This paper sets out to explore the poignant question of ethics and hacking. First by examining the etymology of the word, the history of its subculture and the disparity of fact and fiction. We will see how Hollywood has thwarted attempts to separate nefarious individuals from the mainstream hacker designation; therefore failing to push the term ‘ethical hacker’, outside the realm of an oxymoron for the majority of people.
Together we will discover the investigative and disclosure methods that anchor the ‘white hat’ hacker fraternity, and how it separates them from their more elusive, black and grey hatted cousins. We’ll touch on how our culture’s ethics can affect the law, and the consequences of reconciling any incongruence with our individual moral centre.
The Oxford English dictionary (ca. 2016) reports that, to be a hacker is to be; “a person who uses computers to gain unauthorised access to data”. If we are willing to yield to this assertion, we may petition that the hack of greatest historical significance, is the Allied efforts at Bletchley Park during the second world war. Operation Ultra had a simple mandate; break the code of a then state-of-the-art mechanical encryption machine known as Enigma. Success was vital, as the opposing Axis forces utilised the device for widespread military communication. Polish intelligence had broken Enigma in 1932, when key codes were changed once every few months. Now though, with the advent of war, Axis forces began changing key codes daily. In 1939, with invasion looming, the Poles handed the effort over to British Intelligence (Bletchley Park Trust, ca. 2005). In TechRepublic’s article “Hacking the Nazis”, Nick Heath emphasises the complexity of their task:
“The problem facing Britain and its allies early in the war was that the Enigma machine used to encrypt Nazi military traffic could scramble a message in 158 million million million ways, and each day the settings used would be changed (TechRepublic, 2015).”
When the first breakthrough at Bletchley Park occurred, it was born of a purely human effort. On the 23rd of January 1940, a small team of individuals managed to crack Enigma.
Following this, in a subsequently triumphant attempt to better automate and therefore hasten the breaking process, a mathematician named Alan Turing, a member of the originally successful team, built the first computer. Looking back, it’s pleasurable to muse that it was crafted for the sole purpose of hacking encrypted data (Bletchley Park Trust, ca. 2005).
The etymology of the word ‘hacker’, as used to describe a pursuit which is unrelated to the act of irregularly slicing or cutting, actually predates the age of personal computing. Ben Yagoda, Professor of journalism and english at the university of Delaware and author at The New Yorker suggests:
“It was at Massachusetts Institute of Technology that ‘hack’ first came to mean fussing with machines. The minutes of an April, 1955, meeting of the Tech Model Railroad Club state that ‘Mr. Eccles requests that anyone working or hacking on the electrical system turn the power off to avoid fuse blowing’ (The New Yorker, 2014).”
It was around this time in the 1950s, that a quasi-underground subculture was in its infancy. Phone Phreaking was an interest in, and manipulation of, the public switched telephone network. A collection of sometimes very young enthusiasts, discovered ways to manipulate the telephone service into making free calls. Blue boxing was the practice of mimicking the analogue tones a telephone operator’s console produced. Initially, this was done with crude methods such as whistles, then later in the 1960’s, with increasingly sophisticated cathodic devices. To anonymise their telephone calls, some criminals did purchase blue boxes from these early electronic pioneers. Though the innovators themselves remained largely motivated by the technical challenges; as well as a mostly good-natured sense of mischievousness. (The Secret History of Hacking, 2001).
It wasn’t until much later, in 1994, that a group of far less honourable hackers, would use their computers to enter the telecommunication system of Citibank. Upon gaining access, they began eavesdropping on customers stating their credentials over the phone. In total over 10 million US dollars, more than £15 million in today’s money, was transferred from various accounts. The group were eventually apprehended and consequently convicted; the vast majority of their gains recovered (Wall Street Journal, 1998).
Born of the terms coined at MIT Labs and Stanford University, 1985 witnessed the inclusion of ‘cracker’ in ‘The Jargon Files’. This was a publication intended to apply some standardisation to an array of more technical terms. By specifying the term ‘cracker’ to refer to persons who broke into computer systems for anarchistic or monetary gain, the far more virtuous hacker crowd sought to distance themselves (MIT IHFTP, ca. 2000). It states:
“While it is expected that any real hacker will have done some playful cracking and knows many of the basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate, benign, practical reasons (The Jargon Files, 1985).”
This attempt to migrate the widespread perception of a hacker away from that of malevolence, would mirror the failure of other, similar endeavors. When casting characters, Hollywood loathes mundanity; but it is of this, that the reality of hacking largely consists. Though as we have heard, there are some notable exceptions. Apple cofounder, Steve Wozniak fondly recalls this during his foreword in Phil Lapsley’s book, ‘Exploding the Phone’.
“Every hacker I’ve ever run into is always trying to explore the little tiny nuances of anything looking for a mistake, a crack they can get through. The blue box was this magical, unbelievable adventure. The fact that nobody else knew about it and I did made it special knowledge (Exploding the Phone 2013, p. xii).”
It was to be this almost universal hacker mentality; of covertly exploring and seeking to circumvent electronic boundaries, that would nourish Hollywood as it forged a new state-of-the-art caricature. They succeeded to sculpt an ever more technically capable parody, whose purpose was tapping into the technophobia of the masses. In 1995, one year after the Citibank heist, the public were furnished with two feature films. ‘Hackers’ and ‘The Net (IMDB, Ca. 2016)’ marked Hollywood’s first real recognition of the technologically advanced misconduct we are familiar with today.
When referring to persons who undertake cybercrime, the majority disregard, or are unaware of the more correct term ‘cracker’. Instead they continue to maintain, that a hacker is overwhelmingly iniquitous by nature. I define the word ‘normal’ as a fluid, ever changing standard, defined by whatever it is that the majority does, has, says, feels or wants. The Oxford English dictionary's (Ca. 2016) definition of hacker is upheld, because it is normal for people to agree with it. Thus I assert that subjectively, the term ‘ethical hacker’ remains an oxymoron for most people.
Regardless of this, it is a highly relevant and vital stepping stone; helping to better facilitate the introduction of a more virtuous hacker into the mainstream's consciousness. Only after this minor revolution has occurred, will people naturally seek to resolve the resulting literary conflict. It is my belief that at this juncture, the common person will instinctively grasp for another term; in so doing shifting our collective norm.
Reinforcing distinctions within the framework of ‘hacker’, is an important and worthwhile pursuit. A primary faction we should identify is that of a company sanctioned ‘white hat’ hacking penetration tester. It is from this group of highly skilled and formally accredited individuals, that the ‘ethical hacker’ image is conjured in most tech-savvy minds. These professionals are appointed to probe their employer's digital infrastructure. They adhere to scientific methodologies, in order to systematically seek out potential weaknesses or areas otherwise open to exploitation.
Should the ethical hacker succeed in penetrating a part of that system, they are bound by law to protect the integrity of any discovered data. Section 17(1) of the 1998 Data Protection Act dictates:
“Data must not be processed unless an entry in respect of the data controller is included in the register maintained by the Commissioner (Data Protection Act, 1998).”
Put simply, this specifically prohibits unauthorised access of data. Section 21 expands upon this, making it an offence to access unauthorised data by mandating; “If section 17(1) is contravened, the data controller is guilty of an offence (Data Protection Act, 1998).“ White hat hackers sometimes walk a precarious line between fulfilling their roles, and adhering to the complexities of not only data protection laws, but the 1990 computer misuse act as well.
Laying somewhere between the Citibank ‘black hat’ heisters of the hacking world, and the honourable ‘white hats’, are the ‘grey hat’ hackers. Dividing this agitated domain are two contrasting groups; hacktivists and intelligence agencies. It is here that the essence of law and ethics churn most cyclonically. MerriamWebster (Ca. 2016) defines ethical as “morally right and good”. Within the realm of law, it’s possible to assert that illegal is inherently immoral. Or that unauthorised necessarily means unethical, however exploring morality is seldom a triviality. The conundrum of whether or not hacking that infringes law, can indeed be ethical, revolves around a simple and conceivably timeless question; do laws reflect standards of morality or good? In Yale law school's faculty papers, Emeritus Professor Geoffrey C Hazard Jr’s writing asserts that:
“Criticism of law must be in terms of morals or ethics simply because, there are no other intelligible normative systems in terms of which criticism could be conducted. In an opposite direction, the nature of morals and ethics as normative systems severely limits the coherence of legal criticism that can be conducted in these terms. Law cannot be criticized in terms as formal and universal as law itself (Yale Law School 1995, p 447).“
In a society more accomplished than our own, law and ethics would align much more consistently. In lieu of this, we must reconcile the statutes that structure our society against our own moral centres; ultimately determining which principles hold the greatest significance to each of us.
In 2011, a hacktivist by the name of Aaron Swartz, gained access to an online, subscription based repository called JSTOR. Journal Store as it is otherwise known, consists largely of academic journals. One cannot copyright ideas, however the expression of an idea can be copyrighted (Turnitin LLC, 2014). Due to JSTOR maintaining a wealth of humanity's greatest endeavours, MIT had free access to their archives. By connecting to their famously open network and executing a script on his laptop, Aaron Swartz downloaded almost 19 million academic journals from JSTOR. Following a similar incident in 2008, Aaron was already known to authorities. Both JSTOR and MIT were aware of the mass download and Aaron was arrested on four separate charges. They later offered him a plea bargain, which meant being branded a felon, however Aaron had political aspirations, and so turned down their offer. Consequently he was charged on eleven additional accounts. At the age of 26, with no discernable way forward, Aaron took his own life (The Internet's Own Boy, 2014).
It is difficult to empathise with a system that prohibits access to nonsensitive, academic research. By utilising a paywall system which favours the more well off members of society, they disregard a guiding principle of the internet; the sharing of information. By vehemently pursuing an ethical person seeking ways to rectify inequities in society, the establishment charged with protecting that society, brings its own validity into question.
There are many motivations for hacking computer systems. Rupert Murdoch’s bygone newspaper ‘The News of the World’ was an example of hacking for corporate gain. In order to allow the newspaper to create an edge over its competitors, both celebrities and politicians voicemails were intercepted.
Getting ahead in business is certainly one incentive for telephone hacking, however in June 2013, the Guardian Newspaper released articles that would demonstrate another reason entirely. It reported that America’s National Security Agency, had successfully obtained a court order, allowing it to amass the telephone data of private citizens (The Guardian, 2013). Their article dated June 13th reports:
“Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered (The Guardian, 2013).”
In the wake of 9/11, America passed the patriot act. In so doing giving the government much greater latitude to implement the widespread surveillance of it’s citizens. The announcement from the Guardian disclosed not only that telephone records were being gathered, but also that data held at large Internet companies, such as google, which described the populations internet habits, could be made available to authorities on request (The Guardian, 2013).
Unfortunately the revelations were not limited to America, they also uncovered that London based GCHQ, had been hacking lines of communication for at least 18 months. Therefore indiscriminately gathering email, internet and telephone data (The Guardian, 2013).
Wikileaks is a website dedicated to the dissemination of information. It strives to provide an outlet for whistleblowers to safely and anonymously deliver their information. Sarah Harrison, editor of Wikileaks, was instrumental in maintaining the liberties of the Guardian’s 2013 source, Edward Snowden. Snowden who is wanted on several felony charges in the United States, fled the country in order to escape incarceration. Snowden now resides in Russia and remains pursued by American authorities, despite a sizeable public outcry for reprieve.
The quest for security necessitates a pursuit of information. Although it’s galling to consider, that in our search we may have come full circle. In 2016 the world in which we find ourselves, is one where the government we entrust with our protection, has concluded that the only means of achieving that protection, is by hacking the private lines of communication that once helped to define our free society. For all the uncertainty surrounding the term ‘hacker’, it is surely those ethical individuals, who finds their moral compass compromised, and therefore seeks to act, that remain the most misunderstood. The Snowden’s and Swartz’s who aspire for a more transparent system, less marred by the capitalist pursuit for profit. What will it take to achieve their goal? In one of his final television interviews, Aaron looks to remind us:
“There’s sort of these two polarising perspectives; Everything is great, the Internet has created all this freedom and liberty and everything’s gonna be fantastic. Or, everything is terrible; the internet has created all these tools for cracking down and spying and you know, controlling what we say. The thing is both are true, the internet has done both, and both are kind of amazing and astonishing and which one will win out, is down to us (Internet’s Own Boy, 2014).“
This paper is dedicated to the memory of Aaron Swartz.