«“It Doesn’t Have to Be This Way”: Hacker Perspectives on Privacy Kevin Steinmetz & Jurg Gerber* We face a lot of troubling times ahead with ...»
Hacker Perspectives on Privacy
“It Doesn’t Have to Be This Way”:
Hacker Perspectives on Privacy
Kevin Steinmetz & Jurg Gerber*
We face a lot of troubling times ahead with regards to surveillance.
Most of the power, for the moment at least, remains in our hands and
in our minds, should we choose to use them. It is our acceptance of the
elements of a surveillance state which will give it the most strength and
solidify its presence for future generations. It doesn’t have to be this way.
I —Emmanuel Goldstein, “The Whole World’s Watching” (2008, 5) f a person were to only consult news medIa, he or she would gaIn the impression that the world is constantly under threat of computer hackers eroding our technological infrastructure, national security, and—perhaps most immediately frightening to many—our personal privacy. Much attention has been directed toward hackers recently, in light of the numerous controversies surrounding the escapades of hacker groups like Anonymous and the disbanded Lulz Security/ LulzSec (Olson 2012); concerns over consumer financial security, as demonstrated in the occasion of the recent breach of credit card data at Target (Newman 2013);
and a plethora of other hacking occurrences.1 Perhaps now more than ever, hackers are perceived as a tremendous threat, particularly to personal privacy.
Scholars have spent a great deal of time examining public perceptions to- wards hackers (Halbert 1997; Holt 2009; Skibell 2002; Thomas 2005). Hacking, however, is often shrouded in a veil of social construction, perhaps as a result of the fact that the public has “little direct contact with computer hackers,” which makes their image “particularly susceptible to shifts in public perception” (Skibel 2002, 343; Hollinger 1991; Taylor 1999). In what has been termed the “golden age” of hacking, hackers were often perceived as “ardent (if quirky) programmers, capable of brilliant, unorthodox feats of machine manipulation… [whose] dedica- * Kevin F. Steinmetz (email: email@example.com) is an assistant professor in the Department of Sociology, Anthropology, and Social Work at Kansas State University. Jurg gerber (email: icc_jxg@ shsu.edu) is a professor in the Department of Criminal Justice and Criminology at Sam Houston State University. The authors would like to thank the Graduate Standards and Admissions Committee for the fellowship opportunity that permitted this research to take place. In addition, gratitude must be extended to the reviewers who examined this manuscript, particularly Reviewer #2 whose comments were particularly helpful and incisive.
Social Justice Vol. 41, No. 3
tion bordered on fanaticism and [whose] living habits bordered on the unsavory” (Nissenbaum 2004, 196). Currently, hackers are often portrayed as “young men whose pathological addiction to the internet leads to elaborate deceptions, obsessive quests for knowledge, and bold tournaments of sinister computer break-ins” (Coleman and Golub 2008, 256). Although the term encompasses a much broader community than just those who commit network intrusions, almost any time a computer-related crime is committed, the media refer to the violator as a hacker (Holt 2009; Turgeman-Goldschmidt 2011). Thus, hackers have been constructed as some sort of digital malcontents capable of causing computerized chaos, including imposing on network privacy.
Though certainly no one can argue that at least some hackers pose a threat to privacy, few seem to consider how hackers themselves view privacy and related issues. Hackers are often at the nexus of technology, politics, and control. Surveillance measures have proliferated in what has been referred to as a culture of control (Garland 2002), and demands for security through monitoring encroach on personal privacy—as most controversially demonstrated by recent events concerning the National Security Agency and their PRISM program. Examining hackers’ perceptions of privacy may prove fruitful for future studies of hacker culture and behavior, because hackers are: (a) tremendously affected by increases in modern surveillance assemblages, which often encroach on domains hackers work in (computers, the Internet, etc.); (b) scrutinized heavily by media, government, and the public (Hollinger 1991; Skibell 2002; Turgeman-Goldschmidt 2011); and (c) often curious and interested in exploration (thus presenting a potential privacy threat to others) while also being vehement advocates of privacy themselves.
As a step toward understanding these perceptions, the current study engages in a qualitative content analysis of 2600: The Hacker Quarterly. The magazine was created by Emmanuel Goldstein (pseudonym of Eric Corley, who adopted his name from the supposed enemy of the state in Orwell’s 1984) and began publication in 1984. 2600 is a hacker zine acknowledged to be one of the “first significant hacker publications” (Thomas 2005, 604), and it features articles written by members of the hacking community for hackers.2 Before discussing the results of the analysis, a brief overview of the scholarly literature on hacking is provided as well as a discussion of the data gathering process and qualitative analysis approach. The results are presented focusing primarily on 10 themes that emerged in the analysis and are discussed in the context of technolibertarianism and crypto-anarchy.
The term “hacking,” as related to computers and technology, has been around since the late 1950s or early 1960s (Levy 1984). Many perspectives and approaches have been adopted to examine this phenomenon in the academic literature. Scholars have studied hackers’ cultural practices and shared meanings as well as the formation of hacker identities (Coleman 2010, 2012, 2013; Hollinger 1991; Holt 2009, 2010a, 31 Hacker Perspectives on Privacy 2010b; Turgeman-Goldschmidt 2005, 2011; Warnick 2004). The social construction of hacking has also been analyzed, specifically focusing on how the image of the hacker has changed over time (Halbert 1997; Skibell 2002; Thomas 2005).
Hacktivism, a portmanteau of “hacking” and “activism,” has also been examined by scholars as a phenomenon heavily related to hacking culture (Jordan and Taylor 2004; McKenzie 1999; Meikle 2002; Taylor 2005; Van Laer and Van Aelst 2010), and some researchers have investigated the hackers’ demographic and psychological characteristics (Bachman 2010; Schell 2010; Schell and Holt 2010).
Perhaps more relevant for criminology, some research focuses on the creation of viruses and malware, computer intrusions, website defacements, and identity theft (Furnell 2010; Higgins 2010; Jordan and Taylor 1998; Nichols et al. 2000;
Woo et al. 2004). Criminological theory testing has been conducted concerning hacking (Bossler and Burruss 2010; Morris 2010), and previous research has also examined hackers’ perceptions of government, law, and law enforcement (Steinmetz and Gerber 2014).
In 1984, Levy introduced a concept that is perhaps most relevant to understanding hacker perspectives on surveillance and privacy: the hacker ethic. At the time, this ethic involved the idea that “access to computers—and anything which might teach you something about the way the world works—should be unlimited and total. Always yield to the Hands-On Imperative!” (Levy 1984, 40). The hacker ethic can be viewed as a particular ontological perspective adopted by members of the hacking subculture. Both a philosophy of liberalism (Coleman and Golub
2008) and a belief that the world operates as a system or a series of interoperating systems (Warnick 2004) underpin this viewpoint. This perspective gives rise to multiple features of the hacking subculture. First is the belief that information wants to be free (Levy 1984; Stallman 2002). As Stallman (2002, 43) specifies, this is not “free” in the sense of “free beer,” but free as in “free speech.” And since information wants to be free, restrictions on access to information are perceived as abhorrent (Hollinger 1991; Levy 1984; Stallman 2002), which helps to explain many efforts hackers have been known to make in circumventing technological security measures (Hollinger 1991).
A second feature of the hacker ethic involves what Levy (1984) has described as the hands-on imperative—a desire to be engaged in an active, hands-on manner.
From a Weberian perspective, this imperative has been described as a move beyond the protestant ethic and toward a blurring of labor and leisure that requires an active, rather than passive, approach to the consumption of technology and media (Brown 2008; Himanen 2001). In this sense, hackers dedicate themselves to learning about and tinkering with systems, which often leads to (a) the creation of new or improved systems and (b) the ability to manipulate them. This do-it-yourself mentality of exploration and manipulation even extends beyond the technological to the social realm, involving a practice referred to as social engineering (Coleman and Golub 2008; Mitnick and Simon 2002, 2011; Thompson 2006). This feature 32 KevIn steInmetz & Jurg gerber of the hacker ethic has also lead to the development of the free and open-source software movement (F/OSS), involving the collaborative creation of freely and openly available programs, applications, and operating systems (Coleman and Golub 2008; Dafermos and Söderberg 2009).
Technological utopianism comprises the final feature of the hacker ethic (Barbrook and Cameron 2001). Here, technology is viewed as a potential remedy to many social problems. Any shortcomings experienced in any domain of life are thought to have a potential technological solution. The consequence is a desire to use technology to circumvent restrictions (often meant to obstruct access to systems) and to protect oneself, particularly regarding privacy (Coleman and Golub 2008).
In sum, the hacker ethic combines a liberal philosophy and a systemic ontology to engender (a) a belief that information wants to be free, (b) a desire to be handson with systems of all sorts, and (c) a sense of technological utopianism. Although Coleman (2012) convincingly argues that the hacking subculture is so diverse that one ethic may not serve to adequately capture the entirety of its internal dynamics, the aforementioned features converge in a body of political thought, shared within high-technology cultural circles, that can be useful for understanding hacker perspectives on privacy: technolibertarianism and, relatedly, crypto-anarchy. As
described by Taylor and Jordan (2004, 134):
The term technolibertarian refers to those closely involved within the computer industry who espouse strong libertarian and free-market political principles and closely associate them with the promotion of the e-economy. Their views frequently articulate a preference for a society as free as possible from regulation, social ties and, generally, the obligations that inevitably stem from community relations in the real world.
Such a perspective is a manifestation of the liberalism that permeates tech culture, including the hacker community (Coleman and Golub 2008). One extension of this philosophy is crypto-anarchy, which arose from the public key cryptography movement (Levy 2001). Situated in the context of technolibertarianism and technological utopianism, crypto-anarchy holds the belief that cryptography is a key solution to protecting privacy, particularly against intrusions by the state (Frissell 2001; May 2001; Hughes 2001). As discussed below, these bodies of thought are key to understanding hacker perspectives on privacy.
This study involves a content analysis of the US-based magazine 2600: The Hacker Quarterly (referred to hereafter as 2600). 2600 features full-length articles in addition to editorials, letters to the editor, short stories, and book reviews. The zine currently enjoys wide circulation, which includes the shelves of a major bookseller such as Barnes & Noble. Due to its popularity, historical significance, hackerHacker Perspectives on Privacy authored content, and its role as a forum to discuss political perspectives within the hacking community, 2600 is an ideal publication for analysis. The current study focuses in particular on the perceptions of privacy expressed by the authors in their writings for the journal.3
The sample for this study was drawn from 41 issues of 2600. The chosen time frame begins with the Spring 2002 volume because this issue followed shortly after the events of 9/11—an event that triggered a massive shift in security and surveillance policy in the United States (Cole and Lobel 2007). Hackers were (and continue to be) greatly affected by the developments in the area of cybersecurity and the increases in scrutiny that have followed the beginning of the War on Terror. The sample includes all issues from Spring 2002 up to Spring 2012—the most recent issue at the time of data gathering and analysis. As a result, the sample includes just over 10 years of publications. The particular units of analysis within these issues include articles, editorials, book reviews, and short stories; in total, over 839 articles, 41 editorials, 8 short stories, and 2 reviews (collectively referred to as items) written by 611 different authors were examined for any mention of privacy, surveillance, or related security issues (see Table 1). Any such mention was flagged and logged in an electronic dataset, together with a note briefly describing the content of the item and providing context for later analysis. This process created a subsample for analysis that consisted of 188 articles, 27 editorials, and 2 short stories written by 161 different authors—a total of 24.3 percent of the full sample.