Category Archives: Civil Rights

The Rising Trend of Criminalizing Hackers & Tinkerers

Note: This article is also available in Portuguese, translated by Anders Bateva.

There seems to be a rising trend of criminalizing hackers & tinkerers. More and more, people who explore the limits of the equipment, hardware and software they own and use, whether they tinker with it, re-purpose it, or expand its functionalities, are met with unrelenting persecution by authorities. In the last couple of years, the trend seems to be that these things, or things which humans have done for thousands of years, like sharing, expanding and improving upon culture, are persecuted. An example is the recent possibility of making violations of Terms of Service, Terms of Use and other Terms put forward by service providers a crime under the Computer Fraud and Abuse Act (CFAA). The companies that are now (for the most part) in control of our collective culture are limiting the methods of sharing more and more, often through judicial and/or technical means. The technical means for the most part don’t work, thankfully. DRM is still a big failure and never got off the ground, although the content industry is still trying to cling onto it. The judicial means, however, can be very effective at crushing someone, especially in the litigious United States of America. In the U.S., about 95% of all criminal cases end in a plea bargain, because that’s cheaper than trial by jury. These people are forced by financial pressure to enter a plea bargain, even if they didn’t commit the crimes of which they are accused.

Aaron SwartzAaron Swartz

The late Aaron Swartz was persecuted heavily by the U.S. government for downloading millions of scientific articles from JSTOR at MIT, JSTOR being the closed-source library of scientific articles, access to which is commercially exploited by ITHAKA, the entity that runs it. Aaron believed that scientific research paid for by the public, should be available to the public for free. It’s completely logical that research paid for by the public belongs to the public, and not to some company which basically is saying: “Thank you very much, we’ll have that, now we are going to charge for access to the scientific results, and reap the financial benefits.” It is sad that the world lost a great hacker and tinkerer, committing suicide, only 26 years old, unable to bear the pressure brought down upon him any longer, when in the end, according to his lawyer Elliot Peters, he probably would have won the case due to the fact that the U.S. Secret Service failed to get a search warrant for Swartz’s laptop until 34 days after they seized it.

The corporate world is seizing control of content creation

This trend is seen more and more lately. The companies in control of most of our content production, devices and systems don’t want you to tinker with them, not even if you own them. Apple is closing their systems by soon preventing you from installing your own software on OS X. Software installs will soon only be permitted through the Apple-curated App Store. Already there’s software in OS X, called Gatekeeper that’s meant to prevent you from installing apps that might contain malware. If you read between the lines in that previous link you’ll see that it’s only a matter of time before they’re going to tighten the reins, and make Gatekeeper more oppressive. Google is rapidly closing Android, and moving more and more parts of the once open-source system to its own Google Play Services app. Check the permissions on that app; it’s incredibly scary just how much of the system is now locked up in this closed-source binary blob, and how little the actual android system now handles. Recently, text messaging functionality was moved from the Android OS to the Google Hangouts app, so texting with an Android 4.4 (KitKat)-equipped phone is no longer possible without a Google account and being logged into that. Of course, Google will store all your text messages, for easy access by American intelligence and law enforcement agencies. If you now were to install Android, and remove the Google Play Services app, you might be surprised at how much stuff depends on that app nowadays. When you remove Google Play Services, your phone basically becomes a non-functional plastic brick. These companies fail to see that any invention is made by standing on the shoulders of giants and working upon other people’s work, making it better, tinkering and modifying it, using it for other purposes not envisioned by the original author et cetera. This is what makes culture, this is what makes us. We are fundamentally social creatures, we share. The same implementation of control systems happens with e-books as well. The devices used to read them usually aren’t open, like the Amazon Kindle for example, so that is a problem. We humans have been sharing culture for millions of years and sharing books for thousands of years, basically since writing was invented in Mesopotamia. It is as natural to human development as breathing. We are social creatures, and we thrive on feedback from our peers. But there’s something worse going on in e-book land. In the Netherlands, all e-book purchases now have to be stored in a database called Centraal Boekhuis, which details all buyer information, and this central database will be easily accessible by Stichting BREIN, the country’s main anti-piracy & content industry lobby club. This was ostensibly done to prevent e-book piracy, but I would imagine that this database soon will be of interest to intelligence agencies. Think of it: a centralized database containing almost all books and which people read which books. You can learn a lot about a person just from the books they read. Joseph Stalin and Erich Honecker would be proud. We reached a high water mark of society after the adoption of the Universal Declaration of Human Rights at the UN General Assembly on 10 December 1948, but it’s sad to see that here in the Western world, we’ve been slipping from that high pillar of decency and humanity ever since. To quote V from V for Vendetta:

“Where once you had the freedom to object, to think and speak as you saw fit, we now have censors and systems of surveillance coercing your conformity and soliciting your submission.”

The surveillance is now far worse than what George Orwell could have possibly imagined. We need to remind the spooks and control freaks in governments around the world that Nineteen Eighty-Four is not an instruction manual. It was a warning. And we’ve ignored it so far.

Security Measures against Terrorism: Costs v. Benefits

Note: This article is also available in Portuguese, translated by Anders Bateva.

Plasterk in Tweede KamerA few days ago, the Dutch Home Office Minister Ronald Plasterk said in a debate in parliament that he’s apparently OK with the American intelligence community, the NSA among others, to spy on the Netherlands. His reasoning is flawed from the get-go, and went somewhat like this (paraphrased): “I don’t want to say that Dutch citizens may never be spied upon. Because that Dutch citizen can also be a stone-cold terrorist. And it’s good if that terrorist can be found.” Here’s the full quote (in Dutch):

“Ik wil dan ook wel oppassen om in het woordgebruik bijvoorbeeld te zeggen: ja maar, er mag nooit naar Nederlandse burgers worden gekeken. Want die Nederlandse burger kan natuurlijk een keiharde terrorist zijn, en dan zijn we toch blij dat die op een gegeven moment ergens op de rader verschijnt, en dat moet natuurlijk volgens de wetten gebeuren, maar dat die op de radar verschijnt, en dat er vervolgens actie kan worden ondernomen.”

Plasterk later denied saying that, but he did in fact say this during the debate. More evidence can be found here.

Is No Price Too High For Security?

Benjamin Franklin once said something like “They who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.” This quote has been used a lot, but it is applicable here. The question we need to answer is the following: When do security measures stop benefiting the greater good, and infringe on our privacy and liberty, which are values that used to define our very societies? When does the price we have to pay for that little extra security becomes too great? Combating terrorism certainly seems like a very noble goal, and while I do agree that there are some people out there who aim to change our societal structures through violent methods (although one has to note that one man’s terrorist is the other man’s freedom fighter; the definition of the term is a bit in the eye of the beholder), there does come a point where the price we have to pay for a little increase in security becomes too great, compared to the potential benefits.

Terrorism is Really Rare

Chances Terrorist Attack One thing we have to understand is that acts of terrorism on the scale of 9/11 or the London public transport bombings on 7/7, awful as they may be, are still very rare indeed. Extremely rare in fact. Even President Obama has said so, although he does have an interesting choice of words. The chance that you’re involved in a traffic accident tomorrow are several orders of magnitude greater than the chance that the next aircraft you are in will end up in a building instead of on the runway. This is also valid for other acts of terrorism, not just the ones involving aircraft. And even the TSA agrees now that terrorists are not plotting against aviation. So why do we still have to cope with all the draconian security measures then, if it’s clear that it didn’t help one bit? You see the same thing happening with CCTV cameras. Governments and corporations put these things up everywhere, but there isn’t the tiniest shred of evidence that these cameras actually help prevent crimes. But still the TSA and their European counterparts continue to tell people to leave their water bottles and baby food and butter knifes at the checkpoint. Bruce Schneier put a lot of thought into this problem, and he said that we currently try to protect against specific movie-like terrorist plots, instead of doing a thorough risk analysis and protect ourselves with more generic measures that may actually work against multiple types of plots. Terrorists bring down aircraft, so we increase security at airports; terrorists used box cutters, so we ban box cutters; someone brought a bomb on board hidden in his shoe, so we’re telling people to take their shoes off. These are all very specific actions taken against these types of movie-like plots. The security measures taken here are way too specific to work against anything other than the movie plot attack. As soon as terrorists modify their plan just one tiny bit, the entire strategy to combat them becomes ineffective. Humans are unfortunately excruciatingly bad at evaluating risks, and if you give them a very specific, movie-like terrorist plot, they will rate the risk from that much higher than it is in reality, because of the specificity of the plot. We humans have evolutionary been conditioned to consider specific threats a greater risk than a more general threat. On Wired, Schneier states:

If you’re a higher-order primate living in the jungle and you’re attacked by a lion, it makes sense that you develop a lifelong fear of lions, or at least fear lions more than another animal you haven’t personally been attacked by.

We are conditioned to think: it happened once, so it’s likely that it’ll happen again. And you see politicians using that knowledge to their advantage. It is insightful to consider that most measures we’ve currently taken against terrorism, would never even be considered had the events of 9/11 not happened.

Moving On..

With regard to the comments made by Mr. Plasterk: I think a lot of politicians still think that the United States is one of the ‘good guys’, when there’s more and more evidence coming out that politically speaking, it is not our ally, and certainly not our friend. They serve their own self-interests, just like any other nation on earth, and it’s important to never forget that. I even heard some politicians say that we should demand that Dutch citizens shall be treated the same as Americans under US law. It is laughable to think that the Americans across the pond will say: “Oh no! We angered the Dutch! Quickly change our laws to treat them the same as we treat Americans before they start re-colonizing New York!” At most, what these politicians will get is a nice letter from the US Embassy in which they solemnly promise that it will never happen again, meanwhile not changing their laws or practices in the US. And the NSA happily continues to trample upon their NATO allies’ rights. And our politicians are apparently very happy to accept that. We have to reconsider our position and alliances after the numerous disclosures of classified documents by whistle-blower Edward Snowden. For what good is a friend who spies on you behind your back? President Roussef of Brazil has taken decisive action by severing ties with the United States and even building new fibre optic cable connections that circumvent United States territory. Where is the outrage in Dutch society? Here, AMS-IX (the Amsterdam Internet Exchange, the second-largest Internet exchange in the world), sets up shop in the US, making it subject to the PATRIOT Act. Have these people been living under a rock these past months? Or are there other, commercial interests at play here? We need to start demanding answers while at the same time strengthening our own privacy protections. Privacy is a human right, nothing more, nothing less. We need to start using it, or risk losing it.

Speaking Truth to Power: Integrity in the Mainstream Media

RT Front page

Yesterday I watched a public discussion (last link in Dutch) on Sargasso between Jeroen Wollaars, NOS reporter, and Arjen Kamphuis, futurist, writer, and co-founder and CTO at Gendo. During his talk at OHM2013 (titled: Futureshock), someone asked Arjen a question that went somewhat like this: “If we cannot trust the mainstream media anymore to supply us with the information we need to act as informed citizens, what is the alternative?” To which Arjen replied that, if you want to be better informed about what happens in the Western world, RT (Russia Today) is pretty good.

Now it is important to be very nuanced here. You probably shouldn’t believe the RT reporting done on stuff that is happening in Russia, as RT is, just like any media organization, selective in the information they broadcast, and probably won’t be objective when it comes to Russia, just like the Western media aren’t objective on Western subjects. But on Western issues, and informing us about all the stuff the Western governments are doing, the RT reporting is very good because unlike the Western mainstream media, the Russians dare to ask the questions that need to be asked. Questions that you won’t hear from the Western mainstream media, and the Dutch media in particular.

So many questions..Collateral Murder

Why are the people who committed war crimes and crimes against humanity in an attack helicopter during the Iraq War under the Bush Administration still allowed to walk free, whereas Chelsea Manning was sentenced to 35 years for simply exposing those very same war crimes? How come Manning was sentenced to 35 years, while Anders Breivik was sentenced to just 21? Isn’t that a bit off? A man who ruthlessly and pointlessly murdered 77 people gets less years in prison than someone who exposed the dirty laundry of the powers that be?

When exactly did Dutch Prime Minister Jan Peter Balkenende know about the contents of the Downing Street Memos? Remember, these were the memos that proved definitively that “facts were being fixed around the policy” and that Governor Bush was set in his ways on provoking a war with Saddam Hussein’s Iraq. His administration claimed that Saddam had WMDs (which was a blatant lie, even then), and they even tried to connect Saddam to Al-Qaeda.

AIVDWhere is the coverage about our own intelligence agencies, like the AIVD, MIVD etc. in relation to the revelations on PRISM? Do they have the same capabilities, do they request data on Dutch citizens from their UK and US partners? What kind of data sharing is done with these inter-agency cooperations? We know the Americans spy on Dutch citizens as well (just like they do on every person on the planet connected to the Internet or phone networks), but where are the critical questions from the media? Where are the tough talk shows and debates that really question a few high-ranking politicians about these very important issues? The Germans have at least asked these questions to their politicians.

What is the underlying reason for the massive nation-wide push for the RFID OV-chipkaart public transport ticket (at the expense of normal paper tickets), the ANPR (automatic number plate recognition) cameras above the nation’s highways (which are also used by police), or the fingerprints on the RFID chip on our passports? The government seems intent on tracking our every move.

And these are just a handful of questions the Dutch media didn’t bother to ask and issues they didn’t bother to cover.

The problem with the Dutch mainstream media

The Dutch mainstream media are unfortunately excruciatingly bad at journalism. For instance, the whole Manning case is barely on the news here, but whenever the American presidential elections draw near, the whole Dutch mainstream media press corps gets their knickers in a twist in trying to report on the American ‘elections’ in excruciating and nitty-gritty detail.

There are more important things going on in the world than reporting on an election that is principally undemocratic to begin with. After the 2000 presidential election, Governor Bush squatted the White House for 8 years, while Al Gore won the popular vote. It sure was convenient that Bush’s brother Jeb happened to be Governor of Florida when the electoral votes for that state were the deciding factor in who would win the presidency. And there’s stuff like voter suppression and gerrymandering going on in the US as well, which can influence elections quite substantially. But this fixation the Dutch media has with the US elections has always surprised me, given the fact that the coverage is almost on par with our own elections!

The Dutch media stopped asking the critical questions, and are now almost exclusively broadcasting propaganda from Washington. No questions asked, no background stories, no critical analyses, no audi alteram partem. They now mostly copy-paste the press releases from PR departments, and I really miss the critical tone. Most articles are less than 3 paragraphs long.

I will gladly watch the NOS and other Dutch media again (online, for free, not behind a paywall, and using open standards to provide streaming video) when they start being critical of the government which decides on their budget, and start speaking truth to power.

And this is the main reason why I use RT (among others) to keep me updated on the stuff our Western governments are doing. Unlike the Western mainstream media, RT is asking the questions, they currently speak truth to (Western) power. And again, nuance is important: you shouldn’t believe RT too much when it comes to Russia, just like you shouldn’t believe the Western media too much when it comes to the West. It’s both propaganda, one way or the other. The Russians are at least open and frank about where RT gets their money from; in the West they are much more indirect and subtle about these matters. It’s always best to get your news from as many sources as possible, and make your own decisions on who is more likely to tell you the truth.

At the Crossroads: Surveillance State or Freedom?

OHM2013

When I went to OHM2013 last week, it was great to see such increased political activism from the hackers and geeks at the festival. I truly believe we are currently at a very important crossroads: either let governments the world over get away with crimes against the people’s interests, with programs like PRISM, ECHELON, TEMPORA and countless other authoritarian global surveillance schemes, or enter the path towards more freedom, transparency and accountability.

A good example of what not to do is Google Glass. A few weeks ago I came across the story of a hacker who modded Google Glass as to allow instant facial recognition and the covert recording of video.  Normally you need to tap your temple or use voice commands to start recording with Glass, all of which are pretty obvious gestures. But now people can record video and do automatic facial recognition covertly when they wear Glass. I even saw that there’s an app developed for Glass, called MedRef. MedRef also uses facial recognition technology. This basically allows medical professionals to view and update patient records using Glass. Of course having medical records available on Glass isn’t really in the interests of the patient either, as it’s a totally superfluous technology, and it’s unnecessary to store patient records on a device like that, over which you have no control. It’s Google who is calling the shots. Do we really want that?

Image above © ZABOU.

Image above © ZABOU.

As hackers, I think it’s important to remember the implications and possible privacy consequences of the things we are doing. By enabling the covert recording of video with Google Glass, and also adding on top of that, instant and automatic facial recognition, you are basically creating walking CCTV cameras. Also given the fact that these devices are controlled by Google, who knows where these video’s will end up. These devices are interesting from a technical and societal standpoint, sure, but after PRISM, we should be focusing on regaining what little we have left of our privacy and other human rights. As geeks and hackers we can no longer idly stand by and just be content hacking some technical thing that doesn’t have political implications.

I truly and with all my heart know that geeks and hackers are key to stopping the encroaching global surveillance state. It has been said that geeks shall inherit the earth. Not literally of course, but unlike any other population group out there, I think geeks have the skills and technical know-how to have a fighting chance against the NSA. We use strong encryption, we know what’s possible and what is not, and we can work one bit at a time at restoring humanity, freedom, transparency and accountability.

These values were won by our parents and grandparents after very hard bloody struggles for a reason. They very well saw what will happen with an out-of-control government. Why government of the people, for the people, and by the people, is a very good idea. The Germans have had plenty of hands-on experience with the consequences as well, first with the Nazis who took control and were responsible for murdering entire population groups, not only Jews but also people who didn’t think along similar lines: communists, activists, gay people, lesbians, transgenders, etc. Later the Germans got another taste of what can happen if you live in a surveillance state, with the Stasi in the former East-Germany, who encouraged people to spy on one another, exactly what the US government is currently also encouraging. Dangerous parallels there.

But you have to remember that the capabilities of the Stasi and Gestapo were only limited, and peanuts to what the NSA can do. Just to give a comparison: the Stasi at the height of its power, could only tap 40 telephone lines concurrently, so at any one time, there were at most 40 people under Stasi surveillance. Weird isn’t it? We all have this image in our minds that the prime example of a surveillance state would be East-Germany under the Stasi, while they could only spy on 40 people at a time. Of course, they had files on almost anybody, but they could only spy on this very limited number of people concurrently. Nowadays, the NSA gets to spy continuously on all the people in the world who are connected to the internet. Billions of people. Which begs the question: if we saw East-Germany as the prime example of the surveillance state, what do we make of the United States of America?

The Next Step?

I think the next step in defeating this technocratic nightmare of the surveillance state and regain our freedom is to educate others. Hold cryptoparties, explain the reasons and need and workings of encryption methods. Make sure that people leave with their laptops all configured to use strong encryption. If we can educate the general population one person at the time, using our technological skill and know-how, and explain why this is necessary, then eventually the NSA will have no-one to spy on, as almost all communication will flow across the internet in encrypted form. It’s sad that it is necessary, really, but I see no other option to stop intelligence agencies’ excess data-hunger. The NSA has a bad case of data addiction, and they urgently need rehab. They claim more data is necessary to catch terrorists, but let’s face it: we don’t find the needle in the haystack by making the haystack bigger.