BERLIN -- On a warm August night, inside a meeting room at the Berlin House of Representatives, American digital privacy activist Jacob Appelbaum pulled a small electronic device from his backpack and issued a challenge to parliament: The member who agreed to run the device, a custom WiFi node, from an office in the building could have it for free.
"If someone from the parliament here really believes in free speech, I'm happy to give this to them," said Appelbaum. The node boosts the signal of a worldwide encryption network called TOR. Short for The Onion Router (think protective layers), TOR software provides a web browser that cloaks IP addresses, granting anonymity to Internet users. The National Security Agency’s controversial PRISM program is thought to be using Internet nodes in foreign countries for espionage. TOR nodes create a blanket that shields Web content -- emails, instant messages, metadata and browser histories, for example -- from the government’s gaze. Without anonymity and privacy, Appelbaum argues, freedom is a fallacy.
“Fundamentally, it’s a very old idea that you should be free to read and free to speak and you should be free to do this without having to identify yourself,” Appelbaum told a packed room of concerned faces -- about 60 in all. Appelbaum, a young man with thick-framed glasses and impeccably clear enunciation, acted as a de facto spokesman for WikiLeaks in 2010 after the group released intelligence cables handed over by Bradley Manning. With TOR, he explained, “instead of the 20th and 21st century surveillance state, you’re returning to a state where privacy is the norm.”
Appelbaum’s audience, a mix of programmers, off-duty journalists, and concerned citizens, leaned forward in their chairs and listened closely. Promoting encryption is a key part of Appelbaum’s agenda. Only a small substrata of Internet users currently go to such lengths. But the more people encrypt, the greater grow the hurdles to the kind of widespread government surveillance brought to light by former intelligence contract Edward Snowden. And an effective way to recruit new members to the encryption movement is through public events like the one in Berlin -- what have become known as “cryptoparties.”
* * *
Many Germans have regarded ubiquitous web giants like Google and Facebook with a high degree of skepticism since well before Snowden’s intelligence leaks revealed that NSA surveillance relies on cooperation from some of the world’s most powerful telecommunications companies. A popular rationale for Germany’s collective apprehension cites the country’s history of extensive spying by both the Nazi secret police and then, in the 1980s, by Stasi state security forces. In July, German magazine Der Spiegel published an interview Appelbaum conducted with Snowden in which the former government contractor claimed that the NSA and German authorities are “in bed together.”
As of August 27, Germany was second only to the U.S. in the number of active TOR users (with nearly 49,000 users to the U.S.’s 97,000). In August, global TOR connections spiked to 150,000 monthly users, up from about 50,000 users in June and July. Publicly, incensed Germans are staging street protests and urging lawmakers to intervene with mechanisms that protect their web activities from the prying eyes of government. Privately, they're turning to hackers for lessons on how to do it themselves.
Laptops open, dozens of people listening to Appelbaum prepared for an evening of privacy instruction. At cryptoparties, privacy activists and software specialists tutor people in the craft of data defense. Appelbaum led a workshop on TOR while two German instructors ran basic primers in encryption protocols called off-the-record messaging (OTR) and “pretty good privacy” (PGP). OTR prevents instant messaging conversations from being logged or viewed by outsiders. PGP is a program used to encrypt and decrypt messages and files, including emails. Communications between Snowden and Guardian reporter Glenn Greenwald and documentarian Laura Poitras were secured using PGP.
A common analogy for explaining the importance of encryption supposes that an unencrypted message sent via, say, Gmail, exposes information to Google and an Internet service provider as if it had been written on a postcard and dropped in the mailbox. "You don't see the postman but he's certainly there," said Anne Roth, a digital privacy activist in Berlin. Cryptoparty attendees are wary of the postman and his loyalties.
As expressions of political activism, cryptoparties first took root in 2011 in Australia when lawmakers were considering hotly contested legislation intended to reign in cybercrime. The bill, which passed in 2012, allows government authorities to force Internet service providers and carriers to retain and relinquish customer data. Even foreign governments could demand the information. In a letter to the Australian government, civil liberties group Electronic Frontiers Australia cautioned that the bill “can potentially enable arbitrary interference with privacy and correspondence.”
In the past two years, cryptoparties have sprung up in Oakland, Boston, Calgary, Cairo, Reykjavik, London, Brussels, Manila, and elsewhere. The event in Berlin was the latest in a series of post-PRISM cryptoparties on German soil – and perhaps the country’s largest to date. The gatherings are often ad hoc, hosted by IT experts, and typically draw between five and a dozen pupils of varying ages, technical experience, and professional backgrounds. One such party in Cologne in July drew, among others, a tango instructor, a healthcare worker, and a schoolteacher.