A few weeks ago I had the chance to attend the 28th Chaos Communication Congress in Berlin (28C3). The congress is a four-day event on technology, society and utopia organised by the Chaos Computing Club (CCC), an organization of hackers. Founded in Berlin in 1981, the CCC mobilizes for internet freedoms, universal access, and transparency in government, and counts over 4,000 members. The Congress takes place annually at the end of December at the Berliner Congress Center on Alexander Platz. Over 3,000 hackers converged on Berlin for the 28C3: Behind Enemy Lines. Here I offer some snapshots from the Congress and illustrate the main topics of discussion. Click on the links to be directed to the video recordings of the talks (in English).

Hands-on: Onions, coins and satellites

Hacking is about fixing the world through software. And the world has got many problems nowadays. To begin with, access to the Internet is increasingly being restricted by governments and companies alike. Authoritarian governments in particular are insistently trying to control and curtail the Internet. The Spy Files published by WikiLeaks have exposed the extent to which Western security companies are involved in providing the tools for authoritarian governments to censor and monitor electronic communication. This is nothing new in hackerdom. But following the Arab Spring, mainstream media has also finally picked it up, and issues of Internet control and censorship have entered public debate. In order to counter surveillance and control of cyberspace hackers have developed tools to enable anonymous browsing. As a CCC representative said at the opening of the 2011 Congress, what hackers do or not do as a community really matters, as digital technology is now more than ever at the center of society’s development. And there is an arms race going on between hackers’ anonymization tools and governments trying to restrict access to them.

Evgeny Morozov opened the Congress with the keynote Marriage from hell: On the secret love affair between dictators and Western technology companies. He explored the wrongdoings of the companies involved in creating and selling surveillance technologies. Many of these technologies have originally been developed in response to domestic needs of Western countries, mainly in the context of the “war on terror”. The containment strategies proposed by the United States and the European Union to stop this trade, such as sanctions on authoritarian countries importing surveillance technologies, do not work; in order to bypass sanctions, such countries rely on intermediaries like Moldova or South Sudan which are able to purchase surveillance technology with no restrictions, and thus buy it and ship it over to countries like Syria or Iran.

Hackers respond with hands-on fixes such as Tor, an onion routing encryption system designed to “let people all around the world change the world in the way they think their world has to change.” In an energizing talk on How governments have tried to block Tor, Roger Dingledine and Jacob Appelbaum (The Tor Project) illustrated how the governments of China, Syria and Iran have repeatedly tried to block Tor, and how Tor developers are trying to counteract these threats.

Andy Müller-Maguhn called for involvement in Bugged Planet, a collaborative project trying to map the international surveillance and intelligence technology industry. This business has boomed since September 11, 2001 and mobilises billions of dollars per year. Often these technologies are marketed to countries that are not very democratic. Yet, this industry remains largely secretive and unregulated. Bugged Planet is a public wiki for collecting and storing information on the companies involved in the industry.

Michael Brennan from Drexel University in Philadelphia, Pennsylvania, presented two open source tools that enable users to protect their anonymity by obfuscating their writing style (watch presentation). Computer-assisted authorship recognition is increasingly a threat to anonymity: courts, for example, might try to determine authorship of documents through linguistic means. Anonymouth and Stylo allow users to apply deception to writing style to circumvent methods of authorship detection. Anonymouth helps individuals modify their writing style by identifying the recognizable patterns in it, whereas Stylo is a machine-learning based authorship detection tool that provides the basis for Anonymouth’s decision making.

A second hot topic at the congress was electronic money. Self-determination and autonomy are sacred values in hackerdom. And BitCoin, an alternative digital currency, appeals to hackers because it questions the ability of governments and authorities to control currency and transactions involving money. In fact, transactions in BitCoin, which is based on peer-to-peer networks, are enabled by individuals involved in economic relations, thus excluding banks and ruling out state control. At the Congress BitCoin was analyzed (and criticised) from the technical and juridical perspectives.

“Today networks are evil,” said Nick Farr. We do not have unlimited high-quality affordable technology, as technology is based on an old business model involving proprietary standards. The hacker community has to build its own distributed networks, where users and providers are on the same level. Following a call for the Hacker Space Program in summer 2011, a group of hackers proposed to build a distributed satellite communications ground station network that would provide fast, cheap, secure and reliable Internet connectivity. At the 28C3, a call to arms went out in order to build this network. All open source, of course.

Other talks focused on security in crisis response operations, effective denial of service attacks, resilience towards leaking, and data mining.

Advocacy: “Politicians that you can trust? In the world of carebears”

Hackers are not only about hacking computers. Occasionally they might try to hack the law. The CCC has a long history of hacktivism. In the 1980s, for example, CCC activists exposed the security flaws in the Bildschirmtext (BTX) program, an interactive videotex system. By exploiting a bug in the software, they managed to get quite some money transferred to their own account on BTX, money that was returned to the bank it came from once the hack was disclosed. For those who do not know the history of the CCC, historian Kai Denker illustrated the early days of the Club and its role in law-making: Does hacktivism matter?

La Quadrature du Net, a French advocacy group promoting Internet freedoms and rights, encouraged hackers to counter-lobby EU institutions. La Quadrature intervenes in policy debates concerning telecommunication regulation, online privacy, net neutrality and data retention. Currently it mobilizes against the Stop Online Piracy Act (SOPA) and the Anti-Counterfeiting Trade Agreement (ACTA). At 28C3 other meetings targeted EU legislation such as the data retention directive, adopted in 2006 and due to be revised in 2012, forcing providers of electronic communications to retain the meta data of all communications for two years and release them upon request by security agencies. In the mid-2000s there was a huge mobilization in Germany and other EU countries against the legislation but things have gone quieter recently. During the Congress, a march was organized by AKVorrat, a German civil rights and data protection association.

But of course the hottest topic at the 28C3 was the war on copyright and SOPA. Cory Doctorow, co-editor of the blog Boing Boing, gave an empowering lecture on “the coming war on general computation.” In his opinion, the copyright war so far was still at the beginning. The real battle will be over general purpose computers. Starting from the assumption that in the near future the industry will increasingly call for regulation in computers to offset the many ways in which machines can be “misused”, Doctorow foresees that computers will be constrained by built-in software preventing users from using their computer to misbehave. In this way, policy will be embedded in the machine without the user even knowing.

This is r0ket science! What’s up in the Huge Hacking Area

Things were bubbling in the basement, the Huge Hacking Area, equipped with fifty soldering iron setups and all kinds of useful tools. Workshops on offer included “Make your own Geiger Counter”, “Arduino for Total Newbies”, and “Circuit Blending”.

Mitch Altman taught people to build the universal remote control a TV-B-Gone on an Arduino board. Arduino is a microcontroller designed to facilitate the creation of interactive objects and environment by non-experts. Both the hardware and software are open-source. The hardware, which can be built by hand or bought preassembled, is a simple board with an Atmel AVR processor and an input/output support. Arduino has its own programming language, based on Wiking.

The R0ket is also a single-board microcontroller that looks like a tiny flat rocket. It was created as an electronic name tag for the 2011 Chaos Communication Camp, held in Germany in August, but it is a full-fledged development board, accessible as a mass storage device via USB. Many r0kets were around at 28C3… and they were used also to launch real firework rockets (watch the video of the hack)

Miscellaneous from the Lightning Talks

The Lightning Talks are a daily series of 10’ presentation on a rolling basis where hackers can present their latest projects to see for help, advice or notoriety. Dozens of projects were presented, and it is impossible to do justice to all the contributions. I focus here on those that captured my attention. Matthias Wachs presented the latest development in GNUnet, a peer-to-peer framework to enhance network neutrality and reduce the possibilities of censorship.

Mind hacking seemed to be a popular topic. Both Brain Hacks and mindhacking.org encourage hackers to hack the brain by exposing and exploiting the vulnerabilities of the human mind.

The German privacy and digital rights NGO FoeBuD launched SocialSwarm, a think tank seeking to encourage the creation of decentralized and secure alternatives to Facebook and its siblings. The reasoning is simple: social networking companies centrally store user data, and users have become the product in their business model. Solutions like mass suicide of Facebook accounts or initiatives like Quit Facebook Day do not prompt mass numbers of users to switch off. SocialSwarm wants to promote distributed social networks where the user (and not the company) is in control of the data. Based on free software and open standards, they must implement end-to-end encryption and have to be so amazing that people forget Facebook. SocialSwarm is seeking contributors of all kinds, including techies.

… and the fun part.

The CCC Congress is not only about algorithms and protocols, and desperate Alice and Bob. Hackers go to the CCC Congress also to have fun. The all-time favorite is the Hacker Jeopardy!, where a bunch of geeks challenge each other in a variety of topics ranging from general culture, memes, religion, terror and hacking, including questions on the r0ket and the Morse code. Great geek fun.