Technology solutions can be software or hardware or even new ways of using old processes. They are tools that assist individuals and communities to engage with each other, share information, and take action.
Over the weekend, I attended HOPE X, the 10th Hackers on Planet Earth conference, organized by 2600 Magazine. HOPE is my favorite hacker conference, and a strong contender for my favorite conference overall, because although content is tech-heavy, it's not really about technology. HOPE is a conference by and for those interested in the hacker ethos of free information, understanding the world, and empowerment to fix what is broken— including keynote speakers Edward Snowden and Daniel Ellsberg. So HOPE is a great place to think about the intersection of technology, journalism, and activism. Throughout the conference, I noticed several recurring themes.
In the past year, there has been a lot of attention towards major adversaries, like the NSA. Most of the time, we're actually up against small adversaries. Most adversaries are just jerks. Small adversaries target everyone, with whatever technology they have. It might be gossip around the water cooler. It might be local law enforcement, or your IT department, in schools, corporations, or NGOs. They're honor killings, partners committing domestic violence, friends who mean well, stalkers who don't mean well, or random interactions.
What are the tools of small adversaries? A common one is making someone give you their password to email, Facebook, etc. Hacker tools can be used in negative ways. The people Quinn works with as a journalist need security tools that work practically, not academically. How do adversaries get access? Usually through email. More and more tools are becoming available. The tools used by small adversaries, are modeled after those used by large ones.
Infrastructure is any mechanism that helps developers and users engage. OpenITP believes that community infrastructure should come from the community. We're used to infrastructure like roads: someone else builds and maintains it. A lot of FOSS projects build their own infrastructure and wind up repeating efforts and not doing a great job of it.
OpenITP tries to find a middle ground between building infrastructure and everyone fending for themselves. They do this by coordinating between projects with similar needs.
Nicholas Merrill, Calyx Internet Access, @nickcalyx
Ladar Levison, Lavabit
Declan McCullagh, @declanm
FBI Agents asked Ladar to turn over his SSL key. This meant 1. that the SSL key belonged to the provider, not the user; 2. that they would need to decrypt everyone's communication to find what they wee looking for; 3. that was beyond what he felt he could morally do. It was even worse, that he was prevented from telling anyone about the request.
Question: Could you talk to an attorney?
Ladar: Because the request was tied to criminal investigation, I was able to consult an attorney. If it's a classified warrant you need permission from the FBI before contacting a lawyer. He wanted to talk to others to get more information about these types of requests, but he couldn't.
Question: If you start a big company. What do you do when a government agency asks to tap your metadata, you appeal and you lose?
Garrett Robinson, Security and Privacy Engineer, Mozilla
William Budington, Developer, EFF
Yan Zhu, Technologist, EFF
The Freedom of the Press Foundation processes payments for WikiLeaks and raises funds for encryption and free speech initiatives. Secure Drop is their open source whistleblower platform.
Thomas Drake leaked info on the NSA's Trailblazer program. He was indicted by the Obama administration under the Espionage act in 2005. The act wasn't meant to be used on journalists, but that's what it's been used for. In recent years, Shamai Leibowitz, Stephen Kim, Chelsea Manning, Jeffrey Sterling, John Kiriakou, Edward Snowden have been prosecuted. There's an attack on whistleblowers, and there haven't been good tools to communicate with reporters.
Liveblogged at HOPE X. The speakers have cautioned that this talk is not legal advice.
Nate Cardozo, Attorney
Kurt Opsahl, Attorney
Adi Kamdar, Activist
Peter Eckersley, Technology Projects Director
Eva Galperin, Global Policy Analyst
It's been a busy year at the EFF. They've been focusing a lot on the national security space over the last year.
Kurt Opsahl works on NSA cases. Jewel v. NSA has been going on since 2008, related to AT&T's involvement with NSA wiretapping. First Unitarian v. NSA is focused on the right of association, and your right to anonymity in who you associate with. Just earlier this week, the EFF and ACLU joined Smith v. Obama. Kurt also works on a case arguing that National Security Letters are unconstitutional and is defending the decision against appeal.
Johnny Diggz, Geeks Without Bounds Willow Brugh, Geeks Without Bounds
VizThink by Johnny Diggz.
Geeks Without Bounds holds hackathons to match people with skills with humanitarian groups that need those skills. In times of crisis, communication is one of the top priorities. But those channels are usually for "first responders" rather than residents.
Johnny Diggz is a cofounder of Geeks Without Bounds and many tech companies. Most recently he is the Chief Evangelist at Tropo. Willow Brugh is one of our own at the Center for Civic Media, as well as a cofounder of Geeks Without Bounds and an affiliate at the Harvard Berkman Center.
Why is HTTP bad? HTTP touches everything we do. Agencies such as the NSA can use this to see everything we do online.
Even if you support HTTPS, not using it all the time exposes you to vulnerabilities. The NSA's QUANTUM intercepts requests to services like Yahoo and redirects them to NSA-operated FOXACID servers to infect them with malware, before a secure connection is established. The NSA also uses unencrypted cookies to determine who to target.
Will be talking about the Alice v. CLS Bank decision. So can you patent software? Short answer: yes.
In the US, the power to issue patents comes from the Constitution, and is meant to encourage innovation. Patents involve a trade: you get a monopoly on making something for a limited amount of time, but you have to tell us how you made it. It's common wisdom that patents are good, but Ed asks if that really holds up for software.
He argues that being secretive over ideas in tech is wasteful and that the main benefit of software patents is to allow people to talk about their ideas without the need for secrecy.
Software is usually patented as a "process" or a "machine." However, laws of nature, natural phenomena, and abstract ideas can't be patented. When you patent the basic building blocks of an industry, you in effect own that industry. Software patents go against the long-held ideals of sharing in open source.
Kevin begins by asking "why build a new network?" The internet has grown far beyond any scale that was predicted. Things like security were added after the fact. Control of the network has shifted from academic, to corporate and political. The internet is becoming less democratized with threats to Net Neutrality and increased surveillance. Governments can and do intercept router hardware and install malware.
Mesh networks are decentralized. Peers relay information to each other and connect by peering with any other connected node. One example is Hyperboria which runs the cjdns protocol. Other protocols include BATMAN. Decentralized networks put power back in the hands of the users. Although NYC Meshnet uses cjdns, they focus on using whatever technology works, and evolving as necessary.