Happy hacking at the Chaos Communication Congress

Monika Ermert, Heise, Intellectual Property Watch, VDI-Nachrichten, Germany

PUBLISHED ON: 27 Dec 2014

Dirty Boxes on Cesna planes, vulnerabilities of switches used in big companies and organisations, demonstration of how recent mobile phone surveillance revelations are yet again not the end of the story and more... Participants of the 31st Chaos Communication Congress, 27 to 30 December in Hamburg, Germany, are in for a journey. The second post-Snowden Congress once more offers an in-depth look into the average surveilled user life. But it also offers help in how to defend oneself when communicating over networks – technically and politically.

The Congress has gathered the hacking elite for 30 years and has long outgrown its humble beginnings in 1984. In the first post-Snowden year 9,000 participants attended. The 2014 programme “A new dawn“ is expected to top that once more.

Follow-up revelations

Several authors who worked on the Snowden documents, including filmmaker Laura Poitras and Tor activist Jacob Appelbaum present their work at the conference, including possibly new revelations. And there is also a look back on ten years of secret deals between the NSA and the telecom industry by veteran investigative journalist James Bamford, and a peep into the NSA listening post in Berlin by Teufelsberg former SIGINT (SIGnals INTelligence) analyst Bill Scannell.

The CCC event as usual does not stop at analysing the bleak picture of blanket surveillance and surveillance technology. It provides a lot of hands-on recommendations on how to defend oneself against what is described as the”„the dark arts“. Crypto and the detection of leaks and vulnerabilities, creation of secure hardware from the “open source secure flash-drive-sized computer“ to the building of quantum computers or a “free robotic certificate authority“ or the whistleblower tool Amenthes which should allow, the organisers promise, “EYES ONLY viewing of documents, prepared and encrypted beforehand“.

Hacking and ethics

Defending oneself against total surveillance includes political action and consideration of the the right rules and policies to use. Governments using fear mongering of cyber war to push for restrictive rules will be laid bare and 14 basic principles for cyber-peace are to be explained.

Ethics and hacking should be made part of the educational curricula, Amsterdam researcher Jeroen van der Ham intends to advocate for. The core, van der Ham wrote to us, is to “force students to think about ethics during security projects“. At the University of Amsterdam, an ethical committee would then review project proposals and an ethics advisor would assist them during the project. Similar programmes, van der Ham explained, are currently spreading at the University of Twente and other institutions.

The ethics curriculum at the University of Amsterdam started before the revelations, the Dutch professor underlines. But the revelations have helped making things even clearer to the administration. The Netherlands has also developed a responsible disclosure guideline.

“Our ethics committee and project is not against mass surveillance, or teaching good crypto in itself,“ van der Ham pointed out. “We hope to teach students to think about ethics as they are doing research and developing projects. From that I do personally hope that they will build and review things with mass surveillance in mind and work against it.“

Instead of storing all kinds of information just because they can and worrying about privacy later, the programmers could “take privacy into account in your design”.

Certainly nobody will make privacy, anonymity and security an afterthought at the CCC event starting today.

Add new comment