A Declaration of the Independence of Cyberspace

been here last year? Keep them up for two years ago. Four years ago. Five? Wow, seven. Oh, some up in the front. Excellent. Thank you. My name is Mike Don and we've been putting this on for quite a while now. Security v-sides have happened in a number of different ways and places around the world. In San Francisco, this is year seven. We appreciate everyone coming. We call everyone a participant here because everyone participates in different ways. Certainly, our sponsors participate by helping contribute in terms of covering some of the costs, things like coffee and the like. We're going to have lunch over both days. So it's all covered for you. It's probably one of the cheapest conferences you can get in the city. Food and

entertainment for two days. Security B-Sides happens in over 84 cities in 19 countries around the world. And it is due to people like you who are putting it on and taking it away. One of the best things that happens when people come to one of these events is they say, I can do that! Because they don't realize what it actually takes to put it on. I want to thank all of the organizers that have put it here today. There's a lot of different volunteers in a number of different contexts. But if you want to provide feedback or if you need any help, please reach out to people. There are people wearing security shirts. Their job here is to make sure you have fun. So

please ask and invite them. We have two tracks. Track one is up here. Track two is in the top. You'll see signs around the entire place in terms of where you can find those two tracks. Tool is in the far corner. We have a couple different chill out areas. one in the back here and then another in the far back and the top. There's gonna be power strips there for you to recharge everything. And then there's gonna be a raffle both later on tonight during the happy hour as well as tomorrow during lunch. You have to be present to win, so certainly you wanna be there. Now I wanna introduce the illustrious, John Perry Barlow, and I wanna read his bio because there is nothing in here that needs

omission. Among his many endeavors, John Perry Barlow has been a cattle rancher in Wyoming. songwriter for the Grateful Dead, co-founder of Electronic Frontier Foundation, also back in the corner, which has been protecting the free flow of information on the internet since 1990. He wrote the introduction to the first PGP user's manual, co-founder of the Daniel Eisenberg of the Freedom of the Press Foundation. He remains on the board of these organizations. He's also a fellow at Harvard's Institute of Politics. He's been writing about society and cyberspace since 1988. and was the first to apply that name to the global social space that it presently describes. In 1996, 20 years ago today, well not today, 20 years ago, he wrote a declaration of independence

of cyberspace. Last week. And an object of derision over much the last two decades lifespan, and now fought by many to be prophetic, I certainly do. In 1993, essay for Wired, The Economy of Ideas, permanently changed the legal conversation around intellectual property.

And as a consequence, he was founding fellow for Harvard Law School's Berkman Center for Internet Society. In 2013, he was inducted into the Internet Hall of Fame. Most recently, he co-founded as helping run Algae Systems, an enterprise that transforms sewage and atmospheric CO2, the energy positive drinking water and carbon negative transmission fuel. He's a father of three daughters, and his primary aspiration is to be a good ancestor. I want you all to please give a warm welcome to John Perry Barlow.

I am really stunned that this many geeks could come out this early on a Sunday morning. I feel, well, I feel very proud of myself. actually. Because I figured I'd be talking to about five really dedicated people. But first of all, for those of you who may know me, a quick explanation of the wheelchair. I spent about eight months in various hospitals during last year where I was treated to a cascading concatenation of medical errors. iatrogenic failures. And, you know, I'll tell you, if there's something where people who understand data and information need to apply themselves, it is in the way in which communications take place in hospitals. Because everything that happened to me happened to me because computers were present but weren't being used

properly. And so, that's an aside. I will...

I will walk again, I'll dance again and all that, but you know, I have to learn how all over. It's like, took me a while the first time.

Seems to be taking just about as long the second time. Also,

one of my goals in life is to eliminate broadcast media.

And in the service of that goal, I try not to be one. So I want to try to make this as interactive as possible.

What I prefer to do, if possible, is to converse with the audience. I don't know if we've got... Do we have mobile talking sticks that we can put around? It's nice if we got a couple of wireless handheld mics, but if not, that's okay. Also, it would be great if we could have a little more light on the audience so I can see... I can see you guys. Yeah! Is that too bright for you? Oh, yeah! No, that may be a little harsh. There we go. Now you really look kind of... sexy. Okay. All right, so clear back in 1989,

I realized that the federal government of the United States had discovered the internet, at least partly.

They had discovered phone-freaking primarily, which consisted of a bunch of of early adolescents trying to create the internet themselves by spelunking around in the telephone networks.

And they were really good at it. And

I was in a forum that Harper's Magazine convened in 89.

very prescient. To this day, I'm amazed that the guys who put this thing together had any idea that these were going to be the issues that they became. But it was a forum on security and what was forbidden knowledge and what should be open and what should be closed and all of the issues that are still dominant in your world and actually in everybody's world today. And in the course of this, there were these little hacker kids that I didn't know what they were, but they're coming on like total nihilists. They're clanking around, you know, sort of virtual whips and chains and didn't appear to give a shit about anything, you know. And At one point

I said, you know, if somebody took away your modem and gave you a skateboard, it wouldn't make a nickel's worth of difference. And this being true, it really irritated the kid. And I asked him, I said, I think we've exceeded the bandwidth of this medium. I would appreciate it if you would give me a call and I won't insult your intelligence by giving you my number, which was listed anyway, but he didn't know that. I expected to hear from him immediately just to show that he could do it really quick. And in fact, what I heard from was about 10 of them from different pay funds in New York City. They all parachuted into my ear. And their voices hadn't even changed yet. I

realized what they were. I mean, they were really just kids. And they were kind of the natives of the future. I recognized. They were the original young pioneers who would inhabit this what? This something. And I became kind of like the troop leader to the Legion of Doom. It was a funny position to be in, but I enjoyed it. And then And then the Secret Service started swooping in on them. I mean, one of them, Acid Freak was his name, Acid Freak came home and found that his 12-year-old sister was being held at gunpoint by several large, dim-looking members of the Secret Service while they removed every single electronic item from the house, including a clock radio and all of his

Metallica tapes. they were clueless and they were in fact they were dynamically anti-cluful and then

as I was shortly to discover when I got a visit from agent Richard Baxter in the Rock Springs Wyoming field office who I knew he'd help me with some livestock theft he wasn't he wasn't a bad hand on that sort of thing he called me call me up and he's very very nervous Now you'd never want an FBI agent to call you up and be very, very nervous. And you especially don't want him to say he can't discuss it over the phone.

So I brace myself and he drives 100 miles north. And it turns out that what he's investigating is somebody who's calling themselves, somebody or some buddies, who's calling themselves the New Prometheus League. has taken some of the source code out of the ROM chip of the Macintosh. The stuff that is running, you know, the firmware portions of a very primitive version of QuickTime. And they have spread this around on floppy disks and told Apple and anybody else that they intended to make the entire body of the source available if Apple didn't open up its architecture. And Apple had freaked and had called in, I mean like, at that point Apple didn't know how to create its own stuff because Jobs was left taking with him

a lot of the people that knew how to do this. And so they flipped and they sent the FBI to a lot of people like me who were quite unlikely to have done this. But it took me about an hour and a half to explain to Agent Baxter what the crime was before I could start explaining to him why I was unlikely to have been the person who did it. And he kept calling it the new prosthesis league. And that was just the beginning of the stuff that he thought he knew. He was a wealth of misinformation. I mean, it was fabulous. And I wrote something about this, which was called Crime and Puzzlement, which was, I think, the first time anybody

used the term cyberspace to apply to what we talk about now.

when we talk about cyberspace. I mean, it was my friend Bill Gibson's science fiction word. And I thought about a bunch of them, you know, data sphere, info sphere, et cetera, et cetera. But I liked cyberspace just because it,

I don't know, I think partly because Bill had used it and I knew he had a good ear. But I started applying that word to it because I felt like people needed to know what social space they were in in order to be constituents, in order to be participants, in order to have a sense of their rights, in order to be citizens of a country that had no borders, that had no government, that had no no democracy, but was very likely to be completely wide open to expression and completely wide open to surveillance.

And Mitch Kapoor, who had written Lotus 1-2-3 and had become kind of a pal of mine over the previous couple years, was flying in his bizjet across Nebraska, and he read my piece on the well, and he called me up and said, I just read Crime and Puzzlement. Can I land my Gulfstream at Pinedale Airport? And I said, yes, you can. So he did. And we spent the afternoon talking about a whole bunch of things. Cases, Steve Jackson games, the frack case. I mean, go back and take a look at the history of this period. It's really fascinating. But I won't belabor you. In any event, I realized at that point that cyberspace had been invaded

by the initial party of

not very bright, extremely well armed, and as I say, anti-cluful people. And as such, our rights were in danger.

But I also recognized, I mean, Mitch and I started the Electronic Frontier Foundation and we got it up and running. you know, our whole objective in all of these cases was to defend the First Amendment and the Fourth Amendment. We wanted to make sure that people understood that the First Amendment also applied to electronically transmitted material. And then I got an email from a kid who I still have a regular correspondence with, who is still in the Soviet Union, who had crawled across the border into Finland to send me this email which said, we have heard about what you and Mitch Kapoor are doing, but what about us? We don't have a First Amendment. Well, they sort of did, but I mean,

nobody spent much time on it.

And I realized that the First Amendment was along with the rest of the amendments and the entire constitution was a set of local ordinances and that cyberspace was not going to be susceptible to those ordinances and the very thing that made it so free was also the thing that made it so that rights could not be conveyed and assured. Because in order to assure a right, you have to have the ability to take it away.

And Mitch, at that point, we were having a discussion on how to confront this, and Mitch dropped the line, well, architecture is politics. So that brings me to you guys, kind of. Because a lot of what EFF has done over the years, and fairly invisibly to the general populace, is to attend to the technical architecture of the Internet as it grew and morphed.

And we've spent a very great deal of time trying to make sure that the pipes stayed dumb. However,

As I knew what happened, well, all right, there's another moment in here that's worth recounting. I was thinking about how the citizens, the netizens of cyberspace could express themselves. and I had just had three days at the World Economic Forum, which was the first time they brought in anybody that was anything regarding the Internet. And I was basically part of the entertainment. You know, I could have been a dancing bear.

And, you know, these great pillars of the nation state had no interest in the Internet. So, I was supposed to write something for a book called 24 hours in cyberspace and I was behind deadline and there was this great dance with all these sort of geishas from the University of Geneva studying, getting doctorates in foreign policy and they were all, they'd been attending the conference and taking care of everybody and They were extremely fun company, but I had to write this thing and so I wrote it in pieces over the course of a fairly long evening and sent it in to the editor who wanted to print it in the book and also sent it to about 500 of my friends.

And if I had thought that it was going to become as viral as it became, I probably would have taken a little more care. I certainly would not have imitated the writing style of a notorious 18th century slave owner for which I took endless grief. But what I said in it, in essence, is that while cyberspace and meatspace, as I call it, are intimately connected with one another in exactly the same way that the mind is connected with the body, they are different from one another, also in exactly the same way that the mind is different from the body. And that because there was a new layer in the network stack, so to speak,

There was a social space, a set of conditions that were immune to sovereignty and that could not be made subject to sovereignty, which many people found to be ludicrous. I would say that it is generally true today. And the current flailing of the FBI against Apple is, you know, a hallmark of just how true it is.

And the FBI is trying to get Apple to do something that they can't, and the FBI is too stupid to recognize that they can't. That's how far we've come since my meeting with Agent Baxter. But anyway, enough about setting the stage for this. I want to talk to you. I want to hear what you think. I mean, I have a lot of thoughts about where security ought to be going at the moment. You know, mostly predicated on my sense that security, software security, or hardware security for that matter, is invariably a gun that shoots both directions. So it's often quite useless unless you want to put it in the hands of your enemy. Anyway, so does anybody have anything they'd like to submit?

Don't be shy. I know you are shy, but don't be.

Hi there. you brought up the fbi versus apple i'm thirty two and i've been a supporter of the eff and freedom of speech and you know digital rights for a long time i have a number of co-workers who also feel like their pro privacy and they're definitely on the uh... you know privacy side of the apple versus the fbi and they've never heard of the eff and they've they're not really familiar with the the space that i think most of the people in this room are familiar with how does the EFF do more outreach outreach for the younger folks, the 20-year-olds, the 25-year-olds that should be on our side, that just don't know about our side? God, you know, this is a topic

that troubles us all the time. And obviously, if we had an answer, we'd be doing it. I mean, part of the problem I think is that they tend not to read the stuff that we appear in. You know, they tend not to read the New York Times or, or, uh, major information, you know, the Guardian. Uh, so we're pretty ubiquitous. I mean, if you go to our website and take a look at the stuff that we're doing that is attracting press, it's,

There's a lot of press being generated, but it doesn't get to them. And I guess the thing is to count on people like you to tell them that we exist and why we exist so that they can spread it around among themselves.

Hi, Barlow. Nice to see you. Where are you? I'm here. Oh, hi. Hi. So one of the problems with the Apple FBI thing is many of us believe that Apple can actually do this work. It's still compelled speech or compelled action. It's probably two or three weeks of work by a couple programmers who know exactly what they're doing. So, you know, if someone were being instructed by a judge to do the impossible, that would be a different situation. And if they're instructed to do something which, because their crypto is kind of flawed in various versions of iPhone, they can currently do, of course, now they're trying to make it so that they could not possibly comply with the judge's directive in that respect. But

in order to do that, they need better hardware, for example. And, of course, the government can do a lot of this stuff if... I mean, I would be very surprised if the Intel community doesn't have a hack for the early iPhones at this point. They are much dumber than you think.

They're also lazy. That's the other problem. They'd rather have Apple do it than having them actually do work. Yeah, they want to automate surveillance. I mean, the reason that we've got this gigantic storage farm, you know, server farm in Utah, in Bluff, is because it is actually cheaper to collect everything. And their belief is that they'll collect all the data and let God sort it out. Because it would take God to sort it out. And, you know, their problem all along has been finding the needles of information in the haystack of data. And it is certainly the case that multiplying the size of the haystack many orders of magnitude does not make that job easier.

What they need to be doing is finding better magnets, but then they would have to recognize that there's a difference between information and data, and that is that some human being has actually looked at the data and found them relevant. It's not something you can mechanize. But, you know, You're probably right. I would have thought that that was probably an impossible hack. But you may be right. And the point is, even if it were an easy hack,

it is, in my view, a violation of the Fifth Amendment to break into a communication device. without the permission of the owner of that device. Even if the owner is dead. And, you know, just as a practical matter, I can't imagine what they expect to find on the missing 15 minutes.

What they're doing is they're using these to drive a wedge into the security, the real security of the nation. I mean, I had a conversation with Mr. Park, who at that point was the

CTO of the administration, and I said, What do you think would have happened if EFF had not won the Bernstein case, which made it possible to have strong encryption? What would have happened to commerce on the Internet if we had not been allowed to have strong encryption? And he said, well, it would have been different, I guess. And I said, it would have been very different. And you know that. And, you know,

you have this desire to go in there and impose your will on a set of people that are more or less complying with it. You know, it makes better sense to leave them alone. Now, there are some things that I wish didn't have to be left alone. I mean, I'm heartsick about the amount of malware that's out there. I just, it's, I don't know who writes this stuff and I don't know why. I guess it's kind of a form of graffiti. It's like really sloppy marking. But most of the stuff that has to be dealt with, I think we can deal with ourselves. And the answer to hate speech is always love speech. Okay, who else?

Hi there. So this is kind of following up on a previous question, which is to say, sorry, hi, which is to say about the younger generation not being aware of EFF. I'm involved with my El Maters Computer Science Curriculum Committee, and we're working on revising it. And among other things that I have issues with, The computer science curriculum doesn't have anything with regard to basically ethics. Security is kind of an afterthought in many cases.

But the bigger problem is essentially ethics. Knowing how to build a set of software to minimize the amount of personal information is not anywhere in their teachings, curriculums, thought processes. So to the extent that you end up with students coming out of universities who are oblivious to a lot of your concerns, I say it's not terribly surprising. I'm working on my own university, but I'd actually challenge everybody here to see if you can engage your university that you engaged with, you came out of, at a curriculum improvement level as an alumni. But I'd say that EFF should be really putting together like a package of course curriculum and stuff like that. Well, we have tried that. Okay. I'd

love to have it to take with me. I don't think we did very well, to be honest. You know, because

we tend to place a lot of faith in the autodidactic nature of computer technology. I mean, how many of you learned how to operate a computer in a classroom? Really? That many? Three? Okay. That's not how you learn this stuff. You learn this stuff by having something that you want to do with this amazingly ductile tool. And then getting people that you know who know how to operate the thing enough to get it to do that, show you. And I think it's kind of like that, except for the fact that the kids are not, there isn't something that they want to do attached to this. And I think it's pretty important that we explain to them, you

know, on a person-to-person level why they want to do it and what they stand to lose. Because, I mean, we are definitely defining the foundations of a future that, if the human race survives the next hundred years, will probably be thousands of years. And the way we do this is going to be hugely important. And you guys are on the front lines of creating that architecture and vouchsafing it for the future. Who else? Aya.

Howdy. Howdy. Wondering what you think about the effect cryptocurrencies will have on shape of cyberspace, security, and people's ability to express or ease of expression in cyberspace. Well,

I worked on every cyber currency, starting with digicash. until PayPal, which I didn't work on, unfortunately. Or I'd have an electric car company now. But

at that point, I had much more of a completely large L libertarian view of things. And I basically wanted to to starve the government. And I knew that the government would not be able to tax what it couldn't see. And that cyber currency was going to be functionally invisible or could be made to be functionally invisible a lot of the time. So, you know, the entire internet would become a money laundering operation.

That struck me as a good thing at the time.

Because my dislike of government, I mean, I come from Wyoming.

The state is 78% owned by the federal government, and they do a very poor job of it. So, you know, I had to recalibrate my settings to understand. I mean, it took the Bush administration to get me to realize that it mattered who was president of the United States.

Or it certainly mattered who was vice president of the United States. Fellow I'd helped get elected the first time. But the government just quit regulating the financial industry. And it ran amok in a horrible way. And I started to think much friendlier thoughts about regulation. And I'm hopeful that as people design things around either Bitcoin or what comes after Bitcoin, which I think is probably... The thing that comes next is probably going to be the thing. I think Bitcoin has a number of limitations. But, you know, it's close enough that it's already got a very large economy operating through it. And we will see how this plays out, but I think in the meantime, it's people like you

that have to be the regulatory force.

That's probably not a role you like, but it's the role that you have.

Who else?

Hey there. If cyberspace is analogous to a nation state, what does it mean to be a patriot? Or what does patriotism mean in that context? Well, patriotism, I always have thought, is identification

with a national belief system. Now a lot of people think that it's dedication to what goes on within certain well-defined borders,

which obviously does not apply in cyberspace. But

as I keep trying to remind the government of the United States, the United States is not the land that lies within the boundaries of the United States. In fact, the United States government ignores those boundaries routinely. I mean, even back when Clinton was still president, I was in the White House at one point and I asked one of his aides, how do you define the boundaries of the United States these days? And he said, That's not a question we find it very useful to ask around here. So, I think that in this sense, you know, I think that the reality is and has been that the United States is a set of beliefs and trying to defend some notion of

some cultural belief about America by dismantling those beliefs is the real injury to the republic. This is much worse than any terrorism. And terrorism, by the way, folks, is not a gigantic threat. I mean, last year, 46 Americans lost their lives to Islamic terrorism. 49 lost their lives to homegrown right-wing terrorism. You don't hear as much about that. That's not very many people. There were way more people killed last year by lightning while golfing. In fact, there were more people killed last year by television sets falling on them.

And there were 190,000 people killed last year by medical errors of the sort that were inflicted on me. So, you know, if we want to put our resources someplace, I suggest that we put them someplace where there's a real problem. But the real problem is that within the government, there are a bunch of really frustrated hall monitors.

And people who are fighting for cultural dominance

in a war that's been going on since 1966, to my reckoning, between the 60s and the 50s. And the 50s still have nuclear submarines and aircraft carriers and now the ability to tap every phone in the world. But the 60s, slowly and surely, are winning.

and I look at the people who are defending the culture that they're trying to maintain and I realize that they're all likely to be dead when many of you will still be alive. And I think you probably see things differently. So that's

You know, I think that's the heart that I can take in this. A patriot in terms of cyberspace is somebody who believes very simply in the vision that everybody, everywhere, has a right to know. This has never been a right that was promulgated by any nation state. because it was impossible to convey. Now it is possible to convey. It is within our reach as a species to create a communications network that makes it so that if you are really curious about something, no matter how odd and specialized, you can find out everything that is presently known by human beings on that subject.

And then you have a global ecosystem of mind that is capable of thinking unbelievable thoughts and may already be thinking them. So it is your responsibility to shoot for that kind of an outcome, even as you are trying to figure out ways to protect the abuse of free speech from dominating the conversation. And in that regard, I strongly recommend the very sparing use of anonymity. I look at anonymity the same way I look about guns. Guns may be a good palliative against overzealous government, and I keep a few around for that reason, but I don't use them or anonymity very much at all. Anyway, cyberspace patriotism is very simply defending the open network from the end to the end. And you guys are the people who define where

that end is and what gets through it. I know that for myself, my life online is becoming extremely tedious. Really, totally dreadful because of the security measures that everybody is now taking. Maybe they're necessary, I don't know. I mean, I get my credit card changed three or four times a year because there's a suspicious charge, and they dump the number on it before I can even say, let it go. I mean, there's a bunch of stuff that's going on with security that is... I mean, when I was a kid, I feared... you know, the Terminator future where the machines had become so intelligent that they had achieved the power to take us over and run us. What I wasn't

suspecting could be true was that the machines would take us over and run us, but they wouldn't be malevolent, they'd be incompetent. This is actually a worse nightmare. because it means that the people who are controlled by these machines, like all the nurses and doctors that had their way with me, many airline ticket agents, many stewardesses, I mean, you name it, they're at the mercy of the incompetence of these systems themselves, and I exhort you

to work hard to make sure that these things actually communicate, you know, to the extent you can. And this means thinking a lot more about UIs than you're probably inclined to. But

I think you are a very encouraging subset

of a group that I have enormous faith in.

I mean, I remember the first DEFCONs, and this feels more like that.

And I wish you Godspeed, and I wish you benign judgment in the things that you do, because Whether the future is open or closed and whether or not we convey to humanity the right to know is in your hands. Thanks.