An Oscar winning 80s film called “War Games” – about a boy who hacked into the National Security Computer, nearly caused World War III but ultimately saved the day by using guile, ingenuity and his logical mind – left a great impression and also opened up a debate in my mind about whether hacking, the pastime if a rather subversive group, could really be used as a force for good.
We are now so dependent on computers, the internet and electronic information, and there is a near-state of paranoia in relation to protecting “information” and War Games has the potential for becoming a reality. For most countries, especially the USA, National Security is a hugely important issue and, with highly sensitive information held electronically and contained or accessible via the Internet, any risk is stamped upon and dealt with by method of a fervour second only to the way a Border Patrol may treat illegal immigrants from Mexico. In a well publicized case in the UK, Gary McKinnon hacked into 97 United States military and NASA computers in just over a year and is in the process of being extradited to the US to face charges (his lawyers have lodged appeals). If found guilty he could face up to 10 years in jail.
Lulz Security, its very name mocking national and corporate security, was set up in the name of fun, causing mayhem to large companies and organizations by hacking into their websites and systems and inserting false information or extracting and publishing information that damages the credibility of the organization. They occasionally claim a political message but mostly do things for ‘the lulz’. While definitely subversive, they are not proposing harm, although this is a relative concept, but the members of Lulzsec could certainly be gainfully employed by governments, banks and other institutions to protect them against the breaches of security that could be far more damaging to individuals or societies.
So, the question that needs to be asked is that should people who have an ability to hack some of the most “secure” computer systems in the world – backed by Government Agencies, millions of dollars and the crème of computer security experts – be regarded as criminals, akin to the talented graffiti artists whose artwork adorns derelict, and sometimes occupied, buildings but who are regarded as vandals.
The alternative view perhaps, continuing with the graffiti analogy, is should these people be lauded like Banksy, a UK graffiti artist whose work is highly regarded as art and sells for hundreds of thousands and is recognized by the art establishment. The link may be tenuous surely a similarly subversive individual with limited resources who can bring an entire security system into question, a system backed by a State, its protectors and its unlimited resources, should really be regarded as an individual of extreme talent, worthy of employment and a large salary as well as any resources needed to help with assisting with security, rather than someone who is as every bit as poorly considered as an inmate of Guantanamo Bay.
As with most legal issues both sides of the argument need to be examined. The law needs to deter individuals from breaking and entering – be it a house, office or a computer system with sensitive information. We would all rather jail a burglar than employ them as a security consultant, so why should someone who does not have a swag bag but a keyboard and mouse be viewed with any less notoriety? If it was plausible surely an expert burglar would be the best qualified to create a security system for a house – but why not find a job as convention demands and apply their skills as a security consultant rather than a petty thief causing personal heartache and pain.
Maybe intention is the key to this argument, although intention is never an easy concept to prove or disprove. If an expert hacker could somehow challenge the system to demonstrate holes in computer security and be rewarded somehow and help keep all of our information safer from those who seek to do us harm, then this needs to be encouraged. Facebook, as a site sitting open on the internet and accessible to all, containing the personal information of 800 million users, actively encourages ‘well intentioned security experts’ to report bugs and rewards through their bug bounty. Perhaps, therefore, governments and security organizations should start thinking in the same way and attempt to be ahead of the hacking game by getting some of the more well intentioned hackers on side. So perhaps rewarding those who can demonstrate security breaches is the way forward, which is how Google and Instagram ensure their systems are less vulnerable to hacking. Maybe we just have to re-enforce or even rewrite the message stating what is right and wrong, and continuing the rule that when a law is broken, punishment ensues, as the current operation of the law. The law is and always will be many years behind technology and playing catch up – perhaps it is not feasible, but this is the time for a radical rethink.