Technical interrogation as an interpretative method

CEU Interpretive Research Forum

Maxigas (UOC/IN3 & CEU/CMDS), March 16th, 2016, Budapest, CEU

Motivation

First, to begin with subjects which might arouse no suspicion, I started to “do” technology. A few natives were engaged in manufacturing some object or other. It was easy to look at it and obtain the names of the tools, and even some technical expressions about the proceedings, but there the matter ended. (Malinowski 2005 [1922] 4)

References

  • Malinowski (1922): Kula
  • Foucault (1977): Panopticon
  • Appadurai (1986): Social Life of Things
  • Akrich (1992): De-Scription of Technical Objects
  • Star (2002): Ethnography of Infrastructure

Three easy steps

1. Object biography

  • Inception;
  • use;
  • obsolescence.

→ What is the historical trajectory of the artefact?

2. Technical composition

  • Devices;
  • assemblages;
  • flows;
  • translations, etc.

→ Why parts are there and what is their role in the whole?

3. Social context

  • Close reading (DuBois 2003);
  • thick description (Geertz 1973; Ponterotto 2006);
  • from particularity to totality (Adorno 1976, 12)

→ How the artefact fits into the totality of human and material relations?

Case: The r0ket

Object biography

  • Tradition of hacker badges
  • Made in μCCC hackerspace, München, Germany
  • Released at 2011 Chaos Communication Camp & Congress
  • Dozens of applications:
    • RC car
    • Geiger counter
    • rocket launcher
  • Obsolescence ~2015 (by single board computers)

Social context

Functions:

  1. identification;
  2. play;
  3. reputation;
  4. access control;
  5. hardware hacking.

General-purpose input/output

CPU has 48 pins, 14 go to GPIO

  • Alternative conceptualisation of openness:
    • Unfinished artefact → unforeseen uses
    • Questions the SCOT framework (Pinch & Bijker 1984)
    • Subversive rationalisation (Feenberg 1992)

→ Critique of modern tech (Kirkpatrick 2014)

PWGEN: Argument by technology

the “pwgen” l0dable will create passwords only from a list of 64k passwords. happy ssh scanning on the camp network ;) (mazzoo 2011)

  • Controversy and conflict:
    • Apps require signature by r0ket team
    • “Trusted boot” subverted
    • Technical intervention into social conflict

→ Recursive publics (Kelty 2008)

#include "basic/basic.h"

#include "usetable.h"

#define PW_LEN 8

void pw_cleanup(char * pw);
void pw_set(char * pw, uint16_t * k);

void ram(void)
{
char pw[PW_LEN+1];
uint16_t k[8];
int button;
memset(k, 0, 16);
while(1){
    lcdClear();
    lcdNl();
    lcdPrintln(" password");
    lcdPrintln("    generator");
    lcdNl();
    lcdNl();
    pw_set(pw,k);
    pw_cleanup(pw);
    lcdPrint("   ");
    lcdPrintln(pw);
    lcdRefresh();
    delayms(23);
    while((button=getInputRaw())==BTN_NONE)
        delayms(23);
    if(button==BTN_LEFT) return;
}
}

void pw_cleanup(char * pw)
{
int i;
for(i=0;i<PW_LEN;i++)
{
    /* strip unwanted ascii chars */
    pw[i]&=0x7f;
    if(pw[i]<0x30)pw[i]+=0x30;
    if(pw[i]>0x7a)pw[i]-=0x10;
    if((pw[i]>'Z')&&(pw[i]<'a'))
        pw[i]-=0x10;
}
}

void pw_set(char * pw, uint16_t * k)
{
int i;
memset(pw,0,PW_LEN); /* wipe old PW */
for(i=0;i<4;i++)
    k[1]=getRandom();
xxtea_encode_words(pw,PW_LEN/4,k);
pw[PW_LEN]=0;
}

there's no security in trusted boot
- or -
how I hacked 3000 hackers ;)

although the r0ket SW is opensource I managed to put a little and not so
serious trojan horse onto the official release. the "pwgen" l0dable will
create passwords only from a list of 64k passwords. happy ssh scanning on
the camp network ;)

I am not taking this serios and also am unwilling to believe that any one
of the visitors of cccamp11 used the little program to create his secure
passwords.

I did it to provide a counter-example that there's not a single point of
security enhancement in trusted boot (or TPM, TXT, DRM, or what the
buzzword of the week might be). quite the contrary is the case: even if
you found the bug/hole in the "pwgen" source, binary or by simply testing
it extensively, you'd need the good will of the manufacturer to release a
fixed new signed binary. there's no way you may fix it yourself while
keeping all other features functional (assuming there were no other
bufferoverflow or alike bugs to gain code execution).

all you intels, apples, microsofts, googles and HTCs: go away with closed
products. we want open platforms. if you think you need trusted boot
always provide the fairness to let your consumer distrust you and let
them sign and execute their own code.

7kool<4x
AVsXo6U=
HY:PzR1@
kbE99INK
lB9xrdL0
nfW2N18k
OKa:@P;Z
OLNkKM8O
Rw;B5DDi
XVdmHmLW
02@PoKYI
331mm?>K
4n8sRus;
5Ivagsaz
>6DAlNU>
@6iMRAJM
8NcI>L83
8RAcu>OK
E8O4l6=Q
fN5NsD6A
==GWpPds
HNNpVuUF
HorOCN5G
IEJeaH<9
iUCsLI0>
KMLkqN?O
KOOK=Dzy
KzW8RzAL
LG?jM>HM
LL7oMLNh
ln<orScP
LW<7HZZ1

Political economy of a CPU

A fast processor: The ARM Cortex M3

  • Class position of hackers:
    • Donated by vendor (NXP)
    • “Pick and placed” by friendly firm for free
    • Valorised through relative autonomy

→ Object conflicts (Hess 2005)

Conclusions

Advantages

  • Accessibility;
  • concreteness;
  • material culture.

→ Post-discourse & post-representation.

Material residue of social conflicts.

Limitations

  • Access required to low-level sources;
  • subject culture has to be organised around material culture;
  • researcher needs communicative expertise (Collins & Evans 2007).

The End

Questions?

Email address:

maxigas@anargeek.net

Slides URL:

https://slides.metatron.ai/technical-interrogation/

Website URL:

https://relay70.metatron.ai/

Credits

Adorno, Theodor, ed. 1976. The Positivist Dispute in German Sociology. London: Heinemann.

Akrich, Madeleine. 1992. “The de-Scription of Technical Objects.” In Shaping Technology / Building Society: Studies in Sociotechnical Change, ed. Wiebe Eco Bijker and John Law, 205–224. Cambridge, MA: MIT Press.

Appadurai, Arjun, ed. 1986. The Social Life of Things: Commodities in Cultural Perspective. Cambridge: Cambridge University Press.

Collins, Harry, and Robert Evans. 2007. Rethinking Expertise. Chicago; London: University of Chicago Press.

DuBois, Andrew. 2003. “Close Reading: An Introduction.” In Close Reading: The Reader, 1–42. Durham; London: Duke University Press.

Feenberg, Andrew. 1992. “Subversive Rationalisation: Technology, Power and Democracy.” Inquiry 35 (3). http://www.sfu.ca/~andrewf/Subinq.htm.

Foucault, Michel. 1977. Discipline and Punish: The Birth of the Prison. First edition. New York: Pantheon Books.

Geertz, Clifford. 1973. The Interpretation of Cultures. New York: Basic Books.

Malinowski, Bronisław. 1922. Argonauts of the Western Pacific: An Account of Nature Enterprise and Adventure in the Archipelagos of Meanesian New Guinea. London: Routledge & Kegan Paul.

Pinch, Trevor J., and Wiebe E. Bijker. 1984. “The Social Construction of Facts and Artefacts: Or How the Sociology of Science and the Sociology of Technology Might Benefit Each Other.” Social Studies of Science 14 (August): 399–441. http://libgen.io/scimag/get.php?doi=10.1177%2F030631284014003004.

Ponterotto, Joseph G. 2006. “Brief Note on the Origins, Evolution, and Meaning of the Qualitative Research Concept ’Thick Description’.” The Qualitative Report 11 (3) (September).

Star, Susan Leigh. 2002. “Infrastructure and Ethnographic Practice: Working on the Fringes.” Scandinavian Journal of Information Systems 14 (2): 107–122.