The Congress Center in Hamburg all dressed up for 29c3

29c3 is wrapping up. I had a really excellent time here, and had once of the best speaker experiences I’ve had at a hacker con.  As usual, the hallway track was fantastic: I got to hang out with the “friends I only see at cons” crowd, and meet some awesome new people.

My talk on the ethical analysis of activist DDOS actions in now online (and please do stay for the question session, this was a highly informed and enthusiastic audience who had great input).  The other talks I saw were all fantastic. I highly recommend watching them if you have the time. You can find all 111 (!!) hours of talks here.

This con was entirely run by a volunteer contingent of “Angels.” They did a brilliant job.  And Hamburg is a great town! I’m very glad to have gotten to visit and participate in 29c3.  Next stop, Switzerland!

OMFG NewsFoo!

EDIT: Link to my Ignite talk now included!

Sometime between the power outage Thursday night that left most of Cambridge in the dark and severely messed with my ability to construct my Ignite slide deck, and getting up at 5AM to catch a taxi to the airport, I started to have serious doubts about whether I should go to NewsFoo at all.  Reading over the guest list (NewsFoo is a by-invitation conference) was an exercise in “Oh God, everyone is so much more awesome than me.”  NewsFoo also fell on an end-of-the-semester weekend packed with PhD application deadlines and final papers I should really be working on.  I was plagued with anxiety about my Ignite talk crashing and burning, being too shy to talk to any of the  big name journalists and tech heads in attendance, and generally being the most awkward person in the room for three whole days.

You guys, it was so not like that at all.

NewsFoo attendee wall. Photo by Elise Who

Continue reading

Problematic Things That I Enjoy: An Incomplete List Presented In No Particular Order Without Comment

Game of Thrones
Mad Men
The Magicians, The Magician King
The Chronicles of Narnia
Star Trek: The Next Generation
pretty much every zombie movie ever
serial killer horror
slasher horror
actually pretty much all horror movies
most Joss Whedon properties
social hygiene films from the 1950s
That one Flo Rida song about “whistling”
The Lord of the Rings
Doctor Who
Ray Bradbury’s short fiction
the original Grimm Brothers fairy tales
heteronormative rom-coms where pretty people say clever things and kiss each other
Law and Order

Why You Should Read “Among Others” Right Now Or Maybe Not

A few weeks ago I finished Among Others, Jo Walton’s most recent book.  It’s been circling around in the periphery of my vision for a while now (it came out in January of 2011).  It’s hard to find the time for non-school or research-related media, and honestly, at the end of the day when I finally escape the lab sometimes I just want to sit in a corner, knit, listen to Philip Glass, and never interact with another written word as long as I live.  But when Among Others won the Nebula, the Hugo, and the British Fantasy Award in quick succession this year, I decided to hack some time out of a weekend and read the damn thing.

Since then, I have been evangelizing this book to everyone I know.  You guys, this book is just amazing. But every time I try to tell someone just how amazing Among Others really is, I get nervous and quiz them about their readings habits first.  Because if you haven’t read a rather staggering amount of English-language science fiction from the 1960s and 1970s and internalized it at a deep level, I’m afraid you will not get most of this book.

Continue reading

Question Box Question: How do I start a career in internet research?

In an effort to blog just a fraction more than hardly ever, I’ve added the Question Box, where citizens of the internetz can submit their questions and thoughts and I will try my hardest to answer them. As with everything on the internet, YMMV.

The first Question Box Question comes from Grace:

I am currently in a job where I do online consumer behavior research and strategy work. I love it, but I would prefer to use the skill for “good” (education) instead of “evil” (advertising/direct benefit of large corporations). I feel like a research role would be a great fit for me and would allow me to delve deeper into cultural trends and patterns, particular segments and issues, etc. However, the financial/time investment of moving my career in this direction is daunting, as you need a PHD. (I only have a BA). Where would you recommend someone start if they want to explore this as an option? Is there anything you would you have done differently on your journey to where you are in your education/career?

TL;DR: What advice would you give someone looking to research internet culture as their career?

The first job I ever had as an internet researcher, as an RA at the Berkman Center for Internet and Society, I got straight out of undergrad.  The idea that you need an advanced degree to do research, especially in the field of internet culture is, as a colleague just told me, “an enormous crock.”  One of the great things about this field is that it’s still very much an open playground. A lot of the most important work is being done by people without tenure or a shiny endowed chair.

Continue reading

HOPE9 Talk: Activist DDOS: When Similes and Metaphors Fail

EDIT: The video of this talk is now up! Check it out.

I presented this talk last night at HOPE Number Nine, which has been a super fun conference.  Don’t forget to check out the slide deck, which is full of lolcats.

In the interest of getting this up fast, I’m posting the raw version of my notes.  I’ll be adding citations over the next couple of days.



Previous characterizations of activist DDOS campaigns have traditionally fallen into one of two camps: those that unilaterally condemn activist DDOS campaigns as bullying and censorship, and those that align such actions with IRL sit ins.  Both these characterizations, however, cannot be applied to the entire landscape of activist DDOS campaigns as a whole. Rather, each campaign must be examined individually before a judgement can be made regarding its validity as a protest action.  DDOS as a tool cannot be wholly condemn or lauded without its surrounding context.

In this talk, I’ll be examining those previous characterizations, and at different DDOS campaigns that do and do not fit those models.  Next I’ll be outlining the current state of play of activist DDOS.  Finally I’ll be presenting a new analytical model for looking at activist DDOS campaigns, and presenting an analysis of the December 2010 Operation PayBack DDOS campaign against PayPal.  Also, to reward all you find people for coming out so late for this talk, there will be lots of pictures of cats.

Continue reading

Back from Kenya! And The Atlantic!

Yesterday I got back from the Global Voices Citizen Media Summit in Nairobi.  It was a pretty epic trip all around and I’ll be writing more about it soon.

A few hours after I touched down, The Atlantic posted my latest article on internet regulations and the hacker folk devil.  My sixteen-year-old self just gave my 26-year-old self the biggest high five.

Books that get you banned from the internet in Texas

A version of this article originally appeared on the EFF’s Deep Links blog

Earlier this month, an inmate in Texas was denied access to computers and an electronic messaging system because he ordered a copy of the information security handbook Hacking Exposed.  Does simply ordering a copy of an information security handbook render an individual a threat to the safe, secure, and orderly operation of a federal prison? Almost certainly not.

Hacking Exposed was written by three well-respected information security professionals, two of whom work at McAfee, and is intended to educate infosec professionals about the threat landscape. But the warden of the prison, and subsequently a federal district court, found that just by ordering the book, Reginald Green constituted a substantial enough threat to the orderly running of the prison to ban him from accessing the TRULINCS electronic messaging system or using computers for the rest of his incarceration.  Could the exploit information contained within Hacking Exposed be misused in the right environment? Sure, but so could lots of other things, like the hammers in the prison workshop or the weights in the prison gym.

This is an unfortunate, aggressive reaction to the social concept of “the hacker,” without pausing to consider the facts of the case.  If the book had been called “Offensive Information Security” instead of “Hacking Exposed,” would it have been confiscated, or Mr. Green deemed a threat?  We’ve seen many examples of security researchers and others calling themselves hackers and falling under undue and aggressive legal scrutiny because their motives and actions were misconstrued.  This is in part because the term “hacker” can, in general parlance, mean anything from a DIY enthusiast building portable chargers in Altoids tins to a hardcore cybercriminal selling stolen credit card numbers on a deep web message board. Individuals either calling themselves hackers or dubbed so by the media have been repeatedly targeted for publishing information on how to jailbreak your own devices. For example, Sony sued members of the hacker group fail0verflow after they revealed at CCC that they’d mathematically calculated the keys Sony uses to ensure only approved code runs on the PS3. In the same suit, Sony also sued George Hotz, better known as GeoHot, jailbreaker of the iPhone, for publishing the PS3 root key, even though he made clear he didn’t do so to enable people to run pirated games. People have also been targeted for offering jailbreaking services commercially. For instance, prosecutors brougth criminal charges against Matthew Crippen for modding XBOX 360s to run DRM-free games, which were ultimately dismissed.

Whether you call them hackers, makers, tinkerers, or information security researchers, people on the hacking spectrum have been a boon to society for decades.  They power innovation in all sectors and operate as a valuable check on the security and stability of the technology that forms the basis for our modern society.  Their curiosity drives our economy and challenges entrenched corporate and governmental interests.  However, the word “hacker” has changed since its origins in creative prank culture and innovative computing at MIT, and is now popularly used, more often than not, as a pejorative one that encourages fear-based knee-jerk reactions. Hackers are used as go-to villains by policy makers, who wave the nightmare scenario of rampant cybercrime and imminent cyberwar to justify legislative proposals that threaten to encroach on your digital civil liberties.

Rather than evaluating the actual threat posed by Mr. Green having ordered the Hacking Exposed book, the warden in this case appears to have latched onto the word “Hacking” and overreacted.  The security paranoia displayed in banning Mr. Green from the TRULINCS electronic messaging system and access to computers entirely also doesn’t bode well for their information security practices.  Theoretically, if the Bureau of Prisons is truly concerned about users within the prison system compromising TRULINCS, it ought to have measures in place to prevent users from, say, uploading or downloading attachments, installing and running programs, accessing the Internet, or gaining admin access to the workstation or local network.  If the system does potentially allow these actions, and is relying on the lack of knowledge in its user group to protect itself (aka security by obscurity), then that is a much bigger problem than one guy ordering one book.  A Bureau of Prisons memo (http://www.bop.gov/policy/progstat/5265_013.pdf), states that an inmate can be banned from the system if they have “special skills or knowledge” of computers or the internet.  Unless those skills or knowledge were used in the commission of a crime, the BOP wouldn’t necessarily be aware that an individual possessed those skills.  So rather than strengthening the TRULINCS system against unknown, potentially strong actors (people who enter the system with “special skills and knowledge” or outside attackers), the BOP here appears to be opting to take punitive action against a known weak actor (if he had the requisite skills and knowledge to compromise the network, one would assume he wouldn’t have needed the book).

What is being attacked here is the ability of individuals to pursue technical knowledge.  Rather than evaluating the actual threat posed by Mr. Green having ordered the Hacking Exposedbook, the warden in this case appears to have latched onto the word “hacking” and overreacted.

Human Rights, Rhetoric, and Technological Systems

A few weeks ago, my Networked Social Movements class went on a field trip to observe the protests against the then-proposed, now-passed cuts to the MBTA, the public transit system here in Boston.  While there, I saw and heard lots of people, in chants, slogans, and speeches, making statements along the lines of, “Public transit is a right.”

I don’t agree that public transit is a right.  I believe that public transit is awesome, I enjoy it and I wish there was more of it, both in Boston and nationwide.  It would be more accurate to say that I believe that public transit is a public/social good (in fact, in discussing these questions with some of my labmates, we came up with an alternate chant, “Public transit is a public good/From downtown to the hood,” which we’re rather proud of).  But my opinions of how public transit fits into the social construct are not what I want to talk about right now.

The question I primarily came away with that day is how the rhetoric of “rights” affect civil discourse.  When we call something as a “right,” how does that affect how we discuss that particular thing?  How does calling things that may not necessarily be rights affect how we talk about other things we consider rights, or future debates about rights?  Does it act as a diluting force?  How do we deal with rights, or potential rights, that are fundamentally matters of technological empowerment, rather than innate (dare I say, inalienable) capacities and aspects of the human condition?

A similar debate arose last summer, when the UN released a report which classified internet access as a human right.  This lead to a great deal of debate in the online community, particularly on the issue of, if internet access *itself* was a human right (as opposed to, say, the ability to freely communicate and assemble), how does that obligate governments to facilitate global access to the internet.  That report was primarily written in response to laws passed in France and the United Kingdom, which had recently passed laws which removed internet access for people repeatedly accused of violated copyright by downloading movies and such.  This brings up the question, did the UN report consider internet access a human right only in situation where the access was already available?  How does that construction (technologically-enabled rights only become rights when the technology becomes independently available in the market place) affect the conception of a human right?

Both public transit systems and the internet are technological systems which can be said to enable and facilitate rights which are widely recognized as human rights: the right to freedom speech and the right to freedom of movement (here I’m referring to the Universal Declaration of Human Rights for “widely recognized rights”).  When do technological systems which facilitate rights become rights themselves?  Are public transit systems and the internet fundamentally different than the justice system or modern medical technology, both of which are mentioned in the Universal Declaration of Human Rights (Articles 11 and 25), different enough that their status as “rights” should be different?

I am at the “whole lot of questions” stage of thinking about this issue.  If you have thoughts on the nature of human rights as relates to technological systems, please share them in the comments!

x-posted from the Networked Social Movements class blog