Art Hack Day co-founder David Huerta gave the NSA a nice present for its surveillance work.
In late May, hacker artist David Huerta, co-organizer of Art Hack Day and Cryptoparty, sent the NSA one hell of a snail mail. Huerta built a DIY encrypted mixtape using an Arduino board and a transparent acrylic case, containing a "soundtrack for the modern surveillance state." It's a mixtape the NSA won't be able to listen to because of the power of private key-based cryptography.
Originally, Huerta wanted to make a traditional mixtape and share it with friends and co-workers. But, without a cassette recorder, he didn't get very far. That's when his DIY hacker artist instincts kicked in, and he started building the encrypted mixtape at NYC Resistor.
"I made my own version of a mixtape with an Arduino and wave shield sandwiched in between two laser-etched pieces of transparent acrylic," he wrote. "The use of a giant-ass Arduino and wave shield was chosen since the (shitty) 44KHz wave file format gave it roughly the same audio quality I figured a wiretapped AT&T phone conversation would have."
Huerta settled on the transparent acrylic cassette casing as a symbolic gesture of transparency.
Encrypted mixtape. Image: David Huerta
"[It's] a response to the hidden exploitation of proprietary smartphones by computery mercenaries like Finfisher and HackingTeam," he added. "This open-hardware device would not be a black box, figuratively or literally."
"It’s designed to be enjoyed only by people I have consented it to be listened to," wrote Huerta in a blog published on Medium. "A second copy of this device will also be sent to the NSA’s headquarters in Maryland, but without the private key needed to decrypt it; a reminder that the rules of mathematics are more powerful than the rules of even the most powerful states."
Huerta explained in the blog post that although the NSA can intercept a variety of systems, "the actual cryptography connecting those systems was still something it fundamentally can't break."
"As a software developer I figure even weaponized software isn't going to be made for every single make and model combination of computing on the planet," Huerta told me. "And that while popular devices would be targeted (Windows PCs, Macs, iOS and Android smartphones, etc), that's probably the sort of thing they'd have to know in advance before doing some kind of targeted attack."
Huerta said that for the mixtape, the only thing the NSA would have access to is the DOD-wiped SD card, "bummed from an old pile at HeatSync Labs." That and the Arduino stack, which was as bare-bones as electronics could be. It didn't even have the hardware necessary to connect to the internet.
Image: David Huerta
"The NSA has been caught trying to influence certain things in crypto standards, which is why I went with Whirlpool for the hashing algorithm since it wasn't as tied to NIST (National Institute of Standards & Technology) as other standards are," said Huerta. "This would leave no known side channel to work around the crypto. The NSA would need to break the header key passphrase with brute force, and likely fail.
"This is my way of proving that the NSA isn't invincible and that the rules of mathematics are stronger than the rules of any state," he added. "Even so, I generally shy away from calling anything 'NSA-proof' since even with as much as we know from recent NSA coverage, there might be more secrets waiting to be revealed."
The cypherpunks, Huerta said, were instrumental in inspiring the anti-surveillance mixtape.
Cypherpunks sought to level the playing field between the government and the people with their release of robust encryption software. Phil Zimmerman's PGP (Pretty Good Privacy), for example, was a pivotal moment in empowering citizens with anti-surveillance tools. Its FTP release and subsequent international dissemination via the internet triggered a federal lawsuit, one the government eventually dropped.
Huerta also said that he was inspired by spending July 4, 2013 with Restore the Fourth activists in New York City, protesting PRISM and other NSA programs revealed by Edward Snowden.
Image: David Huerta
"It was an important exercise in demonstrating the size and vigor (it was hot as balls outside) of the voters who thought this issue was important," he said. "However, the NSA's operations are more removed from the being immediately disturbed by our rally. They might feel the brunt of reform in a few election cycles, hopefully, if we keep pushing."
In the meantime, Huerta figured that helping people build confidence in understanding secure communications and using them would be more immediately useful. In other words, beat the NSA at its own game: secrecy. Helping organize cryoparties is part of that," Huerta added.
"The thing about the Snowden revelations was this it also created a defeatist attitude in some people who wrote off crypto as pointless under the belief that the NSA was invincible—'they can track your location, read your email, turn on your webcam!'," Huerta said. "The Snowden docs really show that buggy OSes, implanted hardware, and software bugs in general were the way the NSA and other folks got into peoples's devices.
"I have goddamn feelings about mass surveillance, and they are not warm and fuzzy," Huerta said. "To take the Internet, which I grew up with so much hope for in being so much more free than the world I physically occupied and turn it into a panopticon brings out the tortured artist in me; I can’t help but respond."
What's fun about Huerta's encrypted mixtape project is that it probably got the NSA's attention, though we'll never know for sure. And the irony is that if the NSA decided to ramp up surveillance on Huerta, he's already established that he knows how to keep communications safe from its prying eyes.