

Could hacking be done in the public interest? - jgrahamc
http://blog.jgc.org/2011/07/could-hacking-be-done-in-public.html

======
basseq
You can't merely say that an illegal act is justified because it was conducted
to expose another crime (or immoral action, or what-have-you). "Suspicions",
even commonly held ones, do not suffice as burden of proof -- hence
Constitutional amendments on unwarranted search and seizure, or outcry over
racial profiling and illegal immigration. Can I break into my neighbors house
because I think he's beating his wife? If not, then why is his computer system
not sacrosanct as well? And if so, then aren't we advocating vigilantism? And
if he is, in fact, guilty, then am I absolved of B&E? What if he's innocent;
am I protected by the "purity" of my purpose?

Conversely, the whistleblower regulation comparison is an interesting one,
though my understanding is that it's designed to expose corruption where there
is no external proof: you have to be an insider to have access to (or even
aware of) the incriminating information. But in an age where information is
public, and so too may be the indicators of crime. And in that case, might an
outsiders' crime (e.g., hacking) parallel that of an insiders' (e.g., breach
of confidential information), and, if conducted for the same purpose and with
the same outcome, be afforded the same protection under the law? But this
raises the question: if the information is public, then shouldn't we expect
the authorities, if the suspicion is sufficient for a warrant, to conduct
their own (legal) inquiry? Is this a simple failing of law enforcement? Or
(tinfoil hat time) corruption at the "highest levels"? Or a fundamental shift
in power (and, perhaps, responsibility) to the common man and the court of
public opinion?

Heavy questions. Could it be done in the public interest? Of course. Is it
morally (or legally) justified? Perhaps. But maybe the real question: are the
so-called hacker/advocacy groups somehow noble in their purpose? This, I doubt
-- at least to date.

~~~
jgrahamc
> Are the so-called hacker/advocacy groups somehow noble in

> their purpose? This, I doubt -- at least to date.

I totally agree with this. We've seen a number of groups (Anonymous, LulzSec)
claiming to be noble but exposing tons of private information on 'innocent'
individuals with the flimsy justification that that was showing that companies
had poor security.

------
blendergasket
I would argue that the opening up of HPGary's emails was most definitely in
the public interest even though not legal. We learned that private,
unaccountable security firms were being contracted by the government and
corporations to circumvent the checks and balances to power that the US
Constitution and Bill of Rights provide us as citizens. Also, it showed that
HPGary was willing to try to intimidate journalists into disown their
positions and not defending organizations they felt a moral responsibility to
protect:
[http://www.salon.com/news/opinion/glenn_greenwald/2011/02/11...](http://www.salon.com/news/opinion/glenn_greenwald/2011/02/11/campaigns)
.

More generally we are in a time of unprecedented attacks on the ability of the
media to perform its role as a check to Power of all sorts:

(Guy who exposed waste/corruption in NSA getting constantly harassed)
[http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_...](http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer)

(NYT writer subpoenaed before grand jury to give up source)
[http://www.washingtonpost.com/national/national-
security/rep...](http://www.washingtonpost.com/national/national-
security/reporters-ordeal-continues-in-convoluted-cia-
case/2011/07/03/gHQAbFDAyH_story.html)

(ATF agent fired for exposing that the ATF was actually selling Druglords
guns) [http://www.theatlantic.com/politics/archive/2011/06/the-
obam...](http://www.theatlantic.com/politics/archive/2011/06/the-obama-
administrations-whistleblower-problem/241262/)

(bit from The Corporation about Fox news bowing to Monsanto's desire to cover
up the dangers of rGBH in milk) <http://www.youtube.com/watch?v=JL1pKlnhvg0>

The more the government and Power in general tries to cut citizens off from
the information we need to make informed decisions the more activists are
going to try to get this info by extrajudicial means. The farther we slide
into a world where Corporate power and Government power no longer act as
checks to one another and form a united front against anyone who challenges
their blanket of unchecked power the more important it will be for some
force(s) to stand up to them on behalf of the people's rights, including their
right to information.

I'm not justifying what News of the World did, there is no moral basis for
playing with the emotions of the family of that poor girl in order to get an
edge on more moral news gathering organizations. Hacking is a tool just like
leaking is a tool. Both are used for good and bad. The problem is when both
are used solely by the people in power to control to hurt the little guy.

------
nantes
I was kind of disappointed after the first paragraph, when I realized this
wasn't talking about the kind of hacker I thought, as in Hacker News.

If it were, it surely would have mentioned some awesome projects like:

Hack Tyler <http://hacktyler.com/>

Civic Commons <http://civiccommons.org/>

Code for America <http://codeforamerica.org/>

and

Open Plans <http://openplans.org/>

------
nathanb
Private citizens, at least in the US, are protected from government intrusion
without the executive branch proving probable cause to the judicial branch.
This is a part of the checks and balances which keep our government from
becoming a totalitarian state, no matter how much it seems to want to. No
matter how illogical and unreasonable it seems to reject concrete evidence of
wrongdoing because said evidence was improperly obtained, such procedure is
absolutely vital in order to keep from becoming a police state.

While hacktivism can serve the useful purpose of keeping corporations and
public officials honest, it also violates this fundamental tenet of our free
society. While it seems very poetic and underdogish for a small hacker group
to bring a huge, corrupt corporation to public humiliation, it is at the same
time a terrifying incidence of vigilante justice. These corporations _must_ be
protected from this sort of thing by the law for the same reason that
improperly-obtained evidence _must_ be inadmissible in a court of law.

~~~
saulrh
The counterargument, as presented by blendergasket below, comes when the
situation is reversed and the government is the target. Consider the recent
#antisec releases as a sort of first-amendment freedom of the press, or the
attacks on HBGary as people exercising their second amendment right to keep
and bear arms.

~~~
nathanb
Is the solution then to legalize such intrusions? It seems like it would be
far too difficult to differentiate between beneficial and malevolent
operations. It would also be extremely difficult for a company to dispute
falsified evidence presented by would-be hacktivists. If anon had falsified
the HBGary records, would we believe Aaron Barr if he said the data were not
correct? How could he suitably prove the non-existence of such data to the
public without revealing an inappropriate amount of internal information?

I'm not saying such intrusions and releases are not useful or never reveal
important information. But it's sort of like a Crime and Punishment situation.
Even if the releases reveal important information about government or
corporate corruption which would have otherwise gone unchecked, we cannot
officially and legally condone these attacks.

~~~
saulrh
A blanket legalization would be bad, I agree. The best approach that I can
think of is to set up a way for these releases to be grounds for a warrant.
Instead of releasing those credit card numbers to the internet, you send them
to the police along with how you got them; the police verify your method and
data (maintaining chain of custody along the way) and proceed to court.

There are a few improvements to this method. One would be to fine corporations
with poor data security, then using the money to reward crackers for bringing
poor security to the attention of the police instead of stealing credit cards.
Another would be to get the media involved, using freedom-of-the-press and
transparency to keep the government honest.

~~~
nathanb
This still doesn't really address your concern about the government, however.
And even though at some point in our future it will likely become important
(assuming it isn't so already) for the individual to be able to have some sort
of recourse against increasingly rapacious and legally invulnerable
corporations, the idea of legally condoning the sort of attacks and breaches
we've seen recently still seems a bit too wild-west for my tastes.

~~~
saulrh
The second half of that was pretty much what I was getting at; I was
presenting a way for people to legally demonstrate that a corporation or
government entity is breaking the law. If the government changes the laws to
make its spying legal ( _cough_ patriotact _cough_ ) the only real solution is
for the average user to stop being an idiot long enough to learn, use, and
demand good crypto.

------
zerop
It could be... The NIC servers of Govt of India were hacked by Anonymous India
(#OpIndia) to mark protest against the huge corruption in India

[http://www.thehackernews.com/2011/06/anonymous-india-
opindia...](http://www.thehackernews.com/2011/06/anonymous-india-opindia-
strikes-again.html)

------
tobylane
Yes, with permission. It's called white hat. The way the (UK) law is phrased,
permission makes the difference between legal and illegal, there isn't a grey
area. The recent hacks, how else could they have been done? Does it really
matter that Lulzsec did it rather than criminals who would sell the details
on? This way guaranteed continuous reason/blame/motive, which is good press-
wise.

------
canistr
To answer this question: Yes. And it happens at the NSA everyday when they are
monitoring suspected criminals whether they are terrorists planning attacks,
foreign spies conducting industrial or economic espionage, drug dealers
trafficking banned substances, pedophiles, and other similar criminal
activities.

This should come as no surprise to anyone that the NSA or FBI does contain the
money, manpower, and legal authority to do things 'in the public interest'.

Patriotic hackers are a different matter and though they tend to hide within
the underground, they often times are contracted by authorities to gather
information or sabotage other more devious hackers.

EDIT: And of course, someone has to downvote me because they disagree with me
pointing out what is already happening. I don't understand how you can
disagree with facts.

~~~
bh42222
Wait, so if the government breaks the law (I'm assuming you meant illegal
hacking, otherwise never mind) they must be doing it for the right reasons and
it is great and admirable and wonderful.

But if private individuals illegally hack someone, not for profit, but to
release information about cronyism, corruption, lax security, then those
private hackers are just schmucks?

This is then similar to how if the government tortures a suspect, that's OK
because he might really be guilty. But obviously torture is wrong if anyone
else does it?

~~~
canistr
No, I'm clearly talking about legal hacking. That's the whole point of "public
interest".

~~~
bh42222
Do you need a court order to legally hack, like a search warrant?

~~~
canistr
Under wiretapping laws, yes. But unlike some search warrants, they don't have
to be presented to the person under investigation nor do the warrants have to
be confirmed to be in use by authorities because that would compromise the
investigations.

