It is the day after my first visit to the Chaos Communication Camp, and I’m sitting in a Weimar period café in Berlin drinking serial cups of coffee, trying to work out another layer of security for my laptop before I return to the camp by train in the evening. The few hacker-connected people I know have said that to have credibility at a hacker camp, I’ll have to prepare my own computer security and show people I can use the basic tools.
Citizens need to know the history of hacker ideas, both technical and political, that have led up to the contemporary manifesto “Privacy for the Weak, Transparency for the Powerful” but what about the practical applications of those ideas? I can describe the concepts behind the tools hackers have developed to achieve privacy and transparency, but can I figure out how to use them? Few popular treatments of hackers grapple seriously with the nuts and bolts of hacker tools and their user interfaces. For that matter, few treatments describe the basic architecture and governance structures of cyberspace—the practical parameters that hackers working for privacy and transparency have to contend with. On this journey of discovery through the hacker world, I find myself searching for primers on how things work.
At the same time, I am developing the belief that insiders need to know how hard it is for the ordinary user to find, absorb, and master this practical knowledge. Insiders could benefit from the opportunity to experience their world from the perspective of a person who is not a technologist.
It is several hours past lunch, and the café is deserted. Berlin is a city of spies, I think. Gazing past my laptop to the empty cane-seated chairs clustered around the marble-topped tables, I imagine the betrayed, the marked, and the departed of this city fretting in cafés like this one shortly before their various fates overtook them. In 1931, American writer Paul Bowles recalled the mood of the city as Germany’s biggest bank failed and the economic crisis deepened: “It was sinister because of the discrepancy between those who had and those who didn’t, and you felt it all very intensely. … You felt the catastrophe coming, which gave an uncomfortable tinge to everything that happened.”1
Until the final days of Hitler’s takeover of the chancellorship in early 1933, the intellectuals and bohemians who regularly congregated in the coffee houses of Berlin, many of them Jews, could not bring themselves to believe the endgame had begun—especially because the Nazis had recently fallen far short of a majority in the 1932 elections. In denial, they delayed their flight from the city until the last possible minute.2 “Berlin … your dancing partner is Death,” civic health officials warned the public on posters at the end of World War I, not knowing how dreadfully apt those words would remain throughout the decades to come.3
Berlin is a long way from the Pacific Northwest Coast where I’ve come from. Only a month earlier, in July, I had taken a ferry out to the Gulf Island home of Andrew Clement and his partner, Lucy Suchman. Andrew, a computer science professor at the University of Toronto and long-time digital rights activist, was the only person I knew who could begin to show me how to set up a more privacy-secure laptop and also brief me on the basics of internet architecture and governance.
Unlike Berlin, whose atmosphere is thick with the history and deeds of men, the islands of the Pacific Northwest have a timeless quality. The black backs of whales occasionally break the surface of the Salish Sea and a serene mist veils the islands’ successive silhouettes, which recede, ever more faintly, into the supposed horizon. On a rainy day, it can feel like the end of the earth, and cyberspace only an abstract construct of a distant civilization.
Andrew is originally from this place, and he and Lucy have built a simple house with a panoramic view of its beauty. Lucy is an anthropologist and the author of a seminal book on technical design, Plans and Situated Actions: The Problems of Human Machine Communication, which at the time it was written challenged conventional assumptions about the design of interactive systems. Lucy thought she would study corporate power as an anthropologist, went to Xerox, and ended up staying for twenty-two years, becoming a leader on computer design there.4 She did her PhD at Berkeley in the late 1980s, where she cofounded Computer Professionals for Social Responsibility (CPSR).
An older, more staid organization than the Electronic Frontier Foundation, CPSR started in Palo Alto in 1981 as a discussion group of computer scientists at Xerox’s Palo Alto Research Center. Members of the group were concerned about the “Star Wars” anti-ballistic missile defense system being promoted by the Reagan administration. CPSR was the adult voice in the techno-utopian atmosphere of Silicon Valley at the time, always warning against putting too much faith in complex computer systems. Lucy still evinces that premise: computers for her are not magical, and it should never be assumed they will provide magic solutions for societies.
Andrew was in the University of British Columbia’s first computer science class in the 1960s and experienced the early mainframe days of computing, like the first generation of MIT hackers. In the 1980s, he did his PhD in computer science with Kelly Gotlieb, an early pioneer in Canadian computing. In 1952, Gotlieb was instrumental in bringing the first electronic computer (a huge piece of old tube technology) to Canada.5
But Andrew is a “second-wave” hacker. Inspired by the Community Memory Project set up by the People’s Computer Company in Berkeley in the 1970s, he and others decided to clone it for Vancouver. Their computer bulletin board was funded by one of the Local Initiative Program (LIP) grants that Pierre Trudeau’s government gave for socially innovative experiments and was located in a storefront in Kitsilano, a beach neighborhood popular with the counterculture.
Andrew is still hacking. His current project is to map the physical architecture of the internet—specifically, the pathways by which personal communications are routed and where they might be intercepted by the US National Security Agency (NSA). Named IXmaps (“IX” standing for “internet exchange”), the project uses an interactive mapping tool and website that encourages users to map the routing of their own communications and contribute to the compilation of a global routing map. The mapping might show, for example, how one email sent from the University of Toronto to a recipient just a few blocks away stays within the greater Toronto area but how another sent to someone just as close travels all the way down to New York or Chicago, primary cities of NSA surveillance, before reaching its destination.
Andrew, like Lucy, wants to demystify tech and address popular misunderstandings about it. His work emphasizes the fact that cyberspace—which, John Perry Barlow declaimed, “was everywhere and nowhere” actually has a concrete, physical infrastructure.
On the evening I arrived, as the three of us ate dinner in a restaurant near the ferry dock, I asked Andrew a question I had been turning over in my mind for some time. Why couldn’t Canada have a fully sovereign, national internet, regulated in the public interest and accountable to the democratic process? Why couldn’t our national government regulate everything in the interest of citizens?
He told me that in the 1990s, when the internet was still being called the “information superhighway,” the question had been whether to regulate the internet at all, and the consensus among stakeholders was “hands off”: regulation would stifle innovation. Andrew had been involved in the early hearings of the Canadian Radio and Telecommunications Commission (CRTC), which examined the issue. The CRTC agreed it would refrain from applying the Telecommunications Act and the Broadcasting Act. Andrew had argued that the internet should be regulated as a new public utility, with universal access. And indeed, for a short time, Industry Canada was talking about offering everyone in the Canadian maritime province of Prince Edward Island a publicly provided email address as part of a public physical infrastructure with universal public access.
But this approach did not win the day. Private companies took over the infrastructure for internet services, and most users ended up with addresses for services like Gmail or Yahoo. The fiber optic system became a public and private patchwork. In a few localities, there was a fully public architecture: Fredericton, New Brunswick, for example, had its own fiber optic network. It was originally built to connect the city’s agencies, but WiFi routers were added to create a Fred-eZone, giving the public free internet access across large sections of the city. Toronto Hydro did the same thing in core parts of Toronto at one point but then sold its fiber optic system to the private sector. Now the vested corporate interests make a fully public architecture much harder to attain. This has been the story, more or less, in other countries, too. The infrastructure, even if it was originally public, has largely been privatized.
“If people could view the internet like they view the more familiar network infrastructures—where everyone can see the roadways, where connections are made and where they are not, and know who owns the lands they cross and who decides the routes they follow—then people would get a better intuitive sense of their personal and policy choices,” Andrew explained.
His IXmaps project began in the wake of the early revelation during the George W. Bush era that the NSA was spying on internet traffic routed through and within the United States. That was in 2005. IXmaps’s aim was to help people understand this secret surveillance and know whether their own communications were likely to be intercepted. Finding that a large proportion of domestic Canadian traffic (that is, communications with both ends in Canada) was routed through the United States and NSA surveillance sites heightened Andrew’s concerns about democratic governance and Canadian sovereignty. (In fact, most global internet traffic flows through the United States.)6 He was astonished to realize that the most important internet exchanges were often hiding in plain sight in giant, featureless buildings in the center of major cities. “Who owns this, the wires and the routers, and the real estate they sit on?” he wondered. “What are the business deals that determine these seemingly arbitrary patterns of traffic? Who makes the deals that, in effect, govern internet routing and therefore our security?”
At the very least, Andrew told me, we need to understand how the packets flow to be able to intervene and direct the design more in the public interest. If we make the infrastructure visible, it will reveal the interests at play and inform debate.
The next day, as we drank beer on the veranda of Andrew and Lucy’s house, Andrew expanded on his observations from the night before. In addition to the routing infrastructure, he explained, the other physical infrastructure posing a risk to user security was “the cloud,” the data storage infrastructure. As we looked down at the spectacular view of islands dotted across the wide blue sea, it seemed plausible that the cloud could be something ethereal and benign. But Andrew was telling me about Vincent Mosco’s work on the marketing of the cloud—how companies have built an interconnected infrastructure of large data centers containing tens of thousands of servers; how these centers have a huge physical presence and carbon footprint; how companies were funneling everyone into them; how people were either fooled into thinking the cloud was magically immaterial and secure or put their data in it because they felt powerless to do otherwise; and how Canada, like Europe, had strong data protection laws, requiring informed consent, a right of access, and storage for limited purposes and periods of time, but the United States had a patchwork of data protection laws with weaker protections, especially for foreigners, which contributed to making the US a favored jurisdiction for locating data farms.
If national governments were not exerting control over the physical infrastructure of the internet to regulate it in the interests of citizens, then who ran it? Surely there had to be some standards. If it was a complete free-for-all, how could it work technically?
Andrew offered me another beer and gave me a short overview of how the internet was governed.
The three main governance bodies—the Internet Engineering Task Force (IETF), the World Wide Web Consortium (W3C), and the Internet Corporation for Assigned Names and Numbers (ICANN)—all use principles of consensus, he said. It is an oversimplification to say they “run by consensus,” but laypeople should know that consensus is an important governing principle for all of them. The IETF establishes the protocols for the internet’s operation; it governs the architecture of the internet. Its motto for decision making is “Rough consensus, running code.” IETF working groups are open to anyone with the ability to attend meetings or to participate in email discussion groups. All participants are formally equal, and in practice all have equal access to at least the email part of the discussion, which includes written reports that summarize relevant discussions at IETF in-person meetings.
The private sector has financial stakes in many of the decisions made and can afford to maintain an active presence in deliberations year over year. So governance has increasingly been the domain of private-sector experts. Where industry does not agree with safeguards or where these do not exist, the individual user has had only hacker tools to work with, like Zimmermann’s PGP and Tor.
Later that afternoon, as Andrew and I sat at the kitchen counter, fiddling with installing PGP on my laptop, he told me his own stories about the Chaos Computer Club and his brief connection with the various digital exiles living in Berlin who became close associates of the club. Andrew met Jacob Appelbaum, the Tor and WikiLeaks associate and one of the Berlin exiles, at the Citizen Lab, a research center at the University of Toronto with hacking know-how and a geopolitical angle on digital rights issues, and later when attending a conference in Berlin.
“So it’s evening at the Chaos Computer Clubhouse, and a number of us are working on our laptops there and want to go out and eat.”
“What does it look like?” I asked.
“It’s dark and dingy! With run-down furniture and makeshift tables. There are young guys, mostly, scattered around, working intently on their laptops, and Jake is telling me that he takes his with him even when he goes to the bathroom. Then we leave for dinner, and a bunch of us are walking down the street when Jake comes running after us: ‘You left your laptop open!’
“And I say, ‘What do I have to be careful of?’
“‘You have to protect it physically,’ he says, and he’s kind of upset with me, ‘because something could be introduced into it while you’re gone.’”
“He sometimes uses silver sprinkles on his own laptop, and tapes it up, then photographs the sprinkle pattern so that he can tell if it’s been tampered with. You see, you have to be able to trust every element in the chain if you’re going to achieve strong protection. Temperamentally, I can’t work that way. Personally, I’m just too sloppy.”
“It’s high spycraft,” I said.
“It’s high spycraft,” Andrew agreed, and we looked at each other for a few seconds, sharing the realization.
“So this is my cautionary tale,” he continued. “Even if you don’t see yourself at risk, you’ve got to learn to practice all this high security if you’re afraid of compromising someone who really does rely on it.”
Take, for example, the journalists and activists who are handling the Snowden documents. Andrew gave me a rough breakdown of the number of Snowden documents published by different newspapers—Der Speigel, 122; the New York Times, 17; The Guardian, 26. The Washington Post had published some, too
Glenn Greenwald and Laura Poitras had the whole collection of NSA documents Snowden had stolen, and they were publishing them incrementally in The Intercept (incremental publication was probably the best strategy for keeping the public’s attention). Andrew, at the University of Toronto, had bravely stepped forward to set up a public archive of all of the published Snowden documents.7 The university might have been a little nervous about this, but no one tried to stop him. No academic institution had yet stepped forward offering to set up a public archive of all of the documents, unpublished as well as published. Such an archive would require the institution to become involved in custodial decisions about which documents to release to news agencies and the public and when to do so. And in any case, maybe Greenwald and Poitras had not quite decided what to do with the whole archive. It was a complex question.
Andrew and I barely managed to get PGP and Enigmail installed on my laptop before I had to race for the four p.m. ferry. There wasn’t time for Tor, for which he had given me only the most rudimentary instructions.
Like some of Berlin’s digital exiles, the Russian dissident Andrei Dmitrievich Sakharov used to carry his secrets around with him. In January 1980, Natalya Viktorovna Hesse, an old friend of Sakharov and his wife, was able to visit them in their apartment in Gorky just after their forced transportation there by the Soviet state. The Soviets had not yet decided what to do with them, so Hesse was able to stay with them for a month. The entire apartment was bugged, Hesse told a Russian journalist: “There isn’t a corner where each sigh, each cough, each footstep, not to speak of conversations, can’t be overheard. Only thoughts can remain secret, if they haven’t been put down on paper, because if the Sakharovs go to the bakery or to the post office to mail a letter, the KGB agents will search the place. They will either photograph or steal the written thought.”8
So what did Sakharov do?
Andrei Dmitrievich [Sakharov], with his weak heart, his inability to walk up even five or seven steps without pausing for breath and trying to quiet his heartbeat, is forced to carry a bag that I, for example, can’t lift. When once we went into a shop, he asked me to watch over this bag, but I wanted to see what was on a shelf, and I had to drag the bag after me. I just could not lift it. In this bag, Andrei Dmitrievich carries a radio receiver, because it would be damaged if left at home, all his manuscripts—both scientific and public ones—diaries, photos, personal notes. The bag must weigh no less than thirty pounds. He has to carry all this around with him. I think all this must weigh no less than thirty pounds. And this man with a bad heart—suffering from acute hypertension—is forced to carry this bag every time he leaves home, even if it is only for ten minutes.9
Sitting in the Berlin café, making preparations for my trip to the Chaos Communication Camp later that day and trying to decide whether I should attempt to install Tor, I, too, feel the burden of security. My own laptop and cell phone are like the listening devices in the Sakharov apartment. More than just listening devices, these objects emit my personal life into cyberspace. I have an indelible trail of data exhaust perpetually flowing behind me across the arc of my life. A trail that does have a mystifying quality because no ordinary person seems to know how to erase, edit, or dispose of it completely, and no one knows just who is reading and interpreting it. As Andrew has told me, many of the hackers, journalists, and activists bearing the burden of the WikiLeaks and Snowden documents have ended up in Berlin or had their paths cross there. I’m not sure who I might get to speak to in the city and at the Chaos Communication Camp over the next few days or whether I would or should want to hide anything. But it makes me uneasy, this worry of potentially exposing someone to risk or being exposed.
As much as people have fled Berlin, throughout its history they have also flocked to the city to be free. Berlin is a city of political exiles, free thinkers, reformers, and refugees.
As early as medieval times, serfs who came to the city and were able to stay for a year and a day were granted their freedom, generating the aphorism “City air makes you free.” During Europe’s Thirty Years War in the first half of the seventeenth century, Berlin was razed because of religious intolerance. When the chastened city emerged from the destruction, tolerance became a theme of the place. Twenty thousand Protestant Huguenot refugees were granted residence there in 1700 and an enlightened monarch, Frederick the Great, worked for decades on a constitution of tolerance that included early rights for religious freedom, equality of the sexes, equality before the law, freedom of speech, and universal education. Voltaire, in exile from France, was a guest at Frederick’s court in Berlin and there developed many of his ideas for his best-selling tract “A Treatise on Toleration.”10 The Jewish Enlightenment began in Berlin in the mid-1700s. Led by Moses Mendelssohn, the movement strove for Jewish emancipation and assimilation. Frederick’s grandson granted Jews in Berlin the rights of citizens and access to professions they previously had been excluded from. Hannah Arendt describes how the civil equality of Jews in Berlin was a product of the Prussian Enlightenment there.
By the 1800s, Berlin’s reputation as a city of refuge, toleration, and freedom was well established, and emboldened political movements pushed for even greater reforms. The Young Germany movement called for radical democratic reform; Ferdinand Lasalle, from Breslau, mobilized Berlin factory workers; and Karl Marx and Friedrich Engels worked on The Communist Manifesto there. In 1848, popular revolt swept Europe with calls for universal suffrage, intellectual freedom, and democratic constitutions. When Berlin’s poor went to the barricades in March that year, composer Richard Wagner joined them. In the 1870s, the first socialist party in Europe was formed in Berlin as leftists joined with labor unions to form the German Socialist Workers’ Party, a forerunner of the Socialist Democratic Party. Berlin remained a place of ferment up to World War I. “The books, the writers, the actors! Berlin had been a great attraction for all of them. … Everything was filled with a throbbing life,” wrote one long-time resident, Heinrich Eduard Jacob, of the city in the summer of 1914.11
Granted, the city was also the center of the Prussian military and monarchy that ultimately led the country into the devastation of World War I. But when these institutions lay smashed, it was Berlin that became the center of resurgent democracy, emancipation, and reform. The king’s own garrison in Berlin deserted. Some of the most trenchant critics of the old regime were artists working in Berlin—Bertolt Brecht, George Grosz, and Käthe Kollwitz. The Social Democrats took power soon after the war and announced the establishment of a new republic and constitution. The revolutionary communists known as the Spartacists, led by Rosa Luxemburg, would have taken things further still. Her words, engraved in Berlin’s squares, still resonate in the city: “Freedom only for the supporters of the government … is no freedom at all. Freedom is always and exclusively freedom for the one who thinks differently.”12
There was sexual freedom, too, and libertinism, with many voluntary exiles like Christopher Isherwood staying in the city to experience and write about it. When Adolf Hitler took over the chancellorship in 1933 and imposed his authoritarian regime, Berlin was still the heart of communist and anarchist Europe, of radical artistic movements, and of experiments in personal freedom. Berliners did not cheer his ascendance.13 When Jean-Paul Sartre arrived in devastated postwar Berlin for a remount of his prewar antifascist play, The Flies, he famously said the place demanded no less than a commitment to “total freedom.”14
The number of historical figures and thinkers who have come and gone through Berlin is striking, as is the way so many personal and political stories meet up there. The stories of contemporary digital rights exiles that weave themselves in and out of Berlin are only the latest installment of the city’s long dance with freedom and repression.
When Julian Assange was under house arrest in the UK, many digital rights activists, hackers and journalists visited with him there. Among them were Jacob Appelbaum, Sarah Harrison (a WikiLeaks’ editor and personal intimate of Julian Assange), and Laura Poitras, who was filming Assange and his entourage. The house, located on a spacious country estate, gave them a genteel environment in which to gather and work before events drove them and others into exile.
Assange was the first to go. On a lovely day in May 2012, when the UK Supreme Court rejected his appeal against extradition to Sweden, Assange donned a disguise and rode a motorcycle to asylum at the Ecuadorian embassy in London’s Knightsbridge district.
Poitras was the second, although her exile was at first voluntary. She was known for her films about the Iraq War and had experienced increasing harassment at the US border whenever she traveled to or from her home country. She wanted to protect her film footage and materials, and Jacob Appelbaum suggested that she should move to Berlin. He, himself, had decided it would be wise to relocate there. Germany had very good privacy laws and a growing community of digital rights activists.
Poitras moved to the city in fall 2012 and set up a studio.15 At the time of her move, she was making a film on surveillance, and it was not going well. Then in January 2013, she was contacted by someone claiming to work for the NSA. The person identified himself by a code name, Citizenfour.16 Poitras was using encrypted communications for her projects, and she and Citizenfour communicated for a number of weeks that way before her correspondent asked to meet her. When she learned from Citizenfour the importance of the leaks he had to offer, she decided she needed a partner to help break the story and chose Glenn Greenwald, who at the time was writing for The Guardian newspaper.
Citizenfour was the thirty-year-old Edward Snowden. Poitras and Greenwald’s interview with him in his hotel room in Hong Kong became the basis of the 2014 documentary Citizenfour, which won Poitras an Oscar and introduced Snowden as a sympathetic character to the world. At the time of the interview, Snowden was on the run. He had decided to identify himself to protect others but did not believe it would serve any social purpose to turn himself in and face the kind of long prison sentence and torture Chelsea Manning had by then been subjected to. Stranded in Hong Kong, Snowden needed to find a country that would offer him political asylum. And he needed help getting out of the city.
Poitras believed that she was already being followed, so it would not be easy for her to assist him. Julian Assange, whom Poitras knew well by this time, stepped forward. WikiLeaks canvassed its own diplomatic contacts to find a country that would offer Snowden asylum. It booked more than a dozen flights to different places in order to obscure his travel plans. And it dispatched Sarah Harrison, who was in Melbourne on WikiLeaks business, to meet Snowden in Hong Kong and accompany him on his journey.17 Harrison and Snowden met for the first time in a taxi and made their way to the airport, where they boarded a plane. By the time the United States sent a warrant to Hong Kong for Snowden’s extradition on June 14, 2013, charging him with high crimes under the Espionage Act, he had already departed.
The first leg of Snowden and Harrison’s journey was to Moscow, where they hoped to take a second flight to Havana and go from there to South America. But by then, the United States had revoked Snowden’s passport, and they found themselves stranded in the Sheremetyevo airport, where, for thirty-nine days, they evaded spies and the international press and survived in a building whose best amenity was four Burger Kings.18
At the end of it, they negotiated political asylum for Snowden in Russia, and he went into exile in Moscow, where he has remained since. Harrison accompanied him through this adventure and stayed with him in Moscow for three months, increasing the risk that she herself would be targeted when leaving the country. Her lawyers advised her not to return to the United Kingdom, and she went into exile in Berlin in late 2013, never returning to Melbourne to pick up the luggage she had left there.19
When Laura Poitras told Julian Assange that she had decided not to give WikiLeaks the Snowden archive to publish, he was furious. Assange was still yelling at her when she hung up the phone, she has said.20 Poitras and Greenwald worked with The Guardian and a few other selected media outlets to publish the first Snowden disclosures and then went on to found The Intercept, the online media platform they intended would publish the Snowden leaks over time. Poitras and Greenwald are possibly the only people who have access to the whole Snowden archive, and because of the sensitivity of large swathes of its documents, it may never be fully published and mirrored on volunteer servers like the WikiLeaks archive has been.21 Poitras and Greenwald (who lives in Brazil) almost never return to the United States now because it is potentially dangerous for them.22
The lives of the Berlin digital exiles would merge with those of a close-knit activist community in the city23 connected with the Chaos Computer Club and with the long-flowing political life of the city. The club’s contribution to their cause was to file a criminal complaint with the German Prosecutor in 2014 against the US, UK, and German governments, as well as the heads of their secret services, for their respective roles in the mass surveillance Edward Snowden revealed.24 Harrison remained a WikiLeaks editor. When she started the Courage Foundation—an organization for whistleblower protection—Andy Müller-Maguhn joined its advisory board.25 In 2016, Harrison and the rest of Berlin’s digital rights community turned out in force to the Berlin premiere of Poitras’s film Citizenfour.26
These exiles—Poitras, Harrison, and Appelbaum in Berlin; Greenwald in Brazil; Snowden in Moscow; Assange in the Ecuadorian embassy in London—have borne the burden of dealing with the Snowden and WikiLeaks archives for several years now, in one capacity or another, binding their lives inextricably together. In Poitras’s 2017 film about Assange, Risk, Poitras would reveal that she was briefly involved with Appelbaum. She would disclose that Appelbaum, like Assange, had been accused of serious sexual misconduct and of bullying. The allegations had been swirling in the activist community for some time. The film would express the sadness of political exile, with its patina of melancholy similar to the bleak ambience of old spy movies set in divided Berlin.
The first arrow of exile, Dante Alighieri wrote, is that you “leave everything you love most.”27 The second, I think, must be the limbo of not knowing whether you will escape its confines and whether your personal sacrifice means enough. The third must be the betrayal, estrangement, or disappointment you might have to endure, because the lives of political exiles are often joined inextricably together. The last, surely, is whether you, yourself, might crack or fail in some way.
I make it back to the Chaos Communication Camp by train and later that night pitch a tent in the middle of a spectacular lightning storm. The electrical grid that snakes through every part of the camp withstands the deluge of water: there are no fires or electrocutions. Only the inside of my tent gets wet; there’s a vent at the top I can’t find the cover for.
I am not much further ahead in preparing my laptop’s security. I have failed to install Tor and am still woefully ignorant of many basic aspects of security. I have a dilemma to face the next day, too. If I am not up to practicing high spycraft, if I have not mastered even a basic privacy tool like Tor, is it fair for me to try to interview some of these Berlin exiles and other activist hackers? How will we communicate, and where will I store my notes? What more can I glean about their stories that is worth putting them and myself at risk? And isn’t the hacker story becoming too much about these high-profile individuals anyway, when there is the huge collective phenomenon of the progressive hacker scene to be reported on?
Dawn finds me hunched stiffly over a hot coffee served by one of the food kiosks that is, surprisingly, open at this hour. I look up when a slight, bearded young man, coffee in hand, sits down with a nod at the same picnic table. Minutes go by, and it occurs to me to ask him where I might charge my laptop. I ask also if he knows anything about the special internet access the CCC encourages campers to use. I’m a lawyer, not a tech person, I tell him apologetically. I’m trying to be more secure, I explain, but it’s my professional ethic as a lawyer to act openly. When I try to act covertly, I get confused.
“Yes, well,” he responds, “one gets confused in all kinds of political processes, not just technological ones.”
He smiles warmly. He has a quiet, thoughtful demeanor.
“But,” he says categorically, “in a place like this, you just don’t go on the open internet.”
He explains why: there are many hackers, and they love to hack into things. They can scan and see you anytime they like. Yes, they can get into your email. Yes, also your documents. Anything is possible. He smiles again. Yes, there are also security agencies that send people to this kind of conference, certainly.
He sees me blanching. Before coming here, I explain, I installed PGP, a nontracking browser, and an activist-run email service on my laptop, more for credibility’s sake than from paranoia. But when I returned to the camp late yesterday, I needed to check in with my kids. I’d had to leave them on their own back in Canada, and they are only in their early teens. I joined the net using the camp’s open WiFi connection. In my specific circumstances, how bad could that be? My brain churns ineffectually trying to sort through the implications.
If you have a free software system like Linux, he says (I notice he does not say GNU/Linux, as Richard Stallman would wish he had), you can see the source code and watch over it all the time. You can see if it has been infected. With free software for encryption, it is the same thing: you can check to see if it is doing what it is intended to do. You have to watch over this all the time. People are at risk because of social media and commercial websites. There are many ways of getting your computer infected with tracking technology.
We talk some more, and I learn that he is an artist. He gave a talk on “glitch art” at the camp yesterday. He explains that this involves working with technical representations and finding errors in code to display aesthetically. For example, in the presentation he gave yesterday, he produced errors in images to make visible the glitches in a sequence of code from a US drone system. He started this project three years ago, when he came across a leak by a group called DefenseSystems.com. The leak was that a drone operator did not know a video system for US drones had errors in it, which led him to kill civilians when directing a drone attack in Pakistan.28
Another thing he does are “PGPoems”: he plays with code and network language to create partly encrypted poems. PGP, as I know, stands for Phil Zimmermann’s public key encryption tool called Pretty Good Privacy. The reader of a PGPoem can see some words but has to do a public encryption key exchange with the artist in order to put together the whole thing.
It’s still early. Most people in the camp have yet to emerge from their tents. I can hear mourning doves calling softly to each other in a stand of silver birch trees. We huddle over the picnic table, our cups of coffee steaming our fingers warm.
He pulls a small yellow book out of his backpack and hands it to me. Titled Operational Glitches: How to Make Humans Machine Readable, it is an artistic treatment of the computer as a control system over time, he says—say, by biometrics or metadata index. It is an essay on code.
I turn the booklet over in my hands, a small artefact of the interesting times we live in. The text is in German, with headings like “Die falschheit des glaubens an die richtigkeit technischer bilder” (the falsity of faith in the accuracy of technical images), “Frabe by frame by frame” (error by frame by frame), “predictive killing,” “Produkttionsmittel” (means of production), and “das Codicht” (code). It is full of recognizable names like Heidegger and Marx. I look up into the artist’s clear gray eyes and he reminds me also of Schiller and Goethe.
Who is this soulful German? His name, the booklet cover reveals, is Christian Heck.
Christian feels at risk as an artist not because he is disclosing secrets—that, he says, he does not do—but because he is making statements that authorities do not agree with. He knows they will monitor him. He also has a responsibility to friends, colleagues, and family. He never goes online unencrypted. Also, because pictures are full of metadata, revealing information such as time and place, he erases metadata so as not to leave traces: “Not just for me, but for all groups.” There are many security methods for being anonymous online. He never uses Gmail, for example, because Google analyzes your email with that service: “Many people say, ‘I don’t want to be used as a product by a private company.’”
Christian describes his involvement in spreading privacy know-how. He participates in a peer-to-peer teaching collective called “CryptoParty,” which is part of a grassroots internet privacy movement. When they organize a party, everyone can come, have a beer, and show one another how to encrypt a hard drive or email, use a Linux operating system, or work anonymously. (Later that day, I look up CryptoParty and find that the tech writer Cory Doctorow calls it “a Tupperware party for learning crypto.” The CryptoParty Handbook—over four hundred pages, “to get you started”—was crowdsourced by activists from all over the world in less than twenty-four hours.)29 Tactical Technology Collective is another interesting group, Christian says. It has a tent at the camp and does public education through animation. The group’s kit is called “Security in a Box.”
It may not be possible to make a whole system secure, “but you have to do your best,” he says, looking at me kindly. “Just like a mother.”
He explains all the various pieces you have to worry about in a security plan:
And there are two types of information to worry about:
The Tor network, Christian explains, hides your original location. With Tor, Google has only the metadata for your web search from the last proxy server (in Romania, say). Your location and your IP address are hidden. You do not need to trust Tor because it does not know what route your message took or its original location. “Hide My Ass,” another proxy server, does.
As Christian speaks, I am trying to square what he is telling me with what I already think I know about Tor. As I understand it, Tor is continually being improved. The way it currently works is that it uses two sets of PGP keys. Tor lays out a random path of multiple nodes every ten minutes, and one “temporary” key is sent to each node. The temporary key is for the substantive message that will be sent. If there are three nodes, a temporary key is sent to each of the three nodes. It is encrypted using each node’s public key—that is, Tor uses each node’s public key to scramble the temporary key’s information. Only the node can unencrypt the temporary key it has just been sent using its private key. The node stores the temporary key for a short time, ready to use it on the next message it will receive. The next message will be the sender’s substantive message with its content, encrypted or not, wrapped in three layers of encrypted addresses. The first node will open the first layer of the addresses with the temporary key it has in its possession. It will scrub the sender’s metadata and then send the message on to its next destination. The second node will do the same thing with the next address, and so on.
But you really must have a clean computer before you go into Tor, Christian continues. If your computer is infected with malware, he says, someone spying on you could potentially see your whole route through Tor and all your correspondents. Instead of hiding yourself on the internet, you would be exposing your most sensitive networks. It would be like wearing an invisibility cloak you thought was working while it was not. It could expose your whole social network and put all of your correspondents at risk. A clean computer means a computer that has not been exposed to a possible hack through the internet before you start using Tor to hide yourself. Commercial sites are risky, and so are streaming videos and looking at PDFs online. This means you have to preconfigure your browser offline when you first get your computer and avoid using it for streaming, web surfing, and PDF downloads.
This is beginning to sound onerous to me.
But even with a clean computer, Christian says, if you are using the same browser (say, Safari) all the time and always configured the same way, security agencies can create a profile on you when you are using Tor based on the constant pattern of your browser and its particular configurations. (I struggle to translate this for my own understanding: even with Tor hiding your location and IP address, authorities can still profile you at the ends of the rabbit tunnel if you are using the same browser and configuration all the time? As if they can see you have a brown salt-and-pepper tail going into the rabbit warren and a brown salt-and-pepper tail coming out?)
Cryptoparties over beer and pizza, Christian says, start with what people are interested in. They are meant to teach normal people with normal computers, people who may have no clue about security when they start. Then they learn to be more adept through many little talks, he explains.
With his art, Christian says, he is searching for other ways to help people understand the dangers of “right now,” other than through logical argument. Every week, there is a news story about surveillance, and this does not change people’s behaviors online.
Christian himself learned to code because he wanted to make a movie using film cutting in real time. Adobe did not have that function, so he had to create it.
“But ordinary people have many things to do other than become technical experts,” I say.
“Yeah, I know,” he replies. “They have families and jobs from nine to five, et cetera, but it’s just another way of behavior. You changed from using a Microsoft system to a Mac and learned how to work it, so you can change from Microsoft to Linux, for example.” He smiles again, warmly.
Christian stands up, his coffee finished. We shake hands like friends, and I thank him for his lesson on the basic elements of user security. Combined with the primer Andrew Clement gave me before my trip, I feel much more knowledgeable about how things work.
As Christian walks away, a recent news story pops into my mind. I hesitate for a moment, then look it up, still using the open WiFi connection:
Kremlin Returns to Typewriters to Avoid Computer Leaks
The Kremlin is returning to typewriters in an attempt to avoid damaging leaks from computer hardware, it has been claimed.
A source at Russia’s Federal Guard Service (FSO), which is in charge of safeguarding Kremlin communications and protecting President Vladimir Putin, claimed that the return to typewriters has been prompted by the publication of secret documents by WikiLeaks, the whistle-blowing website, as well as Edward Snowden, the fugitive US intelligence contractor.
The FSO is looking to spend 486,000 roubles—around £10,000—on a number of electric typewriters according to the site of state procurement agency, zakupki.gov.ru. The notice included ribbons for German-made Triumph Adlew TWEN 180 typewriters, although it was not clear if the typewriters themselves were this kind. …
Documents leaked by Mr. Snowden appeared to show that Britain spied on foreign delegates including Dimitry Medvedev, then the president, at the 2009 London G20 meetings.
Russia was outraged by the revelations but said it had the means to protect itself.30
I will, it turns out, have the opportunity to talk with at least two of Berlin’s digital exiles over the next few days at the Chaos Communication Camp. They are here, circulating, and it should be easy to approach them and perhaps set up interviews with other exiles, including Julian Assange in London, where I have arranged to go after Germany. But do I want to take on that burden?
For all of the reasons I have been mulling over, I decide not to. I cannot offer them security, and I do not want to become a target of surveillance myself. I have a regular job to hold down, a mortgage, and children. In any case, their stories are background to my main objective for this book—reporting on the collective movement I see emerging around the hacker scene and the direction that hacking is headed in this difficult political era. The technical problems I’ve been having with my tent will soon recede in importance: I will have so many people to talk to I will barely have time to sleep.