Thursday, September 15, 2011

Hacking is free speech!

Hacking Is Free Speech! (or is it?)

I should start by noting that not all speech is protected under the 1st Amendment. For example, I can’t say to someone that I am a detective with Miami Metro Homicide, because I’m not. That’s called impersonating a police officer and carries a prison sentence. There are particular acts in speech that breakdown the structure of our society, so we don’t protect them. Libel. Slander.

The problem with laws governing fraud covering the Internet is that everyone is a fraud on the web. Why do we allow hate speech to be protected while we chastise hackers for typing in simple letters and numbers in URLs? One may very well incite violence, but the other is much more insidious somehow because we call it Cross Site Scripting? One is more insidious because a software company produced a terrible product and doesn’t spend enough resources keeping their software up to date?

Let’s face it. The Internet makes us bipolar. The whole point of the Internet is being connected, yet we put up barriers and firewalls to protect us. At the same time that we say we are worried about hackers and identity thieves ruining our lives, we believe news articles from people we don’t know the credentials of and we open up to complete strangers whom we’ve never met. Why can’t we just accept that you shouldn’t trust anyone on the Internet?

If we can accept it as true that nothing on the Internet should be trusted, then we wouldn’t be surprised when information was leaked or when sites went down. Should Hacking be considered protected speech under the 1st Amendment? In other words, should hacking be free speech?

As security practitioners and government legislators, we should accept the reality of computer insecurity rather than fight the evil hoardes that attempt to subvert our pristine online ivory towers.

Why not have laws that make it illegal to ship a computer product that is susceptible to computer hacking? Why not make it illegal to not patch a known vulnerability within a reasonable period of time? Why not make create real penalties for failed security at companies that have high value targets just like we have for banks and other institutions?

Because it’s impossible to make a computer secure? Exactly my point!

Because it’s easier to label ‘hackers’ as bad guys and go after them than change our paradigm?

The truth is that we don’t really understand the virtual world enough to apply the law to them. While I can accept the application of RICO to rings of identity thieves, it makes no sense that a person can get jail time for being an internet troll. (Keep in mind the difference between US and UK law…in the US there is a church that goes to protest at military funerals.)

So you say you want a revolution? You say that as the computer elite you should be the ones to change the world? Okay, let’s say that hacking is civil disobedience. There have been some meaty articles written on this in The Guardian, Slate, and Shiny Ideas.

Okay, so instead of being a Civil Rights Worker, you’re a Hacktivist. Now what? You should be prepared to be arrested. Civil Rights activists had a specific goal they were working towards and they were prepared to be arrested to support their cause, for change. The very act of their arrest only added to their cause. If you are a Hacktivist and you believe in whatever cause you are supporting, then nobly stand behind it. But don’t undermine your own cause by trying to overthrow society itself.

This is the problem then. What is the cause that Hactivitism supports? Is there only one? Are there more parallels with Batman or Martin Luther King Jr.?

No comments:

Post a Comment