We are currently at war. We’ve been at war for many years, whether it’s battling a civil war or sending out resources to our allies’ wars. Every day, many brave soldiers are out there, fighting to prevent horrors from happening in the world, but we also have people fighting from the home front. By subtly hacking enemy databases, leaking classified information or taking down online threats, these cyber vigilantes help our soldiers in their own way. Though their hard work has gotten a lot of praise, there are still many people not feeling comforted by the fact that the privacy law is being breached, even if their skills in cybersecurity is used for good. With this in mind, I choose to use this report as an opportunity to examine whether or not hacktivism should be justified, both morally and lawfully. I will draw on both global and national perspectives, focusing especially on perspectives within the United States, as the biggest hacking cases took place there, but I will also be focusing in on the perspectives my home country, Denmark, has on cybercrime.
Hacking is something that’s sparked a heavy debate over the years. They trigger both outrage and eulogy as they push both the boundaries of online crime, and the morality of cyber justice. Though there are many other issues to discuss, I have chosen to work specifically with these two, as, to get a better understanding on hacktivists, I find these issues the most relevant to look into and discuss further.
Boundaries of Online Crime
Hacking started already in 1950s, where students of Massachusetts Institute of Technology’s early artificial intelligence department played around with track circuitry. Other hackers then later found out that toy whistles produced the right frequency for them to be able to ‘phreak’ telephone systems, enabling them to place long-distance phone calls for free. Amongst the other ‘phone phreaks’ was Stephen Wozniak and Steve Jobs, the future founders of Apple (Foreign Policy, 2013). Ever since then, hacking have become a very big phenomenon and is used both in cyberwarfare, and for personal vendettas. But if the two founders of apple could hack into phone systems illegally and not get punished for it, why do some people get sentenced years of prison for hacking into servers that can help them potentially win a war?
Though hacking is the most known and used computer crime, it actually wasn’t up until 1986 that the first hacking-related legislation, the Federal Computer Fraud and Abuse Act, was enforced, and it was due to the lack of people with the right programming competences, the right amount of resources and the lack of material for prosecution. As a result of this new legislation, during a new project called Operation Sundevil, the FBI seized 42 computers and thousands of floppy disks that were being used to do criminal activities, including illegal credit card use and telephone service (Florida Tech, 2017).
In Connecticut, 1st degree of computer crime is punishable with up to 20 years in prison or a fine of up to $15,000, if not both (CGA, 2012). This punishment is approximately the same as the federal law’s maximum prison sentence for sexual offenders. Some people, however, are against this kind of punishment, as they don’t see cybercrime to be as bad as sexual offences. They want the penalty loosened, if not completely removed. If we were to remove the computer crime law completely, it’s safe to say that a cyberwar would break out. Now, companies victimized by cybercrime would suddenly have the opportunity to retaliate, thus resulting in a war between governments and cyber vigilantes. In the end, it might possibly end with the Internet being shut down for good, if things got out of hand.
Florida Tech claims that cybercrime will continue to be ever-present in our society, regardless of the best efforts of the criminal justice systems, but even though it might be true that there will continue to be cybercrime, we can do something to minimize the damage. We cannot stop crime, but we can control it. A course of action to minimize cybercrime on a global plan could be to create a law system that effectively will punish cybercrime. When criminals’ chances of escaping get closer to zero, the chance of an actual crime being committed will be heavily reduced. That doesn’t mean that 20 years of imprisonment will help significantly, though, as cyber criminals often are hackers, and if they’re able to hack into sites with top security, they’re more than capable of hacking into prison-systems, as well.
In a small country like Denmark, we have a legislation concerning computer crime. §263 states that “any person who, in an unlawful manner, obtains access to another person’s information or programs which are meant to be used in a data processing system, shall be liable to a fine, or to imprisonment not exceeding 1 year and 6 months” (Cybercrime Law).
A survey conducted to measure last year’s cybercrime in Denmark was made by PWC (2018), and it showed that since last year, there has been less attacks, but the attacks, that were made towards the more than 250 business leaders participating in the survey, were having a stronger impact than before. It also showed that only 20% of the respondents in the private sector are investing in an information and cybersecurity budget on over $1,000,000.
As PWC asserted, though the attacks aren’t coming in high numbers, the attackers make sure the damage will make up for it. Consequently, it will soon no longer be the private sector being on the receiving end of these cyberattacks. In order to prevent more businesses in Denmark from getting damaged, the government can rearrange our tax system to help companies raise their cybersecurity budget or just invest in tighter cybersecurity. That way, it might strengthen our society as well, seeing as we have a lot of talented individuals who are just waiting to get a decent job.
The University of Maryland’s Clark School conducted a similar survey and concluded that 1 in every 4 Americans have fallen victim to a cyberattack, and that every 39 seconds, a hacker hacks an Internet-connected computer (Alvarez Technology Group, 2018). Even though both surveys were conducted last year, it’s still reliable, as PWC, like the University of Maryland’s Clark School, is a valid source, and they conduct surveys like this every year, so it’s still up to date.
If we compare PWC’s results with the University of Maryland’s Clark School’s, there’s a vast difference between the two countries, and their approach to handling cybercrime. While Denmark considers cybercrime a serious breach of the law system, the American media instead chooses to portray cyber vigilantes as heroes, all the while they put so big emphasis on how big of a crime hacking is.
Morality of Cyber Justice
This brings us to the next issue, the morality of cyber justice. We would think that hackers have a strong sense of justice, or they’re after money, as their targets tend to be threats to society or the government, although neither scenario seems to be the case. HackerOne (2018) concluded, via a survey answered by hackers around the globe, that it wasn’t justice nor money that were their main motivation. Instead, it was for fun and the opportunity to learn new things that motivated them to hack. 20% in total answered that it was to do good in the world, or to protect and defend, but compared to the other 42% that answered it was either to have fun, to be challenged, or to learn new things, it’s safe to say that it’s not because hacktivists want to be considered a cyber justice warrior. So why does Hollywood choose to portray the hackers as the good guys, when they’re not trying to be the heroes?
According to BBC (2017), producers don’t think real life hacking will turn out to be entertaining enough for the audience, which might be true. In my hometown, many of the young generation watches a series called ‘Arrow’, where a young woman with high intelligence, Felicity Smoak, is portrayed as a cyber vigilante who hacks into top encrypted databases and helps shut down enemies. This kind of portrayal motivated many of my friend, myself included, to look further into hacking. Assuming, the Government probably wouldn’t want people, wanting to be like their TV idols, violating the online privacy legislations, which seems to be a big issue in the US.
Dr. Alan Westin did a study back in 1998 where he asked American citizens whether or not they were concerned about threats concerning their privacy online, where he found that 87% computer users answered that they were concerned about their Internet privacy (Lorrie F. Cranor, 2005). Though the source is quite dated by now, it’s a valid survey, and albeit the numbers might be very different now from 1998, online privacy is still a current concern of many.
In Denmark, like in many other countries, we have the hacking group, Anonymous. They consider themselves a legion, and they don’t care whether or not we view them as heroes. They hack for justice. They’re considered to be what we would call ‘grey hat hackers’, hackers that do bad things but for good purposes. With that said, it’s them who picks out the targets, not our government. Anonymous even targeted a political party, Socialistisk Folkeparti in 2014, after they signed a mass Internet surveillance bill, by releasing personal information on 20 of the party members. Anonymous declared that Socialistisk Folkeparti all wish for more privacy, but only for themselves and not their citizens (CPH Post, 2014).
So, if the government puts so much focus on catching hackers, as it troubles both the citizens and businesses, isn’t it bad to have the media show them as heroes? What we can do is to teach the citizens themselves how to protect themselves against cyberattacks, or we can make the media not portray cyber criminals as cyber vigilantes who have the right to interfere with warfare like they’re heroes. Unless, of course, they, objectively, are heroes?
In conclusion, I can say that my perspective has changed because of the research I’ve done. Whilst people publish plenty of articles about hackers, both giving them praise and blame, there’s no doubt that there are some hackers who are taking a stance against the wrongdoings of the world. We cannot blame people for wanting to help and defend their society from wars or from their own government.
Notwithstanding what has just been said, hacking, whether we like or not, is illegal, as it’s both a violation of the Computer Fraud and Abuse Act, and the legislations about online privacy. It doesn’t matter if their intentions are pure, when they’re doing something that goes against the law, it’s punishable. If we were to make hacking justified, legally, there would be a lot of people who would use this opportunity to cause chaos, and we can’t just give free passes to one half, but not the other half. Hence, in other words, no, despite the world’s current situation, hacking should not be justified, but we can fight unfairness in other ways than hacking. It’s something we, as a global society, should work towards together instead of turning it into something civil where it’s government versus citizens, or citizen against citizen.