Interview uncut: Adrian Lamo

Here is the email interview with Adrian Lamo for the "Cypherpunks Rising" article, published by The Verge last Thursday.

RU Sirius: Were you ever interested in or attracted to the cypherpunks? If so, can you say something about your impressions of them…(or any thoughts about the ‘90s cyberculture from your youthful perspective)?

Adrian Lamo: My earliest impressions of radical crypto usage (for lack of a better term for non-corporate crypto aficionados, or corporate ones with a personal/social agenda) stem from being a young teen recently arrived back in the United States at around the time of Phil Zimmerman's PGP imbroglio. At the time, I felt — as did many people, I think — that the concept of encryption being regulated like munitions was a farcically absurd one.

As it turns out, with the increasing advent of cyberweapons (not my term — I kind of hate it — but one that most people will get) it seems we may get there by another route, if not for encryption specifically than in terms of calls for regulation of the exploit market, and the role that cryptography plays in obfuscating the payloads of such exploits once they're incorporated into a delivery platform.

Fast forwarding a little, Jim Bell's not-so-modest proposal for cryptography-involved assassination politics kind of colors some aspects of my perception of self-identified cypherpunks, especially given that I've dealt with an AP'er or two myself who are largely limited from putting the concept in motion by virtue of being broke as heck.

While Bell was obviously dumb as a bag of hammers in terms of how he went about evangelizing his social agenda — or more to the point, his agenda for the lives of specific USG officials — it's pretty clear that he was prosecuted at least in part for his speech, although clearly not entirely. It's a shame that I have no better particular example in mind just now, but his prosecution was at least as emblematic of the concern with which tech-savvy cypheherpunk-influenced asymmetric (perceived hostile) social and political movements are viewed by the powers on the Goliath side of the asymmetric scale.

RU: Can data encryption be a powerful force in the world?

AL: Not by itself. Encryption is only as useful as the personal and operational security habits of its user. If someone practices poor PERSEC, then strong encryption is not a panacea. You can't just toss on encrypted anonymity software, encrypt your hard disk, and PGP your e-mail without a commitment to personal security and a willingness to not compromise for the sake of convenience. A lot of people aren't willing to do that — even the ones who should know better — and in that context, the false sense of security which encryption can provide if not properly balanced by PERSEC/OPSEC measures can sometimes do more harm than good by way of creating an irrationally optimistic threat model in the mind of the user.

As encryption becomes easier to implement and more transparent for the end user, absolutely. But that only goes so far — there's no substitute for the discipline of good PERSEC habits, and individuals who aren't sufficiently highly motivated tend to slack in that department. Which isn't always a bad thing - some of the horror stories about use of crypto by bad actors do come true, and they're typically undone less by cryptographic faults than by having chosen to hang their hat on crypto while using the same passphrase for their GMail (or similar).

Short answer… yes it can, but as with any force, only with the degree of wisdom with which a user applies it.

RU: The cypherpunk ethic is stated by Julian Assange as “secrecy for the weak. Transparency for the powerful.” What do you think of it? And given that Julian Assange and WikiLeaks embraces cypherpunk, where did they go wrong, if they did… in your opinion?

AL: Julian Assange subscribes to a rather self-serving model of secrecy, transparency, and power. He has sought to leverage the risks taken by others to provide him with information in a way that lets him lean on governments while at the same time billing himself as the party needing no transparency because ... well, pretty much because he says so. In wanting Wikileaks to become part of the status quo (in the sense that it forces transparency on others), he's demonstrated the inherent failure to which most forms of power subscribe — the belief that rules are for other people, because we’re the good guys.

You can't predicate a platform of social change on unequal responsibilities of power. We've tried that, with monarchies, with dictatorships, with all sorts of systems of governance and accountability. When governments do it, we tend to call it by names such as impunity and secrecy, and when these things go unchecked they lead to the very abuses that Wikileaks once stood against. The problem is the belief that because he's ostensibly trying to check them, that all methods should be available and all consequences apply only to the other guy. If this effort had been set up in an egalitarian and responsible way, we likely would be having a very different type of conversation about Wikileaks just now.

RU: Is there a hacker ethic that you subscribe to?

AL: I've never actually claimed that I consider myself a hacker. It's a loaded term that starts arguments, and I really don't care how people choose to label me. My ethos evolves as I do. When I was younger, I was a real dick to a lot of people, and personal progress for me is often defined as being able to look back at the recent past and say "Wow, I'm glad the person I am today wouldn't do that" while simultaneously realizing that there are things about the most current instance of me that I'll feel similarly about in the future.

There are things I do and don't do. I've never illegally hacked a system for any sort of personal profit — I go out of my way to avoid making money in any way that I feel would be wrongly exploitative of others or of my own skills. I don't target individuals except in their capacities as attached to a larger objective. I try to consider the good of the many ahead of the good of any one person including my own. I go out of my way to be accessible and to share knowledge (while at the same time trying to illustrate to others how to think of answers rather than merely answering their questions) on account of strong memories of name-level hax0r types being utter jerks to the less informed when I was a kid.

When I broke into systems illegally, I never claimed it was right just because I was helping for free — I always acknowledged that it was illegal, and that as Bob Dylan observed, “to live outside the law you must be honest.” When the time came, I took responsibility for that reason.

I think first and foremost, I try to seek out unique experiences — things that make me say "What are the odds?" — things that I can be reasonably sure are novel to the human experience, so that when I'm done with my life I can honestly feel I left the sum of human experiences more enriched than I found it. I try to bring a sense of sardonicism and irony to what I do in that respect — in the words of Spider Robinson, “if a person who commits a felony is a felon, and one who engages in gluttony is a glutton, then God is an iron.”

I don't see what I do as inherently better than how anyone else goes about their life — the thing about adding to the diversity of the human experience is that we do it whether we know it or not. I just happen to have a way of going about it that I try to be true to, regardless of any outside influence or act, and beyond the reach of my personal passion and prejudice. I don't always succeed, but I do constantly try. I've said elsewhere that it's less about technology to me, and more about religion. In that respect, exploring new experiences and events, and doing so in a way detached from the utterly impeachable motives of ego, is the path that I try to walk. At the same time I also try to play my role in human events as truly to my defined persona as possible; but the persona I play isn't inherently me — it's a construct that I use as a means to some of the ends outlined above. I don't take it very seriously at all, and in fact try to ham it up whenever possible.

RU: Julian speaks eloquently about a total surveillance dystopia. What is your opinion about the state of surveillance and privacy in the US and the world today? Does it matter?

AL: Privacy is quite dead. That people still worship at its corpse doesn't change that. In "Hackers Wanted" I gave out my SSN, and I've never had cause to regret that. Anyone could get it trivially. The biggest threat to our privacy is our own limited understanding of how little privacy we truly have. It's necessary to drop the blinders of believing rights are in any way enforceable beyond our own ability to make them enforceable before we can begin to see where reality begins and ends.

I think that as this process goes forward, it will tend to further polarize people. So when I say that privacy rights are often illusory it's not that I don't value them. Quite the opposite — but the sooner the illusions that make them up are understood by people, the sooner the issue will be brought to a head, and then we may have some opportunity for actual change.