- Home
- Julian Assange, Jacob Appelbaum, Andy Muller-Maguhn, Jeremie Zimmermann
Cypherpunks: Freedom and the Future of the Internet Page 3
Cypherpunks: Freedom and the Future of the Internet Read online
Page 3
So underpinning the high-tech communications revolution—and the liberty that we have extracted from that—is the whole neoliberal, transnational, globalized modern market economy. It is in fact the peak of that. It is the height, in terms of technological achievement, that the modern globalized neoliberal economy can produce. The internet is underpinned by extremely complex trade interactions between optical fiber manufacturers, semi-conductor manufacturers, mining companies that dig all this stuff up, and all the financial lubricants to make the trade happen, courts to enforce private property laws and so on. So it really is the top of the pyramid of the whole neoliberal system.
ANDY: On the point about technique, when Johannes Gutenberg invented the printing press, it was actually forbidden occasionally in parts of Germany and that’s the way it spread all over the country, because when it was forbidden in one area they moved to another jurisdiction.31 I didn’t study it in all the details but what I know is that they messed up with the Catholic Church because they were breaking the monopoly on printing books, and once they got into legal trouble they moved on to a place where it was not forbidden. In a way this helped to spread it.
The internet was, I think, slightly different because on the one hand you have machines that can be used as a production facility, which even the Commodore 64 was, in a way, as most people used it for other purposes.
JULIAN: So, each little machine that you had you could run your own software.
ANDY: Yes. And you could also use it to distribute ideas. But on the other hand, philosophically, as John Gilmore—one of the founders of the US based Electronic Frontier Foundation—said at the beginning of the 1990s when the internet attained global reach, “The Net interprets censorship as damage and routes around it.”32 As we know today, that was a mixture of technical interpretation combined with an optimistic impact view, a kind of wishful thinking and also a kind of self-fulfilling prophecy.
JULIAN: But it was true for Usenet, which is a many-to-many e-mail system, if you like, that started about thirty years ago. To explain Usenet simply, imagine there is no difference between people and servers and every person is running their own Usenet server. You write something, and you give it to one or two people. They (automatically) check to see if they already have it. If they don’t already have it they take it and give it to everyone they are connected to. And so on. And as a result the message floods through everyone and everyone eventually gets a copy. If any person is engaged in censorship then they are just ignored, it doesn’t make any difference. The message still spreads through all the people who are not censors. Gilmore was speaking about Usenet, he was not speaking about the internet. He was also not speaking about web pages.
ANDY: While this is technically correct, the interpretation of his words and their long-term impact was to generate people who understood themselves as the internet. People said, “Ok, there’s censorship, we’ll route around it,” where the politician with no technical understanding thought, “Oh shit, there’s a new technology that limits our control of the information sphere.” So I think Gilmore, who was one of the fore-thinkers of cypherpunk, did a great job of leading things in this direction, which inspired the whole crypto-anarchistic way of having your own form of anonymous communication without fearing that you will be followed up.
JÉRÉMIE: I see a difference with what we describe as the spreading of technology, because in the case of the mill and the printing press you had to look at one to understand how it works, whereas now we are increasingly building control inside the technology. The control is built-in. If you look at a modern computer in most cases you cannot even open it to get to know all the components. And all the components are in small cases—you cannot know what they are doing.
ANDY: Because of the complexity?
JÉRÉMIE: Because of the complexity and also because the technology itself is not intended to be understood. That’s the case with proprietary technology.33 Cory Doctorow describes it in his “The War on General-Purpose Computing.”34 Where a computer is a generic machine, you can do everything with it. You can process any information as an input; transform it into anything as an output. And more and more we’re building devices that are those general-purpose computers but which are restricted to do just GPS or just telephone or just MP3 player. More and more we are building machines that have built-in control, to forbid the user from doing certain things.
JULIAN: That’s built-in control to prevent people understanding it and modifying it from the purpose that the manufacturer wanted it for, but we have worse than this now, because it is actually connected up to the network.
JÉRÉMIE: Yes, so it can contain the function to monitor the user and its data. This is why free software is so important for a free society.
ANDY: I totally agree that we need the general-purpose machine, but this morning when I was trying to fly here from Berlin the plane actually aborted starting—it’s the first time this has happened to me. The plane drove to the side and the Captain said, “Ladies and gentlemen, we had a failure in the electrical systems so we decided to stop and restart the systems.” I was actually thinking, “Oh shit, sounds like Windows reboot, Control Alt Delete—maybe it works!” So actually, I would not be totally unhappy to have a single-purpose machine on a plane which just does that and does that very well. If I’m sitting in a flying machine I don’t want the pilots to be distracted by playing Tetris or having Stuxnet or whatever.35
JÉRÉMIE: The plane by itself doesn’t process your personal data, it doesn’t have control over your life.
ANDY: Well, a flying machine does have control over my life for a time.
JACOB: Cory’s argument is also, I think, best described by saying that there are no more cars, there are no more airplanes, there are no more hearing aids; there are computers with four wheels, computers with wings, and computers that help you to hear. And part of this is not whether or not they are single-purpose computers; it’s whether or not we can verify that they do the thing that they say that they do, and whether or not we understand how well they do it. Often people try to argue that they have the right to lock that up and to keep it a secret, and they make computers either complex or they make it legally difficult to understand them. That is actually dangerous for society because we know that people don’t always act in everyone’s best interests, and we also know that people make mistakes—not maliciously—and so locking these things up is very dangerous on a number of levels, not the least of which is that we are all imperfect. That’s just a fact. The ability to have access to the blueprints of the systems underlying our lives is part of why free software is important, but it’s also why free hardware is important. It improves our ability to freely make sustainable investments, to improve the systems we use and to determine if these systems work as expected.
But regardless of freedom, it’s also why it is important to understand these systems, because when we don’t understand them there’s a general trend to defer to authority, to people who do understand them or are able to assert control over them, even if they do not understand the essence of the thing itself. Which is why we see so much hype about cyber war—it’s because some people that seem to be in the authority about war start talking about technology as if they understand it. Such people are often talking about cyber war and not one of them, not a single one, is talking about cyber peace-building, or anything related to peace-building. They are always talking about war because that’s their business and they are trying to control technological and legal processes as a means for promoting their own interests. So when we have no control over our technology such people wish to use it for their ends, for war specifically. That’s a recipe for some pretty scary stuff—which is how I think we ended up with Stuxnet—and otherwise reasonable people suggest, while the US wages war, that such tactics will somehow prevent wars. That’s perhaps a reasonable argument for a country that isn’t actively invading other nations, but hardly credible in the context of a nation involved in multiple on
going concurrent invasions.
THE MILITARIZATION OF CYBERSPACE
JULIAN: I see that there is now a militarization of cyberspace, in the sense of a military occupation. When you communicate over the internet, when you communicate using mobile phones, which are now meshed to the internet, your communications are being intercepted by military intelligence organizations. It’s like having a tank in your bedroom. It’s a soldier between you and your wife as you’re SMSing. We are all living under martial law as far as our communications are concerned, we just can’t see the tanks—but they are there. To that degree, the internet, which was supposed to be a civilian space, has become a militarized space. But the internet is our space, because we all use it to communicate with each other and with the members of our family. The communications at the inner core of our private lives now move over the internet. So in fact our private lives have entered into a militarized zone. It is like having a soldier under the bed. This is a militarization of civilian life.
JACOB: Right before I came here I was asked to be a coach for the Pacific Rim Collegiate Cyber Defense competition for the team of University of Washington Security and Privacy Research Laboratory. At the very last minute I was asked to be an advisor. We contributed quite a lot of time to compete in a cyber war event where SPAWAR, a civilian arm of the US Navy that includes pentesting services, who do offensive computer hacking as well as defensive computer hacking, played what is generally called the Red Team.36 What they do is they attack everybody else that’s playing and every team’s job is to defend their computer systems, which have been given to them at the beginning of the event with no real foreknowledge at all. You don’t know what kind of systems you’ll defend and it’s not even clear how the points are scored in the beginning so you just try to do your best and hope.
JULIAN: Are you sure that it’s actually a game? Maybe it’s not a game!
JACOB: No, you just get a bunch of computers and you have to protect them, and they break in and they take over the systems. It’s like a kids’ version of Capture the Flag at a real hacker conference or something like that, and it’s interesting because these guys have a lot of tools, they’ve written software.37
JULIAN: What’s the point of it though—from the US Navy’s perspective?
JACOB: Well, in their case they are just sponsoring this because they want to build tomorrow’s cyber warriors today and so, for example, I brought you a notepad from the CIA because they were recruiting. There was a guy there named Charlie—Charlie from the CIA—and he was explaining that if you want to come and join the CIA this is a great opportunity to work in the real world. And the SPAWAR people were there, and Microsoft was there recruiting. The idea was to train all of these people, all of these teams, to go on to the National Championship and to be winners and to “defend the nation,” and then also to be able to go on to do offensive hacking as cyber warriors, not just cyber defenders. We scored something like 4,000 points in this game, which was the combined score of the second place, third place and fourth place teams. We were actually still higher than all of them combined.
JULIAN: Yeah, yeah, yeah.
JACOB: It wasn’t thanks to me—my motivational quote was like, “Hey, it’s always darkest straight before it goes pitch black,” and I don’t think I’m particularly good at coaching—these guys are really good. But it was interesting because the way that the whole thing was framed was in terms of war, so they would say, “Hey, we want to hear your war whoop.” It’s like, “I’m sorry, what?” That’s what they were saying over lunch, for example, when we were taking a break from defending our systems. They framed everything in terms of attacking systems and war and cyber war and the greatness of this way of thinking. And interestingly enough, aside from the team that I was working with, I felt like there were a lot of people that were struggling, because they weren’t teaching them to use the Art of War—it was more like the Sysadmin Cup, people who defend systems—and it just felt disgusting.38 It felt really weird because there were all these people whose background is in war, and they come from the war perspective, but they’re not teaching strategy, they’re very focused on the rhetoric of defending these systems, or on attacking these systems, and they just had so much war in the way that they were really trying to rile people up into a sort of patriotic fervor. They weren’t promoting creative thinking or some kind of framework for independent analysis; they were pushing a cog-in-the-machine-mentality of someone who follows orders for the good of the nation. I had never experienced it before. I felt sick and most of my team had a hard time stomaching it or even taking it seriously.
JULIAN: Do you think that that’s standard US Navy training, and they’re just now trying to apply it to another domain? Is it a top-down US cyber command decision—an international strategic decision—by the United States?
ANDY: More like the Nazis who had those youth camps where the kids were trained.
JACOB: Sie können das sagen weil du bist Deutsche. You can say that because you’re German. No, it’s not like that. The US Navy’s involvement is just because the US government is sponsoring all this stuff. They asked me to coach because they needed someone there to do this coaching and I just agreed because I liked the guys involved, these undergrads. But really what it comes down to is that the US government is really trying to push getting people into this and they’re trying to push from the perspective of nationalism. It’s a very, very strange event to be at because, on the one hand, it’s good to be able to know how to keep your system safe and it’s good to understand the infrastructure that all of our lives rely on; but on the other hand, they weren’t trying to convince people to understand it, they were trying to whip them up into a sort of fervor in order to make them happy to do this type of work.
ANDY: Unfortunately, the interest of the United States to keep systems secure is totally limited because they want systems to be vulnerable in order to take over control. The approach to controlling encryption worldwide has not been going as far as the United States originally pushed for around 1998, when the US undersecretary of commerce for international trade David Aarons went on a world tour arguing for government access to everyone’s encryption passwords.39 But encryption is still handled as a so called dual-use technology and its export in the form of end-user-products to many countries is limited by law, agreed to worldwide in the so called Wassenaar Arrangement.40 This might sound reasonable in the context of declaring countries and their actions as “evil,” but it shows the dimension of the double-standard, as telecommunication surveillance technology is so far not limited by export-controls.41
JULIAN: Andy, for years you’ve designed cryptographic telephones. What sort of mass surveillance is occurring in relation to telecommunications? Tell me what is the state of the art as far as the government intelligence/bulk-surveillance industry is concerned?
ANDY: Mass storage—meaning storing all telecommunication, all voice calls, all traffic data, any way groups consume the Short Message Service (SMS), but also internet connections, in some situations at least limited to email. If you compare the military budget to the cost of surveillance and the cost of cyber warriors, normal weapon systems cost a lot of money. Cyber warriors or mass surveillance are super-cheap compared to just one aircraft. One military aircraft costs you between…
JULIAN: Around a hundred million.
ANDY: And storage gets cheaper every year. Actually, we made some calculations in the Chaos Computer Club: you get decent voice-quality storage of all German telephone calls in a year for about 30 million euros including administrative overheads, so the pure storage is about 8 million euros.42
JULIAN: And there are even companies like VASTech in South Africa that are selling these systems for $10 million per year.43 “We’ll intercept all your calls, we’ll store all your intercepted calls en masse.” But there has been a shift in the last few years from intercepting everything going across from one country to another and picking out the particular people you want to spy on and assi
gning them to human beings, to now intercepting everything and storing everything permanently.
ANDY: To explain it roughly historically, in the old days someone was a target because of his diplomatic position, because of the company he worked for, because he was suspected of doing something or he was in contact with people who actually did something, and then you applied surveillance measures on him. These days it’s deemed much more efficient to say, “We’ll take everything and we can sort it out later.” So they do have long-term storage, and the main way of describing the industry’s two chapters is the “tactical” approach and the “strategic” approach. Tactical means, “Right now, in this meeting, we need to bug the place, we need to get someone in with a microphone, an array jacket, or have GSM (Global System for Mobile communications) surveillance systems, in a car, deployed, able to intercept what people are saying right away without needing to interfere with the network operator, get a police search warrant or anything like that, no legal procedure required, just do it.” The strategic approach is to do it by default, just record everything, and sort it out later using analytic systems.
JULIAN: So, strategic interception is take everything that a telecommunication satellite is relaying, take everything across a fiber optic cable.
ANDY: Because you never know when someone is a suspect.
JACOB: There’s a thing called the NSA AT&T case in the United States—the second case: Hepting v. AT&T. In Folsom, California, Mark Klein, a former technician for the giant telecommunications company AT&T, exposed that the NSA, the US National Security Agency, was capturing all of the data that they could get AT&T to give them. They just took it all wholesale—data as well as voice calls—so every time I picked up the phone or connected to the internet in San Francisco during the time period that Mark Klein has exposed, we know that the NSA on US soil against US citizens was getting it all.44 I’m pretty sure they have used that intercept data in the investigations that they’ve been doing against people in the United States, which raises all kinds of interesting constitutional issues because they get to keep it forever.