The Mysteries of Theo
There are certain people about whom one loves to speculate and dream without actually meeting them. Of this set, the person most on my mind lately is the infamously acerbic and reportedly mad hacker Theo de Raadt. Theo is the evil computer genius your script kiddie friends warned you about.
Working from home in Calgary, Canada, Theo has built one of the most obsessively secure operating systems known to humanity: OpenBSD. But he isn't content to lock down his machines and stick out his tongue. Like a drunken bar brawler in a hardened mech suit, he wants to start a fight just to see if anyone is stupid enough to punch his armor with his or her naked fists. He takes a cruel glee in demolishing people's comments on newsgroups. When somebody mentions how hard it is to use OpenBSD, a typical response from Theo might be, "OpenBSD wasn't written for children." Theo doesn't send flames; he sends napalm. I know security software developers -- hardcore people, the kind who like to shoot guns and buy night-vision goggles -- who have gotten e-mails from Theo that made them weep.
When his name comes up at hacker conventions, which is quite often, usually it's accompanied by the word psycho. But I've never met the guy. Never sent him an e-mail. I wouldn't know.
What I do know is Theo is the kind of security genius that various state secret-service organizations would love to have on their side. If he were to waltz into the Department of Defense and promise to be a good boy, I think Director of Central Intelligence George Tenet would probably jizz all over himself.
But that's never going to happen because Theo is also the kind of guy who won't shut up. In April his OpenBSD project had a chance to sop up more than two million dollars from a Defense Advanced Research Projects Agency grant, only to see the funding yanked out from under it when Theo told the Toronto Globe and Mail that he was "uneasy" about taking money from the U.S. government and added that the war in Iraq "sickens me." If it takes a psycho to say something like that, I hope Theo never pops any meds.
Theo is convinced DARPA reneged on the grant because of his antiwar statements. Representatives from the Defense Department, however, claim they took the cash back because they hadn't realized that so much of it would be going to a foreign researcher. Technically, the grant -- to investigate the efficacy of secure open-source operating systems -- had been given to Jonathan Smith, a professor of computer science at the University of Pennsylvania. Smith was going to funnel the money to Theo's project, since OpenBSD is one of the most highly developed operating systems that is geared toward keeping network activity safe from the prying eyes of adversaries.
The whole incident, in which a grant was given and taken away for what appear to be political reasons, illustrates one of the basic problems the U.S. government is going to encounter as it tries to beef up "cybersecurity." And that problem is Theo. Of course, I don't mean Theo the human being, although I'm sure he'd love to think he's the sole obstruction stopping the U.S. government from getting its head out of its ass when it comes to issues of computer security.
The real problem is that Theo isn't alone. He's just an extreme and very public example of a computer security genius; they tend to be outspoken, iconoclastic, and very distrustful of state power. Do you think Theo got to be Mr. OpenBSD because he's a quiet conformist who loves the status quo? Nope. It's because he's a mental misfit, always picking at problems and freaking out when his code isn't perfect. He can't stand authority because authority doesn't compile neatly.
When push comes to shove and terrorists learn to do more than use Hotmail, is the U.S. government going to get caught with its pants down because security experts like Theo say mean things about President George W. Bush? Even the uptight British secret service worked with openly queer Alan Turing during World War II because Turing knew how to build machines that broke codes. When is the DOD going to wise up and start putting its money into projects that work, like OpenBSD, instead of things that are ridiculous but right-wing friendly, like John Poindexter's Total Information Awareness proposal?
Propaganda won't protect us when we're under attack. If our national leaders really want us to be secure, they're going to have to learn to work with Theo.
Annalee Newitz (firstname.lastname@example.org) is a surly media nerd whose home network is protected by OpenBSD. Thanks, Theo. Her column also appears in Metro, Silicon Valley's weekly newspaper.