“Whatever you do will be insignificant, but it is very important that you do it.” - Mahatma Gandhi
This summer the Dutch hacker community, with help from friends all over the world, will organise the seventh hacker festival in a series that started in 1989 with the Galactic Hacker Party. The world has changed massively since then (we'll get to that) but the goal of these gatherings remains the same: to share knowledge and ideas about technology and its implications for our world, have heated discussions on what we should do about the problems we see (sometimes well before many others see them), generally have fun in communicating without keyboards, and being excellent to each other.
Four years ago a somewhat unknown Australian hacker with some new ideas about the future of journalism gave the opening keynote at HAR2009. His site was called Wikileaks and some of us had a hunch that this concept might be going places. We had no idea just how far that would be...
Not long after the first gathering in the Netherlands in 1989, the Berlin Wall came down. While we can claim no connection, the interminable Cold War had finally ended and many of us felt, with the optimism so typical of youth, that world peace might just be possible in our lifetimes. We would go back to making rockets that went up instead of straight-and-level and other great things would follow.
<Originally a Webwereld column - in Dutch>
In the middle of election season in Iceland a debate is raging about the need to protect young children from violent pornographic imagery that can be found on the Internet. Although it is unclear what the scale of this problem is, there is concern about the methods used by some in the porn industry to market their wares. There is an idea that some firms use the old tobacco industry method of 'get them while they're young'.
As I was in Iceland recently I was fortunate enough to be asked my opinions on these matters by government officials. The entire debate is being conducted during election season, so the local media are on top of every word uttered by anyone from either government or the local digital civil liberties organisations. What causes most of the (international) attention is the specific plan to put a national filter on all Icelandic internet connections. This would be a first for a western democracy (although such filters have been tried in various Asian countries from Iran to China). Proposing a method that could very well be called censorship is incongruous in a modern and progressive society such as Iceland (the only country to have convicted its bankers over their part in the current global financial crisis).
During an informal dinner a few days later with officials it became clear that no decision on a filter, or any other policy, had been made. The government was looking into the problem and discussing possible solutions. The emotive nature of the debate causes the problems and solutions to get mixed up. I therefore attempted to structure the discussion over dinner:
A few years ago, Israeli and American intelligence developed a computer virus with a specific military objective: damaging Iranian nuclear facilities. Stuxnet was spread via USB sticks and settled silently on Windows PCs. From there it looked into networks for specific industrial centrifuges using Siemens SCADA control devices spinning at highspeed to seperate Uranium-235 (the bomb stuff) from Uranium-238 (the non-bomb stuff).
Iran, like many other countries, has a nuclear program for power generation and the production of isotopes for medical applications. Most countries buy the latter from specialists like the Netherlands that produces medical isotopes in a special reactor at ECN. The western boycott of Iran makes it impossible to purchase isotopes on the open market. Making them yourself is far from ideal, but the only option that remains as import blocked.
Why the boycott? Officially, according to the U.S. because Iran does not want to give sufficient openness about its weapons programs. In particular, military applications of nuclear program is an official source of concern. This concern is a fairly recent and for some reason has only been reactivated after the US attack on Iraq (a lot of the original nuclear equipment in Iran was supplied by American and German companies with funding from the World Bank before the 1979 revolution). The most curious of all allegations of Western governments about Iran is that they are never more than vague insinuations. When all 16 U.S. intelligence agencies in 2007 produced a joint study there was a clear conclusion: Iran is not developing a nuclear weapon (recent speech by the leader of this study here).
At their yearly conference the Dutch The National Cyber Security Center stated this week they want to listen more to the hacker community. It is fine that the government will at last listen to the people who have been ahead of the curve for decades, although the question remains - why it has waited to do this until 2013? Even if this had been done as recently as 5 or 10 years ago it would have saved an incredible amount of trouble and public money. I sincerely hope that the consultations with the hack(tivist) community are about more than just technical tricks, because most benefits to society are derived from discussing policy. For purely technical issues the usual consulting companies can always be hired and then simply pay hackers for their knowledge and advice, just like any other experts.
Meanwhile a big group of hackers were unhappy about the fact they were not welcome and organized an alternative meeting. If the NCSC's intentions for the coming year work out in practice, next time this might not be necessary. On the community side, these invitations to the table should be dicussed openly and in detail (who sits at the table and wearing what hat). Because when community contributions and possible commercial interests get mixed up, things quickly degenerate into bickering and arguing. I speak from experience ;-). Nobody is "representative" of the entire hacker community. The NCSC will have to adjust to the idea that we have no centralised organisation with a head office where you can meet up with the CEO/director/top-dog.
Not sure what to say about the sudden death of Aaron Schwarz, idealist, freedom-fighter-extraordinaire and friend of open access to information for all of humanity. Aaron spend his life fighting for humanity's highest ideals, contributing to technologies most of us use every day (even if we don't know it). It just feels like something is very, very wrong is the so-called 'free world' is killing its best and brightest for living up to its highest ideals. We've got big problems and cannot afford to lose people like Aaron.
Cory Doctorow has written a eulogy here, Prof Lawrence Lessig had an overview of the case the US Department of Justice (ha!) saw fit to launch against Aaron. Glen Greenwald wrote about his heroic work in helping to defeat SOPA over the last years. A digital memorial to Aaron will be here for as long as there is an Internet. The files that started the case can be found here. Spread them around as wisely as possible.
But mostly just watch Aaron's speeches and interviews, as many times as needed before you understand his ideas and ideals fully.
On July 11th 2001 the European Parliament published a report on the Echelon spy network and the implications for European citizens and businesses. Speculations about the existence of this network of Great Britain-and-her-former-colonies had been going on for years but it took until 1999 for a journalist to publish a report that moved the subject out of the tinfoil-hat- zone. The report of the EU Parliament contains very practical and sensible proposals, but because of events two months after publication, they have never been implemented. Or even discussed further.
Under the heading "Measures to encourage self-protection by citizens and enterprises" lists several concrete proposals for inproving data security and confidentiality of communications for EU citizens. The document calls on Parliament to inform citizens about the existence of Echelon and the implications for their privacy. This information must be "accompanied by practical assistance in designing and implementing comprehensive protection measures, including the security of information technology". So not just some abstract government infomercial on TV/radio but hands-on tips to get some actual work done please!
<originally a Webwereld column>
Last month the VVD and D66 political parties (the Dutch equivalent of the Conservatives and LibDems in the UK) again proposed that the Netherlands should re-adopt electronic voting. Earlier this year the Dutch Association of Mayors also called for their reintroduction (don't you just love it when non-elected officials comment on and interfere with the electoral process :-). While the use of voting computers in the Netherlands has been banned for over four years, even for water board elections, there remains a fundamental misunderstanding of the basic problem with electronic voting.
While the many clumsy security problems (video) or the absence of the source code of the software (in the case of Nedap and SDU voting computers), are excellent talking points for the media and political agenda, these issues are not the core of the problem. And although the voting computer dossier at the Ministry of Home Affairs is now labelled with a bright fluorescent sticker: 'radioactive, do not touch!", there is still a risk that local authorities or suppliers will continue to feel that voting by computer is best "if we can just iron out a few little bugs”.
The real objections are more fundamental and have little to do with security bugs or open source code. They are the fundamental principles underpinning our democracy, and are threatened by the use of voting computers. In the many discussions on mailing lists and web forums it seems that people have lost sight of these principles.
Gartner, IT-journalists and even former employees of Microsoft agree: Windows 8 will be a disaster. The Metro interface designed for tablets (a market that virtually does not exist in relation to MS-Windows) is unworkable on a desktop with a vertical non-touch screen, keyboard and mouse. Most office spaces still have this and most run legacy applications with interfaces that rely on a Windows PC using a keyboard and mouse. It is precisely the ongoing purchase of desktop PCs with the combination of MS-Windows and MS Office that has kept Microsoft financially afloat over the last 15 years
The combination of legacy applications (mostly proprietary) and familiarity with MS Office, led many IT organisations to automatically buy the new Windows platform, despite the high cost of licences and support. The inevitable result is a world of pain, with new interfaces, a lack of compatibility and the sudden cessation of support for critical components. IT policy is organised around coping with these problems instead of focusing on sustainable alternative solutions. And solving or mitigating these problems requires so much time and money that there is often little left over to plan further ahead. Thus, in many organisations the perfect vicious circle has existed for so long that many IT people can not even see it.
hen in the Course of human events it becomes necessary for people to dissolve the commercial, legal and moral bands which have connected them with an industry and to assume among the powers of the earth, the separate and equal station to which their most fundamental principles entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation.
We hold these truths to be self-evident, that all lives are enriched by the sharing of culture, that citizens are endowed by their democracies with certain unalienable rights, that among these are knowledge, true ownership of their property and the sharing of culture. That to secure these rights, laws are instituted among the people, deriving their just powers from the consent of the governed. That whenever any of these laws become destructive of these ends, it is the right of the people to alter or to abolish them, and to institute new laws, laying their foundations on such principles and organizing their powers in such form, as to them shall seem most likely to effect their safety and happiness.
Friday a week ago I, along with other "experts", attended a Parliamentary Working Group to answer questions about government IT projects. This was a Parliamentary group of MPs investigating the many IT failures of the government. After the summer (and the sept 12th elections), the investigation should begin with a sharp set of research questions. The invited experts were there to help formulate the right questions.
Here are my blog links to some of the available online advice written by the working group and the video stream (all in Dutch). It was striking how unanimous was the message presented by all the IT experts, given the variety of backgrounds.
Like other columnists and opinion writers, I also emphasised the failings of government and egregious damage to national security, privacy and general public funds. From available data, in terms of the government, the cost to the Dutch has moved from millions to billions of euros annually.
With such a government it is like shooting fish in a barrel for columnists. Therefore it was refreshing on this occasion to make a more constructive contribution. Although it was a pity that such meetings do not occur more frequently and are not better attended by the officials and suppliers who are responsible for all these projects. As 6 billion euros pour down the drain every year (and that is only the out-of-pocket costs - the social impact may be much higher) it might be a good idea to hold consultations more often. While I doubt that the gathering last week has any ready-made solutions for all the problems, I think there is a reasonable degree of consensus about their root causes: