Please consider a donation to the Higher Intellect project. See https://preterhuman.net/donate.php or the Donate to Higher Intellect page for more info.

Changes

Jump to navigation Jump to search
no edit summary
Line 13: Line 13:  
Abstract
 
Abstract
 
   
 
   
A diffuse group of people often called ``hackers'' has been
+
A diffuse group of people often called "hackers" has been
 
characterized as unethical, irresponsible, and a serious danger to
 
characterized as unethical, irresponsible, and a serious danger to
 
society for actions related to breaking into computer systems.  This
 
society for actions related to breaking into computer systems.  This
Line 43: Line 43:  
firmament of networks.  Stories about attacks, breakins, disruptions,
 
firmament of networks.  Stories about attacks, breakins, disruptions,
 
theft of information, modification of files, and the like appear
 
theft of information, modification of files, and the like appear
frequently in the newspapers.  A diffuse group called ``hackers''
+
frequently in the newspapers.  A diffuse group called "hackers"
 
is often the target of scorn and blame for these actions.  Why are
 
is often the target of scorn and blame for these actions.  Why are
 
computer networks any different from other vulnerable public networks?
 
computer networks any different from other vulnerable public networks?
Line 86: Line 86:  
The interview was conducted electronically.  I quickly discovered
 
The interview was conducted electronically.  I quickly discovered
 
that I had much more to learn from Drake's questions than to teach.
 
that I had much more to learn from Drake's questions than to teach.
For example, he asked: ``Is providing computer security for large
+
For example, he asked: "Is providing computer security for large
 
databases that collect information on us a real service?  How do
 
databases that collect information on us a real service?  How do
you balance the individual's privacy vs. the corporations?'' This
+
you balance the individual's privacy vs. the corporations?" This
 
question surprised me.  Nothing that I had read about hackers ever
 
question surprised me.  Nothing that I had read about hackers ever
suggested that they might care about privacy.  He also asked: ``What
+
suggested that they might care about privacy.  He also asked: "What
 
has [the DES] taught us about what the government's (especially NSA's)
 
has [the DES] taught us about what the government's (especially NSA's)
role in cryptography should be?'' Again, I was surprised to discover
+
role in cryptography should be?" Again, I was surprised to discover
 
a concern for the role of the government in computer security.  I
 
a concern for the role of the government in computer security.  I
 
did not know at the time that I would later discover considerable
 
did not know at the time that I would later discover considerable
Line 101: Line 101:  
meeting, we continued our dialog electronically with me interviewing
 
meeting, we continued our dialog electronically with me interviewing
 
him.  This gave me the opportunity to explore his views in greater
 
him.  This gave me the opportunity to explore his views in greater
depth.  Both interviews appear in ``Computers Under Attack,''
+
depth.  Both interviews appear in "Computers Under Attack,"
 
edited by Peter Denning [DenningP90].
 
edited by Peter Denning [DenningP90].
 
   
 
   
Line 109: Line 109:  
from 17 to 28.
 
from 17 to 28.
 
   
 
   
The word ``hacker'' has taken on many different meanings ranging
+
The word "hacker" has taken on many different meanings ranging
from 1) ``a person who enjoys learning the details of computer systems
+
from 1) "a person who enjoys learning the details of computer systems
and how to stretch their capabilities'' to 2) ``a malicious or
+
and how to stretch their capabilities" to 2) "a malicious or
 
inquisitive meddler who tries to discover information by poking around
 
inquisitive meddler who tries to discover information by poking around
.. possibly by deceptive or illegal means ...'' [Steele83]  The
+
.. possibly by deceptive or illegal means ..." [Steele83]  The
 
hackers described in this paper satisfy both of these definitions,
 
hackers described in this paper satisfy both of these definitions,
 
although all of the hackers I spoke with said they did not engage
 
although all of the hackers I spoke with said they did not engage
Line 122: Line 122:  
businesses, or about people who use stolen credit cards to purchase
 
businesses, or about people who use stolen credit cards to purchase
 
goods.  The characteristics of many of the hackers I am writing about
 
goods.  The characteristics of many of the hackers I am writing about
are summed up in the words of one of the hackers: ``A hacker is someone
+
are summed up in the words of one of the hackers: "A hacker is someone
 
that experiments with systems... [Hacking] is playing with systems
 
that experiments with systems... [Hacking] is playing with systems
 
and making them do what they were never intended to do.  Breaking
 
and making them do what they were never intended to do.  Breaking
Line 129: Line 129:  
able to find out anything.  There is also the David and Goliath side
 
able to find out anything.  There is also the David and Goliath side
 
of it, the underdog vs. the system, and the ethic of being a folk
 
of it, the underdog vs. the system, and the ethic of being a folk
hero, albeit a minor one.''
+
hero, albeit a minor one."
 
   
 
   
 
Richard Stallman, founder of the Free Software Foundation who calls
 
Richard Stallman, founder of the Free Software Foundation who calls
 
himself a hacker according to the first sense of the word above,
 
himself a hacker according to the first sense of the word above,
recommends calling security-breaking hackers ``crackers''
+
recommends calling security-breaking hackers "crackers"
 
[Stallman84].  While this description may be more accurate, I shall
 
[Stallman84].  While this description may be more accurate, I shall
use the term ``hacker'' since the people I am writing about call
+
use the term "hacker" since the people I am writing about call
 
themselves hackers and all are interested in learning about computer
 
themselves hackers and all are interested in learning about computer
 
and communication systems.  However, there are many people like
 
and communication systems.  However, there are many people like
Line 147: Line 147:  
networks, and Meyer and Thomas [MeyerThomas90] for an interesting
 
networks, and Meyer and Thomas [MeyerThomas90] for an interesting
 
interpretation of the computer underground as a postmodernist rejection
 
interpretation of the computer underground as a postmodernist rejection
of conventional culture that substitutes ``rational technological
+
of conventional culture that substitutes "rational technological
control of the present for an anarchic and playful future.''
+
control of the present for an anarchic and playful future."
 
   
 
   
 
I do not pretend to know all the concerns that hackers have, nor
 
I do not pretend to know all the concerns that hackers have, nor
Line 188: Line 188:  
3.  Access to Computers and Information for Learning
 
3.  Access to Computers and Information for Learning
 
   
 
   
Although Levy's book ``Hackers'' [Levy84] is not about today's
+
Although Levy's book "Hackers" [Levy84] is not about today's
security-breaking hackers, it articulates and interprets a ``hacker
+
security-breaking hackers, it articulates and interprets a "hacker
ethic'' that is shared by many of these hackers.  The ethic includes
+
ethic" that is shared by many of these hackers.  The ethic includes
 
two key principles that were formulated in the early days of the
 
two key principles that were formulated in the early days of the
AI Lab at MIT: ``Access to computers -- and anything which might
+
AI Lab at MIT: "Access to computers -- and anything which might
 
teach you something about the way the world works -- should be
 
teach you something about the way the world works -- should be
unlimited and total,'' and ``All information should be free.'' In
+
unlimited and total," and "All information should be free." In
 
the context in which these principles were formulated, the computers
 
the context in which these principles were formulated, the computers
 
of interest were research machines and the information was software
 
of interest were research machines and the information was software
Line 201: Line 201:  
Since Stallman is a leading advocate of open systems and freedom
 
Since Stallman is a leading advocate of open systems and freedom
 
of information, especially software, I asked him what he means by
 
of information, especially software, I asked him what he means by
this.  He said: ``I believe that all generally useful information
+
this.  He said: "I believe that all generally useful information
should be free. By `free' I am not referring to price, but rather
+
should be free. By `free` I am not referring to price, but rather
 
to the freedom to copy the information and to adapt it to one's own
 
to the freedom to copy the information and to adapt it to one's own
uses.'' By ``generally useful'' he does not include confidential
+
uses." By "generally useful" he does not include confidential
 
information about individuals or credit card information, for example.
 
information about individuals or credit card information, for example.
He further writes: ``When information is generally useful,
+
He further writes: "When information is generally useful,
 
redistributing it makes humanity wealthier no matter who is
 
redistributing it makes humanity wealthier no matter who is
distributing and no matter who is receiving.'' Stallman has argued
+
distributing and no matter who is receiving." Stallman has argued
 
strongly against user interface copyright, claiming that it does
 
strongly against user interface copyright, claiming that it does
 
not serve the users or promote the evolutionary process [Stallman90].
 
not serve the users or promote the evolutionary process [Stallman90].
Line 226: Line 226:  
These views of information sharing seem to go back at least as far
 
These views of information sharing seem to go back at least as far
 
as the 17th and 18th Centuries.  Samuelson [Samuelson89] notes that
 
as the 17th and 18th Centuries.  Samuelson [Samuelson89] notes that
``The drafters of the Constitution, educated in the Enlightenment
+
"The drafters of the Constitution, educated in the Enlightenment
 
tradition, shared that era's legacy of faith in the enabling powers
 
tradition, shared that era's legacy of faith in the enabling powers
of knowledge for society as well as the individual.'' She writes
+
of knowledge for society as well as the individual." She writes
 
that our current copyright laws, which protect the expression of
 
that our current copyright laws, which protect the expression of
 
information, but not the information itself, are based on the belief
 
information, but not the information itself, are based on the belief
Line 264: Line 264:  
locks and other security mechanisms on systems; their background
 
locks and other security mechanisms on systems; their background
 
in systems and programming varies considerably.  One hacker wrote
 
in systems and programming varies considerably.  One hacker wrote
``A hacker sees a security hole and takes advantage of it because
+
"A hacker sees a security hole and takes advantage of it because
 
it is there, not to destroy information or steal.  I think our
 
it is there, not to destroy information or steal.  I think our
 
activities would be analogous to someone discovering methods of
 
activities would be analogous to someone discovering methods of
 
acquiring information in a library and becoming excited and perhaps
 
acquiring information in a library and becoming excited and perhaps
engrossed.''
+
engrossed."
 
   
 
   
 
We should not underestimate the effectiveness of the networks in
 
We should not underestimate the effectiveness of the networks in
Line 291: Line 291:  
courses in BASIC and PASCAL, and that he was bored by these.  Hans
 
courses in BASIC and PASCAL, and that he was bored by these.  Hans
 
Huebner, a hacker in Germany who goes by the name Pengo, wrote in
 
Huebner, a hacker in Germany who goes by the name Pengo, wrote in
a note to the RISKS Forum [Huebner89] : ``I was just interested in
+
a note to the RISKS Forum [Huebner89] : "I was just interested in
 
computers, not in the data which has been kept on their disks. As
 
computers, not in the data which has been kept on their disks. As
 
I was going to school at that time, I didn't even have the money
 
I was going to school at that time, I didn't even have the money
Line 300: Line 300:  
been patient and wait[ed] until I could go to the university and
 
been patient and wait[ed] until I could go to the university and
 
use their machines.  Some of you might understand that waiting was
 
use their machines.  Some of you might understand that waiting was
just not the thing I was keen on in those days.''
+
just not the thing I was keen on in those days."
 
   
 
   
 
Brian Harvey, in his position paper [Harvey86] for the ACM Panel on
 
Brian Harvey, in his position paper [Harvey86] for the ACM Panel on
Line 315: Line 315:  
had the skill and interest to be password hackers were discouraged
 
had the skill and interest to be password hackers were discouraged
 
from this activity because they also wanted to keep the trust of
 
from this activity because they also wanted to keep the trust of
their colleagues in order that they could acquire ``superuser'' status
+
their colleagues in order that they could acquire "superuser" status
 
on the system.
 
on the system.
 
   
 
   
Line 336: Line 336:  
either part-time on a continuing basis or on a periodic basis; and,
 
either part-time on a continuing basis or on a periodic basis; and,
 
following a suggestion from Felsenstein [Felsenstein86] for a
 
following a suggestion from Felsenstein [Felsenstein86] for a
``Hacker's League,'' that a league analogous to the Amateur Radio
+
"Hacker's League," that a league analogous to the Amateur Radio
 
Relay League be established to make contributed resources available
 
Relay League be established to make contributed resources available
 
for educational purposes.
 
for educational purposes.
Line 369: Line 369:  
4.  Thrill, Excitement, and Challenge
 
4.  Thrill, Excitement, and Challenge
 
   
 
   
One hacker wrote that ``Hackers understand something basic about
+
One hacker wrote that "Hackers understand something basic about
 
computers, and that is that they can be enjoyed.  I know none who
 
computers, and that is that they can be enjoyed.  I know none who
 
hack for money, or hack to frighten the company, or hack for anything
 
hack for money, or hack to frighten the company, or hack for anything
but fun.''
+
but fun."
 
   
 
   
In the words of another hacker, ``Hacking was the ultimate cerebral
+
In the words of another hacker, "Hacking was the ultimate cerebral
 
buzz for me.  I would come home from another dull day at school,
 
buzz for me.  I would come home from another dull day at school,
 
turn my computer on, and become a member of the hacker elite.  It
 
turn my computer on, and become a member of the hacker elite.  It
Line 390: Line 390:  
could be the one that would bring the authorities crashing down on
 
could be the one that would bring the authorities crashing down on
 
me.  I was on the edge of technology and exploring past it, spelunking
 
me.  I was on the edge of technology and exploring past it, spelunking
into electronic caves where I wasn't supposed to be.''
+
into electronic caves where I wasn't supposed to be."
 
   
 
   
 
The other hackers I spoke with made similar statements about the
 
The other hackers I spoke with made similar statements about the
 
fun and challenge of hacking.  In SPIN magazine [Dibbel90], reporter
 
fun and challenge of hacking.  In SPIN magazine [Dibbel90], reporter
 
Julian Dibbell speculated that much of the thrill comes from the
 
Julian Dibbell speculated that much of the thrill comes from the
dangers associated with the activity, writing that ``the technology
+
dangers associated with the activity, writing that "the technology
just lends itself to cloak-and-dagger drama,'' and that ``hackers
+
just lends itself to cloak-and-dagger drama," and that "hackers
 
were already living in a world in which covert action was nothing
 
were already living in a world in which covert action was nothing
more than a game children played.''
+
more than a game children played."
 
   
 
   
 
Eric Corley [Corley89] characterizes hacking as an evolved form of
 
Eric Corley [Corley89] characterizes hacking as an evolved form of
 
mountain climbing.  In describing an effort to construct a list of
 
mountain climbing.  In describing an effort to construct a list of
active mailboxes on a Voice Messaging System, he writes ``I suppose
+
active mailboxes on a Voice Messaging System, he writes "I suppose
 
the main reason I'm wasting my time pushing all these buttons is
 
the main reason I'm wasting my time pushing all these buttons is
 
simply so that I can make a list of something that I'm not supposed
 
simply so that I can make a list of something that I'm not supposed
to have and be the first person to accomplish this.'' He said that
+
to have and be the first person to accomplish this." He said that
 
he was not interested in obtaining an account of his own on the system.
 
he was not interested in obtaining an account of his own on the system.
Gordon Meyer says he found this to be a recurring theme: ``We aren't
+
Gordon Meyer says he found this to be a recurring theme: "We aren't
supposed to be able to do this, but we can'' -- so they do.
+
supposed to be able to do this, but we can" -- so they do.
 
   
 
   
 
One hacker said he was now working on anti-viral programming.  He
 
One hacker said he was now working on anti-viral programming.  He
Line 425: Line 425:  
any problems.  Hackers say they are outraged when other hackers cause
 
any problems.  Hackers say they are outraged when other hackers cause
 
damage or use resources that would be missed, even if the results
 
damage or use resources that would be missed, even if the results
are unintentional and due to incompetence.  One hacker wrote ``I
+
are unintentional and due to incompetence.  One hacker wrote "I
 
have ALWAYS strived to do NO damage, and inconvenience as few people
 
have ALWAYS strived to do NO damage, and inconvenience as few people
 
as possible.  I NEVER, EVER, EVER DELETE A FILE.  One of the first
 
as possible.  I NEVER, EVER, EVER DELETE A FILE.  One of the first
commands I do on a new system is disable the delete file command.''
+
commands I do on a new system is disable the delete file command."
 
Some hackers say that it is unethical to give passwords and similar
 
Some hackers say that it is unethical to give passwords and similar
 
security-related information to persons who might do damage.  In
 
security-related information to persons who might do damage.  In
Line 457: Line 457:  
raised properly as a civilized member of society, and not appreciating
 
raised properly as a civilized member of society, and not appreciating
 
the rules of living in society.  One hacker responded to this with
 
the rules of living in society.  One hacker responded to this with
``What does `being brought up properly' mean?  Some would say that
+
"What does `being brought up properly` mean?  Some would say that
it is `good' to keep to yourself, mind your own business.  Others
+
it is `good` to keep to yourself, mind your own business.  Others
 
might argue that it is healthy to explore, take risks, be curious
 
might argue that it is healthy to explore, take risks, be curious
and discover.'' Brian Harvey [Harvey86] notes that many hackers are
+
and discover." Brian Harvey [Harvey86] notes that many hackers are
 
adolescents, and that adolescents are at a less developed stage of
 
adolescents, and that adolescents are at a less developed stage of
 
moral development than adults, where they might not see how the effects
 
moral development than adults, where they might not see how the effects
Line 476: Line 476:  
hacking may be encouraged during the process of becoming computer
 
hacking may be encouraged during the process of becoming computer
 
literate.  Some of my colleagues say that hackers are irresponsible.
 
literate.  Some of my colleagues say that hackers are irresponsible.
One hacker responded ``I think it's a strong indication of the amount
+
One hacker responded "I think it's a strong indication of the amount
 
of responsibility shown that so FEW actually DAMAGING incidents are
 
of responsibility shown that so FEW actually DAMAGING incidents are
known.''
+
known."
 
   
 
   
 
But we must not overlook that the differences in ethics also reflect
 
But we must not overlook that the differences in ethics also reflect
Line 485: Line 485:  
ownership as property.  The differences also represent an opportunity
 
ownership as property.  The differences also represent an opportunity
 
to examine our own ethical behavior and our practices for information
 
to examine our own ethical behavior and our practices for information
sharing and protection.  For example, one hacker wrote ``I will accept
+
sharing and protection.  For example, one hacker wrote "I will accept
 
that it is morally wrong to copy some proprietary software, however,
 
that it is morally wrong to copy some proprietary software, however,
 
I think that it is morally wrong to charge $6000 for a program that
 
I think that it is morally wrong to charge $6000 for a program that
is only around 25K long.'' Hence, I shall go into a few of the ethical
+
is only around 25K long." Hence, I shall go into a few of the ethical
 
points raised by hackers more closely.  It is not a simple case of
 
points raised by hackers more closely.  It is not a simple case of
 
good or mature (us) against bad or immature (hackers), or of teaching
 
good or mature (us) against bad or immature (hackers), or of teaching
Line 546: Line 546:  
Pethia says that some intruders seem to be disruptive to prove a
 
Pethia says that some intruders seem to be disruptive to prove a
 
point, such as that the systems are vulnerable, the security personnel
 
point, such as that the systems are vulnerable, the security personnel
are incompetent, or ``it's not nice to say bad things about hackers.''
+
are incompetent, or "it's not nice to say bad things about hackers."
 
In the N.Y. Times, John Markoff [Markoff90] wrote that the hacker
 
In the N.Y. Times, John Markoff [Markoff90] wrote that the hacker
 
who claimed to have broken into Cliff Stoll's system said he was
 
who claimed to have broken into Cliff Stoll's system said he was
upset by Stoll's portrayal of hackers in ``The Cuckoo's Egg''
+
upset by Stoll's portrayal of hackers in "The Cuckoo's Egg"
[Stoll90].  Markoff reported that the caller said: ``He [Stoll]
+
[Stoll90].  Markoff reported that the caller said: "He [Stoll]
 
was going on about how he hates all hackers, and he gave pretty much
 
was going on about how he hates all hackers, and he gave pretty much
of a one-sided view of who hackers are.''
+
of a one-sided view of who hackers are."
 
   
 
   
``The Cuckoo's Egg'' captures much of the popular stereotypes of
+
"The Cuckoo's Egg" captures much of the popular stereotypes of
 
hackers.  Criminologist Jim Thomas criticizes it for presenting a
 
hackers.  Criminologist Jim Thomas criticizes it for presenting a
 
simplified view of the world, one where everything springs from the
 
simplified view of the world, one where everything springs from the
 
forces of light (us) or of darkness (hackers) [Thomas90].  He claims
 
forces of light (us) or of darkness (hackers) [Thomas90].  He claims
 
that Stoll fails to see the similarities between his own activities
 
that Stoll fails to see the similarities between his own activities
(e.g., monitoring communications, ``borrowing'' monitors without
+
(e.g., monitoring communications, "borrowing" monitors without
 
authorization, shutting off network access without warning, and lying
 
authorization, shutting off network access without warning, and lying
 
to get information he wants) and those of hackers.  He points out
 
to get information he wants) and those of hackers.  He points out
Stoll's use of pejorative words such as ``varmint'' to describe
+
Stoll's use of pejorative words such as "varmint" to describe
hackers, and Stoll's quote of a colleague: ``They're technically
+
hackers, and Stoll's quote of a colleague: "They're technically
 
skilled but ethically bankrupt programmers without any respect for
 
skilled but ethically bankrupt programmers without any respect for
 
others' work -- or privacy.  They're not destroying one or two
 
others' work -- or privacy.  They're not destroying one or two
 
programs.  They're trying to wreck the cooperation that builds our
 
programs.  They're trying to wreck the cooperation that builds our
networks.'' [Stoll90, p. 159]  Thomas writes ``at an intellectual
+
networks." [Stoll90, p. 159]  Thomas writes "at an intellectual
 
level,  [Stoll] provides a persuasive, but simplistic, moral imagery
 
level,  [Stoll] provides a persuasive, but simplistic, moral imagery
 
of the nature of right and wrong, and provides what -- to a lay reader
 
of the nature of right and wrong, and provides what -- to a lay reader
Line 580: Line 580:  
given offense, and the research of Gordon Meyer and I suggests that
 
given offense, and the research of Gordon Meyer and I suggests that
 
criminalization may, in fact, contribute to the growth of the computer
 
criminalization may, in fact, contribute to the growth of the computer
underground.''
+
underground."
 
   
 
   
 
   
 
   
Line 587: Line 587:  
Hackers express concern about their negative public image and
 
Hackers express concern about their negative public image and
 
identity.  As noted earlier, hackers are often portrayed as being
 
identity.  As noted earlier, hackers are often portrayed as being
irresponsible and immoral.  One hacker said that ``government
+
irresponsible and immoral.  One hacker said that "government
 
propaganda is spreading an image of our being at best, sub-human,
 
propaganda is spreading an image of our being at best, sub-human,
 
depraved, criminally inclined, morally corrupt, low life.  We need
 
depraved, criminally inclined, morally corrupt, low life.  We need
Line 593: Line 593:  
interfering with life support equipment, robbing banks, and jamming
 
interfering with life support equipment, robbing banks, and jamming
 
911 lines) are as morally abhorent to us as they are to the general
 
911 lines) are as morally abhorent to us as they are to the general
public.''
+
public."
 
   
 
   
 
The public identity of an individual or group is generated in part
 
The public identity of an individual or group is generated in part
Line 602: Line 602:  
the hacking community, the simple act of breaking into systems is
 
the hacking community, the simple act of breaking into systems is
 
regarded as unethical by many.  The use of pejorative words like
 
regarded as unethical by many.  The use of pejorative words like
``vandal'' and ``varmint'' reflect this discrepency in ethics.  Even
+
"vandal" and "varmint" reflect this discrepency in ethics.  Even
the word ``criminal'' carries with it connotations of someone evil;
+
the word "criminal" carries with it connotations of someone evil;
 
hackers say they are not criminal in this sense.  Katie Hafner notes
 
hackers say they are not criminal in this sense.  Katie Hafner notes
 
that Robert Morris, who was convicted of launching the Internet worm,
 
that Robert Morris, who was convicted of launching the Internet worm,
Line 612: Line 612:  
an image of persons who are dangerous.  Regarding the 911 incident
 
an image of persons who are dangerous.  Regarding the 911 incident
 
where a hacker downloaded a file from Bell South, Goldstein reported
 
where a hacker downloaded a file from Bell South, Goldstein reported
``Quickly, headlines screamed that hackers had broken into the 911
+
"Quickly, headlines screamed that hackers had broken into the 911
 
system and were interfering with emergency telephone calls to the
 
system and were interfering with emergency telephone calls to the
 
police.  One newspaper report said there were no indications that
 
police.  One newspaper report said there were no indications that
 
anyone had died or been injured as a result of the intrusions.  What
 
anyone had died or been injured as a result of the intrusions.  What
a relief.  Too bad it wasn't true.'' [Goldstein90]  In fact, the
+
a relief.  Too bad it wasn't true." [Goldstein90]  In fact, the
 
hackers involved with the 911 text file had not broken into the 911
 
hackers involved with the 911 text file had not broken into the 911
 
system.  The dollar losses attributed to hacking incidents also are
 
system.  The dollar losses attributed to hacking incidents also are
Line 622: Line 622:  
   
 
   
 
Thomas and Meyer [ThomasMeyer90] say that the rhetoric depicting
 
Thomas and Meyer [ThomasMeyer90] say that the rhetoric depicting
hackers as a dangerous evil contributes to a ``witch hunt'' mentality,
+
hackers as a dangerous evil contributes to a "witch hunt" mentality,
 
wherein a group is first labeled as dangerous, and then enforcement
 
wherein a group is first labeled as dangerous, and then enforcement
 
agents are mobilized to exorcise the alleged social evil.  They see
 
agents are mobilized to exorcise the alleged social evil.  They see
Line 644: Line 644:  
   
 
   
 
Stallman also says that the laws make the hacker scared to communicate
 
Stallman also says that the laws make the hacker scared to communicate
with anyone even slightly ``official,'' because that person might
+
with anyone even slightly "official," because that person might
 
try to track the hacker down and have him or her arrested.  Drake
 
try to track the hacker down and have him or her arrested.  Drake
 
raised the issue of whether the laws could differentiate between
 
raised the issue of whether the laws could differentiate between
malicious and nonmalicious hacking, in support of a ``kinder, gentler''
+
malicious and nonmalicious hacking, in support of a "kinder, gentler"
 
relationship between hackers and computer security people.  In fact,
 
relationship between hackers and computer security people.  In fact,
 
many states such as California initially passed computer crime laws
 
many states such as California initially passed computer crime laws
Line 654: Line 654:  
Hollinger and Lanza-Kaduce speculate that these amendments and other
 
Hollinger and Lanza-Kaduce speculate that these amendments and other
 
new laws were catalyzed mainly by media events, especially the reports
 
new laws were catalyzed mainly by media events, especially the reports
on the ``414 hackers'' and the movie ``War Games,'' which created
+
on the "414 hackers" and the movie "War Games," which created
 
a perception of hacking as extremely dangerous, even if that perception
 
a perception of hacking as extremely dangerous, even if that perception
 
was not based on facts.
 
was not based on facts.
Line 675: Line 675:  
   
 
   
 
I asked some of the hackers whether they'd be interested in breaking
 
I asked some of the hackers whether they'd be interested in breaking
into systems if the rules of the ``game'' were changed so that instead
+
into systems if the rules of the "game" were changed so that instead
 
of being threatened by prosecution, they were invited to leave a
 
of being threatened by prosecution, they were invited to leave a
``calling card'' giving their name, phone number, and method of
+
"calling card" giving their name, phone number, and method of
 
breaking in.  In exchange, they would get recognition and points
 
breaking in.  In exchange, they would get recognition and points
 
for each vulnerability they discovered.  Most were interested in
 
for each vulnerability they discovered.  Most were interested in
Line 708: Line 708:  
maintaining anonymity of the hackers and ensuring confidentiality
 
maintaining anonymity of the hackers and ensuring confidentiality
 
of all records.  Another hacker, in describing an incident where
 
of all records.  Another hacker, in describing an incident where
he discovered a privileged account without a password, said ``What
+
he discovered a privileged account without a password, said "What
 
I (and others) wish for is a way that hackers can give information
 
I (and others) wish for is a way that hackers can give information
 
like this to a responsible source, AND HAVE HACKERS GIVEN CREDIT
 
like this to a responsible source, AND HAVE HACKERS GIVEN CREDIT
 
FOR HELPING! As it is, if someone told them that `I'm a hacker, and
 
FOR HELPING! As it is, if someone told them that `I'm a hacker, and
I REALLY think you should know...' they would freak out, and run
+
I REALLY think you should know...` they would freak out, and run
 
screaming to the SS [Secret Service] or the FBI. Eventually, the
 
screaming to the SS [Secret Service] or the FBI. Eventually, the
 
person who found it would be caught, and hauled away on some crazy
 
person who found it would be caught, and hauled away on some crazy
 
charge.  If they could only just ACCEPT that the hacker was trying
 
charge.  If they could only just ACCEPT that the hacker was trying
to help!'' The clearinghouse could also provide this type of service.
+
to help!" The clearinghouse could also provide this type of service.
 
   
 
   
 
Hackers are also interested in security policy issues.  Drake expressed
 
Hackers are also interested in security policy issues.  Drake expressed
Line 733: Line 733:  
work, and Eugene Spafford has urged people not to do business with
 
work, and Eugene Spafford has urged people not to do business with
 
any company that hires a convicted hacker to work in the security
 
any company that hires a convicted hacker to work in the security
area [ACM90].  He says that ``This is like having a known arsonist
+
area [ACM90].  He says that "This is like having a known arsonist
install a fire alarm.''   But, the laws are such that a person can
+
install a fire alarm."   But, the laws are such that a person can
 
be convicted for having done nothing other than break into a system;
 
be convicted for having done nothing other than break into a system;
no serious damage (i.e., no ``computer arson'') is necessary.  Many
+
no serious damage (i.e., no "computer arson") is necessary.  Many
 
of our colleagues admit to having broken into systems in the past,
 
of our colleagues admit to having broken into systems in the past,
 
e.g., Geoff Goodfellow [Goodfellow83] and Brian Reid [Frenkel87];
 
e.g., Geoff Goodfellow [Goodfellow83] and Brian Reid [Frenkel87];
Line 778: Line 778:  
$100 for trespassing; instead, he was put in jail without bail
 
$100 for trespassing; instead, he was put in jail without bail
 
[Goldstein89].  Craig Neidorf, a publisher and editor of the electronic
 
[Goldstein89].  Craig Neidorf, a publisher and editor of the electronic
newsletter ``Phrack,'' faces up to 31 years and a fine of $122,000
+
newsletter "Phrack," faces up to 31 years and a fine of $122,000
 
for receiving, editing, and transmitting the downloaded text file
 
for receiving, editing, and transmitting the downloaded text file
 
on the 911 system [Goldstein90].
 
on the 911 system [Goldstein90].
Line 793: Line 793:  
that such invasions of privacy took place before the hacker arrived
 
that such invasions of privacy took place before the hacker arrived
 
[Harpers90].  Referring to credit reports, government files, motor
 
[Harpers90].  Referring to credit reports, government files, motor
vehicle records, and the ``megabytes of data piling up about each
+
vehicle records, and the "megabytes of data piling up about each
of us,'' he says that thousands of people legally can see and use
+
of us," he says that thousands of people legally can see and use
 
this data, much of it erroneous.  He claims that the public has been
 
this data, much of it erroneous.  He claims that the public has been
 
misinformed about the databases, and that hackers have become
 
misinformed about the databases, and that hackers have become
Line 818: Line 818:  
Goldstein has also challenged the practices of law enforcement agencies
 
Goldstein has also challenged the practices of law enforcement agencies
 
in their attempt to crack down on hackers [Goldstein90].  He said
 
in their attempt to crack down on hackers [Goldstein90].  He said
that all incoming and outgoing electronic mail used by ``Phrack''
+
that all incoming and outgoing electronic mail used by "Phrack"
 
was monitored before the newsletter was shutdown by authorities.
 
was monitored before the newsletter was shutdown by authorities.
``Had a printed magazine been shut down in this fashion after having
+
"Had a printed magazine been shut down in this fashion after having
 
all of their mail opened and read, even the most thick-headed
 
all of their mail opened and read, even the most thick-headed
 
sensationalist media types would have caught on: hey, isn't that
 
sensationalist media types would have caught on: hey, isn't that
a violation of the First Amendment?'' He also cites the shutdown
+
a violation of the First Amendment?" He also cites the shutdown
 
of several bulletin boards as part of Operation Sun Devil, and quotes
 
of several bulletin boards as part of Operation Sun Devil, and quotes
the administrator of the bulletin board Zygot as saying ``Should
+
the administrator of the bulletin board Zygot as saying "Should
 
I start reading my users' mail to make sure they aren't saying anything
 
I start reading my users' mail to make sure they aren't saying anything
 
naughty?  Should I snoop through all the files to make sure everyone
 
naughty?  Should I snoop through all the files to make sure everyone
is being good?  This whole affair is rather chilling.'' The
+
is being good?  This whole affair is rather chilling." The
administrator for the public system The Point wrote ``Today, there
+
administrator for the public system The Point wrote "Today, there
 
is no law or precedent which affords me ... the same legal rights
 
is no law or precedent which affords me ... the same legal rights
 
that other common carriers have against prosecution should some other
 
that other common carriers have against prosecution should some other
 
party (you) use my property (The Point) for illegal activities.
 
party (you) use my property (The Point) for illegal activities.
That worries me ...''
+
That worries me ..."
 
   
 
   
 
About 40 personal computer systems and 23,000 data disks were seized
 
About 40 personal computer systems and 23,000 data disks were seized
Line 845: Line 845:  
that they challenge freedom of speech under the First Amendment and
 
that they challenge freedom of speech under the First Amendment and
 
protection against searches and seizures under the Fourth Amendment.
 
protection against searches and seizures under the Fourth Amendment.
Markoff asks: ``Will fear of hackers bring oppression?''
+
Markoff asks: "Will fear of hackers bring oppression?"
 
   
 
   
John Barlow writes ``The Secret Service may actually have done a
+
John Barlow writes "The Secret Service may actually have done a
 
service for those of us who love liberty.  They have provided us
 
service for those of us who love liberty.  They have provided us
 
with a devil.  And devils, among their other galvanizing virtues,
 
with a devil.  And devils, among their other galvanizing virtues,
 
are just great for clarifying the issues and putting iron in your
 
are just great for clarifying the issues and putting iron in your
spine.'' [Barlow90]  Some of the questions that Barlow says need
+
spine." [Barlow90]  Some of the questions that Barlow says need
to be addressed include ``What are data and what is free speech?
+
to be addressed include "What are data and what is free speech?
 
How does one treat property which has no physical form and can be
 
How does one treat property which has no physical form and can be
infinitely reproduced?  Is a computer the same as a printing press?''
+
infinitely reproduced?  Is a computer the same as a printing press?"
 
Barlow urges those of us who understand the technology to address
 
Barlow urges those of us who understand the technology to address
 
these questions, lest the answers be given to us by law makers and
 
these questions, lest the answers be given to us by law makers and
 
law enforcers who do not.  Barlow and Kapor are constituting the
 
law enforcers who do not.  Barlow and Kapor are constituting the
Computer Liberty Foundation to ``raise and disburse funds for
+
Computer Liberty Foundation to "raise and disburse funds for
 
education, lobbying, and litigation in the areas relating to digital
 
education, lobbying, and litigation in the areas relating to digital
speech and the extension of the Constitution into Cyberspace.''
+
speech and the extension of the Constitution into Cyberspace."
 
   
 
   
 
8.  Conclusions
 
8.  Conclusions
Line 868: Line 868:  
crimes.  This ethic of resource and information sharing contrasts
 
crimes.  This ethic of resource and information sharing contrasts
 
sharply with computer security policies that are based on authorization
 
sharply with computer security policies that are based on authorization
and ``need to know.'' This discrepancy raises an interesting question:
+
and "need to know." This discrepancy raises an interesting question:
 
Does the hacker ethic reflects a growing force in society that stands
 
Does the hacker ethic reflects a growing force in society that stands
 
for greater sharing of resources and information -- a reaffirmation
 
for greater sharing of resources and information -- a reaffirmation
Line 879: Line 879:  
   
 
   
 
The sentiment for greater information sharing is not restricted to
 
The sentiment for greater information sharing is not restricted to
hackers.  In the best seller ``Thriving on Chaos,'' Tom Peters
+
hackers.  In the best seller "Thriving on Chaos," Tom Peters
[Peters87] writes about sharing within organizations: ``Information
+
[Peters87] writes about sharing within organizations: "Information
 
hoarding, especially by politically motivated, power-seeking staffs,
 
hoarding, especially by politically motivated, power-seeking staffs,
 
has been commonplace throughout American industry, service and
 
has been commonplace throughout American industry, service and
 
manufacturing alike.  It will be an impossible millstone around the
 
manufacturing alike.  It will be an impossible millstone around the
neck of tomorrow's organizations.  Sharing is a must.'' Peters argues
+
neck of tomorrow's organizations.  Sharing is a must." Peters argues
 
that information flow and sharing is fundamental to innovation and
 
that information flow and sharing is fundamental to innovation and
 
competetiveness.  On a broader scale, Peter Drucker [Drucker89] says
 
competetiveness.  On a broader scale, Peter Drucker [Drucker89] says
that the ``control of information by government is no longer possible.
+
that the "control of information by government is no longer possible.
 
Indeed, information is now transnational.  Like money, it has no
 
Indeed, information is now transnational.  Like money, it has no
`fatherland.' ''
+
`fatherland.` "
 
   
 
   
 
Nor is the sentiment restricted to people outside the computer security
 
Nor is the sentiment restricted to people outside the computer security
Line 895: Line 895:  
share information, and that we are suspicious of organizations and
 
share information, and that we are suspicious of organizations and
 
individuals who are secretive.  He says that information is exchanged
 
individuals who are secretive.  He says that information is exchanged
out of ``want to know'' and mutual accommodation rather than ``need
+
out of "want to know" and mutual accommodation rather than "need
to know.'' If this is so, then some of our security policies are
+
to know." If this is so, then some of our security policies are
 
out of step with the way people work.  Peter Denning [DenningP89]
 
out of step with the way people work.  Peter Denning [DenningP89]
 
says that information sharing will be widespread in the emerging
 
says that information sharing will be widespread in the emerging
worldwide networks of computers and that we need to focus on ``immune
+
worldwide networks of computers and that we need to focus on "immune
systems'' that protect against mistakes in our designs and recover
+
systems" that protect against mistakes in our designs and recover
 
from damage.
 
from damage.
 
   
 
   
Line 913: Line 913:  
information as property and the Englightenment tradition of sharing
 
information as property and the Englightenment tradition of sharing
 
and disseminating information?  Is it controlling access based on
 
and disseminating information?  Is it controlling access based on
``need to know,'' as determined by the information provider, vs.
+
"need to know," as determined by the information provider, vs.
``want to know,'' as determined by the person desiring access?
+
"want to know," as determined by the person desiring access?
 
Is it law enforcement vs. freedoms granted under the First and Fourth
 
Is it law enforcement vs. freedoms granted under the First and Fourth
 
Amendments?  The answers to these questions, as well as those raised
 
Amendments?  The answers to these questions, as well as those raised

Navigation menu