A spectre haunts my generation–the spectre of American ingenuity.

The Internet tells us that in 1985, twenty-one years ago, the same year I was born, Whitney Houston released her debut album, including the chart-topper “The Greatest Love of All”. Twenty one years ago, the Me generation bought the idea that “children are the future”. In the intervening years they’ve done variably good jobs following the rest of Whitney’s advice. Now we are set to begin graduating from school and moving out into the world. Creepy, eh? No one need tell us, I hope, not to walk in their shadow.

Whatever its consequences, I realize the takeover isn’t going to happen overnight. Seniority in business and government, apart from favoring those with the experience to get things done, means we’ll have a while to wait (and plenty of time to lose our idealism) before we reach the positions of greatest influence. But our close familiarity with the ever-shifting world of IT means some of us are already at the top. The rest are voting and working, and over the next few years more and more will enter more highly skilled professions. We are becoming, as I love to say in Zinn’s words, “guards of the system”, and that, as much as our vote, gives us power to get what we want.

And what do we want? I’ve got a couple ideas I think we can largely agree on. We want the Internet for our children, as it exists for us; it needs no more commercial influence in the form of proprietary information channel creep than it already has. We want our children to have access to information, period, and the tools to work it with (i.e. One Laptop Per Child, Edubuntu, OpenBook and similar). I hate to agree with Necroponte but Intel and Microsoft criticizing OLPC sound like greedy babies*–neither understanding the enemy nor wishing anybody well. Let me say this plainly. Your fancy shmancy mobile PCs with their cluttered office suites and broadband access to tech support are no more “real” or “grown-up” or “capable” than a low-footprint Linux system that’s designed to be usable without your help (and fugly-ass active desktops and alpha blending won’t make it otherwise).

We want education, we want peace and we want progress. We want bikes, not bombs. We want proactive solutions that get people on their feet and contributing to culture/economy/whatever. Remember the Big Help on Nickelodeon? (sadly, the Internet knew little about the matter, and the Nickelodeon site was fscking travesty of flash obsession) Maybe if we convince the old fogies to shift resources toward that kind of activity and away from bombing the crap out of Arab countries, we can keep America abreast the economic competition, and meet this nursery tale of the land of opportunity with some movement in the right direction.

* As Mel reminded me today, the businessmen behind OLPC are, for everything else they are, themselves bumbling businessmen. Nicholas Negroponte and friends get their share of flack for using proprietary IP (even if it’s only for the short term) and then not being grown-up about criticism from the open-source community. Negroponte himself made the ambiguous statement that criticizing OLPC was like criticizing the church or the red cross. While that sort of remark does nothing to quell flames from within, there’s a seed of truth in it about the sloppiness of the Wintel alliance’s attacks on OLPC.

He [Hilbert] had this dream: to build a computer that will prove for you any theorem that you submit to it.

From page 123 of Turing (A Novel About Computation)
(http://kumokasumi.livejournal.com/270025.html for instructions)

It is the Olin way to be torn, but yesterday and today in particular I’ve been bubbling with academic yearnings.

First, I realize my research on DNA computing was maybe less hypothetical than I knew. Now I want to be a chemical engineer. Wait, no, I want to be an interaction designer. A network security specialist? A lobbyist? A game designer? Ah, for crying out loud.

On a positive note, now that we’re back to having nobody in particular in control of Washington, I feel like I have some reason to hope conditions on the electronic frontier will improve (or at worst, stagnate). I don’t know if there’s an agnostic liberal equivalent to the big-tent christian conservative revival of the past two years–maybe we’ll throw a block party, and drink sassy Californian wines while we rock out like John Kerry?–but I would like to see us put our heads together this time and do something with the chance we’ve been given.

UPDATE: I had a thought on this. Got a little inspired whilst reading Wikipedia for information on the Erdos number. Paul Erdos was a wicked cool guy in any number of ways, but the significant thing is this: he was a vagabond. Rather than settling into a cushy academic post somewhere with tenure and unlimited funding, he wandered from house to house, visiting other mathematicians on recommendation. Picture a bum hopping trains from Berkeley to Chicago, then wandering onto the front doorstep of some U Chicago CS big-wig. The doorbell rings.

Big-Wig: Erdos? You look like hell.

Erdos: My mind is open, friend. What can I do for you?

Big-Wig: Let’s co-author a paper.

Erdos: Gladly.

With the exception of this confidence that wherever he went somebody would have a job for him to help out with, I cannot imagine a more humble and unpretentious lifestyle, nor one that has more to offer an engineer interested in absolutely everything. Mel and I should seriously do this. Heck, we could start some kind of Olin society of vagabond professors.

Oh, and I also would kind of like to start a webcomic as some kind of collaborative endeavor. It’s the very thing for artsy geeks like us Olin students. But that can be as easily done in-house as outside and doesn’t cost enough time or money to justify building a business around it (at first anyway).

Part 1: The New Guards

In a highly developed society, the Establishment cannot survive without the obedience and loyalty of millions of people who are given small rewards to keep the system going: the soldiers and police, teachers… administrators… technicians… doctors, lawyers, nurses, transport and communications workers… are drawn into alliance with the elite. They become the guards of the system, buffers between the upper and lower classes. If they stop obeying, the system falls.

That will happen, I think, only when all of us who are slightly privileged and slightly uneasy begin to see that we are like the guards in the prison uprising at Attica expendable; that the Establishment, whatever rewards it gives us, will also, if necessary to maintain its control, kill us… The new conditions of technology, economics, and war, in the atomic age, make it less and less possible for the guards of the system… to remain immune from the violence (physical and psychic) inflicted on the black, the poor, the criminal, the enemy overseas.

–Howard Zinn, A People’s History of the United States

I don’t know whether Zinn has changed his mind at this point. Enough people are scowling at the behavior of the current administration for his left-wing brethren to believe (or simply hope) that the eve of rebellion draws closer. As a technologist, I do not see the buds ready to bear fruit, but I do observe the sprout growing taller and, in the process, can trace its evolution back to the seed from which it sprang: the Internet, greatest of omens for the cyber-libertarians among us.

Computer geeks are the new guards. Consider that before the rise of electronic balloting, election results in the US were rarely contested. The information security community has repeatedly excoriated Diebold for the ease with which their new machines may be hacked; experts in the field of assured computation will tell you a Las Vegas slot machine is many times more secure. On Capitol Hill, debates rage on the issues of Internet neutrality, digital copyright enforcement and online surveillance. What these all have in common is they did not even exist when current policymakers were schooled. So the actual decisions are made by pundits, party whips and lobbyists, who are as likely to serve Satan (intentionally or not) as God. Ultimately, however, the success of their work rises and falls on a platform of qualified workers—engineers who develop and maintain the technology of their own volition. The buck stops with hackers.

In short, to ensnare the public with abusive technology requires two things: basic ignorance of the pundits and watchdogs, and tacit compliance of those who are in the know. In this document I will consider how to address both the ignorance of the lay population and the need for moral and ethical solidarity among engineers. Our peace-loving democratic lifestyle is not the only thing at stake; so, too, is our ability to remain abreast the new, information-centric, global marketplace.

Part 2: Terminology

ERIC: How big is it?
ED: (Pause) It’s about 30 ft across, 15 ft high, with a pointed top.
ERIC: I use my sword to detect good on it.
ED: It’s not good, Eric. It’s a gazebo.
ERIC: (Pause) I call out to it.
ED: It won’t answer. It’s a gazebo.
ERIC: (Pause) I sheathe my sword and draw my bow and arrows. Does it respond in any way?
ED: No, Eric, it’s a gazebo!

–Famous RPG transcript

Before we approach the essential problem of the information-age engineer, we should explore the namespace of the profession a bit. Hackers, as many of us like to be called, emphasize precision of meaning and communicate a great deal of information through word choices. On college campuses, corporate networks and the Internet itself, the common philosophy and oral history are continually expressed and rehashed, the information hidden in plain sight between the lines, just as the full text of this document will be embedded between the lines of the cover image when it is finished.

Professional journalists might wonder at the choice of title, the conspicuous use of the name hacker. Computer professionals have sought to reclaim this name ever since it was summarily given by the press to a gaggle of criminal imposters—phreaks, who for many years exploited a security flaw in the public-switched telephone network to turn it into their own personal Internet; and crackers, themselves often phreaks, who used the Internet and its predecessor the Arpanet to remotely attack other people’s computers. They, and the purveyors of pirated electronic media, have historically comprised but one small contingent, the Black Hats, sneered at by most of the community as wannabe hackers. We will return to them in part 5.

What all hackers do share is the desire to cause (inelegant) machines to do elegant and interesting things. Boredom, inefficiency and monotony are the archenemies of the hacker, whose irrepressible basic impulse is to seek out the new. To hack is simply to test and explore the full range of behavior a system allows by working within that system. Historically, it may be seen as arising from the lack of close communication between hardware and software makers, and the lack of useful high-level abstractions for the terse, incomprehensible machine codes. But it can also be seen as a consequence of Gödel incompleteness—the fundamental divide between static machine logic and dynamic human logic.

You may be familiar with the old sci-fi cliché in which the hero destroys the evil robot by presenting it with a logical paradox or an undecidable question. It is a foundational issue of artificial intelligence theory, and the primary reason we never developed such “thinking machines”—we designed the hardware to be blandly consistent and incapable of self-reference. This left it to hackers to do the creative work of optimization, abstraction and algorithm design. Most of us consider it an excellent arrangement—like Fred Flintstone astride a Cretaceous therapod, the hacker comfortably guides the behemoth machine as it barrels through formidable obstacles.

Hackers share yet another thing that I will attempt to explain here: the Hacker Ethic. Steven Levy originally defined this as a set of six principles, which I will simplify as computer access, information access, distrust of authority, non-prejudice, elegance, and earthly good. By popular standards, they are quite liberal principles, and people often perceive hackers as antisocial, quixotic hippies whose over-caffeinated brains have ceased to see the bigger picture of reality. But this is contrary to all indications.

Hackerdom has its foundation in creative reasoning and rigorous engineering. Hackers built the internet, and the modern operating system. We are nothing if not practical humanists. If we seem overly critical of the world, it is because few else can see so clearly the difference between what is and what could easily be if the human elements of the system would quit micromanaging. The bigger picture, which we see all too well, is heavy on words and phrases of great import that nobody else has bothered to grok fully.

Case one: the Digital Imprimatur (digital revisionism). Although it typically arises in discussion of the effects of internet censorship, it can also be seen to arise naturally from Digital Restrictions Management (DRM), the abuse of libel and copyright laws, and more generally attempts to invoke tort law on the internet. It is conceivable that changes in computer hardware will allow physical possession of data to be separated completely from the ability to access (we’ll discuss how in part 4). Under those conditions, documents tend to remain the property of their owners, and can support court-ordered absolute censorship in which even previously downloaded copies on far-away machines are changed automatically. Press blackouts and the removal of banned publications are among the ways this technology can become the weapon of an oppressive regime.

Case two: traffic analysis. A rapidly maturing black art of information technology is the use of massive parallel espionage to identify who is talking to whom and what they are saying. An extremely rudimentary form of traffic analysis that avoids active surveillance is the harvesting of BitTorrent user IP addresses by the recording industry. More sophisticated and foolproof schemes are used by government agencies, and involve direct analysis of data intercepted and forwarded by an Internet Service Provider (ISP). The stated purpose is to find terrorists, drug dealers and child pornographers, but the data intercepted for a search could be easily misused, and there are innumerable private interests that stand to profit from such. Traffic analysis is an ideal complement to the Digital Imprimatur in the sense that anyone who succeeds in overcoming technological restrictions will be identified the moment they post information online, and punished harshly as an example to others. The same goes for peaceably assembled dissidents.

Case three: election fraud. After the 2000 presidential election there was an outcry against fallible punch-card balloting machines. Considerably less attention has been given to the accusations that multiple elections in Florida and elsewhere have since been hacked or botched by design. This is a grave error, regardless of the legitimacy of claims, because election fraud has never been easier than it is with the current generation of electronic polls. The lack of governmental experience and open standards for such has led to machines with ludicrous exploitability. An election official with no knowledge of programming, armed only with a screwdriver and a flash ROM card containing the bugged program, could undo the security features in a matter of minutes. To make matters worse, this needn’t take place at the polling locations; it is in fact much simpler to hack the central tabulator, outside of the public scrutiny.

There is one obvious answer to these difficulties: more power to the people with the most scruples, and more scruples to the general public.

Part 3: Right to Privacy

When people fear their government, there is tyranny; when the government fears the people, there is liberty. –Thomas Jefferson

The dictates of the hacker ethic make best sense when discussed in pairs. First, let’s address the matter of distrust of authority. Engineers understand that when you tweak a bit, you risk tweaking all the bits. Moral relativism does not exist inside a computer—either the tweak was valid or the tweak was invalid. There are no little white lies, only honest reports and dishonest reports.

This brings up two points. The first point is that errors in computing generally arise from either incorrect or malicious programming, which can be discovered given the right security primitives, or incorrect or malicious human input, which cannot. The second point is that computers are not subject to social engineering, intimidation or torture. Thus, failures of service may be attributed to the machine, but failures of security can reliably be attributed to some human mistake—an unsafe choice of password, insufficient key length, failure to protect the physical storage medium, a malicious administrator, etc. Human failings, and policies to mitigate them, are a big part of information security.

So it goes without saying that over the years, academic and professional hackers alike have been alarmed by government efforts to limit the strength and spread of secure communications. They had to assume that the NSA in America and MI6 in Britain, each privy to a greater wealth of knowledge and manpower than academia, were reserving the right to break encryption by controlling key lengths. More recently in the UK, surrender of private keys has become law, while the US (which, for its part, once tried and failed to popularize an encryption scheme for which law enforcement held all the keys) will soon require ISPs to support wiretapping. Each of these measures has introduced new security weaknesses. Of particular concern however are those that add new human points of failure with no particularly good incentives to maintain confidentiality.

As inevitably happens when a single government attempts to squeeze the Internet, the Internet has flexed and slipped around. Yes, it’s becoming impossible to offer privacy-assured Internet access in the United States, but all that will really mean is a large-scale denial of privacy for ordinary Americans. The real criminals, and for that matter most well-informed ‘netizens, know that they’ve got options. They can communicate through trusted third parties located outside the US; they can hack the Internet Protocol itself in a number of ways that effectively mask identity; or they can hook into a number of free traffic-scrambling services that hackers have developed in response to escalating privacy and security threats from the government.