26 Feb The Hacker Ethic
I have recently been harassed by a script kiddie from Mount Vernon, NY, threatening to display my name on public websites, threatening with phone messages, launching DDoS attacks against Dreamhost, my site server, and against my website more generally. And while i have rather unconventional views about hacking, and in fact believe that it is protected by the First Amendment, like all forms of communication protected by that amendment, there is an ethical standard that actually allows us to have such freedoms. So, to my dear stalker-y script kiddie – congratulations on testing your teeth at being a hacker. Now, let’s have a chat about ethics because in the world of hacking and hacktivism, there is, actually, a rather lovely and idealistic set of ethics by which many, including Anonymous hackers, are guided.
All professional, trade, and activist groups tend to have a code of conduct or ethics that are guiding principles behind their work. In the case of hacking, which began at MIT in the 1960’s by model train enthusiasts, it quickly shifted to computer operating systems – pushing them beyond their original boundaries of use. But always with positive intention. The history of hacking is long and varied, and there are many versions of the timeline on line. But always, at root, was a set of ethics that drove hacking, mostly concerned with the notion that information wants to be free – all information. In many ways, the hacker ethic closely mirrors what many call “American values”: namely, as Pikka Himanen puts it, hackers promote freedom of word and thought and resist censorship in all its forms. Nethic also materialises as online social norms (netiquette or network etiquette).
Early hacker ethic, as outlined by Steven Levy in Hackers: Heroes of the Computer Revolution (1984), included:
- Access to computers—and anything which might teach you something about the way the world works—should be unlimited and total. Always yield to the Hands-on Imperative!
- All information should be free.
- Mistrust authority—promote decentralization.
- Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race or position.
- You can create art and beauty on a computer.
- Computers can change your life for the better.
Steven Mizrach has a great online introduction to the hacker ethic that he has evolved with updates and that is worth quoting at length:
- “Above all else, do no harm” Do not damage computers or data if at all possible. Much like the key element of the Hippocratic Oath.
According to the "hacker ethic," a hack must:
* be safe * not damage anything * not damage anyone, either physically, mentally or emotionally * be funny, at least to most of the people who experience it
It is against hacker ethics to alter any data aside from the logs that are needed to clean their tracks. They have no need or desire to destroy data as the malicious crackers. They are there to explore the system and learn more. The hacker has a constant yearning and thirst for knowledge that increases in intensity as their journey progresses.
2. The belief that system-cracking for fun and exploration is ethically OK as long as the cracker commits no theft, vandalism, or breach of confidentiality.
Of course, the key problem with this ethical position is its stance on intent. One should not damage data deliberately. But what if, as often happens in hacking attempts, one accidentally erases or alters data while trying to alter system log files or user records? Is that an ethical violation? Also, the question of what constitutes “harm” is left open. Most hackers seem to see pranks and practical jokes as harmless, regardless of their psychological impact. Yet their victims may not feel these are so ‘harmless,’ especially if this causes them to lose valuable time or effort.
- Protect Privacy People have a right to privacy, which means control over their own personal (or even familial) information. Privacy rights are notably missing from the U.S. Constitution, but they have been brought to the forefront of modern legal argument due to the growing surveillance power of technology. There still is no codified right to privacy for U.S. citizens, although the Supreme Court has ruled that it is contained implicitly in its judgements legalizing the distribution of birth control and the right to first-trimester abortion.How far do privacy rights go, however? Do people also have an intrinsic right to online anonymity? Do I have the right to conceal my health status, criminal record, or sexuality from my employer? Are some people (politicians, celebrities, etc.) entitled to less privacy than others? Does my social security number, credit history, or telephone number belong only to me? Further, the strange thing about hackers asserting a right to privacy is that it declares a certain kind of information to not be free. Thus, in some ways this is a contradiction to the original hacker ethic.
Your right to Privacy
Privacy is a right we beleive we have. Unfortunately privacy is not explicitately protected in the constitution. Our consitution is dated in that respect, there weren’t the threats to privacy then as there are now. Technology is truly a double-edged sword. The abscense of privacy provisions in the constitution does not make it any less important. Indeed, the lack of constitutional protections have allowed our privacy to be gravely threatened.[11]
The concept of privacy is something that is very important to a hacker. This is so because hackers know how fragile privacy is in today’s world. Wherever possible we encourage people to protect their directories, encrypt their electronic mail, not use cellular phones, and whatever else it takes to keep their lives to themselves. In 1984 hackers were instrumental in showing the world how TRW kept credit files on millions of Americans. Most people had never even heard of a credit file until this happened. Passwords were very poorly guarded – in fact, credit reports had the password printed on the credit report itself.[12]
The second argument is an interesting one. The problem most hackers had with TRW is not they kept files on most peoples’ credit histories without their knowledge (thus they couldn’t see if they contained any errors), and it was on that (unknown) basis that they were denied loans, credit cards, mortgages, etc. It was that those files were insecure.
- “Waste not, want not.” Computer resources should not lie idle and wasted. It’s ethically wrong to keep people out of systems when they could be using them during idle time. This is what some people call the “joy riders’ ethic.” If you borrow someone’s car, and return it with no damage, a full tank of gas, and perhaps even some suggestions for improved performance, have you not done them a favor? Especially if they never know you borrowed it in the first place for a few road trips? Isn’t it wasting that precious engine power to leave the car in a parking spot while somebody else could be using it for a grocery trip? (Is it an ethical violation to borrow the car and make a set of keys for yourself so you can borrow it whenever you feel like? This is, after all, what most hackers do when they give themselves sysadmin privileges.) Yet most are possessive over the use of their own personal computer.
The hacker ethics involves several things. One of these is avoiding waste. Over the internet, we have about a quarter million computers each of which is virtually unused for 10 hours a day. A true hacker seeing something useful that he could do with terraflops of computing power that would otherwise be wasted might would request permission to use these machines and would probably go ahead and use them even if permission was denied. In doing so, he would take the greatest possible precautions to not damage the system.[13]
- Exceed Limitations Hacking is about the continual transcendence of problem limitations. Some old hackers assert this principle, as an informal seventh addition to the original Ethic. Telling a hacker something can’t be done, is a moral imperative for him to try. “Extropians” believe there is a universal force of expansion and growth, inverse to entropy, which they call “extropy.” Hacking is seen as extropian because it always seeks to surpass current limits. Technology is seen as a necessarily exponential force of growth. Limitations must be overcome. For some hackers, these limitations might be unjust laws or outdated moral codes.
To become free it may be necessary to break free from medieval morality, break unjust laws, and be a disloyal employee. Some may call you an disloyal, sinful criminal. To be free in a room of slaves is demoralizing. Free your fellow man, give him the tools, the knowledge to fight oppression. Do not infringe on others’ rights.[14]
- The Communicational Imperative People have the right to communicate and associate with their peers freely. The United Nations International Telecommunications Union (ITU) has stated in many conferences that this should be a fundamental human right, with which no nation should ever interfere. The sweeping freedoms given to amateur radio hobbyists internationally reflect this belief. Globally, it remains a significant moral problem, in that most developing nations lack the infrastructure to grant this right. Various UN reports have shown that despite the rhetoric, many Third World nations do not have access to the “global” information superhighway because they lack “onramps.” Their telecommunications infrastructure is lacking.Most hackers strongly support the 1st amendments’ rights to communication and assembly, since these are necessary for the free flow of information. Phreakers take this a step beyond, however, in asserting that people should have the right to communicate with each other cheaply (thus poor people have as much right to talk on the phone long distance as the rest of us) and easily . When telecommunications companies are an obstacle to this right to communicate, phreaking (blue boxing the phone system, making unauthorized ‘bridge’ conference calls, using empty voicemail boxes, etc.) is said to be the answer.
The Right to communicate
Communicate!
This is our strongest right, and our most crucial. There mere fact that this page is allowed to exist is proof that our 1st amendment has not crumbled completely. Despite the governmental protection, there are threats to our freedom to communicate.[15] - Leave No Traces Don’t leave a trail or trace of your presence; don’t call attention to yourself or your exploits. Keep quiet, so everyone can enjoy what you have. This is an ethical principle, in that the hacker follows it not only for his own self-interest, but also to protect other hackers from being caught or losing access. Such a principle can be found among various criminal or underground organizations. Of course, there is a contradiction between asserting a need for secrecy (as well as privacy), and the need for unrestricted information.
The rules a Hacker lives by:
1. Keep a low profile.
2. If suspected, keep a lower profile.
3. If accused, deny it.
4. If caught, plea the 5th.[16] - Share! Information increases in value by sharing it with the maximum number of people; don’t hoard, don’t hide. Just because it wants to be free, does not mean necessarily you must give it to as many people as possible. This principle can be seen as an elaboration on an original ethical principle. The Pirates’ ethic is that piracy increases interest in software, by giving people a chance to try it out and experiment with it before paying for it. So sharing software with your friends is a good thing.
Pirates SHARE warez to learn, trade information, and have fun! But, being a pirate is more than swapping warez. It’s a life style and a passion. The office worker or class mate who brings in a disk with a few files is not necessarily a pirate any more than a friend laying a copy of the lastest Depeche Mode album on you is a pirate. The *TRUE* pirate is plugged into a larger group of people who share similar interests in warez. This is usually done through Bulletin Board Systems (BBSs), and the rule of thumb is “you gotta give a little to get a little…ya gets back what ya gives.” Pirates are NOT freeloaders, and only lamerz think they get something for nothing.[17]
- Self Defense against a Cyberpunk Future Hacking and viruses are necessary to protect people from a possible 1984/cyberpunk dystopian future, or even in the present from the growing power of government and corporations. It’s a moral imperative to use hacking as the equivalent of ‘jujitsu,’ allowing the individual to overcome larger, more impersonal, more powerful forces that can control their lives. If governments and corporations know they can be hacked, then they will not overstep their power to afflict the citizenry.
I believe, before it’s all over, that the War between those who love liberty and the control freaks who have been waiting for to rid America of all that constitutional mollycoddling called the Bill of Rights, will escalate.Should that come to pass, I will want to use every available method to vex and confuse the eyes and ears of surveillance. Viruses could become the necessary defense against a government that fears your computer.[18]
What’s interesting is that this principle recognizes and asserts that it’s not only possible but also likely for computers to have a dark side and to be used for purposes other than truth and beauty, and that we need to be wary of technology, or at least technology in the wrong hands.
- Hacking Helps Security This could be called the “Tiger team ethic”: it is useful and courteous to find security holes, and then tell people how to fix them. Hacking is a positive force, because it shows people how to mend weak security, or in some cases to recognize and accept that total security is unattainable, without drastic sacrifice.
Sense 2 is more controversial: some people consider the act of cracking itself to be unethical, like breaking and entering. But the belief that `ethical’ cracking excludes destruction at least moderates the behavior of people who see themselves as `benign’ crackers (see also samurai). Based on this view, it may be one of the highest forms of hackerly courtesy to (a) break into a system, and then (b) explain to the sysop, preferably by email from a superuser account, exactly how it was done and how the hole can be plugged — acting as an unpaid (and unsolicited) tiger team.[19]
Many software companies today, including Lotus, regularly use tiger teams to test their security systems. So, this ethical principle seems to be agreed upon by some members of the industry — to a certain extent. Even Lotus does not want its systems being tested by hackers who are not under its employ or control.
- Trust, but Test! You must constantly test the integrity of systems and find ways to improve them. Do not leave their maintenance and schematics to others; understand fully the systems you use or which affect you. If you can exploit certain systems (such as the telephone network) in ways that their creators never intended or anticipated, that’s all to the better. This could help them create better systems. One of those systems that may require constant revision, testing, and adjustment, apparently, is constitutional democracy.
Democracy is always being tested — it’s an inherent part of what it stands for. whether it’s flag burners, gay activists, klansmen, or computer hackers, we’re always testing the system to see if it holds up to pressure. i stress that this is NOT an end iwe do because it interests us, but in the bigger picture we’re actually testing the sincerity of the democratic system, whether we’re aware of it or not.[20]
One of the most important manuals for British hackers was called “beating the system.” The essential argument is that as systems (like the phone network) become more and more complex, they become impossible to manage from a centralized office. Hacking at the edges of the system not only becomes possible, in some cases it becomes necessary. It becomes an ethical imperative to test the system, lest it fail when it is most needed (like the AT & T phone switches did in 1990.)
So, in short, the new hacker ethic suggests that it is the ethical duty of new hackers (or the CU), to : 1) protect data and hardware 2) respect and protect privacy 3) utilize what is being wasted by others 4) exceed unnecessary restrictions 5) promote peoples’ right to communicate 6) leave no traces 7) share data and software 8) be vigilant against cyber-tyranny and 9) test security and system integrity of computer systems.
Sorry, the comment form is closed at this time.