Hackers are often lumped into two groups: those who tamper with our security and privacy, and those who use their skills to spotlight holes in the Internet’s infrastructure.
They’re routinely vilified and prosecuted, and also aggressively recruited by the government to help protect data from cybercriminals, foreign state intrusions and other nefarious forces.
But at last weekend’s 10th biennial Hackers on Planet Earth (HOPE X) conference, one of the premiere get-togethers of the digital world, it was clear that the nefarious forces the cyberworld is now most concerned with are lodged within our own government.
The conference, sponsored by 2600: The Hacker Quarterly, attracts hundreds of attendees for three days of open panels and speeches on Internet security and hacking, along with discussions of tools for disseminating information.
While the line between hacking and criminality has always been ambiguous, this conference celebrated a relatively new player in the faceoff between cyberactivists and governments: journalists.
In panel after panel, hackers and tech security experts discussed tools for protecting journalists and their sources.
It was no coincidence that the conference’s headline panel included Edward Snowden, the former National Security Agency systems administrator whose leaks to the media have rocked governments across the globe and triggered a national debate about mass surveillance.
(Snowden appeared by video chat from Russia, where he currently has asylum.)
Among the new tools presented was SecureDrop, an encrypted system, developed by the non-profit Freedom of the Press Foundation, which allows whistleblowers to anonymously submit leaks to newsrooms.
Garret Robinson, SecureDrop’s lead developer, said the nature of government surveillance, as revealed by Snowden, means that even reporters who take extreme caution are risking confidential sources.
“Mass surveillance programs can compromise the source even before they get to the point of submission,” Robinson said.
Robinson’s presentation was one of several specifically devoted to countering surveillance for media and sources. Other panels covered operational security (OpSec) for investigative journalists, lessons learned from implementing whistleblower platforms and Project PM, a crowd-source initiative to collect research about the national cyber-intelligence complex.
Perhaps never in history have the lines between whistleblower, spy and source been so blurred as when Snowden disclosed thousands of secret National Security Agency (NSA) documents to news outlets in 2013.
The federal government considers his actions to be theft, and possibly treason, but espionage and privacy activists have hailed him as a hero who publicized grave injustices.
To America’s hacker community and its supporters, the charges against him and his flight from authorities are just the latest in a long series of harsh law enforcement responses to the public revelation of secrets.
Attorney Alexander Muentz, a Philadelphia-based lawyer who focuses on cybercrime, said federal laws used to charge hackers and leakers are intentionally vague, and capable of being applied broadly.
“There’s this belief that hackers, because they’re supernatural, can skirt around the law and evade the law,” Muentz said at the conference. “But skirting it means you’re actually following the law, right?”
Against that backdrop, Snowden and whistleblower Daniel Ellsberg — the former military analyst who famously in 1971 leaked the “Pentagon Papers” to The New York Times — addressed the conference on Saturday.
Crowds for the discussion packed three large banquet halls, and overflow audience filled up hastily added viewing rooms on multiple floors of the hotel.
While the two most famous leakers in American history shared many of the same experiences — fleeing law enforcement, concern for themselves and the reporters they leaked to, and self-assurance that they acted in the right — the 40-year time span between their disclosures influenced their different views on the perils of whistleblowing.
Snowden focused on reducing the risks for potential whistleblowers. He encouraged hackers to develop new encryption tools that are easy enough for the typical computer user to operate.
“We need to think about software as a way of expressing our freedom, but also as a way of defending our freedom,” Snowden said.
“We need encryption (and) we need non-attributable email communications, or (non-attributable) Internet access,” he added, referring to tools that mask identity.
Ellsberg was less focused on the nuances of whistleblower safety, and more interested in simply encouraging more government employees to reveal legal and ethical violations.
Ellsberg repeatedly said that in the four decades that passed after his own revelations he was “pretty much losing hope” that other U.S. officials would risk their careers to spill secrets they believed it was important for Americans to know.
Was it because Washington policymakers had become extraordinarily conscientious in the four decades after Ellsberg unearthed the government’s missteps leading to expansion of the war in Vietnam? Or was it because the risks to whistleblowers have gotten too high?
The past six years suggest the latter.
As participants at the conference heard, the current presidential administration has charged more Americans under the Espionage Act — for merely revealing evidence of wrongdoing within our government — than all previous administrations combined.
Which is why it’s not surprising that the enormous risks now involved in revealing governmental misbehavior have turned hackers and journalists into unlikely partners.
Graham Kates is Deputy Managing Editor of The Crime Report. He can be found on Twitter, @GrahamKates. He welcomes comments from readers.