Chapter 9
AN ELECTRONIC INTEREST GROUP
The story of hackers, phreakers, telephone companies, and justice is told (from an American perspective) in Bruce Sterling's The Hacker Crackdown (1992). The reason this science-fiction author decided to write a history of hackers, is exactly what I have tried to illustrate with my arguments so far: that aspects of electronic cultures overlap. The whole thing started when the U.S. Secret Service tried to clip the wings off the underground hacker movement, and on some occasions strayed far outside the limits for law enforcement intervention.
They really wanted to nail the hackers, who had grown extremely powerful in just a few years, through a national crackdown (hence the title of the book), with the intent of teaching the hackers a lesson. This crackdown was named Operation Sundevil. The Secret Service busted into the homes of American teenagers, grabbing everything with wires coming out of it. The computer, the printer, the portable stereo, mom's and dad's computers, all of it. That wasn't enough: they also took manuals , or anything remotely resembling one: science-fiction novels and regular compact disc records, for example.
All of you can probably figure out what happens if you take all the hacker's machines away from him or her. He/she becomes totally powerless, with no means of keeping in contact with friends or communicate in open electronic discussions. The hackers not only had their wings clipped; they also had their mouths sewn shut. This is exactly what the Secret Service wanted, and probably no one would have been concerned - not even Bruce Sterling - if they had stayed content to just raid hackers. Many hackers arrested during the crackdown were given sentences that prohibited them from using computers for a certain period of time.
On March 1, 1990, the Secret Service committed a mistake: they went into the gaming company Steve Jackson Games , in Austin, TX, and confiscated all the computers that they could find, including one which had a completely new game stored on its hard drive: GURPS Cyberpunk (GURPS sands for Generic Universal Role Playing System, developed by Steve Jackson Games to make it easier to switch between roleplaying settings without having to switch gaming systems).
Steve Jackson Games, therefore, make role-playing games , and the game GURPS Cyberpunk was written by a hacker going by the pseudonym Mentor (his real name was Lloyd Blankenship ), and who worked as an author at the company. When the company demanded the return of its computer, or at least the files for GURPS Cyberpunk (which was just about to be marketed), their request was denied, with the justification that it was not a game but rather a manual for perpetrating computer crime. Mentor himself was a hacker, and had written an excellent and realistic game which focused on breaking into different computer systems. The game was considered dangerous.
Anyone who's seen a roleplaying game knows that it is a matter of a kind of books used as reference material for the games, in which the players try to create and enter a world of the imagination. GURPS Cyberpunk , therefore, was a BOOK , released by a publisher, with an ISBN number just like any other book. The fact that the U.S. Secret Service had tried to stop the publication of a book , simply because the contents were held to be too dangerous , was not well received by conscientious citizens of the U.S. The freedom of the press is constitutional in the U.S. (like in Sweden), and a fantasy-oriented role-playing game like GURPS Cyberpunk has the same official right to exist as The New York Times , whether it teaches computer crime techniques or not - as long as it doesn't advocate the perpetration of crimes.
After a period of fuss in regards to the Steve Jackson Games case, the Electronic Frontier Foundation was formed, led by (among others) the Grateful Dead lyricist John Perry Barlow .(1) They were financially supported by Mitch Kapor , who was one of the creators of the spreadsheet program Lotus 1-2-3 . The organization had supporters among the users of the electronic conferencing system The Well , created by the magazine The Whole Earth Review in San Francisco. WELL is short for Whole Earth 'Lectronic Link , and in principle functions as a gigantic BBS with connections to the Internet. (You could also view it as a metaphorical "well of knowledge".) Many users of The Well are old hippies and Grateful Dead fans, who dearly value their rights of free speech and assembly. Many are what I call university hackers, engineers, or programmers. The hippie-programmer combination is not unusual at The Well. (I mentioned earlier that the hippie culture originated at the universities in the Bay area. Consider Mitch Kapor, for example - before he started making business software, he was a meditation instructor.)
San Francisco is almost a chapter of its own. It is the Meccha of the electronic world. The universities Berkeley and Stanford are in the area, and close by is Silicon Valley. The majority of modern computer technology comes from San Francisco. It is where the first personal computer, the Altair, was built, and it is also the home of EFF, The Well, Whole Earth Review, Wired, and MONDO 2000. Virtually all forms of popular electronic culture have originated in San Francisco, and it is also where Virtual Reality was first marketed. At the same time, I would say that San Francisco's reputation is a little exaggerated. It has just as much to do with American attitudes and marketing as real knowledge, and the expertise that computer technology rests on has been researched and developed all across the world. However, it is a natural nexus for amateurs as well as the pros of the computer industry. Silicon Valley, in particular, has had great significance, with its thousands of bored upper-middle-class engineers waiting with anticipation for anything to happen on the electronic frontier. These people constitute the innermost core of EFF.
EFF has quality contacts inside the entire
American software and hardware industries, and champion the
electronic rights of human beings .
The organization does not protect hackers, as is often said, but it protects
the rights of hackers. EFF is therefore a civil
rights organization . Like the
cyberpunks, EFF is ideologically influenced by libertarianism, but on
many issues (such as "intellectual property"), they are on a
collision course with the libertarians. I will now try to illustrate how
threats against civil rights and individual integrity are manifested in
the information society.
The Right to Communicate
EFF stated (and states) that it is
a violation of integrity to take someone's computer away from them. It
is as violating as taking away the right for an individual to use pen
and paper. A hacker is used to communicating with the world by computer,
through BBSs, the Internet, etc. Taking the computer from the hacker is
akin to taking the typewriter (word processor, pens, or paper) from the
author. EFF sued the Secret Service for constitutional violations in connection
with the raid on Steve Jackson Games - and they won. The organization
now works towards a constitutional amendment protecting electronic expression.
In short: a computer criminal should not
be prevented from using computers (everyone uses them nowadays), but from
committing more computer crime. You don't prevent a counterfeiter from
working at the mint - you teach him to stop printing fake currency. Properly
used, the illegal hacker's knowledge is useful to society.
Integrity
EFF has grown since its inception,
and currently sponsors a public debate about computers and humans in a
future information society. It wants to protect the right of the individual
not to be registered and controlled by authorities, simply because it
is now possible thanks to the advent of the computer. The organization
therefore advocates the use of the encryption program PGP, which I discussed
earlier. Why? Well, SÄPO (the Swedish National Security Police) -
or some other internal intelligence organization - should not be allowed
to examine all postal transmissions in Sweden. They should not be able
to read all electronic mail, either. But
, they could (if they so wished) put a fast,
efficient computer to the task of searching all electronic mail for certain
keywords, in order to quickly trace new political groups. (It is astonishingly
simple to construct such a program; I could even do it myself.) Let's
say that every piece of electronic mail containing the words "REVOLUTION",
"WEAPONS", or "SOCIETY", in any combination, would
be copied and sent to an analyst. You would never know.
According to Philip Zimmerman (creator of PGP), it is precisely because of this that one should encrypt one's mail so that no third party could read it. Of course, in democratic Sweden, we would prevent internal organizations from doing such horrible things. Nevertheless, there might be good reasons to encrypt one's mail. Why?
First: there are people besides SÄPO and the local revenue office that might want to see if you're writing something inappropriate. Second: do you trust the authorities? If so, why not just send them a copy of your personal communications, so that they can check them and be sure that you're not sitting around conspiring? What do you, a conscientious citizen, have to hide? Why not let the police search your house for illegal weapons? You see where I'm going - encryption protects the privacy of the individual from governmental intrusion.(2)
All the chaos surrounding PGP started on April 10, 1991, when the U.S. Congress made a statement about encryption programs. It clearly stated that it expected everyone involved in the manufacture of encryption technology, of any kind, to incorporate back doors so that the government could read the encrypted information if necessary. The message was a frightening one: you may keep secrets - but keep no secrets from the government. Shortly after, Zimmerman's colleague, Kelly Goen, went around San Francisco and distributed PGP do different BBSs using pay phones. (!) He held that Congress was in violation of the Constitution, and performed this act in order to protect American society from totalitarian supervision. recently, the European Union sent a similar missive to the nations of Europe. (Americans are much more sensitive to these matters than Swedes - which is fortunate, I should say. Translator's note: Nevertheless, and ironically perhaps, the privacy rights of individuals in the U.S. are in much worse shape than in the Scandinavian countries - due to private record-keeping organizations such as the credit bureaus, which have become a sort of universal information source that sells all the information it has to anyone willing to pay for it).
Encryption, by the way, is not expressly an American thing. Us Swedes have been in the cipher game for at least as long. As early as WWII, we decrypted German communications going through Sweden. In 1984, the "expert" Ragnar Eriksson and his friends at SÄPO made an encryption system which, with the approval of the executive branch, they tried to sell together with other security "know-how". Alas, the system was worthless, since SÄPO has never had any encryption experts worth their name, and no one wanted to buy the system.(3)
Those who are professionally involved in encryption (thus not SÄPO, but the military and the universities) almost always encounter upstarts who think they've invented the world's best encryption system. Common to all these parvenus is that they want to keep their systems secret, as they consider themselves so bright that no other person has ever been on the same track. All the pros release their algorithms (encoding principles) and tell people how the system works; if it is good enough, nobody can break the cipher even though they know how it works. Some examples include DES (Data Encryption Standard), and IDEA (International Data Encryption Algorithm) - which is used in PGP. (SÄPO did not want to publish their algorithms...) Neither DES nor IDEA are impossible to crack - it's just that it would take a few million years for today's computers to do so, using current deciphering techniques.
As an illustrative example, I will mention
a common beginner's crypto which entails adding a sequence of random numbers
to a digitally stored text. It would be very hard to crack if the message
was not any longer than the sequence of numbers, but with longer messages
this randomness can be removed as easily as static can be filtered out
of a radio signal.
Sweden Awakens
Today, Swedish police have already
been guilty of questionable activities relating to the freedom of expression.
They have confiscated BBSs, used as an exchange medium for private electronic
mail, and probably also examined the private mail stored on these. This
has been carried out on suspicions that the BBSs were used in the distribution
of pirated software. It can be compared to sifting through all the mail
in one of the Postal Service's boxes simply on the suspicion that somewhere
in this box there is information about a crime. Would you want your mail
read simply because it happened to end up in the same box as a letter
from, say, a car theft ring? (I don't even know if the police have the
right to do such a thing, but I don't like the thought of it.)
"Holy Christ", the police say, "those who use a BBS are despicable hackers! Thatdoesn't have anything to do with normal people's privacy, does it?"
It's great that they were hackers, and not Jews or immigrants , but simply regular, honest hackers, which we all know are terribly criminal. Hundreds of BBS users, regular Swedes with no criminal records, have had their right to privacy abridged simply because they fall under the fuzzy (to say the least) category of hackers ? And the police are upset because they have found encrypted material in these BBSs, which is hard or impossible to read. I really feel sorry for them.
Consider that today's BBSs will, in the future, be replaced by the Internet, through which you are expected to send all your mail. What will happen then? Are we going to have cops running around auditing the mail, seizing large quantities of mail when they suspect something illegal might be lurking inside the pile? But, but... the police follow the law, and according to the law, electronic documents or communications are not covered by the freedom of the press. Hopefully, they are protected under the freedom of speech, but not even this is certain. Everything is very fuzzy, and no one seems to know what the facts are. Legislation is in progress.
Considering all the threats against integrity, the observant citizen naturally wants protection against surveillance, and therefore acquires an encryption program. American intelligence agencies want you to use their "Clipper Chip" instead of your own crypto. The "Clipper Chip" is a very good encryption program which, according to themselves, only the Secret Service has a back door to. The European governments have something similar in the works, which has at the time of this writing not been formalized.
Another use for encryption (besides making your mail unreadable) is to put a seal on your messages - a kind of electronic check digit, which can mathematically prove that the sender is who he/she claims to be, and that the content has not been changed. This way, electronic bulletins can be mass-distributed without having to worry about somebody "cutting" them, at least not without being noticed. This method is used by, among others, SWIFT, which is an international bank transaction system.
Those interested in the underlying technology
of encryption should pick up a book on the subject. American cryptographers
(like Zimmerman) are monitored by military intelligence agencies. (I don't
know if this is the case for Swedish crypto-scientists.) In some countries,
e. g. France, all encryption by private individuals is prohibited.
Swedish Rights
What about civil rights in Sweden
and the rest of Europe? Is an organization like EFF necessary on this
side of the Atlantic as well> Maybe - especially since European police
agencies learn about computer crime fighting by peeking at the USA. In
Sweden, police have also confiscated computers and disks, but also magazines,
T-shirts, and printers, in American fashion. The police in the U.S. didn't
know what to do with all the stuff they seized - and the Swedish police
doesn't know either. It's not a mystery why it takes a virtual
eternity
to sort out hacker crimes, considering the amount of junk that the investigators
collect as evidence. When I did an inventory of my own collection of about
200 disks, it took me over a month, and I only made superficial notes
of the contents of each file. A criminal investigator has to be
a great deal
more thorough for his evidence to stand up in court, and a well-organized
hacker can, in worse cases, have thousands
of disks.
The time span and delays for the prosecution of a hacker is worse than those for refugees, with the difference that these cases are eventually dismissed. To the extent that the hackers ever see their equipment again, it is most often outdated and without value. The police are still holding computers seized six years ago. In many cases, the hackers' computers are considered instruments of crime rather than communication channels. Even Swedish hackers' rights of free expression have been infringed during police raids - whether they have been criminals or not. Remember where Cervantes spent his time while writing Don Quixote . (In prison.) Should the pen and paper have been wrested from him simply because he was a criminal? In at least one case, the Swedish police has been charged with violating rights of free speech and freedom of information.
As early as 1984, Sweden's National Police Board determined that seizure of equipment could cause problems, and that this should only be done in exceptional cases. Today, it's more of the rule than the exception. If they had been able to follow their own directives, which said to copy the information and lend it to the victim, the situation would have been much more pleasant for both parties. In that case, the hackers would not have had to have their computers stored in police warehouses for decades.
We also have a law of criminal forfeiture, which means that equipment used in the commission of a crime can be considered forfeited, and subject to sale or destruction. This might be reasonable in the case of specialized equipment like lock picks, "blue boxes", or other directly criminal equipment, but computers ? If a typewriter is used for criminal purposes, it is thus forfeited? Can we have just an ounce of freedom of speech, too?
The information age has now caused some prosecutions against the distribution of specific, protected information to become completely unmanageable. Are you struck by the same thought as I? That this plays into the hands of the cyberpunks? If information really can be owned - can we in that case uphold its copyright in a rational manner? Or is our old society in about to change with regards to copyright? Relax, there is a cure for all this. Computers are very good at controlling large amounts of information, and quickly at that. The organization BSA ( Business Software Alliance , an association of companies in the software industry) is apparently prepared to have a program called Search II stand witness in cases against companies suspected of piracy. The program works by reading the contents of a computer's hard drive and registering which programs are installed. The reason for doing this as opposed to seizing equipment, is that corporations, as opposed to hackers, raise one hell of a racket if you take all their computers. So far, so good.
When companies and (sometimes) people are
charged with piracy, the police rely on BSA and the Search II program
for technical expertise. It is a bit strange that BSA, which represents
the plaintiff, is also relied on to collect evidence. Strange, to say
the least. Now, allow me to insert a small provocation, which might help
you think along new lines:
Q:
Do we want computers to witness against
corporations and individuals?
Q:
Why not leave the entire justice system
to computers? Automated, powerful, cost-effective - comes in all colors
- no difficult interrogations or delayed trials...
Personally, I don't think we should
let computers stand witness until they're at least as intelligent as humans.
But if a human can testify under oath as to the credibility of what the
computer says, then OK. We have for many years allowed objects to act
as witnessed, or evidence
, as we call it. All evidence, however, has
to be interpreted by one or more people before it becomes practically
meaningful. What is relevant is that computers are evidence which has
a hitherto unlimited potential for lying, since they can be manipulated
in any way by anyone. I think we should stay clear of electronic justice
for a long time - the risk of judicial corruption is obvious.
The question of computers keeping tabs on individuals is a little more sinister than it appears at first glance - information technology, if properly applied, can be used to prevent or totally eliminate certain types of crime. Do we really want this? Do we want an intelligent breathalyzer in our car, which tells us when we can't drive? Perhaps such supervision of driving habits will be legislated in the future. Do we want the recipient of a phone call to always be able to know who we are?
For example, there is a program called Net Nanny, which is a "baby-sitter" for the Internet. It can be set to supervise children communicating over the Internet, and will automatically shut down the connection if some "dirty old man" starts asking for a name or a phone number. Even if the purpose seems noble, one could ask what would happen if an extraordinarily benevolent government should apply such filters to all of its citizens' communications. I mean, why not pull the plug as soon as someone starts talking about certain kinds of explosives, or starts using to many violent words - just in case... (Note: irony.)
As opposed to a cop, the computer is
everywhere ,
and basically free. Should we let our possibility to choose between obeying
or ignoring the law be eliminated by computers? Should they become our
collective, electronic conscience, and give us an electronically monitored
utopia in which there is no crime, since no crimes can
be committed? It is not as simple a question
as you could think, if you consider it for a while... the EFF, and other
organizations, are of the opinion that it is inhuman
to take away the individual's right to disobey.
So far, all social control has been based on self-control, a condition
which is threatened by automation. There is a risk of principles being
upheld for the sole reason that the computers have been programmed to
uphold them. This is one of the things that Paul
Verhouen 's cyberpunk film
Robocop
is about - mechanical beings who with never-ending efficiency chastise
the citizen into obedience.
B
= Bob
C
= The Car
B
: Hi Car.
C
: Hi Bob!
B
( jumping
into the driver's seat ): Let's
go...
C
: Just a moment, Bob, your voice is a little
off... you haven't been drinking anything, have you?
B
: Oh no, of course not...
C
: You'd better blow before I'll let you drive
anywhere.
B
: Is that really necessary?
C
: Yes.
B
: OK then... (brings
out a plastic bag with a nozzle, and squeezes air from it into the mouthpiece
on the dash)
C
: Come on, Bob, I wasn't born yesterday.
That wasn't your breath. Would you like me to call a cab for you?
B
( stomps
away from the car in a huff )
Freedom of Expression
Well, what about the freedom of expression?
Has an electronic book as much of a right to exist as one printed on paper?
When the director of datainspektionen ( Translator's
note: Datainspektionen
is a Swedish governmental institution that
regulates the permissible content and organization of computer databases
- to my knowledge, no comparable institution exists in the United States)
, Anitha Bondestam
, stated that the somewhat childish text
files found on certain BBSs, which describe how to make bombs and weapons,
could be illegal
- did we examine this statement as critically as we would if she had said
that books
describing similar contraptions could be illegal?
For your information, I can reveal that it is in no way illegal to write books on bomb construction - provided that you do not encourage the reader to apply this knowledge. (If you're in the military, and happen to write such a manual for internal use, you might even get promoted.) It may be morally questionable, especially considering that the readers are often teenagers, but it is definitely not prohibited. A parallel would be Hembränningsboken ("The Moonshine Manual"), which gives detailed instructions on how to make your own hard liquor. This book is not illegal. Datainspektionen makes a lot of funny statements which don't seem to have anything to do with their institutional purpose.
Datainspektionen does a lot of really good things. Above all, they protect freedom of information and individual privacy, and the right to know in which databases one is registered. The problem is that the institution sometimes assumes the role of pontificator, which is not its purpose.
From where will a Swedish EFF originate? I would bet on its birth somewhere among people that guard the freedoms of speech and the press. Föreningen Grävande Journalister ("The Investigative Journalists' Association"), with Anders R Olsson at the lead, has long had an agenda reminiscent of the ideas of EFF. As far as I can understand, this started with a book, written in 1985 by Anders Olsson, called Spelrum ("Playing Field"). In it, he describes the complicated structure of government, and its desire to control the individual, in a captivating and agitative manner. What William S. Burroughs says through his fictional accounts, Anders Olsson articulates through non-fiction, to put it simply. He doesn't construct his theories based on libertarian ideas about individual freedom, but rather on a description of the machine, which he calls Sweden, Inc., as a gigantic, dominating social mechanism built on bureaucracy and the wish to control the individual.
Anders has also advocated that journalists should enlist the help of hackers to enter, and examine, the proprietary computer systems of the government and other organizations. As described in the previous chapter, this took place in the case of the Ausgebombt BBS in Vänersborg. In his book Yttrandefrihet och Tryckfrihet ("Freedom of Speech and the Press"), he considers it fully justified to hack into computers owned by corporations, governmental institutions, and other organizations, in order to obtain information of public interest. He emphasizes that it is the purpose of the act, not the act in itself, that is most important. In his opinion, the constitutional (Swedish) protection of freedom of information, found in the articles on freedom of speech and the press, protects the hacker while looking for information with the intent of publicizing it.(4)