Skip to content

Text-only Version

Home
In the News
Research Resources
Teaching Resources
Student Resources
Links
The Gallery
Staff

Hacker Ethics

Dorothy E. Denning

3. Hacker Ethics

For the most part, the moral principles of hackers are not much different from those of us who consider hacking wrong. The hackers I have spoken with agree that it is wrong to hurt people or cause damage. Where hackers differ is in their interpretation of what constitutes “hurt” and “damage,” and thus in their particular ethical standards of behavior.

Hackers do not usually consider the act of breaking into a system as either harmful or damaging. To them, damage would occur only if they destroyed user data or adversely affected a life-critical operation. They do not consider modification of system files for the purpose of gaining privileged status, creating new accounts, gaining access to passwords, or covering up their tracks as damage, even though someone has to restore the files. They do not consider the disruption they cause to the systems staff and users as harmful. They do not consider the downloading of system files or the use of resources without paying for them as harmful or even as theft; instead, they rationalize that the files remain on the system and the resources would otherwise go unused. They agree that browsing through personal information and electronic mail is an invasion of privacy and therefore wrong; some do it anyway. Most agree that some break-ins are unethical, e.g., breaking into hospital systems.

Some hackers say they are outraged when other hackers damage user files or use resources that would be missed, even if the results are unintentional and due to incompetence. One hacker said “I have always strived to do no damage, and to inconvenience as few people as possible. I never, ever, ever delete a file. One of the first commands I do on a new system is disable the delete file command.” Some hackers say that it is unethical to give passwords and similar security-related information to persons who might do damage.

Hackers justify their actions on the grounds that learning and exploring are good, that the free flow of information has generally been beneficial to society, that it is useful to uncover system vulnerabilities that could be exploited by someone with malicious intent, and that many of the organizations whose systems they break into engage in unethical practices. Although few people dispute these principles, most do not accept them as legitimate reasons for breaking into systems. Some hackers also argue that it is the responsibility of the system managers to prevent break-ins, and that they are the scapegoats of poor security practices.

Some hackers go further and argue that most systems should be accessible for the purpose of learning. They say that the real crime is information hoarding.

Many hackers acknowledge that break-ins are wrong – just not that wrong. They see the penalties imposed on hackers as being harsh and out of proportion to the seriousness of the crimes. One former hacker told me that his parents knew of his activities and told him that what he was doing was wrong, but that they did not consider his hacking to be bad enough to take action. They thought it was important for him to discover the reasons for not hacking himself. He did.

Many people share the view that non-malicious break-ins are wrong, but not sufficiently bad to justify harsh penalties. Indeed, it was common in the past to hire hackers, and most that were went on to become responsible employees. In universities, it is still common to regard student hackers as smart and basically good people with extra time on their hands, who should be guided into pursuing challenges that are legal rather than punished. Some system managers thank hackers for pointing out vulnerabilities to them.

4. Maturity

Most hackers get started in their youth. One of the founders of the hacking group “The Legion of Doom” said that he was eleven. People at this age are at a much earlier stage of maturity than someone who is fifty. They have fewer life experiences to draw on, and they have had fewer responsibilities. Many hackers have little or no idea what goes on inside organizations, and why the people in these organizations have a low tolerance for hacking. They may not consider the cost of hacking to an organization in terms of lost work or extra phone charges, and how these costs can effect people’s jobs. Without this appreciation, it is difficult for a hacker to see the harmful effects of a break-in, even when no malicious damage was intended. Hackers may also lack an appreciation for how their actions may ultimately effect their own lives, for example, by producing assessments in others that they are immoral and untrustworthy, thereby cutting off possibilities for their future.

The process of maturing is a continual one throughout our lives. It happens as more and more of the world unfolds before us. Yet many people in their forties and fifties expect someone in their teens or twenties to know everything they know, at the same time forgetting that they themselves are still blind to most of what is out there. I find myself continually learning from young people who see things that I don’t see or that I forgot.

Most of the hackers I have met say they have “retired.” They abandon their illegal activities when they see the negative consequences of their actions to themselves or others.

Back to the top

Go to: 5. Teaching Computer Ethics

Home > Research Resources > Computing Security > Hacker Ethics
   

HOME | IN THE NEWS | RESEARCH RESOURCES
TEACHING RESOURCES | STUDENT RESOURCES
LINKS | THE GALLERY | STAFF

The Research Center on Computing & Society
at Southern Connecticut State University
501 Crescent Street • New Haven, CT 06515
Director: (203) 392-6790 • e-mail: webmaster@computerethics.org

© 2000 – 2007 – Research Center on Computing & Society