Shmoocon V: Storming the Ivy Tower

I have been lax, I have notes from a handful more sessions from Shmoocon V last month.  This one, Storming the Ivy Tower, was presented by Sandy “Mouse” Clark.  I chatted with Sandy at Shmoocon two years ago and shared that audio on the podcast.  She’s a systems programmer, a lock picker, and now a graduate student.

She used her experiences in grad school to talk about unconventional ways to get admitted and how to approach academic publishing, as a hacker.  I like the way she stared by characterizing the psychology of the relationship between schools and potential students.   Universities have brands, they are mostly  interested building and protecting them.  Applicants by contrast are largely anonymous.  Schools often select applicants they feel can enhance their brand.  The application essays are your chance to shine, to sell your own brand, how to adds to the school’s.  The standardized tests have already been hacked, use the tools available so you can concentrate your efforts on selling yourself.

She also touched on financial packages.  Some schools are responding to criticisms about financial burdens on students.  This is a topic Kevin Crosby has also discussed on Life After Law School.  Many schools are now trying to reduce the loan load.  It is worth asking and pushing to see what is possible in terms of support and assistance.

Moust then pointed out how many schools are also starting to cater to adult students.  This should make the non-financial logistics easier to manage, too.  Expect this trend to accelerate with the bad economy.

On publishing, she compared academic papers to hacker white papers.  Mostly the difference boils down to citations, authors and peer review.  At this point in her presentation, her adviser (and the key note speaker) Matt Blaze chimed in a bit.  He spoke mostly about the working life of grad students.  He also filled in from his perspective on the process of securing grants and how that affects the wage he is able to offer his students.

Just the notion, and encouragement, to approach graduate school like a hacker was really exciting to me.  If I ever get off my own behind and make a serious go of more advanced education, I’ll definitely bear Mouse’ greate advice in mind.

Matt Blaze’s Keynote at Shmoocon V

If you don’t know of Matt Blaze, I’ll do my best to relay the introduction he was given for his key note last night. One of the shmoos observed him at another hacker con, sitting on the floor with a bunch of other attendees. They had the keys to their dorm rooms out, presumably to do something lock pick related. As it turns out, Blaze was actually performing a cryptanalysis on the keys. When finished, he filed out a master key for all the dorm rooms from a blank. Saying he is hacking on another level is an understatement.

During his career Blazed worked at Bell Labs and currently teaches at Penn.  In fact, he worked at Bell during the whole skipjack, Clipper fiasco and related his own personal experience as a way of illuminating the topic of his key note, the difference between wiretapping reality and policy.  He pointed out that his usual audience is made up of the ones facing off against policy makers, defending the reality of the security of proposed systems, protocols and schemes.  Despite the political desire to effect perfect wiretaps by fiat, hackers, as Blaze said, are always right.

My own inference from that observation and his supporting examples is there is perhaps a greater opportunity for activism, here.  The challenges are not to be underestimated, though.  Blaze clearly demonstrated the extreme difference in mindset.  At a meeting with some Feds, he explains he came away feeling they were interested and engaged.  A colleague then pointed out to him that adversarial questioning among law enforcers and lawmakers is just that adversarial.  In academic circles, it is just part of the peer review process and to be taken, by contrast, merely as a sign of healthy debate.

The experiences and technologies Blaze then went on to recount, point out the poor approach to security protocols policy makers force implementers to take.  He contrasts this to what techies would do on their own, a much slower, more humble and deliberative way of trying to assess real risk and continually try to improve.  Blaze was very fortunate to have some inside access to government designed technology, like skipjack, and through his research discovered that not only did it not work as advertised, it did not work at all.

Some of this was a consequence of the times.  Prior to the early nineties, general purpose computers didn’t have the power to compute encryption anywhere near fast enough for common use.  Around the time of Clipper, though, this had changed.  The fact that crypto could now be implemented purely in software made legislated security protocols even less realistic.  It also highlighted the folly of the export ban, suggesting that what the policy was in effect doing was mandating suppression of the thought and work of academics doing security research.

One of his examples, exploitable, in-band control signalling in wiretap equipment, is telling.  This equipment, which he was able to examine as part of a grant and some digging around on eBay (as he says, the makers of this equipment, you’ve never heard of), was built well after the 2600Hz fiasco in the public switched telephone network.  Policy makers should have known better, techies had an irrefutable example to point at.  Worse, when CALEA was enacted, the FBI mandated that this mistake be committed again, despite the protests of the technical community, just for the sake of backwards compatibility.

I thought there was another interesting implication here.  He contrasted the mandated wiretap interfaces in CALEA approved devices with investigators finding and exploiting natural characteristics of communications technology.  To me that actually says something about weakening the ability of law enforcers to tackle novel challenges, such as illicit non-CALEA compliant gear.  Again that ridiculous expectation that those that break one set of laws will observe another.  By contrast, if law enforcers were in the habit of exploiting without any advanced knowledge, there wouldn’t be a gap in the cost and effort between different classes of systems in terms of implementing legal wiretaps.

His more important point about wiretaps is that up until the recent NSA debable, they were retail taps, at best.  They are uncommon and conducted for evidentiary purposes, not for wholesale surveillance.  In that context, he clearly felt CALEA was exposing us all to a full time risk for those who would abuse the system, even without considering the issue of 4th amendment protections.  Legislated interfaces present a uniform target that is always available for attack even though such interfaces are used legitimately with supreme infrequency.

In this vein, he closed his key note drawing this notion into the NSA warrant-less wiretaps.  You can set aside the concern of the legality of the proceedings and still have a huge concern.  The taps put in place are whole sale surveillance, conducted on the trunk lines at the national borders.  Think about how that now acts as a force multiplier over the retail model, especially considering the common and recurring mistakes made in their implementation.

Blaze’s key note was a good reminder, apt given the audience, that while we so quickly leap to deal with the rights issues, there are also plenty of technical issues that may be more amenable to criticism and hopefully reform as they rely less on interpretation of invasiveness or individual harms but rather depend on a somewhat more cut-and-dried physical risk assessment.