12:20,160 --> 00:12:24,540 um improving 288 00:12:21,779 --> 00:12:27,600 your remedies so if there is a mass data 289 00:12:24,540 --> 00:12:29,519 breach then companies have to pay quite 290 00:12:27,600 --> 00:12:31,920 a lot of money they should be worried 291 00:12:29,519 --> 00:12:34,140 about that so hopefully they won't be 292 00:12:31,920 --> 00:12:37,140 encouraging Mass data breaches 293 00:12:34,140 --> 00:12:39,899 but that's not the whole story there is 294 00:12:37,140 --> 00:12:42,240 no what is called law of tort or rather 295 00:12:39,899 --> 00:12:45,720 taught of privacy I should have said in 296 00:12:42,240 --> 00:12:48,540 Australia uh and what that means is it's 297 00:12:45,720 --> 00:12:51,600 not clear that for you the individual 298 00:12:48,540 --> 00:12:53,459 who has had their privacy infringed in 299 00:12:51,600 --> 00:12:55,139 some way that maybe makes you feel icky 300 00:12:53,459 --> 00:12:59,459 there's no way for you to say 301 00:12:55,139 --> 00:13:02,399 specifically that harmed me that is bad 302 00:12:59,459 --> 00:13:05,579 and without a right of privacy that by 303 00:13:02,399 --> 00:13:08,220 default in many circumstances we can 304 00:13:05,579 --> 00:13:10,620 expect privacy uh 305 00:13:08,220 --> 00:13:14,279 we're in a fairly weak position you go 306 00:13:10,620 --> 00:13:16,620 into court you say my some things have 307 00:13:14,279 --> 00:13:17,880 been infringed and then we have to 308 00:13:16,620 --> 00:13:19,860 scratch around and look for the 309 00:13:17,880 --> 00:13:21,240 particular law and the particular harm 310 00:13:19,860 --> 00:13:24,779 that was done 311 00:13:21,240 --> 00:13:28,079 as opposed to in many oh some rather 312 00:13:24,779 --> 00:13:31,139 other countries where we say my rights 313 00:13:28,079 --> 00:13:33,800 have been infringed you have no right to 314 00:13:31,139 --> 00:13:37,500 invade my privacy and take it away and 315 00:13:33,800 --> 00:13:40,339 that is by definition not allowable 316 00:13:37,500 --> 00:13:40,339 and so 317 00:13:40,860 --> 00:13:46,560 that is if you like the background now 318 00:13:43,980 --> 00:13:49,139 as to the implementation the law and the 319 00:13:46,560 --> 00:13:50,579 courts are really quite slow 320 00:13:49,139 --> 00:13:53,360 um and I have some sympathy with this 321 00:13:50,579 --> 00:13:55,440 I'm not sure that we want the courts and 322 00:13:53,360 --> 00:13:58,380 uh and so on 323 00:13:55,440 --> 00:14:00,660 to be reacting as the tech landscape 324 00:13:58,380 --> 00:14:01,620 changes we don't expect new laws to be 325 00:14:00,660 --> 00:14:03,240 issued 326 00:14:01,620 --> 00:14:06,000 um hot on the heels of the latest 327 00:14:03,240 --> 00:14:07,560 product from the latest Cloud company 328 00:14:06,000 --> 00:14:10,079 but really 329 00:14:07,560 --> 00:14:12,660 how can they keep up and the answer is 330 00:14:10,079 --> 00:14:13,680 as things stand in 2023 no they can't 331 00:14:12,660 --> 00:14:16,639 keep up 332 00:14:13,680 --> 00:14:20,100 legislative environment isn't working 333 00:14:16,639 --> 00:14:22,019 for the individual who has an 334 00:14:20,100 --> 00:14:23,700 expectation of their privacy 335 00:14:22,019 --> 00:14:25,139 a whole bunch of very large companies 336 00:14:23,700 --> 00:14:27,240 and some governments are invading that 337 00:14:25,139 --> 00:14:29,339 privacy or what can they do and the 338 00:14:27,240 --> 00:14:31,320 answer is if they went to court which 339 00:14:29,339 --> 00:14:33,899 very few are able to do 340 00:14:31,320 --> 00:14:35,160 whatever they went to court for is out 341 00:14:33,899 --> 00:14:38,360 of date 342 00:14:35,160 --> 00:14:42,240 before it's got to court 343 00:14:38,360 --> 00:14:44,300 the data sale industry the sale of your 344 00:14:42,240 --> 00:14:48,120 personal information and my information 345 00:14:44,300 --> 00:14:50,180 is just Galloping away and indeed it's a 346 00:14:48,120 --> 00:14:54,300 global environment here on the internet 347 00:14:50,180 --> 00:14:57,300 and my personal data from Australia or 348 00:14:54,300 --> 00:14:58,680 from wherever I'm living is broadly 349 00:14:57,300 --> 00:15:00,959 available in other countries 350 00:14:58,680 --> 00:15:02,940 particularly the United States in fact 351 00:15:00,959 --> 00:15:07,019 just last week or so you may have 352 00:15:02,940 --> 00:15:08,820 noticed there was quite a icky instance 353 00:15:07,019 --> 00:15:11,760 where 354 00:15:08,820 --> 00:15:13,740 some very zealous right-wing Catholics 355 00:15:11,760 --> 00:15:16,740 have been going around spending Millions 356 00:15:13,740 --> 00:15:19,019 buying up commercially available data 357 00:15:16,740 --> 00:15:21,300 combing through it combining the 358 00:15:19,019 --> 00:15:23,100 metadata in order to identify 359 00:15:21,300 --> 00:15:24,959 specifically 360 00:15:23,100 --> 00:15:27,540 which Catholic priests they believe 361 00:15:24,959 --> 00:15:29,699 might be gay and then going and doing 362 00:15:27,540 --> 00:15:32,579 something very Catholic about it 363 00:15:29,699 --> 00:15:34,920 and this illustrates that there is a a 364 00:15:32,579 --> 00:15:38,160 large and growing and very unpleasant 365 00:15:34,920 --> 00:15:41,820 Market in the sale of our personal data 366 00:15:38,160 --> 00:15:43,560 or perhaps metadata noting that you can 367 00:15:41,820 --> 00:15:46,100 do that in Australia 368 00:15:43,560 --> 00:15:50,160 a lot more than you might imagine 369 00:15:46,100 --> 00:15:53,459 and so evidence from court cases 370 00:15:50,160 --> 00:15:55,620 even in the regime which is 371 00:15:53,459 --> 00:15:57,380 as I hope to demonstrate The Shining 372 00:15:55,620 --> 00:16:01,920 Light On The Hill in the European Union 373 00:15:57,380 --> 00:16:04,980 is not very comforting so in 2021 there 374 00:16:01,920 --> 00:16:08,519 was a case in the um in strasbord court 375 00:16:04,980 --> 00:16:10,019 of Human Rights uh against the United 376 00:16:08,519 --> 00:16:11,899 Kingdom government 377 00:16:10,019 --> 00:16:16,320 not a European country 378 00:16:11,899 --> 00:16:17,820 anymore as you may have heard and the 379 00:16:16,320 --> 00:16:22,260 idea was 380 00:16:17,820 --> 00:16:25,079 um gchq which is the the English or 381 00:16:22,260 --> 00:16:28,199 British equivalent to Asia 382 00:16:25,079 --> 00:16:30,480 um conducts Mass surveillance activities 383 00:16:28,199 --> 00:16:32,820 that is to say it Scoops up information 384 00:16:30,480 --> 00:16:35,399 on its citizens and everybody else's 385 00:16:32,820 --> 00:16:37,259 citizens that can get it's Hands-On and 386 00:16:35,399 --> 00:16:39,420 sifts through it looking for things that 387 00:16:37,259 --> 00:16:42,000 they regard as suspicious or bad or that 388 00:16:39,420 --> 00:16:43,380 they they're just curious about 389 00:16:42,000 --> 00:16:44,880 and 390 00:16:43,380 --> 00:16:46,920 although 391 00:16:44,880 --> 00:16:50,940 the government the British government 392 00:16:46,920 --> 00:16:54,300 was told no you can't do that as broadly 393 00:16:50,940 --> 00:16:56,579 they did accept the argument but it is 394 00:16:54,300 --> 00:16:59,880 possible to limit how broadly you do 395 00:16:56,579 --> 00:17:01,560 that in other words they did not say 396 00:16:59,880 --> 00:17:04,439 there is a whole class of information 397 00:17:01,560 --> 00:17:06,720 that you just can't have access to and 398 00:17:04,439 --> 00:17:09,120 that was both a win 399 00:17:06,720 --> 00:17:10,860 for privacy advocacy in the sense that 400 00:17:09,120 --> 00:17:14,100 yes the UK government was told to back 401 00:17:10,860 --> 00:17:16,020 off in its mass surveillance and a loss 402 00:17:14,100 --> 00:17:19,079 in the sense that no the court did not 403 00:17:16,020 --> 00:17:21,720 uphold the notion that uh that 404 00:17:19,079 --> 00:17:23,880 governments are unable to constrain 405 00:17:21,720 --> 00:17:25,860 their privacy searches when they have an 406 00:17:23,880 --> 00:17:28,199 infinite data set in front of them 407 00:17:25,860 --> 00:17:31,200 because they can't that is a technical 408 00:17:28,199 --> 00:17:32,100 fact and so a lot of things to worry 409 00:17:31,200 --> 00:17:35,460 about 410 00:17:32,100 --> 00:17:36,960 calling perhaps for a different approach 411 00:17:35,460 --> 00:17:40,020 now 412 00:17:36,960 --> 00:17:42,660 um this is very um it's a most amusing 413 00:17:40,020 --> 00:17:44,880 to me map um created by someone called 414 00:17:42,660 --> 00:17:47,039 Mordor intelligence now I don't actually 415 00:17:44,880 --> 00:17:50,100 know much about mortar intelligence but 416 00:17:47,039 --> 00:17:52,260 I have in fact checked out the uh the 417 00:17:50,100 --> 00:17:53,580 these countries and the various the 418 00:17:52,260 --> 00:17:55,799 regions and the various laws that 419 00:17:53,580 --> 00:17:56,660 applies it's not too bad so this is 420 00:17:55,799 --> 00:17:59,460 about 421 00:17:56,660 --> 00:18:02,640 what is the rate of growth 422 00:17:59,460 --> 00:18:05,400 of metadata 423 00:18:02,640 --> 00:18:08,760 um industry if you like data sale uh in 424 00:18:05,400 --> 00:18:10,500 various regions and guess what uh in 425 00:18:08,760 --> 00:18:14,660 Australia and throughout Northeast Asia 426 00:18:10,500 --> 00:18:18,419 this is a high growth area now I do note 427 00:18:14,660 --> 00:18:20,580 that the Attorney General uh federal 428 00:18:18,419 --> 00:18:24,000 attorney general of Australia has 429 00:18:20,580 --> 00:18:26,720 announced that there shall be a review 430 00:18:24,000 --> 00:18:30,360 um into the uh data retention 431 00:18:26,720 --> 00:18:32,900 regulations which is welcome that is to 432 00:18:30,360 --> 00:18:35,340 say the mandatory requirement on 433 00:18:32,900 --> 00:18:37,260 Australian companies that they will keep 434 00:18:35,340 --> 00:18:40,320 our metadata 435 00:18:37,260 --> 00:18:44,460 for a period of time 436 00:18:40,320 --> 00:18:45,960 um but that is not an answer to why is 437 00:18:44,460 --> 00:18:48,539 it that Australia and many other 438 00:18:45,960 --> 00:18:53,700 countries are in a very high growth area 439 00:18:48,539 --> 00:18:57,539 for selling our private data now 440 00:18:53,700 --> 00:18:59,760 um the this is about rates of growth 441 00:18:57,539 --> 00:19:00,780 um which is why the United States for 442 00:18:59,760 --> 00:19:03,179 example 443 00:19:00,780 --> 00:19:06,179 is is not as not growing as fast as 444 00:19:03,179 --> 00:19:08,580 others it's extremely mature there still 445 00:19:06,179 --> 00:19:10,200 uh I do think that was valid I was 446 00:19:08,580 --> 00:19:12,539 interested to to see that others have 447 00:19:10,200 --> 00:19:15,120 done the work and I've checked it myself 448 00:19:12,539 --> 00:19:16,620 um yes if you're in Australia they're 449 00:19:15,120 --> 00:19:19,500 coming for us 450 00:19:16,620 --> 00:19:21,919 now this 451 00:19:19,500 --> 00:19:24,360 brings me to a very important 452 00:19:21,919 --> 00:19:26,520 fundamental if you like Epiphany for me 453 00:19:24,360 --> 00:19:30,120 in 2015 454 00:19:26,520 --> 00:19:33,600 the beginnings of the European gdpr 455 00:19:30,120 --> 00:19:34,919 um was sorting to coalesce what are we 456 00:19:33,600 --> 00:19:36,419 going to do they were saying in Europe 457 00:19:34,919 --> 00:19:39,720 and we're going to come back to this 458 00:19:36,419 --> 00:19:41,220 slide you see a couple of times I'm 459 00:19:39,720 --> 00:19:43,620 going to flick away from it because I'm 460 00:19:41,220 --> 00:19:46,860 not going to read it 461 00:19:43,620 --> 00:19:48,720 this is my personal Epiphany moment in 462 00:19:46,860 --> 00:19:51,600 developing the lumo SQL open source 463 00:19:48,720 --> 00:19:52,799 solution and and understanding what it 464 00:19:51,600 --> 00:19:56,220 might mean 465 00:19:52,799 --> 00:19:58,200 because in the beginning in the recitals 466 00:19:56,220 --> 00:19:59,460 of this document the introduction if you 467 00:19:58,200 --> 00:20:01,320 like 468 00:19:59,460 --> 00:20:04,080 um it doesn't just talk about the right 469 00:20:01,320 --> 00:20:07,440 to privacy which is there it's in the UN 470 00:20:04,080 --> 00:20:09,600 Universal Declaration of Rights uh and 471 00:20:07,440 --> 00:20:12,360 its various instruments as ratified and 472 00:20:09,600 --> 00:20:13,860 signed by Australia but not implemented 473 00:20:12,360 --> 00:20:16,260 in an Australian law 474 00:20:13,860 --> 00:20:19,260 all of these things are there 475 00:20:16,260 --> 00:20:22,440 but what was astonishing to me was that 476 00:20:19,260 --> 00:20:25,200 the human rights framework as a network 477 00:20:22,440 --> 00:20:27,780 as an interlocking collection of Rights 478 00:20:25,200 --> 00:20:29,160 is specifically referred to in the 479 00:20:27,780 --> 00:20:32,039 European General data protection 480 00:20:29,160 --> 00:20:34,980 regulation and other regulations like it 481 00:20:32,039 --> 00:20:37,080 around the world now 482 00:20:34,980 --> 00:20:38,400 um it was quite a revelation if we go 483 00:20:37,080 --> 00:20:40,500 through them 484 00:20:38,400 --> 00:20:44,880 um you skip towards the end 485 00:20:40,500 --> 00:20:46,679 this regulation is going to respect uh 486 00:20:44,880 --> 00:20:48,600 private and family life home 487 00:20:46,679 --> 00:20:51,240 Communications okay 488 00:20:48,600 --> 00:20:53,820 but freedom of thought 489 00:20:51,240 --> 00:20:55,919 and conscience and religion 490 00:20:53,820 --> 00:20:57,620 that is fundamentally connected to 491 00:20:55,919 --> 00:21:00,900 privacy 492 00:20:57,620 --> 00:21:04,260 your freedom of expression and and 493 00:21:00,900 --> 00:21:06,419 freedom to exchange information which 494 00:21:04,260 --> 00:21:09,360 may not be in any way personal 495 00:21:06,419 --> 00:21:10,700 that is a right again enshrined in the 496 00:21:09,360 --> 00:21:13,620 U.N treaties 497 00:21:10,700 --> 00:21:15,720 and founding a business 498 00:21:13,620 --> 00:21:18,900 um if something goes wrong 499 00:21:15,720 --> 00:21:20,820 the right to appeal and say no this 500 00:21:18,900 --> 00:21:23,240 isn't right to say a court or other 501 00:21:20,820 --> 00:21:25,679 thing that's called an effective remedy 502 00:21:23,240 --> 00:21:28,260 if you're accused of something a fair 503 00:21:25,679 --> 00:21:30,000 trial privacy is clearly involved in 504 00:21:28,260 --> 00:21:32,520 that as you talk to various people 505 00:21:30,000 --> 00:21:33,600 including your lawyer about what's going 506 00:21:32,520 --> 00:21:35,220 on 507 00:21:33,600 --> 00:21:36,539 um and then of course a whole host of 508 00:21:35,220 --> 00:21:39,840 issues 509 00:21:36,539 --> 00:21:43,020 um around sociological things you 510 00:21:39,840 --> 00:21:43,980 languages and religions and cultural 511 00:21:43,020 --> 00:21:46,200 beliefs 512 00:21:43,980 --> 00:21:49,620 all of these things 513 00:21:46,200 --> 00:21:52,200 are in the beginning of the gdpr as 514 00:21:49,620 --> 00:21:54,720 saying look you can't really have them 515 00:21:52,200 --> 00:21:58,559 if you don't have privacy 516 00:21:54,720 --> 00:22:02,280 and that was the aha moment for me 517 00:21:58,559 --> 00:22:03,960 because privacy rights effectively are 518 00:22:02,280 --> 00:22:07,380 human rights 519 00:22:03,960 --> 00:22:10,620 and even more so in the current age 520 00:22:07,380 --> 00:22:13,620 where if you think of for example the 521 00:22:10,620 --> 00:22:16,340 right we have in the UN Charter of 522 00:22:13,620 --> 00:22:19,440 Rights to uh to clean drinking water 523 00:22:16,340 --> 00:22:21,120 which is obviously much more important 524 00:22:19,440 --> 00:22:23,100 of much more of an issue in some 525 00:22:21,120 --> 00:22:25,980 countries than others currently 526 00:22:23,100 --> 00:22:27,240 but how do we get to that and somewhere 527 00:22:25,980 --> 00:22:29,520 along the line there will be an email 528 00:22:27,240 --> 00:22:32,880 there'll be WhatsApp there'll be maybe 529 00:22:29,520 --> 00:22:35,880 signal or other Communications related 530 00:22:32,880 --> 00:22:37,260 to that right being delivered and 531 00:22:35,880 --> 00:22:39,299 guaranteed 532 00:22:37,260 --> 00:22:41,100 and that relates to the privacy of the 533 00:22:39,299 --> 00:22:43,200 individual's concerned so 534 00:22:41,100 --> 00:22:46,440 what I have concluded and what many 535 00:22:43,200 --> 00:22:49,919 others conclude as well is that digital 536 00:22:46,440 --> 00:22:53,100 privacy is the way that all other rights 537 00:22:49,919 --> 00:22:54,000 are respected and delivered in the 21st 538 00:22:53,100 --> 00:22:57,360 century 539 00:22:54,000 --> 00:22:59,700 and that is why it matters and that is 540 00:22:57,360 --> 00:23:02,059 why the current situation really isn't 541 00:22:59,700 --> 00:23:02,059 good enough 542 00:23:02,100 --> 00:23:09,860 um the gdpr has some flaws it also has 543 00:23:06,720 --> 00:23:13,860 six or seven siblings in EU law 544 00:23:09,860 --> 00:23:17,159 that put privacy rights and Associated 545 00:23:13,860 --> 00:23:18,780 mathematics as we're going to talk about 546 00:23:17,159 --> 00:23:20,280 um at the heart of everything that 547 00:23:18,780 --> 00:23:22,860 happens online 548 00:23:20,280 --> 00:23:25,100 other countries have taken this on New 549 00:23:22,860 --> 00:23:28,679 Zealand indeed has 550 00:23:25,100 --> 00:23:31,200 a privacy rights regime which is 551 00:23:28,679 --> 00:23:32,960 compatible with the gdpr so does Japan 552 00:23:31,200 --> 00:23:36,380 so does South Korea 553 00:23:32,960 --> 00:23:40,140 Brazil and Canada 554 00:23:36,380 --> 00:23:43,380 has some degree of of 555 00:23:40,140 --> 00:23:45,840 commonality as well and we can tell that 556 00:23:43,380 --> 00:23:48,059 this is so because the European Union 557 00:23:45,840 --> 00:23:50,820 has a thing called adequacy 558 00:23:48,059 --> 00:23:52,620 which was far from perfect says we 559 00:23:50,820 --> 00:23:55,860 believe that this country and the way it 560 00:23:52,620 --> 00:23:58,559 handles personal data is roughly 561 00:23:55,860 --> 00:24:01,980 compatible with how we do it here in 562 00:23:58,559 --> 00:24:03,720 Europe so it's a bit of a gold star for 563 00:24:01,980 --> 00:24:05,700 um privacy Excellence 564 00:24:03,720 --> 00:24:08,760 um unfortunately there's some holes in 565 00:24:05,700 --> 00:24:12,000 that but we're beginning to see 566 00:24:08,760 --> 00:24:13,140 that the European approach is a race to 567 00:24:12,000 --> 00:24:15,840 the top 568 00:24:13,140 --> 00:24:17,159 um and I I feel quite strongly there's a 569 00:24:15,840 --> 00:24:19,919 distinction between what we're doing in 570 00:24:17,159 --> 00:24:22,679 Australia what we see in New Zealand 571 00:24:19,919 --> 00:24:25,200 um and uh I think 572 00:24:22,679 --> 00:24:27,120 well there's actions that need to take 573 00:24:25,200 --> 00:24:29,419 be taken and there's votes that need to 574 00:24:27,120 --> 00:24:29,419 be had 575 00:24:30,299 --> 00:24:36,900 even the current government and it's 576 00:24:33,299 --> 00:24:39,600 very different to the recent 577 00:24:36,900 --> 00:24:41,820 Government Federal Government and its 578 00:24:39,600 --> 00:24:43,919 approach but even the current federal 579 00:24:41,820 --> 00:24:45,600 government has acknowledged that there 580 00:24:43,919 --> 00:24:49,080 are all manner of things 581 00:24:45,600 --> 00:24:50,940 that aren't good enough and so this is a 582 00:24:49,080 --> 00:24:53,100 quote from the attorney general Mark Dre 583 00:24:50,940 --> 00:24:55,260 fuse about the mandatory retention 584 00:24:53,100 --> 00:24:56,820 regime 585 00:24:55,260 --> 00:24:58,559 um not being good enough 586 00:24:56,820 --> 00:25:01,679 um I would add quite a list to this 587 00:24:58,559 --> 00:25:03,539 there's been a a privacy isn't up to 588 00:25:01,679 --> 00:25:05,159 scratch report hanging around for about 589 00:25:03,539 --> 00:25:07,260 four years at the federal government 590 00:25:05,159 --> 00:25:09,900 level with a lot of recommendations 591 00:25:07,260 --> 00:25:12,240 about how to tighten things up 592 00:25:09,900 --> 00:25:15,419 um none of them address the biggest 593 00:25:12,240 --> 00:25:17,460 issue in the room of course which is 594 00:25:15,419 --> 00:25:20,580 about Australia 595 00:25:17,460 --> 00:25:22,740 believes in bulk surveillance it's in 596 00:25:20,580 --> 00:25:24,779 lockstep with the United States as the 597 00:25:22,740 --> 00:25:26,880 main partner in this in something called 598 00:25:24,779 --> 00:25:28,220 the five eyes agreement so that's 599 00:25:26,880 --> 00:25:30,600 Australia 600 00:25:28,220 --> 00:25:33,419 U.S New Zealand 601 00:25:30,600 --> 00:25:34,260 um Canada and United Kingdom 602 00:25:33,419 --> 00:25:36,299 um 603 00:25:34,260 --> 00:25:39,360 all of them Anglo countries which have 604 00:25:36,299 --> 00:25:41,520 decided that they will exert their every 605 00:25:39,360 --> 00:25:44,100 ability to Hoover up as much data as 606 00:25:41,520 --> 00:25:48,299 possible and sift through it basically 607 00:25:44,100 --> 00:25:50,820 without oversight and share the results 608 00:25:48,299 --> 00:25:53,460 um none of that is touched by what Mr 609 00:25:50,820 --> 00:25:55,380 dreyfuse is saying although I'm very 610 00:25:53,460 --> 00:25:57,919 glad he's saying that Al metadata is 611 00:25:55,380 --> 00:25:57,919 more important 612 00:25:58,080 --> 00:26:02,039 and so 613 00:26:00,299 --> 00:26:05,120 this is where we get to the pointy bit 614 00:26:02,039 --> 00:26:05,120 one moment 615 00:26:08,640 --> 00:26:16,020 um the pointy bit is what can we do and 616 00:26:11,760 --> 00:26:19,020 the we there is from uh me and my trusty 617 00:26:16,020 --> 00:26:20,700 team of Open Source developers uh me as 618 00:26:19,020 --> 00:26:24,900 an Australian and you as Australian 619 00:26:20,700 --> 00:26:27,059 citizens and everything in between 620 00:26:24,900 --> 00:26:28,919 and so 621 00:26:27,059 --> 00:26:31,020 um one of the 622 00:26:28,919 --> 00:26:33,320 very simple things is we have to think 623 00:26:31,020 --> 00:26:36,299 about our technology choices 624 00:26:33,320 --> 00:26:38,880 these are positive actions that many 625 00:26:36,299 --> 00:26:42,000 people can take in their daily lives to 626 00:26:38,880 --> 00:26:44,520 some extent it's not all gloom and doom 627 00:26:42,000 --> 00:26:46,620 and so 628 00:26:44,520 --> 00:26:48,900 um people that have a privacy geek in 629 00:26:46,620 --> 00:26:51,299 their lives will have heard 630 00:26:48,900 --> 00:26:53,100 them banging on about 631 00:26:51,299 --> 00:26:56,039 um is the source code available we make 632 00:26:53,100 --> 00:26:57,720 a purchasing decision is the source code 633 00:26:56,039 --> 00:27:00,179 available at least for the most 634 00:26:57,720 --> 00:27:03,179 important components the answer is very 635 00:27:00,179 --> 00:27:06,000 rarely a hundred percent yes because at 636 00:27:03,179 --> 00:27:08,279 some level uh devices are locked down 637 00:27:06,000 --> 00:27:10,679 there's source code relating to your 638 00:27:08,279 --> 00:27:13,799 firmware in your in your phone 639 00:27:10,679 --> 00:27:16,080 and so on it's a really good first pass 640 00:27:13,799 --> 00:27:17,760 test now at this conference I don't have 641 00:27:16,080 --> 00:27:20,159 to say too much about that 642 00:27:17,760 --> 00:27:22,860 but for example I know groups of young 643 00:27:20,159 --> 00:27:25,080 people I was delighted to discover that 644 00:27:22,860 --> 00:27:26,580 they didn't need a lecture from the 645 00:27:25,080 --> 00:27:28,140 likes of me 646 00:27:26,580 --> 00:27:30,360 um they'd just gone out and bought 647 00:27:28,140 --> 00:27:31,799 something called the free phone uh and 648 00:27:30,360 --> 00:27:35,340 there's there's four or five others 649 00:27:31,799 --> 00:27:37,320 around there which doesn't have Google 650 00:27:35,340 --> 00:27:40,260 all through it at every level it doesn't 651 00:27:37,320 --> 00:27:41,760 have closed Source applications where 652 00:27:40,260 --> 00:27:44,520 there is an obvious open source 653 00:27:41,760 --> 00:27:45,960 alternative it isn't reporting by 654 00:27:44,520 --> 00:27:48,240 default 655 00:27:45,960 --> 00:27:50,460 um your position and many other personal 656 00:27:48,240 --> 00:27:53,220 uh facts about you back to a central 657 00:27:50,460 --> 00:27:55,200 Cloud to be that Samsung's or Googles or 658 00:27:53,220 --> 00:27:58,220 whoever huawees 659 00:27:55,200 --> 00:28:01,820 um that is delightful and a really good 660 00:27:58,220 --> 00:28:04,980 example of an individual action 661 00:28:01,820 --> 00:28:06,600 uh you'll find this conference is 662 00:28:04,980 --> 00:28:08,760 absolutely full of people who will bend 663 00:28:06,600 --> 00:28:12,059 your ear about a very long list of 664 00:28:08,760 --> 00:28:14,039 options but even thinking about it is a 665 00:28:12,059 --> 00:28:16,260 good step forward 666 00:28:14,039 --> 00:28:18,179 um and there are horror stories around 667 00:28:16,260 --> 00:28:20,580 now that non-technical people are 668 00:28:18,179 --> 00:28:22,460 beginning to realize actually this is a 669 00:28:20,580 --> 00:28:24,360 serious problem 670 00:28:22,460 --> 00:28:26,580 now 671 00:28:24,360 --> 00:28:30,659 when it comes to Cloud suppliers 672 00:28:26,580 --> 00:28:33,419 and this brings up end-to-end encryption 673 00:28:30,659 --> 00:28:36,900 um particularly for example for chat 674 00:28:33,419 --> 00:28:37,919 services or video services 675 00:28:36,900 --> 00:28:40,679 um 676 00:28:37,919 --> 00:28:43,559 and the answer to that is if it isn't 677 00:28:40,679 --> 00:28:48,720 effective end-to-end encryption and by 678 00:28:43,559 --> 00:28:51,600 effective I mean if somebody hasn't 679 00:28:48,720 --> 00:28:54,480 responded to government requests to make 680 00:28:51,600 --> 00:28:57,120 that stream available to any government 681 00:28:54,480 --> 00:28:58,860 that asks 682 00:28:57,120 --> 00:29:01,500 if it has effective end-to-end 683 00:28:58,860 --> 00:29:03,419 encryption then that's what you want to 684 00:29:01,500 --> 00:29:07,020 go for and there are some tests for that 685 00:29:03,419 --> 00:29:09,179 I am not a fan of Facebook meta or uh 686 00:29:07,020 --> 00:29:11,760 WhatsApp ultimately 687 00:29:09,179 --> 00:29:13,440 but I will say this that WhatsApp does 688 00:29:11,760 --> 00:29:14,820 have end-to-end encryption now a lot of 689 00:29:13,440 --> 00:29:18,000 the metadata 690 00:29:14,820 --> 00:29:19,620 is not secure and we can tell that with 691 00:29:18,000 --> 00:29:21,659 WhatsApp because they are looking at 692 00:29:19,620 --> 00:29:24,299 introducing carefully targeted ads 693 00:29:21,659 --> 00:29:26,340 however I'm going to say something nice 694 00:29:24,299 --> 00:29:28,820 about WhatsApp they said they would 695 00:29:26,340 --> 00:29:31,919 leave the United Kingdom last week 696 00:29:28,820 --> 00:29:35,159 if the United Kingdom passes the law 697 00:29:31,919 --> 00:29:37,740 which says all end-to-end encryption 698 00:29:35,159 --> 00:29:40,440 shall be compromised with the UK 699 00:29:37,740 --> 00:29:42,480 government having a key that would 700 00:29:40,440 --> 00:29:45,179 effectively Outlaw what's happening its 701 00:29:42,480 --> 00:29:48,120 current Incarnation and they said they 702 00:29:45,179 --> 00:29:49,260 would leave the country now 703 00:29:48,120 --> 00:29:51,480 um good for them 704 00:29:49,260 --> 00:29:54,659 I would suggest maybe not using Whatsapp 705 00:29:51,480 --> 00:29:56,580 at all so signal again while not perfect 706 00:29:54,659 --> 00:30:01,080 um those who know me are aware I'm part 707 00:29:56,580 --> 00:30:03,360 of a project to uh to to implement 708 00:30:01,080 --> 00:30:05,880 um signal server 709 00:30:03,360 --> 00:30:08,520 not as part of signal.org 710 00:30:05,880 --> 00:30:11,760 but signal is the best we have today 711 00:30:08,520 --> 00:30:14,159 and signal is not only got end-to-end 712 00:30:11,760 --> 00:30:16,260 encryption but it is very careful about 713 00:30:14,159 --> 00:30:17,940 the information it leaks about who 714 00:30:16,260 --> 00:30:20,880 you're talking to and who else might be 715 00:30:17,940 --> 00:30:23,039 in a group and where are they from 716 00:30:20,880 --> 00:30:25,740 and so when it comes to Australia's data 717 00:30:23,039 --> 00:30:27,779 retention law for example 718 00:30:25,740 --> 00:30:30,419 um the most 719 00:30:27,779 --> 00:30:34,080 um that somebody like signal.org can 720 00:30:30,419 --> 00:30:37,140 supply them is an IP address 721 00:30:34,080 --> 00:30:40,380 and some metadata that that can be 722 00:30:37,140 --> 00:30:44,640 pulled out of the likes of cloudflare 723 00:30:40,380 --> 00:30:46,860 so basically signal.org is largely 724 00:30:44,640 --> 00:30:49,080 impervious 725 00:30:46,860 --> 00:30:51,419 to the Australian government's mandatory 726 00:30:49,080 --> 00:30:53,100 data retention laws that's a great 727 00:30:51,419 --> 00:30:56,460 example of something to choose and then 728 00:30:53,100 --> 00:30:57,600 finally monoculturalism 729 00:30:56,460 --> 00:31:00,419 um 730 00:30:57,600 --> 00:31:02,159 is not a social statement of something 731 00:31:00,419 --> 00:31:06,840 terribly controversial 732 00:31:02,159 --> 00:31:08,820 it's simply the fact of uh if I have 10 733 00:31:06,840 --> 00:31:11,700 000 um pieces of technology in my 734 00:31:08,820 --> 00:31:13,380 company or in my local Council and they 735 00:31:11,700 --> 00:31:14,580 all come from one supplier they all have 736 00:31:13,380 --> 00:31:17,520 related 737 00:31:14,580 --> 00:31:20,100 um source code trees then they are 738 00:31:17,520 --> 00:31:24,120 probably all vulnerable to the same 739 00:31:20,100 --> 00:31:26,220 privacy holes and that is why a lot of 740 00:31:24,120 --> 00:31:29,820 places including some enlightened local 741 00:31:26,220 --> 00:31:31,380 councils are deciding that okay they are 742 00:31:29,820 --> 00:31:33,419 going to have 743 00:31:31,380 --> 00:31:34,799 um electric electric vehicles which have 744 00:31:33,419 --> 00:31:37,500 all manner of problems with their 745 00:31:34,799 --> 00:31:40,559 software stack including privacy 746 00:31:37,500 --> 00:31:42,179 but maybe we'll get one from this Asian 747 00:31:40,559 --> 00:31:45,120 country one for the United States and 748 00:31:42,179 --> 00:31:47,460 one from Europe and mix and match our 749 00:31:45,120 --> 00:31:50,220 Fleet it's not so great for some fleet 750 00:31:47,460 --> 00:31:53,340 managers but it's not a bad protection 751 00:31:50,220 --> 00:31:55,679 against privacy and quality issues in 752 00:31:53,340 --> 00:31:58,980 the software stack and that's a very 753 00:31:55,679 --> 00:32:01,320 crude example but that level of thinking 754 00:31:58,980 --> 00:32:04,799 um is is being increasingly applied in 755 00:32:01,320 --> 00:32:08,640 larger organizations around the world 756 00:32:04,799 --> 00:32:11,159 um in my house I'm an individual and 757 00:32:08,640 --> 00:32:13,500 that level of thinking still applies 758 00:32:11,159 --> 00:32:15,860 so there are some things that I will 759 00:32:13,500 --> 00:32:19,740 give to one large name plan 760 00:32:15,860 --> 00:32:21,899 name brand cloud provider because 761 00:32:19,740 --> 00:32:24,000 I'm in the real world I have real people 762 00:32:21,899 --> 00:32:26,220 I deal with they are dealing with these 763 00:32:24,000 --> 00:32:29,100 clouds but then there are other classes 764 00:32:26,220 --> 00:32:31,380 of my personal information that 765 00:32:29,100 --> 00:32:33,000 I give to other clouds 766 00:32:31,380 --> 00:32:36,899 if I'm careful 767 00:32:33,000 --> 00:32:36,899 very careful then 768 00:32:37,020 --> 00:32:41,159 um with with the knowledge that I have 769 00:32:38,520 --> 00:32:43,980 with your research I've done I'm able to 770 00:32:41,159 --> 00:32:45,360 reduce my privacy risk overall you've 771 00:32:43,980 --> 00:32:47,880 probably heard me being very careful 772 00:32:45,360 --> 00:32:49,860 there pulling back a little it is not 773 00:32:47,880 --> 00:32:54,179 clear-cut because of course there are 774 00:32:49,860 --> 00:32:56,279 issues of combining and the large clouds 775 00:32:54,179 --> 00:32:59,460 do like to combine data and triangulate 776 00:32:56,279 --> 00:33:00,240 into us what can they produce 777 00:32:59,460 --> 00:33:03,059 um 778 00:33:00,240 --> 00:33:04,620 it's not easy but there are some actions 779 00:33:03,059 --> 00:33:06,419 we can do there are some recommendations 780 00:33:04,620 --> 00:33:08,940 we can make um 781 00:33:06,419 --> 00:33:10,440 many lists of them around 782 00:33:08,940 --> 00:33:12,240 I'm going to give a few a little later 783 00:33:10,440 --> 00:33:15,360 on 784 00:33:12,240 --> 00:33:17,179 uh oh and the most important thing which 785 00:33:15,360 --> 00:33:22,260 is actually not on this slide 786 00:33:17,179 --> 00:33:24,120 is that individuals can vote now we saw 787 00:33:22,260 --> 00:33:26,779 the last federal election 788 00:33:24,120 --> 00:33:32,220 what can happen when people get fed up 789 00:33:26,779 --> 00:33:34,380 and decide to voice an independent View 790 00:33:32,220 --> 00:33:37,260 uh and that has made a significant 791 00:33:34,380 --> 00:33:38,159 difference at at scale 792 00:33:37,260 --> 00:33:41,760 um 793 00:33:38,159 --> 00:33:44,279 similar things have happened in Chile uh 794 00:33:41,760 --> 00:33:47,220 going back a few years in Brazil 795 00:33:44,279 --> 00:33:49,860 um certainly in countries in the EU 796 00:33:47,220 --> 00:33:52,679 where individual citizens has decided 797 00:33:49,860 --> 00:33:55,380 enough is enough and they have uh 798 00:33:52,679 --> 00:33:56,700 lobbied for successfully actions at The 799 00:33:55,380 --> 00:33:59,820 Ballot Box 800 00:33:56,700 --> 00:34:03,240 relating to protecting privacy we have a 801 00:33:59,820 --> 00:34:06,840 rich series of Targets in Australia here 802 00:34:03,240 --> 00:34:10,560 um we have some great advice related to 803 00:34:06,840 --> 00:34:13,200 privacy we have this privacy review 804 00:34:10,560 --> 00:34:16,139 um we have the proposed review of 805 00:34:13,200 --> 00:34:19,260 metadata changes we have 806 00:34:16,139 --> 00:34:22,800 um some terrible pieces of legislation 807 00:34:19,260 --> 00:34:25,800 that uh that that need to be called out 808 00:34:22,800 --> 00:34:28,440 there is the 2018 809 00:34:25,800 --> 00:34:30,480 um access act 810 00:34:28,440 --> 00:34:32,520 um access and assistance Act 811 00:34:30,480 --> 00:34:34,980 which basically says the federal 812 00:34:32,520 --> 00:34:36,720 government has infinite access to 813 00:34:34,980 --> 00:34:38,820 anything happening in Australia and if 814 00:34:36,720 --> 00:34:40,139 there's a technical person involved they 815 00:34:38,820 --> 00:34:42,480 can be required to give the federal 816 00:34:40,139 --> 00:34:44,639 government a back door and they can be 817 00:34:42,480 --> 00:34:46,500 required not to talk about that 818 00:34:44,639 --> 00:34:48,359 and they can be threatened with jail if 819 00:34:46,500 --> 00:34:50,940 they don't 820 00:34:48,359 --> 00:34:52,919 um this is a maligned piece of 821 00:34:50,940 --> 00:34:55,139 legislation and the only way to deal 822 00:34:52,919 --> 00:34:56,820 with that uh is 823 00:34:55,139 --> 00:34:59,400 um in the Australian Federal Parliament 824 00:34:56,820 --> 00:35:02,220 and the only influence we have on that 825 00:34:59,400 --> 00:35:04,560 um as an individual uh is at The Ballot 826 00:35:02,220 --> 00:35:07,980 Box or through lobbying or through 827 00:35:04,560 --> 00:35:09,720 joining with others so there are things 828 00:35:07,980 --> 00:35:12,420 we can do it's not gloom and doom it's 829 00:35:09,720 --> 00:35:15,180 not the end of the world it's it's 830 00:35:12,420 --> 00:35:17,460 pretty worrying 831 00:35:15,180 --> 00:35:20,339 and of course 832 00:35:17,460 --> 00:35:23,339 one group of Open Source developers have 833 00:35:20,339 --> 00:35:26,220 decided to do something else 834 00:35:23,339 --> 00:35:29,280 we thought this is a bit rubbish what 835 00:35:26,220 --> 00:35:32,040 can we do what if we started 836 00:35:29,280 --> 00:35:34,880 from the bottom up 837 00:35:32,040 --> 00:35:38,700 is it possible that we can do something 838 00:35:34,880 --> 00:35:40,800 uh regardless of the legal regime so we 839 00:35:38,700 --> 00:35:44,099 have some some star 840 00:35:40,800 --> 00:35:47,339 um actors behind us from SSH way back 841 00:35:44,099 --> 00:35:48,660 when to Signal more modern 842 00:35:47,339 --> 00:35:51,000 um 843 00:35:48,660 --> 00:35:54,420 um with uh the there's the Guardian 844 00:35:51,000 --> 00:35:56,700 Project which is and of course tour 845 00:35:54,420 --> 00:35:59,579 wonderful pieces of Open Source that 846 00:35:56,700 --> 00:36:01,260 have decided that they can assist with 847 00:35:59,579 --> 00:36:03,180 privacy insecurity regardless of the 848 00:36:01,260 --> 00:36:06,000 legal regime great 849 00:36:03,180 --> 00:36:07,800 but for the as we've just seen for the 850 00:36:06,000 --> 00:36:09,900 individual user in practice 851 00:36:07,800 --> 00:36:11,760 non-technical person 852 00:36:09,900 --> 00:36:15,240 they're really stuck in a hard place 853 00:36:11,760 --> 00:36:17,460 today so everyone has a mobile phone and 854 00:36:15,240 --> 00:36:22,260 we've studied this quite carefully 855 00:36:17,460 --> 00:36:25,980 there is quite possibly one way in 856 00:36:22,260 --> 00:36:28,619 um it's rather ambitious but we've made 857 00:36:25,980 --> 00:36:30,720 considerable progress so every one of 858 00:36:28,619 --> 00:36:32,940 your mobile phones has a database or not 859 00:36:30,720 --> 00:36:36,359 called SQL Lite it's the world's most 860 00:36:32,940 --> 00:36:37,560 used software uh it has 861 00:36:36,359 --> 00:36:39,540 um 862 00:36:37,560 --> 00:36:42,480 um an extraordinarily good history for 863 00:36:39,540 --> 00:36:45,060 reliability I I used to think the other 864 00:36:42,480 --> 00:36:47,099 otherwise and then I realized that 865 00:36:45,060 --> 00:36:49,020 firstly I was misunderstanding and 866 00:36:47,099 --> 00:36:51,420 secondly I was misunderstanding the 867 00:36:49,020 --> 00:36:54,660 scale there is nothing else as far as I 868 00:36:51,420 --> 00:36:58,200 know uh that is non-trivial software at 869 00:36:54,660 --> 00:37:00,180 Trillium scale and there is a trillion 870 00:36:58,200 --> 00:37:02,640 scale there's if you take out your phone 871 00:37:00,180 --> 00:37:04,380 there is at least 300 databases sqlite 872 00:37:02,640 --> 00:37:06,839 databases on there if it's not streaming 873 00:37:04,380 --> 00:37:10,260 data it's probably in SQL light 874 00:37:06,839 --> 00:37:12,660 most of them as plain texts equal light 875 00:37:10,260 --> 00:37:14,339 it is possible to encrypt an entire 876 00:37:12,660 --> 00:37:15,300 sqlite database if you do the right 877 00:37:14,339 --> 00:37:18,359 Magic 878 00:37:15,300 --> 00:37:20,220 and so what if we could make a small 879 00:37:18,359 --> 00:37:22,079 change to SQL light 880 00:37:20,220 --> 00:37:23,400 uh would need to be a small change you 881 00:37:22,079 --> 00:37:24,780 don't fiddle with trillion scale 882 00:37:23,400 --> 00:37:29,220 software lately 883 00:37:24,780 --> 00:37:32,480 and what if we could in some way give 884 00:37:29,220 --> 00:37:35,099 user permissions 885 00:37:32,480 --> 00:37:36,599 enforced in SQL life and that's what 886 00:37:35,099 --> 00:37:37,500 we've been working on for the last three 887 00:37:36,599 --> 00:37:40,260 years 888 00:37:37,500 --> 00:37:44,160 and the answer is we can't 889 00:37:40,260 --> 00:37:47,040 uh and in fact we have solved the how do 890 00:37:44,160 --> 00:37:49,680 we modify sqlite without breaking sqlite 891 00:37:47,040 --> 00:37:51,960 problem we believe we have done we've 892 00:37:49,680 --> 00:37:54,720 worked very carefully with the sqlite 893 00:37:51,960 --> 00:37:57,960 community to ensure that we do we 894 00:37:54,720 --> 00:37:59,460 believe we've solved the problem of 895 00:37:57,960 --> 00:38:02,940 what 896 00:37:59,460 --> 00:38:06,900 can we give the individual user 897 00:38:02,940 --> 00:38:09,359 uh in meaningful control so 898 00:38:06,900 --> 00:38:11,940 there was unfortunately the industry 899 00:38:09,359 --> 00:38:15,780 hijacked the infamous cookie laws in the 900 00:38:11,940 --> 00:38:17,579 EU deliberately and made it so that we 901 00:38:15,780 --> 00:38:20,700 all suffer from click fatigue saying yes 902 00:38:17,579 --> 00:38:21,599 I accept cookies 903 00:38:20,700 --> 00:38:24,359 um 904 00:38:21,599 --> 00:38:26,760 how can we meaningfully give users 905 00:38:24,359 --> 00:38:28,440 control over each row of data in sqlite 906 00:38:26,760 --> 00:38:32,000 and the answer is 907 00:38:28,440 --> 00:38:32,000 with something very clever 908 00:38:32,160 --> 00:38:35,640 we use mathematics we use a form of 909 00:38:34,200 --> 00:38:37,859 encryption 910 00:38:35,640 --> 00:38:38,880 that is called attribute-based 911 00:38:37,859 --> 00:38:43,500 encryption 912 00:38:38,880 --> 00:38:45,240 uh the idea is that the you can read or 913 00:38:43,500 --> 00:38:48,720 write 914 00:38:45,240 --> 00:38:53,339 the data depending on the keys you hold 915 00:38:48,720 --> 00:38:56,160 and the user can delegate keys 916 00:38:53,339 --> 00:38:58,140 I imagine for example we think of a 917 00:38:56,160 --> 00:39:00,420 class of application on our phone 918 00:38:58,140 --> 00:39:03,300 banking apps 919 00:39:00,420 --> 00:39:05,880 what if the bank was not in charge of 920 00:39:03,300 --> 00:39:08,940 the commissions over that data if the 921 00:39:05,880 --> 00:39:11,940 user could say the banks can only read 922 00:39:08,940 --> 00:39:14,339 the data or append to it but they can't 923 00:39:11,940 --> 00:39:16,500 rewrite anything 924 00:39:14,339 --> 00:39:18,780 that is an example of what we're heading 925 00:39:16,500 --> 00:39:20,820 for so by default 926 00:39:18,780 --> 00:39:23,220 the telephone operating system that 927 00:39:20,820 --> 00:39:26,700 you're using whether it's apple or one 928 00:39:23,220 --> 00:39:28,200 of the Androids from Huawei or no matter 929 00:39:26,700 --> 00:39:28,980 who 930 00:39:28,200 --> 00:39:30,780 um 931 00:39:28,980 --> 00:39:33,720 if it's a particular class of 932 00:39:30,780 --> 00:39:35,820 application the user can select what 933 00:39:33,720 --> 00:39:38,099 that application is allowed to do and 934 00:39:35,820 --> 00:39:41,480 the permissions are in the data so 935 00:39:38,099 --> 00:39:41,480 wherever the data goes 936 00:39:42,060 --> 00:39:47,520 um is where the permissions go 937 00:39:44,220 --> 00:39:49,740 now the technical details of that are 938 00:39:47,520 --> 00:39:51,060 really quite immense 939 00:39:49,740 --> 00:39:53,880 um 940 00:39:51,060 --> 00:39:55,980 there's quite a lot to understand how 941 00:39:53,880 --> 00:39:59,960 does um attribute-based encryption work 942 00:39:55,980 --> 00:40:03,660 why have I got both a PhD and a masters 943 00:39:59,960 --> 00:40:07,079 and some very competent developers in in 944 00:40:03,660 --> 00:40:09,839 addition working on this in Rust 945 00:40:07,079 --> 00:40:12,720 and integrating that into sqlite all of 946 00:40:09,839 --> 00:40:15,900 this is really quite technical but the 947 00:40:12,720 --> 00:40:18,359 basic issue is it's possible not only to 948 00:40:15,900 --> 00:40:19,980 enforce these permissions but to roll 949 00:40:18,359 --> 00:40:23,099 them out at scale 950 00:40:19,980 --> 00:40:25,140 if we get some ducks lined up such as 951 00:40:23,099 --> 00:40:27,119 approaching the platform owners I don't 952 00:40:25,140 --> 00:40:30,180 know who we have in the audience from 953 00:40:27,119 --> 00:40:31,460 Google and Amazon today but I want to 954 00:40:30,180 --> 00:40:33,960 hear from you 955 00:40:31,460 --> 00:40:35,880 there's new namespaces there's all sorts 956 00:40:33,960 --> 00:40:37,859 of exciting reasons why you might want 957 00:40:35,880 --> 00:40:39,540 to get in making privacy enforceable 958 00:40:37,859 --> 00:40:40,740 from the user up 959 00:40:39,540 --> 00:40:43,020 now 960 00:40:40,740 --> 00:40:45,420 adoption from App developers that's a 961 00:40:43,020 --> 00:40:47,640 bit of an easier door to push because 962 00:40:45,420 --> 00:40:51,420 the current encryption options for 963 00:40:47,640 --> 00:40:54,119 sqlite aren't great and we we believe 964 00:40:51,420 --> 00:40:56,940 that we have a way to fix that we're 965 00:40:54,119 --> 00:40:57,720 very pleased with our measurements uh so 966 00:40:56,940 --> 00:41:00,500 far 967 00:40:57,720 --> 00:41:00,500 we want 968 00:41:01,020 --> 00:41:04,020 and uh 969 00:41:02,700 --> 00:41:06,480 finally 970 00:41:04,020 --> 00:41:08,579 it is ambitious to the point of 971 00:41:06,480 --> 00:41:10,859 hubristic but what if every telephone 972 00:41:08,579 --> 00:41:14,520 had this what if every line of every 973 00:41:10,859 --> 00:41:16,200 data of every sqlite database and had 974 00:41:14,520 --> 00:41:18,599 these permissions associated with it 975 00:41:16,200 --> 00:41:20,700 wherever that data went 976 00:41:18,599 --> 00:41:22,320 that would be an industry default and 977 00:41:20,700 --> 00:41:25,079 that would be privacy from the bottom up 978 00:41:22,320 --> 00:41:26,520 so that's what we're aiming for I 979 00:41:25,079 --> 00:41:30,020 understand that's the 10 minute warning 980 00:41:26,520 --> 00:41:30,020 which means we have some q and A's 981 00:41:31,560 --> 00:41:36,839 thank you Dan unfortunately that's the 982 00:41:33,839 --> 00:41:38,880 end and we've come right up to our a 983 00:41:36,839 --> 00:41:39,780 room coordinator here sorry say that 984 00:41:38,880 --> 00:41:41,820 again 985 00:41:39,780 --> 00:41:42,960 hello Amy hello 986 00:41:41,820 --> 00:41:44,400 um unfortunately that's not the 10 987 00:41:42,960 --> 00:41:48,839 minute warning we've come up right 988 00:41:44,400 --> 00:41:51,300 against our finish time at 5 25. so have 989 00:41:48,839 --> 00:41:52,859 we just now we have just sorry so sorry 990 00:41:51,300 --> 00:41:54,900 we're not able to thank you very much 991 00:41:52,859 --> 00:41:56,339 for that thank you thank you so much and 992 00:41:54,900 --> 00:41:58,260 apologies again for mangling your 993 00:41:56,339 --> 00:41:59,640 introduction thank you for picking up a 994 00:41:58,260 --> 00:42:01,640 very strange ball and running with it 995 00:41:59,640 --> 00:42:04,200 thank you so much 996 00:42:01,640 --> 00:42:05,880 and thanks to everyone else here um 997 00:42:04,200 --> 00:42:08,220 we'll see you tomorrow hopefully or at 998 00:42:05,880 --> 00:42:10,820 dinner at 6 pm thank you 999 00:42:08,220 --> 00:42:10,820 yep