 And now to our first talk in hall one it's titled I feel like a criminal and I have to be God at the same time And it will be about how we as a community. There's there's lots of talk at this Congress about hacktivism about hacking But there's not a lot of introspection about what we want to be as a community and how how we think about ourselves and now Leonie Maria Tanza is going to talk about that. Please welcome her to the stage Hello, good morning. I'm very thankful for seeing so many people despite the fact yesterday was a very it's the last day There was a toilet party as I've heard So greatly appreciated that you came along My name is Lenny Maria Tanza I'm a PhD student in the School of Politics International Study and Philosophy a very long and dry name in the Queen's University of Belfast And today as the introduction already said I'd like to give you a small insight into my interdisciplinary research project Which is looking at security issues around like hacking and hacktivism But like more around the issue of how different actors perceive hacking and hacktivism So I'm looking at the policy level of the European Union, but also for instance at the cyber security sector, whatever that means And like people who call themselves hackers and hacktivism, but they think How they are portrayed and currently perceived and I'd like and with the very controversial title I feel like a criminal and I have to be God at the same time It's not that I think I am but like it was a quote by one of my participants I'd like to give you a rough overview in this next 45 minutes on What I found in the course of my study And before everybody freaks out and says oh my god, it's a social scientist doing research on this community I would would like to give a brief kind of disclaimer. I'm aware. I'm not like doing anything like CSI cyberkin related. I'm not like basically trying to bring people to jail or do kind of armchair psychology or imitate like this kind of well known Series and also really important I'm not funded by the GCHQ because you know, I'm from Belfast and everybody assumes that it was a question I got quite frequently when conducting this study and it's different that I would like to make clear straight away Before I start where I'm standing how I was funded. So that is that nobody can accuse me of any kind of bias I was hesitant to include it But I think it's important to make clear where how research is basically currently funded. So what happened to me I'm defined by the Department of Employment and Learning, which is a government institution in Northern Ireland They cover my tuition fees because the UK just feels like education shouldn't be free And the School of Politics of International Studies and Philosophy They give me 5,000 quid a year which is not enough That's the reason why I have a part-time job as a tutor and teaching assistant and I get like additional funding here and there Like the Lorimer University Scholarship Center. It's not that I want to bore you to death with that information I just want to emphasize one thing none of these people none of these organizations had any influence with what I did had Not like make clear that they had like a certain kind of interest of finding this They simply gave me the money in the basis of my funding application. That was it so I hope I eliminated any doubt at this stage and I was I really felt like I want to get this off my chest because it was a Question I got like over the course of this year multiple times and on that basis I'd like to make further clear misconception of what I'm interested of doing I'm working on currently in a field called critical security studies and What that area is basically doing is like it examines not like what old-school security scholars would have done Like all the cold war is over and what are we doing with the world? It's more about what is the effect of security politics that we are What we are currently having so The I'm interested in analyzing the consequences and effects of the Insecuritization of hacking and hack wisdom and an understanding of the practice in the dandy of hackers and hack The rest and really important what I mean with that when I talk about consequences and effects is basically How they are portrayed and what they how they are resisting this kind of portrayal and really important is for me Through their eyes by giving them a voice Because I feel like a lot of the literature is basically talking about hackers and activists But they never really approached them and asked them What do you think and that is what I'm keen on doing and hopefully been able to transport here in the course of the next hour So the overview of what I'm gonna talk about is I give a brief definition of hacking and hack So I can offend people with my definition and you can scrutinize what I'm saying afterward in the q&a I talk about in securitization. It's a theoretical concept. I assume not a lot of people have heard about it So I think it's important to talk about what I mean with this I'm talking about my method how I got at the data how I analyzed it the really important bit about my results And then like the question of so what why is the social scientist doing this research? Why is it worth funding it or why is it even relevant and last but not least question answer session where I hope I am able to answer questions which remain in the course of this talk So hackers it's a very ambiguous term hacktivist as well You know you have certain kind of assumption around it My mom thinks about hackers something else like you guys think about hackers and there's also difference around countries and like kind of like Contexts around it But what I at least in my thesis think about like hackers and hacktivist it relates to computer hacking at least for my thesis and comprises activities ranging from on or first access on like Manipulating technology for honor for this means up till the production free software But it's really important what I think about hacking is it is a technique So you may use it for like malicious reason, but you don't need to and I think that is one aspect a lot of people blind out And I guess a lot of you think as well The hacktivism part is a bit more tricky because that is a word where a lot of people feel offended by I think it's like use That's a buzzword the media uses But I think it's a really interesting aspect to take into account and I'm merging both concept because when we talk about hackers and hacktivists at This moment of time they are both somehow tied in with a certain kind of perception around them how they look like how they what they do So therefore I merged them for this specific study together despite the fact I acknowledged there might be differences So hacktivism for me is a form of political activism Performed through hacking techniques and it's really important that there's something around values and ideology and that makes it distinct for me To hacking because you can hack your washing machine Because you want to make coffee with it But you can hack also the washing machine to set a current perhaps a political statement to let's say Siemens And the really important bit what I also think a lot of people forget is like their activity stretch from illegal to legal So you can do it both ways Constructive and deconstructive and what I mean with that is the idea of like builders and breakers And if you're interested in that there were all the talks and papers I've published where where you can read more around the idea of what I'm thinking around there and really important is In the lines with your old throughs and against and what I mean with that is basically as we see currently Everybody's really excited when anonymous does stuff around against ISIS But when they do something against your own government you basically perhaps like feel that this is not correct So hacktivism is like any kind of other political activism if you are going to an anti-racist demonstration You are in alliance to that if you are in the KKK you certainly wouldn't feel very Happy about that demonstration taking place. So this is the important bit about activism It depends on your worldviews and that is the same with hacktivism. Okay So the really bit which is troubling or problematic is the terms are controversial so we all have like the idea of like the hacker with the Bali clava sitting in front of a desktop with having terminal open and the risk misrepresentation like goes in the media politicians even like the industry but also like Academia and what is happening is that it's often considered as that's kind of a security and threat construction at least like it At least in the UK definitely And this is the starting point for my research this idea of like We have a certain kind of image in mind about like hackers and hacktivists and it's like this threat image And that is where securitization comes in or more important in securitization And what I mean with that is one does not simply say security security is really something Which is used in political context achieving a certain kind of purpose having a certain kind of aim and Insecuritization the theory basically says security issues do not necessarily reflect the objective material circumstances of the world so If you are for instance if Angela Merkel steps on the stage and says we have a terrorist threat Something happens and the really important bit is security is like Co-constitutional like a co it relates to something insecure just like you have the idea of good and bad It requires the opposite security requires an opposite as well. There's something secure and something insecure and in that regard they are Relative and if you consider something as a security threat What there must be an opposite to that and this is an important starting point from my research on What happens with when politicians or the cyber security sector talks about hacking what happens with those being the You know the insecurity level the hackers and hacktivists Because they propagate fear and have an effect So my interest is basically to understand or the for insertionization is how and why this process Happens and to identify the effects of it and the effect is what I want to talk about today in this talk And this is basically what I'm trying to do and hope to achieve in the next like 30 minutes left so coming to the method because that's always a really Interesting aspect at least like in academia It's a qualitative research and I make straight away the claim. I'm not making any kind of Claims about the community whatever that is It's not generalizable. It was like based on 35 interviews. I've conducted in the course of a Research fellowship. I was in Berlin for three months But the interviews were conducted both face-to-face, but also digitally using voice over IP services and I have ethical approval for this Study and They were non-occurring interviews, so I've not met those people again necessarily and like It's really important. They were conducted in English and in German, but for the purpose of this talk all of the quotes have been translated to English by myself and I know that there's one word which a lot of people will probably get offended by it's called self-identified And I know that there are issues around that and I will touch upon that in the result section But I'm but what I mean with that is basically anyone who basically talked to me was a made aware in a participant information sheet Which basically gave them? the the knowledge that They I'm looking for People who call themselves hackers and activists and they were willing to participate They will also make clear that like the interviews were already recorded and I transcribed all the interviews on tails They've never have been on a Windows computer and will ever be and if you have more questions around the ethics and data protection issue Please feel free to get in contact with me and I analyzed the interviews with thematic analysis Which is a six-step approach you can read up on it And basically looking at like kind of themes in the interviews and the important bit is about p1 So in the course of the next slides You will see a lot of like p1 p2 p12 whatever that means Participants plus numbers so I had coded identifiers to know where this quote comes from but I did not include any kind of More information about them like their names or the location or anything like that and really important is also that That they're I also told my residents that they cannot tell me under any circumstances Tell me any kind of incriminating material So that limits the results as well because they couldn't tell me like for instance if they would have done something legal Which I'm happy they didn't So that is also important for the further steps in analyzing my results okay, and I'm not providing more information about my participants because of the possibility of social risks involved for the people who talk to me and That's simply why I provided you with the numbers and the gender despite the fact the gender might be There's a slight like massive gender inequality here, but it was really hard to find females unfortunately Okay, so now everybody is completely Excited for the results. I hope the results basically are split into three themes and the themes of course I've identified and I found them because they were on the basis of the method I used there were different kind of steps I went through that these were prominent topics coming up in all interviews and one of them is called identity And what I mean with that theme is basically the misrepresentation of hackers and activists leads to their differentiation and I will go into depth around like all of them, but that's just like a short overview of what you can expect with the next like 15 I don't know how many minutes left The insecurity topic or theme is basically the threat to privacy insecurity for the community leads to their investment in more security It's like a vicious circle and the last bit is called system And what I mean with that is the mistrust in authorities and hierarchies Like in the current political system leads them to conduct activism and potentially also hack the vision Okay, a really important point is also there's two different dynamics Involved in all those themes and one I termed an external the internal. It's not the most sexy Like definition I could find but what I mean is with external what participants think is happening So they were often saying, you know society thinks this and that so what they think is going on and the internal Dynamic is this resistance. So what are they doing against that? And I will talk about both processes for each of the themes Okay So coming to the first theme called identity which I personally think is really fascinating at one of my favorite themes and the external aspect is To make you again like think of it the first identity is about the misrepresentation leads to differentiation and In the external aspect is basically that due to the process which is happening They feel pushed out of a sort of a sphere of legitimacy my participants and one of the first themes or issues Which comes up in the interviews quite frequently is the other so participants talked a lot about like the aspect that they are considered as like This associated with that negative connotation of like, you know, the hackers are the criminals We're the we are somehow put in a categorization as a participant said partisan free a categorization It is lump-sided broad and where a lot of people would fit in So it's like a lot of the participants spoke about like it's so, you know It's so skewed towards one perspective that we have like no Possibility to be considered anything else and there's also a duality of perception That is where the quote that I used for the talk of This presentation comes from I feel like a criminal I have to be called at the same time So they are basically often both like heroes like, you know My mom thinks they can do anything when they touch her computer But they can also be they are also that's negative aspect of like the the criminal the terrorist whatsoever And I think it's really interesting I don't know if you've seen that Facebook meme about the Schrodinger's immigrant and it's the same kind of the Schrodinger's hacker You're both like heroes and like this incredible magicians But at the same time you're the weird or slew, you know break every computer and that is an interesting dynamic and Sorter talks about like that in regards to her in her book about DDoS action how anonymous is often portrayed as like that folk devil that boogie man we're using to basically emphasise their their their oddness and That does not necessarily correspond to what my participants perceive them The other thing and I used a quote to basically Examplify this it's from the Daily Mail, which is a very high quality newspaper in the UK is stereotypical portray portrayal and that goes along with an equation and so there's a there's the idea of like They are the cultural outsiders there the terrorists the weirdos the sociopaths and it's really interesting because if you read the book on Greenwald he spoke about the same thing dynamic with Chelsea Manning Edward Snowden Assange were basically their personal life and their political actions got entangled with like their mental health or They were Nazis delusional anything like that and the same thing basically my participants emphasise that the hackers You know as it says a baby face They're young days have black hoodies sit in the cellar are weirdos And I mean like if you read the news and especially quality newspapers like that You will find those stereotypes and this is one of the best examples I can think of So this personality disorder is often there and they feel like a lot of participants were speaking out against this equation of being The terrorists of being the weirdos Another aspect which is happening according to them is scapegoating and I call that Instrumentalization it's the purposeful attempt to pull them towards that and that is a quote the stupid word they use Cyber cyber warfare cyber warrior all this nonsense and funny enough the CSFI, which is like an American military organization company and Related to the state uses, you know that cyber word as well Support the war fighter in cyberspace and then I know that the word here is very controversial There's cool stickers around lying around here about the whole word cyber But it's basically hackers cyber all those words are jumped into and brought into the context basically get funding Make people think of like all I need to buy a new make FB product or whatsoever And that is another aspect participants spoke about the scapegoating like the hacker word is used and dropped to basically Make and cyber security would love Hacktavists for instance because they're gonna help them sell all kinds of crap so it's basically a word used to get money rolling and Another example is here this in CNBC. There was an article making money in the war against hackers So that is another dynamic which think of which participants emphasized is taking place Now what is basically then the resistance? How do they counteract this process and then it's super fascinating for me one aspect is the broadening of the term so I Bet if I ask everyone in here what hacking or hacktavism is I will not get a Coherent answer from anyone and that was the same I've identified with the participants So all of them were emphasizing basically it's a broad concept. We talk about innovating about like providing shortcuts until to finding the truth So it's like some people consider it as an art of understanding the world People call a hacktavism online rebellion I could give you tons of quotes around the issue, but what it means basically is it's very diverse And it's completely contrary to what the media portrays what the politicians portray what my mom thinks of hackers it's like two different things basically and The other thing is being a hacker and hacktavist is a mindset and it's an attitude And I think that is really interesting to basically think about like who is working in the industry and are all people working in this tree Hackers and there seems to be not the case that these like participants emphasize that some of them, you know You can study computer science science, but you don't need to be a hacker. There's a difference here There's a different kind of mindset and that is like encompassed to the broadening of the term Which goes against the narrowing and the lump-sided aspect that the the other side is basically doing The other thing is they distinguish themselves so often my participants highlighted at diversity So they said about legal illegal white black positive negative all of that and so basically the emphasize not every hacker is a black hat and What is really important here is also that there's legal ways of being a hacker And I mean like everyone here knows that but like I still want to emphasize This is a research done for a broader academic audience, which does not know that so So they talk for instance about like, you know, I mean what we cause might be bit damage But that might mean physical damage you can do when you bomb like it's not that anyone would do that But like I just give an equivalent here So they oppose also certain kind of hacks, which they're often accused of so for instance against the media or private individual or critical infrastructures all words politicians would use to basically construct a picture of like the hackers Which is a specific kind of idea are doing So they're distinguishing themselves really important is also they reclaim and clean the term and I think that is really interesting in regards to for instance How they distinguish between friends hacking cracking despite the fact I acknowledge that not everybody loves that term And also they're focusing on like official organization. I mean we're here at the CCC. It's acknowledged Organization the FF like what do the net all of that So there there's ways of like keeping it clean but by being an organization which uses that term and basically therefore We are reclaiming the word and there was a quote and there was multiple quotes where people said for example CCC managed to make it a positively connotated term, which is not the case in many other countries and I can say that this is certainly the case in the UK and Also people were emphasizing hackers have a good reputation in Germany which goes along with the idea that you know CCC is one of the oldest and largest hacker communities in the world And what comes out here is like the idea of self identity and what that is really fascinating because there seems in my participants being a flexible identity around like Despite the fact everybody agreed to talk to me Knowing that I look for people who call themselves hackers and activists Nearly every time people said well, you know I'm not would not run around calling myself a hacker or but despite the fact that knowledge I'm falling into this category So people would say I never introduced this myself like this and there's one aspect for instance I would not define myself as a hacker when I'm for instance talking to them and demand politicians because you know It has negative connotations to it That is really an important aspect because because there seems to be something going on between security researchers versus hackers And that term is used here as well But read the news magazines when are they referring to hackers and when are they referring to security researchers doing the same thing But like suddenly it might swaps In the media and so for instance one participant said I've been asked by an immigration officer once if I was a hacker And that was kind of funny. I told him I was computer security researcher I'm I'm not sure what exactly he meant by hacker And this has happened to other friends and there are other person says for instance There were some situations where I'm a hacktivist or other times when I'm a security guy and that is interesting. I'm I acknowledge Social identity theory. It's a psychological theory is basically saying, you know, you can have shifting identities For instance, I could say for instance, you're the audience. I'm whoops You're the audience. I'm the speaker, but I could make another identity salient I could say I'm a female so all of the other females in this room might identify with that and I create a different kind of category I could say I'm an academic and suddenly I create other identities in the room Where you feel aligned to the same thing seems to happen here But what is really interesting is that the security researcher seems to be kind of a life belt You fall back to if you want to introduce yourself in a different kind of term and I think that is really interesting to think about So in that regard, it's like a merbius ribbon Why am I using this idea because you know the flexible idea of identity people always consider you identity as being like a coin You're either one side your black hat or your white hat But in fact, you're like a hacker and the security researcher you have day jobs Like I don't know what you're doing when you leave today Tomorrow you might be a pen duster be like a software engineer anything like that But you can have different shifting identities and there's a really important aspect Research has have to acknowledge that that is not just like one thing and that kind of stable and really important is here that there's two dynamics of which is a Consequence of like the hacker idea being portrayed as that negative on the one side You can't call yourself a hacker because it has negative connotations and that was seen by people being basically saying Oh, I would never talk to a politician using that term But the other thing is meritocracy Everyone here. It's like I give you an example You I would you know people would never call themselves experts. You would be like absolutely that was a Word someone use it would be presumptuous to call yourself a hacker and that's the same thing There's must be something everybody acknowledged We are on a hacker conference But not not a lot of people would run around saying I'm a hacker you feel aligned and associated with the identity But you're not like fully in it and there's a similar equivalent like an LGBT member in Russia Currently would not run around necessarily saying. Oh, I'm gay But they feel associated with LGBT and that is like that negative connotation aspect the meritocracy aspect is more related to that expert aspect that you know You can't use that term because you know, you would be up. Yeah, it would be considered like an asshole and So that is like the way they resist by having that like step back word of security research or anything Which is currently acknowledged as legitimate Now coming to the second theme Insecurity and what happens here as I said the threat to privacy and security leads to an increase of insecurity It's a vicious circle and what happens externally is a version of a rule of law I don't need to say a lot about that. I mean all of the talks basically emphasize this People talked about the rights are getting circumscribed Internet has been criminalized But the really important bit is like my participants emphasize that this is a fallacy Risks are inevitable people would choose a small sense of security over the necessity of a privacy and they are basically Criticizing that their version of law is basically you have to choose either security or like freedom and That is a really like that is a really important aspect of what's going on in the interviews They also emphasize in the course of this the exaggeration overestimation of threats We currently see everything is hyped up and a lot of that quote on like general Alexander goes anonymous could take down the power grids Bullshit it's complete bullshit. It's so far from anybody's technological capability and we see that quite often I love also the quote because I could use bullshit in a context. I'm not need to basically justify myself using it but like they basically use the idea that like you use you you really Instrumentalized script code in hacker in a context of like a political speech to make the average citizen or person be Thinking oh, I need to do this or that and we need to be scared of them but the really important bit is like that People think we need to look skeptical when the government calls something a security threat and that they have mistaken the security issue because This results in a climate of suspicion both externally by politicians in and others, but also within that community people said a lot about like that they have like Problems getting stopped at airports are anxious when people ring the doorbell or face personal repercussions such as like freedom of travel and That that is really interesting that the participants basically feel that form of losing control over their own safety privacy and independence Which is fascinating by a community which is so focused on like being in charge of their own like Devices their technology etc. So what happens therefore as a resistance to these processes is the investment in more security and That is a really really insightful way of like talking about it And I think more people need to acknowledge that hacking hacktivism is form of an ecosystem People are participants basically said they are the security in the system So while politicians talk about hackers as this negative threat as the Threatening aspect participants say for instance hackers would find a security loophole The manufacturers then forced to close the security loophole where upon a other hackers or the same hackers come along It would find new security loopholes. It's a vicious circle It's an ongoing process of improvement awareness raising and a participant you said the equivalent would be product testing Nobody would you know think of like Using a car where the belt hasn't been tested But like hacking that is considered as like that problem where you can't try to find a security loophole because you know We would rather not know and then the really important part comes here the irresponsibility aspect about it So my participants emphasized. It's not my responsibility. I'm not liable for you know, the loopholes I'm not increasing the risk. The risk is already inevitable software has already or hardware has already been Produced which has a flaw and so for instance participants said not to hack is the biggest security risk of all because someone Will exploit the thing so and I think that is an important aspect to to think about because if I look at data from politicians They are thinking rather not tell the security Loophole exists whereas they basically emphasize no it already is there. We need to basically make it a scene by everyone And I thought that was a way new way of thinking of security and insecurity and in the contacts The other aspect is that this personal security they are emphasizing and I mean we all use signal tour Whatever so this investment in visual security of using a crypto or soft-produced guys once personal identity Stands in huge contrast to what the state is currently trying to do So I used I did interviews with people working in the cyber security sector like the management and they often said like Centralization They rather have everything like basically in their own hands sell that product to a customer And then like make sure that everything is safe But the customer is nothing to do and the other way happens here like they are completely saying I want to take security in my own hand so There is like that contradicts like the security perception we see with like other actors and that means just that we can't Really find a way of like talking to each other And I personally want to ask like in that regard if it's not somehow then also helping the personal security or the public security That hackers and activists are so emphasizing this personal security for themselves because as we said I just said we have tools like tour signal etc Okay coming to the last theme Which is really merging from that technological side are just emphasized that they're not just Developing technological alternatives my participants, but they also engage in political the political system work closely So system here just doesn't refer just to political system But technological system as well and so the mistrust in authorities and hierarchies that is the argument that this is in this theme is Basically leading to certain kind of activist forms to resistance form And that applies so technically and so politically So externally what happens is they are not perceived as like the same kind of equivalent to other actors and that is obvious because We see we all know the wonderful term Public-private partnership But that misses the third actors according to my participants and that is the civil society Which my participants consider hackers to be part of and hack this to be part of so what they criticize is that in the Political sphere is the lack so what happens is the lack of ability to get hurt because governments are out of touch with the definition of a hacker And what it would be So a quote a participant said that's all just old man with ballot points or They are like other people said for instance, they're like my parents They happily get a tablet and learn how to use Google, but that's it So the lack of knowledge of politicians is also criticized And that also makes it hard for them to get involved in those two dynamics And that's the reason why politicians often use the industry to get like help in like writing Policy statements as we all know and but the problem is the industry is focusing also on the wrong kind of experts according to my participants they talk about business blabblers and I guess Everybody here in this room knows who they are talking about they're talking about the management We are like perhaps like have studied computer science been in the business for like 50 30 years No 30 years probably and now they have been like out of touch with the technology for my participants And they're more interested in like gaining like More income rather than like on the technology itself and it's a huge a quote huge money-making machine We're producing and a really big critique is on the revolving door So what I mean with that or won't my participants mean with that is like this how these two spheres basically reproduce themselves You have people going to secret services And working there stepping out going into industry probably selling the government products and like then making money with it and going back into the political sphere in in in a certain kind of Yeah, in the NSA or GCH cure whatsoever So there is that revolving that they are basically two spheres, but they're missing the third actor The other thing is what happens the skepticism and that relates to power and privileges both on a technical Side but also on a political side and I thought that was really insightful at least for political science like myself Because like there's not just a doubt in the network infrastructure. So for instance people said You know the Internet is very very vulnerable at every single level and it's screwed over over Already, but there's also that comparison between you know, you can attack like Technical system on the top level which would get you access to everything But the same thing would apply to political level if you've you know bribe Angela Merkel now, you know, you could achieve higher things as well And I think that relation between hacking not just as that technological aspect and but hacking also like a political Sphere is important to emphasize because it is taking place and So the focus of decentralization distribution Hedrarchy that is one aspect which we see like on a technological side But also to emphasize on what politically should be done and the best example, of course is Anonymous because the media still struggles to define them and talk about them The other aspect is hypocrisy and there's one dynamic about like interviews emphasize that there's a public private sector applying hacking methods For instance, Apex did that with a DDOS section against a Bahá'í Bay But there's also other examples like on anonymous service, etc But this applies a double standard because participants were really frustrated because they Government obviously have security specialists or security researchers who are allowed to do this But they use are still applicable to the same laws But they are but they can't they suddenly have the license to hack so to say and I really wonder What is the security problem because like if people say we can't use DDOS attack? Is it the activity they criminalize is it the actor or is it the intention and that is not clear And I think that is a discussion we need to have and the other aspect is the hypocrisy Around like for instance exploits because governments are allowed to have them the purchase seal real days And they don't operate in the legal framework. They try the community to basically put in and so For for my participants is then the preservation of security not according to internet not assured by intelligence service But by this community here So and how do they resist this process? One aspect nothing that is very interesting perhaps you perhaps this is something people know here But have never been really focused or made aware of no collaboration And that is the rejection to work for the state institution like police or intelligence agencies And that is according to my participants very strong in Germany where you basically would not like work for them or should not work for them and They are aware that you know NSA employs or the gchq at all the institution employs hackers and that they have them But there's a difference so they distinct here ideologically again between like different kind of people And there's really an important aspect of internal disciplining internal policing and a participant said if you're working for the FBI in the United States of America Because you think the technology they are using is absolutely awesome or because you're technically interested there's up. That is absolutely legitimate Independently of the purpose. However, if you do the same thing in Germany Then people will kick you out of and that meant the clerks communication Congress You're simply not allowed to think that this is awesome because it's evil So what this person basically emphasized is that there's certain kind of differences and people spoke about an American hack-a-dome or European hack-a-dome There's different kind of mindsets and it makes it hard to speak about a hacker community at least for me as a researcher And I'm still struggling with how to phrase around that But there seems to be that dynamic of like how to keep it clean again here in this aspect and there two last dynamics are One aspect is politicization So one is that the hacker scene has become politicized over the course of the last years And we see that very well like yesterday in Frank's talk was like how the hacker community is involved in politics Asked and looks at social and political questions And they also think of themselves my participants as a counterpart to the industry Which is so influenced on like more than money-making machine rather than like the actual social and political output And so people are involved in advocacy. I mean you've seen the noisy square like with EFF, etc So to support digital rights online and the other aspect is hacktivism and that is an interesting one And I haven't thought of that before I started this research like that So there seems to be a two-way dynamic and one aspect brought a hacker community who has over the course of the last Years that gates become politicized But according to my participants, there's a new kind of a younger generational line which they call hacktivists Or I mean the term as a knowledge is very controversial But what they mean is That one you can have a hacker becoming politicized to there's a new dimension of like people coming in Calling themselves hacktivist and three is also that I would probably consider myself as both yet I'm coming initially more from the traditional hacking scene So so the third aspect is then basically that people have focused have become like hacker and hacktivist at the same time And interesting about the younger generation aspect is then that would explain why people a lot of like Old-school hackers whatever you mean with that, but at least my participants Would think like why they are not that open to that term because it's like different suddenly And it's also a way to counterbalance the devaluation of traditional protest form that is currently taking place Because you can do a demonstration as a lot of you know, and then you can still basically Not get anything done so hacktivism might be that like option out of that process so That was a lot of information to take in and to break it down quickly So we talked about identity insecurity system and there's different kind of dynamic internally and externally so external is what is happening So they're the criminological although the equated with cultural outsiders and scapegoated and therefore Internally what happens is they're broadening the term they distinguish themselves They reclaim and clean the term and they also have that flexible identity of like being both a security researcher hacker Whatever you call them as well the other aspect is the other insecurity So the erosion of law feeling sense of security exaggeration, etc. And how they Contracted is by basically emphasizing. We are an ecosystem. We belong all together. There's a false sense of a security we rather choose like basically security or freedom and They invest in their own privacy and security technology and last but not least system They're basically emphasizing that there's a missing third actor Which are they and like skepticism of societal and technology system and hypocrisy and they resist by basically no collaboration With police internal disciplining and politicization and hacktivism potentially Okay, now you might say well Interesting you are able to talk for an hour But what do we do for that or what do we take for it on one side? What I hope with this research in or my PhD in general is to uncover the Practices that are currently taking place in that wonderful cybersecurity sector whatever that is So I'm interested in to make sense of that bullshit bingo that is often being taken place and To identify what hacking and hacktivism means to different actors and how that basically contradicts or correlates And that's basically where I'm standing with this research and why I did it with those three actors and thus What I'm interested to do is basically is a sociology of group of people that for so far have predominately been only talked about as Just make a quick Google search often takes place the hackers But nobody talks about who they are and has approached them And I think one aspect I do want to personally say I'm aware of faith is blog about like you shouldn't talk to social scientists And I'm completely aware that there's a lot of like scumbags out there who probably do research for malicious purpose But I do think it's interesting for a community that is so focused on like, you know Show me your data show me your code show me your stats You have you basically lose out of basically not talking to social scientists But betting basically getting screwed over by all the shitload of publications who basically just say those hackers So I got that off my chest as well The other thing is like I want to do a study in a critique on what the Insacredization of this current system does to groups of people and this is not just hackers It does takes place with immigrants with any kind of group, which is often marginalized I want to counterbalance the dominant research foci and this was basically mentioned yesterday by people say or Two days ago about counter storytelling and I think that is an important way of approaching this research as well I want to demystify the position of hackers and activists perhaps You know, there's a way of reclaiming the word making it not that malicious again And last but not least also de-glorifying it like not making it that criminal activity My mom thinks I'm currently always doing research on and last but not least an ability to develop code and hacking is won't possible And valuable form of involvement of people in the political and social discourse And I hope that this research contributes to that and I'm looking forward to your questions answer sessions And I'm really like my attempt was basically to talk about Do not just do the research but also come here and basically show what I have found and I'm happy for any kind of Feedback criticism you might have and I'm thank you for basically listening Thanks for the great talk We now have about 15 minutes for Q&A. So please as always line up at the microphones here and Also, of course if you're out there in cyberspace you can go on the ISC you can go on Twitter to ask questions We have a cyber real-world interface here just for you and we'll actually start with the internet Yeah, the internet has got one question so far What are your views about responsible disclosure agreements in regards to hackers and criminal activity, especially when the RDA also includes monetary rewards So the question is basically how what I think my opinion is on them doing that. Okay, I guess That is an option My interest was not like to identify what is correct or wrong My interest was more like what do hackers think that's currently happening and what how they perceive themselves Disclosure was an issue more in whistleblowing terms The money aspect was not coming into play But what people said is that they were sick of like Like releasing bugs and letting people know and then nobody doing anything upon that so Perhaps the money reward is helpful. I haven't I don't know if that is answering that question But that was what was within the data basically Microphone number one, please Thank you for your talk In one of your first slides you contrasted the term constructive not with destructive, but with deconstructive Was that intentional and is the distinction? I Haven't thought of that I just felt like deconstruct so the constructive is also a term like in in social sciences used to basically talk about socially constructive aspect but I Didn't do it on purpose. I just meant like basically to build a breaker distinction that is often used and Perhaps it's a better way to phrase it, but I think I will think about that if I should have used a different term Next Number two, please in your talk you In your methodology, but also in the answers of of your participants You seem to convolute the political statements that are made by politicians and the views of individual government employees held internally and For someone who is not within government. I can imagine that's difficult to distinguish But my experience is that there's actually quite a lot of disparity between the two Is there any incentive that you detected or that you feel within yourself to search for such disparities? Well, the thing is like this is not a study on the political discourse All I reverse referring to is what my participants talked is happening I did see that like in a previous study on the political discourse and I acknowledge that you can work in an Organization because you just have to do a day daily work job where you get paid for but don't agree with the organization And the same thing is like happening and that was the aspect of security researcher People who perhaps think of themselves as hackers are belonging to that community can work on a day-to-day job in certain kind of industries They completely hate, you know, they can be in a company which uses cyber all the time but the the the important aspect is basically that they still you can still disagree with that but Make a criticism around the issue of like what goes on and that is what happened here But I didn't make a statement about the politicians or the political discourse or the people working in governments in itself It was more about the hacker hacktivist side and they can potentially work in governments But what seemed more to happen is that they would refuse to do that I don't know if that is answering the question. No, not exactly because what I'm I'm I'm Dutch and from in the Netherlands my experience is that there's actually a lot of interfacing with the government from the Hacker community not so much having them work inside the government And that's an entirely different interface to the government than via the political discourse. Oh, yeah No, you're absolutely right. That takes place. I mean the CCC is the best example You can you know be consulted for certain kind of policies if you want to have like the electoral computer in your in your constituency or not Definitely, you know that that takes place and the people said that that was the issue around the third actor being missing and they do Try to engage with that and that was the slight of politicization that they are involved in activism and advocacy But there's still a suspicion and that is completely legitimate. I hope that is not answering that. Yeah Number one, please Hi, thank you for your talk. I was wondering if you could contrast or compare the Hacktivism with other kinds of activism that we've been seeing because in a sense of course hacktivists are some form of activists but you also mentioned for instance the LGBT community and In a sense, I feel like okay hackers seem like experts on this technical field and see themselves like And that's something similar like LGBT people Know a lot about their experiences with discrimination on that field Black Lives Matter activists actually know about racism compared to some I don't know Republican politicians So in a sense this Yeah, I was just wondering if you've also maybe done previous research on other kinds of activism Or if you know of that research and could compare it a bit What is the same what are the differences So the thing is the problem that the tricky part about the term and the concept of hacktivism is where do you differentiate between normal? Activism what we consider and hacktivism now my answer to that is hacktivism You know you need to do something with technology which has a form of hack So you can't just tweet that or you can't just use a blog or it needs to be a bit more like technically Involvement there and now we can talk about DDS action being that or not But it has been termed as such and it is some form of like Using technology like out of a place and context It was not meant to be and the difference I see with hacking a normal activism is simply the tools you use It's still achieving the same kind of sending a political message and some people use like direct action in an offline Way and other people use perhaps hack hacktivism So the LGBT community could use hacktivism as a technique to do something so that is my difference here You don't need to be a hacker to be a hacktivist and that is also the last slide about like this new kind of form of Activism coming into play So perhaps we will see more of that in the future. I have no clue and perhaps the term will become more Concrete because at this moment of time it's just like a word you throw around just like I did in this sense because it is obviously that some people use that term for themselves and who might be in this room at this moment of time or wherever But they still perhaps either associated you can associate yourself with the hacker community as a hacktivist But you can be an LGBT or a feminist using that tool as well So that's kind of a funny way of considering that. It's just a technique in that regard for me. Hope that answers that. Thank you Yeah, and now for cyberspace. Do you have a question? Yes, cyberspace has a question You're at a hacker conference and you're trying to hack public perception. Would you self-identify as a hacker now? I Got that question at one stage that like perhaps you I'm you can hack like I personally think you can Hack gender you can hack like Social class you can do that Probably in the course of my research people would call me then like being biased if I would run around calling myself a hacker And as I said the whole meritocracy aspect you can be quite like an asshole if you say oh, I'm a hacker so I'm I would rather abstain I would call myself rather a social scientist having observed that then using that term to step on someone's toe and say running around with that term Any more questions? This is your last chance The internet again Yeah, the internet is full of questions in your research whether any Thanks In your research whether any participants that sought out support or help because of issues of depression or lack of identity So I'm a bit reluctant I don't know if I should answer that or not because you know Like then I could get more questions around who are they what are they doing and I Rather abstain giving that information More internet. Yes, I'm not coming up with these. I'm just forwarding them Did you see a cultural origin of the hacker? Not I could come back and ask what is cultural origin and but that would be a very social science way of like debating I Don't know like so the question I get a lot So what is the stereotypical hacker? But then I would end up doing the same thing like the whole research does like I don't know I think the community is very diverse It would be far too easy to just think you all sit down at home in front of a computer with the terminal opal in a Bali clava. I don't know if you do have no proof of that but I Don't know cultural origin so what I think is really interesting what I saw in the interviews was that aspect that Mindsets that attitude that seems to be something which develops you you you know, that is what I mean You can't find a computer scientist, you know having studied programming doing his or her day-to-day job You know, but then there's a different kind of attitude and where this comes from I have no clue That would be interesting, but I'm sure like there would be no openness to your statistical analysis on the community here So it will remain open and I couldn't answer that question sufficiently. I Just say no to everything I'm very sorry More internet you have just a quick follow-up to the depression issue The the question wasn't who had the issue, but just if it happened and how it was dealt with So if my participants had it no, oh, yeah, I That was not a question. I would ask so I wouldn't know and I wouldn't like to imply it out microphone number one, please Thanks for your talk. So you mentioned the Sociology community that was I mean doing research on hacking Perhaps. Yeah. Yeah, and you refer to them as kind of the others also in a way So just questions of how big is that research community? How many people are you talking about and? What kind of? publications And do they do these other sociologists so what could be possible titles of their publications? What do they learn? There you go. There was the stepping stone not the stepping stone the one where a stumble across and so when I said sociology So I said I'm in a field called critical security studies sociology anthropology does a really good perhaps I did them injustice by saying Sociology, I meant social sciences in general So there's a lot of people who do incredibly good work like and try to be and try to talk to people and represent them But I'm more referring to that aspect the field I'm currently in is that security research in IR International relations political science who more tend to talk about cyber security and then using hackers as like an example of why we should Invest more money get more funding into the universities blah blah blah and that that is the field and How many there are I mean like I can only talk about like the the literature review I done for my PhD thesis on the field of Insecretization and there are a few people who? Who are critical like there's a new publication in 2005 on anonymous and the in-secretization of anonymous in International relations that's quite good But what happened again is like it was researchers sitting down having a thought and writing up a paper But I was more interested in basically stepping back and giving the floor to people saying their own things and that I think is not happening I don't know of that many like Gabriella Coleman does that. I mean she has like in her book Given a lot of quotes of like people in IRC etc So it happens and I think sociology anthropology is a field where it goes on quite well But I think like for instance this old cool old school IR scholars who perhaps sitting like Prestigious universities in the US and think of like more of cyber security are more using hackers as a way of like justifying new You know more funding or intrusion and security So how much publications we're talking about I would not know I have no list of that But we can I can show you my my my list of Papers I admire and list of papers which is far higher where I feel like they're going in the wrong direction Thank you, and we out of time. Please once again. Thank you, honey