The nondescript brick building along an industrial stretch of Elston Avenue seems just the sort of unremarkable spot where a group of privacy advocates would congregate. Inside Pumping Station: One, an Avondale “hackerspace” where about 200 tech-obsessed tinkerers pool money to share tools and work space, the 50 seats in a second-floor room are filling fast. Surrounded by wall shelving brimming with parts for computers and various other electronic doodads, most in the crowd stare into the screens of bestickered laptops as they wait for a presentation to begin. People wear T-shirts promoting organizations dedicated to open-source software, such as Mozilla or Linux. A woman with a British accent cracks a tallboy of Colt 45. A man in a vest-and-tie ensemble too formal for the occasion puffs on an e-cigarette until someone informs him of Chicago’s indoor ban. Others introduce themselves to their neighbors, asking gently, as if not wanting to pry, “So, what brought you here?”
Summoned via Meetup.com or a Google mailing list, they’ve all come on the second Saturday in March for one of the city’s more offbeat social functions: a crypto party. Hardly a party in the conventional sense, the event offers an education in cryptography, the practice of encoding or decoding communications such that only the sender and intended receiver can understand the message. In an age of mass surveillance, cryptography is a chance at privacy.
As the workshop gets under way, a Pumping Station: One member who identifies as EvilJoel welcomes the assembly. Sporting spiky hair dyed fire-truck red and a shirt that reads i’m not slacking off. my code’s compiling, he alerts everyone to a tray of breaded faux-chicken snacks he baked, then introduces Brian Kroll, a member of Pilsen’s South Side Hackerspace, who begins a lecture about GNU Privacy Guard, a free e-mail encryption software commonly referred to as GPG. “GPG isn’t a silver bullet to all your privacy needs,” says Kroll, a systems administrator. “But using it properly . . . will make it easier to stay safe—and keep your privacy.”
Encryption 101: A guide to encryption tools
A few crypto-party regulars fan out into the room to aid newcomers, and someone asks aloud where the “setup wizard” is located in the onscreen dialogue box.
“I’d look for the cloak and staff,” a deskmate replies. The nerdy quip elicits laughter from everyone within earshot.
The crypto novices are especially interested in Tor, software that allows anonymous Web browsing by bouncing a signal between an encrypted network of proxy servers around the world to mask info like location and browsing habits. Because Tor doesn’t connect directly to the Internet, page-load times can be as much as three to four times slower than a traditional browser like Chrome or Firefox. But there’s a willingness among crypto partiers to sacrifice convenience to restore a sense of personal space in their digital lives.
“It’s like a room to which you can shut the door,” says Freddy Martinez, one of the crypto party’s organizers. “Outside of encryption, you just don’t have that.” Martinez, an information technology worker, has received national attention for suing the Chicago Police Department. In his complaint, Martinez claims CPD violated the Illinois Freedom of Information Act by failing to hand over records describing the extent to which it has employed StingRay cell-phone tracking devices that can intercept calls, texts, e-mails, and other data.
The hope among the crypto partiers is that once the data on their computers and smartphones is encrypted, it won’t be decipherable to the prying eyes of Google and other Internet behemoths, or to arms of law enforcement and government, chiefly the National Security Agency, which, as NSA contractor Edward Snowden revealed in his bombshell leak in 2013, collects everything from Web browsing histories and e-mails to text messages and call records.
“The good news is there’s no program named the Dick Pic Program,” Snowden said in an interview with John Oliver earlier this month for HBO’s Last Week Tonight, egged on by the show’s mischief-making host. “The bad news is they’re still collecting everyone’s information, including your dick pics.” (Snowden had previously told the Guardian he witnessed “numerous instances” of NSA employees passing around intercepted nude photos.)
The notion of government spies ogling the whole of the Internet’s racy imagery is as disturbing as it is amusing, but crypto partygoers say it isn’t a central motivation behind shielding their digital communications. Software developer Adriana Castanela, for one, came to the event to learn how cryptography can help her better protect the privacy of clients and their customers. “There’s a lot of information that gets passed that you really don’t want people to get a hold of,” she says of the development process. And since larger businesses that have more customers tend to see security as a greater priority, she says, crypto training might actually help her secure more lucrative work.
At least a few other online pursuits benefit directly from encryption. Protesters have begun encrypting their phone calls and texts to avoid telegraphing to law enforcement plans for demonstrations. Journalists are using encryption and anonymity tools like SecureDrop when they make themselves available to whistleblowers.
Lane Tech College Prep student Ericka Corral arrives at the crypto party with a couple friends from school. The 15-year-old has attended events put on by the nonprofit organization Girls Who Code, but today is her first foray into cryptography. “What if I say some terrorist joke? I could get in trouble for that,” she says of her reasons for wanting to encrypt her e-mail. “It may be coming to the point where [surveillance] is restricting our freedom of speech. I don’t think I should get in trouble for my opinion.”
Chicago’s crypto parties are an outgrowth of an international grassroots movement that began in August 2012, when a noted Australian online privacy activist and journalist who uses the nom de plume Asher Wolf suggested over Twitter an update to a dusty tradition among a loose camp of 90s computer security geeks, dubbed Cypherpunks, who communicated through electronic mailing lists. In contrast, Wolf proposed, crypto parties should be accessible, embracing even tech dilettantes—and organizers should attempt to make the events fun. The concept went viral, and before long meetings were being held in Berlin, Delhi, London—and, a month after Wolf’s first event, Chicago. There are now more than 100 CryptoParty chapters active around the world, according to the group’s wiki.
The nascent movement quickly attracted the attention of a young NSA contractor by the name of Edward Snowden. In December 2012, just six months before he would expose the U.S. government’s Orwellian global surveillance programs, Snowden organized a crypto party in an art space in Honolulu in tandem with a small hacker club called Hi Capacity.
“Snowden stood in front of the whiteboard and gave a 30- to 40-minute introduction to TrueCrypt, an open-source full-disk encryption tool. He walked through the steps to encrypt a hard drive or a USB stick,” Wired contributing editor Kevin Poulsen reported last year. His main source was technologist and writer Runa Sandvik, Snowden’s copresenter at the event, but Wolf also makes an appearance in the piece: “I kind of hope, secretly,” she tells Poulsen, “that the crypto party offered Snowden an outlet to think about what he was already beginning to plan to do.”
Nearly two years after Snowden’s revelations, the impact of the information he exposed is mixed. A Pew Research Center study, “Americans’ Privacy Strategies Post-Snowden,” published in March found that 46 percent of the people surveyed remain “not very concerned” or “not at all concerned” about government surveillance of U.S. citizens’ data and electronic communications. Just 34 percent of those aware of NSA surveillance have taken at least one step to hide or shield information from the government, such as changing their privacy settings on social media. (That number jumps to 40 percent if you only include 18- to 50-year-olds.) Pew’s survey also found that 49 percent of people believe it’s acceptable to monitor a person who’s used encryption software to hide files, a stat that makes crypto partiers roll their eyes.
“Paranoia is usually defined as fear or precaution without strong fact-based evidence to justify it. But in the past couple years, even publications that are fairly mainstream and not often antagonistic toward authority have reported a slew of detailed facts that inform my concern and that of my friends,” says Chicago crypto-party organizer Jen, a university research scientist who asked that her last name not be published because she fears academia might judge her on the basis of her beliefs about privacy. “You just need to read the news and think about it and not ignore it, and you end up here where I am.”
Back in 2011, before Snowden became a hero to some and a traitor to others, information privacy law expert Daniel J. Solove’s Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale University Press) poked holes in the most common prosurveillance defense. According to Solove, that point goes like this: “I’ve got nothing to hide. Only if you’re doing something wrong should you worry, and then you don’t deserve to keep things private.” One of the problems with this argument, he says, is “the underlying assumption that privacy is about hiding bad things,” he writes in a 2011 Chronicle of Higher Education piece. “By accepting this assumption, we concede far too much ground and invite an unproductive discussion about information that people would very likely want to hide.” Instead, Solove suggests debating the way surveillance inhibits lawful activities “essential for democracy,” including free speech and freedom of association.
The safeguarding of free speech is a common thing crypto partiers say is compelling them to educate themselves and volunteer to teach others about the benefits of cryptography’s privacy tools. “When governments deny citizens access to the same caliber of secrecy that they hold themselves, you have a framework for the unchallenged abuse of power,” says Travis McDermott, a technology worker, activist, and crypto-party organizer. “It’s important that we maintain strong crypto for everyone’s freedom.”
According to the Pew study cited above, 54 percent of American adults think “it would be ‘somewhat’ or ‘very’ difficult to find tools and strategies that would help them be more private online and in using their cell phones.” But after troubleshooting with more experienced users at the crypto party, the task wasn’t so tough for Corral. As the event begins winding down, the teen is proud to report that her computer is now outfitted with GPG e-mail encryption. “I’m not saying it was a piece of cake, that I could do this in my sleep,” she says. “It was an easy process because I was guided through it.”
And that, Martinez says, is what crypto parties are all about—empowering people to take privacy in their own hands. “You’re not asking anything from institutions, you’re not asking for [surveillance] reform,” he says. “You’re making it yourself.” v