Preface:
If you have read my original site at https://00100100.net then you know that 30 years ago, my life took a turn down the crime and punishment aspect of computer security.
Ironically, I am typing this up on the exact 30th anniversary of that occasion. Whether it publishes up on the same date, I do not know. But I am writing the first post on that auspicious day and here you are reading this. So cheers!
Then and now – there are people who do know the dangers of the world. And there are those who do not.
Greatly, from my observations over the past 30 years, most people in the world fall into the latter.
No matter what you say or do, people do not want to think about it. Or, more importantly, they do not care to be troubled with it. They feel that is the role of law enforcement because why else would they pay their taxes.
However, when you look at those who work in that realm of employment, that is not what you will get. A small percentage of those on any “force” (whether it be local, national or specialized), have any training into investigations – let alone training into investigations into “cyber” crimes.
The computer security industry is filled with ex-law enforcement/ex-military types who join companies in the belief that they know what is best to protect people. But, do they?
Then: What is a “Hacker” – 30 years ago and earlier.
In the documentary “Revolution OS“, one of the people who did have great influence into how operating systems were built and design was Richard Stallman (rms). In the documentary, he saw “passwords” as a means of control over the users and the power they had to control computing resources. If you have never seen the documentary, you will likely come away with the impression that Stallman is very much more “anarchistic” in world view than say, Linus Torvalds who wrote and developed the operating system we now know as Linux (or GNU/Linux).
Considering that until the late 1990s, most people saw computers as a “fad”, computer security was greatly lacking prior to the commercial inception of the Internet.
As a person who was present to the online world both pre-inception and post-inception of this commercial Internet, I was there and experienced life then – and now, so have that baseline of knowledge to compare the two. Without “Hackers” or kids like myself who didn’t have malicious intent for the most part – who actually did have a “code of ethics” or mindset that differs from “hackers” sensationalized by today’s news media as “criminals” – indeed are a different breed of personage
I, personally stand, on the same side that “Hackers” being that is *not criminal*. I see it as the same argument as what defines a group of people criminal for being “skateboarders” or in a “gang“.
Often, enforcement of laws in the legal realm, is reduced to interpretation of the statues and often is not as clear as a binary (yes/no) definition to the intention of the legislation passed by law makers. Many times, the laws legislated and passed are ill fitting either the intent of the legislation or the retribution asked of such laws if not in both aspects. But, I will table this perception to another time with the exception of:
There is a difference in intent regarding those who push the limits of legal or technical definitions, and those who are intentional in their motives to defraud or steal for the profit motive.
Case in point: The current copyright law makes it illegal to “share” copyrighted music or movies in the United States. But it is NOT ILLEGAL to receive or DOWNLOAD such material. Therefore, it is counter to what we are taught from kindergarten to the public commons that “sharing” is “good”. Food for thought.
(and a tip of the hat to “RMS” for pointing that out in “Revolution OS” when he describes the Free Software Movement (FSM/FSF)).
Now: What is a “Hacker” – present day
A “Hacker” is a person who could be considered a “Subject Matter Expert” or holds an “advanced” level of knowledge in a particular field of study. More to the point, a “Hacker” often is a person who is passionate about an aspect of (but not limited to) technology, engineering, art, science or mathematics *but* likely without the formal education and training that may have been involved in creating or inventing the aspect they are working within. Often times, it’s a self-imposed title, but credibility does go up as you become noted by the world or peers as being that “expert” in that subject matter.
What differentiates hackers from criminals that use computers? The intent to cause harm to others that are not themselves for profit motives.
Now, I know that some will take up issue with that viewpoint stating that it by bypassing DRM to store media in a manner that was not explicit in the publishers intent, impacts the companies and shareholders who are the “others” that depend on said revenue incomes.
I would then say that there are whole generations of people who copied and made “mix” tapes whether the source was from legitimately owned media, radio recordings made over public airwaves and even more to the point today – sampling of small pieces of sound or video to assist in reimagination into a new piece of work.
There is a whole framework for royalties in place.
While still mostly not being as fair to the artist than the publisher, the fact is that there is no direct accounting of a license purchased by a consumer and a publisher that takes into account the form of media across technologies.
How many copies of the Beatles “White Album” were purchased on Vinyl, then to Cassette, then to CD? Same recording, different technology yet I already likely purchased the license at the beginning and just made it easier for me to have to repurchase the media due to destruction of the media or theft.
Would one say it’s fair to pay full price for the album again? Or just the reimbursement costs of the media?
This same argument applies to computer software: What is the definition of software piracy? From what I have read, it’s mostly to prevent profiting from the original companies work efforts. But where is the profiting happening by outside parties? Is it the person-to-person distribution of media gratis? Or is it the distribution of the media sold by one company to another for profit?
Yet, the SPA spent money and effort to promote the idea that “sharing is bad” with their “Don’t copy that floppy” campaign. Today, thanks to people who decided that *all* the material is worth saving from destruction, we do have a replacement copy much of the digital media created that was sold to consumers. Work efforts and artistry by amateur “archivists” that is not lost to the sands of time because it didn’t make the sales quota and is dumped into landfills.
Let’s not forget, while the industry may have ownership of materials, their master copy can be destroyed just as easily as physical aspects of the Hawaiian native heritage being destroyed for the rest of time. A distributed archive prevents this becoming the end of the story for this topic.
So – now we know a “Hacker” is different from a “criminal”. How am I safer and how could I be safer?
The world 30 years ago, I describe to people being very much like the world in the 1984 movie “Wargames” with Matthew Broadrick and Ally Sheedy.
If you’ve ever forgotten your password, you know that you can stumble around trying to remember and possibly get locked out. Or maybe you remember it fairly quickly after a couple tries and then are let into your email or social media. That’s pretty much what it is like – then. Even as a person who didn’t have any knowledge of the company or organization. Default accounts were often still present if they weren’t even just cursorily guarded. People’s information was out there and was available to anyone who knew how.
Today: A bit more difficult but sadly, still possible.
When I began my professional career, I interviewed at many places. One of them was at a well known national banking chain who was beginning to leverage technology in a bigger way. I met with the head of their “computer security” and during the interview it was revealed to me that “while I had skills, the industry itself did not value them” at that time.
More to the point: Computer security was then (and often now) seen as a function of “Insurance” and not of loss prevention or brand reputation.
This all changed in the mid 2000s when data breaches and massive data leaks (which still happen today) became more frequent and public and a whole industry sprang up from that outcry of consumers demanding “social responsibility” to the consumers and to the shareholders not wishing to lose profits from “loss mitigation” whether it be from identity theft or investment of companies who did not protect the private data of their customers.
Another case in point: Robocallers still to this day may use another’s “telephone number” as the ‘origin’ of a phone call, making you believe it is one thing then turning out to be something else. The flaw in the phone company that allows for this has been present in the telephone system since the inception of “Caller ID” to the consumer back in the 1980s. The flaw was known the entire time, but there was no motive to fix this until robocalling became a nuisance in the mid-late 2010s. The problem this causes was greatly reduced by the implementation of “Shaken/Stir” validation with phone carriers just a few years ago, but the problem ultimately still exists and will continue to in corner cases for the foreseeable future.
It is cheaper for companies to generate the “perception” of ‘fixing’ a data breach by offering identity monitoring as a token gesture along with forward press releases of how they intent to prevent an issue in the future, but once the damage is done – it is done.
Today we build incredibly complex technologies and often times these systems, built by humans, make mistakes.
That is the world we live within.
We cannot take for granted that if give our information or our business to a company, assume they are *always* doing the “right” thing with our data and information. We see it in how we are allowed to use these “social” platforms or services for “free” then find ourselves being bombarded by “targeted advertising” even if we are not the ones who asked for the advertising in the first place.
What we do is now the profit motive for companies. Not what we want to do, as often the goals of the parties involved, are not in alignment.
Artificial Intelligence (AI) cannot solve this issue as those who build the technology often times are banking on this same information. Google built it’s entire company in the beginning based on what we are searching for being profitable. Today, it is one of the biggest in the world and it is not alone.
There will always been a battle between “right for the user” and “right for the company/shareholder” when there is a profit motive involved. And the solution to the problem, is not a simple one without legislation such as GDPR or other privacy laws being enacted in some states. Much is still to be done.
Todays “criminals” are often targeting those not within their own personal societies and most always for a profit motive if it is not for social/political reasons. Our country has a history of rebellion we both condemn and encourage in the same breath – one of our social hypocrisies.
Notwithstanding the latter which you may see as “defacement” of websites, we *are* safer by having stronger encryption which would *not* have happened without the implementation of a public computer network such as the Internet, more accountability as consumers to companies we do business with or hold our information and allowances of “Hackers” who test technologies limitations up to the edge of the legal “criminal/civil” definitions to ensure our world is in fact a safer place.
This knowledge is often not kept secret, but shared so that others may also learn and discover to ensure their own works are safe for consumers as ultimately, I am in the belief, that we do want to do good works for the betterment of society but are cognizant that there will be those who wish only the betterment of themselves.
This is the difference between a “Hacker” and a “criminal” in my opinion and how we now live in a safer place.
This includes such acts by Chelsea Manning and Edward Snowden. Transparency within our society provides clarity and visibility of those who represent us as a people and what we hold association with. Without transparency, we will never know whether those who we put in the position to protect or govern us are in fact representing our best interests as a people or society in general.