Trip Report: UW signing-party

Dear Debian Users,

I met last night with a friend from many years ago and a number of students of cryptography. I was disappointed to see the prevalence of black hat, anti-government hackers at the event. I was hoping that civilized humanity had come to agree that using cryptography for deception, harm to others and plausible deniability is bad, m’kay? When one speaks of the government as “they,” nobody’s going to get anywhere really quick. Let’s take responsibility for the upkeep of the environment in which we find ourselves, please.

Despite what I perceived as a negative focus of the presentation, it was good to meet with peers in the Seattle area. I was very pleasantly surprised to find that better than half of the attendees were not male, that many of the socioeconomic classes of the city were represented, as were those of various ethnic backgrounds. I am really quite proud of the progress of our State University, even if I’m not always in agreement with the content that they’re polluting our kids’ brains with. I guess I should roll up my sleeves and get busy, eh?

V/R,

C.J.

This entry was posted in 19.34 RCW, amateur, cryptography, debian, Free Software, freenode, government, gpl, irc, LD43, linux, microsoft, military, Networking, NIST, nsa, open source, OSX, pgp, politics, PRCCDC, production, security, SELinux, Software, tls, ubuntu, washington, Washington State Ubuntu LoCo, Windows, x509. Bookmark the permalink.

17 Responses to Trip Report: UW signing-party

  1. Steven C. says:

    Forgive me, I didn’t look at the presentation, but some of your statements seem rather incredible:

    “the prevalence of black hat, anti-government hackers”
    Why do you suppose that is? Did that sentiment spring out of nowhere?

    “using cryptography for deception, harm to others and plausible deniability is bad”
    We learned that US and collaborating governments do that on the most horrific scale: hack into innocent parties as cover for attacks on other targets, breach foreign university and hospital computer networks, and collate metadata which is used to ultimately kill people. I hope that’s what you were referring to, because much else is largely insignificant in comparison.

    “Let’s take responsibility for the upkeep of the environment in which we find ourselves, please”
    Irresponsible kids have become extremely powerful force in the world. I know, their individual motiviations seem self-serving and reckless, and for a while I thought they were a concern. But collectively they’ve caused many revelations of unjustice, and much positive change as a result, that governments would never have allowed to happen through a dialog under their own rules.

    • >> the prevalence of black hat, anti-government hackers
      > Why do you suppose that is? Did that sentiment spring out of nowhere?

      By no means. What do you recommend as a solution to the problem that the governed face because of a corrupt government? Do you recommend violence, panic, rioting in the streets? Let’s all just take a moment and breathe. Violence begets violence, so let’s not cause any more damage than has already been done by both parties. Let’s re-focus our energies on building infrastructure which accounts for the problems we’re facing.

      in short, patches accepted.

      >> using cryptography for deception, harm to others and plausible
      >> deniability is bad

      > We learned that US and collaborating governments do that on the
      > most horrific scale: hack into innocent parties as cover for
      > attacks on other targets, breach foreign university and
      > hospital computer networks, and collate metadata which is used
      > to ultimately kill people. I hope that’s what you were
      > referring to, because much else is largely insignificant in
      > comparison.

      Ah! I see that you’re picking up what I’m laying down. Leave it there if you do not and do not intend to hold US citizenship. Otherwise, take it one step further: what have you done as a citizen of the United States that has permitted this type of thing to occur? If you answered, “Pay My Taxes” you are one step closer. Since we pay taxes, we get the opportunity to influence the spending of our tax funds. If we found details regarding the operations you speak of, we can take this to our representatives and ask to have it addressed.

      We could make a Notarial Act of the event if you would like me to file a report.

      >> Let’s take responsibility for the upkeep of the environment in
      >> which we find ourselves, please

      > Irresponsible kids have become extremely powerful force in the
      > world. I know, their individual motiviations seem self-serving
      > and reckless, and for a while I thought they were a
      > concern. But collectively they’ve caused many revelations of
      > unjustice, and much positive change as a result, that
      > governments would never have allowed to happen through a dialog
      > under their own rules.

      I see you there on my lawn. You look like you could use some guidance.

      http://www.youtube.com/watch?v=752W9M-ZNfc

  2. Party like it’s December 31st, 1983 | https://cryptoparty.in/ | https://github.
    20:05 -!- Topic for #cryptoparty: Party like it’s December 31st, 1983 |
    https://cryptoparty.in/ | https://github.com/Cryptoparty |
    https://twitter.com/CryptoParty_ | official IRC is at irc.oftc.net
    #cryptoparty
    20:05 -!- Topic set by samthetechie
    [uid352@gateway/web/irccloud.com/x-ybfdfsiluwaztdkb] [Mon Jul 8
    08:16:14 2013]
    20:05 [Users #cryptoparty]
    20:05 [ amalagon_] [ cj ] [ MacLemon ] [ sighmon]
    20:05 [ amatecha ] [ itspara] [ Marlinski] [ wk-work]
    20:05 -!- Irssi: #cryptoparty: Total of 8 nicks [0 ops, 0 halfops, 0 voices, 8
    normal]
    20:05 -!- Channel #cryptoparty created Tue Sep 18 02:23:30 2012
    20:05 -!- Irssi: Join to #cryptoparty was synced in 1 secs
    20:05 < cj> does irssi do OTR, I wonder?
    20:06 -!- fourchickens is now known as meg
    20:06 < meg> @koanhead just emailed you, good to see you
    20:13 < penglish1> Seattle folks?
    20:17 -!- penglish1 [~tallpaul@D-69-91-153-52.dhcp4.washington.edu] has joined
    #cryptoparty
    Day changed to 16 Jun 2015
    09:14 < cj> well that was fun. thanks all for coming out last night.
    09:17 [Users #cryptoparty]
    09:17 [ amatecha] [ cj] [ MacLemon] [ Marlinski] [ wk-work]
    09:17 -!- Irssi: #cryptoparty: Total of 5 nicks [0 ops, 0 halfops, 0 voices, 5
    normal]
    Day changed to 17 Jun 2015
    09:53 < cj> penglish1: oops. missed you.
    10:24 < cj> I was not impressed with the presentation, AJ. I think there was
    too much focus on the aspects of cryptography which can be used for
    making poor decisions that nobody can call you out on. Better
    topics might be the answer to your previous audience member’s
    question: non-repudiation.
    10:25 < cj> https://en.wikipedia.org/?title=Non-repudiation
    10:26 < cj> http://resources.infosecinstitute.com/non-repudiation-digital-signature/
    10:27 < cj> sos.wa.gov/ea
    10:27 < cj> http://www.sos.wa.gov/ea/licensing_personnel_app.aspx
    10:29 < cj> this Act specifically deals with x.509 as codified in
    itu.int/ITU-T/X.509
    10:32 < cj> I would like to see the Act expanded to specifically support
    Recognized Certification Authorities which make use of sks-style
    servers as well as the x.509 infrastructure, which can only be
    operated by “businesses too big to fail.”
    10:36 < cj> but enough of this. I need to make a mouse some money.

  3. Steven C. says:

    > Do you recommend violence, panic, rioting in the streets?
    No, I don’t recommend that, but I think it’s a likely scenario, which is sad. Some might say it began already.

    > Let’s re-focus our energies on building infrastructure which accounts for the problems we’re facing.
    On the technical side, hardening our communications and IT systems from pesky cybercriminals might do a great deal to protect them from corrupt state actors too, both foreign and domestic. A major issue has been complacency; people care more about keeping their data private from fraudsters, than hiding it from a domestic surveillance program where they never knew of its existence or understood its implications for their freedom. And vice-versa, the mass rollout of TLS in response to the PRISM revelations should improve cybersecurity for all society.

    > Leave it there if you do not and do not intend to hold US citizenship.
    I don’t; wouldn’t even dare to visit. Don’t really understand what you said as it’s unclear if any of it was sarcasm.

    > I see you there on my lawn. You look like you could use some guidance.
    We both could use some mutual understanding, I think. I know there are some who want to engage with the “IT people” (quoting the government lady in the audience of the May 2nd Princeton WWS conference) as if their views might win over desires of authoritarian government or powerful corporate interests when policy is being made. There are even others who think the FBI’s domestic and NSA’s foreign spying programs are legitimate, and of course there are real, technical folk still working every day to help them implement those, and they must have their reasons.

    > http://www.youtube
    Sorry, I boycott Google services, especially where it requires to execute non-free JavaScript code on my computer, and collects unique identifiers to profile its users and media viewing habits.

  4. blibbet says:

    The reason that there were so many ‘activists’ at the event was that this cryptoparty was being organized by TA3M (Techno-Activism, 3rd Mondays) Seattle, http://seattle.ta3m.net. So, by definition, you’ll find activists at the event. Post-Snowden, there’s probably most anti-gov feeling than before, but cryptoparties to me are to help the Phil Zimmerman Legal Defense Fund,when the do-know-wrong goverment was hassling him long ago. Heck, even organizer required Goverment ID to attend the event, so this WoT is gov trust-based, apparently. :-)

    • Thanks, I’ll take a look at that link. There was an attendee who mentioned that name while I was there. I am advocating activism as well. I’m just not advocating activism with primarily or incidentally malicious intent.

      Heck, even organizer required Goverment ID to attend the event

      Nobody checked my ID at the door, and I am happy to perform personal identity validation with alternative forms of ID if supplicants are unwilling or unable to provide something issued by a recognized governmental authority. But then, I think I am technically speaking a recognized governmental authority, so that may or may not equate to a significant distinction.

      The event was also graciously hosted by our State Government. I consider this a figurative olive branch. My opinion is that it should be accepted in the spirit with which it is offered. Further, I propose that we take steps to tune, repair and build this complex social system rather than turning to abuse, exploitation and destruction. An eye for an eye makes the whole world blind, I hear.

      • Blibbet says:

        Also, AFAIK, TA3M Seattle is *NOT* a blackhat, anti-government event. (In their multiple years of monthly meetings, they’ve had one 0-day talk, if some would count that as blackhat). In the beginning, the former organizers used to explictly warned against any blackhat behavior in the welcome talk slides.
        Activists are by-definition against something, and this cryptoparty was announced to the SeattlePrivacy.org and the DefCon/BLACKHAT-centric DC206 list. Most of the TA3M Seattle activists are concerned about Snowden type issues or Aaron Swartz type issues, or are related activist groups (Black Lives Matter, GMO, Greenpeace, etc.) who need some tech help with their online communications.
        Most of the privacy-centric people work on Seattle Privacy Coalition or on Seattle.gov CCTAB to constructively through political process to improve Seattle.gov privacy policies, and have made multiple wins over the last few years.
        A lot of Free Softare people are against closed-source software, and I think this cryptoparty had somewhat of a Free Software focus. GNU/GnuPG is Free Software and the source of the modern WoT, nobody reading this blog can afford the closed-source commercial PGP product anyway.
        Setup a cryptoparty on the Eastside, instead of in metro Seattle area, and you’ll get a VERY different group of attendees…
        Lastly, The Gov ID comment was tongue-in-cheek, cryptoparty organizer mentioned in announcement that it was required, which seemed a bit odd in announcement.
        I didn’t attend event, not sure about the presentation you saw. Also /do-know-harm/do-no-harm/ typo, sigh I always get no/know wrong… :-(

      • Alex Jordan says:

        Hi, presenter here.

        > Nobody checked my ID at the door, and I am happy to perform personal identity validation with alternative forms of ID if supplicants are unwilling or unable to provide something issued by a recognized governmental authority.

        The ID wasn’t required to attend. It was required to fully participate, because my recommendation was that people compare photo ID before signing keys.

        > The event was also graciously hosted by our State Government. I consider this a figurative olive branch.

        The government is not a one-headed entity.

        > Further, I propose that we take steps to tune, repair and build this complex social system rather than turning to abuse, exploitation and destruction.

        Let’s be excruciatingly clear: Blibbet is correct. I don’t condone and have never condoned blackhat activity. TA3M Seattle does not condone blackhat activity. We have had one zeroday talk, after which, AFAIK, the presenter made a responsible disclosure and a CVE was issued.

        When Blibbet said that “most of the TA3M Seattle activists are concerned about Snowden type issues or Aaron Swartz type issues, or are related activist groups (Black Lives Matter, GMO, Greenpeace, etc.),” he was spot on, and that’s the type of audience I aimed for. If you interpreted that as me supporting blackhats, you have my apologies (and I can understand how you may have thought that). But that’s not what I meant.

        I accept patches. If you don’t want to use GitHub, I’ll happily take stuff from git format-patch.

  5. hoodedrioter says:

    Dear C.J.,

    Since you write your post in such a paternalistic fashion, from the heights of your tower of reasonability and privilege, I will have no qualms about replying in the same tone. So here it goes: you, my child, are profoundly mistaken about the nature and purpose of government and about the structure of systematic oppression and exploitation that almost all of us live under.

    You see, some of us do not have the comfort of votes and taxes to lullaby our asses into thinking this world just needs a bit of reform here and a sprinkle of reason over there. Most of us feel the constant excruciating pain of labour, in the form of back pain or piercing depression, police aggression and humiliation, malnutrition and repetitive strain injuries, threats of rape, fear and anxiety about what tomorrow will bring. How dare you lecture me? What gives you the insight to tell me how I should respond to class, patriarchal, racial, state violence? The government is there to govern, to run the state apparatus to keep all this shit humming along so the boss can make another dollar on our collective misery. We are not on the same boat, our interests are not the bosses or the government. We are at war, whether you know it or not. And they’re winning, all the while we are being reasonable and vote and pay our taxes and write our petitions. So, yeah, I will riot. I will do all I can to attack the system of oppression and exploitation that drains our blood to convert it into profit. I will advocate the dismantling of this social order so another one can emerge – by all means necessary.

    So you see, we could have a political discussion about this, that’d be fine. That moralizing streak won’t do, though. The diversity you praised just goes much further than you thought and so does the critical thinking that comes with it.

    best regards.

    • This sounds like whining, defeatism and aluminum-foil hat lining to me. I’d love to hear some specifics of your (cryptography-related) concerns and how these problems are affecting you personally. We can address those sorts of issues, where as things like “The government is there to govern, to run the state apparatus to keep all this shit humming along so the boss can make another dollar on our collective misery.” doesn’t really describe a problem that needs solving. Also of note, I think you’re getting a bit off topic with your diatribe about back pain and rape. Yes, these are issues that the world is facing. No, it doesn’t really have much to do with the topic at hand, though.

      How dare you lecture me?

      What? Here? On my blog? The one entitled The Pædantic Programmer? I’m going with the assumption that all of my readers are here to hear my opinions and to learn something. Like you know… lecture style.

      What gives you the insight to tell me how I should respond to class, patriarchal, racial, state violence?

      I wasn’t aware that I told you how to respond to any of these off-topic subjects. I’m sorry you thought I was talking about something other than the use of cryptography for malicious purposes. Can you tell me what I said that made you think this? I’d be happy to go back and tune up the post.

      We are at war, whether you know it or not.

      Oh, I’m quite aware. I volunteered for training and qualified as an emergency management specialist and Liaison Officer in this war, it turns out. But I’d prefer to de-escalate rather than causing an emergency that we’d then have to manage.

      And they’re winning,

      Again with the “they.” Who is “they,” and what, exactly have “they” won? What ground needs to be won back from “them?” Your vagueries begin to sound like clichés to me. You sound as if you’re a rebel without a cause. Can you tell me what it is you intend to riot about with regard to cryptography? Can you give me some details about the system of oppression and exploitation? Examples? Try to keep it on topic, though, please. I’m trying to focus here.

  6. hatless says:

    ” I was disappointed to see the prevalence of black hat, anti-government hackers at the event.”

    And yet you don’t mention even one, let alone how many were actually there or how you knew they were “black hat” or “anti-government”. I think you have misguided yourself on that score.

    “I was hoping that civilized humanity had come to agree that using cryptography for deception, harm to others and plausible deniability is bad, m’kay?”

    Of the cryptographic technologies actually mentioned in the presentation, only one, Tor, offers any semblance of ‘plausible deniability’. Ironically enough, Tor started life as a project of the Unites States Government’s Department of the Navy, and is still in use by that government.
    If the United States government is not part of ‘civilized humanity’ by virtue of using and having started Tor, and if these putative ‘black hat, anti-government hackers’ of yours are not part of ‘civilized humanity’ by virtue of their anti-government stance (_and_ use of Tor), then who constitutes ‘civilized humanity’?

    “When one speaks of the government as “they,” nobody’s going to get anywhere really quick.”
    What pronoun is acceptable when referring to the government? I understand that the use of “they” without referent is a signifier of paranoid conspiracy theories- but when referring to “the government” or “agencies within the government” or any specific group of people it’s neither controversial nor grammatically incorrect.

    “Let’s take responsibility for the upkeep of the environment in which we find ourselves, please.”

    Yes, do let’s take responsibility. For example, let’s contribute to the upkeep of our web of trust by not signing keys we haven’t taken the time to properly verify in person.

    • And yet you don’t mention even one, let alone how many were actually there

      Well yes, but they seem the sorts that would prefer to maintain their anonymity. I’m not the kind of guy who blows peers’ cover, even if we don’t necessarily see eye to eye.

    • Of the cryptographic technologies actually mentioned in the presentation, only one, Tor, offers any semblance of ‘plausible deniability’.

      Yes. Only the technology that 85% of the presentation was aimed toward. Right. And the audience’s clearly superior understanding of the use of the software. Yes, you’re right. Things like Adium and -lpurple, GPG and misconfigured apache virtual hosts have nothing to do with plausible deniability.

      • Alex Jordan says:

        > Yes. Only the technology that 85% of the presentation was aimed toward. Right.

        You are reading far, far too much into the organization of the presentation. It’s supposed to approximately be divided into thirds.

        > misconfigured apache virtual hosts

        The only thing I can possibly think of that you might be referring to by this was the fact that everyone had trouble downloading the software from my server, and I don’t understand why you would bring it up. That wasn’t even caused by a misconfigured VirtualHost. It was caused by the fact that I forgot to account for my ~5MB/s upload speed at home.

        Obviously I may be having a gut reaction to your post (or I may be reading too much into it, etc.) and I may see it differently once I’ve slept on it, but this reads like an ad hominem attack to me.

        (As an aside, it would be nice if you could have said this all directly to me, by e.g. emailing me or mentioning my nick on IRC. Instead I’m only responding now because someone _else_ linked me to this post. I’m happy to have this discussion, and rest assured that if I run another one, I’ll take your criticism into account, but two parties can’t talk if one of them doesn’t know about the conversation.)

        • sorry. Didn’t mean to have this discussion without you. Let me start over?

          Thank you for presenting! It was really great to have a bunch of folks from the community out at the same place. I enjoyed watching you perform, but was a little chagrined by what seemed to be its intent to help people steal and share copyrighted media anonymously online.

      • hatless says:

        Your reply is incoherent. You seem not to know what those things are nor how they work, and you are also confusing your subjective impressions with reality.

Leave a Reply