What it means to be a hacker - Rop Gonggrijp
Via Patrice Riemens on the Net Time Mailinglist:
From 2600 magazine, Winter issue - #4, 2007
(http://www.2600.com)
What it means to be a hacker
by Rop Gonggrijp
My most recent confrontation with what it means to be a hacker started
in March of 2006, after I went to vote for the local council of
Amsterdam. At the polling station, I had to use a brand-new electronic
voting machine that the city was renting from a company called Sdu.
In fact, Amsterdam had contracted the entire election as a turnkey
service, Sdu was even training the poll-workers. This “voting machine”
was in fact a computer with a touch screen running Windows. To make
maters worse: inside each computer was a GPRS wireless modem that sent
the election results to Sdu, which in turn told the city. I had not
been blind to the problems of electronic voting before, but now I was
having my face rubbed in it, and it hurt.
Perhaps I should quickly introduce myself. My name is Rop Gonggrijp
and I’m a dutch national that lives in Amsterdam, The Netherlands.
Some of you will know me as I have been mentioned in this magazine as
well as been a regular guest on Off the Hook for almost as long as the
show exists. I’m one of the main organizers for these Dutch hacker
events. Between 1989 and 1993 I published Hack-Tic, a magazine not
unlike 2600 except that it was written in Dutch. During the late Hack-
Tic years I co-founded XS4ALL, which still is one of the larger ISPs
in The Netherlands.
I guess I became part of the hacker community sometime during the
early 1980s while playing with my fathers 300 baud acoustic modem,
although arguably I was hacking before when I was soldering FM-
transmitters together with a friend at age 12. But after reading
Steven Levy’s book ‘Hackers, heroes of the computer revolution’, I
knew what I was and that I was to be part of a global community, even
if I could only knew a few other hackers around me. Imagine my relief
when I went to Hamburg for the 1988 Chaos Communication Congress to
find a few hundred other hackers. After that I was hooked, and by 1989
I was one of the organizers of the first European hacker event: the
Galactic Hacker Party. Long and formative years of exploration, mayhem
and mischief followed, during which, among many other things, we found
and shared many new and interesting ways of making free phone calls.
And when we got our hands on the keys to the nuclear bunkers that
underlied some subway stations in Amsterdam, we promptly organized
tours there for all our friends and their friends. But even behind the
greatest mischief was the motivation to educate, to sharpen the minds
of fellow hackers and of the population at large.
XS4ALL, the Internet provider, was much more a political statement
than anything else. The Internet back then would never make any money:
way too difficult and freaky for the general population. I left XS4ALL
in 1997 and started a computer security consultancy, and then after
that a company that builds voice encrypting mobile phones, but I kept
going to hacker events and co-organizing our own event every four
years.
Fast forward to 2006 and the local elections. I was angry because I
felt my election had been stolen: there was no way to observe a count,
one just had to believe that this wireless-equipped black-box Windows
machine was counting honestly. I knew a little bit too much about the
risks associated with computer technology to go along with that. I
wasn’t the only one that was angry: my longtime friend Barry came home
from that March 2006 election with the exact same story that I had
come home with: trying to reason with poll-workers that clearly felt
that only the medically paranoid would distrust such a wonderful shiny
box. When we met later that day we vowed to not only get mad, but to
do something about it.
Which wasn’t going to be all that easy. By the time Amsterdam had
gotten electronic voting, it was pretty late in the game: Amsterdam
(pop. ~750k) was the last city in The Netherlands (pop. 16.5M) to
get electronic voting. Some cities were renting the same system as
Amsterdam, but the vast majority was using an older system made by
a company called Nedap. While I studied the legal requirements for
electronic voting, I became even more convinced that all of these
‘machines’ (that were all in fact computers) needed to go if we were
to have transparent and verifiable elections. The regulations treated
these systems as if they were indeed mere ‘machines’: they worried
about the amounts of humidity and vibration they could withstand and
they made sure nobody would get shocked from touching one. Computer
security wasn’t even mentioned. But the biggest problem wasn’t the
lack of security, it was the lack of transparency. We got together a
small group of like-minded people and started planning a campaign.
There had been previous attempts to raise the question trustworthiness
in relation to voting machines, but the ministry of the interior was
used to painting the opponents of electronic voting as technophobe
luddites. Given that half our group consisted of hi-tech-loving
hackers this was an approach that wasn’t going to work this time.
During the next year and a half we managed to get the attention of the
media. We claimed that the Nedap ‘machines’ were computers and not
‘dedicated hardware’ (as the manufacturer claimed) and that they could
just as easily be taught to play chess or lie about election results.
The person selling these computers in the Netherlands wrote wonderful
long rants on his website, and in reaction to our claim he said he did
not believe his ‘machines’ could play chess.
So we caused a true media frenzy when we got hold of a Nedap voting
computer and made it play chess. (We also made it lie about election
results.) There was a debate in parliament, during which the
responsible minister promised to appoint two committees. That next
election, an international election observation mission studied the
problems with electronic voting in the country which until then had
always been the example country for uncontroversial e-Voting. In their
report, they advised that this type of voting computers “should be
phased out” and the two committees also wrote very harsh reports about
how these ‘machines’ came about and how they should not be used in
the future. A lot more happened: we threatened to take the government
to court on several occasions, and we even won a case in which the
Nedap approval was nullified. But by then the ministry had already
decided to throw in the towel, retracting the legislation that allows
electronic voting. The next elections in The Netherlands will be held
using pencils and paper. (Which is really quite OK since over here
we’ve only got one race per election, so counting by hand isn’t all
that hard.)
One of the things that struck me about this campaign is that in order
to win, we’ve needed almost every hacker-skill imaginable. Imagine
all the stuff you can learn from this magazine, or from going to (or
helping organize) a hacker convention. From general skills such as
dealing with the media or writing press-releases to social engineering
(getting hold of the system), lockpicking (showing the mechanical
locks were bogus, the same 1 Euro key was used all over the country),
reverse engineering (modifying their 68000 code without access to
source) and system administration (website). Having published a hacker
magazine and done the ISP, I was no stranger to conflict: at XS4ALL we
had had serious issues with the infamous ‘church’ of Scientology as
well as with the German government. Also the international contacts
I got from growing up in the hacker community paid off: the hack was
very much a Dutch-German project, and we’re still working together
tightly to also get rid of these same ‘machines’ in Germany. At
certain moments I had the funny feeling that somehow this was the
project that I had been in training for all these years.
So I guess what I’m saying is that if you are a hacker, if you’re
going to hacker conventions, if you like figuring stuff out or if you
are building your own projects…. Please realize that, possibly by
accident, you may also possess some truly powerful skills that can
help bring about political change, and that these skills will become
more and more important as technology becomes a bigger part of ever
more political debates. So if you don’t like the news: go out and make
some of your own!
