From its roots in phone phreaking to the crackdowns and legal precedents that drove hacking mostly underground (or into business), hacker culture in the United States has seen a lot over the last three decades. Perhaps the biggest standout is the L0pht, a visible 1990s US hackerspace that engaged in open disclosure and was, arguably, the last of the publicly influential US hacker groups.
The details of the American hacker scene were well covered in my article yesterday. It ended on a bit of a down note. The L0pht is long gone, and no other groups that I know of have matched their mix of social responsibility and public visibility. This is a shame because a lot of hacker-relevant issues are getting decided in the USA right now, and largely without our input.
Chaos Computer Club
But let’s turn away from the USA and catch up with Germany. In the early 1980s, in Germany as in America, there were many local computer clubs that were not much more than a monthly evening in a cafeteria or a science museum or (as was the case with the CCC) a newspaper office. Early computer enthusiasts traded know-how, and software, for free. At least in America, nothing was more formally arranged than was necessary to secure a meeting space: we all knew when to show up, so what more needed to be done?
Things are a little different in the German soul. Peer inside and you’ll find the “Vereinsmentalität” — a “club-mentality”. Most any hobby or sport that you can do in Germany has an associated club that you can join. Winter biathlon, bee-keeping, watercolor painting, or hacking: when Germans do fun stuff, they like to get organized and do fun stuff together.
So the CCC began as an informal local hacker meetup in 1981, and then went on to having regular meetings in Hamburg. In 1984, they held the first Chaos Communication Congress, an annual meeting held just after Christmas that’s now in its 32nd year. A few years later, the CCC formally incorporated as a registered association, but there was a little more at work than simply “Vereinsmentalität”.
Translated from the CCC’s website: “In order to rule out legal misunderstandings, the CCC was registered as an e.V. to further information freedom, and the human right of at least worldwide unhindered communication.” I want to draw your attention to the cute phrase: “to rule out legal misunderstandings.” You see, even though the CCC had only been in informal existence for about five years, they’d already pulled off some stellar hacks that could potentially land people in difficult legal situations — and would have without question just a few years later in America. Ironically, by publicly incorporating and becoming pre-emptively open, rather than trying to hide, the CCC was buying itself some cover.
If you notice the parallel between the reason that the CCC became a registered association and the reasons that Mudge brought the L0pht into the government’s eye, you’ve got this article’s thesis in a nutshell. Publicly-visible and responsible hacking groups take an end-run around the potential charge that they’re a “gang” or that they’re doing something shady. How many gangs have 501c3 status? At the same time, they make it easy for newspapers and congressmen alike to find them if they have questions. The hackers become members of society.
The CCC has done the par-excellence, to the point that occasionally the club’s publications have had to remind folks to remember the actual binding force that holds geeks together: “Spaß am Gerät”, fun with the machines, or happy hacking.
The BTX Hack
While the CCC may have started out like other clubs, a few early high-profile hacks helped set the direction of the club, as well as contribute to their public image as being on the side of the common man. Which is not to say that everyone’s motivations are pure, or that everything was above-board. But, like L0pht would later become in the USA, the CCC became a source of public information about the security failures in the new online world. The CCC was committed to disclosing these failures regardless of the possible damage to reputation that doing so might cause. And it didn’t hurt if the reputation damaged was that of the hackers’ arch-enemy, the Bundespost.
The “Bundespest” was a favorite target of German hackers. The government telecom and post monopoly was, like AT&T in the USA, very probably overcharging for services because it could. As mentioned last time the Post forbade the import of foreign modems, requiring Germans to purchase the more expensive “official” models. Phone calls, which also meant data at the time, were expensive, and even normal people wanted alternatives to the Post. Idealist hackers like CCC founder Wau Holland wanted free alternatives.
The target in 1984 was Bildschirmtext. Bildshirmtext, or BTX, was an advanced-for-its-time dial-up service that was most similar to Compuserve‘s early service in the USA. Only BTX was run by the government phone monopoly, and relatively costly.
The story goes that a buffer overflow was discovered by CCC founders Wau Holland and Steffen Wernéry that would spit out unencoded data, among them passwords in cleartext. After going to the Bundespost, and being ignored, they cooked up a spectacular hack and went to ZDF — the second national television network — and got on the nightly news. Holland and Wernéry managed to get the password from a Hamburg bank and opened up a paid BTX site that the CCC owned, repeatedly, from the bank’s account. After racking up 136,000 Deutschmarks overnight, they went to the press. (They gave the money back, naturally.)
But having a high-profile hack (Google translate link) of an important system shown on the national nightly news is a game-changer. The Hamburg bank thanked them for making them aware of the potential problem. The Bundespost had to respond a few days later, saying that they’d fixed the flaw. But the cat was out of the bag, and more to the point the public was giving their data security a second thought. And the CCC came off as dial-up Robin Hoods.
By going straight to the press, the CCC managed to stay on the right side of the law and public opinion, most of the time. When asked if the police knew what they were up to, for instance, Holland responded in an interview that he personally sent a copy of the CCC’s newsletter, die datenschleuder: the “data-flinger”, to the head of the Bavarian police computer crime unit. The media presented the CCC, and hackers in general, as the necessary civil-society counterpoint to the assertions of big business that their data would be kept secure.
Through high-profile hacks that had public impact, as well furthering happy hacking, the CCC grew its membership and spun off satellite clubs outside of Hamburg. Today there are 25 local CCC branches in Germany, and with over 5,500 members, the CCC is certainly the largest computer club in Germany and probably the world. And because they’ve publicly probed into technology that affects everyone, from BTX to computer voting systems, the press and society, and even sometimes the government, listens.
Hackerspaces, Bringing a Slice of Germany to the USA (and the World)
All this talk about the CCC brings us, oddly enough, back to the USA. Whether you realize it or not, the CCC’s 25 locals (and the independent but friendly c-base in Berlin and Metalab in Vienna) were the prototype for what I’d call new-wave hackerspaces in the USA.
A group of American hackers, among them Bre Pettis, Nick Farr, and Mitch Altman, went on a European vacation to the Chaos Communications Camp in the summer of 2007, and then on to a tour of German and Austrian hackerspaces to see what made them tick, with the thought of bringing the idea back home to the US. At the 24th Chaos Communications Congress in December 2007, Jens Ohlig and Lars Weiler, founders of the CCC branches in Cologne and Dusseldorf gave a talk about everything they new about running a hackerspace to help out their American friends: Building a Hackerspace.
The slides from this talk, the Hackerspace Design Patterns would become the jumping-off point for founding three of the first new-wave American hackerspaces. In February 2008, the for-profit NYC Resistor opened its doors. By March, HacDC was incorporated as a non-profit and was open for non-business. And although they’d been meeting here and there for a while, Noisebridge rented its first space in October of 2008, and incorporated as a non-profit six months thereafter.
Within a couple years, there were a hundred hackerspaces in the USA. Today, there are 406 registered active hackerspaces on hackerspaces.org in the US, and 1,200+ worldwide. Not bad for eight years’ work! If you haven’t been to your local hackerspace yet, you owe it to yourself.
Due to the tastes of individual members, every hackerspace is slightly different. I don’t know how exactly to draw the distinction between a hackerspace and a “makerspace” but it seems that there are groups that focus more on hardware projects, and those that focus more on computers and information freedom. But my own experience is that there are no hard boundaries, either, and the strong-suits of a space tend to shift over time.
And that’s a good thing, because when people are having fun hacking they produce their best work, and providing constant opportunities for cross-pollination helps keep things fresh. In the early years of HacDC, we had a great time with high-altitude ballooning, for instance, because it got to connect up our hardware folks with the ham radio people and even the web-development types who cobbled together a nice real-time mapping solution. But at the same time, HacDC also put out Project Byzantium, an easy-to-configure ad-hoc wireless mesh networking solution.
So as much as I love the way that the US hackerspaces have sprouted up out of over the last decade, and as much as each individual space that I’ve visited has been neat and interesting in its own right, I have to say that there’s something missing in the USA, and that’s a larger organization and purpose. It’s hard to overestimate how much cool stuff could get done if some of the ambition of the USA’s 400+ hackerspaces were pooled together.
So what’s the next step, Team USA? It’s going to be incredibly hard to get any consensus across 400+ hackerspaces, but imagine the amount of good it would do if you could all occasionally speak with one voice? But where to start? How would one even try to organize this chaos?
You want to know how I think the Germans would do it? An annual conference first, and then incorporate an organization to handle the coordination: you’ll be surprised how much focus and teamwork pulling off a large annual conference will build. An annual event gives groups a deadline to work toward, and I don’t need to tell you how important that is. And an annual conference gets people physically together and having fun, and that absolutely shouldn’t be underrated.
Don’t know what common ground you all have? You could do worse than start with the the Hacker ethic, which non-coincidentally came up out of the early days of MIT’s shared computer resources, but is the unifying basis in the German CCC:
- Access to computers—and anything which might teach you something about the way the world works—should be unlimited and total. Always yield to the Hands-On Imperative!
- All information should be free
- Mistrust authority—promote decentralization
- Hackers should be judged by their hacking, not criteria such as degrees, age, race, sex, or position
- You can create art and beauty on a computer
- Computers can change your life for the better
And at least consider the CCC’s two additions:
- Don’t meddle in the data of others
- Use open data, protect private data
(Elliot was a founding member of HacDC and is at least paying dues at the Munich CCC, though he hasn’t been over in a shamefully long time.)