Talk

I was so sad that I couldn't attend HAR2009. And I was really looking forward to visit OHM2013. Thank you for clearing this up on time, so I can reschedule to go to another place this summer.

One way to deal wit this ...

How much did Fox give? Lets raise that money and tell Fox to stay away.

Cannot remember this being an issue back in the good 'ol days of 2009 when Fox-IT was also one of sponsors that provided much needed *early* cashflow. The world was *slightly* less insane back then but only slightly (wikileaks members had not yet been openly threatened by western governments with extra-judicial killing - and if you don't
know what that means you really need to read this post to the end).

The old-fart part of me does agree with some of the 'kids-these-days' feelings voiced in the piece on PUSCII, just not the focus on Fox. A willingness to fight and take real and personal risks for basic-priciples is needed more than ever in our societies today. A willingness to understand what is happening in the world (especially if this is very outside your comfort zone) and to help others do so is just as important. A bit more Free Software (principled stand) instead of just 'opensource' (practical method) would not hurt the Dutch technology scene IMHO.

I sometimes voice the opinion that the rules applied by the victors of WWII to German leaders (thou shalt not initiate offensive wars based on lies) should now also apply to the leadership of the US, the UK and the Netherlands. For this I am called a radical. Perhaps more of us need to get a bit radical or risk waking up in 1984 someday soon. If
no-one pushes back against the stuff you're trying to accomplish you're obviously not trying hard enough.

Do note that OHM2013 will be the *only* major event in the Netherlands were some important whistleblowers from the world of spooks and spies (CIA, NSA, FBI, MI5) are given a platform to share their insights with people who will hear about them for the first time. Just as HAR2009 was the *only* place in NL in 2009 were Wikileaks got a soapbox in front of a significant audience. That's how messed up the country is
right now.

We offer something real at a time when it is much needed. I would not be involved with OHM if it were otherwise - life's too short and the planet too fucked-up to mess about with minor stuff.

(Arjen Kamphuis does not work for Fox-IT and left IBM in 1999 ;-)

Thanks for a sourced and well written statement, i can only respect an author that has taken the time and liberty to write a story that is backed up with some facts and details. This should be commended, whoever the author may be.

Free will:
The author states that working for a company results in the employee fully accepting all that the company has done in the past and that the employee wholemindedly promotes and understand every aspect of that company, implying that such company has the power to remove any free will of the employee. Such is not the case, as absolutism on working for companies / having some mindset is just as dangerous as absolutism by state control. Look at the Zen symbol.

Insiders:
Hackers also have a significant impact on the direction of many companies. Is having "insiders" not a crucial prevention of absolutism? Many company-people are very stupid/short-sighted and might aid in more forcefully oppressing hackers. For example: without embedded hackers and the good spirits of those, there would be no "responsible disclosure" policy and the movement that companies will adopt this.

We:
There is no such thing as "we". "we" just happend to be. I don't like to be controlled by people that say that "we" should do anything. "we" is temporal, "we" is separating people, fuck "we". If someone wants to be part of the "we" and be an outspoken mistrusting, over skeptic, conspiracy driven individual, so be it. Is this also "we"? Maybe...

Just another random vision:
Although your story has critique and is fairly negative while not having consulted the opposing party. This makes bad journalism and turns this into a column thing. But I still like it over empty allegations, because it gives a body to discuss and might inspire people. But be careful: Even when everyone and everything has changed their ways, there are still people using some (possibly outdated) facts to create a negative image. Just to refer foxes: this is what companies like Fox News do best.

-- Stitch

The general trend with "the kids these days" is, in my observation, going in the right direction. Whereas for years the hacker community in The Netherlands was half-heartily following thought leaders from the US and Germany, there seems to be a trend to form an opinion that develops in the same direction as Germany. I'd say it's lagging behind a bit, which only reflects society as a whole. Bits of Freedom, the rise of hacker spaces, debate around government agencies recruiting, this all leads to more outspoken opinions.

What The Netherlands lack is a single platform to discuss. In Germany there is the CCC, where a clear opinion was formed and guarded over more than 30 years. In The Netherlands no such thing. There is the four-yearly hacker camp though, a most excellent spot to discuss trends like described above.

Yes you are right it is bad. Did you know that the hacker conference next month in amsterdam, hack in the box (HITB) has a network team with the leader (ruud or ruuder or something) being a guy who works for the police? You think i will go to a conference where the police are tapping the network because they make the network?

oh and that same ruud or whatever is also the leader of the hackerspace in amersfoort. really, hackers stay away from hitb ohm or the hackerspaces they are all infested with cops!!

I'm really happy to see that someone took the time to write this article
and I'm also happy to see that it was related to puscii. For those that
do not know the history of ascii and puscii - these two groups are two
extremely important parts of Dutch/European sustainability, artistic,
hacking and autonomous culture. I've long respected their squatting
activity, their Free Software ethics and their political actions.

I find the observations in the article extremely grim and depressing -
it is largely as a matter of agreement, I might add. The desire to
collaborate with authoritarian power structures is often hand-waved away
with "one has to eat" or "we're not helping Syria" style arguments.
They're often followed up with arguments about fear of punishment or
about the so-called justice done on occasion by such structures. The
privatization of this kind of policing is concerning. It is built on the
already questionable notion that the police themselves would be
legitimate actors in this space if they merely had the talent. This is
false in many cases and such partnerships generally seek to expand the
authoritarian reach of the State, without any of the democratic
oversight, transparency or even the semblance of consent on the topics
at hand. Most people hardly understand the abstract ideas involved, let
alone the actual concrete details.

The Dutch police actually do this on many levels - that is - they do it
not only with private Dutch companies like Fox-IT but also with other
law enforcement. The FBI has some full time people who are embedded
within the Dutch law enforcement offices. My understanding is that they
have desks in the same (!) office area as other Dutch police. Consider
this as a threat not only to the Dutch democratic processes but also to
the notion that the Netherlands is somehow independent in terms of
law-enforcement and intelligence. Surely, one would not jest that the
FBI deployed with the Dutch police would serve the Dutch police first,
right? Perhaps they'll take some puscii members who are actually Dutch
citizens to sit with their FBI office counterparts? It seems doubtful
and as such, it raises questions on a number of levels.

I've met a lot of Dutch police in the last few months as I have recently
visited the Hague for the latest NCSC event. Many of the higher level
computery security folks are personally nice people. Even some of the
AiVD people are personally friendly - quite a difference from some of
the other intelligence agencies. Obviously, I'm not in agreement with a
lot of their policies, their methods, tactics, strategies or even
comfortable with their relationships. While they do work for goals that
I think are reasonable such as stopping non-consensual human
trafficking, it is perhaps with methods that may lead to abuse or other
serious concerns. I don't hold any personal contempt for them for doing
what amounts to a thankless job. I do however find myself thinking that
the new Dutch hacking generation should not forget that some power
structures are not worth supporting simply because one is not personally
oppressed by it on a daily basis.

With that said, the complicity of hackers in these kinds of actions is
beyond loathsome. Rather than helping to actually secure our systems, we
see compromises that undermine the very core of our modern world. If we
look to the physical world for an analog of such total surveillance,
even in camera heavy parts of the world, humanity still largely rejects
such total spying programs, if they are lucky enough to be consulted at
all. Why then should people of any stripe help to build similar systems
that are nearly total and almost completely incomprehensible to most
people on the planet? The answer is simple: we shouldn't! Hackers and
those who are technically literate have a responsibility to consider the
larger issues at stake. Those who don't, who just follow orders, who use
simplistic self-serving reasoning in place of thoughtful ethics - those
people are building a world where most of humanity will be subservient
to such architecture. Total identification, total and complete logs of
our activities, our relationships, our beliefs, our experimentations,
our core values - everything. History will not reflect well on such
people and the near future will be extremely uncomfortable if those
resisting have anything to say about it.

I look forward to leaked documents and leaked software about companies
like Fox-IT as well as details on such surveillance programs. While
people are digging, don't forget to identify the people and the money
trails involved - if such companies will promote and construct such
systems for all of us, lets give it to them first!

Leak more documents!

In solidarity,
Jacob

(Cross-posted, like the original article, to both this blog and the mailing list . In Dutch; sorry about that.)

Puscii skribis 2013-03-26 13:16 (+0000):
> What's wrong with the kids these days?

Om je uitspraken in de juiste context te kunnen lezen, zou ik graag
willen weten wie de schrijver van het artikel is. Hoe oud (bejaard?) ben
je, als je deze mensen "kids" vindt? En waarom heb je het idee dat het
fenomeen dat je beschrijft, iets met generaties te maken heeft? Wat doet
leeftijd er eigenlijk toe?

> On the moral decay of the Dutch hacker scene

TL;DR: Ik ben het ten dele met je eens, maar vind dat je het te zwaar
aanzet, en ik kan je argumentatie niet helemaal volgen.

> In short, we're looking at a complete new generation of Dutch hackers.

Wat kort door de bocht. Er is verloop, maar er vallen zeker geen
generaties te onderscheiden.

Het gaat hier echt niet om kinderen en ouders. Je metafoor klopt m.i.
totaal niet, en staat potentieel de kern van de discussie in de weg.

> Some of the kids found a way: join the police!

Alsof er nooit eerder hackers bij of voor de politie hebben gewerkt?

> Now, the notion of hackers voluntarily joining the police probably
> sounds completely absurd to an outsider

Alleen omdat outsiders denken dat alle hackers crimineel zijn. Dat geldt
noch voor de oude rotten, noch voor de jongste aanwas.

> The Dutch High Tech Crime Unit is called Fox-IT. In case the
> name doesn't ring a bell, they're the main sponsor of OHM2013,

Ik vind Fox-IT geen prettig bedrijf, maar als ze hun geld willen
uitgeven aan onze feestjes, zeg ik: met beide handen aanpakken die poen!
(Al was het maar om meer profijt te hebben van het geld dat we met z'n
allen aan belastingen betalen.) Het moet onafhankelijkheid niet in de
weg staan, en daarom ben ik een stuk skeptischer als het gaat om het
sponsoren van hackerspaces en doorlopende initiatieven, maar voor
kortstondige dingen zoals evementenen zie ik weinig risico's. Het is
niet alsof we bij het organiseren van eerdere evementen vervelend hebben
gedaan als overheden zich van hun beste kant lieten zien met hun
vriendelijke medewerking.

Joh, al komt het geld van de paus. Zonder geld kun je het evenement niet
van de grond krijgen.

Daar staat tegenover dat ik erg blij ben dat zoveel Nederlandse hackers
diep in de buidel tasten om hun hackerspace de kans te geven om
financieel onafhankelijk te blijven.

> employer of half of the organising core team

Lichtelijk beangstigend als je het mij vraagt, maar dit zegt wellicht
meer over de arbeidsmarkt voor hackers, dan over de mensen die ervoor
kiezen (of zich genoodzaakt voelen) om voor Fox te gaan werken.

> and you may find their logo painted on the wall of a Dutch hackerspace
> - not as a fuck-the-police-type graffiti, but as a thank-you for their
> kind sponsorship.

Fuck the police vind ik sowieso een kinderachtige houding waar ik me
graag van distantieer. De politie is een gigantische organisatie van
voornamelijk welwillende mensen. Dat ze ook (grote, gigantische,
verwerpelijke) fouten maken, is nog geen reden om de politie als
organisatie als vijand te zien. "Alle kleuren zijn mooi" is te kort door
de bocht.

Onder hackers en hackerspaces bestaat grote diversiteit. Dat er een
hackerspace is die sponsorgeld accepteert en een vosje op de muur
schildert, wil echt niet zeggen dat de gehele Nederlandse
hackergemeenschap daar achter staat. Sowieso heb ik begrepen dat ze
(Hack42 dus) een specifiek project hebben laten sponsoren, niet de
hackerspace zelf.

Hacken betekent voor verschillende mensen ook verschillende dingen. Wie
het hacken vanuit een puur technologisch perspectief benadert, zal zich
minder bezwaard voelen om activiteiten te laten betalen door laakbare
partijen, dan wie hacken (ook) vanuit een ideologische hoek ziet.

> Not caring much for their customers regard for human rights, Fox-IT
> has promoted their services to countries like Iran and the United
> Arabic Emirates, and sales to Egypt have also been confirmed.

Als je de verkoop van producten en technieken aan landen met dergelijke
nare regimes, hoe denk je dan over het gratis weggeven van software en
het openbaar delen van kennis?

En wat hebben ze ueberhaupt verkocht? Is een mes een wapen, of een
gereedschap dat (al dan niet toevallig) ook als wapen kan worden gebruikt?
Hoe zit het dan met schroevendraaiers?

> AntiSec NL, a Dutch group closely linked to Anonymous.

Ja, want iedereen weet dat Anonymous een vastomlijnd en enkelvoudig iets
is, waar je banden mee kunt hebben. En ze blijven altijd binnen alle
universele ethische grenzen.

> A clever hack, if you will, but also a controversial and illegal one.

Veel hacks, van hackers in privesfeer, van bedrijven en van overheden,
zullen controversieel en illegaal zijn. Maar controversiele en illegale
dingen kunnen best goed zijn. Ik ben fel tegenstander van "terughacken",
maar je kunt je in het debat beter niet laten leiden door wat er
momenteel in de wet staat. Vaak zat is de wet zelf gewoon fout.

Je kunt "het is illegaal" simpelweg niet als argument gebruiken in een
discussie over ethiek.

Of, anders gezegd: you say "illegal" like it's a bad thing.

> Lately, Fox-IT has been publicly lobbying to create legal rights for
> law enforcement to actively crack target systems.

Het is hun recht om een mening te hebben, die mening te uiten, en te
proberen de wet aangepast te krijgen om hun wensen uit te laten komen.

> [Fox-IT] are the prototype of a privatised blend of law enforcement
> and defense, unhindered by any ethics and stretching its praxis to the
> shady borders of legality.

Hear, hear.

> That's the kind of company considered hip amongst contemporary Dutch
> hackers, who seem all too happy associating with and working for them.

Er zijn hackers die dit hip vinden en graag voor zo'n bedrijf willen
werken. Er zijn ook hackers die homoseksualiteit haten. Er zijn hackers
die PHP fantastisch vinden, en er zijn hackers die vinden dat domme
mensen minder rechten zouden moeten hebben.

Zoveel hackers, zoveel meningen. Het zijn net mensen.

> Those early days of the hacker scene were marked by a shared sense of
> ethics

Ethiek is een persoonlijke beleving, en inderdaad is er vandaag de dag
zeker geen consensus binnen (enorm gegroeide) de hackergemeenschap. Hoe
groter een groep wordt, hoe meer het op allerhande gebieden het
gemiddelde van de bevolking zal benaderen. Dat betekent voor
hackergroepen vaak dat de gemiddelde intelligentie afneemt en dat de
ooit gedeelde ethiek niet meer zo vanzelfsprekend is. De schaduwzijde
van sociaal succes?

> For example, one look at the CCC website is enough to see a strong
> outspokenness on the political issues surrounding hacking, actively
> monitoring and criticizing state surveillance.

Dat zal ook heel veel te maken hebben met hoe vroeg de CCC is begonnen,
met hoe enorm de CCC propaganda voert binnen de eigen gelederen, en dat
het een grote club is waar mensen blijkbaar graag bijhoren. Nederland
heeft zo'n organisatie niet en het window om een dergelijk instituut op
te richten is volgens mij al geruime tijd voorbij. Nederlandse hackers
van weleer, de oldies die je eerder benoemde, hebben kennelijk nooit de
neiging (of het doorzettingsvermogen) gehad om zich officieel te
organiseren en in die structuur op grote schaal gezamenlijk politiek te
bedrijven. Dat ze dit hebben nagelaten, kun je ook opvatten als iets
positiefs.

> Are OHM and a number of hackerspaces drifting away from the hacker
> scene towards the security industry?

Hacker scene en beveiligingsindustrie overlappen. Het is duidelijk goed
mogelijk om je in beide te begeven, hoewel dat zeker sociale
consequenties heeft. Werk je voor Fox-IT, dan zul je sommige geheimen
wellicht niet te horen krijgen van andere hackers. Ben je actief in de
hackergemeenschap, dan zul je sommige geheimen wellicht niet te horen
krijgen van je werkgever. Of juist wel, om je loyaliteit en
geheimhouding op de proef te stellen. Ik benijd mensen die zichzelf in
die situatie brengen in ieder geval niet.

Wat betreft OHM: bij het organiseren van zo'n feestje werp je je op als
quasi-professioneel evenementenorganisator. Er komt weinig typisch
hackwerk bij kijken. Het is hard werk, waarbij politieke menings-
verschillen vaak geen belemmering vormen.

> The usual approach to such mental illness that is seen all too often
> within the hacker scene is to simply ignore it and bury it deep down
> in our subconciousness.

Er is een prettigere manier om om te gaan met diversiteit: omarmen!

Net zoals je mag geloven wat je wilt, en ik het niet met je eens hoef te
zijn, en zoals je mag uitspreken wat je vindt, en ik het niet met je
eens hoef te zijn, mag je ook werken voor een werkgever, zonder dat ik
het met je eens hoef te zijn. Dat hoeft samenwerking en vriendschap niet
in de weg te staan.

De situatie wordt overigens echt niet genegeerd. Het is heel vaak
onderwerp van discussie, althans zeker bij RevSpace, en ongetwijfeld ook
in andere hackerkringen.

But we all loved Michael Knight from the Foundation for Law and Government (F.L.A.G.) and MacGyver of the Phoenix Foundation, didn't we?

All those adventures, going where official law enforcement and military couldn't go due to some pesky laws.

Groente glorifies the past and despises involvement of Fox-IT. As a hacker from the past I would like to note that the past was less glorious. We didn't have a respectable Fox-IT company backing initiatives.

Organized crime and radical groups tried to get a foothold within the hacker community with the aim of abusing any outcome. These guys were always in the background, trying to influence the community and to monitize hacks. I don't see fox or any other security firm sponsoring these events doing this.

For the record: I have no ties with Fox, I don't like it when someone tries to abuse history.