AustLII Home | Databases | WorldLII | Search | Feedback

Journal of Law, Information and Science

Journal of Law, Information and Science (JLIS)
You are here:  AustLII >> Databases >> Journal of Law, Information and Science >> 1993 >> [1993] JlLawInfoSci 6

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Black, Deirdre --- "The Computer Hacker - Electronic Vandal or Scout of the Networks?" [1993] JlLawInfoSci 6; (1993) 4(1) Journal of Law, Information and Science 65

The Computer Hacker - Electronic vandal or scout of the networks?

by

Deirdre Black[*]

Abstract.

This paper examines the changing image of hackers over time. It argues that the early image of the hacker as depicted by 'self-styled experts' used the imagery of the delinquent and drug addict. In contrast the later image of the hacker was far more positive. This pattern appears to be reflected in the shift from earlier more draconian legislative approaches to hacking by governments to the later, more ambivalent approaches of governments such as the United Kingdom and Victoria.

___________________________

In the early 1980s some states in the US rushed to legislate against computer crime and in the course of doing so criminalised hacking. Richard Hollinger and Lonn Lanza-Kaduce[1] argue that the combination of the media, experts, and some legislators were the main force behind this push for legislation. and from Hollinger and Lanza-Kaduce's writing it appears that they believed the image of the hackers as being young, middle-class, and computer skilled influenced the more lenient approach to hackers in the legislation. They reveal that the most prominent experts involved in the legislation process were Donn Parker from Stanford Research Institute (SRI) and August Bequai,[2] a practicing lawyer in the United States, an expert recognised `as one of America's foremost experts on law and computer security'.[3] But even though they examine the role of the media in creating an image of hackers, they do not consider closely what in-put the self styled experts such as Donn Parker and August Bequai may have had on the image too.

Hollinger and Lanza-Kaduce had used their theoretical model to explain the virtually unhindered rush to legislate against computer crime as well as hacking, but it does not explain the ambivalent attitudes held by legislators and their agents outside the United States in such jurisdictions as in Victoria when they introduced the Crimes (Computers) Bill in 1987, or when the United Kingdom began moves toward their Computer Misuse Bill of 1990. Unlike the smooth process toward the criminalisation of hacking in the United States, these jurisdictions had resisted the criminalisation. It is possible that the image of the hacker was the cause of this caution.

There has been considerable literature on the construction of deviant images by the media [4] but little, if any, on that created by the experts themselves. It can be assumed that legislators are likely to take note of expert information, therefore it is important that the type of information given should be examined. Obviously direct access is not possible, but it is feasible to examine the works written by these experts on the topic of hacking to establish what image they were likely to be presenting. Consequently, this article examines the expert development of a hacker image through the last decade. Some of these 'experts' back their information with research but several rely heavily on second hand information either from research or from anecdotes which abounded in the prior decade. The author does not intend to distinguish the two types of experts, but allows the experts to reveal this through their criticism of each other's work.

The Construction of an Image.

Hacking gained prominence after several important developments; in particular (a) the proliferation of inexpensive personal computers; (b) the dramatic growth of computer literacy, especially among the younger generation [5] and (c) the introduction of the computer network. All these changes began around 1980. However, one of the first images of hackers directly describing hackers rather than just computer crime in general was made in 1976 by Joseph Weizenbaum, an academic at Massachusetts Institute of Technology (MIT). This image is of someone obsessed or drugged,

Wherever computer centres have become established...bright young men of disheveled appearance, often with sunken glowing eyes, can be seen sitting at computer consoles, their arms tensed and waiting to fire their fingers, already poised to strike, at the buttons and keys on which their attention seems to be as riveted as gambler's on the rolling dice. When not transfixed...These are computer bums, compulsive programmers, ...distinguished from a merely hard-working professional programmer....[6]

Donn Parker had been researching computer crime for a over a decade, but it was only in the early eighties that he presented a profile of the hacker. In doing so he not only cited the above quote from Weizenbaum, but apparently using only a handful of hacker cases presented an image of hackers which was remarkably similar to that of Weizenbaum's. However his profile had the added image of the juvenile delinquent. It is worth quoting this image in full as it can act as a standard from which the image of a hacker has shifted considerably in the following decade,

Hackers are often addicted to their computer capers. They will give up food, sleep, and other bodily functions sitting at terminals for hours when they are on a hot trail to the innards of an operating system. They give up the real world for an electronic one. Their grades go down, they can't talk about anything but computers, and they replace thoughts of what is right and wrong with what is binary 0 or 1.
A typical high school hacker lives with his mother in a broken home. She is delighted with his interests, which keep him in his bedroom with his terminal and telephone and keep him out from under foot. He is an average student with difficulties in English and Social Studies. He spurns physical sports, likes chess and has slight physical and mental impediments. The few people he can converse with are fellow hackers at computer club meetings and at the local computer store..'[7]

This image is eclectic, borrowing images from that of other studies of groups considered to be deviant. Firstly, Parker implies that there are innate problems with the hacker. He is physically unlike the ideal model of the red blooded American. (I am using an American ideal as Parker is American) Secondly, he refers to images or causes often associated with juvenile delinquency (rightly or wrongly).(See for eg. Wilson J. O and Herrnstein R.J Crime and Human Nature 1985) Parker assumes that for a hacker to be a hacker, he must be deviant and in being deviant his social upbringing must have been lacking in some way. Thirdly, his imagery relates the actions of the hacker with that of the drug addict a very popular concern during the sixties and seventies.

Besides the drug/ juvenile delinquent image Parker attempted to introduce, he also presented a more insidious image of the hacker; his potential for more harm and he states:

Technological trespassers or,...system hackers, in their most benign form are unauthorised system explorers. They want recognition for purely technological achievement...Unfortunately, when it comes to electronic trespassing into computer systems, a better analogy is that the hacker finds himself in the equivalent of a vault with many assets in the form of important data, valuable computer programs, and expensive services available to him [8]

Parker has little hard evidence on which to base this profile, but he appears to have no problem in being able to make generalisations about it. Other experts began to follow suit. Bequai, although focussing on computer crimes in general in the early 1980s, is particularly concerned with hacking otherwise known as unauthorised access:

There are, however, two areas of abuse that should prove of special concern to management; these take the form of unauthorized access and misuse of the system. These two categories of abuses threaten the very accuracy and integrity of the data stored within the system. They undermine the very reliability of the system. [9]

In general there was a fear of computer professionals and their potential shift to crime as can be seen by Norman's argument about the character of these people:

Computer people must have enquiring minds, which are frequently associated with a taste for mild mischief. They are likely to see a computer system's security measures as a personal challenge, and will set about defeating them. In the course of such an exercise, they are likely to find their way through the flaws in the defences and put themselves in a position to exploit them for other reasons than harmless fun.[10]

These images are predicting a worse scenario than that which has come to pass. This pattern is not unlike that seen with the media depiction of the mods and rockers as described by Stanley Cohen. [11] Both make predictions of a worse disaster to come. Thus even though the media is running with sensational stories about computer hackers around the early 1980s as can be seen with references to the Los Alamos case,[12] the media were not the only source for some disquieting labelling of computer hackers. They were being accompanied by the experts who presumably had more credibility among the professional world.

A Second Stage of The Hacker Image.

Suddenly the beginnings of this negative construction of an image stops. Around 1984 Parker's fairly negative image of the hacker appears to get dumped and instead of a deviant image being constructed about the hacker, a less damaging one was created. But the image does not shift to an entirely positive one for there is still some reliance on the Weizenbaum image. Sherry Turkle a Sociologist at MIT like Parker also follows suit. Turkle unlike Parker who only had a few hacker cases to base his generalisation upon actually did a specific study of hackers at Massachusetts Institute of Technology (MIT). But although she also refers to Weizenbaum's quote to support her case, [13] she does not portray the hacker in such a negative light as does Parker. She depicted the hackers as deviants, youth with negative characteristics and not fitting the norm. They were seen as the 'out group and see themselves as 'archetypical nerds'[14] They have a culture of their own; a hacker culture.[15] According to her studies, the hackers at MIT fit a sub-group with certain bent characteristics.[16]

Both Parker's and Turkle's characterisation of the hacker comes from the positivist tradition where the criminal or deviant is the focus of the study and the cause of the crime comes from faults in their character, genes, or psychological make-up. The focus is on the differences between the deviant and the criminal as against the rest of 'normal' society.

In Turkle's study, she too assumes that there is a norm such as the red-blooded American. This is the standard she uses for her comparison. Unfortunately she does no comparison with youth at that time to see if all these characteristics actually do pertain to the hacker or to youth in general. She does not acknowledge that the model she is using is an ideal rather than a real comparison. However although Turkle presented the hacker as a deviant of sorts, he is also presented as rather harmless, more of a nerd than malicious. In fact in their defence, she makes a distinction between these hackers and those referred to in the media by arguing that her hackers do not commit illegal acts and she states:

Most assaults on computer system security are not done by members of the culture of hackers I have been discussing. Indeed the systems programmers I interviewed expressed dismay that their vocation had been tainted with the image of 'computer crime'. 'It gives hacking a bad name.'...Many [of the break ins] are done by high-school and college students who talk about the exercise the way they would about a good game of Dungeons and Dragons...'[17]

This hacker distinction starts to get made in other circles. In the mid and late eighties both August Bequai and Hugo Cornwall[18], for example, note that there were the Turkle type hackers prior to the late seventies, the ones who were technically competent youth who were challenged by the workings of this latest technology and that because of the change in technology a new type has now gained access to the computer.[19] But it is interesting to note that even though Turkle has made this distinction, there do not seem to be very many other expert opinions which focus on two groups. There is the occasional reference to the Turkle type group as can be seen from writers and experts such as "Hugo Cornwall" and August Bequai[20] in passing, but generally there is a strong tendency for the experts to blend the two groups into one.

At about the same time as Turkle was writing, two other authors, Steven Levy and Bill Landreth, presented their ex hacker view of hackers. Perhaps because some hackers are articulate and have access to the print media, the hackers' are able to present a much more positive image of themselves than other putative delinquents. Their image although also only focussing on the hacker, is less negative. Like Turkle they discuss the hacker culture, and introduce the concept of the hacker ethic, but it is one to be admired not scorned. They present this culture and ethic as something which should be considered as honourable. It is through Levy that the Weizenbaum profile is rejected and Weizenbaum's credibility is questioned. Levy argues that even though Weizenbaum had been at M.I.T since 1963, he had had very little contact with any of the hackers there. Levy did not have much respect for Weizenbaum's perception of hackers and he states:

And Weizenbaum thought that hackers ... or "compulsive programmers"...were the ultimate in computer dehumanization [21]

Weizenbaum's depiction of the hacker was also one of the unreasonable person. The hackers' actions could only be explained by something outside themselves such as addictions, but Levy presented an image which revealed the intelligible, rational reasons for behaving the way they did. As Levy explains how he found them to be,

Beneath their often unimposing exteriors, they were adventurers, visionaries, risk-takers, artists ... and the ones who most clearly saw why they computer was a truly revolutionary tool ...I came to understand why the true hackers consider the term an appellation of honor rather than a pejorative. [22]

Levy not only rejects Weizenbaum's profile of hackers but also that of Turkle's depiction of the hacker as a nerd. Instead, he argues that in his meetings with the MIT hackers he had not found them to be either 'nerdy social outcasts or "unprofessional" programmers who wrote dirty, or "non standard" computer code...' [23] Levy introduces the concept of the hacker ethic not as a problem as both Parker or Schweitzer believed it to be, but as a philosophy which held the hacker groups together. This philosophy meant sharing computer knowledge and 'getting your hands on any machine at any cost - to improve the world' [24] This ethic according to Steven Levy comprised several characteristics: firstly, that knowledge can be gained by pulling things apart and recreating them in new forms; secondly, the hackers believed that all information should be free; thirdly, that authority should not be trusted. There should not be bureaucracies to administer the exchange of information; and fourthly that computers can improve life. [25] Levy's hackers were mainly the MIT hackers as in Turkle's study. But according to Levy, these hackers resented the bureaucratisation of their hobby and the limiting of access to software information. They disliked the passwords being used to keep them away from this information and the copyrights being placed on new programmes. They wanted the information to be shared and not owned. Their perception of the programmes was similar to the idea of knowledge, or ideas.[26] This concept of access to information was to cause problems to law later on when legislators were moving to create legislation against computer misuse. In many jurisdictions such as in the United Kingdom privacy was not covered by law, and information was not protected unless specifically stated in the legislation such as in the Data Protection Act 1984. The topic of information as property

became an issue with the United Kingdom Law Commission when debating whether to criminalise hacking or not. [27]

Bill Landreth otherwise known as the "cracker" wrote his own version of the hacker, that is from a hacker or cracker's viewpoint. (The terms 'hacker' and 'cracker' can mean two quite different things according to those who go under the name of these titles, the latter is seen to be the system cracker, whereas the hacker is seen to be simply put the whiz with computer software. Landreth saw himself as a 'hacker' but practised cracking.)

Landreth presents some interesting descriptions of the hackers he has associated with. They are "bright" because of their motivation. They are particularly interested in computers and often move into computing as a career when they "grow up" as Landreth describes it. [28] This description is quite different from either Parker's or Turkle's as these characteristics, although similar to the other writers', are presented as if acceptable. There is also an indication that the borders between the hacker and the computer professional are fairly fluid. It is not a case of the them and us.In contrast to Turkle, Landreth, although acknowledging that hacking itself is a solitary pastime,argues that the hacker like anyone else enjoys "bumping into" other people. [29] However, according to Landreth these meetings are done on the computer and not in the street. Landreth's view of the hacker is of one who is basically youthful and rebellious in a fairly harmless way. The hacker has qualities which should be admired. But what Landreth, Levy, and Turkle do is present an image of the hacker which appears to be based on the hackers of the sixties and seventies, that is the hackers who formed groups on University campuses and explored the workings of computers. This hacker was technically competent and saw the computer as a challenge. Unlike the putative delinquents in the fifties and sixties the hackers were seen to have some characteristics which were considered to be worthy by societal standards.

It was during the mid eighties that references to hackers began to be couched in terms which suggested that their actions were not to be seen in the light of harm, but more as mischief. For example Schweitzer referred to the hacker acts as 'mischief'[30]

The hacker's actions in the 1980s were being referred to in terms of naughtiness of youth which perhaps could not be curtailed. The adults then had to take the responsibility for these youth. Perhaps because of the perception that the hackers should be seen as irresponsible children, the focus began to shift away from the hacker and on to the owner or user of the computer and the issue of security as being the responsibility of the owner became slightly more prominent.

A Third Stage of Development of the Hacker Image.

A third stage of development of the hacker profile appeared. This time it was even more positive with the image that the hacker could actually be useful to society in a variety of ways. The construction of the hacker image was not confined to one area and like their own activities, their image also travelled around the world. In the United Kingdom a group of hackers or professional computer people produced several books under the alias of Hugo Cornwall. Gold of the Gold and Schifreen Prestel hacking case in the United Kingdom [31] wrote one the Hacker's handbooks. The image of hackers here too was presented an image of the hacker which was fairly understandable, normal,and except for the small incidence of electronic vandalism was ethical. It is also quite a contrast to the obsessed image of hackers as visualised by Turkle and Parker:

I personally have always been quite sure about how far I am prepared to go in perusing the hacking sport. For me, hacking is not, and never has been, an all-consuming activity. It is simply a natural extension of my fascination with computers, networks and new developments in technology. I want to know and experience the new before anybody else. Popping into people's computers to see what they are doing has always seemed to me little different from viewing those same machines on an exhibition stand or at a 'proper' demonstration...Breaking into areas where I am supposed to be forbidden has always been part of testing the capability of a machine and its operators. But causing damage, wilfully or inadvertently, has never been part of this. Hackers like me - and the majority are -admire the machines that are our targets.[32]

Cornwall saw the hackers as being playful in the sense that they 'abused' the computer systems for fun to see what would happen.[33] He argues that there are several types, but in general they were not malicious. He even goes further than Landreth had and claimed that the hackers actually did good for society. He cites a reviewer of both his and Landreth's books who he says argued that hackers like the computer industry should be grateful to hackers like Cornwall and Landreth as they were able to expose insecurities in the system and should take heed.[34]

Both the OECD and Ulrich Sieber a European researcher on computer crime also noted the fact that hackers 'might often intend to improve data security'[35] and suggested that legislators should consider this aspect in their legislation.

Bequai seems to have also made an allowance for a more useful image of hackers and he includes this within his broader profile of hackers and he states:

There is a positive, serious side to hacking. Not all hackers are pranksters ... Every Tuesday evening about twenty of its members, mostly high school students, employ their hacking skills to test the security systems of local business computers. Similarly, students at Western Washington University are encouraged to periodically test the safeguards of the school's computer system. And members of the Hacker's Club at Columbia University develop computer programs for public use. For many, hacking is a serious endeavor. Unlike the thrill-seeker, the serious hacker wants his or her efforts to serve the betterment of society and to advance the more positive aspects of computer technology.[36]

Bequai also describes several other darker sides to the hacker profile, but even so he has revealed that there is not just one type of hacker. There are 'electronic joy riders'; hackers who believe in doing good for society; as well as the hackers who disguise their work of thieving and spying as the work of hackers.[37]

But there appears to have been another influence on the image of the hacker. The computer revolution was still at its fairly early days. There had been several generations of computer revolutions in the last decade or two with massive changes occurring to the computer. It appears that the hackers of the sixties and seventies, themselves, had contributed considerably to some of these technical revolutions. Judging from a quote presented by the US Office of Technical Assessment in report in 1986 [38] that the hacker was considered to be important for more computer developments. The quote represent a very controversial view coming from many researchers in the computer science community. This view may also have been part of the undercurrent thinking of the experts:

A lot of people who are known as pretty good programmers started out as hackers 15 or 20 years ago poking around in systems because that was the only option available. In many respects that was also the best thing we could do for our society, which after all built its mid-century experience on whole generations of people who learned auto mechanics souping up cars to violate the speed laws.
This poking around used to encourage teenagers to go into computing. And if the lure of a little playing around in somebody else's computer is doing that, the benefits for our society are going to far outweigh the inconvenience of having a few people who weren't careful enough and had their files damaged by inexperienced people playing around on the computers. (OTA work session, Jan 25,1985 cited in OTA op cit 96)

If this view was more common among computer based people then experts coming from these fields would more likely be supportive of the hackers for the potential good they could do. The brightness of hackers as described by writers such as Landreth could have been seen as potentially productive. The hackers were praised for challenging the computer and for what they were able to do with the computer once they were in the system. The computer was being challenged for what it could be made to do as much as being able to deceive it. This action by the hackers was considered to be quite different from that which was seen to be being done by the ordinary fraudster or thief who uses the computer in a very mild way. Perhaps more importantly the hacker was being regarded as being productive and although having some quirks was seen to be a support for the newly developing industry. It could be speculated that when the hacker's use began to wane so did the support for the hacker as a fairly harmless character joy riding the electronic networks.

Around 1986 and after, both other experts on computer crime and those considering the need for the criminalisation of computer crime and computer hacking, such as legislators and their agents, began to acknowledge: (1) the sensationalism by the media of computer crime and computer hacking; and (2) the discrediting of past expert views on computer crime. Some of this cynicism can be seen in the OTA's report on hacking itself. An example of the type of exaggeration of computer hacking and the gravity of the incidents is given in the much quoted Los Alamos National laboratory which occurred in 1983. According to OTA this system 'the system that hackers broke into...was new and still undergoing testing.' In other words it was easily accessed at a time when the computer was particularly vulnerable, but possibly not yet being treated as secure.They also stated:

There is no question that the significance of teenaged hackers has been overblown. Close examination of many of the incidents tends to reveal that little actual damage was done, or that simple safeguards (e.g., better password control, or dial-back modems) could have prevented the incident. (OTA 1986:87)

Later in 1988, Hollinger et al also presented the image of the hacking cases being sensationalised and that only accidental damage to some files had occurred at the well publicised break into the computer systems at the Sloan Kettering Institute. [39]

A Parallel trend: a critical analysis of the experts.

From the beginning of the decade another trend was in progress. This was the developing criticism of the experts of the early eighties, in particular Donn Parker, and as a result a deliberate withdrawing from accepting the more sensational images of hacking began to be seen. This cynicism seems to have been a direct response to criticisms of the earlier work done on computer crime in general. Donn Parker in particular had come under some scathing attacks by John Taber in 1980. Bequai, Whiteside, and others were dismissed for being dependent on Parker and the Stanford Research Institute (SRI) for their main source of data.[40] He accused Parker of relying too heavily on newspaper articles for his data source[41]; that much of this data had been unverified; and that his general definition of computer crime was too broad. It included not only crimes committed on the computer, but also physical attacks on the computer. Taber says:

The SRI study enjoys more importance than it should. It is used to support the proposition that computer crime is growing at an alarming rate... It is the source of two uncritically accepted statistics - an average loss per incident of $450,000, and an estimated annual loss of $300 million. Speculations advanced by SRI have been just as uncritically accepted as fact, and have been perhaps even more influential. One is the "tip of the iceberg" conjecture: the known cases represent only a fraction of all cases. A second is the "sophisticated" computer crime: one committed by an unscrupulous but highly skilled "technologist," who tampers undetected with the computer itself or its programs. A third, and perhaps the most damaging hypothesis, is that programmers are unethical, and therefore, a threat to society.' [42]

Donn Parker was given the opportunity to reply to this article in the same journal in the same edition. Although he admits some methodological problems, he also attempts to justify his methods. He argued that 'the Computer Abuse Project is not a rigorous, sociological, statistically based crime study.' He explained that as the term `computer abuse' necessarily had to be broad for the purposes of the study, the statistical rigorousness had to allowed to be fairly loose. On the other hand he argued that the study is still serious; that the `principal source of information is from the cases that have been discovered and in many instances publicly reported.[43]

In defending the SRI's position in using unverified data, he argues that it is central to the SRI project to establish a working file `of verified and unverified reported instances of computer abuse. The method of collection is to include data relevant not only to verified cases, but also to reported cases, verified or not, that are plausible, indicate possible forms of computer abuse, or suggest types of computer vulnerability'.[44] Parker does not see this data as spurious, rather he claims the collection of cases as important for understanding the nature of the cases of computer abuses for establishing adequate laws and for security of computer systems. It appears then that Parker is indeed doing what Taber had accused him of, using unverified data, in other words anecdotal stories for the passing of computer crime laws and establishing security.

In the same year (1980),Parker had given the impression that he was being responsible with warns readers to be cautious in their generalisations of the SRI data.[45] But in 1983, Parker reproduces his 1980 response to Taber's criticism by including it in his book 'Fighting Computer Crime'.

Parker was a prominent expert and certainly a difficult one to knock down or to discredit and his results were frequently cited through that period. As can be seen, he persisted in spite of methodological problems at least until 1983. But the recognition of the seemingly serious methodological faults in Parker's work and the undermining of sensational views of either computer crime or hacking began to get stronger after 1985. By undermining Parker's work and hence his profiles of both computer crime and hacking, also led to the opening up of a gap for many of the other self styled experts had been either reliant on or at least influenced by Parker.

Criticism of a similar ilk, however, was not taken up until several years later by Martin Wasik in 1985; and Colin Tapper in 1987.[46] By this stage there were two themes of critical analysis, (1) the media's sensational views of computer crime, and (2) the experts' poor methodological research. Wasik criticised the American Bar Association's survey on computer crime for having both a political as well as a research role [47] Both Wasik and Tapper cautioned the reader for a measured response to computer crime. Tapper attacked not only the media images but also the self styled experts' role. He heavily criticised the media for helping to create 'an atmosphere of terror which [was] then seized upon by those astute enough to exploit it commercially with offerings of security services and counselling to avert these dangers.'[48] He was attacking 'those with pretensions to expertise in such matters' and he challenged the Scottish Law Commission who were about to release their Memorandum on Computer Crime to take heed of the following,

It is not uncommon for these ingredients to coalesce into a critical mass, giving rise first to the generation of pressure for action, and then erupting into the production of such egregious legislation as the Data Protection Act 1984 or section 5 of the Civil Evidence Act 1968.
Such a cycle has already run its course in the United States in relation to "computer crime", and is in its early stages in this country. [UK] It is hoped that the memorandum of the Scottish Law Commission will have a suitably dampening effect. [49]

Tapper further attacks the previous stages of expert information on computer crime in general and categorises computer crime research into two types: the credible and those fraught with methodological problems. He includes the SRI, Parker research in the latter group for its dubious sources; its poor use of verification; and its lack of critical analysis. In contrast to the results on computer crime presented by the SRI-type experts, the former evidence provided by the former group on the nature and extent of computer crime, revealed that it was much more low key than had been observed by the SRI group.[50]

There were still those who still supported the older perceptions of hackers such as R. Doswell and G Simons[51] with their concern about hackers; Jerome Lobel with his media's depictions of such cases as the Sloan-Kettering break in and his descriptions of this act as 'the malicious "hacking" of the hospital's computer...'[52],and James Schweitzer also worried by media reports on computer crime [53], but the trend appears to have shifted in another direction.

Where the governments in several Western countries had been moving toward the introduction of computer crime laws earlier in the decade, they now were appearing to be both more cautious and ambivalent about criminalising hacking; that is hacking without any further damage. Examples of this ambivalence can be seen in both Victoria and in the United Kingdom. The Victorian Government only introduced the offence of Computer Trespass, a Summary Offence because their hands were tied. If they had wanted the needed support of the Opposition, this offence had to be included with their Crimes (Computers)Bill. In the United Kingdom, the ambivalence can be seen when the United Kingdom Law Commission released its working paper on Computer Misuse in 1988. Here they presented arguments for and against criminalising hacking per se.[54]

It appears then that the experts in the early eighties had attempted to present a negative image of hackers. Critics of these experts were able to shake the credibility of the early experts work to such an extent that many legislators found it necessary possibly for their own credibility to distance themselves from both the expert views and the media sensationalism of the early 1980s. The media was possibly running its own version of the hackers, but contrary to the earlier labelling theorists and Hollinger et al's model, the experts were also involved in actually creating an image which may have appeared to have caused some ambivalence towards hackers. Both experts such as Turkle, Levy, and Cornwall being listened to in a more conducive environment and as a result began to be heard. This combined with the view that the hackers of today were still being seen as part of the group of productive hackers of the pre 1980s all possibly contributed for the benefit of the hackers. Obviously they were not totally convincing as the legislators were still attempting to work out what to do with hackers in the mid to late eighties. But it had become an issue as to whether hackers should be criminalised, and if so, what provisions should be put in place to protect the more innocent of them. In some jurisdictions the benefit was to be a short lived one as the long term result of whether hackers should be criminalised in countries like Australia or the United Kingdom was to move to pass the Crimes (Computer) Act 1988 and the Computer Misuse Act 1990 respectively. This indicated that the image may have shifted yet again. However, this paper has indicated that the image of the hackers had changed to such an extent by the mid eighties, that there was a kinder view of hackers possibly casued by the role played by experts on computer hacking.


* Postgraduate and Assistant Lecturer in Legal Studies at La Trobe University.

[1] R. Hollinger and L. Lanza-Kaduce, 'The Process of Criminalisation: the Case of Computer Crime Laws', Criminology, Volume 26, No. 1, February 1988

[2] ibid.,p.108-9

[3] A.Bequai, How to Prevent Computer Crime New York, Wiley, 1983: blurb- back cover

[4] S.Hall, Policing the Crisis London, MacMillan, 1978; S.Cohen, Folk Devils and Moral Panics, New York, St Martin's Press, 1980; J.Braithwaite and P.Wilson,(ed) Two Faces of Deviance, St Lucia, Queensland, University of Queensland Press 1979

[5] A.Bequai, Technocrimes, Massachusetts, Lexington,1987, p.31

[6] D.Parker, Crime by Computer, New York, Charles Scribner & Sons,1976,p.50

[7] ibid.,p.131

[8] ibid

[9] op.cit. Bequai,1983.,p.49

[10] A.Norman, Computer Insecurity, London, Chapman and Hall,1983,p.17

[11] S.Cohen, op.cit.,p.38

[12] Hollinger and Lanza-Kaduce argue that 'in the absence of verifiable and reliable data, it is the perception of serious computer crime as presented in the popular media that seems to have catalyzed computer law enactments' and the media events which they saw as having the most effect were that of the '414 hackers who had been arrested in 1983 after breaking into the computers of the Sloan Kettering Memorial Cancer Institute, Security Pacific National Bank, and the Los Alamos National Laboratory.

[13] S.Turkle, The Second Self. Computers and the Human Spirit,London, Granada, 1984,p.211

[14] Turkle,op.cit.,p.204

[15] Turkle, op.cit.,p.216

[16] Some Australians may have cause for concern if the hacker deviant characteristics are to include the eating of Chinese food as is claimed by the hackers at MIT.

[17] Turkle, op.cit.,p.241

[18] Hugo Cornwall (the alias for a group of hackers) reveals the distinction as follows:

It wasn't really until late 1982 that anyone I knew used the word 'hacker' in its modern context. Up till then hackers were American buffs who messed around on mainframes or built their own home computers in garages. Quite suddenly, no one knew where from, 'hacker' had a new and specific meaning. At about the same time it became evident that there were network explorers whose main interest was not the remote computers themselves but the defeat of entry validation procedures. From The New hacker's Handbook, London, Century, p.2

[19] H.Cornwall, DataTheft, London,Heinemann Professional, 1987; Bequai, op.cit.,1987

[20] Bequai 1987 op.cit

[21] S.Levy Hackers:Heroes of the Computer Revolution,New York,Dell,1984,p.134

[22] Levy op.cit.,p.7

[23] Levy,op.cit.,preface

[24] Levy,op.cit.,p.7

[25] Levy,op.cit.,p.39

[26] Levy,op.cit.,p.419

[27] UK Law Commission Working Paper No.110 Computer Misuse 1988

[28] B.Landreth, Out of the Inner Circle, Bellevue, Washington, Microsoft Press,1984,p.60

[29] Landreth, op.cit.,p.63

[30]J J. Schweitzer, Computer Crime and Business Information, New York, Elsevier,1984,p.11

[31] Cornwall, op.cit.,p.82

[32] H.Cornwall, The New Hacker's Handbook, London, Century, p.xii

[33] Cornwall,op.cit.,p.147

[34] ibid

[35] Sieber, U. The International Handbook on Computer Crime Chichester,Wiley & Sons,1986,p.90; OECD Computer Related Crime: Analysis of Legal Policy, Paris, 1986.p.63

[36] Bequai 1987 op.cit.,p.32

[37] ibid

[38] Congress of the United States. Office of Technology Assessment. Federal Government Information Technology: Management, Security, and Congressional Oversight.1986,p.96

[39] Hollinger and Lanza-Kaduce, op.cit.,p.106

[40] J.Taber,'A Survey of Computer Crime Studies' Computer/Law Journal, Vol.II,1980,p.287

[41] It is appears that Taber's view of the media was fairly sceptical for him to have made a criticism based on an attack on data which has used media material fairly substantially. This negative feeling for the media's reportings on either computer crime or computer hacking seemed to become more frequent during the 1980s. (See for eg. K.Fitzgerald Computer Related Crime in Australia in 1984 Proceedings of the Institute of Criminology. No. 59 'Computer Related Crime' Sydney 1984; M.Levi Regulating Fraud Cambridge, University Press,1987, p.37; H.Cornwall DataTheft London, Heinemann,1987 p.ix

[42] ibid

[43] D.Parker, 'Computer Abuse Research Update', Computer/Law Journal, Vol 11, 1980. p.331

[44] Parker, op.cit., 35

[45] D.Parker, Computers and Banking. Electronic Transfer Systems and Public Policy, (ed) K.W.Coulton & K.L.Kraemer, New York, Plenum Press, 1980, p.91

[46] Writers like Sokolik noted the criticism, but did not add to the debate themselves. S.Sokolik, 'Computer Crime - The Need for Deterrent Legislation', Computer/Law Journal, vol. 11, No.2, Spring 1980

[47]. M.Wasik,'Surveying Computer Crime' Computer Law & Practice, March/April 1985;C.Tapper, 'Computer Crime'-Scotch Mist?',The Criminal Law Review, (ed)Sweet & Maxwell, 1987,pp.4-22

[48] Tapper,op.cit.,p.5

[49] Tapper, op.cit.,p.55

[50] Tapper, op.cit.,p.8

[51] R.Doswell & G Simons, Fraud and Abuse of IT Systems, NCC Publications 1986, p.50

[52] J. Lobel, Foiling the System Breakers,p.1

[53] Schweitzer, op.cit.,p.8

[54] UK Law Commission Working Paper, No. 110, Computer Misuse, 1987


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/JlLawInfoSci/1993/6.html