Testing Hacker’s ethical conscience at 30c3
A few weeks ago, the 2013 Chaos Communication Congress (30c3), the annual conference organized by the German Chaos Computer Club (Europe’s largest hacker association) came to an end. Within more than 170 lectures and assemblies as well as a multitude of other projects and workshops, the congress covered and discussed a multitude of different topics connected to digital technology and the information age. Many of these shared a common message: IT professionals should acknowledge the ethical dimensions of their work and act accordingly. People like Julian Assange, Jacob Applebaum and Glenn Greenwald among many other less well known IT professionals urged the crowd to think twice when governmental agencies like NSA or GCHQ (or any of their sub- and sub-sub- contractors) ring at their door bell and offer them seemingly exciting and definitely lucrative jobs.
What most people didn’t know was that the organisers had secretly hired professional actors to pose as recruiters from Security Solution Ltd., a fake IT security firm providing services for “the private and public sector” to roam the congress and try to get people interested in exactly this kind of job. The recruitment process was set up in stages along the line of greeting, initial introduction to the business, job offerings and finally an invitation to a more private back-room interview and details on the job. To protect the privacy of the participants who unknowingly took part in this social experiment there are no video recordings of Security Solution Ltd.‘s approaches, however their fake CEO did deliver a fake gold-sponsor speech during the congress closing event that resembled the standard text they delivered during their recruiting pitches.
Unfortunately, it was given in German, but in the following, I took the liberty to translate it to the best of my ability (and remove some filler-words, pauses etc.):
“Thank you very much for having me. My name is Ole Novotni, I am vice CEO of Security Solution Ltd. We are a young company, focussing on the development of proactive security solutions for the private an public sector, and setting standards in the security industry that are unmatched on a worldwide scale. In short: Quality made in Germany.
All of this would of course not be possible without a close indenting with — and I would even say embedding of — this unique and incredibly inspiring community. And at this point I want to also thank our friends from the Netherlands and the USA because they host those organisations without which the contact to the scene of hackers and computer specialists would have never been possible. It is of great significance that a well established movement like the Chaos Computer Club positions itself very clearly in relation to the socio-political issues arising from the ongoing digitalisation of society. And that is why we are very happy to support the 30th Chaos Communication Congress as gold-sponsor. And we hope we will be able to continue to support positive impulses of the community by supporting events like this one in hamburg as well as other hacker events in the whole of europe in the future. It was an extraordinary pleasure for us to provide crucial organisational and financial support to this scene of creative heads on this event. We hope that in the future, together, in collaboration with you — all you innovative and young people, as we met you everywhere on this congress — we hope to move forward together, tackling the security issues of our time and influencing those in a decisively positive manner.
It is also our wish to connect and moderate between our costumers in the governmental and private sector and you, the big talents of the IT industry — to work on exciting tasks in online trading, fighting crime, national defense and especially in cyber-defense, where we need effective and efficient solutions. Living developmental collaboration through practical help with security topic is our métier. And of it is of course also your chance to contribute to better security in the world — may it be through fighting against organised crime, drug-trafficking, pornography and international terrorism — Security Solutions Ltd. offers solutions and helps to protect the people. Through monitoring of international financial streams, controlling of people’s movements and especially the comprehensive surveillance of data-streams, our technical special solutions provide a valuable contribution. And in order to make this contribution possible we need you. Work with us, in an exciting, innovative environment; in a young team; to master the challenges of the future. It is a pleasure for me to …”
And the rest of the pitch was cut off as the fake recruiter was escorted off the stage by a friendly security guy.
It is important to emphasise that the crowd gathered at the Chaos Communication Congress is hardly a representative sample of the IT professional scene, nevertheless it is an outstanding source of hope that out of the 500+ participants Security Solutions Ltd. managed to talk to, only 2 proceeded to the prepared back-room interview. Every other participant was either not interested from the start or quickly managed to see through the façade of empty phrases and recruiter-speech.
For many years, agencies like the NSA, GCHQ and their contractors have spend many hours on hacker and security conferences like the 30c3 to recruit young brain power. It is why Keith Alexander dresses up in his “down to earth” costume when he goes to such events and even wears an Electronic Frontier Foundation t-shirt. They try to blend in and use clever phrases to sound completely innocent, appealing to the play-drive of young hackers. But especially since Edward Snowden’s revelations evidenced the suspicions many had for years, awareness of the potential danger of those recruiters appears to spread. DefCon, for example, recently decided not to let federal agencies participate in their 2013 conference. Black Hat conference on the other hand did invite Keith Alexander as keynote speaker — in other words the battle is not yet won.
As RMS, Assange and others never get tired of emphasising: if the wizards and heroes of the digital age, system administrators, electronic engineers and software programmers, if all IT professionals acknowledged and lived up to their ethical responsibilities, their tremendous leverage and power in today’s digitised world would provide significant potential for change. Accordingly, one can only hope that the spirit of unity and defiance displayed by the 30c3 crowd finds its way to the mainstream of IT professionals. 2 out of 500 is a very good start. Now let’s make it 2 out of 50 million. Or 0 out of 7.1 billion.