“The word ‘hacking’ is sexy, exciting, seemingly seedy, and usually brings about thoughts of complex technical activities, sophisticated crimes, and a look into the face of electronic danger itself.” (Harris et al., 2005, p. 11)

There are many among hacker communities that bemoan the vilification of a word that was intended, as Raymond claims, to signify someone who thrives on “intellectual challenge.” Even if we agree that the most suitable definition for a hacker is “One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations,” the debate over what behaviors are ethically sound when getting around those limitations remains. The discussions from the previous sections of this text reveal some of the ethical expectations regarding behavior and conduct in open source communities and Web 2.0 where content is shared and collaboration valued. Once again, the open source community can assist in this attempt to pin down a multi-faceted term such as hacker ethics. Returning to Raymond’s online Jargon File, two entries on “hacker ethic” (the first was introduced earlier) serve as good points of entry to unpacking what the open source community understands as ethical behavior and conduct. Raymond writes:

Notice that Raymond uses the term “cracker” instead of “hacker” for someone who breaks into a system. Cracker is “a term created by hackers in the mid-1980s to differentiate the two communities” (Attackers and vulnerabilities, 2002). The term has not achieved wide-spread use especially outside of the more specialized IT or programming communities. Regardless of what we label an activity, we are left ultimately with the same debate over what falls into the category of ethical hacking versus malicious cracking.

Raymond’s first entry aligns with the spirit and ideology of the open source movement and Web 2.0. For those using Web 2.0 applications and all of their open data, the position that users have an ethical responsibility to continue to promote that openness seems less than controversial. It is not hard to imagine, however, IT professionals and system administrators employed to keep corporate networks and content secure, taking umbrage to the idea of hackers compromising their systems for amusement just because they are armed with the notion that such practices are ethically “OK.” As we will see in the coming discussions on the texts Gray Hat Hacking (Harris et al., 2005) and Certified Ethical Hacker (Gregg, 2006), Raymond’s second entry does not have universal agreement. However, his own leanings are revealed in his remark that “the belief that ‘ethical’ cracking excludes destruction at least moderates the behavior of people who see themselves as ‘benign’ crackers.” While excluding malicious activities from the definition of ethical hacking may appease members of the open source or Web 2.0 communities, the practice of “benign” hacking does not fall into the realm of acceptable actions for most IT professionals.   

In an effort to dispel any “sexy” intrigue attached to hacking, Harris (2005) and the other authors of Gray Hat Hacking remark that, in many ways, the malicious hacking of breaking into networks or stealing content is just a different breed of theft and sabotage only with a new array of tools. Indeed, what is interesting about books like Gray Hat Hacking and others such as Michael Gregg’s (2006) Certified Ethical Hacker that purport to have the average IT professional as their intended audience is the belief that ethical hacking means getting owner authorization before hacking anything. According to Gregg, “Ethical hacking is a form of legal hacking that is done with the permission of an organization to help increase its security” (p. 20). Whether as a company employee or an outside consultant, all hacking requires permissions and full disclosure. While there is discussion dedicated to proper disclosure and what a hacker needs to know about our legal system, these types of texts (Gregg’s text actually helps IT professionals prepare for the International Council of Electronic Commerce Consultants ethical hacking certification exam) confront quickly issues of behavioral ethics and then move on to technical processes and procedures for hacking. If readers are interested in how to run penetration tests and basic Windows and Linux exploits, then these texts are the appropriate resources. If readers want a philosophical debate over information sharing, however, then these texts are less useful. Perhaps because Gregg allots for no ambiguity or “grey” areas regarding ethical behavior for hacking (either you have permission or you do not), discussions on conduct are brief. Gregg has a section dedicated to what he calls “Rules of Engagement” where the third bullet point reads: “Be ethical.”

It is also worth noting that both Gregg’s book and Gray Hat Hacking are exceptionally sensitive to the skills they are teaching. Gregg notes that “nothing contained in this book is intended to teach or encourage the use of security tools or methodologies for illegal or unethical purposes. Always act in a responsible manner” (p. 20). Harris and his co-auhtors defend their book by claiming “the ethical hacker has to know what the bad guys are using, know the new exploits that are out in the underground, and continually keep her skills and knowledge base up to date” (p. 12). The authors cite the “educational piece” provided by their book makes “the difference between hacking and ethical hacking” (p. 12). What is surprising is not so much that books like this exist in the first place, but that they differ so drastically from the philosophical and ideological designs for sharing knowledge found in the writings of Raymond and even O’Reilly.

Granted, most of us teaching writing are not hacking into someone else’s computer to install spy-ware or orchestrating a denial of service attack on an ill-prepared server. However, texts that purport to teach “proper” ethical hacking do so by creating a binary of “good” versus “bad” behaviors similar to that of plagiarism policies often used to teach or enforce academic writing/hacking. Writing instructors, in fact, often create texts that approach issues of plagiarism with the same binary. In Writing That Works (Oliu, Brusaw, Alred, 2007), a popular textbook for professional and business writing courses, plagiarism is cast, as it typically is, as stealing:

“Plagiarism is considered to be the theft of someone else’s creative and intellectual property and is unacceptable in any field. If you intend to publish, reproduce, or distribute material that includes quotation from published works, including Web sites, you may need to obtain written permission from the copyright holders of those works” (Oliu, Brusaw, Alred, p. 178).

While copyright violations and plagiarism are different punitively, definitions such as these conflate the act of holding up someone else’s work as your own with stealing intellectual property. The larger problem is, of course, that if we adhere to the letter of existing copyright law, then permission is almost always required. This creates what Lessig describes as permissions driven culture where the law becomes an impediment or a barrier to creativity and a “burden to innovation” (2004, p.193). Given the type of writing students do with Web 2.0 technologies, Lessig’s question for composition instructors during his “Remix Culture” presentation, asking whether or not writing will continue to be “allowed,” appears more relevant than ever.
Next: Hacking, Writing & Plagiarism-->