Interview: From the Transparent Citizen to the Transparent State
How big is the influence of an NGO such as Human Rights Watch on political decision-making processes?
The fact that nerds and techies mess around with internet cryptology is nothing new. But since Edward Snowden’s revelations and the NSA affair, more and more laymen are showing interest in CryptoParties. These parties offer tips on how to move about the internet with relative anonymity and security and how to encrypt emails. We talked to Jochim Selzer, one of the CryptoParty organizers in Germany.
The idea for the first Cryptoparty was developed in a tweeter conversation between Australian Internet activist Asher Wolf and a friend in the wake of new Internet regulations passed by the Australian government: the idea was to teach people, mostly laypeople about internet security, simple ways to protect themselves from unwanted spying. But it needed to be fun, like a party. In September 2012 around 60 people met for very first CryptoParty in Melbourne. The activists who promote this kind of grassroots internet security are called cypherpunks.
Here at the CryptoParty we gather with like-minded people who want to learn more about encryption as well as online safety and privacy in general, or share their knowledge with others. We call it a party because it’s a social and interactive undertaking.
We offer volunteer-based hands-on workshops on data safety, internet censorship evasion, basic encryption methods, and alternatives to huge commercial internet communication tools and services. We try to make our presentations as easy to understand as possible because we want to target people outside of the IT industry in particular, even if the majority of our participants are probably still IT and media professionals. We show people how to encrypt hard drives, flash sticks and their emails, as well as how to surf and chat anonymously or how to create and store safe passwords.
Kind of. As nerds we fight social problems through technological means. We very strongly oppose the assumption that the state is allowed to engage in the groundless mass surveillance of its citizens.
No one is arguing that security forces should not be active on the internet. But it shouldn't be normal and widespread to suspect anyone and everyone of possible criminal activity from the get go. It just shouldn't be as easy as it is now to view everyone’s data.
The use of trojans by governments to weed through all kinds of data is only truly legal if there is a real and present threat to life and limb. The use of such measures is permitted only under extreme conditions. As such, email check trojans are used much too often. It's quite utopian to assume that security services would ever completely stop their surveillance, but at least it shouldn't be as easily accessible and self-evident as it is now.
We especially want to reach people who don’t have much experience with computer technology and think that encryption is out of their reach.
PGP is a program used to encrypt and decrypt messages and files, including emails. 2Crypt is another tool for email encryption. The Onion Router or Tor software provides a web browser that cloaks IP addresses, granting anonymity to Internet users. Tor nodes create a blanket that shields web content – emails, instant messages, metadata, and browser histories. Another popular crypto-tool is OTR, which prevents instant messaging conversations from being logged or viewed by outsiders. And long and cryptic passwords are very important, of course. These programs usually work with both Macs and Windows. We also teach people to be more cautious with apps and social networks.
There is no 100% protection. But these tools make digital communication a whole lot safer than it is without them. The tools we introduce at a CryptoParty guarantee a good level of safety for everyday communication in mostly democratic states. In critical situations and more vulnerable regions, though, these tools could be very dangerous because they are not 100 % safe. We want to communicate to our governments and the public that privacy, not total surveillance, should be the norm and that is what the tools are for.
At the first CryptoParties there were about 3-5 attendees; now we have numbers in the double digits. Several CryptoParty groups have had to look for bigger venues to accommodate everyone interested in attending. However the majority of attendees are still IT professionals and journalists. But the number of interested citizens who usually have nothing to do with IT on a professional level is growing. This is why we try to make the presentation and tutorials as easy to understand as possible, no matter who comes. We especially want to reach people who do not have a lot of experience with computer technology and think that encryption is out of their reach. We are here to help. It is also quite interesting that a lot of women participate at the events; this might correspond with a greater need for security. Another indication for the increased interest in cryptology is the fact that the number of active Tor users worldwide tripled from 50,000 to 150,000 from June to August 2013. The majority of them are users from Germany and the USA.
Well, of course it might be true that people who work in IT are more likely to use encryption tools. Still only around half of all seasoned CryptoParty participants really use all the tools in everyday communication. And even then one can maybe encrypt only a small portion of the message. I use the encryption tools for about 10% of my daily digital communication.
For the majority of people, the first hurdle is the installation of all the tools and programs. We are here to make it easier and more accessible, but even then you have to be careful when using all the programs. It would be nice to have something like an encryption package, a kind of user-friendly, one-click-solution, something like Cryptocat. I still haven't used it myself, but I think right now such a solution would defiantly compromise on safety. The other crucial point is that you need people to communicate with. If no one else is interested in encrypting his or her email communication too, there is no way to use it for your emails.
Yes, here in Germany the movement is strongly associated with the Pirate Party and it might be difficult to separate the two. However, we want to be open to all democratic parties and anybody who is interested in data and identity protection on the net.
We especially want to attract the traditionally conservative citizen as well; to help them become aware of these problems on the net. My hope for the near future is that even the most conservative senior citizen is interested in encryption and data safety and able to protect themselves on the net.
People give way too much private information about themselves without thinking twice.
When we talk about data safety and internet privacy today, there seem to be some ideas that are very problematic to my way of thinking. But because we live in a democracy, and this is something that I want to stress – this is still a liberal and democratic country – we have to talk openly about the problem of data safety. It is something that also affects governmental institutions and NGOs. They too have no data protection in most cases. I also do workshops for churches, NGOs and volunteers. What people tend to forget is that certain persons, like counselors, lawyers and social workers, are expected to safeguard the sensitive data of their clients. The same, of course, goes for investigative journalists. How can you guarantee the privacy you are professionally bound to if digital data is completely unprotected?
We communicate with other organizers, however we are mostly independently organized. There is no official CryptoParty spokesperson. We are a decentralized, leaderless movement. Apart from raising awareness about privacy on the Internet, we basically offer tutoring on the use of several tools for identity and data protection on the web. But even here there is no absolute consensus on which tools should be used. Usually the workshops are at a freely accessible place. However in some countries, like Egypt for example, organizers wouldn't make the location public and open, as this would present too great a risk for participants.
Yes, for the majority of crypto activists using open source products is a crucial point. Again though, this is a decision every group makes for itself.
Open source programs have an openly accessible source code. Everyone can see the product’s blueprint, and possible security gaps or backdoors can be localized by users. Such products are also easier to fix if there is a problem, that’s why we usually consider them to be safer then commercial products. Several German CryptoParty activist groups decided to reject a sponsorship offer from the German Internet Security Association Teletrust since one of the conditions for the sponsorship was the possible usage of commercial internet safety products at CryptoParties. But again, since there is no single policy for the CryptoParty, some CryptoParty organizers may act differently regarding the use of open source vs. commercial software.
The majority of Internet users still don't think that it is necessary to encrypt their emails. It also might happen that the current interest in encryption will fade after the media hype is over. Of course we hope it will last and grow. Anyway, it doesn't matter if you encrypt or not; people provide too much private information about themselves without even thinking twice. This is something we want to change.