06 March 2012

DEFCON CFP submission: "Flex Your Rights: The Constitution & Political Activism in the Hacker Community"

I have no idea if it's a good idea or bad idea to post my DEFCON CFP submission online. For one reason or another, I have never posted my proposals. To be honest, I have never thought about it, until now. I can't see any good reason why not. On the other hand, I have been fortunate to have written a number of successful proposals for DEFCON talks in the past, so maybe this will help others in some small way.

Title & Abstract

Title: Flex Your Rights: The Constitution & Political Activism in the Hacker Community

Abstract: Let's be clear upfront: I don't care if you're a Republican or Democrat (or another party), I don't care if you're pro-life or pro-choice. This presentation isn't about politics in the traditional sense. What we should be willing to acknowledge, however, is that public policy issues and the political process increasingly overlap with issues and interests that are important to the hacker community. Issues like free speech, privacy, and copyrights manifest themselves in legislation like SOPA, PIPA, ACTA, the Cybersecurity Act, DMCA (and many others). Surely these issues are worth our time and attention. By exploring recent legislation, court cases, and newsworthy events, it's my aim to convince you that we, the hacker community, need to flex our rights right now, more than ever. Won't you join me?

Outline: I try to write detailed outlines of my presentation that give the speaker selection folks a good idea of what I plan to talk about. By the time my slides are up on the screen, I have often changed things around, added and deleted entire sections, but that's just the way it goes. When I wrote it, this is what I planned to do. Things will change (they already have), but it paints a picture for the selectors.

I. Introduction
A. Present background: why should you listen to me? Qualifications
B. Present background: why should be skeptical! IANAL, for example
C. Explain agenda
D. Introduce topic
E. Caveats1: explain why this isn't really a "political" presentation in the traditional sense
F. Caveats2: this is not "hactivism" either, I'm asking you to become a part of the process
1. Every action has costs and benefits
2. "Hactivism" has benefits, but how high are the costs?
II. Politics in the Hacker Community
A. The status quo
1. Mostly apolitical, especially at conferences
2. Activity tends to be limited to rare issues that go viral (SOPA/PIPA)
3. A sense that things are beginning to change as more issues invade our space
B. What I am asking of you?
1. Nothing more than the EFF is already doing
2. I'm asking you to start doing it yourself, too
3. This should not be a radical change for the community
A. First Amendment
   1. Concepts
a. Free speech
b. Speech as it applies online/impact of technology
2. Issues of interest
a. Censorship (H5N1 research, blocking)
(1) H5N1 flu research
(2) disclosure debate comparison
(3) Paypal "legal" censorship (SmashWords)
b. SOPA/PIPA (and their inevitable follow-ups)
B. Fourth Amendment
1. Concepts
a. Reasonable expectation of privacy
b. Impact of technology on privacy (see DEFCON19)
2. Issues of interest
a. Administrative searches
b. Administrative warrants & subpoenas
c. Surveillance (cameras, GPS, cells, drones)
d. It's your fault, too (our own behavior impacts the reasonable expectation of privacy)
e. Drone technology and the ad coelum doctrine
C. Copyrights and Patents
1. Civil forfeiture abuse (US Customs, Secret Service)
2. Patent abuse/trolls
3. Digital Millennium Copyright Act
4. Golan v. Holder and public domain issues
D. Licensing laws
1. Some licensing may be desireable
2. Other serves as a high barrier to entry to protect "insiders"
a. Locksmiths
b. Private investigators
c. Digital forensics
E. Lens of Liberty
1. Potentially the most controversial, but doesn't need to be
a. Lens analogy (good? bad?)
b. process rather than substance; we can agree on process and disagree on substance
2.  Current worldview:
a. Islands of liberty in a sea of power
b. Not surprising giving massive size of govt bureacracy
c. "Red hat" analogy
3.  Proposed worldview:
a. Islands of power in a sea of liberty
b. A fundamentally different way of asking the question
c. Scepticism
(1) does the law actually accomplish its intent?
(2) short term solution or long term solution?
(3) What the consequences to all groups, not just a few (special interests/groups)
(4) or, does it benefit the whole, or just a few
d. Social contract
e. Balance of powers
f. Separation of powers
g. Federalism
4.  You may view issues through this lens and still come up with the same answers, or not
IV. Conclusions
    A. Restate argument
1. this isn't really a "political" in the traditional sense
2. this is not "hactivism" either
3. I'm asking you to become a part of the process
4. Nothing more than the EFF is already doing
    B. What can we do?
1. Vote (if you don't like the choices, do something about it)
2. Participate: in person, online, writing, calling, etc.
3. Educate
a. Yourself: read proposed legislation, don't rely on other people's work (or lack thereof)
b. Others: convince people that your rights and their rights are one in the same

Whitepaper: Even though CFP technically stands for "call for papers", I have always treated it like "call for proposals"; and in fact, I have never submitted a whitepaper before this year (to any conference). So they're certainly not required. But I felt like my subject was at least marginally controversial enough (for a hacker conference) that I wanted more space to expound upon my ideas. In reality, it's just a fleshed out version of my outline and the general direction that I want to go.

The hacker community has mostly been an apolitical force. The Hacker Ethic lends itself to a libertarian-ish type of philosophy, but at conferences, and in general, hackers tend to stay away from overt shows of partisan politics (one notable exception: 2600/HOPE). Generally speaking, I think this is a good thing. On the few issues which do rise up and go viral (i.e., SOPA/PIPA), the hacker community will stand up and make its voice heard: not always in unison, but heard nonetheless.

The increasing role of invasive forms of technology in our everyday lives brings many issues to the forefront that the hacker community has typically left to its legal support organizations such as the Electronic Frontier Foundation. The EFF appears to be well-supported from the hacker community from a financial perspective, but support in other forms—manpower, boots on the ground, phone calls, letters and visits to legislators, in short, political activism—seems less clear.

As a growing avalanche of issues threaten to scale back our constitutionally-guaranteed freedoms, more issues begin to invade the space of the hacker. Free speech is not just for flag-burning, it increasingly manifests itself through technology—online speech and censorship are but two ways. Invasive technology has also forced the courts to interpret outdated laws on searches and seizures and the right to privacy. How these laws and rulings impact cell phones, computers, email, encryption, are all vitally important to the everyday work of the hacker community. And this is just the beginning.

It should be clear that the “traditional” political activism this presentation recommends seeks to distinguish itself from more common hacktivism often seen in the hacker community. This is not to say that hacktivism does not have its benefits; clearly, it does. It also has costs. It is my contention that, more often than not, the benefits of hacktivism (primarily awareness) are outweighed by the costs (possible jail time, the likelihood of more stringent laws). Likewise, this presentation isn’t advocating a move to transform the hacker community into a political movement—only to do (as an example) what the EFF is already doing. But financial contributions aren’t enough—hackers need be personally involved—to be the foot soldiers for freedom. And we not limit our issues to those embraced by the EFF—any issues that impact our freedom need action.

A. First Amendment. The First Amendment is usually analogous with the idea of free speech, and understandably so. In some ways, we have come so far in speech freedoms that we take them for granted. In other ways, small, insidious measures threaten to limit our speech—sometimes without even a peep from us.

Free speech also brings domain seizures to the forefront. Using civil forfeiture laws, the government can effectively limit speech. Worse yet, these laws flip justice on its head: the owner is now presumed guilty, and must “prove” his innocence.

Bloggers and others in other countries are under fire for their content—but that couldn’t happen here, right? Except it already does—the Department of Homeland Security has already admitted to monitoring social media. Perhaps this is not as invasive as it might be in other places, but it is chilling nonetheless.

Companies such as PayPal may deny service to organizations that produce or support content with which PayPal disagrees. This, in many ways, is a sort of legal censorship as it applies to publishers like Smash words. On that many of us can agree. The solution, on the other hand, is more perplexing. Should the government have the power to force PayPal to provide service to all businesses who want to use it? It’s not difficult to see the slippery slope here.

B. Fourth Amendment. My presentation last year was entitled “WTF Happened to the Constitution? The Right to Privacy in the Digital Age.” This presentation focused primarily on privacy issued related to the Fourth Amendment.

The Fourth Amendment is primarily based upon the concept of “reasonable expectation of privacy.” It’s a concept with variables, and our behavior can change the value of those variables. Unfortunately, to this point humans have been the weakest link. Our own behavior has weakened our reasonable expectation of privacy in many ways. Fortunately for us, the opposite is also true. If there were ever an issue that so clearly called for the involvement of the hacker community, this is it. One person opting out of an invasive airport scan may not signify a change in behavior, but 100 or 1,000 opt-outs may begin to turn the tide. Obviously, this doesn’t apply to airport opt-outs.

Recently, the Fort Worth city council decided to purchase a cell phone tracking system for the police—and with the express intent of developing probable case. This is a grave violation of the Fourth Amendment. Maybe your town is next.

Recent legislation and the explosion in drone technology promises further invasions into our homes and backyards. The ad coelum doctrine, rewritten once already last century due to the advent of air travel, is likely to see further revisions as drones become ubiquitous over our homes and businesses.
Other issues are equally important: administrative searches, administrative warrants, public surveillance.

C. Copyrights and Patents. SOPA/PIPA were the rare issues that went viral. We needed Anonymous to remind us of the history of Hollywood, that movie producers moved to California to avoid Edison’s patents. But these issues remain, and they will not give up after one loss.

There are other copyright and patent issues lurking that are important to hackers. Among them are civil forfeiture abuse (sounds boring? Kit Dotcom and others wouldn’t think so), patent abuse and patent trolls, the ever-present Digital Millennium Copyright Act, and public domain issues.

Who would have ever thought that Congress could take things out of the public domain? Yet the Supreme Court ruled that, upon signing the Uruguay Rounds, the Congress could remove works already in the public domain and restore their copyrights.

D. Licensing Laws. While most of this presentation has focused on the federal government, they have, by no means, a monopoly on actions that impact our freedoms. Some states have restrictive licensing laws for hacker-related occupations like locksmithing, private investigators, or digital forensics. While some of these licensing laws may be desirable, others serve as a barrier to entry to protect insiders.

E. Lens of Liberty.
The Lens of Liberty is a proposed worldview: potentially controversial, but need not be. It is more philosophical than political. In fact, it is an argument that suggests we can agree on issues of process while disagreeing on issues of substance.

Our current worldview is dominated by the idea that we have small islands of liberty in a sea of government power. This is not surprising given the massive size of our federal bureaucracy. I’ve asked the question in the past: Do I have the right to wear a red hat on Wednesdays? A search of the Constitution and Bill of Rights will find no such right. Can the government outlaw my hat?

The Lens of Liberty argument suggests that this question is asked in a fundamentally wrong way. In fact, the question should be: Does the government have the power to prevent me from wearing a red hat on Wednesday? Now, the answer becomes unequivocally clear: it does not.

At the core of the lens is the idea of skepticism: Does a law actually accomplish its intent? Is it a short term solution or long term solution? What are the consequences to all groups, not just a few (special interests or specific groups)? Does the law benefit the whole, or just a few at the expense of the whole?

This brings up many other issues: the social contract, the balance of powers, the separation of powers, and federalism. This presentation is not a political science lesson, but it will show how these issues are important to the hacker community.

It should be clear by this point that this presentation is not “political” in the traditional sense. A hacker’s position on any number of otherwise divisive issues should not prevent the community from taking a more active stand on issues of freedom that affect us all. Whether someone is a Republican or Democrat or other party should not matter that our freedoms are increasingly under attack from legislation written by representative who admit their technological shortcomings and treat it as humor.

The number one recommendation from this presentation is a simple one: vote. It is often said, and more true than not, that one cannot complain if they do not vote. It is often said in response that “I don’t like the choices.” True enough. Then do something about it. Change the choices. Why can’t you be the next candidate for school board, city council, or even state legislature and beyond?

Number two: participate. Sending money to the EFF every year is a great first step, but we have to move beyond that. The city council will probably buy a nice new shiny cell phone monitoring system for the police without thinking twice about it—unless you’re there to raise legitimate concerns. Participation means in person, online, on the phone, in the mail.

Number three: education. First, yourself. Don’t rely on other people to tell you what’s in a proposed bill—in many cases, they’re pushing a particular vision or they may have not done their homework!—go read it yourself (it’s shocking how few people actually do this). Second, educate others. Convince people that your rights and their rights are one in the same. Your free speech online is the same as their free speech at the Occupy movement, or wherever. We don’t have to agree on policy to share belief in the same freedom.

Biography: I typically have a generic biography and then customize it to the talk. So, for example, since this talk is about the Constitution, I included a few items that would be relevant.

Michael Schearer ("theprez98") is the founder of MyFreeState, the Freedom Report, and the Assault on Privacy, projects which document abuses of our freedom and liberty.  Michael is the owner of Leverage Consulting & Associates, a computer security business. He spent nearly nine years in the United States Navy as an EA-6B Prowler Electronic Countermeasures Officer. His military experience includes aerial combat missions over both Afghanistan and Iraq and nine months on the ground doing counter-IED work with the U.S. Army. He is a graduate of Georgetown University's National Security Studies Program and a speaker at ShmooCon, DEFCON, HOPE, and other conferences. Michael lives in Maryland with his wife and four children.

Post a Comment