Fakes Aren't Funny -- or Are They?
8:51PM Jul 30, 2020
pin tumbler lock
Hello everyone welcome back for more of hope 2020, a big thank you to all of the attendees presenters and volunteers who have made this virtual version of our conference so successful, our next session is from Tom Keenan, we started in it back in 1977, and is, author of techno creep, the surrender of privacy and the capitalization of intimacy. Tom's talk is titled fakes aren't funny, or are they. Please remember during the presentation the speakers are live in the 2020 matrix chat q&a, please submit your questions to the matrix chat, and we will do our best to present your questions to the speakers time permitting already Tom will take it away.
Okay, thank you so much JP and I wanted to just give a big shout out to you guys for being able to organize this. It's not easy to pivot the way you did, and I really appreciate it. I should also mention I may know some of you because I was one of those guys back in the late 1960s used to go to 2600 meetings in Manhattan. And there we have them I believe in the GM building where there was a big roll of payphones and people would find out new stuff to do, and run over to try it on one of those pay phones. So that kind of brings me to my first point, which is, I have a lab coat. Why am I wearing a lab coat. I'm not a doctor I do have a doctorate from Columbia University, it's not in medicine. And I also have this yeah this whole card, who's there's a story behind this. I was in the Ford store a couple of weeks ago, and they had a sign that said responders and medical personnel go to the front of the line. And I went Maggi I have a lab coat you know I could pull that off. But then I thought, Well no, you might need paperwork. And then I remembered I had this, and there's a story behind this I found this while I was cleaning out some old paperwork. And I went, wait a minute. That's my autograph much younger version of me. It says I'm a physician at the Calgary General Hospital. It gives a bogus name. Who on earth was Dr. Joseph Bullock. And after a lot of soul searching and thinking back and meditating and whole Pono Pono, he came up with the answer. I played a doctor in a movie years ago. And just as we were about to do the shot the assistant director said, Hey, that doctor over there he doesn't have a badge on so they marched me down to the Calvary journal hospital, Id making room and made me a physician's ID which I can mean leave it like that to ever give back so it's a souvenir. Now I would never do what I just said, which is used this lab coat which will take off the top. And this badge to get to the front of the line and that's really the point of my talk today so if you take nothing else away, just because we can do it because we're smart and crafty and tricky, doesn't mean we should do. Computer Security has been very very good to me I actually got to where I am, which is Calgary, Alberta, as the leader of a bicycle trip with kids from New York City. We all managed to get ourselves injured out near Lake Louise. And I used to have a lot more hair than, and I liked it so much that I stayed around and I got a job at the University of Calgary as a systems programmer, because I was the new guy, because I was the American and a Canadian shop. They said we're going to give you the worst thing we have the missionary on Master, and this is somebody who every night goes around the entire university campus which wasn't very Big Ben and post these big printouts of all the accounts and all the passwords, and we don't know how he does it. So, kid. Your job is to figure it out. And that's how I got into computer security, because I had to learn I'd lose my job if I didn't solve it, technical people in the room, it was a big mainframe computer control data 6600 memory blocks, located at the offset of 112 words beyond the start of your memory was where the things stored the password. Back in the old days computer cycles were precious, they were more valuable than people cycles. And the result is the system didn't bother clearing the memory. So the missionary on masker who I later found out was the son of a dean who was bored went out there and looked in those memory locations kept requesting memory was called the residue era, still happens in systems. And sure enough, that led me down the path of computer security, so I in fact I taught what is probably Canada's first computer security course in 1977, just to share my knowledge, and every year that goes by, there are fewer and fewer people who can challenge me on that plane right. We're all image fakers so this is I do a lot of television work this is actually me in auto in front of Canada's Parliament Buildings. That's a rare thing now we do television, you know, the weather might be bad. So normally, like when I did something out of New York at the ABC studio. They set us up in front of a picture of the Empire State Building or now it's an LCD monitor of the Empire State Building, and I thought I would share this photo with you because it's weird. It's got two different images simultaneously of my face. I give it to my students to test facial recognition, because some facial recognition companies now in other countries may be might be unscrupulous so I say, students, you don't have to give your photo away, you can use this photo of me. And what you can see there is they somebody ran it through a beta face API and found out that I'm not attractive I think it thinks I'm in my 50s. So I found out various things about me, based upon my face fakery actually goes back a long way my favorite sport in snowboarding. One of the reasons I live here in the Canadian Rockies. This is a run called delirium died. People do die on this run it's double Black Diamond, subject to avalanches, but years ago I saw this ad it's way back from 1985. And it's a photo of a guy skiing, but the pictures are different. It's clearly the same picture, but somebody has done the background, I want to show you this so you know how far back it goes Photoshop came out in 87. So by 1995 which is when this newspaper came out, they couldn't use Photoshop. What they probably did is took a razor and cut the negatives sandwich them together and printed the picture. How do I know that because I once interviewed the photo editor of the New York Times, I said hey can you detect a fake photo. I said I used to be able to when I, they use razor blades I could see the cuts from the razor blade. Once it's been through the computer, he said, there's really no way. And we have all these tools Photoshop InDesign, and Pixlr that allow people to do this, and they're in the hands of the general public. The other thing is photos are so important. Entire platforms like Instagram and Pinterest. To me, are all about the images, and there's a good statistic that if you put an image on your tweet which I always do on my app doctor future account. If you do that, 34% more likely to be retweeted. Now of course are many fake photographs, this is the Yalta summit and Sylvester Stallone and Groucho Marx went off there with Winston Churchill and FDR. This is not the National Geographic photo of the year would be a great one. But it was put out that it was done with Photoshop so there's tons and tons of fun photo fakery out there and funny image fakery. I want to show you some serious ones. Sometimes you can actually get a really good picture if you just choose the right camera angle. So that looks like a very brave guy and to see that that rock is actually two meters, or you know a few feet off the ground. This is actually a place in Brazil, and people line up to have their photograph taken hanging up that one. So sometimes it's all about perspective, bit of news you can use if you're looking at a hotel and the pool looks really big, try to figure out if they use the 28 millimeter lens to take a fisheye of that pool, maybe it's not so big.
Photos can help people tell them why so when I first started this research I said How will I get the general public to care about bits, and then like a gift from heaven, the Hollywood, get your kid into Harvard or Stanford with Photoshop scandal came out. There's a Hollywood actress and her daughters were accused of using that. I'm a pretty good internet detective but I could not find the doctored images, so instead I made some up for you know they were trying to show that their daughters were athletes so you know maybe they were that, or maybe they were that you get the point. Those are bad fakes, but apparently the fakes that were submitted were pretty convincing. Sometimes image fakery can be used in anger, you may remember, Emma Gonzalez who was wounded in a school shooting. And there she is tearing up some random document. The people who are very very upset with her because they think she's going to limit their second amendment gun rights photoshopped in the United States Constitution. So there we have we the people and Emma's Terry has a more recent example came up yesterday I was sitting watching CNN, putting the final touches on this. And there was a great little story about two photo manipulations and current political campaigns, and they're interesting one is Lindsey Graham, please opponent is named Jamie Harrison, and there was a photo of Jamie Harrison, and they've made him in this lindsey graham ad look very dark, maybe a bit menacing. And I saw him on CNN he's quite a light skinned man, actually, then you could say, Oh, you know that's production issues that's how you go out there and print the poster and so on. Well, the next one. There is no doubt, because there was another candidate there who's running against David Perdue, and this candidate Mr. Also, is Jewish as Chuck Schumer, and you'll notice, Mr Assad's nose has been elongated. So that's not the kind of thing that happens by accident. So here, in July, 2020 here and now, in real American politics, people are messing with images, and we've actually become skeptical about photos a few years ago Toshiba flew a chair into the sky. They wanted to promote some new 8k technology, and so they flew this chair up there and people went have, you know, that's, that's baloney. You did that with Photoshop. They actually had to release a video showing them tying the chair to the hot air balloon to convince people that this was really a launch of a chair, to the edge of space. Probably most famous examples of messing with images and here we move to videos are certain political messages, so you may well have seen this but it's always fun to listen to. President Trump as a total and complete dipshit. Now, you see I would never say these things.
At least not in the public address, but someone else would
someone like Jordan Peele
says a dangerous time.
Moving forward, we need to be more vigilant with what we trust from the internet. That's a time when we need to rely on trusted news sources. As I was done with an AI deep fake program and they've gotten even better. Since Jordan Peele did that. And of course, it's pretty easy to do brock obama because one of the things that you need is lots of photos of your subject so if you took somebody who's very camera shy and never gets photographed, then it might be quite a bit harder to actually do that impersonation. We'll have one more deep fake just for fun. And this is a little bit of a musical interlude here but certainly one with a message.
Imagine. No. No.
okay. You get the point that's not real they didn't sing that, and it's not even all. Well done. I can tell you but having seen some people who are really really good at this, it could be very difficult. We'll talk a little bit later about detecting faces but as an example. I know one lab where they research the carotid pulse to see if in fact your neck is throbbing in just the right place. And one of the things I don't know if you're familiar with that. Chaos Computer group over in Germany, some of their folks have been able to reproduce fingerprints of a German defense minister from a photograph. So I guess one of the morals of the story is, be careful who you let photograph you and be careful who you give the sign to because they just might use your fingerprint. One more example again of attempting to use video manipulation in a negative way, NASA do with the Speaker of the House Nancy Pelosi, we want to show you this video first we're going to show you the real video of Nancy Pelosi speaking a couple of days ago,
and then we're going to show you the fake one which has been slowed down the audio slowed down to make it appear as if Speaker Pelosi has been slurring her words.
And then he had a press conference in the Rose Garden, with all this short sort of digital set, obviously were planned long before and then he had a press conference in the Rose Garden. We all this. Sure, served as your walls that obviously were planned, long before.
Now God is the simplest of things to do almost every video program lets you mess with the speed. This was like script kiddie level, deep thinking, nowhere near as sophisticated as the other two we looked at, but that's the reality that just about anybody who has a desire to mess with an image, and the time and tools to do it can do it. The White House also have a shared a fake video, which was produced by a right wing television station that attempted to show Jim Acosta, moving his hand in a way that he didn't we won't go into all the details, but when you slow it down and you watch it. You can see that the video was manipulated and it was tweeted out by the White House, what's the future going to be well, I had the chance to meet Sophia the humanoid robot and a nice conversation with her over in Singapore in 2018. And so we may create totally fake people. I know it's kind of Richard theme type of idea science fictiony thing but let's face it, we might be walking down the street and see folks that we aren't sure are really folks. Why is this a big issue lies of businesses you it turns out we use paper, a lot people God's all electronic forget about that. Well first of all, small businesses, they like their checks because they use credit cards, debit cards and so on the banks take your commission. And I know some small business owners who go. I like the paper, I like to hold it in my hand. So, they will want to stay with things like cheques, and even if we scan them. there's usually a paper stage. When we go paperless the risk is even greater because most people are honest but some are. So now I'm going to give you a piece of news you can't use for two reasons. One, it's unethical and illegal act three and two, it doesn't work anymore and I'll tell you why. For a while if you were flying a certain airline that flies in north of the United States. You bought a certain class of ticket under the remarks field, you would get the letters BB RG and BB RG men beverage, and you could have a high ball you can have wine, beer and so on. Oh, now that we all print our own boarding passes, anybody can have a beverage, and I haven't I have a friend who's vice president America so we're gonna talk about this as well I would never do this, but if I did, would it work. He laughed and he said in one of few months ago, he said, what happens is the flight attendants are pushing the cart down the aisle with a plane, you're in row 16, you show your boarding pass Give me my free drink. In the past, they had to go up to the front of the plane and check that manifest that was still printed on a dot matrix printer if you know what I'm talking about. And they would see whether you actually entitled to this. Well, it's not worth their while to do that right so they just kind of give you the bottle of wine. They've now given them, tablets and not so much to solve this problem. The problem they want to solve. It's a little known fact that there was a lot of shrinkage in the cash hole when flight attendants were allowed to take cash from people. They might come up, 2025 30% short at the end of the run, somebody gives them 100, they don't have change. Somebody says you know just have a free drink that kind of thing. So read make the flights cashless they put in the tablets, but they also eliminated this other problem, which is why I can tell you about boarding passes, I pulled out an old one from Toronto to Pittsburgh, used to be special we used to have special paper. It was like pirates, to have things like the passenger ticket in baggage check. But now that they have us all printing it ourselves we can go ahead and print it, and you know I work in a university and we do see some college transcripts and things like that, that maybe didn't really come from the intended source, and I'll just leave it at that we have ways of checking it here's an example of software that customizes that capitalizes on this. Let's say you lost a meal receipt. We can go to express expense calm and you can make yourself a meal receipt. Now, true story I was at a conference in Jasper Alberta speaking to a bunch of judges, and I bought a beer for myself and another guy. And I got a receipt for, it's on the left hand side they're not the cheapest place the beers were $11 and we put a tip in there somewhere. And I thought, should I submit that as an expense now I checked the policy and judges don't pay for knowing. Okay, I'm not going to submit it body if I did want to submit it wouldn't go through because it doesn't say what it is but guess what Jasper Park lodge one oh lodge road. One ham sandwich 2095, our goods and service tax of grief and suffering tax here in Canada, would be $1 five on that. And there is a perfect Li acceptable receipt. It's got a watermark on it because it didn't bother paying Express expense any money. That's how easy it is to fake stuff.
Fake paper coupons Lowe's which you might know had a big issue. Mother's Day of last year, with coupons getting out there that said take this into your store. Spend $100 and get $50 off, which is a good deal. However, they were, they were bogus coupons and was forced to get them, you had to give personal information, credit card numbers, your name, your address your phone number. So it was a phishing scam and Louis had to put a sign up. That said, if you got a $50 coupon. It ain't real photos are playing a big role in business okay so fraudulent insurance claims. This is a BBC news story from 2012 exaggerated gym injuries and road accidents are among the rising number of fraudulent insurance claims. This is because insurance companies, maybe don't want to send somebody out to look at your flooded basement. So you might download some photos on the Internet of a similar flooded basement or your neighbor's flooded basement. Now it does work both ways, and the legend fraudster was undone in 2019, because he tried to claim that his truck was damage, but his photos rather than them out because the damage was already up on his Facebook page, months earlier. so he had just made up the story. My point is that for business efficiency reasons businesses are accepting image evidence, but they should think twice about doing that and so should you.
Talk about some ways to fight fakery so one is in that sort of technical analytics thing I mentioned the breath pattern. So if you look back at that Obama clip, you might see that his breath does not really match what's going on the carotid pulse is visible in many people, and you can mess with that. There are ways to pull the frames apart and I went to a session I guess I can mention another conference at DEF CON last year. That was all about that, there are some really good people out there doing that kind of forensics, of course, that would only be in a court case or something I did actually, in my book check no creep. I wrote about the very tragic killing of a teenager in the state of Washington, where his schoolmates rolled him up in a gym mat and he suffocated. And the parents demanded to see the tapes and the tapes from the school, because they had surveillance cameras in the gym had gaps and the parents said well you know that's evidence that something was edited out, and the school came back with no those emotion activated cameras and when there was no motion they stopped, and a video forensics analyst actually looked at those and said he could not decide whether the images had been tampered with or just stopping and starting. Likewise, I didn't put the picture in here, but if you go to gigapixel calm, you can look at a giant crowd scene or just before a hockey game in Vancouver, that turned into a riot because the home team lost, and it's got easily 20,000 people, but you can actually zoom in on that, and you can see individual faces. So photography is getting quite amazing. And the technical analytics are their provenance what where something comes from you know if you have an antique pen is this a really antique pen or did it come from the dollar store. Well, there are ways to look at where images and videos came crowdsourcing the reliability and maybe some kind of a register. So let's take a little deeper assemblers technical analysis. Yeah, you could just look and see is the file name the same as the file length the same when I downloaded that Obama deep fake clip. I was trying to get closed captions on it so I downloaded it again, thinking I was going to get the closed captions, but then I could tell from the file links that it didn't make any difference I didn't get closed captions. So that's a really really simple level. Most of you that are into computers know that we have something called checksums a checksum is just another number that's added to make sure you didn't make a mistake. So in this example if you were trying to send 3892, you add up all the digits, do a modular arithmetic as you can see there three plus eight plus nine plus two is 22 right those digits two plus two is four and four is the checksum and ain't perfect, but it will at least catch a lot of errors, and a lot of systems use checksums. So when I was fooling around with some advanced check sums and sh j one and things like that. I thought, well, you know, how good do they have to be. So I looked into the oh these are some of the errors that can happen you know offsetting errors, more than one video, if you had videos that you were trying to make check sums up could come up with the same check so that's very unlikely. And I guess the dark side idea is somebody who knows the checksum algorithm could defeat it. So I decided to look into. into what Hollywood uses. They send a crew out somewhere like Calgary I mean Superman three. The movie was shot here in Calgary at a very small part in that movie, and every night. Hollywood studios, send the digital version of what they shot that they down to Hollywood, and they don't really want people tapping into that feed but they definitely don't want the P to be corrupted. So I looked into what they use, and they use the five or sh a one so Kinect consumer grade checksums. So the reality is just fairly commonly available checksumming might be some help in detecting fakes. On the provenance analysis, many many many years ago I covered in Washington DC, the State Department, when the Secretary of State was out there speaking, rather than have 100 microphones in front of him. There was a fee. This is called a breakout box, and there would be a box like this where all the reporters would plug in, it's more digital now but that's basically the idea, and I show you this. First of all because it's fun to work out. But also, it's an example of a trusted source. In other words, you have some way to know what the source was not until. This is called out of band validation and the social networking platforms are doing that. So there's sort of one point Where's Justin Bieber's Facebook page. I think it's totally accidental where the blue check landed, but the blue check is indeed the most important part of it, because that shows. This is the real Justin Bieber. In other words, his lawyer his manager his agent corresponded with social media platform, and they were actually convinced that he's the right one. So you know you got the real, real Donald Trump of the whole bunch of fake accounts and so on. But this one for Bieber at least is validated as the real one. nevel blue check is an example. Another way to validate something about crowdsourcing crowdsourcing reliability. Well, an awful lot of things now get put up on the internet and are debunked pretty quickly. So there's actually a professor t Mills, Kelly is wonderful guy, he gives us students, an assignment, create the most convincing fake, you can watch it on the internet and see how many people you can fool, and how long you can pull them for a few years ago we students came up with the last pirate of Chesapeake Bay, they believe they found evidence and old documents and newspaper clippings and so on. But until, you know, 30 or 40 years ago, there were pirates in Chesapeake Bay and sound right but it actually got picked up by USA Today, as one of those little human interest stories. So they went, Okay,
what can we run that as a story and he said Sure you can run it as a story, but later was debunked. So further on, of course, his students tried it again, and they tried it with the story of someone who discovered that their grandfather in New York City was a serial killer. And they had all these old clippings that seem to incriminate him and things that they claim that they found in this old trunk and Manhattan apartment. And sure enough, at the end of the day, that was debunked by the crowd by people on Reddit and so on. In 23 minutes. So we're getting a lot better at figuring out reliability, through this crowdsourcing platform. And the fourth way was the system I had cooked up I built a little proof of concept of it is to combine a checksum with a blockchain. So you may know that Microsoft actually a professor and Microsoft created photo DNA, it's largely used to detect illegal images child pornography and so on. It's a sophisticated checksumming algorithm. So in my system, you take that kind of a picture from a trusted source so cnn sends the original video and computes a checksum with an open algorithm that everybody knows, and gives it a video ID. So this is my attempt to solve the Jim Acosta problem. The Jim Acosta problem was two videos out there, which one is the real one. CNN have one another station had one. Now of course cnn because it was their feed. They should have some authority, but if you wanted to prove it. If you wanted to prove that you got there first. You could inscribe the video ID, and the checksum on a blockchain. I took this you know to a guy for example, who's the head of the Oxford internet Institute in the UK. He said hos would be a lot of work you know you'd really have to build your own blockchain and those of you that know about blockchain. You'd have to withstand the 51% attack, which means if more people. If your enemies have more computing power than you, they can hijack your blockchain. I bought about it for a while. No, I don't have to do any work. There is a field they reserved on us field in the Bitcoin blockchain which we all know, either love or hate. Well you can put stuff. So all you have to do is buy one Satoshi which is a small amount of money, worth of Bitcoin and use the Bitcoin blockchain as your infrastructure to validate your videos. Thought of pocketing this man I found a company in California has something substantially similar. So instead of giving it to you kind of as an idea, because it combines two things are combined your technical measure with also a procedural measure. Somebody has to send that video in and register. And if you do that if you pull that off tampering can be easily detected. And we'll know who came first, because if you think about it on the blockchain. Everything is effectively time sequence. So whoever put the original video on and got their first is presumed to have the original one. Now, I'm allowing some time for questions here but I want to wax, a little bit poetic on some of these topics. I hope I've convinced you that fakery can be fun so I showed you the fun pictures, because I enjoy them because you should enjoy them. Because we're going to see a lot more, particularly with the election season coming, certainly in the US and who knows maybe other countries soon.
You could feel really bad if you were the victim of the fraud and taking you back to that photo of the, the Jewish candidate whose nose has been lengthened people could even do very subtle things, that one was detectable, but maybe Mele minor changes. There's been a lot of research in what makes an aesthetically pleasing face. So why is Brad Pitt considered handsome, and it has to do with symmetry and things like that. So reality is somebody could subtly alter videos, photos and so on. And you might not like them, but you don't know why you don't like them. And actually, in my book I discussed this psychological phenomenon that your brain actually makes a decision on whether to buy something whether you like it whether you hate it in milliseconds before you've consciously considered it. So there are all these sort of gut level reactions that people can have. So one of the things that I bring up is that stuff may be photoshopped out there and we don't even know it because it's not like the nose was this long with just a little bit of messing with the face could do that. You're all smart enough to do these things, by definition, if you come to a conference like this, you care about technology, you know about technology, you could fake a video you could tweak a boarding pass, and the tools are out, there's open source tools that do it. There's commercial tools to do it, and I come back to my lab called point. Just because you can do something doesn't mean you should do it. So, again, at the hacker conferences this time of year. I'm usually at DEF CON at blackhat. And I remember very distinctly, the same young men, and they were from China actually presented a talk at both now DEF CON is explicitly a hacker conference, so their talk there was, look, we confused. The white AR, and the cameras of a, an automated self driving car with this technology that we have. and it was so much fun, because it almost ran over our friend here. And then they gave the same talk at blackhat, except they change it to week we confuse the LIDAR, and the cameras on the Tesla. And, oh my god, it almost ran over this man here. So, you know, that's the kind of DEF CON versus blackhat point of view but it is all in your point of view. So, what I encourage you all to do and I'm going to take it over to questions now in a minute. And JP hopefully he's going to help you there. Just because you can do it doesn't mean you should do it but the next point is you should tell people about it. You should go out there if you discover vulnerabilities don't sell them on the dark web. Instead, you know, get the kudos get the round of applause at the hacker conference. You'll sleep a lot better knowing that you didn't pop it from that type of stuff. So in that note I want to leave you with a challenging slide. It's prey internet. It's a real ad from a newspaper free to get home. Beautiful six month old male kitten playful friendly, very affectionate ideal for family with kids, or handsome 32 year old husband, funny, good job personable doesn't like cats says he goes or the cat goes call Jennifer this number. Come and see both and decide what you'd like. Why on earth would I end with this, because I want you to remember one more thing. We're always making choices, and the more you know about technology, the more you appreciate that so I know I've watched a guy hack a nest thermostat. He basically changed the firmware. He could then make it display your skull and crossbones, he could make your head swelled to your, he goes so high that he would sweat, or freeze in the winter. I've seen a guy, take over a self driving car. First he did it from the backseat and make sure he did it from far away on the internet. And that's because certain cars are more hackable than others I know there was a talk on car networks earlier today. So you know, Jeep Grand Cherokee Cadillac Escalade, maybe you want to worry. Those are all choices you have the choice in the choice not to use technology. So what I'd ask you to do is every time you bring a piece of technology into your life, think, is this smart light bulb worth what it might be doing, which is you know sending audio back to another country. If you're very technological is I have people who can do this. I can look inside and see if it's doing that. But if not, maybe you just want to not have a smartphone. I'm not happy no JP let's see if we can get some questions.
Yes, sir. Tom that was really an excellent presentation was very interesting. You brought up such very important parts and points, and the audience has really enjoyed your speech, and they have quite a few questions so we'll get right into it, Tom. The first question is, is there any hope to detect these fakes. If not, How can we be sure something is real.
Technologically with enough knowledge, you can almost find some things I guarantee you, the people I saw speak on this at DEF CON last year would look at the Obama people, of course, you know he's not saying those words, they probably even be able to tell you. The problem is the average person can't do that. But the solution is there are people so up here in Canada we have citizen lab at the University of Toronto. We have people who are just generally interested in this Shoshana Zubov wrote a book, the age of surveillance capitalism. If you have that mindset and you can detect these fakes, I would ask you to do one thing, shared with the rest of the world don't keep it to yourself. So yes, it almost always can be done, but it's the classic, you know, good guy bad guy thing. The bad guys always kind of find new ways to do it.
Sure. Thank you for that answer, remember a few years ago someone had a tool that basically was basically Photoshop with audio, where they could take a sample of someone's voice type of phrase and generate audio of that person saying that phrase, even though they never said it. Do you know of anything about this tool.
Yeah, I can't remember the name offhand. I know a lot of the deep fake tools also now can can do some voice processing as well. So, I haven't kept up on what the what the latest weapons are for this, but from a computer scientist point of view, of course, it's doable right if you have the algorithms. If you have the data. It's one of the reasons Obama was easy to do because they had so many pictures of them. They have so much audio in them. So if you're a hermit who's just come down from the mountain in nobody gonna deep pay to you because they have no nothing to work with, but I I predict that certainly by November 3 somebody. This year, somebody is going to drop some very interesting political debates.
So very interesting. Our next question is, what are the First Amendment implications, if we try to make fakery of criminal offense.
Yeah, it goes back like 10 or 15 years ago with sampling and musicians were trying to sue other musicians, or taking a little bit of know some riff from their song and playing it in there. And, you know, as always lawyers gotten involved in courts got involved, and a concept of fair dealing and fair use came along, it's different in Canada in the US. but essentially, if something is parity, then it's protected speech under the First Amendment, by and large, no with exceptions like yelling fire in the movie theater and things and, sure, putting swastikas on people and stuff like that. But the other thing to think about is how we can detect it how are we going to catch it how you're going to prove it. That's kind of what my blockchain ideas about the idea that we want to prove attribution. We want to prove, which video is the real video.
Yeah, it's so important, so people are becoming fooled all the times and, you know, they think they're looking at the real thing it's just so hard to understand. All right. Our next question is, is near real time fact checking technologies, taking off, like for example, should we be investing in that type of technology.
Yeah, I think it's a good idea. I mean, I never give investment advice because I'm almost always wrong but the reality is of course you know this is something that has grown to become an important social problem. One thing to think about is like the insurance, people are very interested I did when I did that little segment I can only present one or two slides on it. I went pretty deep into what insurance companies are doing. And they actually have private investigators using tools to do fact checking. So, now if you get a $20,000 floodplain. A lot of times, the insurance company will say oh well here Here's your money, buddy. If they have the ability for $2 to fact check that you might be not only not getting your claim. But you might be legal trouble. Sure.
Excellent. Answer Tom. Our next question is, could they fake out a skilled lip reader.
Oh, I am not a skilled. I,
I, the obvious answer is, yes some and no have tried I mean, how skilled is delivery. They follow me because I don't live read lips at all and I go there pretty good, but I've watched that Obama clip 30 or 40 times and no I see the glitches in it. The point is that we all love technology and we love it so much, because it gets better and better. So, it's a bit like the singularity go talk to Ray Kurzweil about it. And he goes, well it's coming. It ain't here yet but computers are going to be smarter than people well fakery is going to be smaller than lip readers it's just a question of what do you put that in.
Right. There was an interesting talk yesterday, or a couple of days ago about poisoning machine language photo scans,
yeah. adversarial AI is that what you're talking about.
It's some sort of adversarial but could like you know how we have certain barcodes or as you said a hash. So, couldn't we poison the picture with some sort of hash that might validate it.
Yeah, I mean, there have actually been cases where some of the self driving car algorithms have been misled the obvious one is in Europe where they have the maximum speed limit on the back of a truck. Let's say it's 80 kilometers per hour. Some of the self driving cars interpreted that as the road speed limit. So that goes back to my thing about context where those people were taking the photos, but yeah I mean it's absolutely possible to poison an algorithm, and I've seen somewhere classification neural network classification algorithms will throw a minor tweak like on the tail of a cat decide that it's an elephant or something like that so read up an episode really I somebody do a paper on that. Next, next Oh.
Sounds good. All right, we have a few minutes left. There's another question here, here, is there any good research on how to effectively distribute the corrected record of a detected deep fake in mass media in order to overcome the impact of the distribution of the original
fake gene you should have been down in Washington das, Zuckerberg question yesterday. And of course that's the issue there are these gatekeepers. And the answer to that is really are they going to do their job, are they going to actually detect fakery label fakery and so on, we are seeing some signs that that they're actually motivated for those that don't have the legal background there's a division between being a newspaper publisher at a bookstore a newspaper publisher is responsible for every word in the paper, even the letter to the editor they are expected to read it. If you own strand bookstore in Manhattan, Mike strand could not read all the books in his store ever. So the result is that he's not responsible and in fact we have a Canadian case of a lesbian bookstore in Vancouver that was accused of pornography, little sister's bookstore, and they were acquitted, because they said we can't read all the books. So that's really the issue right now the social media platforms. Go ahead, which is you know we just put it up there. We're not responsible for the content, but there are people who are saying, you got to take some responsibility it's gonna be interesting.
It is a very interesting conversation about the section 230 exemption that they have. Let's not miss the next question, do you know whether Jennifer still has a kitten, or a husband.
I have called Jennifer's number in every area code I travel a lot. I call 617-265-5543, in the hope that I will find Jennifer, I think Jenna, we know this is pre internet I took this from a newspaper. And what we know is that Jennifer has a sense of humor.
Sounds good. All right, we just got another question I think we've got time for just one more. I think most people want someone else to do the job of spotting deep fakes, not me. Am I being irresponsible. I feel like I just don't have the skills or the time
you know you hit the nail on the head that's what the head of the Oxford internet Institute sent to me the same thing. And I said, so what do you propose, he said well you know like Netflix. I mean Netflix has the computing power in the infrastructure. So, he was thinking if you implemented this idea where you somehow sort out the fake from the real by inscribing it on a blockchain Netflix might be the keeper of that blockchain. Because I don't know anybody have Netflix to convince them to do that. Maybe there's no money in it. I made my own idea which is to do it on Bitcoin blockchain but whoever can do it I think it's a it's a heck of a good idea. As we get closer to elections and as somebody I see in the text questions talked about insurance companies investigating people through their social media. If you say you have a broken leg and your own compensation, don't post a photo of yourself snowboarding. Okay. That's true.
That is so true. All right. And I think that's all the questions that we have Tom. Is there anything else that you'd like to add,
I just want to get my contact information so that's me I'm email@example.com my Twitter handle is dr future and delighted to correspond with anybody on this or any other thing, as I said I go back so far in this world of hacking and security. 17 def cons, 2600 meetings in Manhattan, and I did have a couple of my brightest students once, and they figured out a way to make every pager at the University of Calgary ring, and they've gone on to great heights in Silicon Valley. So there is life after hacking okay.
There is there sure as well Tom on behalf of all the 2020 attendees presenters and volunteers. Thank you for sharing your product with us today. We really appreciate it.
Thanks JP and thanks everybody for watching.
Alright, So, come back with us if it's.
Hello hope 2020, I'm Phil ham Baker, and this is a call for volunteers to help build something that could be wonderful. Mathematical mesh is a threshold key infrastructure. That means it uses advanced cryptography, to make computers, easier to use, by making them more secure, and it offers a new level of cryptographic security. It allows it puts you, the user in control of your personal digital life. Now it's almost ready for launch. We're almost. We've almost passed the 300 unit tests that we need to go into alpha release, but I'm going to need your help to complete and deploy it, and you don't need to be an expert in cryptography to help, obviously, the more crypto geeks can help willing to work on this, the better. But you don't need to be an expert in cryptography to help. If you want to learn. I've got a free crypto course on YouTube that you can learn from. And, but you don't need to be a developer, either. Obviously, that's useful again, integrating the mesh into existing applications. So you can wrap security around them. That's going to be powerful, but what we're going to need most of is people willing to try out the alpha release and give us feedback, tell us is the code working, is it solving a problem for them. And what features could we add that would make it better. Make it more useful to solve the real problems. So you can find out more about the mesh in my hope talk which is in the archive. And on the mesh website math mesh.com. So thanks for listening to my bump and please stay safe and have a great remainder of your hope conference experience. Thank you.
Hello, everyone. Thank you and welcome back for more hope 2020, a big thank you to all the attendees presenters and volunteers who have made this virtual conference virtual version of our conference so successful. So right now we're going to take it into our next speaker, which is the 703 lock sport crew. Their talk is introduction to locksmithing, please remember that during the presentation. The speakers will be live in the home 2020 matrix chat q&a, please submit your questions to the matrix chat window, and we'll do our best to present your questions to the speakers time permitting. Take it away 703 lock sport crew.
We are the 703 lock sport crew. This presentation is going to go into some basic locksmithing tasks, ultimately we're going to build a recurring demo, but we've got to set the stage with a bunch of prerequisite information first. As far as we'll be defining recurring recurring is the process of changing the key that operates a lock without buying an entirely new lock. There are a number of reasons you might do this, moving into a new house you might want to rekey the locks such the prior owners key no longer works. If you do have a lock that breaks, and you go out and you purchase a replacement, you're probably not going to want to have to replicate that key to everyone that has a key to get into your house. Currently, who the more sensible to alter the key that works a lock, that'd be another use case reeking rekey can also be used to consolidate multiple locks onto a single key. Consider your house, you might have a front door, a back door, a basement door, a garage door. Maybe there's a knob, maybe there's a knob and a bolt. You could have six to eight cylinders to deal with there you don't want to carry around 68 keys. So rekeying is how you would consolidate down to a single key.
Now let's go into the pin tumbler lock and the key anatomy. So, this is what a pin tumbler lock would look like if you were to explode it. Most of these parts will be familiar to anyone who spent any time in a lock sport village at a convention in this talk, we're going to disassemble a lock. That's basically the same as this one. We're going to be using this core type, but most pin tumbler locks will work exactly this way, and most locks that you run into are going to be pin tumbler locks. You can see on the front we've got the plug that actually rotates. We've got bottom pins which are normally called key pins. We've got top pins which are normally called driver pins. And then we've got springs reason we don't normally call them top pins in bottom pins it's a bad habit, because many locks are oriented in different directions upwards downwards. In the UK, they have them upside down on all of the locks, and at the back of the lock you'll see there's a tail piece that's what actually interacts with the, the locking mechanism so like the bolt on a deadbolt. And then we've got a little spring and a retaining pin that holds on a retaining cap and you can see the retaining cap has some threads and it screws onto the plugs so that holds everything together.
Parts of the key for pin tumbler lock the keys basically divided into two parts the bow and the blade. The bow is comprised of the head, the collar and the shoulder, and the blade is comprised of the bidding cuts
profile contours and the tip.
The key plus key pins equals a shear line. And inside a lock the key pins are of different sizes. And when you put the correct key in the lock that pushes all the key pins up so that they are level at the top and this is what's called the shear line.
Let's jump straight to figure three here. Note that just like in the last slide the pins and the bidding cuts complement each other such that an even shear line is created in figure four we have opened the lock. Note that when it is open your key pins remain in the plug. And the driver pins remain in the Bible during the operation of the lock. If we were to jump back to figure two we will see the wrong key has been inserted, and the plug is obstructed from turning by either a key or a driver pin being out of place. Figure one just illustrates a lock at rest with no key and
I we can do a little bit of audience participation here if you if you want to get a hold of your keys, take those out and take a look and see if you have either of these two keys when your key rang. Given that they are the two most common residential keys, it's pretty likely you have one or both on hand. The first step to identifying a key is looking at the bow. Most lock vendors have a distinctive bow shaped to identify their brand. The second step to identifying a key is to look straight down the tip of the key to get a view of the profile milling. This is another distinctive pattern it varies for different vendors. But profile milling has to match up with the key way for the key, even to be able to fit into the lock. The Quick Set Key is not going to fit into schlaich key way in the sledge key is not going to fit into the Quick Set keyword. And the bone profile variations just keep going. There's as many of those out there as there are vendors. See if you have any of these on your key ring. Some of these are more residential oriented vendors, some are a little bit more commercially oriented. Another thing to notice is that some of these key examples have the same bow but different profiles. So you really do need to look at both of those. In order to identify the key. If you look in the lower left corner, you will see a schlaich key blank list that is stage C. This is the key were used in the demonstration throughout.
Now this is the most common slag blank and use it is commonly called the SC one. These can be obtained from slag or there are a ton of other companies that make these basically like knockoffs or generics or take a look at your keys, you'll probably see that some of these keys would have the slug bow or the Quick Set bow, but they do not have Schlag or Quick Sets stamped in those, those are likely going to be keys made by a third party vendor third party vendors also make most, if not all of those keys that have like the zebra patterns or pink bears or whatever. And then there's one more thing to consider when you're identifying the key is the length of the key. Not all keys use the same number of pins, more pins requires longer key, the SC one is a five pin Blanc for a five pin lock, but the SC four is the same exact key as the SC one is the same key way it's the same profile cuts on the side, but it's slightly longer, so that it'll have space for a sixth pin. So you would use the SC 446 pin lock, you'd use the SC one for a five pin lock. Now, different vendors have different part numbers to describe things that may be pretty much the same or compatible with each other, slag describes this keyway has the CQA, but Elko describes the blank that fits the slegs CQA for a five pin lock as an SC one that's sort of an industry standard just about everyone calls it an SC one. hillmann has a blank that fits this leg CQA for a five pin lock but they call the model 68, a really helpful resource for identifying keys is a key blank directory.
If you ever get too deep into things like we have, you may want to get yourself a key blank directory. This covers a lot of information.
This is going to cover residential keys cabinet keys. Automotive keys. One note of interest here is while mastering is beyond the scope of this talk, this does get into mastering systems based around different key blanks some of it will fit into common key ways and some which won't. And this gets all the way into exotic key blanks like skeleton keys.
Anything you want to know about key blanks is going to be in a book like this.
Let's take a look at decoding a key.
Most people would think of. inches or millimeters for units of measurements when tools are involved when you're buying drill bits sockets hex keys or even Crescent wrenches units of either millimeters or some fraction of an inch is what they use to describe the size. However, locksmithing is basically metalworking. So, we usually use the standards, or the conventions that have been established by a machinist. Now we don't get metric but we do get our own pseudo metric I suppose it's called thousandths of an inch or thau. Now if you.