ETHIC HACK an ongoing project by
ANNE GALLOWAY
Freedom
& Control on the Electronic Frontier
The scene
opens with slow-motion National Geographic-style images of Third World
people and violent political unrest. It cuts to shots of White soldiers,
First World governments, ancient architecture, corporate work, Buddhist
monasteries and serene landscapes. All the while, a soothing and powerful
male voice narrates:
"The
revolution is in our destiny. This revolution, however, will not be fought
with guns or swords. It will not be a war of words or of countries. This
revolution will be about knowledge and access. About progress and opportunity.
It would use information networks to make computing simple, more efficient
and vastly more affordable... Where do we come in? We make the software
that manages this information - that will enable anyone, anywhere to sit
in the seat of knowledge. Oracle: enabling the information age."
In 1998 the
utopian promise of the Internet was being aggressively marketed in North
America. Oracle first broadcast the above "Revolution" advertisement
(download here),
and corporations like Cisco Systems ("Are You Ready?"), Microsoft
("Where Do You Want To Go Today?") and Nortel Networks ("Come
Together") were following similar marketing strategies.
At the same
time, the popular press focussed on issues of online privacy and hate
propaganda. Libertarian positions on absolute freedom and (self) control
of information clashed with legislative attempts to define and regulate
problematic information.
If we follow
Lessig (1999:4-8), we should
not be surprised that cyberspace can be regulated by government. He conjures
cybernetics - the root word of cyberspace - as the "vision of perfect
regulation... a better way to direct" and he points out the contradiction
in our "celebration of noncontrol over architectures born from the
very ideal of control."
And he also
introduces a temporal and transitional aspect - cyberspace is changing.
The issues of freedom and control on the electronic frontier are being
negotiated right now. Foundational values are threatened and new forms
of governance are emerging.
"[T]he
invisible hand of cyberspace is building an architecture that is quite
the opposite of what it was at cyberspace's birth. The invisible hand,
through commerce, is constructing an architecture that perfects control
- an architecture that makes possible highly efficient regulation... Values
that we now consider fundamental will not necessarily remain. Freedoms
that were foundational will slowly disappear... In cyberspace we must
understand how code regulates - how the software and hardware that make
cyberspace what it is regulate cyberspace as it is... We can build,
or architect, or code cyberspace to protect values that we believe are
fundamental, or we can build, or architect, or code cyberspace to allow
those values to disappear. There is no middle ground. There is no choice
that does not include some kind of building. Code is never found;
it is only ever made, and only ever made by us" (Lessig
1999:10).
Lessig's
message is crucial. Cyberspace is a spatial and temporal construct - a
place - that we are always already building.
The
Internet vs. The Web
In order
to examine the building taking place, we need to make the distinction
between two often-conflated terms: the Internet and the Web. According
to MainNet's
I-Net Guide,
"the Internet is a library of information. In simplest terms possible,
the Internet is a collection of protocols and smaller sub-networks all
joined together. Within these sub-networks, volumes and volumes of information
is hosted. The World Wide Web is part of the Internet. The web is one
way of accessing those volumes of hosted information. You could think
of the web as a gateway to all of the information floating around in cyberspace.
The Internet is information, the web is an interface."
Although
the difference can be quantitatively understood in terms of hardware and
software, qualitative differences emerge in terms of usage. The Internet
began as packet-switching technologies within the late-50s American military-industrial
complex (Abbate 1999).
Until the early 1980s, the Internet served a largely research-based community,
using e-mail and file transfer protocols (FTP). In 1984, the Domain Name
System (DNS) was introduced and moderated newsgroups entered USENET (Hobbes
2000; Kitchen1998;
Ward 2000). The 80s Internet
was dominated by communities like the Whole Earth 'Lectronic Link (WELL),
Multi-User Dungeons/Domains (MUDs) and Multi-User Dimensions, Object Oriented
(MOOs). These social spaces were self-regulated by codes of conduct, yet
remained fiercely loyal to promises of disembodied communication, freedom
and the politics of non-intervention (see Holmes
1997; Jones 1995; Jones
1998; Shields 1996).
The founding communities of cyberspace valued the free
sharing of information and open-source
software, considering them to be integral to technological and social
innovation.
Politics
entered cyberspace in 1990 when the Electronic
Frontier Foundation was founded. These libertarian positions were
challenged in 1991 by the founding of the Commercial Internet eXchange
(CIX) Association. In 1992 the World Wide Web interface was released,
and in 1993 the Mosaic browser replaced the need for knowledge of programming
code to access the Web - cyberspace became accessible to the layperson.
By 1995, domain names were no longer free and the commercial promise of
the Web was well underway. In 1996 the United States attempted to pass
the Communications
Decency Act - a sweeping proposal for Internet content regulation.
And John Parry Barlow issued his infamous "Declaration
of the Independence of Cyberspace."
By the late
1990s, the Internet had effectively shifted from its use by small, participatory
communities to become, in public consciousness, the World Wide Web. And
the Web is a qualitatively different social space from the Internet of
communities like the WELL.
Most importantly, the World Wide Web is proprietary - people own parts
of it and they are not shared. Founded as a commercial venture, the Web
has more in common with a shopping mall than with prior online communities.
The potential for surveillence and control is considerably higher, and
regulation has been built into the architecture.
Currently,
there are four domains of law which apply in cyberspace: libel, slander,
copyright
(intellectual content) and property
(DNS). One cannot defame another's character or actions in text or images;
one cannot copy hardware, software or files without the author's permission;
and one cannot access or alter domain content without the owner's permission.
Additional regulations concerning hate propaganda and freedom
of speech, child pornography and privacy
of information are currently being negotiated internationally.
The
Case of Hackers
In order
to demonstrate how the values of the early Internet communities conflict
with the values of the commercial and proprietary Web, this project will
focus on the practice of hacking and the construction of the hacker in
popular discourse.
If the hacker
is understood as the archetypal cyber-citizen, transitions in the meaning
and practice of hacking can, in part, be correlated with the larger shift
from Internet to Web communications. These changes can provide a cautionary
tale - of what we have already lost and what we may yet stand to lose
in the digital revolution.
[ Top ]
Hackers
According to Themselves
In the case
of hackers, the Web provides a unique research opportunity - comprehensive
archives of computer cultures have been maintained and are publicly shared
online in the spirit of access to information. For example, the online
hacker Jargon File "is in the public domain, to be freely used, shared,
and modified. There are (by intention) no legal restraints on what you
can do with it, but there are conventions about its proper use which help
people get the best use out of it, and minimize hassles for the maintainers."
According
to the Jargon
File, Version 4.2.3, 23 November, 2000, a hacker is:
"1.
A person who enjoys exploring the details of programmable systems and
how to stretch their capabilities, as opposed to most users, who prefer
to learn only the minimum necessary. 2. One who programs enthusiastically
(even obsessively) or who enjoys programming rather than just theorizing
about programming. 3. A person capable of appreciating hack value. 4.
A person who is good at programming quickly. 5. An expert at a particular
program, or one who frequently does work using it or on it; as in `a Unix
hacker'. (Definitions 1 through 5 are correlated, and people who fit them
congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy
hacker, for example. 7. One who enjoys the intellectual challenge of creatively
overcoming or circumventing limitations. 8. [deprecated] A malicious meddler
who tries to discover sensitive information by poking around. Hence `password
hacker', `network hacker'. The correct term for this sense is cracker."
A cracker,
in contrast, is defined as:
"One
who breaks security on a system. Coined ca. 1985 by hackers in defense
against journalistic misuse of hacker (q.v., sense 8)... While it is expected
that any real hacker will have done some playful cracking and knows many
of the basic techniques, anyone past larval stage is expected to have
outgrown the desire to do so except for immediate, benign, practical reasons
(for example, if it's necessary to get around some security in order to
get some work done). Thus, there is far less overlap between hackerdom
and crackerdom than the mundane reader misled by sensationalistic journalism
might expect. Crackers tend to gather in small, tight-knit, very secretive
groups that have little overlap with the huge, open poly-culture this
lexicon describes; though crackers often like to describe themselves as
hackers, most true hackers consider them a separate and lower form of
life. Ethical considerations aside, hackers figure that anyone who can't
imagine a more interesting way to play with their computers than breaking
into someone else's has to be pretty losing... For a portrait of the typical
teenage cracker, see warez d00dz."
And warez
d00dz:
"A substantial
subculture of crackers refer to themselves as `warez d00dz'... As `Ozone
Pilot', one former warez d00d, wrote: Warez d00dz get illegal copies of
copyrighted software. If it has copy protection on it, they break the
protection so the software can be copied. Then they distribute it around
the world via several gateways... They put up boards that distribute the
latest ware, or pirate program. The whole point of the Warez sub-culture
is to get the pirate program released and distributed before any other
group... It gives them the right to say, "I released King's Quest IVXIX
before you so obviously my testicles are larger"... The studly thing
to do if one is a warez d00d, it appears, is emit `0-day warez', that
is copies of commercial software copied and cracked on the same day as
its retail release. Warez d00ds also hoard software in a big way, collecting
untold megabytes of arcade-style games, pornographic JPGs, and applications
they'll never use onto their hard disks. As Ozone Pilot acutely observes:
[BELONG] is the only word you will need to know. Warez d00dz want to belong.
They have been shunned by everyone, and thus turn to cyberspace for acceptance...
Warez d00dz will never have a handle like "Pink Daisy" because warez d00dz
are insecure. Only someone who is very secure with a good dose of self-esteem
can stand up to the cries of fag and girlie-man. More likely you will
find warez d00dz with handles like: Doctor Death, Deranged Lunatic, Hellraiser,
Mad Prince, Dreamdevil, The Unknown, Renegade Chemist, Terminator, and
Twin Turbo. They like to sound badass when they can hide behind their
terminals."
These entries
begin to show the complexity (and hierarchy) in hacker community values.
Exploration, experimentation, creativity and dedication are associated
with hacking. Disdain for cracking is obvious - the cracker is seen as
unimaginative at best, and socially pathetic at worst. In part, these
attitudes reflect generational differences. Exceptional and early players
are considered to be demigods:
"with
years of experience, a world-wide reputation, and a major role in the
development of at least one design, tool, or game used by or known to
more than half of the hacker community. To qualify as a genuine demigod,
the person must recognizably identify with the hacker community and have
helped shape it. Major demigods include Ken Thompson and Dennis Ritchie
(co-inventors of Unix and C), Richard M. Stallman (inventor of EMACS),
Larry Wall (inventor of Perl), Linus Torvalds (inventor of Linux), and
most recently James Gosling (inventor of Java, NeWS, and GOSMACS) and
Guido van Rossum (inventor of Python). In their hearts of hearts, most
hackers dream of someday becoming demigods themselves, and more than one
major software project has been driven to completion by the author's veiled
hopes of apotheosis."
or net.gods:
"referring
to anyone who satisfies some combination of the following conditions:
has been visible on Usenet for more than 5 years, ran one of the original
backbone sites, moderated an important newsgroup, wrote news software,
or knows Gene, Mark, Rick, Mel, Henry, Chuq, and Greg personally... Net.goddesses
such as Rissa or the Slime Sisters have (so far) been distinguished more
by personality than by authority."
The hacker
ethic is defined in the Jargon File as:
"1.
The belief that information-sharing is a powerful positive good, and that
it is an ethical duty of hackers to share their expertise by writing open-source
and facilitating access to information and to computing resources wherever
possible. 2. The belief that system-cracking for fun and exploration is
ethically OK as long as the cracker commits no theft, vandalism, or breach
of confidentiality.
Both of these
normative ethical principles are widely, but by no means universally,
accepted among hackers. Most hackers subscribe to the hacker ethic in
sense 1, and many act on it by writing and giving away open-source software.
A few go further and assert that all information should be free and any
proprietary control of it is bad; this is the philosophy behind the GNU
project.
Sense 2 is
more controversial: some people consider the act of cracking itself to
be unethical, like breaking and entering. But the belief that `ethical'
cracking excludes destruction at least moderates the behavior of people
who see themselves as `benign' crackers. On this view, it may be one of
the highest forms of hackerly courtesy to (a) break into a system, and
then (b) explain to the sysop, preferably by email from a superuser account,
exactly how it was done and how the hole can be plugged -- acting as an
unpaid (and unsolicited) tiger team.
The most
reliable manifestation of either version of the hacker ethic is that almost
all hackers are actively willing to share technical tricks, software,
and (where possible) computing resources with other hackers. Huge cooperative
networks such as Usenet, FidoNet and Internet can function without central
control because of this trait; they both rely on and reinforce a sense
of community that may be hackerdom's most valuable intangible asset."
But it was
Steven Levy, in his book Hackers:
Heroes of the Computer Revolution, who popularised the following hacker
ethic almost 20 years ago:
- Access
to computers should be unlimited and total.
- Always
yield to the Hands-On Imperative.
[computers
should be accessible for "hands-on" work]
- All
information should be free. [but
not in the financial sense]
- Mistrust
authority--promote decentralization.
- Hackers
should be judged by their hacking.
[and
not by gender, race or religion]
- You
can create art and beauty on a computer.
- Computers
can change your life for the better.
The generational
differences amongst hackers reflect both technological and moral dimensions.
According to the Jargon File, the skills and attitudes of the early users
of the Internet are seen to conflict with those of younger script kiddies:
"1.
The lowest form of cracker; script kiddies do mischief with scripts and
programs written by others, often without understanding the exploit. 2.
People who cannot program, but who create tacky HTML pages by copying
JavaScript routines from other tacky HTML pages. More generally, a script
kiddie writes (or more likely cuts and pastes) code without either having
or desiring to have a mental model of what the code does; someone who
thinks of code as magical incantations and asks only "what do I need to
type to make this happen?" "
and dark-side
hackers:
"A criminal
or malicious hacker; a cracker. From George Lucas's Darth Vader, "seduced
by the dark side of the Force". The implication that hackers form a sort
of elite of technological Jedi Knights is intended. "
Although
malicious acts, like the deployment of viruses, occurred early-on in the
development of the Internet, it was with the advent of the Web that the
public image of the hacker shifted from one of technological wizard to
criminal saboteur.
This shift
reflects changes within the hacker community, changes in the ways that
hackers have been portrayed in media, the types and targets of hacking,
and government and industry responses.
[ Top ]
Hackers
According to the Media
Media representations
of, and by, hackers can demonstrate the difference in ethics between the
public Internet, as a free exchange of information and the proprietary
Web, as part of the larger mass communications industry.
Hackers in
popular culture have been described by Shift Magazine as part of the "techsploitation"
genre. Human-computer interaction is portrayed in Hollywood movies as
cliché and hacker chic. Speed, action and hyper-coolness surround
movie hackers - although they are just as likely to be vilified as slobs,
creepy voyeurs and criminals. Inevitably, distinctions between types of
hackers are lost - the stereotypical movie hacker is more appropriately
a cracker.
Level
9 - a short-lived hacker television drama took the perspective of
an elite police task-force. Both ethical and reformed hackers acted as
security experts who trapped dangerous crackers and re-established the
proper balance of power in cyberspace.
In recent
years, the mainstream press have become fascinated with the subject of
hackers - although again, the word "hacker" has often been incorrectly
applied to crackers. The lack of precise terminology reflects both an
outsider perspective and the hegemonic influence of mass media.
In 1997 the
Discovery Channel online created the Hackers'
Hall of Fame. The project divides the history of hacking into five
eras:
The early
ones are "true-hackers" - American creators of technology and
great tinkerers - and the later ones are international phone phreaks and
crackers. Accordingly, the qualities associated with hacking shifted alongside
the emergence of the Web. Networking capabilities allowed virtually instantaneous
global communication, and promised universal access. But as the non-commercial
Internet gave way to the commercial Web, anti-proprietary and libertarian
values became increasingly threatened. Some hackers became crackers, and
by the late 1990s a new generation of hackers came of age.
CNN.com published
their April 1999 survey of hacking and computer security called "Insurgency
on the Internet" - warning that malicious computer attacks are,
in fact, "cyberwar" and that industry must be ready for the
battle. A sense of "us" (society, industry) as opposed to "them"
(hackers, crackers) was established, and an online discussion forum debated
the ethics.
News stories
about hackers are usually about male hackers, but in June 2000 ABCNews.com
published "Female
of the Species" and "Facing
a Man's World" - two articles looking at female hackers. They
are characterised as far-and-few-between, but as "queens of pirated
software, anti-child porn crusaders, political activists and leaders of
private online vendettas." Female hackers are reportedly attracted
to the same thing as are male hackers: "the mastery of how things
work," but the women report that they avoid the stereotypes and try
to do good. They report having to compete with "scene whores"
- hacker groupies - in the sense that they must prove to "the boys"
that they are more than adoring sex objects. But for hackers, this still
requires technological prowess, and unless a person can code well, they
are denied community status.
Increasingly,
as international denial-of service (DoS) and virus campaigns attacked
the Web, the hacker in mainstream media emerged as an immature, but technologically
adept, teenage male.
In April
2000, a 15-year-old male from Montreal, known by his handle "Mafiaboy,"
was arrested and charged with 64 counts of mischief to data as a result
of DoS attacks, including ones against CNN.com, Yahoo.com, Amazon.com,
eBay.com and ZDNet.com. In September 2001, he was sentenced to eight months
in a youth detention centre. The judge also ordered the teenager to face
one year of probation after his detention ends, and fined him $160. Needless
to say, "Mafiaboy" cannot use a computer for this entire period.
The hacker
community represented by 2600:
The Hacker Quarterly, responded to the arrest by asking "Is
Mafiaboy Real or a Creation of the Media?" and reporting that:
"When
the name "mafiaboy" was first mentioned months ago, a couple of us hopped
onto IRC using that nick. Sure enough, within seconds, we were being messaged
by people who believed we were the person responsible. Amazingly, the
person who fell for it the hardest is the very person now being quoted
widely in the media as having caught the perpetrator. Now perhaps this
is all just a big coincidence. But as you can see from the IRC logs below
[entire transcript is published], we dropped a few clues that the person
was in a country with snow and at one point "accidentally" spoke French
to imply the province of Quebec. We were amazed when the blame actually
landed on someone from Montreal."
Their position
is somewhat typical of hacker web sites: they seek to reply to accusations,
to clarify ideas and practices and to advocate a skeptical view of the
"establishment." The 2600 web site now devotes a substantial
amount of its publication to legal issues facing the Hacker Quarterly,
arguing for non-proprietory (open source) software and freedom from regulation
- the values of the original Internet communities facing off against corporate
interests on the Web. Interestingly, when forced to remove (illegal) DVD-decoding
source code from its site, 2600
responded with:
"Looking
for a copy of DeCSS? The easiest way is to go to Disney's search engine
and search for DeCSS. They will then LINK you to thousands of sites, something
we're no longer allowed to do. It's possible we may not even be allowed
to tell you this! You can still access our old list of mirror sites sans
the links."
Aside from
the humour of using Disney services to engage in illegal acts, the case
against 2600 provides a good example of the difficulty in regulating the
Internet - even when one source of information is blocked, it is still
available from any number of other sources.
Also in contrast
to mainstream media, Attrition.org
is:
"a computer
security Web site dedicated to the collection, disemination and distribution
of information about the industry for anyone interested in the subject.
They maintain one of the largest catalogs of security advisories, cryptography,
text files, and denial of service attack information. They are also known
for the largest mirror of Web site defacements and their crusade to expose
industry frauds and inform the public about incorrect information in computer
security articles."
Attrition
has compiled a broad selection of articles on hacker
ethics written by members of the hacker community and others. As pointed
out by Taylor (1999) the
hacking ethic is fundamentally opposed to that of the proprietory Web
and of the computer-security industry.
But hacker
ethics are also conflicting - and more than a little influenced by cyberpunk
aesthetics. According to the Callisti
Manifesto,
"To
be a hacker is to identify with a proud past of research scientist [sic]
and late night all night hacking parties at universities like MIT and
UCBerkeley. However, to be a cracker is to identify with the cold hard
street and street level back alley technology. So choose carefully wether
[sic] your identity is that of the dangerou [sic] innovative reseach scientist
or the cold hearted street level tech outlaw making phone calls to Hong
Kong on the unaccounted for phones in Alphabet City. Do you choose to
be in a lab or on the street?... I myself am and always will be a cracker."
The mainstream
media, with their corporate ties to the commerical Web, have a vested
interest in reproducing hegemonic structures of control online. The hacker
is necessarily constructed as a dangerous "other" - one who
threatens values associated with property and authority. The hacker community
distinguishes between hackers and crackers, yet as producers of online
media, hackers and crackers come together in opposition. They openly resist
practices of capitalist ownership and regulation. Their interest lies
in furthering the agenda of non-proprietory values associated with the
early Internet.
CBC's The
Fifth Estate investigated hackers and cyber-terrorists in 2000. The
broadcast included interviews with hackers, computer security consultants
and members of the legal community and offered a real-time chat after
the program. In keeping with other mainstream press accounts, hackers
were constructed as dangerous "others." As such, the broadcast
took the position of "what to do about hackers."
In Winter
2001, The Learning Channel broadcast Hackers:
Computer Outlaws. The accompanying web site features famous hackers
and hacker lingo, as well as articles on hacking and interactive polls.
Also
in 2001, PBS's Frontline broadcast Hackers:
a report on the exploits of hackers and how they have highlighted the
internet's insecurities.
Discourse
analysis of both the TV broadcasts and the accompanying web sites would
provide greater insight into the depth and breadth of the moral parameters
applied.
The architecture
of the Internet has been changing, and the original promises of freedom
and a digital revolution in knowledge and access are slowly being replaced
by restrictions and punishments upheld by the architecture of the Web.
A deeper understanding of the practices of surveillence and control among
users of the Internet and the World Wide Web would be helpful.
How society-at-large
responds to hackers/crackers is indicative of the values influencing emerging
information technologies, practices and policies.
[ Top ]
Hackers
According to the Powers That Be
There have
emerged three distinct, but related, approaches to the "problem"
of hackers. The educational/advocacy approach teaches moral and pro-social
values for online behaviour. The approach of the computer security industry
seeks to protect property in cyberspace. And legislative approaches are
based on the articulation of rules and punishment for cyber-crimes.
Education
and Advocacy
For online
educational/advocacy purposes, the hacker is only one of various problems,
and is considered an inappropriate, if not criminal, cyberspace role model
for young people. In 1999, the Anti-Defamation League released Poisoning
the Web: Hatred online, a report on Internet bigotry, extremism and
violence. The Simon Wiesenthal Centre just released Digital
Hate 2001: internet report and analysis, where "manipulation
of the net" and "mayhem, anarchy, bombs" were two of seven
categories of cyberhate. Both reports connect hacking - and its various
intents - with hatred. Hackers are seen to offer, or provide access to
inappropriate and/or illegal information, such as making bombs or overthrowing
the government. In one sense this approach seeks to censor information
which could be used to commit illegal acts. In another sense, anti-authoritarian
practices are considered hateful. At issue are the ethics of free speech
(Canada may have hate laws, but what legally constitutes hate will never
be settled) and larger ethical issues regarding the rights of citizens,
civil disobedience and democratic media.
Less contentious
moral judgments have been used in North American public education initiatives.
The United States Department of Justice's Internet
Do's & Don'ts web site teaches kids to be "good netizens."
After quizzing kids on privacy and copyright issues, they remind young
people that they "can get in trouble for hacking!" The Cybercitizen
Partnership claims that 48% of kids do not consider hacking to be
a crime. Their "Surf like a hero. Not a zero" initiative was
developed to teach online citizenship - in the sense of civil and responsible
behaviour. They cite the Computer
Ethics Institute code of cyber-ethics:
As such,
hacking is equated with stealing and/or the destruction of property; counterfeiting
and pirating warez are seen as the equivalent of stealing tapes or CDs;
and denial-of-service attacks are said to have the real-world effect of
blocking a tunnel. No distinction is made between the actual and the virtual;
the same rules for "acceptable" behaviour in real-life are applied
to cyberspace. This raises questions regarding the power relations implied
in these rules of social etiquette, and the connection made with existing
norms and laws. A preliminary observation might suggest that hegemonic
values of the White, professional class will prove to be yet another barrier
to universal online access and digital democracy.
Computer
Security
The computer
security industry tends to approach hackers in similar fashion: they are
seen as a threat to private property and a potential danger to computer
networks and systems.
The hacking
of commercial and government web sites, and the use of email to spread
hostile viruses, are treated as acts of terrorism. In the online Computers
and Security journal, Hinde
(2000) finds it "worrying that a 15-year-old [Mafiaboy] could bring
down so many web sites with such apparent ease. Just think what a concerted
attack by criminals, anarchists, activists, a hostile country or other
'cyberterrorists' could achieve."
The issue
of denial-of-service (DoS) attacks is viewed in terms of potential risk
for a security breach, and the ability of web site or network owners to
prevent such an intrusion. Security professionals debate if crackers can
be reformed and used as ethical hackers protecting systems from malicious
attacks - and conclude that hiring convicted cyber-criminals is ethically
out of the question. Nonetheless, they value the hacker skill-set and
recognise how those skills can (and even should) be used to protect, rather
than to violate, online and offline property (Hancock
2000). Hacker conferences have become favourite recruiting events
for the computer security industry. Such events would provide interesting
opportunities for ethnographic research.
Legislation
and punishment of offenders
At the National
Computer Security Conference held in Washington D.C. Denning
(1990) reported that:
"Hackers
are learners and explorers who want to help rather than cause damage,
and who often have very high standards of behavior. My findings also suggest
that the discourse surrounding hacking belongs at the very least to the
gray areas between larger conflicts that we are experiencing at every
level of society and business in an information age where many are not
computer literate. These conflicts are between the idea that information
cannot be owned and the idea that it can, and between law enforcement
and the First and Fourth Amendments. Hackers have raised serious issues
about values and practices in an information society."
Ten years
later, a new response to cyber-crime is the European Committee On Crime
Problems' Draft
Convention on Cyber-crime (Draft No.24, Rev.2, 19 November 2000).
It is based on the conviction "of the need to pursue, as a matter
of priority, a common criminal policy aimed at the protection of society
against cyber-crime, inter alia by adopting appropriate legislation
and fostering international co-operation." The Global Internet Liberty
Campaign issued an open
letter in response to the proposal, stating:
"We
believe that the draft treaty is contrary to well established norms for
the protection of the individual, that it improperly extends the police
authority of national governments, that it will undermine the development
of network security techniques, and that it will reduce government accountability
in future law enforcement conduct... These provisions pose a significant
risk to the privacy and human rights of Internet users and are at odds
with well established principles of data protection such as the Data Protection
Directive of the European Union. Similar communications transaction information
has been used in the past to identify dissidents and to persecute minorities.
We urge you not to establish this requirement in a modern communication
network."
According
to the Department
of Justice Canada, on November 23, 2001 Canada signed the Council
of Europe Convention on Cyber-Crime, which requires states to criminalize
certain forms of abuse of computer systems and certain crimes, like hacking,
when they are committed through the use of computer systems. The convention
also supports international cooperation to detect, investigate and prosecute
these criminal offences, as well as to collect electronic evidence of
any criminal offence, including terrorist crimes, terrorist financing
and money laundering offences. Some of the other prohibited activities
covered by the Convention include interference of computer systems, computer
fraud and forgery.
For purposes
of legislation, hackers are necessarily defined as criminals. Computer
crimes perpetrated by hackers are most likely to be crimes against property.
The hacker ethics associated with online freedom of speech and access
to information directly conflict with the application of proprietary law
to cyberspace. Such legislation extends to Internet usage, such as email
and BBSs, as well as to property owned and hosted on the Web. As such,
legislative efforts represent the greatest threat to the ethics of the
original online communities and hackers.
Hacking
since September 11
On September
19, the Electronic Frontier Foundation joined over 150 members of the
In Defense
of Freedom coalition to oppose
the American Depart of Justice's proposed Anti-Terrorism law, on the grounds
that it seriously violates electronic civil liberties. EFF's chief concerns
are the addition of low-level computer intrusion and defacement of web
pages to the list of offences that allow wiretaps, something that seems
unrelated to terrorism, and the increase in the amount of surveillance
of e-mail that can be done without serious court review.
Bill C-36,
Canada's Anti-Terrorism Act, has received Royal
Assent and includes the following provisions:
- The investigatory
powers currently in the Criminal Code and in Bill C-24 that make it
easier to use electronic surveillance against criminal organizations
will be applied to terrorist groups. This includes eliminating the need
to demonstrate that electronic surveillance is a last resort in the
investigation of terrorists. The proposed legislation will extend the
period of validity of a wiretap authorization from the current 60 days
to up to one year when police are investigating a terrorist group offence.
A Superior Court judge will still have to approve the use of electronic
surveillance to ensure that these powers are used appropriately. Further,
the requirement to notify a target after surveillance has taken place
can be delayed for up to three years.
- The National
Defence Act will be amended to clarify the mandate of the Communications
Security Establishment (CSE), under strict controls, to: intercept the
communications of foreign targets abroad; and undertake security checks
of government computer networks to protect them from terrorist activity.
The permission of the Minister of National Defence will be required
to authorize any interception of private communications of foreign targets
abroad in order to ensure that the privacy of individual Canadians is
protected.
- Amending
the Criminal Code to allow the courts to order the deletion of publicly
available hate propaganda from computer systems such as an Internet
site. Individuals who post the material will be given the opportunity
to convince the court that the material is not hate propaganda. The
provision applies to hate propaganda that is located on Canadian computer
systems, regardless of where the owner of the material is located or
whether he or she can be identified.
- Amending
the Canadian Human Rights Act to clarify that the prohibition against
spreading repeated hate messages by telephonic communications includes
all telecommunications technologies.
Convictions
under these offences carry ten year to life sentences.
[ Top ]
Implications
for Internet Governance
On the most
basic level of any discussion of cyberspace are the distinctions made
between the virtual and the real, the actual and the potential (see Hillis
1999 and Nunes 1997).
In other words, is cyberspace the electronic frontier promised by the
Internet founders? Is it a public space at all? Is it qualitatively different
enough from real-life to justify a total absence of government regulation?
My project
argues that the original Internet and its associated participatory communities
and ethics were largely pushed aside by the advent of the proprietory
World Wide Web. With the commercialisation of the Internet came ethics
of property and ownership, directly opposing the libertarian philosophies
of the first cyber-citizens.
As such,
the case of hackers can be used to evaluate promises of a digital democracy.
Discourse
surrounding hacking, and the construction of hackers in mass media can
be seen to indicate shifting ethics. But as Hague
and Loader (1999:3) point out, both notions of digital utopias and
surveillence societies rely too heavily on technological determinism.
New information technologies emerge from interactions between technology
and society (see Lunenfeld
2000). We build the social space of the Internet with hardware, software
and wetware.
When it comes
to matters of access and participation, even the utopian vision of the
Internet has boundaries - one must have the right technologies and the
right ethics to participate in an online community. And the architecture
of the Web makes data management more important than information exchange.
So where is this revolution taking us?
Online discourse
and decision-making often remain in the hands of corporate media and information
technologies, and not in the hands of the people (Malina
1999). Globalisation raises issues of access and regulation, as well
as the potential for political agency (see Loader
1998).
If the case
of hacking and its associated ethic are any indication of the future of
cyber-democracy, then the situation is not entirely positive. Hegemonic
processes regarding ownership and authority are already replacing original
online freedoms. Particular philosophies and politics are increasingly
labelled anti-capitalist and extremist, creating "others" that
need to be controlled if hegemony is to be maintained.
Conversely,
it is hackers who have demonstrated the potentials of cyber-democracy
and who may provide ethical models for both technological innovation and
strategies for social change.
The revolution
is not over yet.
[ Top ]
Bibliography
Abbate, J.
1999. Inventing the Internet. Cambridge, MA: MIT Press.
Hague, B.
and B. Loader (eds). 1999. Digital Democracy: Discourse and decision
making in the information age. New York: Routledge.
Hancock,
Bill. 2000. Is a Convicted Hacker Really Reformed and Should You Hire
Them? Computers and Security 19 (6): 491-493.
Hillis, K.
1999. Digital Sensations: Space, identity and embodiment in virtual
reality. Minneapolis: University of Minnesota Press.
Hinde, Stephan.
2000. Smurfing, Swamping, Spamming, Spoofing, Squatting, Slandering, Surfing,
Scamming and Other Mischiefs of the World Wide Web. Computers and Security
19 (4): 312-320.
Holmes, D.
(ed). 1997. Virtual Politics: Identity and community in cyberspace.
London: Sage.
Jones, S.
(ed). 1995. Cybersociety. London: Sage.
Jones, S.
(ed). 1998. Cybersociety 2.0: Revisiting computer mediated communication
and technology. London: Sage.
Kitchen,
Rob. 1998. The History and Growth of Cyberspace. In R. Kitchen (ed). Cyberspace.
London: Wiley.
Lessig, L.
1999. Code and Other Laws of Cyberspace. New York: Basic Books.
Loader, Brian
(ed). 1998. Cyberspace Divide: Equality, Agency and Policy in the Information
Society. London: Routledge.
Lunenfeld,
Peter. (ed). 2000. The Digital Dialectic. Cambridge, MA: MIT Press.
Malina, Anna.
1999. Perspectives on citizen democritsation and alienation in the virtual
public sphere. In B. Hague and B. Loader (eds). Digital Democracy:
Discourse and decision making in the information age. New York: Routledge.
Nunes, Mark.
1997. What Space is Cyberspace? in D. Holmes (ed). Virtual Politics:
Identity and community in cyberspace. London: Sage.
Shields,
R. (ed). 1996. Cultures of Internet. London: Sage.
Taylor, P.
1999. Hackers. New York: Routledge.
Ward, Katie.
2000. The Emergence of the Hybrid Community: Rethinking the Physical-Virtual
Dichotomy. Virtual Space and Organizational Networks; Space and Culture
4/5: 71-86.
Recommended
Further Reading
Alexander,
C. and L. Pal (eds). 1998. Digital Democracy: Politics and policy in
the wired world. Oxford: Oxford University Press.
Alexander, Y. 1999. Cyberterrorism and Information Warfare. Dobbs
Ferry, NY: Oceana Publications.
Axford, B. and Higgins, R. (eds). 2000. The New Media and Politics.
London: Sage.
Barrett, N. 1997. Digital Crime: Policing the cybernation. London:
Kogan Page.
Bell, D. and B. Kennedy (eds). 2000. The Cybercultures Reader.
London: Routledge.
Bey, Hakim. 1991. T.A.Z. Temporary Autonomous Zone, Ontological Anarchy,
Poetic Terrorism. Brooklyn, NY: Autonomedia.
Boele-Woelki, K., C. Kessedjian and M. Pelichet (eds). 1998. Internet:
Which court decides, which law applies? The Hague: Kluwer Law International.
Caldwell, J. (ed). 2000. Electronic Media and Technoculture. New
Brunswick, NJ: Rutgers University Press.
Critical Art Ensemble. 1996. Electronic Civil Disobedience and Other
Unpopular Ideas. Brooklyn, NY: Autonomedia.
De Landa, M. 1991. War in the Age of Intelligent Machines. New York: Zone
Books.
Della Porta, D., H. Kriesi and D. Rucht (eds). 1999. Social Movements
in a Globalizing World. Basingstoke. UK: MacMillan.
Denning, D. and P. Denning (eds). 1998. Internet besieged: Countering
cyberspace scofflaws. New York: ACM Press.
Der Derian, J. 1992. Antidiplomacy: spies, terror, speed and war.
Cambridge, MA: Blackwell.
Dodge, M. and R. Kitchen. Mapping Cyberspace. 2000. London: Routledge.
Dutton, W. (ed). 1999. Society on the Line: Information politics in
the digital age. Oxford: Oxford University Press.
Ebo, B. (ed). 1998. Cyberghetto or cybertopia? Race, class and gender
on the internet. Westport, CT: Praeger. Edwards, L. and C. Waelde
(eds). 1997. Law and the Internet: Regulating cyberspace. Oxford: Hart
Publishing.
Everard, J. 1999. Virtual States: The internet and the boundaries of
the nation state. London: Routledge.
Gauntlett, D. (ed). 2000. Web.Studies: Rewiring media studies for the
digital age. Oxford: Oxford University Press.
Grabosky, P. 1998. Crime in the digital age: Controlling telecommunications
and cyberspace illegalities. New Brunswick, NJ: Transaction Publishers.
Grossman, W. 1997. Net.Wars. New York: New York University Press.
Gutstein, D. 1999. E.con: how the internet undermines democracy.
Toronto: Stoddart.
Hacker, K. (ed). 2000. Digital Democracy: Issues of theory and practice.
London: Sage.
Hague, B. and B. Loader (eds). 1999. Digital Democracy: Discourse and
decision making in the information age. New York: Routledge.
Harvey, F. and A. Griffiths (eds). 1999. Foreign and security policy
in the information age. Halifax, NS: Centre for Foreign Policy Studies,
Dalhousie University.
Henry, R. and C.E. Peartree (eds). 1997. The Information Revolution
and International Security. Washington: Center for Strategic & International
Studies.
Herman, A. and T. Swiss (eds). 2000. The World Wide Web and Contemporary
Social Theory. New York: Routledge.
Hill, K. and J. Hughes. 1998. Cyberpolitics: Citizen activism in the
age of the internet. Lanham, MD: Rowman and Littlefield.
Huber, P. 1997. Law and Disorder in Cyberspace: Abolish the FCC and
let common law rule the telecosm. Oxford: Oxford University Press.
Industry Canada. 1997. Cyberspace is not a "no law land": A study of
the issues of liability for content circulating on the internet. Ottawa:
Industry Canada.
Johnson, S. 1997. Interface Culture. New York: HarperEdge.
Jones, S. (ed). 1997. Virtual Culture: Identity and Community in Cybersociety.
London: Sage.
Jordan, T. 1999. Cyberpower: The culture and politics of cyberspace
and the internet. London: Routledge.
Kahin, B and C. Nesson (eds). 1996. Borders in Cyberspace: Information
policy and the global information infrastructure. Cambridge, Mass:
MIT Press.
Kizza, J. 1998. Civilizing the Internet: Global concerns and efforts
toward regulation. Jefferson, NC: McFarland.
Kolko, B., L. Nakamura and G. Rodman (eds). 2000. Race in Cyberspace.
London: Routledge.
Lipschultz, J. 2000. Free Expression in the Age of the Internet: Social
and legal boundaries. Boulder, CO: Westview Press.
Loader, B. (ed). 1997. The Governance of Cyberspace: Politics, technology
and global restructuring. New York: Routledge.
Ludlow, P. (ed). 1996. High Noon on the Electronic Frontier: Conceptual
issues in cyberspace. Cambridge, MA: MIT Press.
Mackay, H. and T. O'Sullivan (eds). 1999. The Media Reader: Continuity
and Transformation. London: Sage.
Margolis, M. and D. Resnick. 2000. Politics as Usual: The cyberspace
'revolution'. London: Sage.
Miller, S. 1996. Civilizing Cyberspace: Policy, power and the Information
Superhighway. ACM Press.
Morley, D. and K. Robbins. 1995. Spaces of Identity: Global media,
electronic landscapes and cultural boundaries. London: Routledge.
Negroponte, N. 1996. Being Digital. Toronto: Random House Canada.
O Tuathail, G. 1996. Critical Geopolitics. Minneapolis: University
of Minnesota Press.
Plant, S. 1997. Zeroes and Ones: Digital women and the new technoculture.
New York: Doubleday.
Poster, M. 1995. The Second Media Age. Cambridge, UK: Polity Press.
Rash, W. 1997. Politics on the Net: Wiring the political process.
New York: Computer Science Press.
Rosenoer, J. 1996. Cyberlaw: The law of the internet. New York:
Springer.
Ryan, M. (ed). 1998. Cyberspace Textuality: Computer technology and
literary theory. Bloomington: University of Indiana Press.
Sardar, Z. and J. Ravetz (eds). 1996. Cyberfutures: Culture and politics
on the information superhighway. Pluto Press.
Shapiro, A. 1999. The Control Revolution: How the internet is putting
individuals in charge and changing the world we know. New York: Public
Affairs.
Smith, M. and P. Kollock (eds). 1999. Communities in Cyberspace.
London: Routledge.
Stefik, M. (ed). 1997. Internet Dreams: Archetypes, myths, and metaphors.
Cambridge, MA:MIT Press.
Stefik, M. 1999. The Internet Edge: Social, technical, and legal challenges
for a networked world. Cambridge, MA: MIT Press.
Stichler, R. and R. Hauptman (eds). 1998. Ethics, Information and Technology:
Readings. Jefferson, NC: McFarland.
Stone, A.R. 1996. The War of Desire and Technology at the Close of
the Mechanical Age. Cambridge, MA: MIT Press.
Thussu, D.K. (ed). 1998. Electronic Empires: Global media and local
resistance. Oxford: Oxford University Press.
Tsagarousianou, R., D. Tambiani and C. Bryan. 1998. Cyberdemocracy:
Technology, cities and civic networks. New York: Routledge.
Turkle, S. 1996. Life on the Screen: Identity in the age of the internet.
New York: Simon and Schuster.
Valvovic, T. 2000. Digital Mythologies: The hidden complexities of
the internet. New Brunswick, NJ: Rutgers University Press.
Wise, J.M. 1997. Exploring technology and social space. Thousand
Oaks, CA: Sage.
[ Top ]
Background
This is an ongoing project last updated 27 January, 2002.
Originally
submitted as "Hackers: a cautionary tale" for:
New Media
& Virtual Spaces
Sociology 53.566
Prof. Rob Shields
Carleton University
Ottawa, Ontario, Canada
4 December, 2000
Copyright
Copyright © 2000-2002 Anne Galloway
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.1 or
any later version published by the Free Software Foundation; with the
Invariant Sections being "Freedom and Control on the Electronic Frontier,"
"Hackers According to Themselves," "Hackers According to
the Media," "Hackers According to the Powers That Be,"
and "Implications for Internet Governance," with no Front-Cover
Texts, and with no Back-Cover Texts. A copy of the license is included
in the section entitled "GNU
Free Documentation License".
[ Top ]
|