Friday, October 24, 2014


Tangled Web

The Woman Behind CryptoParty

Asher Wolf
Asher Wolf
In August, the Australian Parliament passed a new cybercrime bill that increased the powers of law enforcement to require Internet service providers to monitor and store their users’ data.

The country’s privacy advocates were up in arms. One of them was Asher Wolf (a pseudonym), a 32-year-old who had built up a following on Twitter for tweeting news about WikiLeaks and the Occupy movement and who cared deeply about online privacy. A friend of hers, @m1k3y, tweeted that in light of the new legislation, maybe now was the time to have an “install-the-crypto-apps party,” referring to the programs for computers that help protect a user’s privacy. Wolf half-jokingly agreed: “Let’s get together in the backyard with some chips,” she said, “let’s have a CryptoParty."

Less than four months later, there have been more than 30 CryptoParties held worldwide, many in the West, but also in Manila, Cairo, and on November 27, Tunisia. The concept of CryptoParty is simple: people get together to learn how to use tools to better protect their privacy.

CryptoParty doesn’t have a unified position on which tools it recommends, but Wolf says there is a focus on teaching three core technologies: Tor, which enables users to remain anonymous online; PGP (pretty good privacy), a program often used for encrypting e-mails; and Off-the-Record (OTR), a protocol that encrypts instant-messaging conversations.

"We want to make it bloody hard for governments and businesses around the world to invade the privacy of citizens. We want to teach people responsibility for keeping their information private and we want to give them the tools to do that," Wolf says.

A decentralized, leaderless movement, no one CryptoParty is the same. Wolf says that they tend to attract a diverse crowd. At the ones she’s attended there have been mothers, university students, and journalists who don’t want to expose their sources.

Cryptography, the practice of communicating securely, has always been in the hands of elites. Once it was the sole domain of governments and the military who believed that, in the wrong hands, keys, codes, and ciphers could be as lethal as weapons-grade plutonium. The growth of the cypherpunk movement in the 1990s changed all that. These activists argued that cryptography should not just be the preserve of governments but should be used by civilians to protect their privacy against the "surveillance state." Cryptography, they argued, wasn’t just for militaries and governments -- it was for everyone.

Except for a while, it wasn’t. It remained in the hands of a few devoted activists with sophisticated tech skills, many of them deeply antigovernment and with strong libertarian streaks. The cypherpunks developed the programs and the protocols, but for the average computer user many of the tools were intimidating and hard to use.

A single mom with a toddler, three years ago Wolf didn’t even own a laptop (she used a smartphone) and was using Facebook instead of the more privacy-conscious Twitter. After studying communications media and criminology at university, she worked for an NGO and does not have a computing background. “I call myself a citizen technologist,” she says, “which means I stuff around with things I don’t really understand completely yet.” After her 3-year-old goes to bed she teaches herself how to use the tools to better protect her privacy online.

Usability Vs. Security

For Wolf, CryptoParty has always been about bringing the conversation down to the level of the average user. “You have all these people turning up who are experts in the fields of cryptography and have expert skills in things like Tor and OTR and PGP and they’ve actually never tried to teach anyone to use them before," she says. "Suddenly they stand in front of a group of journalists and university students and activists and they begin talking about command lines and everyone looks at them like, ‘What the hell is this?’”

This summer, a piece of software called Cryptocat became the focus of much attention on listservs and in the tech press. (Read about it here, here, and here.) Cryptocat is an instant messaging platform that is installed in a user’s browser. Part of its initial appeal was that the user didn’t have to bother installing additional software and it was very simple to use. But critics of the software said that it was flawed and vulnerable to certain attacks.

The discussion about Cryptocat touched on a broader debate within the crypto community about the tradeoffs between, on the one hand, usability and design, and on the other, security. A simple-to-use tool that offers lousy security or a highly secure tool that can only be understood by someone with a computer-science degree are both of little use to activists. (The holy grail is the tool that offers near-perfect security and click-and-go usability.)

Against that background, for Wolf, CryptoParty isn’t just about teaching people how to better protect their privacy, it's also about creating a feedback loop between developers and users. What’s needed sometimes, she says, is to tell developers, “your app is great, but the accessibility and user features are sh*t or really difficult for the average user to understand.”

When Wolf first started promoting the idea of CryptoParty on Twitter, she says she felt resistance from some in the crypto community. She felt that people were saying to her, “Come kneel before us and lick our feet.” But instead of getting riled, she called their bluff. “If you think that our way of dealing with cryptography is flawed or teaching cryptography is flawed, then please show us how to do it better. We invite you to come along and we’ll shout you a beer,” she says. “It sorted the critics from the people who were just whiners. And very quickly you found the people who had a real commitment to cryptography.”

In its short lifespan, CryptoParty has mushroomed and more and more cities are planning CryptoParties. It has received messages of support from Electronic Frontier Foundation activists and many others in the crypto community. As veteran hacker Oxblood Ruffin said in an e-mail, “CryptoParty is Anonymous for grown ups.”

The movement faces some challenges. A 392-page CryptoParty Handbook, created by CryptoPartiers in Berlin, took some heat for its technical errors and for recommending what some experts thought were less-than-secure tools. And some within the digital-activism community believe that the CryptoParty model is more applicable for Western democracies than repressive states. (Holding CryptoParties openly would be a giant red flag to the authorities and put attendees under more government surveillance.)

One way around this, Wolf says, is to hold CryptoParties online or in closed sessions. “We certainly wouldn’t be promoting people holding CryptoParties in certain countries.” She gives the example of a CryptoParty in Egypt which was closed and not advertised.

In fact, rather than an organization, Wolf sees CryptoParty more like a meme. “We’re spreading a meme and that meme is privacy, the right to privacy.” CryptoParty is both cause and effect: it is helping move the needle in terms of greater privacy-awareness, but it is also a product of our more privacy-conscious culture. “Memes are things that we always knew, we just didn’t have a way to express it.”

Originally, Wolf says, the idea behind CryptoParty was selfish. It was about her wanting to learn how to protect herself better online. “I wasn’t thinking about Tunisia when we did this,” she says.

“I’m just doing it because when I look at pictures of LOLcats to relax at 2 a.m., I really don’t like the idea of thinking, well, everything I look at and every conversation I have with my friends in Europe, that every part of me that’s special or private gets handed to somebody in some banal bureaucracy somewhere,” she says. “I want something more for my life, for my child’s life. And this is my way of pushing back.”
This forum has been closed.
Comment Sorting
Comments
     
by: Paumea McKay from: New Zealand
November 27, 2012 21:45
Great stuff. Forget about the word government though. Always refer or think about them as (in Most Western Assemblies anyway) Oath Sworn So Help Me God PUBLIC SERVANTS. The greatest crimes of genocide, infanticide, aborticide geriatricide, ideocide and every other inhumancide (is there such a word//) has been perpretrated by PUBLIC SERVANTS who now believe they are the sovereign masters.

In Response

by: Catherine Fitzpatrick from: New York
November 29, 2012 06:02
I always marvel at the breathless fascination following the same old cadre-run secretive organizations that follow the same old tired Marxist-Leninist memes, even if they are updated with ginger moms with toddlers and fun keg parties. It's just Occupy Wall Street revolutionaries and the same British leftists always up to the same old worn ideologies. Look at the names and the same old few doing the same old wikis. It's not Anonymous for grownups; it's just Anonymous, with a new shtick on how to shill the cause better and gull more people. It's not merely about privacy, but comes with a full-blown agenda of revolutionary action to overthrow capitalism.

Worst of all is the "privacy for me but not for three" behind all the secrecy. None of them want to take accountability for their own aggressive hacking actions even as they demand that states -- even liberal states -- and individuals they don't like are supposed to expose all to them.

Tor should be utterly discredited for so many reasons, not the least of which US military manipulation of it from the get-go, and the WikiLeaks gang (Jacob Appelbaum) now touting it.

The Crypto Party is in fact a party, and is just another leftist revolutionary tendency like the Pirate Party. Yes, sometimes they describe themselves as beyond politics and wave the word "libertarian" around so that you will think they are liberals. They are not. They are ideologically-driven hard-core seasoned cadres who want to make the Internet a totalitarian space they control, and banish business, governments, and individuals whose political views they don't like from that space. No thanks, comrades!
In Response

by: Peter from: Australia
November 30, 2012 14:41
Wow Catherine you really are a bit of a loony aren't you?
In Response

by: Catherine Fitzpatrick from: New York
December 01, 2012 11:09
I don't know how much research was done for this piece, but Asher Wolf is the subject of an attempt to subpoena her Twitter account by the Boston police.

http://www.crikey.com.au/2012/01/17/the-boston-fishing-party-and-australians-rights-online/

The Boston district attorney is seeking information about those who hacked and exposed the personal information of police who arrested the Occupy Boston crew when they refused to disperse. This intimidation of police doing their jobs is a typical tactic of Occupy and their stormtroopers from Anonymous, abetted by the WikiLeaks cadres:

http://mrctv.org/videos/occupy-wall-streets-organized-effort-intimidate-police

One can keep endlessly claiming that tweeting is journalism, but more often than not, tweeting is organizing the revolution, which has no respect for the rule of law.

BTW, Asher doesn't always wait until her toddler goes to bed to go online. She proudly tweets that her kid has found the scissors and given himself a haircut, and she has to go AFK.

Again, I stand by my statement that "Crypto Party" is merely the latest gambit to try to dress up the seasoned and hardened cadres as "ordinary people" just "interesting in protecting their online privacy" so they can send Lolcats in peace. It's fake, and it's just the same old Occupy, Anonymous and WikiLeaks ops, even though of course they want to keep your off balance and tell you that you can "never know enough" about how these lovely factions are all "different".


In Response

by: Catherine Fitzpatrick from: New York
December 01, 2012 11:57
Asher Wolf has told me on Twitter that she and her lawyers beat the subpoena which she views as a gross civil rights abuse and an ignorant fishing expedition that "doesn't get how the Internet works" because police sought information from retweeters and those using hashtags.

Baloney. The police in Boston aren't stupid, and they get that the cohorts of retweeters, anonymous accounts, hashtaggers etc form the substrate of the revolution and are themselves at times directly or indirectly implicated in acts violating the civil rights of other people, and in this case, outing the private information of police so that they could be harassed in their private homes. Occupy and WikiLeaks are all about "privacy for me and not for thee" as I've noted.

Should the civil rights of unaccountable digital -- and real -- anarchists be endlessly protected as they violate the civil rights of others? This is a debate society must have, but it won't be one found on this blog and certainly not among the ranks of the cadres in these online anarchist movements.

by: Sick of the Stupid from: Far from you idiots
December 14, 2012 20:52
How sad it is that this article is about someone who cares about privacy, so the immediate response by this concerned press is to destroy the privacy of the person who promotes privacy.
The comment forum peanut gallery and their attempts at character assassination are just the cherry on top.

About This Blog



Written by Luke Allnutt, Tangled Web focuses on the smart ways people in closed societies are using social media, mobile phones, and the Internet to circumvent their governments and the efforts of less-than-democratic governments to control the web. 
Partner Media

No records found for this widget:17474

Whistleblowing Survey

Griffith University and the University of Melbourne are running an international survey about attitudes to whistleblowing. The survey is anonymous and anyone can take part, not just whistleblowers. We invite you to participate in the World Online Whistleblowing Survey.