CryptoParty Albuquerque: Know Your (Digital) Rights

A few weeks ago I had the pleasure of hosting CryptoParty Albuquerque. If you missed the party (and it was an awesome party), be sure to check out my “what you missed” post about CryptoParty Albuquerque. As I wrote there, my co-host and I began CryptoParty Albuquerque with two back-to-back presentations to ensure that everyone participating got exposed to what we felt are the most fundamental bits of information.

My opening presentation was first and it was a gentle introduction to threats and how to defend against them. After that, I handed the mic to my co-host, who gave a brief “digital know your rights” talk. A video and a transcript of that presentation is below:

So, it’s good to encrypt your data using all the tools available, but what happens when you’re faced with police wanting to search your digital device? Well, the best tool you have then is to know your rights! And thanks to the Electronic Frontier Foundation (EFF) and their helpful guides we know what to do when the police come around asking to search your phone or computer. Tonight I’m going to be talking about what your rights are and how to act around the police, essentially giving you a brief overview of the guides the EFF has available.

With that in mind, I am not a lawyer and I am not giving you actual legal advice, I am just sharing with you what I learned from reading a bunch of stuff on the internet, because I care about these things, but it is not actual legal advice. Please use these suggestions at your own discretion.

The rights protecting your digital advice are pretty much the same that are granted to you by the fourth amendment of the constitution. You are protected against unreasonable search and seizure of your phone. With a few exceptions, you’re not obliged to let the authorities into your device, so we say the fourth amendment mostly applies.

We need to borrow a bit from maymay’s threat model from the previous presentation and figure out who we are and what we are protecting. We’re going to go over four roles in this presentation and those include:

  • a person going about your day
  • a protestor, activist, or someone documenting a protest or the police themselves?
  • an employee at your job?
  • a person crossing the border into the U.S?

Rights are different for each of these roles, and I’ll go over each in more detail.
Before I do, I want to say that if you are not a citizen of the U.S. you are still, amazingly enough, protected by the fourth and fifth amendments, but your interaction with the police may be more complicated depending on your immigration status. Unfortunately, that situation is beyond the scope of this presentation, but there are resources available to you if you are not a citizen and the police are compelling you to let them search your device. Besides the EFF, you can contact the National Lawyers Guild, and locally, Somos un Pueblo unido, a wonderful organization based in Santa Fe, and the NM chapter of the Dreamers. These will have specialized legal resources that can be made available to you as an immigrant, however, the following tips still do apply.

So the first situation is you’re just going about your day, and officer Johnson comes up to you and says “I’d like to search your phone!” What do you do? Well, you should have already encrypted your device. If you encrypt your device, it will be protected against easy access, and you have the right not give up your passphrase under any circumstances. The best protection is a full passphrase with encryption, as screen locks, like the four digits on iOS or the pattern match on Android are easily bypassed. Now, a grand jury or a judge may try to compel you to give up your passphrase and decrypt your device, but the police cannot, and if you find yourself in a situation where a judge or jury is trying to make you give up your passphrase, please call the EFF, they’ll help you out.

Now, you have an encrypted device, and Office johnson wants to search it. Well, don’t consent to a search! say “I do not consent to a search.” In fact, don’t say anything else, and say nothing about your passphrase or how you protected your device. You have the right to be silent and ask to speak to a lawyer before any questioning. Keep saying you don’t consent to a search. If the office has a warrant and they come to your home, don’t open the door, but ask them to slide the warrant underneath the door. Verify the warrant is perfect. It needs four things to be correct: Your name and address, typo-free, the scope of the warrant, meaning what they can search, a judge’s signature, and a deadline that cannot have passed. If any of these are wrong or missing, give the warrant back to them and refuse the search, telling them to come back with a valid warrant. Use that time to encrypt your device. If the warrant is valid, or if they’re conducting a warrantless search on your device without your consent, contact a lawyer if you have one, or the EFF if you don’t. Finally, be careful using biometrics like fingerprints to lock your device. Police can compel you to unlock a device with your fingerprint as these are part of your identity, and the government already has them on file. If you use a fingerprint lock, turn off your phone so the fingerprint is flushed from memory and your passphrase is needed to unlock the device.

If you’re an activist at a protest or documenting a protest or the police, these special tips may be useful to you:

You can legally film the police, anytime, in any public space. If they tell you to stop filming, say you are legally filming the police and it is constitutionally protected. Also be sure to livestream in case they don’t care about your constitutional rights, and most importantly, protect yourself over your device. In fact, consider a burner phone. These are relatively inexpensive phones that you use in protests or as an alternative to your actual personal phone. The idea is that there’s nothing important on these phones, they are single use and can be lost without personal data being sacrificed. Regardless of what kind of phone you bring to a protest, encrypt your device! This makes it harder for the police or anyone to get at whatever you were recording or communicating to your fellow activists. Finally, mass arrests are unfortunately not uncommon at protests and actions, so remember that if you are arrested, after you are released you should get your device back. If not, file a motion for it to be released, even if the police put it into forfeiture or think it holds evidence of a crime, you can still get it back.

What if you’re an employee and have a work computer? Well, in that case, don’t use your work computer for personal communications of any kind. Use it only for work. This is n’t just what your boss wants, it’s also good for you, as your employer can consent to searches of computers they give you, and furthermore, you don’t know if they’re logging your computer activity. In fact, they probably are. So, you should also encrypt your network traffic as much as possible, especially if your work computer is your only computer and you need to use it for personal reasons occasionally. And if your boss ever asks for your personal paswords, like to Facebook, for example, tell them no, even if they say it is in your contract. It’s illegal for employers to ask employees for personal passwords and any contract with such a clause is illegal. For that matter, don’t mix personal passwords and work passwords.

One last role, and it’s a special one: what if you are crossing the border into the U.S? In this case, the fourth amendment doesn’t apply. Customs and Border Patrol agents at the US borders are empowered to search and often confiscate anything entering the united states, including your digital device. So what do you do? Well, as usual, encrypt your device! and turn it off before you reach the border. Like with the police, you cannot be compelled to give up your passphrase to a device, and even though border agents can confiscate and forensically search your device, it will be difficult for them, and more private for you, if your device is protected by a strong passphrase and encryption. The EFF has even more tips about how to protect your data at the border in the border crossing guide online, so check them out. Lastly, some US states provide stronger protections against confiscation at the border, that is, the agents in these states need probable cause to confiscate your device, so try to enter the U.S. through them. These states include Arizona, shockingly, California, Oregon, Washington, Idaho, Montana, Alaska, and Hawaii. Some territories also provide these protections.. Remember, international airports count as borders.

Now, while this presentation described your rights and some suggested behaviors when dealing with the police, it does not, unfortunately, describe how the police will actually act. As we’ve seen time and again, the police wield great power, and they will not always act in accordance with your rights. So, even if you flex your rights as suggested in these presentations, the police may still illegally search, confiscate, or even destroy your phone or computer. In this case, it is best to not obstruct them, note their name and badge number if you can, stay silent, contact a lawyer or the EFF, and above all, protect yourself so you can share what happened with people who care, and we can signal boost your story.

For more complete information and advice, please visit the EFF, form which I culled much of this information. Oh, and, thanks EFF for all the great work you do. More resources on how to interact with the police is on, as well.

Thanks for watching and be secure out there!

CryptoParty Albuquerque: A Gentle Introduction to Threats and How To Defend Against Them

One of the unique things about CryptoParty Albuquerque was simply the diversity of participants. Not only was CryptoParty Albuquerque the largest cryptoparty I’ve had the pleasure to host (it began with over 35 people, check out this blog post to get a debrief on what you may have missed), but it was also the only one that didn’t have a pre-existing audience specifically in mind. What I mean is that, prior to this cryptoparty, the other cryptoparties I’ve hosted have all been for a single community—queer activists, or reporters, for example—rather than being aimed at “everybody.”

This means that, unlike other cryptoparties that functioned almost like anti-surveillance boot camps, this one really was a party in addition to being a skills-building workshop. The fact that we had ongoing educational activities that were set up kind of like museum exhibits (that you could touch, of course) in the center of the social and food spaces was really helpful. But it also meant that it was bit more difficult to set the stage for the event at the beginning, because we didn’t really know who was going to be there or what they wanted to focus on.

My co-host and I knew we wanted to start the event in one large group, because we wanted to make sure that everyone who participated was exposed to the most foundational concepts and immediately useful information. We decided that this meant we wanted to at least touch on these three things before we split up into breakout sessions:

  • threat modeling,
  • politics, and
  • digital “Know Your Rights” training.

What we ended up doing was back-to-back presentations at the start of the cryptoparty in which I gave a presentation on the first two bullet points, combining an inrtroduction to theat modeling with the political importance of what we are doing. This made sense to us because it is specifically the fascistic politics of the current Amerikkkan surveillance state that threatens the livelihood and pursuit of liberty of most people (of color) around the globe, obviously.

In my usual style, I created a fast-paced visual slideshow and distilled numerous different sources of information into a speech covering the bare essentials of threat modeling and surveillance politics that clocked in at under ten minutes. Unfortunately, my presentation was not recorded live at the cryptoparty itself, but I’ve recreated it in this video embedded below. What follows is the re-created video of my introduction to CryptoParty Albuquerque and an aspirational transcript of my welcome speech:

Are. You. Ready. To. CRYPTO?


Welcome, welcome everybody to CryptoParty Albuquerque, the first crypto party in New Mexico! Thank you to our hosts, thank you to my co-host and co-organizers, to everyone who’s been working so hard this past week to make this event happen. And, of course, thank YOU all for coming!

So, the tagline of this event is “Learn how to protect your data from prying eyes,” and that’s what we’ll be doing during the CryptoParty. You’ll have the opportunity to participate in a hands-on digital safety training, some privacy workshops, and if you take a look around, you’ll see we’ve set up numerous educational activities around the space at our “activity stations.” We’ll talk more about all of these in a just a little bit.

But when we say “learn how to protect your data from prying eyes,” the obvious next question is: “Whose eyes?” In other words, who are we protecting our data from? Well, broadly speaking, there are three main categories of adversaries one might want to protect one’s data from. They are:

  • Governments,
  • Corporations,
  • and malicious individuals.

When it comes to governments, I like to quote Taylor Swift, who says, “Mass surveillance is the elegant oppression, a panopticon without bars. Its cage is small but out of sight, behind the eyes—on the mind.”

Swift is talking here about the global and domestic mass spying conducted by the NSA. And, okay, maybe this isn’t a real Taylor Swift quote, but you get the idea.

If this is a bit too abstract for you, remember that just this week we learned that the Department of Homeland Security has been monitoring the Black Lives Matter movement since anti-police protests erupted in Ferguson, Missouri last summer. DHS agents are even producing minute-by-minute reports on protesters’ movements, even for the most mundane of community events. This shit is real, my friends!

With regards to corporate adversaries, we see plenty of examples of abuse and privacy violating behavior. In November of 2014, for example, Josh Mohrer, the general manager of Uber New York, was busted for using an internal Uber tool called “God View” that shows the company’s execs the real-time location of every single customer and driver. Mohrer was using the tool track the movements of a journalist, without her permission or consent. And just one month before that, in October 2014, two bombshell stories in the New York Times detailed how PR firms representing the oil and gas industry have been openly plotting campaigns of dirty tricks against anti-fracking activists and opponents of the Keystone XL pipeline.

And then, of course, there are malicious individuals:

A normal Wednesday afternoon, this Colorado man is playing his favorite shooting game: heavily armed SWAT teams battling are criminals, when suddenly the imaginary world broke into reality—quite literally.

“I think we’re getting SWAT’ed. What in the world?”


The gamer, known as Kootra, was swatted.

This is a new kind of prank called swatting. This term stands for a mean prank: anonymous hackers reporting feet hostage situations and other violent crimes, all just to see SWAT teams rush in on innocent victims.

Swatting. I also call this: “attempted murder by cop.” So these are some examples of WHO you might want to protect your data from, and why.

Now, you might be thinking to yourself, “Okay, that’s great, but…how?”

The answer to that is: Encryption.

Encryption is just math. But don’t worry! You don’t need to know any math—not even basic addition—because a bunch of very smart people already worked the math out, and a huge community of free software advocates encoded the mathematical algorithms in computer software programs. All you have to learn is how to use the software, and that’s what we’ll do here during the CryptoParty.

For example, If you want to browse the Internet anonymously or bypass online censorship, use Tor, a special Web browser that helps keep your physical-world location secret while you explore the Internet. Or perhaps you want to send a private text message? Use an app called TextSecure. Share a file without revealing your location? OnionShare. Chat secretly? There’s an app for that, too. Software called the GNU Privacy Guard or GPG for short can secure your email, and you can install browser add-ons like Mailvelope to use it with your existing GMail account.

We’ll learn more about all of these tools tonight, during the CryptoParty. But with so many tools to learn, how do we decide what to use? And which one do we use, and when? For that, we need a “threat model.”

A threat model is just a way of narrowly thinking about the sorts of protection you want for your data, and how to go about actually protecting it. Whenever you begin assessing threats to you or your data, ask yourself some basic questions about your situation, like:

  • What do you want to protect? We call things you want to protect “assets.” Assets can be physical, like your laptop or phone. But assets can also be information, like some information in an email, or knowledge of your home address.
  • Who do you want to protect it from? We just talked about adversaries: they are the people or organizations attempting to undermine your security or violate your privacy.

There are also some other questions involved in assessing threats, but the answers to all of these questions are personal and subjective. They’ll be different for different people. And we’re not here to tell you what to think or how to feel. That, obviously, is your government’s job.

So what we’re going to do is introduce a simple framework that you can understand and use to make better informed choices about the technology you use so that you can take steps to protect your privacy, confidentiality, and integrity. Remember, after all, that different people have different assets to protect from different adversaries.

Threat Pyramid

Importantly, different adversaries pose different kinds of threats, based on what capabilities they have. For example, an individual with a grudge may be able to send you harassing e-mails, but they don’t have access to all of your phone records, so they can’t use those against you. Your mobile phone provider, however, does have all your call logs, and therefore has the capability to use that data in harmful ways. Your government has even stronger capabilities.

Notice, also, the number of adversaries who can pose major threats is much smaller than the number who can pose only mild threats or annoyances. The power to do the most harm is concentrated in governments and some multinationals with extremely sophisticated capabilities. The more of a threat these capable adversaries can pose, the more power they have over everyone below them on the pyramid.

Now, it is specifically this hierarchy, where the most resourced governments and corporations have more surveillance capability than everyone else, this situation is sold to us as “security.” And the issue is not that no measure of security can be had from this arrangement. The issue is that whatever so-called “security” this set-up does happen to offer you is a matter of benevolence from everyone above you in the pyramid.

Let’s take a second look at these. What are these things?

Cameras mounted on a wall.

I bet at least half of you are thinking to yourselves, “Those are security cameras,” aren’t you? But these cameras do not, themselves, provide security. These are surveillance cameras. They collect data about everything they can see. That data—that video record—only increases your security if the person who controls the video record has your best interests at heart. Otherwise, the data collected by these cameras only help the people controlling the cameras; think about the huge difference between cameras on cops, and cops on camera.

So the people who perform the most powerful surveillance in the world are at the top of the pyramid—that would be the USA, and the UK, etc. Anyone who chooses to rely on such surveillance for their “security” is putting blind trust in everyone who performs more powerful surveillance than they can.

A common fallacy is that with total surveillance comes security. That is, they say that after you give up your privacy, they will give you security. But what we see in reality is that even with that total surveillance, you still have the Westgate Shopping Mall terrorist attack in Kenya, you still have the Boston Marathon bombing, you still have the Emanuel African Methodist Episcopal Church shooting in downtown Charleston, and it is not stopped. Not to mention things like SWAT-ting, abusive phone calls from your evil ex, and the constant small harassments normal people deal with on a daily basis. And these attacks are not stopped because surveillance, itself, is not security.

Surveillance brings the ability to control some people some of the time, because “When we know we might be under surveillance, our behavior changes. We might decide not to go to a political meeting, to censor what we tell friends, family, and colleagues, thinking it might fall into the wrong hands or simply be made public. Under surveillance we may decide not to become a whistleblower.” Surveillance erodes privacy, which is a necessary condition for thinking and expressing oneself freely. But it still does not make us safe.

So our privacy is violated, our ability to express ourselves is controlled. Meanwhile, violent attacks on random individuals are rarely stopped. Our security is far from guaranteed. The people who benefit from surveillance are the people behind the video camera, not the people in front of it.

If we can’t rely on big, powerful surveillance states with sophisticated technology to have our best interests at heart—and we can’t—what can we do to keep ourselves safe and secure?

In the digital realm, we can encrypt, because encryption doesn’t depend on anybody else’s good will. It depends solely on math. No amount of physical force can coerce or threaten math. The police cannot beat up encryption algorithms with a nightstick. Encryption, like an idea, is literally bulletproof.

At this point, maybe some of you are thinking, “Yeah! Encrypt ALL the things!” And maybe some other people in the audience are sitting here thinking, “Augh! This sounds hard!” To you folks, I want to say: Take a deep breath, relax. Remember that you don’t have to be perfect at this. Remember that all things are difficult before they are easy. Remember that you don’t have to encrypt all the things immediately, today. There is a lot to learn!

So pick one thing, just one thing to start out with based on your personal threat model, because every little bit does help. The more encrypted data there is out there, the safer everyone who uses encryption is. And even if all you do is encrypt your apple strudel recipes when you send emails to your mother, you’re still helping by making it harder and more expensive for the adversaries of political dissidents, activists, journalists, friends, colleagues, and family, to target them.

So choose a tool you’re interested in knowing more about, go to a breakout session, and above all else, remember: KEEP CALM AND ENCRYPT.

Thank you all for listening.

What you missed at CryptoParty Albuquerque

CryptoParty Albuquerque, the first cryptoparty in New Mexico, was a huge success. It was by far the largest CryptoParty I’ve ever had the pleasure to help organize, with over 35 people showing up for the very start and more trickling in throughout the day. Due to its size, the format of the CryptoParty varied from other, smaller ones that I’ve hosted before.

We had pizza, popcorn, and drinks set up in the back of our space, where most people gathered to socialize and mingle and get to know one another pre-party. Then, shortly before the start of the event, we cranked up the volume on the four-panel main screen at the front of our space and played the excellent CryptoParty intro video, featuring excerpts from JuiceRapNews, and clips of interviews with Jacob Appelbaum, William Binney, and others. You should watch it, it’s fun:

By the time the intro video had played a third of the way through, everyone in the space had gathered around to watch it:


We immediately followed that with two whole-group introductory presentations. I had spent the past few days making a “Welcome and Intro to CryptoParty Albuquerque” presentation, which I presented first. It included an introduction to threat modeling and discussed the importance of pro-privacy and anti-surveillance thinking. My presentation was not recorded live, but I recreated it in this video of the slideshow I used:

Then I handed the mic to my fellow CryptoParty host, who followed me with a Digital Know Your Rights presentation and its own slideshow, which I’ll link to from this post when I get a copy of the slides. Update: here is the Digital Know Your Rights presentation.

Our presentations were ten minutes each, so with the ten minute intro video, these three parts of the CryptoParty took only 30 minutes.

By now, people were ready to get their hands dirty, so we broke the huge crowd up into two groups: people who wanted to learn tools for use on their laptops, and people who wanted to learn tools for use on their smartphones. Thankfully, we had a roughly even number of folks interested in each breakout session. We had created a big grid with masking tape on one of the walls earlier, and during the pre-party socializing we asked people to write their names (or pseudonyms) on sticky notes and post a sticky note into whatever part of the grid was of interest to them. They could post as many sticky notes as they wanted to, and could choose to use either blue-colored sticky notes to indicate that they felt comfortable educating others about the topic in question, or yellow-colored sticky notes to indicate that they wanted to learn about the topic from others. Our “Interest Grid” ended up looking something like this:


CryptoParty ABQ Interest Grid
Educators are Blue, Learners are Yellow
Hot Knowledge Mobile Desktop
Private SMS/txt messaging
Private phone calls
Secure+Anonymous Web browsing
Secure+Anonymous File Sharing
Private video calls
Full disk/device encryption
Private emails

So we broke the group into separate “Mobile” and “Desktop” workshops, intending to cover as much as we possibly could with such large groups. I lead the “Desktop” workshop session and within the next hour and a half or so, most folks who participated (more than 15) left having installed TorBrowser, OnionShare, and one of Mailvelope, MacGPG, or Thunderbird and Engimail. They also generated a keypair, submitted their keys to a keyserver, and tested sending encrypted email to one another. Everyone who created a keypair successfully sent an encrypted email! There was even a college student who brought her mother to the CryptoParty, and both of them were able to successfully send each other GPG-encrypted emails.

I don’t know exactly how well the mobile session went, because I wasn’t there, but from I heard, the results were similarly great. Most folks left the workshop having TextSecure and Redphone (for Android) or Signal (for iOS) installed and working, and had verified one another’s fingerprints. I also heard there was a lot of success getting Orbot and Orweb installed on people’s Android devices, and OnionBrowser for the iOS users.

There were also some folks who didn’t go to either breakout workshop, either because they didn’t bring any devices at all, they were just there to socialize, or because they were already familiar with what we were teaching. I also noticed that some of the folks who said they were familiar with the technologies we’d teach really moved up and helped the people sitting next to them get things installed in the odd case where something didn’t work or someone was feeling a bit lost. It was so great to have that much in-crowd help for groups this large!

Mostly, the rest of the folks hung around the food area to socialize, but they also explored the various “activity stations” my fellow CryptoParty host and I had set up before the start of the party. These included an old laptop running WireShark, an old MacBook running Tails off a USB stick, and a “Ask a Hacker” box that people could write questions on index cards and drop in the box to be answered later. The Tails demo station and the WireShark network traffic viewing station generated a lot of really great questions from people, and I think everyone enjoyed having the ability to click around on the computers knowing they weren’t going to screw anything up, particularly the people who had never heard of WireShark or Tails before.

In addition to the “Activity Stations,” several local artists set up their artwork around the social areas of our party space. Behind the food, there was a flatscreen TV showing a demo of a new game design tool called MeshTracer, courtesy Kurt Hollowell and, which looked something like this:

On the other side of the social space were these hollow glass sculptures filled with various different gasses, created by Albuquerque local Carl Willis:


All throughout the space, including in the workshop areas, we also printed up a bunch of CryptoParty posters and other artwork along a cypherpunk and anti-capitalist theme. This set of posters taped on one of the pillars was my favorite:


Other posters featured Anonymous-style Guy Fawkes masks with derisive things about the NSA, retro-style Tor promo posters, and the like.

After the breakout workshops, everyone regrouped for a short debrief, where my fellow host and I answered some of the “Ask a Hacker” questions. One of the questions was “How secure are my dick pics?” Another was about BitTorrent, so I referred folks to the beginner’s BitTorrent guide I wrote up previously. Here’s a pic of us doing that:


By this point, the band was all set up and ready to play, so we were all treated to a live Ugly Robot set! They gave away free merch (I won an Ugly Robot shirt!), lead us all in a “dance like a robot” mini-march, and got me in trouble for figuring out how to turn off the lights in the venue (kill the right breakers, duh) so that their custom-programmed visualizers behind them would look better. (LoL, capitalists and their “entrepreneurial” venues don’t know how to have any fun.)


While the band played, the more technical among us had a keysigning party, where we signed on another’s pre-existing GPG keys, and showed the less experienced what this was all about. There was still pizza and beer, which was good because more people showed up specifically to hear the band. They got in the fun, too, though, and most of them left with EFF handouts and other pocket guides for how to deal with police harassment that we had printed up and placed on all the clear surfaces.

By the end of the night, people were already talking about CryptoParty Albuquerque number 2, and several folks suggested different venues that might want to host it. My hope is that the next event chooses a venue that doesn’t have such a stick up their asses about having a party and turning down the lights for a band, sheesh.

Anyway, I’d say we sparked some interest! All in all, a massive success!

Software Development as Direct Action

Recently, I was invited to speak at the local Code for America brigade in Albuquerque, Code4ABQ. The presentation I put together with the help of R. Foxtale was the first public articulation of the development methodology we have been using for some time in projects like the Predator Alert Tool, the WordPress SeedBank plugin, and other, newer projects still under development. It’s also a term we’ve coined to distinguish between common misconceptions of “hacktivism,” which seem to primarily invoke ideas of digital breaking and entering (cracking), or leaking.

Although “software development as direct action” can legitimately be called a form of hacktivism, its focus is explicitly productive: building new stuff. My presentation told the story of the Predator Alert Tool as a way to showcase what we mean when we say “direct action software development.”

A video of the presentation, along with a transcript, is below. As per usual, all of my presentation materials for “Software Development as Direct Action” are Creative Commons licensed; you are encouraged to download and remix this work for non-commercial purposes. :)

Okay, so we’re here to talk about Software Development as Direct Action, and we don’t have much time. There are big problems out there and they need solving today. In the next ten minutes, I’m going to show you how you can solve them.

But first, I want to introduce you to Professor_Oni. And to Mabus. And John Black. And GamerGeekGuy. And all of these people….

These people have been accused by numerous different women of repeated sadomasochistic rapes. We know who they are because of this tool, a tiny browser extension called the Predator Alert Tool. These two-hundred and sixty or so lines of JavaScript—the entire source fits on this one slide—sparked years of debate and has catalyzed hundreds of thousands of lines of criticism, praise, ridicule, panic, relief, and hope across the blogosphere and in corporate board rooms alike.

The Predator Alert Tool is one example of what we’ve come to call “direct action software development.” The purpose is simple: maximum social impact. The method, simpler: Minimum lines of code.

What is direct action software development?

First, I’m going to assume that you already know a bit about what “software development” is. This is a pretty familiar idea: writing code to build apps, websites, or other technology products for use by people with laptops or smartphones. Writing code is the basic act required to produce software. No code? No software.

But what is “Direct Action”? We’ve found that what people think “Direct Action” really is varies based on, bluntly, how much brainwashing they’ve been subjected to. So let me take a moment to quickly describe what we mean when we say direct action.

When we talk about “Direct Action” we mean:

Any action that immediately addresses the root cause of a problem.

That sounds rather obvious. You may even be asking yourself, “Why would people waste time taking actions that don’t immediately address the root cause of a problem?” Well, there are several reasons:

  • Maybe certain actions aren’t permitted by an authority. Some people will limit themselves only to actions that they have permission to take.
  • Maybe they don’t understand, or they misunderstand, the root cause of a problem. In this case, people will often take actions they think will help, even if those actions don’t make much of a difference.
  • Maybe they don’t have some resource they need; they lack the skills, knowledge, or other materials to take immediate action.

Here are some examples of direct action in the physical world:

In most cases, tackling a problem with the direct action approach provides the most immediate solution. It’s also often dangerous, maybe illegal, and definitely disruptive. If successful, it will piss someone off. But at the end of the day, direct action is the single most effective and efficient thing you can do to make meaningful positive change. Historically, no lasting social change has ever been accomplished without a direct action component. Not once. Not ever.

Back to software. “Direct action software development” is a translation of direct action to the digital realm. It is:

Any code that immediately addresses the root cause of a problem.

Code is action. Remember Professor_Oni? He is a member of a fetish dating website called FetLife. In January 2012, a controversy that had been brewing amongst the FetLife community for years finally rose to national prominence when women came forward to accuse numerous prominent FetLife members of sexual assault. In response, the FetLife management deleted the survivor’s postings and threatened to ban them for violating the site’s Terms of Use. This went about as well as you’d expect: word of the heavy-handed censorship spread like wildfire and within a few weeks, many more women had come forward with similar stories, including some who accused the site’s founder, John Baku, of sexual assault. Once again, FetLife’s response was to delete or edit the new postings.

But by June of that year, the topic of sexual assault within the supposedly “safe, sane, and consensual” BDSM subculture was flashing across headlines of, the New York Observer, and other high-profile media outlets. Activists from within the BDSM community had been organizing “Consent Culture” working groups for some time, and their membership numbers swelled.

Rape is exceedingly common in the BDSM scene. In fact, even the community’s own lobbying groups such as the National Coalition for Sexual Freedom—one of their board members doubled as FetLife’s community manager, by the way—admit to a 50% higher occurrence of consent violations among BDSM practitioners than the general populace. That’s nearly as bad as police officers, who statistically speaking are also twice as likely to be perpetrators of domestic violence. The BDSM scene has a self-delusional belief that they are “all about consent,” but in reality, they are at least as bad with sexual consent as everybody else, and likely a lot worse given their penchant for eroticizing abuse. Many women and Submissive-identified people within that community, including myself, had been saying this for a long time, but had been routinely ignored.

Even during the height of these national debates about “the BDSM community’s consent crisis,” the Consent Culture working groups were pitifully meek. They had collectively decided that “something must be done,” but what they chose to “do” was make a petition calling for the removal of the clause in FetLife’s Terms of Use that the site’s management was using as justification for censoring rape survivors. But as is often the case, when you must beg for something from a master, you find that they will not grant your request. Three years later, FetLife has still refused to change their policy and is still censoring rape survivors—unless those survivors use the Predator Alert Tool.

In October 2012, I realized that the root cause of the FetLife problem was simply that site management got to control what users saw when they browsed the site. But the Internet, which was made famous by mashups, allowed a unique opportunity to route around FetLife’s censorship in a way FetLife could not control. I wrote a simple mashup between a public Google Spreadsheet and FetLife that enabled anyone to report a negative experience with a FetLife member. With a mere 260 lines of JavaScript, that information could then be overlaid directly on

With Predator Alert Tool for FetLife, the problem of FetLife’s censorship all but vanished: FetLife users could now warn other FetLife users about predatory behavior, and FetLife’s site management was powerless to stop it. Just a few weeks ago, we met a woman right here in Albuquerque who had used the tool to alert others about a local “Master” violating her consent.

Users of the tool then began asking for a similar capability on other sites, like OkCupid and Facebook. There are now seven variations of the Predator Alert Tool browser add-on, each designed to work with a particular social network or dating site. Importantly, none of these tools has been developed in collaboration with the social network in question. Most sites have refused to acknowledge the tool, despite inquiries from journalists and community members. Some sites are actively hostile, sending DMCA takedown notices and even threatening to ban Predator Alert Tool users. Meanwhile, the already overwhelming positive response from the user community continues to grow.

Predator Alert Tool arose directly from the needs of the community that it serves. It enabled the user community to do exactly what the authorities at FetLife didn’t want done, or what OkCupid and Facebook don’t want users thinking too critically about. And it accomplished this by just implementing that capability rather than waiting for permission to do so. Its impact was immediate and disruptive—on purpose. These characteristics are indicative of all direct action software development projects.

Today in 2015 the petition proposed by the “Consent Culture” working groups has still not achieved its goal of stopping FetLife from silencing rape survivors. Predator Alert Tool was able to accomplish that goal in one night of coding, with these 260 lines of code, three years ago.

In 2014, Creative Commons creator Larry Lessig appealed to technologists, to you, to take up this cause of immediate, direct action software development:

[T]here is a movement out there that has ENORMOUS needs which you, uniquely, can provide. The obvious ones, the technical needs. This is a movement that will only succeed if we find a way to knit together people in a different model from the television advertising model of politics today. […] This movement is STARVED for people with your skill who can figure out how to make this work. It desperately needs this type of skill offered by people who genuinely believe in the cause as opposed to people who are just trying to get rich.

If you want to change the world, but you don’t want to make a lot of money doing it, let’s talk. We’ve been doing direct action software development since before we knew what to call it, and we’re going to keep doing it. It would be wonderful to find other people who are excited about working with us. There are big problems out there. And they need solving.


You’re invited to CryptoParty Albuquerque: Learn how to protect your data from prying eyes!

Recently, I’ve been helping these folks get the first ever CryptoParties happening in New Mexico. If you’re going to be in or around the Albuquerque, New Mexico area next weekend, join us for a party! Either way, tell your friends. :)

CryptoParty Albuquerque, a new small collective of hackers, makers, and doers of various ages, with various levels of technical knowledge, is getting together next Sunday, July 26 at 4pm to throw a kick ass party while learning and teaching one another about privacy and security, encryption, digital safety, cryptography, and free software. And YOU’RE INVITED!

When Officer Friendly asks:

CryptoParty Albuquerque is a free and public event where we will run digital safety training and anti-surveillance workshops to help activists, journalists, change makers, and other vulnerable people protect their data from the prying eyes of the government, local police departments, and corporate spooks. The party and workshops are being hosted at Fat Pipe (200 Broadway Blvd NE, Albuquerque NM).

More information as available at our website:

What is a CryptoParty? Watch any of the short introductory videos here:

CryptoParty Albuquerque is free, there will be food, there will be solidarity, there will be music! Hell, there may even be dancing! Ain’t no party like a CryptoParty! :)

If you use Facebook, you may also invite folks to the event using this link:

Thanks for your attention and we hope to see you at CryptoParty Albuquerque!

Remembering Caspar Bowden on “The Cloud Conspiracy”

“We live in a comic book.” It’s what friends and I say to remind one another that the dystopian future Orwell and others ominously predicted have come true. But just as the dastardly deeds of corrupt government officials and other villains implementing panoptic surveillance on the scale of Hollywood’s best plots has come true, so too have regular people like you and me been transformed into comic book-like super heroes.

Last week, privacy campaigner Caspar Bowden passed away from a malignant melanoma cancer. He was 53 years old. Caspar Bowden is most recently famous for independently deducing the existence of illegal NSA mass domestic and foreign spying (global warrantless wiretapping) using only publicly available sources such as public record legal documents. He was roundly ignored and sidelined, immediately being fired from his position as Chief Privacy Advisor at Microsoft, but he rose to renewed prominence after NSA whistleblower Edward Snowden revealed that his deductions were correct.

Caspar Bowden became a strong proponent of Free, Libre, Open Source Software (FLOSS) and joined the board of the Tor Project. In 2014, he gave a speech at the 31st Chaos Communications Congress titled “The Cloud Conspiracy” about his story. Like any thrilling comic book, it begins with an internal board meeting at the headquarters of one of the world’s corporate superpowers:

For 9 years, I was Chief Privacy Advisor at Microsoft. And I have to explain a bit about what that job was. I didn’t have any responsibility for legal compliance, thankfully. I didn’t do anything, really, in US privacy.

My job was to advise 40 “National Technology Officers” around the world. And at Microsoft, a National Technology Officer is a guy with a big brain, often one or two Ph.D.s, able to function essentially as Microsoft’s ambassador to governments around the world at a very senior level, normally citizens of their own country. In a sense, you could boil down their job to: if Steve Ballmer wanted to get a Prime Minister on the phone in half an hour, it was the NTO’s job to get that done.

So, I didn’t know about [the NSA’s secret spying program now known as] PRISM when I was at Microsoft, and what I’m about to tell you I deduced from open sources and deciding to read the American laws. Nobody asked me to do this. What happened to me after that I explained to a big internal Microsoft strategy conference about cloud computing, with all of the cloud management there, all of my National Technology Officers there, the deputy general counsel of Microsoft there, what I’d discovered. And I said to my technology officers, “Look, you ought to know this. If you sell Microsoft cloud computing to your own governments, then this law means that the NSA can conduct unlimited mass surveillance on that data.”

So the deputy general counsel at Microsoft turned green. I’d never seen anyone turn green before, but she did. There was dead silence in the room. In the coffee break, I was threatened with being fired, and then two months later they did fire me without cause.

So, since then, I’ve really, since 2011, went around trying to tell as many people as I could about what I’d discovered. And I’ve given variants of this speech now about 20 times, I suppose. But I hope this brings things right up to date as of about 2 weeks ago, and also, I’m going to tell you some things which I haven’t told before.

In the speech that follows, Caspar gives a breathtakingly detailed yet accessible overview of the legal, political, economic, and societal pressures that lead to total deadlock in the European Union’s highest level of government, leaving its citizens vulnerable to the NSA’s predations and other increasingly militarized cyber-intelligence operations.

Watch Caspar Bowden’s whole speech here.

So. “We live in a comic book.” Are you a 1 or a zero?

Just say OXI to capitalists: How to understand what’s happening in Greece and why it’s a big fucking deal

Greece gives austerity foisted on them by the Troika the middle finger.

Gotta admit, I haven’t been as excited about the result of a vote, of all things, as I am about the Greek referendum rejecting continued austerity through forced imperialist-capitalism. Here’s a brief roundup of articles explaining the situation that I liked, along with my own commentary sprinkled in for good measure.

Let’s start with an unusually easy-to-read and easy-to-understand article from Business Insider, whose headline is all but shouting from the rooftops in all-caps. Their article, GREECE JUST TAUGHT CAPITALISTS A LESSON ABOUT HOW CAPITALISM WORKS, reads as follows:

Greece has effectively voted to default on its debt to the IMF [which is the International Monetary Fund, basically a gigantic multi-national bank controlled by Western military powers like the USA] and the EU[, in other words, Greece voted to outright defy demands that it pay back money it borrowed], and it is a massive defeat for Germany’s Angela Merkel and the troika [“troika” is a nickname given to the three major capitalist banking institutions, of which the IMF is one] she led, which insisted there was no way out for Greece but to pay back its massive debts.

The vote is huge lesson for conservatives and anyone else who thinks this is about a dilettante government of left-wing idealists who think they can flout the law while staging some kind of Che Guevara-esque dream:


This is what capitalism is really about.

From the beginning, Merkel and the EU have operated from the position that because Greece took on debt, Greece now needs to pay it back. That position assumed — bizarrely, in hindsight — that debt only works one way: if you lend someone money, then they pay it back.

But that is NOT how free markets work.

Debt is not a guarantee of future payments in full. Rather, it is a risk that creditors take, in hopes of maybe being paid tomorrow.

The key word there is “risk.”

If you’re willing to take the risk, you’ll get a premium — in the form of interest.

But the downside of that risk is that you lose your money. And Greece just called Germany’s bluff.

The IMF loaned Greece 1.5 billion euros, due back in June, and Greece isn’t paying it back. Greece has another 3.5 billion due to the ECB in July, and that looks really doubtful right now. [The ECB is the European Central Bank, the bank that controls the Euro currency; the ECB is basically Europe’s version of the Federal Reserve, i.e., “the Fed,” that thing Libertarians hate.]

This is how capitalism works. The fact that it took a democratically elected government whose own offices are adorned with posters of Lenin, Engels and Guevara to teach this lesson to Germany is astonishing.

More astonishing still is that Merkel et al knew Greece could not pay back this debt before these negotiations started. The IMF’s own assessment of Greek debt, published just a few days ago, states: “Coming on top of the very high existing debt, these new financing needs render the debt dynamics unsustainable …”

“Unsustainable”! Germany’s own bankers knew Greece couldn’t pay this back. And yet Merkel persisted.

At this point you’re probably wondering, “Why on God’s green Earth would Merkel and other European political leaders agree to loan money to people they knew could not pay it back?” Well, do y’all remember that big “global financial crisis” in 2008? Yeah, so, about that:

There is another key fact that the Greeks are keenly aware of (but which everyone else has forgotten). This debt was initially owed to private investment banks, like Goldman Sachs. But the IMF and the ECB made the suicidal decision to let those private banks transfer that debt to EU institutions and the IMF to “rescue” Greece. As Business Insider reported back in April, former ECB president Jean-Claude Trichet insisted that the debt transfer take place:

The ECB president “blew up,” according to one attendee. “Trichet said, ‘We are an economic and monetary union, and there must be no debt restructuring!’” this person recalled. “He was shouting.”

[“Debt restructuring” is a euphemism that basically means the terms of a loan that was already made gets changed, usually to benefit the borrower, which has happened countless times throughout history and dates back to Biblical times, but that capitalist bankers basically never want to admit is possible because it means they don’t get their money back.] The result was that the ECB made this catastrophically stupid deal with Greece, according to our April report:

And so there was no restructuring agreed for Greece. The country paid off its immediate debts to the private financial sector — investment banks, basically — and replacement debt was laid onto European taxpayers [that is to say, instead of forcing the private sector’s big banks to account for their own financial losses, the financial records/”agreements” were altered so that the Greek government and thus the Greek taxpayer was held responsible for replacing the money that the non-Greek/big bank creditors lost]. The government [of Greece—which at the time was controlled primarily by corrupt conservatives, more on that in a moment—]agreed to a package of harsh government spending cuts and structural reforms [in other words, cutting social services, things we think of as “food stamps” and the like, and making daily life even harder for the already-poorest Greeks] in exchange for loans totalling €110 billion over three years.

Trichet made a colossal, elementary mistake. [Or so Business Insider likes to characterize it. But was it a “mistake,” or an economic power grab that ended up as an overreach thanks to Greek defiance? Hold that thought!] The right place for risky debt by definition is in the private markets, like Goldman. The entire point of private debt investment is that those creditors are prepared for a haircut. The risk absolutely should not be borne by central banks who rely on taxpayer money for bailouts.

In fact, had Trichet made the opposite decision — and left the Greek debt with Goldman et al — then today’s vote would be a footnote rather than a headline in history. “Goldman Sachs takes a bath on Greek debt.” Who cares? Goldman shareholders and clients, surely. But it would not have triggered a crisis at the heart of the EU. [In other words, if the ECB had let Goldman Sachs eat the losses they, themselves, brought on themselves, rather than demanding that already-poor countries like Greece make up for the lost revenue on Goldman’s behalf, Greek’s defiance today would not be a big deal, obviously. But since the ECB insisted that the public sector, i.e., regular working people, pay back the capitalist bankers’s own lost money, Greek’s vote to defy doing so is a major blow to the Troika’s power.]

Now Italy, Spain and Portugal are watching Greece closely, and thinking, hey, maybe we can get out of this mess too.

Not just the other EU states, though! The rest of the world, too. Like, say, American students saddled with student loan debt. After all, if an entire country can just refuse to pay back money it supposedly owes—even though they didn’t really owe any money to start with (it was really Goldman Sach’s debt), an important detail we’ll talk about in more detail a little later—why can’t you or I just refuse to pay back our student loans, or our credit cards? What’s stopping us from just saying we won’t pay back money we borrowed? It’s clearly not impossible to do just that! Look at what Greece is doing!

But of course, since this article is in Business Insider—which is basically capitalism’s version of a fetish magazine—despite being a fantastic summary of the history, its conclusions take a bizarre turn for the demagogically extreme against Greece’s defiance, predicting disaster for the Greek people:

Now, before we all start singing “The Red Flag” and breaking out old videos of “The Young Ones” in celebration, let’s inject a note of realism. Greece isn’t actually a country full of crazy socialists who don’t understand how the FX [that is, Foreign eXchange] markets work. In fact, a huge chunk of its tax collection problems[, which is one of the reasons the Greek economy has been shrinking for years] stem from the fact that there are two and a half times more self-employed and small business people in Greece than there are in the average country. And small businesses are expert at avoiding tax, Greece’s former tax collector told Business Insider’s Mike Bird recently. [Which may be true, but let’s not forget, dear capitalist wet dream magazine, that large businesses are even more expert at avoiding taxes, duh.]

Conservatives who hate paying taxes and who urge small businesses to pursue tax avoidance strategies take note: Your dream just came true in Greece.

If Greece was more socialist — more like Germany, with its giant corporations that have massive unionised workforces paying taxes off their payrolls — then tax collection would be a lot higher in Greece. [Eh, maybe, because let’s remember that tax collection, just like banking, is actually a “voluntary compliance” system, because agencies like the IRS don’t actually have a budget for hiring people to force citizens to pay taxes. Instead, the government, through a combination of its IRS auditors and law violence enforcement arms, can only retro-actively punish people for not paying taxes. This distinction matters because it’s actually exactly the same model as credit cards and debts: if you loan someone money and they don’t or can’t pay it back, what can you do about it? Sure, maybe you can afford to hire someone to break their legs, but the point is that, in America, the IRS literally can’t afford to do that to everyone who pays taxes. They can only afford to commit violence again (in the form of incarceration) or violently threaten, a few people who they are also able to catch not having paid taxes sometime in the past. And what if you loan money to an entire country and that entire country collectively declares it just won’t pay you back. What if every citizen of that country collectively decides, en-masse, they just won’t pay taxes anymore? Sound familiar to any Americans celebrating Independence day this weekend? No? Does a tea party sound good to you right about now? As the ruling government, what are you gonna do? Break the legs of every citizen in that country? Nuke it? Srsly, what you gonna do?]

Greece is now likely an international pariah on the debt markets. It may have to start printing its own devalued drachma currency. It will have no access to credit. Sure, olive oil, feta and raki will suddenly become incredibly cheap commodities on the export markets. Tourism in Greece is about to become awesome. But mostly it will be awful. Unemployment will increase as Greece’s economy implodes.

But the awfulness will be Greece’s alone. Greece is now on its own path. It is deciding its own fate.

There is something admirable about that.

Told you: Business Insider is predictably pessimistic about the Greek people’s own ability to make due without invading capitalist banking systems, almost to the point of outright racism. I mean, we can’t have people thinking a total break with capitalism will lead to anything other than death and starvation, now can we, Business Insider? But also, damn those dirty, untrustworthy, irresponsible Greeks, amirite? No. Just no. A blog post on Interfluidity perfectly sums up why not:

Greece is a remarkable country full of wonderful people, but along dimensions of development and governance, the place is plainly pretty fucked up. It has been fucked up that way for a long time, for decades at least. This has never been secret. Anyone who has visited Athens knows it has far more in common with Bucharest or Istanbul than with orderly Western European capitals. In the run up to Greece’s joining the Euro [i.e., abandoning their national currency in favor of the European Union’s joint currency], everyone who wanted to know knew that Greece’s qualifications to join the Eurozone were, shall we say, ambitious. Mainstream establishment banks “helped” Greece and other Southern European countries with accounting fudges that, while perhaps obscure, were not secret even at the time. Despite protestations when these deals hit the news in 2010 that officials were “shocked, shocked”, they were explicitly blessed by the agency that compiles the statistics on which Eurozone entrance was based in 2002 and Greece’s gaming was extensively reported in 2003 (ht Heidi Moore, both cites). The Euro was and ought to be primarily a political enterprise. In order to sell the common currency to Northern European elites, its architects required Eurozone members to meet strict “convergence criteria” and especially the requirements of the Stability and Growth Pact. But in practice, those criteria have always been interpreted flexibly. Most Eurozone members have broken their promises at one point or another, including both Germany and France. The Euro was a unification project, and erred (not unreasonably, I think) on the side of building a big tent.

Emphasis added because this is really important, my fellow navel-gazing Americans: the Eurozone and its unifying currency has always been about consolidating political power through economic power. That is, the whole point of the European Union is to be a single political union, not “a single monetary and economic one,” as former ECB president Jean-Claude Trichet screamed it was when denying Greece the courtesy of debt restructuring. As we’ll see, the presence of a unifying currency (the Euro) only benefits the rich members, while shitting on the poor members, despite all the promises to the contrary.

In simpler terms, what this means is that “the Eurozone” is like Europe’s version of the “United States.” Europe is a a lot of countries in a similar way as America is a lot of States. “Unifying” those smaller, disparate regional communities into one larger group of people has the effect of creating an even more powerful entity than all those that previously existed, but without being accountable to the smaller or less powerful constituent members. If the individual pieces of that entity all like, trust, and cooperate with one another, this kind of consolidation is a win-win, the very best of human ingenuity and empathy. But when there is animosity, resentment, or coercion between those groups, creating a larger super-group is bound to be, well, “problematic,” to put it mildly. This is pretty obvious stuff to anyone who’s ever tried playing a board game at a party one night with someone they can’t stand. And just as with the Euro, the value of a US dollar goes a lot farther in some States than it does in others, which tends to be good for richer States and bad for poorer ones.

Now, the way geopolitical power works today (in the model that world governments and nation states still operate under and have existed in since the Peace of Westphalia and the end of feudalism), is that, in basic terms, the amount of political power an entity such as a country has comes in part from sheer geographic size and in part from the unification of the beliefs and goals of the people in that geographic region. In other words, the more people in a single physical space that believe the same things, that want the same things, who make their goals the goals of their neighbors, the more political power that group has. If that unification of belief and goals is missing, there is, of course, an alternative: violence. Someone doesn’t agree with you? They won’t do what you want voluntary? Just force them to!

This is why empires colonize. It’s not rocket science, people. An empire is simply a nation state with a lot of people “belonging to” it (whatever that means) who have a lot of weapons and who use those weapons to project the power those weapons give them outside of their own home. In other word, they’re bullies. This rather bluntly describes the political foreign policy objectives of the United States and most of the richer Eurozone members like England, France, and Germany, and has throughout much of history. (World Wars. Crusades. Slave trade. And on, and on….) These are colonialist countries; they colonize other territories for the explicit purpose of increasing the amount of power they have.

Forget currency for a minute. Take one more step back, don’t think dollars. Think bullets. Forget debts. Think deaths. From a geopolitical perspective, currency and bullets are effectively two sides of the same coin. Whoever has the bullets sets the economic terms. The remarkable difference between the “barbarous” days of pre-history and today’s modern “civilization” is that, today, we have many more and different tools of violence and coercion than just big swords or guns (although we have those, too). We have tools like money, or to put it in even more euphemistically whitewashed terms, economic policy.

Which brings us back to the wrinkle that the Business Insider article conveniently overlooked: how did it come to be that the troika was able to just unilaterally decide that Greece had to pay back the debt that Goldman Sachs and other private sector banks actually incurred? How did that even happen? That’s like if you go out to dinner with three rich guys who all want to eat at a 5-star hotel restaurant (hey, they can afford it), and you want to go to a corner deli (because that’s the only thing within your budget), and somehow y’all hit up the 5-star hotel restaurant but you’re the one holding the bill at the end of the night. Like, hold the fucking phone, ya know?

The Interfluidity article described the issue here really nicely:

The European financial system was architected to make lending to Greece — and Spain and Portugal and Italy — a money machine for bankers with little career risk over a medium term. Sketchy credits tend to punch above their weight in terms of volume of issuance, so there was a lot of nice paper to buy. The bankers who lent to these states understood perfectly well that there was in fact a long-term risk, an uncertainty, a constructive ambiguity. They lent anyway, and took home very nice salaries and bonuses for doing so. It was conventional to lend, the mainstream consensus was that credit risk was over and worry warts were old-fashioned, Europe was strong and would work this out. If the worry warts turned out to be right, it was likely years away, IBGYBG.

When the game was up, when the global house of credit cards collapsed in the late Aughts, European leaders had a choice. They had knowingly and purposefully brought weak states into the Eurozone, because they genuinely, even nobly, wished to build a large, strong, United Europe. [Although who really still believes that it was about anything other than the money?] When they did so, they understood there would be crises. A unified Europe, they had always claimed, would be forged one crisis at a time. The right thing to have done for Europe at this point would have been to point out the regulatory errors and misaligned incentives that encouraged profligate lending and enabled corruption and waste among borrowers, and fix those. Banks that had made bad loans would acknowledge losses. The banks themselves would have to be restructured or bailed out.

But “bank restructuring” is a euphemism for imposing losses on wealthy creditors [i.e., “bank restructuring” is a way to say that those rich guys who stuck you with the bill should actually have to pay their own share of said bill]. And explicit bank bailouts are humiliations of elites, moments when the mask comes off and the usually tacit means by which states preserve and enhance the comfort of the comfortable must give way to very visible, very unpopular, direct cash flows.

The choice Europe’s leaders faced was to preserve the union or preserve the wealth, prestige, and status of the community of people who were their acquaintances and friends and selves but who are entirely unrepresentative of the European public. They chose themselves. The formal institutions of the EU endure, but European community is now failing fast.

It is difficult to overstate how deeply Europe’s leaders betrayed the ideals of European integration in their handing of the Greek crisis. The first and most fundamental goal of European integration was to blur the lines of national feeling and interest through commerce and interdependence, in order to prevent the fractures along ethnonational lines that made a charnel house of the continent, twice. [Two World Wars leaves a bunch of scars, after all….] That is the first thing, the main rule, that anyone who claims to represent the European project must abide: We solve problems as Europeans together, not as nations in conflict. Note that in the tale as told so far, there really was no meaningful national dimension. Regulatory mistakes and agency issues within banks encouraged poor credit decisions. Spanish banks lent into overpriced real estate, and German banks lent to a state they knew to be weak [that is, they lent to Greece]. Current account imbalances within the Eurozone — persistent and unlikely to reverse without policy attention — implied as a matter of arithmetic that there would be loan flows on a scale that might encourage a certain indifference to credit quality. [Which is to say, the math doesn’t equal out. Somewhere, someone’s debt is going to be forgiven. The question is whose? The rich banker shitfucks, or yours?] These were European problems, not national problems. But they were European problems that festered while the continent’s leaders gloated and took credit for a phantom prosperity. When the levee broke, instead of acknowledging errors and working to address them as a community, Europe’s elites — its politicians and civil servants, its bankers and financiers [the Goldman Sachs, the hedge funds, the corrupt politicians, the guys who just said “IBGYBG” and made off with mountains of cash in the process] — deflected the blame in the worst possible way. They turned a systemic problem of financial architecture[, an architecture that, due to the unaccountability of the big banks, systemically incentivized major corporate fraud that reached a head in 2008,] into a dispute between European nations. They brought back the very ghosts their predecessors spent half a century trying to dispell. Shame. Shame. Shame. Shame.


With respect to Greece, the precise thing that European elites did to set the current chain of events in motion was to replace private debt with public during the 2010 first “bailout of Greece”. [The taxpayer got stuck with the bill. Again. And this is that bait-and-switch again! How did they just “replace” it???] Prior to that event, it was obvious that blame was multipolar. Here are the banks, in France, in Germany, that foolishly lent. Not just to Greece, but to Goldman’s synthetic CDOs and every other piece of idiot paper they could carry with low risk-weights. In 2010, the EU, ECB, and IMF laundered a bailout of mostly French and German banks through the Greek fisc. Cash flowed into Greece only so it could flow out to rickety banks. Now, suddenly, the banks were absolved. There were very few bad loans left on the books of European lenders, everyone was clean, no bad actors at all. Except one. There were the institutions, the “troika”, clearly the good guys, so “helpful” with their generous offer of funds. And then there was Greece. What had been a mudwrestling match, everybody dirty, was transformed into mass of powdered wigs accusing a single filthy penitent [the Greeks] (or, when the people with their savings in just-rescued banks decide to be generous, a petulant misbehaving child). [antidote]


But don’t the Greeks want to borrow more? Isn’t that what all the fuss is about right now? No. The Greeks need to borrow money now only because old loans are coming due that they have to pay, and they have been trying to come to an agreement about that, rather than raise a middle finger and walk away. The Greek state itself is not trying to expand its borrowing. Greece’s citizens and businesses would like to expand the country’s borrowing indirectly, by withdrawing Euros from Greek banks that the Greek banks won’t be able to come up with unless they are allowed to expand their borrowing from the ECB. That is, Greece’s citizens are in precisely the place France’s citizens and Germany’s citizens were in 2010, at risk that personal savings maintained as bank deposits will not be repaid. Something was worked out for French and German citizens. Other than resorting to the ethnonational stereotypes that European elites have now revived in polite company, what is the justification for a Greek schoolteacher losing her savings that wouldn’t have applied just as strongly to a French schoolteacher five years ago? Because Greeks are responsible, as individuals, for what the governments they elect do? Well, then I deserve to be killed for what my government has done in Iraq and elsewhere. Is that where we want to go?

Put another way, France and Germany and the United Kingdom and Belgium and all these richer EU member countries didn’t get stuck with massive amounts of public debt when their banking systems came to a screeching halt due to the very same kind of banker malfeasance and political corruption that’s been plaguing Greece. Have a look at this chart showing the differences between the various “recoveries” that the troika’s “helpful” policies have provided for different EU member states:

Chart shows the Real gross domestic product of various EU member states following the 2008 global financial meltdown. Only the UK, Germany, Belgium and France have had growing economies. Greece's economy has plummetted.

That is to say, in the version of the three-rich-guys-take-you-out-to-dinner-story for French or German citizens, you (the citizen) didn’t get stuck with the bill. But in that version, you’re French, or German, or English. You weren’t Greek. Only in the Greek version of this story does the regular citizen, the worker, the taxpayer, only in the Greek version, the version of the story featuring an already-poor country, it’s only in that version where you get stuck with the bill at the end of the night. Because fuck Greek people, right?

And this is the ultimate answer to the puzzle of how the troika saddled Greek with public debt: because they had the political and economic power, backed by many, many more bullets than Greece has, to do it. When you peel away all the layers of bureaucratic and linguistic euphemisms, what it boils down to is the ability to muster sheer force to enact one’s will. In the case of the Eurozone, it is in the elite’s interest to stir up racist stereotypes of lazy, irresponsible Greeks because that pits Frenchman against Grecian. This is exactly what US politicians do when they invoke racist stereotypes of “welfare queens,” conveniently forgetting that welfare was very strongly supported by social conservatives so long as the public funds went only to widowed white women, keeping them in the kitchen and out of the workforce, which was the original intent of social welfare programs. It wasn’t until Black women got in on the deal that the narrative was flipped on its head. Point is, if you’re a banker who’s made mountains of cash while knowingly offloading long-term risk to your fellow citizens, it’s way better to have all Frenchmen hating all Greeks than to have all Frenchmen less wealthy than you are (which would be most of them) and all Greeks hating you. Just as if you’re a racist white demagogue politician in Amerikkka, it’s better to have poor white people hating poor Black people than have all Black people and poor white people hating you together. It’s a tactic right out of the classic colonial playbook: divide and conquer.

Hence why the Greeks’s collective refusal to accept the newly-horrific terms of their already-heartless creditors (the troika) is so meaningful: it shines the spotlight of culpability directly back on the creditors, avoiding the ethnonational and racial accusations that the capitalist bankers are using to wage their class war. The Greeks are not paying the bill they’ve been unfairly stuck with, and they damn well shouldn’t have to, not just because it’s unfair, but because it’s actually even worse for them than I’ve let on so far. Unlike the overly simplified analogy of the dinner bill, the actual Greek people—the schoolteachers that Interfluidity mentions and even the conservative small business owners that Business Insider mentions, I mean the actual humans that make up the Grecian population—these actual humans didn’t even get to enjoy the 5 star meal. They’ve been dealt cuts to social services imposed by the economic policies of their creditors. This latest “No” vote was not just a refusal to pay back debts that weren’t even fairly levied against them in the first place, but also to refuse to agree to even worse terms of the deal than they originally had.

Greece is supposedly the birthplace of the model of democracy that America likes to tout as delivering a truly free society. Well, there’s certainly something decidedly American about what’s happening in Greece, “where, in the Course of human events [it became] necessary for one people to dissolve the political bands which have connected them with another.” This idea of national independence that was so eloquently composed by the American revolutionaries when they were colonies has now been adopted by the Greek populace, who correctly feel as though they’re being treated like a colony of an invading European (and American) Empire. Whether or not Greece chooses to leave the European Union formally, a so-called #Grexit, as Scotland almost did for similar reasons, remains to be seen, but there’s no question now that this will be determined in large part by just how heartless and sociopathic Greece’s creditors are.

And while there may be some historical analogies to draw here, many things are also decidedly different between the United States and Greece today. The biggest difference relates to who Greece’s creditors actually are, versus who America’s creditors really are. Again, Interfluidity hits the nail on the head:

If citizens aren’t going to be held responsible for their governments’ bad debts, how will sovereigns borrow at all? Well, how do firms raise equity, when an equity claim makes no promise whatsoever that any cash will be returned? People invest in shares not because they have any sword of Damocles to hold over the enterprise, but because they believe the firm will engage in activities sufficiently productive that throwing some cash back to investors will not be burdensome, and because firms know repayment enhances access to continued finance. The same is true of sovereigns like the United States or the UK, which borrow easily in currencies they can print any time. Nothing prevents the US from conjuring $100T USD and handing it out to citizens, engineering a one-time inflation that leaves outstanding bonds nearly worthless. It wouldn’t even constitute a default. But the US has organized itself in ways that persuade creditors that their funds will be treated reasonably. Inflexible debt sows seeds of coercion and enmity between borrower and lender. Equity-like arrangements, including “debt” denominated in securities issuable at will by the debtor, require and encourage trust and collaboration. Sovereign debt in particular should always look like the latter, not the former, given the regularity with which government borrowings are disbursed into insiders’ bank accounts rather than used to aid the publics who might be pressured to foot the bill.

The United States, the United Kingdom, and the Eurozone can all do something Greece simply cannot, or at least cannot if it remains agrees to remain under the strict control of the troika as things were until now: Greece cannot arbitrarily create more money. Remember, the United States can just print more money. Literally, that’s what the Fed does. If there’s a need for more dollars, the Fed just decrees, like God Himself, that the money exists, and it does. Why can’t Greece do that? Because Greece has basically no power in the troika; the IMF and the ECB are not Greek institutions. In contrast, the Fed is an American institution, so if the American government finds itself lacking dollars, it does not need to petition some external actor to create more of them. It just creates those dollars itself.

What’s bizarre here is that Britain has basically the same situation as the United States, because they trade in Pounds Sterling, not Euros, even though they’re a Eurozone member. Strange, right? What gives London the right to set its own economic policy, to decide its own monetary interest rate, while other Eurozone member states like Greece are forced to adopt the policies of the (largely British) troika? Again: bullets.

In other words, Greece’s creditors are, of course, the richer European countries and—surprise, surprise—the American government and its corporate puppet masters through their influence at institutions like the IMF (which is headquarted in Washington, D.C., by the way). Here’s what Interfluidity has to say about that:

Blaming victims for having insufficiently perfect leaders is standard fare for apologists of predation. Unfortunately, understanding this may be of little comfort to the disemboweled prey.

Europe’s creditors are behaving exactly as one might naively predict private creditors would behave, seeking to get as much blood from the stone as quickly as possible, indifferent to the cost in longer-term growth. And that, in fact, is a puzzle! Greece’s creditors are not nervous lenders panicked over their own financial situation, but public sector institutions representing primarily governments that are in no financial distress at all. They really shouldn’t be behaving like this.

I think the explanation is quite simple, though. Having recast a crisis caused by a combustible mix of regulatory failure and elite venality into a morality play about profligate Greeks who must be punished, Eurocrats are now engaged in what might be described as “loan-shark theater”. They are putting on a show for the electorates they inflamed in order to preserve their own prestige. The show must go on.

Throughout the crisis, European elites have faced a simple choice: Acknowledge and explain to electorates their own mistakes, which do not line up along national borders of virtue and vice, or revert to a much older playbook and manufacture scapegoats.

Such tiny, tiny people.

Tiny people. With fat wallets. Holding big guns.

Just say OXI.

In Memoriam

Today is the fourth anniversary of Len Sassaman‘s passing. Len was a gifted programmer, he was a passionate privacy advocate—Len pioneered and maintained the Mixmaster anonymous remailer software for many years—and he was a very, very kind person. He was also a friend.

Len was the first person to walk me through setting up OTR (encrypted chat), and one of the only people I have ever known of his awesome caliber who was nevertheless able to make you feel comfortable asking what were obviously “newbie” questions.

A lot has happened in the last four years. Len’s passing lit a fire under me, personally. I couldn’t have gotten to where I am today, both in terms of practical skills and in terms of philosophical approach, without the brief but powerful influence Len had on me. I’m not the person who knew him best, but I miss him all the same.

I’ve got nowhere near the expertise he had, and if it weren’t for him, I might have let that stop me. Thanks to him, I’m not. It’s slow going, but I’m still moving forward.

Tonight, I’m publishing a small, simple utility script called that makes it just a little bit easier to use an anonymous remailer system such as the kind he maintained. It’s not much, but hopefully it can serve as a reminder that privacy is a timeless human need, and that it needs people like Len to support it as much as people like Len need supporters like us.

Len Sassaman (b. 1980 d. July 3, 2011). I miss you.

Predator Alert: Mark Elrick (Albuquerque Police Officer) and Elizabeth Escogne (“Community Support Worker”)

This is a public service alert.

Meet Elizabeth Escogne (left) and Mark Elrick (right):

Elizabeth Escogne with Mark Elrick.

Mark Elrick is a cop in the Albuquerque Police Department. Elizabeth Escogne is a “Community Support Worker” employed by AgaveHealth, Inc., an Arizona-based company whose mission to provide “health care to communities within the state of New Mexico” would seem great at first blush, until you’re privy to the kinds of things their employees talk about with their cop friends when they think no one who cares is listening. What sorts of things? In the span of overhearing just one conversation, Elizabeth and Mark:

  • gloated over the fact that a group of anti-police brutality protesters in New York were physically attacked; they exchanged pictures on their smartphones and literally laughed out loud at the violence.
  • complained that people who were “homeless by choice” always “make their jobs difficult.” (boo hoo)
  • agreed that funding support services for houseless populations “is a bad idea.”

Their conversation ended when Mark remarked that he had to be on his way to harass a houseless family who have been living in an RV.

Elizabeth is a gun collector and cop apologist while Mark is, well, a cop. (So, y’know, ’nuff said). Both participate in “historical medieval battles” as part of a team team whose uniforms are patterned after the United States’ flag:

They’re basically what you would expect: a cross between murderous Crusaders and people who believe they’re real-life versions of Captain America. In other words, people who have drunk all the propagandistic kool-aide you can imagine, and then some.

I’m writing this on my blog instead of in the Facebook Cop Block Tool and the Predator Alert Tool for Facebook due to a bug in those pieces of software that will hopefully be fixed soon. Once fixed, please report these two to those databases if they’ve not yet been added by someone else.

Police do not equal protection. #PoliceArePredators

Knowledge is a seed. Sow it! SHARE THESE RESOURCES:

BYOC: Your Blog, Your Way

For bloggers who really want to own their own content, Bring Your Own Content (BYOC) is a free toolkit for creating and managing content on one or more free web hosting providers simultaneously using a single, familiar dashboard.

You might have read about BYOC on LifeHacker some time ago. This is the first reproducible release, utilizing Vagrant and Packer, to make it super easy for developers to contribute improvements and to ease installation of the virtual appliance on end-user machines.

Get the binary 0.0.1-beta.1 release for the full thing, which includes the prepared virtual disk image, or simply install the prerequisites and vagrant up meitar/byoc to get started!

Publishing to Tumblr, (or any self-hosted WordPress blog), and the Diaspora pod of your choice is supported out of the box.