Hacker culture in Germany and the US is very similar in a lot of ways, from the relative mix of hardware versus software types to the side-affinities for amateur radio and blinkenlights. Reading Hackaday, you’ll find similar projects coming out of both countries. Both countries have seen hackerspaces bloom in the last decade to the point that there’s probably one or two in whatever city you’re living in. But there’s one thing that hackers in the USA are still lacking that German hackers have had for a while: respect.
Say the word “hacker” in different social circles, and you never know what kind of response you’re going to get. Who exactly are “hackers” anyway? Are we talking about the folks blackmailing you for your account details on Ashley Madison? Or stealing credit card numbers from Target? Or are we talking about the folks who have a good time breaking stuff and building stuff, and taking things apart to see how they work?
The discussion over who’s a “hacker” is as old as the hills, by Internet standards anyway, and it’s not going to get settled here. But think about the last time you heard the word “hacker” used in anything but its negative sense in the popular press. If you can’t remember a single instance in this century, you’re living in the USA. If you answered, “just yesterday, in one of the nation’s most important newspapers”, then you’re living in Germany.
Hackers’ Place in Society
The article that sparked me to write this (here in Google translate) is titled “Why Hackers are so Important for Society.” You know why, and I know why; because we take things apart and think about how they work on a fundamental level: from consumer electronics to encryption protocols. But imagine reading that headline in an American newspaper.
German hackers have enough respect that the German government frequently takes testimony from representatives of the Chaos Computer Club (CCC) on matters of IT security, electronic voting machines, data freedom, and similar areas of expertise. The press, and not just the computer press, comes to the CCC when they have a story to check out. The Pirate Party, founded at the c-base hackerspace in Berlin, actually got enough votes to have representation in four German state parliaments in 2012, and a single representative in the EU parliament. While it’s certainly not the case that every German would say “hackers” are a force for good, their media presence and overall political and societal impact is orders of magnitude better than in the USA.
How this came to pass, and what it could suggest for US hacker society, is worth thinking about. I don’t claim to have all the answers; part of this essay is an attempt to open up a dialog by comparison. But it’s important to think about why US hackers are marginalized, or why German hackers are (almost) normal members of society, especially while the views of the tech-savvy are increasingly needed in public debate.
Hacking on the Phone
The US image of a hacker is a guy, maybe even a teen-ager, working long hours alone trying to break into AT&T’s system or playing tic-tac-toe with WOPR. And in the early 1980’s, this wasn’t far wrong, except for the loner bit. There were phone phreaks hacking away to make (illegal) free phone calls. But they were often organized in crews, sharing information and working together. The Legion of Doom’s own Technical Journal, Phrack or 2600, and the free information shared on myriad BBSes of the day were anything but isolating. If you had access, they were positively inviting.
Notice what’s going on here. At the time, AT&T had a monopoly on long-distance phone calls, and the prices were anything but reasonable. In order for a bunch of like-minded technical hackers to get together and chat, or to dial up out-of-state BBSes, they almost had to break into the system. Of course, it also helped that the phone network was one of the most interesting and challenging pieces of information technology around at the time. But the common thread among the phone phreaks is that they were communicating, both as the means and the end goal.
The German hacker scene came out of very similar roots. Germany also had a phone monopoly, but was even more restrictive than AT&T in the US. In Germany, not only did you have one phone carrier, Deutsche Bundespost, but they were directly state owned and Germany’s largest employer. The Bundespost could dictate by law what phone devices you could attach to the phone lines, and this included modems which were ridiculously expensive in the early 1980s. Some of the CCC’s earliest activities were in phone phreaking against the Bundespost, which I’ll lump into the definitely-illegal-and-morally-debatable category, but also in making affordable DIY modems to enable inter-nerd communication. And although this was also illegal, I claim it’s morally alright and definitely technologically awesome.
The “Datenklo” (Google translate version) was a DIY acoustic-coupler modem that ran at 300 baud. The name is a bizarre mashup of “data” and “toilet” because the foam-rubber rings that were used in the design to insulate the phone were readily available in just the right size from the plumbing supplies section as toilet seals.)
But I digress. Early-1980s hacking in both the US and Germany were characterized by legal and not-so-legal hacking as a group effort, and was centered around a love of technological exploration and its communication both in digital and print media. Everyone was phone-phreaking against a telecom monopoly just so that they could talk together about how the phone system worked under the covers, because at the time the phone system was the coolest system going.
This is where paths begin to diverge. By the 1990’s, the American hackers were marginalized and largely separated, while the German hackers had formed a strong national organization with branches in a number of cities.
In the US, the golden age of phone phreaking came to an end in 1990 when the US Secret Service seized many of the computers on which people were running BBSes and essentially announced open season on hackers. Most all of the phone phreaks were driven deep underground. Groups of hackers were treated as “gangs” and communicating about the internals of the phone system on a BBS was conspiracy to commit crimes rather than free speech. Hundreds of computers running suspect BBSes were impounded for months or years, even if no charges were ever brought. At the same time, the US started to enforce laws that were previously intended to protect government computers as applying to any computer on the Internet.
In short, there was an overnight raid on hacking in the States. Hacking was criminalized, the more organized crews were disbanded, and a very few even faced jail time. Whatever community there was in the US hacking scene became, at least for a little while, muted or pushed very far underground. Bruce Sterling’s The Hacker Crackdown is the canonical chronicle of the end of the phreaking golden era, and is a great read when you have the time.
By 1990 this description of hackers in a 1981 New York Times article was painfully dated:
Hackers are technical experts; skilled, often young, computer programmers, who almost whimsically probe the defenses of a computer system, searching out the limits and the possibilities of the machine. Despite their seemingly subversive role, hackers are a recognized asset in the computer industry, often highly prized.
Public sentiment was already being pushed to recognize hackers as deviants or criminals.
L0pht Heavy Industries
But hackers gotta hack, and the large geographically-distributed assemblages gave way to more local scenes. L0pht was one of the most visible hacker groups in the US in the 1990s. The actual “l0pht” in question was the archetypical hackerspace: full of junk (ahem, inspirational technological raw material) and computers and smart folks interested in all of the above. Early on, L0pht got a bunch of good press, for instance this article in the New York Times.
And at perhaps the high point of US hacker-government relations we saw a crew of seven from L0pht testifying in front of the US Senate on the relevance of hacking to US state security. Senator Fred Thompson introduced them as a “hacker think-tank” to his fellow Senators in an effort to soften the blow. Interestingly, the beginnings of the L0pht’s involvement with the government was a defensive maneouver by Mudge aimed at raising their profile and avoiding any misunderstandings, which is to say not getting raided.
The folks from L0pht would eventually become early advocates of full disclosure, whether responsible or otherwise. Their advisories were a must-read for anyone interested in hacking or computer security during the 1990s. While perhaps not everything that went on at L0pht was strictly legal, it’s pretty clear that their hearts were in the right place: somewhere between chaotic neutral and chaotic good. The Washington Post ran a good article on L0pht recently that should also be on your reading list.
What I think matters about L0pht, though, is that they became a visible group, and that they were much more motivated by a desire to get broken stuff fixed. Because of their high public profile, they knew they were being watched, and there was an incentive to “behave” or at least to appear to be behaving. They got flack from both the black-hat hacker community for having “sold out” and from the software industry for being rogues — a sign that they got the balance right. Moreover, they had a purpose, and they were organized.
And then L0pht stopped being a hackerspace and moved into the security industry, and its members grew apart over business differences. In a way, the end of L0pht parallels the business-ification of hacking throughout the US — or the growth of the security industry, depending on your vantage point. In a post-1990 US, “hacking” doesn’t sell well in the boardroom, and the dichotomy between the white-hat hackers (ahem, “security researchers”) and the black hats has grown very stark. With high salaries on one side, and a changing legal environment on the other, there’s little room for anything in-between like the L0pht any more. This is a dangerous hole in US hacker culture, especially for the younger folks who aren’t yet old enough to put on a suit but who like to play with computers. Where do they fit in?
Today the USA, Tomorrow Germany
Hacking in the USA has followed a long and winding road from being open and community-driven, to going fully underground, with a few exceptional groups in the public eye. Tomorrow, I’ll go back to the 1980s and replay an alternate history from the German perspective and argue that the US hacking scene can stand to learn a bit from the comparison. If you buy this argument, then there’s a lot of work to do in US hackerspaces. Stay tuned!