What HOPE can do better

This year at HOPE, the biennial hacker conference in NYC, several incidents led to a statement of no-confidence in HOPE's code of conduct. You can read more in the statement itself, but the gist is that there were a small number of far-right attendees, including a self-described "nationalist", who were disrupting and intimidating both talks and attendees. The staff didn't handle it well. This is unfortunately consistent with my own experience. I know that the top-level organizers of HOPE genuinely care about creating an inclusive environment, but the current staff and procedures aren't working. Based on both my past experiences at HOPE and on my experiences creating inclusive spaces, here are some observations about where the process is failing and what can be done.

Trained Staff. CoCs need to be applied consistently to create an environment of trust and safety. Enforcement of the CoC at HOPE has been highly variable between staff members, with some seeming to think that it's optional. HOPE requires volunteer work from hundreds of people, but not all of them need to be trained to handle CoC complaints, only the points of contact, which leads to the next point...

Points of Contact. The CoC listed a phone number and an email address for making CoC complaints. If you are being physically threatened, the need is immediate and a phone call or email is not sufficient. Having a single person on call isn't sufficient either. The venue spans 18 floors of the Hotel Pennsylvania, where the line for the elevators takes about the same time as your flight to NYC. Anywhere there are attendees, there need to be identifiable, well-trained points of contact for immediate response to CoC complaints.

Intimidation. Over the past several events, the staff has shown a pattern of refusing to enforce the CoC until a physical assault has occurred, meaning that threats and intimidation have been treated as totally allowable. People who have been going to HOPE for a long time often describe it as feeling like "home." There's no way to have that feeling if you're being threatened or harassed. I understand the importance of free speech in the hacker ethos, but speech can be separated from intimidation. In the recent incident, one attendee bragged (on mic to an entire room) about attending an alt-right rally. That was intimidation, and should have been a sufficient CoC violation to get him removed from the event.

Validation. There has been much less attention to this point, but it's an important one: the effectiveness of a response to a complaint depends just as much on emotional connection as it does on the concrete outcome. Typically, when HOPE staff aren't able to act, they have minimized and invalidated the experience of complaining attendees. Unicorn Riot reported one staffer responding to a complaint by saying he wouldn't care even if an attendee came in with a swastika flag. Instead, just taking the time to understand and discuss a complaint can go a long way towards creating an environment of trust, even if no concrete action is possible.

I'm already looking forward to the next HOPE. A lot of attendees are questioning whether they want to attend again, but I believe in the organizers and in the majority of the community. There's a lot of work to do, but HOPE can and will fix this.

Social Capitalism

CW: refers to sexual assault

When high-profile individuals are outed for patterns of sexual assault, their friends and collaborators always seem to be completely surprised, unlike the other people who inevitably come forward as having been assaulted. Right now, the national dialogue is about Harvey Weinstein, but the same story seems to be repeating itself every few months. Closer to home, several high profile information security activists and researchers have recently been called out for sexual assault. Activists? Committing sexual assault?! The people who are supposed to spend their time and energy making the world better?!?! Yes, them. In fact, it happens so often, there's a book about it. So how is it that high-profile profile people can hide their abusive behavior from their friends, and convince the wider world that they're virtuous moral authorities? And how can it happen so very often? What if it’s not a coincidence? What if people make it to positions of power and visibility specifically because they are willing to take advantage of others? A certain type of high-visibility success is built on social capital, and the perverse incentives of financial capitalism apply just as well to social capitalism.

First, let me be clear about what I mean by “capitalism.” Capitalism is many things, but at its core, it’s a system where people who have resources (land, equipment, money) lend it to those who need it, and then take a cut of what they make. Capitalism is arranged so that the only way to be successful is make someone wealthy even wealthier. The same is true for social capital. Social capital is, as the saying goes, “who you know.” Social capital is introductions to influential people. It’s access to insider information. It’s going out for drinks with the people who make decisions. And just like in financial capitalism, the way to be successful is to help those who are already are, even if it’s at the expense of those who aren’t. This capitalist social dynamic holds even in the most progressive or anti-capitalist communities.

If you look at an industry like entertainment, you have powerful and influential people like Harvey Weinstein at the top, and a lot of folks competing for their favor. Let’s say you’re one of the folks in the middle, and you see someone powerful abusing that power. What do you do? Well, you could take a stand and call them out. In the best case scenario, they’re held accountable, but then you’ve lost any social capital you’ve built up with them. But even worse, so have your peers who were banking on that social capital, and a lot of them will blame you. And other powerful people are more likely to see you as a liability. Of course the powerless folks who were being taken advantage of will be appreciative, but they have nothing to offer you. Under social capitalism, those who speak up for the powerless fade into irrelevance, while those who turn a blind eye climb to the top. So is it really that surprising that the top is rotten with selfish amorality?

So what's to be done? It's tempting to "play the game" to try to change things once you're on top. Maybe it’s possible, but from where I stand, it looks like a long, hard journey that changes most people, and not for the better. So there's the catch 22. You can't change anything without power, and you can't get power without enabling the very behavior you're trying to change. As a sentient AI in a 80s hacker movie once said, "the only winning move is not to play." In my experience, there are people out there making a big difference by building alternative social systems rather than supporting corrupt ones, they just don't get a lot of press. It can be hard to tell the difference between someone who genuinely wants to do good, and someone who wants to be known as a person who does good. But if you want to spot a social capitalist, just look at how they treat people who don't have anything they want.

Re-Decentralizing the Web (Penguicon 2017)

"The internet has become increasingly centralized, with large corporations like Facebook, Google, Apple, and Amazon controlling the most-used services and placing all of us under surveillance. We’ll discuss FOSS tools that can help replace centralized corporate services with community-based alternatives." (slides)

Decentralized Organizing (Penguicon 2017)

"Groups like Occupy in the US and Podemos in Spain have created large-scale movements without a traditional, top-down leadership structure. But are they successful? (Spoiler: yes, just in different ways.) These “leaderless” -- or more accurately “leaderful” -- movements have been able to grow quickly and create large-scale demonstrations without needing grants or full time staff. How’d they do that? Come learn techniques you can use, and how they can be applied within the free/open software community." (slides, sticky notes)

How to start a fire

Somehow, you've found yourself deep in the woods, and a storm is coming. It's dusk, the rain has started, and you know it's going to get a lot darker and a lot colder. So you and your companions decide to make a fire. You've seen other people do it. How hard could it be? You pile some sticks and logs together, throw a match on them, and watch a tiny flame catch, smolder, and disappear. Watching the tiny wisps of smoke fade away after a few more false starts, you come to understand the popularity of lighter fluid. But you don't have any, and you're out in the cold, so you resolve to figure it out with what you have.

You're surrounded by trees, but you realize not just any wood will work. The sap-filled green branches all around you thrive on the rain. They will not burn, they have no reason to. But the soggy, trampled deadfall at your feet won't do either. It has no fire left to give. So you seek out standing dead trees and begin snapping off the dry twigs and bark. For the most part, you collect the smallest you can find, although you don't shy away from larger branches if they look well-seasoned and ready to burn. You collect as much as you think you need, and then a few times more than that. And then you collect more still. Your friends look on skeptically. How will such small twigs be of any use? How much time are you wasting when it will take large logs to keep you warm?

You place a patch of bark on the wet ground, and begin arranging your fuel. First the smallest twigs and scraps of bark. You even take your pocket knife to a twig and meticulously shave paper-thin strips into a curly mass and place it in the pile. Then, a few bigger pieces. Still twigs, but bigger. The twigs are woven together closely, with just enough space to breathe comfortably. You add some bark and larger twigs around the outside to keep the wind out and to keep the heat in. By this time, your friends are upset that you've left them standing in the rain while you play with twigs.

Finally, you ask for a match and slide it under one side of the pile. Then a few more on different sides. Some small shavings catch, burn away, and smolder while the flames move along the matches towards the center. For a minute, it looks as if nothing is happening... then wisps of smoke start to rise. A tiny flame appears on one small twig shaving. It spreads, flickers, then dies, leaving a thin stream of smoke. Part of you wants to start over. Part of you wants to pile more fuel on. But instead, you continue methodically, shielding the small pile from the wind, blowing gently. A few tiny embers glow with each breath. And then, after a few long minutes, a flame erupts in the middle of the twigs, quickly consuming all those small pieces you took so long to collect. But in the process, a couple larger twigs catch solidly on fire. You add more shavings and a few larger sticks. In a moment, flames surround the whole pile and you continue adding larger sticks and logs. Soon, you have a roaring fire, unfazed by the thickening rain.

The fire keeps you and your friends warm while you wait for the storm to pass. You keep feeding it sticks and logs. You place some damp deadfall around the outside and watch the water sizzle and boil out of it, before it too begins to burn. You place a ring of stones around the fire to keep it from spreading too far, because you realize that as bad as the storm is, the fire could be even worse without the proper care. Your friends' doubts have faded, and you are grateful to be with them, warm and dry.

What can I do now?

Donald Trump won the 2016 US Presidential election a few hours ago. Since then, the most common thing I've heard from my friends is: "Now what? What can I do now?" They are, like me, disgusted by the bigotry, misogyny, and xenophobia that Trump represents. My answer: organize. And I don't necessarily mean start a new nonprofit. There are plenty of those doing great work already, which is good, because that means you don't have to start from scratch. I'm talking about something bigger. There are millions of people in this country who want it to be safe for women, safe for queer folks, and safe for people with darker skin. There is more love than hate. The hard part has always been channeling it to create change. And we have a new pattern for that, modeled after groups like Occupy and BlackLivesMatter.

Let's say you're organizing a demonstration, or trying to get some legislation passed. Traditionally, you'd notify your mailing list, talk to strangers on the street, and maybe even make cold calls. But these methods are incredibly wasteful. First, they waste time and resources, because most of the people you talk to won't be able/willing to help with your particular issue, and the ones who are willing to help will be lucky to recognize the issue as one they care about while they're wading through all the other emails, petitions, and calls they get. More importantly, these one-time impersonal interactions don't build relationships. Much of the success of Occupy and BlackLivesMatter has been due to their focus on building relationships, both between people and between organizations.

So what's the big deal about relationships? If you think about your friends, you know who might be interested in helping with a particular issue. And if you want to work on an issue, it's a lot easier to get involved if one of your friends already is. You can spend less time dealing with spam email blasts and more time making change. And more generally, our personal relationships have a huge influence on our world-view and our culture. By engaging in activism through meaningful personal connections, we learn to understand different perspectives and bake our principles into our daily lives and habits. And as people participate in different groups, those values and skills become part of a larger activist culture. And that kind of culture-building can be a powerful force to counteract the dangerous political polarization facing the US. And of course, working on things you care about with friends is fun, and fun is an excellent motivator.

So what does it look like in practice? On top of traditional activism, it looks like meeting regularly with small groups of people who have some common ground (i.e., affinity groups). It's even better if the groups are also diverse in some ways. So for example: people who all live in the same city but work on different issues, or people who work on the same issue but in different formal organizations. On top of the meetings, you can add a mailing list, or an ongoing Google Hangout, or a group message in Signal. When each person is part of multiple groups, skills and ideas quickly spread across the entire activist ecosystem, and it's easy to signal boost a call (or offer) for help to a very large group of people who will actually act on it. If you contact a couple people, and each of them contacts a couple more, and so on, the number of people you reach grows (literally) exponentially. So activism doesn't always have to be about taking steps towards a specific plan, it's sometimes more useful to build a network that allows you to mobilize resources when and where they're needed.

Once more time, with feeling! Toward reproducible computational science

My scientific education was committed at the hands of physicists. And though I've moved on from academic physics, I've taken bits of it with me. In MIT's infamous Junior Lab, all students were assigned lab notebooks, which we used to document our progress reproducing significant experiments in modern physics. It was hard. I made a lot of mistakes. But my professors told me that instead of erasing the mistakes, I should strike them out with a single line, leaving them forever legible. Because mistakes are part of science (or any other human endeavor). So when mistakes happen, the important thing is to understand and document them. I still have my notebooks, and I can look back and see exactly what I did in those experiments, mistakes and all. And that's the point. You can go back and recreate exactly what I did, avoid the mistakes I caught, and identify any I might have missed. Ideally, science is supposed to be reproducible. In current practice though, most research is never replicated, and when it is, the results are very often not reproducible. I'm particularly concerned with reproducibility in the emerging field of computational social science, which relies so heavily on software. Because as everyone knows, software kind of sucks. So here are a few of the tricks I've been using as a researcher to try to make my work a little more reproducible.


When I'm doing anything complicated with large amounts of data, I often like to use a database. Databases are great at searching and sorting through large amounts of data quickly and making the best use of the available hardware, far better than anything I could write myself in most cases. They've also been thoroughly tested. It used to be that relational databases were the only option. Relational databases allow you to link different types of data using a query language (usually SQL) to create complicated queries. A query might translate to something like "show me every movie in which Kevin Bacon does not appear, but an actor who has appeared in another movie with Kevin Bacon does." A lot of the work is done by the database. What's more, most relational databases guarantee a set of properties called ACID. Generally speaking, ACID means that even if you're accessing a database from several threads or processes, it won't (for example) change the data halfway through a query.

In recent years, NoSQL databases (key-value stores, document stores, etc.) have become a popular alternative to relational databases. They're simple and fast, so it's easy to see why they're popular. But their simplicity means your code needs to do more of the work, and that means you have more to test, debug, and document. And the performance is usually achieved by dropping some of the ACID requirements, meaning that in some cases data might change in the middle of a calculation or just plain disappear. That's fine if you're writing a search engine for cat gifs, but not if you're trying to do verifiably correct and reproducible calculations. And the more data you're working with, the more likely one of these problems is to pop up. So when I use a database for scientific work, I currently prefer to stick with relational databases.

Unit tests
Some bugs are harder to find than others. If you have a syntax error, your compiler or interpreter will tell you right away. But if you have a logic error, like a plus where you meant to put a minus, your program will run fine, it'll just give you the wrong output. This is particularly dangerous in research, where by definition you don't know what the output should be. So how do you check for these kinds of errors? One option is to look at the output and see if it makes sense. But this approach opens the door to confirmation bias. You'll only catch the bugs that make the output look less like what you expect. Any bugs that make the output look more like what you expect to see will go unnoticed.

So what's a researcher to do? This is where unit tests come in. Unit tests are common in the world of software engineering, but they haven't caught on in scientific computing yet. The idea is to divide your code into small chunks, and test each part individually. The tests are programs themselves, so they're easy to re-run if you change your code. To do this in a research context, I like to compare the output of each chunk to a hand calculation. I start by creating a data set small enough to analyze by hand, but large enough to capture important features, and writing it down in my lab notebook. Then for each stage of my processing pipeline, I calculate what the input and output will be for that data set by hand and write that down in my lab notebook. Then I write unit tests to verify that my code gives the right output for the test data. It almost always doesn't the first time I run it, but more often than not it's a problem with my hand calculation. You can check out an example here. A nice side effect of doing unit tests is that it gives you confidence in your code, which means you can devote all of your attention to interpreting results, rather than second guessing your code.

Version control

Version control tools like git are becoming more common in scientific computing. On top of making it easy to roll back changes that break your code, they also make it possible to keep track exactly what the code looked like when an analysis was run. That makes it possible to check out an old version of code and re-run an analysis exactly. Now that's how you reproducible! One caveat here: in order to keep an accurate record of the code that was run, you have to make sure all changes have been committed and that the revision id is recorded somewhere.


Finally, logging the process of analysis scripts makes it a lot easier to know exactly what your code did, especially years after the fact. In order to help match my results with the version of code that produced them, I wrote a small logging helper script that automatically opens a standard python log in a directory based on the experiment name, timestamp, and current git hash. It also makes it easy to create output files in that directory. Using a script like this makes it easy to know when a script was run, exactly what version of the code it used, and what happened during the script execution.

As for the specific logging messages, there are a few things I always try to include. First, I always have a message for when the script starts and completes successfully. I also wrap all of my scripts in a try/except block and log any unhandled exceptions. I also like to log progress, so that if the script crashes, I can know where to look for the error and where to restart it. Logging progress also makes it easier to estimate how long a script will take to finish.

Using all of these techniques has definitely made my code easier to follow and retrace, but there's still so much more that we can do to make research truly open and reproducible. Has anyone reading this tried anything similar? Or are there things I've left out? I'd love to hear what other people are up to along these lines.

Nonviolent Communication Is Not Emotionally Violent

A friend of mine and I have a running joke that everyone who starts a hackerspace should get a free copy of Marshall Rosenberg’s Nonviolent Communication: A Language of Life. Rosenberg was a psychologist who started his career as a mediator, for example, helping resolve conflicts in recently-integrated schools in the U.S. South after the end of racial segregation. Nonviolent Communication, or NVC, was his attempt to codify the strategies he found most successful during his years as a mediator. Since I came across NVC a few years ago, it’s been incredibly helpful in all aspects of my life, including running a hackerspace, which another friend of mine describes as “making sure 200 roommates all get along with each other.” If you look around online, you can read stories from many people who have been helped by NVC, but you can also find some very harsh criticism. Although NVC isn’t the perfect tool for every situation, most of the criticism I’ve seen stems from a misunderstanding of what NVC actually is. So I’d like to clear that up and respond to some common criticisms.

In short, NVC is a framework for identifying the things you need to know about yourself, and the things you need to know about the person you’re talking to, in order to make your conversation a collaboration rather than a competition. It’s often summarized with a four-part template: “(1.) When you [observation], (2.) I feel [emotion], because (3.) I need [need]. (4.) Would you [request]?” This script is a tool to learn which things are most helpful to communicate (observations, emotions, needs, and requests). In practice, NVC doesn’t take the form of reading from a rigid script, but it does communicate the same content. And this is where most criticism gets it wrong. Almost all criticism I’ve seen of NVC describes it as being about how you say something, when it’s really about what you say, and even more importantly, about the self-awareness and empathy you need to exercise in order to put those things into words. So with that out of the way, I’ll address some specific criticisms.

"You have to put the needs of others before your own."
It’s easy to see how someone might think this about NVC. Practicing NVC involves accepting the observations, emotions, and needs of others as valid. If you are thinking of a conversation as a competition, then obviously this means putting someone else ahead of yourself, but not so in NVC. Observations in NVC are meant to be free of judgement, meaning they are statements everyone can agree on. If there are disagreements, you focus on finding the things you do agree on first. There’s no win or lose, just a better mutual understanding of the situation. Next, you have to acknowledge the validity of emotions. But that doesn’t mean giving someone a free pass to act out on those emotions or agreeing with the thinking that led to the emotion. If someone is scared of kittens, I can acknowledge and validate their fear without agreeing that kittens are dangerous and need to be exterminated. Likewise, acknowledging someone’s needs does not mean you need to satisfy that need. And that’s why the last stage is “request” and not “demand.” It comes down to this: you don’t have to put someone else before yourself, but you can’t ask them to put you before themselves either.

But what if listening to someone’s emotions and needs is harmful? Should a victim of violence have to listen to the emotions and needs of the perpetrator? No, not at all. NVC is a tool for communicating, but only if you want to communicate! Also, NVC begins with self-awareness. If you need to avoid talking with a particular person or about a particular subject, NVC encourages you to realize that and act accordingly.

"NVC doesn’t allow you to identify abusive emotions."
This one is true, but it’s not a bug, it’s a feature. Emotions aren’t abusive, actions are. When someone makes this criticism, they’re failing to realize that there’s a difference between how you feel and how you act. Of course not all emotional responses are healthy, but it’s up to each individual to take responsibility for their emotional health. Trying to control someone else’s feelings is emotional violence, which is why it has no place in NVC. But NVC does allow you to respond to someone’s actions. Focusing on actions is beneficial because they’re what actually affect other people and they’re easier to change than emotional responses. Also, abusive behavior often happens because someone experiences a strong emotion, which they see as something that happens to them and therefore not their responsibility, and then believe they’re entitled to act instinctively on that emotion. NVC helps identify harmful behaviors, which can be changed, and helps disentangle them from the emotions that motivated them. For example, if someone cuts you off in traffic you’re likely to experience anger, and that’s a valid emotion, but it doesn’t justify chasing them down and beating them up, even if that’s what you want to do when you’re angry.

"Using NVC is engaging in non-consensual emotional intimacy."
NVC is based on empathy, and this criticism says that empathizing requires consent. The key here is that NVC is meant to be used when emotions are already on the table, meaning someone has already consented. If the clerk at the DMV asks for two pieces of ID, I’m not going to ask them about the deep emotional roots of that need. NVC is more useful when someone is using their emotions to justify a harmful action. But even then, it’s not necessary to discuss their emotions. Yes, part of NVC is identifying your own emotions, but you don’t always need to discuss them, the important part is being conscious of them. In NVC, any (or all) stages (observation, emotion, need, request) can be used internally rather than externally. In a less emotionally intimate context, it’s perfectly acceptable to just make observations and requests. What NVC does is help you remove judgement from observations and figure out what you actually want to ask for.

"NVC can be used to legitimize emotional violence."
The argument here is that harmful statements can be disguised to look like NVC. For example, “When you ruin everything, I feel like you’re an asshole because I need you to do everything I say. Would you stop being horrible?” To anyone familiar with NVC, this is very obviously not NVC. But it is true that people sometimes try to pass emotional violence off as NVC in this way. But the problem isn’t with NVC. Those people would still be committing emotional violence without NVC, they’d just phrase it differently. It is a problem if the victim of emotional violence is tricked into accepting it. And NVC provides precisely the tools necessary to identify emotional violence, even when it’s disguised as NVC or anything else. So yes, bad stuff can be called NVC, but the problem is entirely the bad stuff, not the NVC.

So those are my responses to the most common criticisms I’ve heard. There are some valid limitations of NVC, but the above are not them, and they’re much less severe. One of the main limitations I’ve come across is that, because it relies on cognitive empathy, it doesn’t work very well for anyone on the autistic spectrum or people with certain personality disorders. Another limitation is that when you’re on the receiving end of emotional violence, it can be incredibly tempting to try to teach NVC to whoever is inflicting it, because you can see that there’s a win-win outcome if they could only see it too. But trying to teach someone to dance is not going to make them stop punching you. So word to the wise: if you find yourself trying to teach someone NVC, cut your losses, tell them you need to be left alone and GTFO.

Learning NVC has helped me realize how poorly we understand our own emotions. How often do we say “you made me feel…”? But NVC teaches us that our feelings are the results of our needs and our beliefs, which coincidentally, is the basis of Cognitive Behavioral Therapy, one of the most successful evidence-based psychotherapy techniques. And how often do we describe our feelings as “disrespected” or “lied to” or “manipulated”? Which, of course, are not emotions at all, but interpretations of other people’s actions that (while possibly accurate) are only weakly correlated with our emotional responses to those actions. What leads to one person feeling angry, may lead to another feeling sad, or even happy (see, for example, compersion). So based on my experiences, NVC is not the problem. The problem is that we live in an emotionally illiterate and emotionally violent culture. If someone complains that NVC makes it difficult to fight fire with fire, they’re really missing the point.

How not to handle misconduct in an organization

A repeating pattern I've seen from multiple perspectives throughout my life:

1. One member of a community (Alice) repeatedly makes anonymous complains to an administrator (Carol) about another member of the community (Bob).

2. Carol takes action against Bob, giving only vague justification rather than addressing specific behaviors or events.

3. Bob asks for specifics about what the problem is.

4. Carol responds with a long list of vague statements, which at closer inspection contain no additional information.

5. Bob attempts to challenge Carol's action, but 1. the claims are too vague to be falsifiable and 2. any attempts at discussing specific claims are seen as nitpicking.

In practice, this usually occurs in the context of three scenarios, all of which look similar to outside observers:

Scenario A: Bob has done something wrong but has a skewed view of acceptable norms. The process does not clarify those norms and Bob leaves the community thinking "What I did was OK. Those people just don't like me. I'll go do it somewhere else." Observers get them message "What I do doesn't matter, just whether people like me."

Scenario B: Bob has not done anything wrong, but Alice has a skewed (possibly bigoted) view of acceptable norms (e.g., the way "wearing a hoodie" becomes "acting like a thug" for black men). Carol has unknowingly empowered Alice's bigotry.

Scenario C: Both Alice and Bob have a misunderstanding that could be resolved, but never is. An opportunity to strengthen the relationship between two members of the community and to clarify norms is lost.

None of these seem particularly desirable from a social justice or community standpoint. It's pretty easy to get a different outcome though, by 1. having a clear code of conduct for communities, and 2. separating behaviors from character judgements (as in NVC). But I haven't yet come across many communities that do this well.

Hackers are Whistleblowers Too (live blog from HOPE XI)

Naomi Colvin, Courage Foundation
Nathan Fuller, Courage Foundation
Carey Shenkman, Center for Constitutional Rights
Grace North, Jeremy Hammond Support Network
Yan Zhu, friend of Chelsea Manning
Lauri Love, computer scientist and activist

Naomi begins. Courage foundation started in July 2014 to take on legal defense for Edward Snowden. They believe there is no difference between hackers and whistleblowers when they’re bringing important information to light. Information exposure is one of the most important triggers for social action. The foundation has announced their support for Chelsea Manning, who is beginning her appeal.

Carey wants to talk about public interest defenses. In the US, politicians call for whistleblowers to return to the US and present their motivations and “face the music” as part of their civil disobedience. In reality, the Espionage Act and the CFAA do not allow whistleblowers to use public interest motivations as a defense or use evidence to demonstrate a public interest. Whistleblowers like Ellsberg have called for public interest exceptions to the Espionage Act and CFAA. It’s important to protect civil

Grace: Jeremy Hammond hacked Stratfor with AntiSec/Anonymous and leaked the files on WikiLeaks. Tech has an incredible power to bring movements together. This requires some tech people to move outside of their comfort zone to interact with activism around other (non-technical) issues.

Yan: Chelsea really loves to get letters and reads every one she receives. While at MIT, Yan met Chelsea through the free software community. Chelsea’s arrest was the first time Yan saw the reality of whistleblowing and surveillance. Chelsea is very isolated and only gets 20 people on her phone list. To add someone, she has to remove someone else. Visitors have to prove they met her before her arrest in order to visit. She reads a statement from Chelsea Manning.

Lauri Love was arrested in 2013 in the UK without charges and later learned that he was charged in the US, which is very unusual, not having been alleged to have committed any crimes within the US. The problems with the CFAA are being used to contest his extradition to the US. Lauri greatly appreciates the support of the Courage Foundation

Lauri asks Carey: The UK allows you to present a defense of necessity, although it’s difficult. Can that happen in the US?
Carey: It’s difficult to say. The CFAA has always been controversial. The CFAA was passed in 1986, literally in response to the movie Wargames, which sparked the fear of a “cyber Pearl Harbor.”
Grace: Jeremy Hammond’s hacks were politically focused, but there were absolutely no provisions for acts of conscience in his defense. In fact, having strong political views leads to harsher treatment.

Lauri: Can we bypass the court system and national council of conscience?

Lyn: Mother of Ross Ulbricht, creator of silk road. Judges cited political views as reasons for the severity of Ross’s sentence. The court system also allows prosecutors to break the letter of the law when it is done in “good faith” while it doesn’t allow defendants to do so.
Lauri: It’s important to be vocal about these details. It

Audience question: CFAA prosecutions are really about politics, not about computers. It seems like some issues like gay marriage can change very quickly in American culture. What can be done to create these changes?
Grace: We couch issues in certain terms. What people find acceptable or unacceptable is often determined by perspective and simplified views of “legal” vs. “illegal.”