cultural comment

Hackers

Paul Taylor, 1999

I've never met Paul Taylor, but I used to be on an e mail list where he posted study questions and book chapters, relevant to the Salford University MA in Creative Technology. His specialism is the sociology of technology, and I wish he'd been part of the MA when I was studying. Instead, we had a product designer who imagined that his understanding of industrial design process allowed him to lead the course. As a result, I would e mail the previous course leader (who had a relevant PhD) for advice on references, because I knew the former could not help. Paul Taylor is also the kind of person you want on a course in Creative Technology.

Hackers is disappointing, however. It is interesting, but ultimately both repetitive and tedious. Imagine going into a pub and asking every person what they were drinking, what they normally drunk, how many times they visited said venue, did they like the landlord, and what football team did they like and why. Hackers is a bit like that. Taylor has been criticised for inserting a very large amount of quotation; I would say at least one third of the book is cut-and-paste copy from e mails, articles etc. This would be OK if it were developed, but it isn't. It's like the early stages of a project that needs further editing. He conducted e mail interviews with academics, technologists and world-wide hackers, but much of what they say is banal and obvious. The following examples indicate some of the admittedly relevant issues, but which do not require this sort of elaboration. They are a mixture of quotation and Taylor's own words:

Hackers do not generally publicise their findings of security weaknesses in conventional channels (100) - well, they are often illegal so this is not surprising.

The unsolicited nature of illicit hacking means that systems are being used without the prior permission of the owners. These two factors lead to a situation that gives rise to an immediate lack of affinity between hackers and the computer security industry (102) - do we need to be told that? Equally, Liverpool fans have an adversarial relationship with Manchester United. We know this.

Another important factor mitigating against increased co-operation with hackers is the practical consideration of being able to trust both the integrity and obedience of workers within the industrial/commercial setting (104) - obviously.

The language used to express the hostility that stems from such feelings of vulnerability can be non-specific and moralistic (108) - well, when communication breaks down between groups of people with opposing interests, this is not unusual.

As an illustration of the negative perceptions each group has of the other, a hacker, Mofo, argues that psychotic tendencies are not the sole preserve of the hacking community (109) - an unnecessary reminder. It's not difficult to de-code this kind of argumentative hyperbole.

We don't have the necessary agreed mechanisms on which to establish (the value of digital information). By its very nature it is very easy to move ('steal') thus given the lack of effort in 'stealing' it and the lack of any perceived damage (on behalf of the thief) it is not seen (by them) as a real crime (125) - a statement of the obvious.

Society thus finds it increasingly difficult to protect traditional property rights in the realm of computing due to the qualitatively different features of electronic storage. In the face of these problems, (he) contends that the establishment response to computer crime has been of disproportionate and unjustified strength when compared to real-world crimes (134) - this is an interesting point, but prefaced by a remark so self-evident that it does not need mentioning.

Underlying some of these ethical problems has been the tendency identified by Professor Spafford to 'view computers simply as machines and algorithms, and…not perceive the serious ethical questions inherent in their use'. He points to the failure to address the end result of computing decisions upon people's lives, and, as a result, he argues that there is a subsequent general failure to teach the proper ethical use of computers (143). Given that hacking is a fairly widespread phenomenon, this observation is, again, fairly obvious.

And so on. As Taylor says at the beginning "a key theme of this book is that hacking cannot be considered as a purely technical activity to be looked at in isolation from its social context" (xi) and, interestingly, that "in accordance with modern cybernetics and informatics, information law now recognises information as a third fundamental factor in addition to matter and energy" (xiv: United Nations document). However, the bulk of this book remains, nonetheless, like walking round a pub asking people for random but predictable data.

I don't doubt Taylor's intellectual abilities; Hackers is a more a testimony - like its many quotations - to the subject matter. It's an interesting topic and I'm glad someone is investigating it, but I'm not sure it justifies an entire book. What is there to say, beyond brief (albeit perceptive) remarks like "he argued that hacking is a frame of mind, a sort of intellectual curiosity that attaches itself to more than just one type of technology or technological artefact" (17) and they "attempt to break security with the same attitude as computer game players demonstrate: single-mindedness, enjoyment in the intellectual challenge - but much, much more importantly, a belief…that the security hole exists" (94)?

Hacking does have a historical significance, which it is interesting to document. Taylor refers to three stages: 1960s professionals, 1970s techno-hippies, and the late 1980s underground (23). There are

Three generations of hackers who exhibited to various degrees qualities associated with the hacking's original connotation of playful ingenuity epitomised by the earliest hackers, the pioneering computer aficionados at MIT's laboratories in the 1950s and 1960s. these aficionados formed the first generation of hackers defined as those who were involved I the development of the earliest computer-programming techniques. The second generation are defined as those involved in bringing computer hardware to the masses with the development of the earliest PCs. The third generation refers to the programmers who became the leading lights in the advent of computer games architecture. The phrase hacker is now almost exclusively used to describe an addition to this schema: the fourth generation of hackers who illicitly access other people's computers (23).

The present, fourth generation tend to distrust authority, and position themselves outside conventional society. Well, even a brief survey of hacker web sites make this abundantly clear. The historical analysis is, however, interesting and perceptive.

There are a few areas that could be developed in a study of this type, but they involve a critical and political questioning which would take the arguments to another, more polemic level. Thus, Taylor refers to a hacker ethos, consisting of the following:

1. All information should be free

2. Mistrust authority, promote decentralisation

3. Hackers should be judged by their hacking, not by bogus criteria such as degrees, age, race or position

4. You can create art and beauty on a computer

5. Computers can change your life for the better (25).

I suspect large numbers of people would agree with these personally empowering, anti-hierarchical values. However it does not follow that hacking as such is therefore both acceptable and laudable. The flawed logic here is like asking someone 'do you want more money in your life?' and then insisting that your money-making scheme is therefore the answer to their needs. It's a rhetorical tactic that is often used in advertising, marketing and politics, and relies on avoiding considerations of logical progression and necessary conditions. I'm not saying Taylor does this; what he does is present the hacker ethos in a descriptive rather than an analytic way: he doesn't engage with the underlying issues.

There's not much research material in this subject, so we can be grateful for Hackers. But it would have been more interesting if Taylor had engaged with some of the issues. Another area that he refers to but fails to develop is how "the advent of cyberspace has created the conditions necessary for co-operation between previously geographically dispersed (and hence isolated) yet technologically adept and curious people" (27). Hacking, in other words, is a sub-cultural activity facilitated by the Internet, in the same way that the network allows sexual deviants to form cosy virtual clubs which support and presumably increase their illegal propensities. This is pertinent sociological analysis which Taylor invokes by referring to classic 'theories of deviance' as proposed by Howard Becker in 1963 (Outsiders: Studies in the Sociology of Deviance). Taylor quotes:

Social groups create deviance by making the rules whose infraction constitutes deviance, and by applying those rules to particular people and labelling them as outsiders. From this point of view, deviance is not a quality of act as the person commits, but rather a consequence of the application by others of rules and sanctions to an 'offender'. The deviant is one to whom that label has successfully been applied; deviant behaviour is behaviour that people so label (Becker 1963: 9 in Taylor: 92).

The politics of hacking may be debateable, but the morality is often somewhat clearer. The hackers Taylor interviewed defend their activities by referring to power relationships - between corporations and institutions - and individuals who are treated like numbers. Hacking can redress the balance, so people recover a sense of power where they previously felt anonymous. But the morality of their deeds is not something they consider. Taylor gives examples where hackers entered and took control of million-dollar computer operations, where disruption could lead to financial loss and even fatality. The obvious, high-level concern is with military operations. How much of this concern is founded, and how much of it unsubstantiated fear, is not clear. What has happened previously and what might happen in the future is not going to be revealed by the MOD or the Pentagon. However Taylor provides us with a worrying story:

James V. Christy II, director of computer crime investigations for the Office of Special Investigations at Bolling air Force Base in Washington DC tells of a young Washington-area hacker who had pleaded guilty to breaking into a Pentagon computer system. We asked him to help us out. I sat him down in an office at Bolling and had him go in and attack as many Air Force systems as he could get into. We wired this kid up so that everything he did was recorded. Within 15 seconds he broke into the same computer at the Pentagon that he was convicted for, because its administrators still had not fixed the vulnerabilities. I had to go back the next day and tell the emperor he still had no clothes. Zero victims reported that they had been hacked into. Not one (79).

While hackers complain that they are treated with disproportionate legal admonition (Taylor: 2), the apparent ease of their behaviour is itself hugely disproportionate to its possible consequences. No doubt that, generally speaking, important networks are guarded considerably more securely than the Intranet for the chain of local video stores. The Bolling example is probably a rare exception, and should not be taken as representative. But it does highlight legitimate concerns, especially where decidedly criminal or terrorist intentions may be concerned.

Hacking knowledge is neutral in itself. Hackers insist they are free to exercise their programming abilities, and even perform a service by testing system and software security. Their argument ignores possible moral and social considerations; that the culture of technology is, in the final analysis, political and human more than technological.

Taylor notes the way hackers have been stigmatised and marginalized, in accordance with Becker's ideas. The situation is probably inevitable when the hackers versus establishment argument references two different sets of values; that hackers set themselves up for hyperbolic stereotype by expressing geek values lacking a wider context: like the image of the dysfunctional programmer who finds refuge in Fortran, because he cannot cope with social interaction.

Whatever judgements we make, it's clear that there are sociological factors to consider. Taylor notes that the them-and-us division reflects the binary operations of computer code, that this logical structure may impinge on wider cognitive and social questions. Whether this is true or not, polarised arguments are common and widespread, not confined to computer related culture. The relationship between hackers and their establishment target - typically, the Sys Admin - is tense and demonstrates that "culture formation is an ongoing process and the delineation of boundaries between the computer underground and the rest of computing depends upon this active differentiation from others" (92). Taylor evaluates the professionalisation process as a relevant factor, where

Groups re-affirm their own identities by marginalizing others. The purpose of the boundary formation exercise is to exclude hackers from influence within computing, whilst, at the same time, it aims to develop a consistent ethical value system for 'legitimate' security professionals (115).

Hackers are mythologised and stigmatised because they do not share the consensus value system; they are not so much "technological wizards" as "electronic vandals" (116). I refer again to the question of morality, and how this will ultimately define what is legitimate creativity and what is unwelcome code-crashing. What is actually being done and why? What are the possible results and implications, and for whom? These are more complex, wider and non-technological questions - yet still debateable, because they will inevitably reflect relative and political positions.

There are even - as Taylor says - questions about psychology and psycho-sexuality. Hacking is almost exclusively a male occupation and aspires to 'penetration' and 'mastery' of a remote computer:

In the sense that hacking is a solitary and non-constructive activity, it might be termed masturbatory. The pleasure or interests is confined to the activity itself, and has no object, such as a lover, and no objective, such as a demonstration of affection (42)

However, this particular remark is itself unsatisfactory. It's quite likely that much hacking is 'non-constructive', but I suspect not all of it can be so described - and similarly with it's objective or lack thereof. The interviewees in Taylor's book "attempt to break security with the same attitude as computer game players demonstrate: single-mindedness, enjoyment in the intellectual challenge - but much, much more importantly, a belief…that the security hole exists" (94). They are motivated by random attraction, as if hacking is a computer or video game - which of course it is, as far as the experience of the VDU interface is concerned. But equally, there are some hackers who have particular objectives: there is someone they definitely want to fuck, Bill Gates being an obvious example.

Aside from questions of convenient standardisation, there can't be many people who like the Microsoft hegemony, apart from its various affiliates. A hacker who can challenge the corporate monster by revealing the coding deficiencies delivered in the commercial market is surely welcome. An irresponsible and immature fool who enjoys spreading Back Orifice damage on the PCs of innocent people is worthy of contempt. But then again, he may be a 16 or even 14 year old to whom, while we want to censure and punish his activities, we cannot ascribe adult and moral culpability.

Hackers is worth a look, if only because there's not much written about this subject. However, this apparent lack may have a reason: at the descriptive level, there's not much you can say. Evaluating and analysing hacking activity in a wider context is the more interesting approach; Taylor does this to some extent, for example by referencing people like Becker and describing the historical context. But most of the book is description and simple documentation.

Appendix

I've just had a 30 minute conversation with an NTL engineer (November 2002). After 5 hours on the phone - waiting to be connected, then repeatedly trying to get them to listen to me: I did not want or need advice on how to configure my PC (again), that there was a problem on their system - I finally got to speak to one of their engineers. The guys who look after the servers, who know a thing or two about how the Internet works. We got on to the subject of hacking, and he told me how he'd learnt quite a lot about it, from his work environment. He also reported stories of hackers compromising remote systems, leaving an e mail address, offering their services, and obtaining highly paid security jobs. Hackers came out in 1999; I suspect that the hostility and mistrust Taylor describes has moved on a little. That in 2002, companies are beginning to recognise that the people who can penetrate their network and then offer their services could be a valuable commodity.

Interesting article considering the social/sociological implications of Linux