To many, a hacker is anyone who does something with a computer that is not trivially understood. To law-enforcement and the criminal justice system, a hacker is someone who commits a computer-involved crime.
So to clarify, it's actually still a great time to be the former. It's not now, nor has it really ever been, a good time (or a good idea) to be the latter.
The rest of the article seems to just be an explanation of why that is.
It's only great to be a hacker because the term has largely lost even its extended meaning. The hacker has, for lack of a better word, been gentrified.
To many, a hacker is anyone who does something with a computer that is not trivially understood. To law-enforcement and the criminal justice system, a hacker is someone who commits a computer-involved crime.
"To law-enforcement and the criminal justice system" the former criterion implies the latter.
Well, I've yet to hear of any Haskell programmers being picked up , but Moxie Marlinspike and Jacob Applebalm have both been harassed repeatedly despite no evidence of any wrongdoing on either of their parts.
Applebaum's difficulties don't stem from any misunderstood technical magic afaik. The popo don't like what he's doing, but I think they understand it quite well.
You probably disagree with the common feeling that the prosecuted actions of e.g. Weev, Swartz, etc. would not actually be crimes in any decent society, but don't pretend you've never heard of them.
To us their actions were trivial. To a trial jury or especially to a grand jury, not so much.
But this specific objection actually undermines your entire argument. If justifiable trivial actions can be maliciously portrayed as crimes, so much more can justifiable nontrivial actions. It's a sliding scale anyway: I'm no über-hacker so I know that many things that are trivial to more skilled people would be initially mysterious to me. This is why just law must be based on the consideration of specific acts that either meet or fail to meet concrete widely-understood criteria. Just law does not punish acts that are in a "gray" area, which cannot be said with certainty to be crimes. When uncertainty is a basis for prosecution, the only criteria we have are the potential misunderstandings of the dumbest jury a prosecutor could possibly empanel. At that point, human innovation and happiness will cease.
It seems pretty clear at this point that you did not in fact need any citations.
I agree. Ignorance is certainly exacerbating this matter.
I was facing criminal charges for a python script that monitored a mail server that I owned. My security clearance was suspended. My professional reputation was tarnished. The charge was that I "hacked" several computers. With no evidence, with little more than a complaint from two people, all of my previously reputable work (never mind my TS clearance) was discarded and I was regarded as a threat. An escort was required if I was near a computer. I could not use any of the Information Systems. I was given a utility closet with a 55 gallon trash can and some cleaning supplies to call my desk. My chair was missing one of the wheels so it rested at an angle. This lasted for four months.
It was impossible to prepare myself. How would my script be 'understood'? I was trying to learn python. The script monitored headers for internal messages being forwarded to external accounts and blocked them. A message was sent to the offending party with the policy that prohibited this act. Pulling from the headers, the message included the intended recipient in the body to the offender. Yet it was more readily believed that I "hacked" the computers of the sender and recipient to accomplish the effect.
Though this is trivially understood, it is not easily accepted by people who are not aware of the fundamental mechanisms of a mail server. I attempted to explain my script using postal mail as an analogy. I explained the auto response as being similar to vacation messages. The charges escalated from "hacking", which was the compromise of a system I did not own, to interfering with the delivery of sensitive information. I was mortified. In trying to explain what I was doing, I dug a deeper hole. Fortunately for me, definitely not for the 'victims', the information that was being sent was now classified and regarded as sensitive. The fact remained that I owned the mail server and it was not authorized for use transmitting sensitive information, which is the responsibility of the 'victims' to know. The charges were promptly dropped and I spent the next several months clearing up the matter with the rumor mill. My clearance took quite a while to be reinstated. I was no longer regarded as a credible subject matter expert to seek for consultation. I was blacklisted, in a sense. I packed up and moved on when I could.
I wanted to better understand Python and mail servers and it nearly crushed me. Once I was labeled as a "hacker", the most diabolical intentions were projected upon my every behavior. Encrypted emails? Suspect. Modified a router to respond to all probe requests? Sinister. Assembled a transparent bridge using commercially available equipment in your garage? Treasonous. I was concerned that my curiosity would held against me. It was a nightmare. That is as mush as I can recount.
Why does anyone continue to give Adrian Lamo a platform? He is like the Kim Kardashian of computer security--he's famous for being famous. I'm not aware of any evidence that he knows what he is talking about, particularly when it comes to various criminal penalties (he gets these blatantly wrong).
Edit to add example: Lamo says
>To put this into some kind of perspective, if Swartz had committed violent battery of a Supreme Court justice or a member of Congress he would have faced, at most, a year locked up in the pen — as long as he didn’t use a deadly weapon.
The maximum prison sentence for aggravated assault in DC is actually 10 years. And if you use a deadly weapon, it adds an additional maximum penalty of life in prison.
I’ve also worked the other side of the fence, working with law enforcement and the US Government on computer-involved national security issues, most notably in the apprehension of Bradley Manning for leaking military and diplomatic secrets to Wikileaks.
Why? I ask this because many politically-minded hackers are under the misapprehension that Bradley Manning was purely a whistleblower, which is not the case.
My thoughts on Bradley Manning are more complicated than the simplistic "Free Bradley!" or "Hang Bradley!" extremes one often sees when it comes to that case.
I don't fully support what he did and I think he was wrong to do it in the manner in which he did and thus he deserves some punishment. I also think he stands as an unfortunate symbol of how the idea of the writ of habeas corpus is completely dead in America, which sucks.
As it relates to Lamo, though, I think it is clear that the way Lamo went about convincing Manning to reveal what he had done while convincing him that he (Lamo) was a journalist and priest and thus Manning would be protected from disclosure was hugely unethical and marks him as one of the great asshats of all time.
I think the concern about habeus corpus is valid, but more for those like the Gitmo detainees than Pfc. Manning per se. He leaked classified information, and having to build an entire legal infrastructure and trial around that properly, without having any eventual sentence thrown out on a technicality, is going to take time and effort. Let's face it, if it were up the Army he'd already be convicted and spending the next couple of decades at least playing cards at Ft. Leavenworth.
As far as Lamo, I agree in general with the description of asshattery. But still, if Manning actually thought Lamo were a priest then I have to wonder about his capacity for critical thinking. And either way, I find it at least a bit ironic that Lamo managed to extract accurate information from Manning, under false pretenses, immediately after Manning extracted accurate information from the U.S. Government, under false pretenses. But only one of those two swore to protect the information in question under penalty of law.
He released evidence of scores of crimes and warcrimes. His actions were a major catalyst for the Arab Spring, yet something for which he has literally been tortured.
If I blow up a bomb in the middle of a populated area and just so happen to take out a bunch of bad guys that doesn't make my actions right. This is true even if the bomb only kills a bunch of bad guys, because the action was completely reckless, without regard to collateral damage, and only by luck gets the job done.
Likewise we wouldn't condone getting the GMail password of a child kidnapper by releasing the GMail passwords of all adult males. Whistleblowers report specific crimes, they don't just mysqldump a database and netcat that shit to foreign-entity.co.au and hope they treat the data properly.
But let's talk about his actions catalyzed the Arab Spring. How many Tunisian, Libyan, Egyptian and Syrian lives does Pfc. Manning have on his hands then? We blame the U.S. for all of the fatalities related to Iraq, for example, even though the U.S. didn't directly undertake all of those killings. So why would Manning get a pass for this?
As far as torture, Prevention of Suicide Watch is an actual prisoner status one can be in, especially if one makes jokes about killing themselves (as Manning's own lawyer admitted he did). The military judge presiding over Manning's hearing agrees that he was held under suicide watch without enough justification and has reduced his eventual sentence (it's unclear by how much though).
But either way, I would humbly submit that someone with military training should be intelligent enough to not joke about committing suicide, especially when part of a case with extreme media interest where actually committing suicide would bring the "Eye of Sauron" of negative attention on the detention facility. You don't even have to take my word for that; just look at the reaction to Aaron Swartz's suicide.
Blowing up a crowded population to kill a few "bad guys" is exactly one of the crimes he is accused of releasing. Aside from that, it has nothing to do with him.
He is often compared to famed whistleblower Daniel Ellsberg, who released thousands of documents indiscriminately that had a lower security designation than anything Manning released. Plus even Robert Gates called the negative impact of Manning's leaks "fairly modest."
It wasn't just a SQL dump. Manning found evidence of crimes, and he took what looked suspicious. Read his chatlogs with Lamo if you must.
Daniel Ellsberg had a hand in writing the very same "thousands of documents" that he leaked. So he was able to vouch for their contents. (And P.S., he leaked it to the New York Times, not Pravda).
Pfc. Manning, on the other hand, downloads hundreds of thousands of different documents, and instead of simply releasing the specific ones he looked at which he felt documented war crimes, simply passed it all along. Not to the Inspector General, not to the Office of Special Counsel, not to the NYT, or WaPo, or any U.S. entity. No, he passed it (these hundreds of thousands of documents he never so much as looked at) directly to WikiLeaks, an organization that is not exactly impartial (and either way, is foreign-run).
So I'll reiterate. He took whole CD-R's full of stuff, which he didn't fully review, and offloaded it all to a foreign third-party to filter through and do with as they will. If the impact ended up "fairly modest" it was due only to luck or incompetence on Manning's part (I'll let you pick whichever you like).
If Manning were whistleblowing, he would have taken the "evidence of crimes", and leaked that, just as has been done by other soldiers before him (e.g. Justin Watt, serving in Iraq).
I've read the chat logs as it turns out, but it reminded me of something: Manning himself noted that he had been demoted by the Army for physically assaulting another soldier, that he was dissatisfied with being 'an abused work horse', etc. etc. However he managed to convince himself of his 'ethics', the fact is that he had a ton of ulterior motive.
For all the talk we hear of proportional response for Aaron Swartz, you would think that Manning would have thought more before making the logical leap from "I have to deal with shitty officers" to "I have to exfiltrate as much as I can".
I mean, Manning himself realized that it's not as if all military servicemembers are horrific murderers:
(02:09:58 PM) info@adrianlamo.com: most people in the Army aren’t in specialties
that involve directly servicing targets.
(02:10:14 PM) bradass87: im glad you realize that
Another cool snippet from those chat logs:
(12:12:46 PM) info@adrianlamo.com: Want to go to the press? :)
(12:12:51 PM) bradass87: no
Looks reeeeeeaaal concerned with getting those crimes reported, doesn't he?
The logs also state:
(12:21:24 PM) bradass87: say… a database of half a million events
during the iraq war… from 2004 to 2009… with reports, date time
groups, lat-lon locations, casualty figures… ? or 260,000 state
department cables from embassies and consulates all over the world,
explaining how the first world exploits the third, in detail,
from an internal perspective?
Which of those 500,000 events were war crimes? How about the 260,000 cables? Don't forget the cables describing such heinous crimes as what U.S. diplomats thought of the buddy-buddy relationship between Silvio Berlusconi and Vladimir Putin, my knees shake at the thought!
(1:34:45 PM) bradass87: all while witnessing the world freak out as
its most intimate secrets are revealed
Looks like it's still spinning the same to me, Brad-O, except of course for all those dead in the Arab Spring uprisings. I just hope we end up with stable secular democracies out it. Maybe some good will come of all this (not that it will help Pfc. Manning in the end... good intentions don't excuse bad behavior).
> A law becomes unjust when a person of ordinary — or even extraordinary — intelligence cannot readily predict what charges might arise from a given activity.
...if I were to commit armed robbery, I could easily find out what law I would be breaking and what kind of prison sentence I'd get. With infosec and IP laws, you'll never know how they could be wielded against you!
Look, I'm all for better laws and such, but most of what constitutes being a hacker (in the HN sense) doesn't even approach illegality. I think it's never been a better time to be a hacker.
"most of what constitutes being a hacker (in the HN sense) doesn't even approach illegality"
I wouldn't say that. As an example, many companies in the (very crowded) data-storage or file-sharing space spend a lot of money on legal fees to cover their asses (or do damage control) in case of copyright violation when someone decides to share the latest DVD rip using their service.
There are many other examples like this. People in our field are constantly exploring the limits of what we can and can't do with technology in the context of laws that were created without these uses in mind.
True, it has never been a better time to be a hacker, but I think when/if we have all these issues sorted out it will be even better.
Especially if you discuss things with the author of the piece, Adrian Lamo. Adrian Lamo is not a hacker. He is a Fed. Pure and simple. His hacking convictions were there to give him cover.
I can't imagine Adrian or someone else in his position not doing exactly the same thing. Remember, he's a convicted felon, and had every reason to suspect he was still a target.
A totally random person IMs you out of the blue, talking recklessly about crimes he'd committed, and trying to elicit your support and confirmation of understanding and support in furtherance of acts previously and ongoingly committed. Even if you support some of his motives, you'd be wise to either report it (as Adrian did), or, at the very least, make it clear you neither understood nor supported the actions. Otherwise, you're part of a conspiracy, and thus even more fucked.
The guy could either be an informant trying to entrap you, or at least had such recklessness that he'd approach someone and be reported/caught later, so you'd be at risk if you cooperated in any way.
There could be a slight difference if you were a protected party (someone's lawyer, priest, spouse, doctor) and if the crime were not something which carried a duty to report.
"Sorry dude, I have no fucking idea what you're saying, plus you're a dick" is probably safer. They'd have to show you both understood and agreed with the action, but it's hard to prove that, especially if you started the conversation by not being a dick.
It's fun/scary reading the transcript and figuring out at what point you'd do what. If it were a random person IMing me from Iraq, I'd probably be friendly to start out.
The safest thing is to end the conversation before any criminal acts are discussed. I think it's also probably safer if you immediately switch to "you should report that to law enforcement, it sounds like a crime" vs. just "the fire, please die in it."
Did you just imagine doing something other than what AL did? Seems like "I can't imagine Adrian or someone else in his position not doing exactly the same thing" didn't last long :)
And yet a great, great many convicted felons do not report criminal contacts. I point to the number of convicted felons who go on to commit another felony in company of other criminals. Furthermore, I am led to believe that a culture of physical violence towards informants means that a felon who reports on other criminals is, frankly, asking for trouble. I wouldn't be surprised if the majority of felons do not habitually inform on each other.
They like to make an example of computer criminals. Locking up a marginal rapist, murderer, gang member, etc. doesn't serve any useful political purpose -- it just makes crime stats look worse.
Hackers should form security companies and offer hacking as a service. Many private companies would rather pay a third party security firm a fixed price to solve any vulnerabilities versus hiring a team of fulltime security experts on their payroll.
So to clarify, it's actually still a great time to be the former. It's not now, nor has it really ever been, a good time (or a good idea) to be the latter.
The rest of the article seems to just be an explanation of why that is.