Recently a high school in Pennsylvania shocked the nation when it became the subject of a lawsuit alleging that webcams in school-issued laptop computers were being remotely activated by school staff, used to snap photos of students in their homes. As a computer security professional I dug into the story with the help of my colleagues, and together we found that the networked webcam capability built into these computers by the school district was absolutely real. Our findings were greeted with surprise and dismay; they have caused a nationwide outcry. The truth is, this shouldn't have been a surprise. America has been on this road for years.
Nearly every wired school district in America uses some form of remote administration software. This software varies in the degree of control that it exerts over student computers. The trend started with web filtering and progressed to allow remote use of student's desktops by teachers. Some advanced schools now allow surreptitious eavesdropping of student's desktops while they are working. Today on the cutting edge of this trend is Harriton High, with thousands of taxpayer purchased laptops issued to children, and school staff armed with the ability to take remote webcam pictures of the students at will. This isn't a revolution, it's just a bump on the ride.
Historian James Bradley writes in FlyBoys about a nation of young men growing up in pre-WWII America tinkering, modifying, and optimizing a new wave of internal combustion powered machines. Bradley talks about the inherent advantage that this generation of tinkers gave America in the coming aerial conflict, where pushing new technology to its limits was the key to a new form of warfare: aerial combat. When it comes to information technology, it's time we ask ourselves: where will we find our next generation of computing tinkers? This problem is only now becoming apparent at a national level. The US Air Force is currently holding Cyber Defense competitions at the high school level, nationwide. The Defense Advanced Research Projects Agency (DARPA) recently released a paper stating that the United States will be “hampered” by its projected dearth of expertise in Internet technologies and information security: “we are steadily losing the engineering talent to project these systems .” As our government begins to identify a critical shortage that has been evident in my industry for years as a national security threat, I believe it is time we asked ourselves: “Where have all the hackers gone?”
The answer is that we've stopped making them. Before building Apple Computer, Jobs & Wozniak hacked the phone system. I grew up hacking the computer they built, the Apple ][. Critical events in my personal and professional development were dependent on my ability to access the core of how computers worked in order to understand them, re-purpose them, and harness them to my will. The Greatest Generation supercharged their Chevys; my generation peeked and poked at the internal memory of our Apple computers. Today's generation is growing up in a new era of “jailed” devices, devices like the laptops at Harriton, which were jailed against any student use except approved applications. To tinker with these computers, students were first required to “jailbreak”, a technical feat which would have given students the freedom to understand their computers and to determine who was remotely activating their webcams. Not surprisingly, jailbreaking carried the threat of stringent penalties from the school. A student locked inside a digital jail of this type could never start down the road of digital proficiency necessary to reach the finish line DARPA is asking for.
Digital jails are not solely the realm of education. Devices like the Amazon Kindle and Apple iPhone are jailed against any unauthorized consumer use, guarded by strict but unproven new federal laws against jailbreaking them. Jailed devices are controlled by a networked authority, be it a company like Apple, a school district, an employer, or a government. Jailed devices teach a different kind of lesson to the people who use them: your camera may be monitored, your books may be deleted, your work process may be watched. And most importantly, your attempts to delve into the mysteries of how the device functions will be punished.
We've reached a fork in the road at Harriton High. As the nation watches, we're pondering the consequences of transforming computing devices from machines that we control into machines which exert control over us. As we give away our freedom to tinker, we give away the chance to raise a generation which will lead the information age. It is now time to decide as consumers, as parents, and as a nation which road we will take into the future. I believe that students cannot learn to protect themselves against Internet threats unless they are taught that the power of the Internet comes with a price tag to be paid in responsibility. The responsibility to learn, understand, and master digital self defense. The responsibility to peer inside the machine in order to master it. In order to take on this responsibility, we need to loosen our grip on the reigns and let our children show us the way.
-stryde.hax
12 comments:
Hi, Stryde!
Excellent points!
Would you be interested in writing a few thousand words on this topic for IEEE Security and Privacy? Let me know.
--Sean
www.cs.dartmouth.edu/~sws/
Greetings,
You have made excellent points, Sir. Thank you for writing them!
When I was about seven years old in the mid 1950's, my Dad gave me a windup alarm clock to take apart and attempt to reassemble. The pieces went into the trash a few weeks later but I was fascinated by the gears and springs. An old typewriter he gave me a few years later that met the same fate.
My first car was a '47 Ford with a flathead V-8. To change the ignition points one summer afternoon I figured I had to first remove the radiator, and I later learned easier methods to accomplish similarly simple tasks. Today, I open the hood of my '09 Toyota and I can recognize the oil dipstick only because it is bright yellow.
My first computer was a '79 "Black" Apple II+ that I smugly and thoroughly enjoyed "souping up" with a 5mB Corvus hard drive the the size of an attache case. The occasional hums, whirrs and warm exhalations of the laptop on which I compose this message confirm that it is working, but the internal and very tiny machinations are completely lost on my comprehension and clumsy fingers.
Many of my friends tell of their teenage tinkering. Others say that their tinkering was limited to holding the flashlight while their Dad scolded them for not holding it steady.
We are indeed the product of our upbringing. As we enter the garage sale season this year, I think I'll buy some junk alarm clocks and typewriters to give to my grandsons.
Frank E. Merrill
Indianapolis
Stryde - love this post.
I grew up hacking Pentium 2 Gateway that my parents bought me in 5th grade (RIP mr. gateway). I learned about the internet by digging around fixing, breaking, and improving.. This lead me to my studies at RIT.
Even though I am 23 - my generation and the people shortly behind me will do a number to shape the information age.
What is hard for my generation though is the stigma - hacker - carries. This comes from certain individuals that find it necessary to live above already establish laws. If you are good with technology and especially bending it to your will – you get the stigma hacker – which is misunderstood because of all the rotten eggs in the industry.
We are a generation in which some of the smartest people in the field (not the people that apply as they are told in their studies and cert tracks) - but that can actually harness a technology and use it as they need to – don’t really exist. They dont exist because they are afraid to blur the lines and find out what is legal and illegal. To be termed a hacker would “ruin” them. If they are brave enough – they usually do it for the wrong reasons. Its truly sad.
What could Maksym Yastremskiy done if he was to use that power for good instead of personal gain?
Don't forget about the collegiate level cyber defense competitions being held across the national. You can check out http://www.nationalccdc.org for more info on the upcoming nationals. I work for a university that held the southwest regionals for this year's CCDC this past weekend.
I did not finish reading this article before my posting on the NCCDC. I grew up with a gateway as well learning things by tinkering and reading, not by training.
However, the tools I had at my disposal were for the most part free, or written by me because at that time the technology could be reduced to an understandable point where I could write my own tools.
Today's tools are far more advanced and do require significant investments of time and money. Reverse engineering tools in particular come to mind. I couldn't imagine a high school kid getting his hands on a disassembler powerful enough to really learn with these days on a high school budget.
The industry has become just that - an industry (read: money). It is no longer an emerging underground as it was when we were tinkering for the first time. And those still in that underground take many precautions to stay there, and do not take kindly to new people trying to push in.
Hi Stryde
Agreed. My early/formative hacking was on the HP41 series calculators - you could do a lot on those things out of the box, and if you knew what you were doing you could alter firmware, over-clock them, and combine extension modules to pack more of them into the slots at the top of the machine. It's all been downhill from there, at least in my experience.
Your article is a little inconsistent. You first say Harriton High is a bump in the road, and later that it is a fork in the road. What do you actually think? :-)
Terry
Awesome points Stryde. I feel very sad coming to know about this incident... slowly and slowly the enthusiasm for tinkering is dying from the coming generations, more over it is deliberately being curbed in some cases too.
I grew up getting inspired from seniors at school who used to do great things in BASIC and even in assembly. Well that was when I was in a not much developed/progressive city in India. As I moved to the capital, New Delhi, I noticed none of them are bothered about doing anything creative.
As I moved to college, again the same trend, at least my batch of students were not okay with what limited access we had in labs, so we found our ways.
But the newer younger batches are okay with everything around. As if they are following a pre-programmed track of life. Much of this effect also comes from the educational institutions that are overburdening students here, leaving no time for us to feed to our curiosities.
The rebel inside the students, the hackers inside them are fading away indeed.
That's a load of crap. It's just another case of our generation was better than your generation. It was always only a small subset doing the hacking and that subset is happily jailbreaking iphones today. Of course we should encourage this behavior and try to increase the size of the subset, but I don't believe for an instant that so-called closed systems are the root of the problem.
ben those are ridiculous assumptions
reverse-engineering tools are not required as a barrier of entry. nor are they ever needed. you can simply clone some source off github to get started
and the 'do not take kindly' to newcomers is frankly insulting. every project maintainer is happy to accept patches. if they are unacceptable theyll offer constructive advice to changes and learning will result
this applies not just to apps, but to all the underlying libraries down to the metal & silicon on platforms like Android, ChromeOS, Ubuntu/Linux, ie anything besides iPhoneOS
@Ken, your disagreement is noted. I make no claim that my generation is superior. I do claim, however, that today's generation faces new challenges - like federal prison.
http://www.wired.com/threatlevel/2009/08/game-console-jailbreaking-arrest/
It depends on what you mean by "hacking". My 14-year-old experiments with video editing software, all legally acquired, and 3D graphics and animation. My younger kids work with pixel art and animation tools. All my kids enjoy games with level-editors and other ways to mod them. I consider them hackers. My oldest son built his own computer with very little help from me.
Sure, in some senses, hacking is diminished from what it used to be, but in others it's better than ever. I bought my oldest son a surplus Pentium 4 machine for $25. We were ultimately unable to get it to work, but I know he learned a lot from the experience, and there wasn't much money lost. He bought another later and it's now the gaming rig that all the kids use.
So while you have many good points, it's not as bleak as you are making it out to be.
Nice piece.
Expect the slashdotting within the week. :-)
For what it's worth, I've been inside -- fairly extensively -- every laptop I've ever owned; generally because I had to.
"No User Serviceable Parts Inside", eh?
Well, *I* am *not* a user...
I know, I know; that's exactly the attitude you're mourning.
I think it started dying when they took "blowing shit up" out of the high school chem curriculum.
Thank ghod for Spike TV and Mythbusters. I wonder if they realize the weight they carry.
Post a Comment