By Maureen Webb
In this first part of the 21st century, in the early dawning of the digital era, a struggle is taking place as corporations, states, criminal elements, and parts of civil society vie to build the coded environment around us. Hackers are savants in this world, but their identity is protean. Sought after for their talents, almost folkloric in status, they’ve been recruited and reviled, celebrated and thrown into prison.
In fact, hackers are engaged in a whole range of acts, from the highly altruistic to the plainly nihilistic and dangerous. On the altruistic side of the continuum, they are creating free software (GNU/Linux and other software under GPL licenses), Creative Commons (Creative Commons licensing), and Open Access (designing digital interfaces to make public records and publicly funded research accessible). They are hacking surveillance and monopoly power (creating privacy tools, alternative services, cooperative platforms, and a new decentralized internet), and also electoral politics and decision making (witness the hacker platforms used by political groups and organizations such as Cinque Stelle in Italy, EnComú in Barcelona, Spain, Ethelo in Canada, and Liquid Democracy in Germany). They have engaged in stunts to expose the technical flaws in voting, communications, and security systems widely used by, or imposed on, the public (playing chess, for example, with Germany’s election voting machines, hacking the German Bildschirmtext system, and stealing ministers’ biometric identifiers to protest biometric mass surveillance systems). They have punished shady contractors like HackingTeam, HBGary, and Stratfor, spilling their corporate dealings and personal information across the internet. They have exposed the corruption of oligarchs, politicians, and hegemons (through the Panama Papers, WikiLeaks, and Xnet leaking platforms, for example).
More notoriously, hackers have coordinated distributed denial of service (DDoS) attacks to retaliate against corporate and government conduct(such as the Anonymous DDoS that protested PayPal’s boycott of WikiLeaks; the ingenious use of the Internet of Things to DDoS Amazon; and the shutdown of the US and Canadian government IT systems). They have hacked into databases (the most widely known examples, of course, being the respective data hacks of whistle blowers Chelsea Manning and Edward Snowden), leaked state secrets (Manning, Snowden, and WikiLeaks), and, in doing so, betrayed theirown governments (Manning betrayed US war secrets, Snowden betrayed US security secrets). They have interfered with elections (such as the hack and leak of the Democratic National Committee in the middle of the 2016 US election) and sown disinformation (the Russian hacking of US social media). They have interfered with property rights to assert user ownership, self-determination, and free software’s four freedoms (farmers have hacked DRM code to repair their tractors, for example,and the hacker known as Geohot unlocked the iPhone and hacked the Samsung phone to allow users administrator-level access to their devices), and also to assert open access to publicly funded research (as the brilliant young hacker Aaron Swartz did before he was hounded by state prosecution and took his own life).Hackers have created black markets to evade state justice systems (such as Silk Road on the dark web) and cryptocurrencies that could undermine state-regulated monetary systems. They have meddled in geopolitics as free agents (as Anonymous did in the Arab Spring and Julian Assange did during the last American election). They have mucked around in and could potentially impair or shut down critical infrastructure. (The “WANK worm” attack on NASA was an early, notorious, example of this, and of course hackers could also target banking systems, stock exchanges, electrical grids, telecommunications systems, air traffic control, chemical plants, nuclear plants, and even military “doomsday machines.”)
How should society treat these various hacker acts? Should they be viewed as incidents of public service, free speech, free association, legitimate protest, civil disobedience, and harmless pranksterism? Or should they be treated as trespass, tortious interference, intellectual property infringement, theft, fraud, conspiracy, extortion, espionage, terrorism, and treason?
In his classic 1968 essay “The Tragedy of the Commons,” the American philosopher Garret Hardin argued that the social arrangements that produce responsibility are arrangements that create coercion of some sort. Hardin was writing about the problem of an exponentially expanding population in a finite world, but his argument could be applied to any shared resource in a democratic commonwealth,including the internet or cyberspace.
The inexorable, and therefore tragic, result of freedom in any commons, Hardin argued, is the ruin of the commons.In a commonly held pasture, for example, the result is overgrazing,as herd owners seek to maximize their own immediate interest at the expense of the collective and the long-term welfare of the resource.
How might this be regulated? Hardin asked. Prohibition is easy to legislate although not necessarily easy to enforce. How, he questioned, do we legislate temperance? Hardin put stock in administrative law, a type of legal regulation in which custodians have the flexible rule-makingand discretionary powers to “evaluate the morality of acts [taking accountof] … the total system.” Morality, he pointed out, “is system-sensitive.”“[T]he morality of an act is a function of the state of the system at the time it is performed.” For example, dumping waste into a river in an unpopulated frontier where nature can purify or dilute it, might be moral, where dumping it in a metropolis and creating a cesspool is not.
But, as Hardin observed, giving custodians this kind of flexible, discretionary power makes them susceptible to corruption.“The great [governance]challenge facing us now”, he said, “is to invent the corrective feedbacks that are needed to keep the custodians honest,”. “We must find ways to legitimate the needed authority of both the custodians and the corrective feedbacks.”
In the early days of the American republic, politics were rowdy. The people provided all kinds of corrective feedback’s to officials and commercial operators, petty and great. America’s was a democracy which, in addition to institutional checks and balances, had high citizen participation, diverse civil groups, and a foundational tradition of civil disobedience (the Boston Tea Party which challenged British monopoly power and the Underground Railroad which challenged the economic institution of slavery being just two examples of the tradition). The American people’s innovation was a new kind of social compact—constitutional democracy based on popular sovereignty. The ingenuity of this form of governance was that it worked something like mutually agreed-on mutual coercion. As American democracy evolved it was distinguished by large social movements, including the antislavery movement, the woman suffrage movement, the Progressive movement, the civil rights movement, and the antiwar movement during the Vietnam War years,all of which changed power relationships in the country profoundly.
Coercion, or corrective feedback, from the less powerful can come in many forms: civil disobedience to unjust laws, but also strike,boycott, work-to-rule, and sabotage; the occupation of space and shows of solidarity; the defiling of values and flaunting of alternative ones; witness,moral suasion, shaming, shows of contempt; the testing of limits, displayed prowess, intellectual influence, virtuous example,humor, love,and yes, hacking. All of these can transgress the status quo, the complacency of power.
It is impossible to calculate where all the hacker acts described above nudge us as a species.What is certain, is that as people begin to hack more concertedly at the structures of the status quo, the reactions of those who benefit from things as they are will become more fierce and more punitive, at least until the “hackers” succeed in shifting the relevant power relationships. We know this from the history of social movements. At the dawning of the digital age, whistle blowers hacking databases to expose venality and corruption, activists hacking electronic voting machines to expose their security flaws, farmer shacking tractors to circumvent Digital Rights Management restrictions—and yes, security researchers hacking “black boxes” of code to study whether they are functioning as promised or inserting malware into users’ computers—will be ruthlessly punished.
Certainly, some uses of hacking—such as the malicious, nihilistic hacking that harms critical infrastructure and threatens lives and the hacking in cyber warfare that injures the critical interests of other countries and undermines their democratic processes—are abhorrent and cannot be defended. But somewhere on the continuum of altruism and transgression isthe kind of hacking that might lead the world toward more accountable government and informed citizenry, less corrupt and unfair economic systems, wiser public uses of digital tech, more self-determination for the ordinary user, fairer commercial contracts, better conditions for innovation and creativity, more decentralized and robust infrastructure systems, and an abolition of doomsday machines.
It is not clear where the line between “good” and “bad” hacking should be drawn or how to regulate it wisely in every instance. But citizens should inform themselves and begin to consider this line-drawing seriously, since we will be grappling intensely with it for the next century or more.And technologists bear a special responsibility to think about and raise awareness around these questions.As the cognoscenti who determine the design solutions that govern our digital commons as much or more than any law does, these professionals should view their work, not as a series of engineering or “client” problems, but as a fiduciary role they are undertaking for the whole of society.
About the Author
Maureen Webb is a labor lawyer and human rights activist. Her new book is Coding Democracy: How Hackers Are Disrupting Power, Surveillance, and Authoritarianism from The MIT PRESS. She is the author of Illusions of Security: Global Surveillance and Democracy in the Post-9/11 World and has taught national security law as an Adjunct Professor at the University of British Columbia.