“Imagine yourself suddenly set down surrounded by all your gear, alone on a tropical beach close to a native village while the launch or dinghy which has brought you sails away out of sight.”
Bronislaw Malinowski, Argonauts of The Western Pacific, 1922, p. 4.
This is how one of the most famous ethnographic description begins : Bronislaw Malinowski’s first contact with his research fieldwork. For almost one century, this depiction impacted anthropologists’ imagination and probably idealized their relationship to fieldwork: the exotic fascination of a radical otherness, the feeling of being lost and alone, and the exciting intuition that what is about to happen will change the ethnographer’s life forever. So many ethnographic clichés have outlined one’s first immersion into a foreign native village inhabited by people with odd habits speaking a yet unknown dialect and eating weird dishes.
Building on this tradition of presenting the ethnographer’s fieldwork as a site of fascination, we also would like to ask you to imagine yourself suddenly surrounded by… people sat in a packed conference hall gazing at slides on a screen. Even though the hall is filled mostly with men, this is not an exotic fieldsite, especially for anthropologists used to meet at conferences. But the uncanny reveal itself in the titles of the presentations: “Application Level DDoS, the Rise of CDNs and the End of the Free Internet”, “Nail in the JKS coffin”, “Unlocking secrets of the Proxmark3 RDV4.0” or “Let’s create a redteam mission”. What do these men (and few women) are talking about? How these technical subtleties are so important? We try to make sense, to understand the lines of code displayed and their consequences. It’s overwhelming, the tech-savvy natives are debating and many issues seem concerning and funny at the same time. We don’t have the same sense of humor, we grasp few points and our imagination try to decipher the rest.
This is Black Alps 2018 conference in Yverdon-Les-Bains in Switzerland, our first step in the field. Black Alps is “an event enabling to discuss the latest threats, mitigations and advances in cyber security”. For us, it is a privileged site where we can meet cyber security experts from Switzerland and abroad. For them, it is one of the numerous moments to socialize and meet with their peers.
The atmosphere is festive and easy-going, boosted by a whirlwind of “petits-fours”, free beers, free wine, free juice, served almost constantly… In the lobby, the exhibition booths of the main sponsors of the event present their services and display some goodies on the tables, a features that seems relevant in the field, along with stickers and black hoodies… CEOs in attire are talking to grungy geeks but this uncommon encounters does not cover for the homogeneity of the participants. By far, the crowd is masculine and white. We have to know the codes and the rules of this kind of events. Lots of people know each other and discuss friendly over a beer, waiting for the next conference or their meeting with another attendee.
But unlike Malinowski on the beach, we are not alone: Arnaud Velten, who defines himself as our “digital socializer”, introduced us to several of his acquaintances. He knows of a lot of people and when David arrives, he could barley enter the venue before being introduced to the organizer of the CTF on Friday. People are friendly and patient with our lack of technical knowledge, most of the time. CTF is the acronym for “Capture the flag” a military loan word for a well-spread computer ethical hacking competition. The organizer is kind enough to explain us the general idea of the contest, which is also a game, and the aspects of the challenges. But one question comes back all the time:
“Who are you and what is your research, again?”
We are slowly realizing that our questioning of computer security is different from what the participants have in mind, so are our temporality of research: this Digital Lives research will span for more than a year. Theirs are much faster. Our interlocutors’s questions about what we do and how we work were at least as relevant as their answers to our questions. However, this fast-paced crowd are curious and eager to feed us with tons of information and advice, as Yohann, a cheerful student in IT security at HEIG-VD, who provide us with some insider tricks and explanations.
Regarding the presentations themselves, it is hard to summarize them in this blog post considering their diversity (and our level of understanding). As stated by the organizer, besides the two keynotes, there were two types of talks: the first one in the track “attacks”, that is, talks that explained how to exploit a vulnerability or a flaw in a system to gain access and obtain information. The second ones are put in the track “lessons learned” and present for example the analysis of a series of attacks supposedly launched by the same group, or the assessment of the bug-bounty program of Swisscom, a program that offers a bounty to researchers helping a company to identify flaw in their systems.
These talks were useful to understand to the current preoccupations of the experts. For instance, the talk of Nicolas Oberli “Build your own hardware implant” documented his attempt to plant a small chip on a computer to spy on it as a recent Bloomberg article claimed China did to spy on US companies in compromising a production line. The article sparked an important debate in the community of computer experts and has revived the disputes about inserting backdoors (dedicated accesses) in computer systems. The discussion of such issue also hinted at the disclosures earlier this year of vulnerabilities in processors’ architecture and microcode (Meltdown and Spectre or the most recent PortSmash).
The ethnographies of the digital arenas are not necessary the experiences of insularity and cultural peculiarity as Alex Golub recall us when he comments Boellstorff use of the famous Malinowski’s exerpt we purposefully quoted at the beginning of this first blog post. The computer security experts we met in Yverdon-les-Bains are concerned about the implications vulnerabilities they found have in real life for individuals who might have their medical history sold on the Darknet (we attend an interesting talk about medical devices and hospitals security) and for companies or state agencies who might have their services blocked by a massive DDoS or some ransomware such as Wannacry. They are used to translate the complexity of codes and architectures into moral, political and economical claims. They are actually the ones who are in the best place to make us understand the risks we face in an era in which cyberattacks and criminal hacks are becoming a daily concern for everyone using the Internet. They are those who are making and unmaking the security of the devices containing the ever-increasing details of our life. Our experience in Black Alps 2018 recalls us again another excerpt of Malinowski about the ethnographic experience:
“In the field one has to face a chaos of facts, some of which are so small that they seem insignificant; others loom so large that they are hard to encompass with one synthetic glance. But in this crude form they are not scientific facts at all; they are absolutely elusive, and can be fixed only by interpretation, by seeing them sub specie aeternitatis, by grasping what is essential in them and fixing this. Only laws and generalizations are scientific facts, and field work consists only and exclusively in the interpretation of the chaotic social reality, in subordinating it to general rules.”
Malinowski, Baloma, 1916, p. 212.
It is indeed that that we are trying to do: understand what appears to us as a chaos of facts, big and small.
David and Sylvain