他们和我们.

释放双眼,带上耳机,听听看~!

them_and_us.txt,

他们和我们.

txt,标签纸,日期:1997年6月18日17:25,发件人:P.A.Taylor@socycology.

salford.ac.uk主题:文件1——Paul Taylor即将出版的《黑客》一书(版主注:几年前,Paul Taylor在其博士论文的一篇文章中征求了关于“黑客”的信息.

他完成了这本书,不久将由劳特利奇和基根保罗出版.

预计出版日期为1998年初,暂定标题为:黑客:技术文化研究,尽管保罗仍在寻找(并愿意接受)建议.

不过,遗憾的是,出版商通常会提出最终的书名,他们的选择通常会占上风.

平装版的估计价格应该是15英镑左右,这将使美国版大约20美元.

CuD将运行一个章节,由于篇幅的原因,该章节将分为两个部分).

——————吉姆欣然同意把我即将出版的一本关于黑客的书的节选出来.

目前的形式是直接从我的博士论文,但我想利用人们的反馈来帮助我更新我的工作之前,并使它更容易为非学术观众.

如果您对我描述的黑客行为有任何意见或看法,请联系我-p.a.taylor@sociality.

salford.ac.uk.张贴这个帖子的原因是:a)感谢并回馈给最初贡献的人.

b) 为了激发更多的兴趣,这将有助于对原始作品的更新-特别是.

i) 人们认为在过去的3/4年里CU的主要发展是什么?ii)与欧洲/世界其他地区相比,人们认为美国的铜场景之间的主要差异(如果有的话)是什么?有一个公开的邀请,让人们联系我,讨论上面和/或任何他们认为相关/重要的事情.

以下是对最终的书的基本原理和拟议结构的简要概述.

黑客:对技术文化背景“黑客”的研究是基于1989-1993年在爱丁堡大学进行的4年博士研究.

研究集中在三个主要群体:计算机地下(CU)、计算机安全产业(CSI)和学术界.

从政府官员、记者等处获得了更多信息.

在英国和荷兰进行了面对面的采访工作.

其中包括《黑客Tic》杂志的罗普贡里杰普(Rop Gongrijp)、德尔夫特大学的赫施伯格教授(Prof Hirschberg)和罗伯特席弗里恩(Robert Schifreen)等人物.

在欧洲和美国对普渡理工大学的尤金·斯帕福德教授、凯文·米尼克、克里斯·高甘斯和约翰·德雷珀进行了电子邮件/电话采访.

理由本书旨在对黑客行为背后的社会过程进行学术研究,但一般读者还是可以接触到的.

它试图弥补许多关于黑客攻击的新闻报道的“奇思妙想”的做法.

这些书的基调往往是由书名决定的:逃犯游戏.击倒.网络窃贼和武士.

欺骗大师等等.

这本书的基本论点是,尽管有媒体的描述,黑客攻击并不是,也从来不是一个简单的“电子破坏者”对好人的案例:真相要复杂得多.

例如,黑客攻击、安全行业和学术界之间的界限往往相对不固定.

此外,黑客攻击在其直接环境之外还具有重要意义:围绕它的争端象征着社会试图塑造我们明天将居住的信息环境的价值观.

书的概要介绍-研究的背景和贡献者的范围第1章-黑客的文化意义:非小说和虚构的黑客描绘.

第二章黑客系统:黑客与技术变革理论.

第三章黑客:他们的文化.

第4章-黑客:他们的动机第5章-国家的状态(网络)计算机安全弱点.

第六章他们与我们:边界的形成与他者的建构.

第7章-黑客和立法.

结论保罗·泰勒——————————日期:1997年6月16日星期一14:05:55+0100发件人:P.A.Taylor@socycology.

salford.ac.uk主题:“黑客”书籍预览:他们和我们(第1部分,共2部分)第6章-“他们和我们”6.1导言6.2边界形成-“他们和我们”6.2.1证据-鹰派情感力量6.

3“他们和我们”的原因6.3.1 CSI和我们之间的伦理差异CU 6.3.2对匿名的恐惧6.

4“他们和我们”情景的伦理基础6.4.1模糊和残留伦理6.4.2模糊伦理的行业实例6.4.3技术和伦理6.

5边界形成-媒体的作用6.

6边界形成过程和类比的使用6.

7专业化项目6.7.1创造计算机安全市场和职业风气6.7.2政治迫害和黑客6.7.3关闭-态度的演变6.8结论6.1黑客就像孩子们把一个10便士的一块放在铁路线上,看火车是否能弯曲它,而没有意识到他们有风险去栏杆整个火车(迈克琼斯:伦敦采访).

鹰派对黑客行为的技术性反对,拒绝了鼓吹与黑客合作的论点,在这一章中,他们对黑客行为的道德性反对补充了这一点.

前几章已经表明,黑客社区与计算机安全行业以及更附属的群体:学术1之间存在一些相互作用和联系.

然而,黑客和计算机安全行业之间更为常见的关系,是鹰派观点中明显的隐晦或公开的敌意.

本章探讨了这种敌意的基础.

强调了这两个群体截然不同的伦理立场,并解释了它们的起源.

计算机技术的发展被证明是创造了新的条件,要求对什么构成了对计算机资源的伦理使用作出伦理判断.

CU和CSI有不同的伦理解释,在辩论过程中表达出来.

这场争论随后成为这两个群体之间边界形成过程的一部分.

对这类道德判断有两个可识别的影响,一是作出判断的人的年龄,二是技术在必须作出道德判断的情况下发挥作用的程度.

犯罪现场调查组和犯罪现场调查组的成员相互对立.

本章说明了如何在边界形成过程中保持和加剧这种对立.

这两个群体之间的伦理差异得到了支持,但举例说明,在计算机刚刚起步的环境中,这种差异的程度仍在形成过程中.

因此,犯罪现场调查局内部那种无法接受电话窃听或黑客攻击的任何道德暗示的心态,遭到了犯罪现场调查局的强烈反对,他们的典型观点是,像黑客这样的计算机用户已经忘记了“有时他们必须离开游戏围栏,接受计算不仅仅是一个游戏的概念”(Bloombecker 1990:41).

这种认为黑客未能从心理上“走出游戏圈”的观点,说明了这两个群体之间的一些明显的道德差异.

然而,本章提请注意在计算中更加模棱两可和模糊的道德状况的例子,以及如何需要一个持续的协商、群体分化和边界形成的过程来保持群体之间的这种差异.

围绕计算机计算的伦理复杂性正变得越来越重要,因为它成为日常生活中更普遍的一个方面.

CSI作为商业和政治利益占主导地位的社会群体的一部分,参与了一个试图将其对这些伦理问题的解释强加于计算的过程.

不同伦理方法的倡导者发现自己越来越被道德界限所分隔,这些道德界限已被编入专业法规和政府立法.

媒体把黑客描绘成不道德的人,助长了道德立场的反差所造成的“他们和我们”的局面我是局外人.

最明显的表现是占主导地位的社会群体对黑客态度的演变.

麻省理工学院的“真正的黑客”从20世纪50年代末就开始活跃起来,在硬件和软件的开发中发挥了重要作用,而现在黑客在很大程度上被视为一个需要立法解决的问题.

这种观念的演变同时也是CSI作为一个选区出现的结果,也是这种发展的一个因果因素.

为了说明边界形成的过程,我们注意到关于小罗伯特莫里斯入侵互联网系统的辩论与塞勒姆女巫审判期间所表现出的语言和态度的比较(Dougan和Gieryn 1988).

尤其是新闻界,在刻板印象和耸人听闻的黑客事件的过程中特别活跃,这一过程有助于为黑客创造一个越轨的群体地位.

本章还分析了CSI和CU之间边界形成过程中最有趣的一个方面,即在计算中出现的情况与现实世界之间进行物理比较的方式.

这些隐喻被用作解释工具,也被用于区分这两个群体的价值体系的产生和维护.

所用的物理类比似乎同时实现了这两种功能.

它们允许以一种更易于管理和日常的方式来处理本来可能很复杂的技术和道德问题,但由于它们作为耸人听闻的黑客问题的一种手段的特殊适用性,它们也直接有助于形成道德界限.

吉恩·斯帕福德(Gene Spafford)等公共评论员就什么是黑客及其影响发表了各种有争议的言论:雇佣黑客,就像让“纵火犯成为你的消防队长,或者让恋童癖者成为学校老师”.

黑客的行为因此被强行从“网络空间”领域中剔除,重新引入到威胁现实世界的情况.

如果这种比较被接受,那么这种行为所带来的危险和伤害就更容易被理解和恐惧,黑客作为一个群体可能会被有效地视为道德败类.

关于伍尔加(1990)试图将计算机病毒故事与“城市/当代传奇”的流行联系起来,可以指出,CSI在讨论计算机伦理时使用的物理类比强调了黑客的越轨“闯入”性质2.

相反,CU拒绝这种戏剧性的类比,更喜欢强调黑客的智力和开拓性,我们随后将根据他们选择的类比进行分析:将黑客的智力性质和前沿精神分别与国际象棋和西部荒野进行比较.6.2边界形成-“THEM AND US”Dougan AND Gieryn(1988)和Meyer AND Thomas(1990)一样,将计算中的边界形成过程与形式化巫术审判的历史例子进行了比较.

这是一个极端的“边界形成”过程,群体通过边缘化其他群体来区分自己,从而确立自己的身份.

”“政治迫害”发生在社会转型时期,我们在第三章中看到,它正在经历一个社会变革时期.

经济秩序试图将财产关系强加于信息之上,但其不断变化的性质破坏了其作为商品的财产.

计算机反文化越来越被视为对企业出于自身目的控制技术能力的威胁.

黑客最初被视为“技术奇才”的敬畏甚至尊重,已经让位于更频繁的鹰派观点,即他们是“电子破坏者”.

占主导地位的社会群体最初神话化,然后污名化不共享其价值结构的外围群体.

就黑客而言,由于黑客的掩护而助长的恐惧和无知加剧了这种趋势记录活动的性质和困难.

Dougan和Gieryn(1988)等人指出,这种越轨的概念有其作用.

简单地说,一个社区只有知道它不是什么,才有它的社区地位感.

与外界保持距离有助于该群体的成员感到团结.

此外,那些强调某些价值观而非其他价值观的文化,往往会将那些威胁到其最宝贵价值观的活动贴上越轨的标签.

在黑客的特殊情况下,他们的污名化和边缘化已经发生,因为他们用他们的信息共享文化威胁资本主义秩序的基本支柱之一:产权.

CU与CSI之间的边界形成过程的促进特征是彼此之间的差异感和缺乏亲和力:“他们和我们”情景.6.2.1证据-通过查看被称为“火焰”的电子邮件通信示例,可以获得直接接触CSI和CU之间辩论的鹰派力量.

这些都是措辞强硬的,而且经常是侮辱性的电子邮件.

它们用来说明CSI和Cu之间存在的拮抗作用.

以下是电子邮件中用来描述黑客和黑客行为的表达方式的示例:我是因为对非法侵入计算机的行为做出的惩罚对犯罪者来说是极其痛苦的.

大多数不得不清理和审计如此庞大系统的管理者可能认为重罪的处罚太轻了.

在这样的时刻,我们倾向于考虑在油中煮沸,被抽走并四分五裂,或者可能把入侵者埋在蚁丘里直到他的脖子(鲍勃约翰逊:风险电子文摘,11:32).

电子破坏(沃曼:电子邮件采访).

在害虫附近的某个地方,也就是说,可能不可避免,甚至可能是必要的害虫,如果不加以监测,它们可能具有破坏性和破坏性(Zmudsinki电子邮件采访).

他们大多看起来是对社区和社会有着极不发达意识的孩子(Bernie Cosell:e-mail采访).

反对黑客行为已经变得越来越不具体和道德化,斯帕福德的一个例子是,在计算机安全行业中定期使用黑客的知识相当于雇佣一个已知的纵火犯作为你的消防队长,一个欺诈者作为你的会计,或者一个恋童癖者作为你的孩子监护人.

他们可以提供或可以作为其活动的副产品获得的技术见解,从属于对行为本身的道德表示谴责的需要.

CSI的鹰派成员一贯使用指责和道德的语言来指代黑客,他们认为这是一个“推卸责任”的过程.

犯罪现场调查局被指控利用道德谴责作为手段,转移对可能涉及的安全漏洞的任何责任和指责,这不仅是侵犯行为的实施者,而且也是受害者.

正如赫什伯格所说:伪道德论据和道德语言在我看来无疑掩盖了这个问题.

我认为它掩盖了这样一个事实,即系统所有者或系统管理员有道德义务尽其最大努力阻止渗透.

他们是非常失职的,他们不可能不在乎,因此至少,有一种可以理解的倾向,指责穿甲弹,而不是责怪自己没有采取至少足够的反措施,事实上,在某些情况下,反措施根本没有采取.

如果你被证明你没有完成你的作业,那么你几乎会自然而然地采取一种防御的态度,在这种情况下,这就相当于攻击黑客,在道德上责怪他,在他的头上堆满了谴责.

是的,这与恐惧因素有关(Herschberg:Delft采访).

这种道德谴责的暗流是对CSI成员的实地采访的一种反复出现的质量,例如:我参加过这个游戏.

今年是我36岁,从整体上讲,我认为黑客是贬义的.

被贬低的,可能事实上,被当作一种轻微的犯罪活动.

你最不想做的就是让黑客成为公众人物.让他们公开.我认为当它发生的时候需要淡化,但它不应该发生.

在任何情况下,我都不会拥有它们.

泰勒博士和其他参与提供计算机安全的受访者与黑客几乎没有直接接触,这令人惊讶.

我问他这种缺乏直接接触/相互作用以及他对黑客动机的看法:嗯,不应该有(任何相互作用),因为业界不想听到黑客的消息,当然也不想看到他们所做的事情的影响.

对我来说,我不关心黑客做了什么,我更关心的是从一开始就阻止他.

你已经和黑客社区中那些更道德的成员谈过了,对他们来说这是一个智力上的挑战,但事实上有些人是精神病患者,波普3医生就是其中之一,他们只是想和他们觉得对他们不公平的社会评比一下.

一个叫怀特利的家伙因破坏伦敦玛丽女王医院的医疗数据而入狱四年.

他只是彻底毁灭,他不仅仅是一个浏览的黑客,他几乎肯定是一个精神病患者(泰勒:克努茨福德采访).

与此相反,作为对每个群体对另一个群体负面看法的一个例证,黑客Mofo认为,精神病倾向并不是黑客群体的唯一保留:我的经验告诉我,计算机系统和网络的“负责人”的行为也有类似的“权力之旅”,需要加以实现.

这种精神上的需要是在与计算机联系之前形成的还是根深蒂固的,这是无关紧要的.

在各行各业都存在着心理健康状况如此糟糕的人.

我相信这只是一个可能性的问题,许多这样的人在某种程度上与计算机和网络的管理[以及对计算机系统的入侵](Mofo:电子邮件采访).

泰勒对更广泛地公开黑客行为可能对计算机造成的损害持谨慎态度,然而,正如上面提到的波普博士和尼古拉斯·惠特利(Nicholas Whitley)所示,具有讽刺意味的是,他对黑客的看法似乎依赖于最公开的黑客行为案例.

一个进一步的论点,防止CSI接受黑客作为潜在有用的故障查找系统是简单的指控,如果没有黑客的存在,首先,将很少需要广泛的安全措施.

即使黑客在指出系统中的各种错误时有一定的用处,但这样的好处被大量计算资源“浪费”在原本不必要的安全措施上的事实所抵消.

例如,泰勒博士的观点是:黑客攻击是一种威胁,阻止人们从事建设性工作.

今天花了很多钱来提供相当复杂的解决方案以领先于黑客,在我看来这不应该花.

他们正在向研究人员挑战,要求他们提出更好的技术解决方案,并正在刺激提供这些解决方案并从中获利的软件服务业.

但你替我回答这个问题,这对社会有什么好处?(泰勒:克努茨福德采访).

因此,使用道德语言的一个原因是为了把那些负责安全松懈的系统的人的责任转移到那些打破了安全松懈的人身上.

不管系统的安全状况如何,都有一个团队形成的项目,实现计算机安全的人希望在这两个群体之间存在固有差异的过程中孤立和区别于CU.

以下是肯·汤普森(Ken Thompson)在图灵奖(Turing Award)颁奖典礼上发表的主旨演讲摘要,生动地说明了这个项目:我看到孩子们在国会面前作证.

很明显,他们完全不知道t的严重性继承人法案.

显然存在文化差异.

闯入计算机系统的行为必须有与闯入邻居家同样的社会耻辱感.

邻居的门没锁也无所谓.

新闻界必须认识到,误用电脑并不比酒后驾车更令人吃惊(汤普森1984:763).

这种情绪在计算机安全行业一些最杰出、最有成就的人士中得到了一致的表达,他们普遍反对黑客:不幸的是.

人们很容易把黑客看作是一个民间英雄——一个独来独往的人,他只有自己的聪明才智,才能够挫败这个系统.

人们对这些人可能造成的真正损害没有给予足够的关注……当有人篡改他人的数据或程序时,无论这种方法多么聪明,我们都需要认识到,这种行为充其量是不负责任的,很可能是犯罪行为.

犯罪者不感到懊悔,或者病毒造成了意想不到的后果,这并不能改变这一行为的本质违法性,这实际上是违法和进入.

断言该行为有一个有益的结果,因为它导致了更强有力的保障措施,没有比同样的论点在任何犯罪辩护时更有效.

如果在经历了一次入室盗窃后,我为我的房子买了一个防盗警报器,这能为入室盗窃辩解吗?当然不是.

任何此类行为都应受到有力的起诉(Parrish 1989).

上述引文中有几段是值得注意的,因为它们非常依赖隐喻的视觉意象,将计算机产生的伦理问题与现实世界的情况进行比较,这一话题将在不久的将来讨论.6.3“他们和我们”的原因6.3.1 CSI和CU之间的伦理差异确定了鹰派观点对黑客攻击的强烈感受,本节探讨了这种对立的伦理基础.

以下引用CSI的一位成员的话,说明了计算机界某些成员的道德观之间的巨大差异.

犯罪现场调查组成员强烈反对犯罪现场调查组成员所倡导的“玩偶态度”.

假设没有造成伤害,黑客倾向于认为未经事先许可探索系统是没有错的,而那些关心这些系统安全的人会将这种信念描述为冒犯:仅仅因为你有一种完全破产的道德感和礼节感,这不应该给我带来负担,让我不得不浪费时间来处理它.

生命是短暂的,不会无缘无故地浪费在自以为是、不成熟的傻瓜身上……如果你想“玩弄”我的系统,你可以问我,试着让我相信你的意图是无辜的,如果我说“不”,你就应该走开.

不请自来的玩耍是犯罪的,我没有义务,也没有兴趣,被迫为厌倦得不能以某种非攻击性的方式自娱自乐的波佐人提供一个游戏笔(哥赛尔书3:12).

当我们研究支持CSI和CU的伦理解释对比的因素时,我们发现一个重要的特征是CSI倾向于诋毁或贬低黑客所表达的伦理.

鲍勃约翰逊(Bob Johnson)是一位高级系统分析师,同时也是一位美国军事设施Unix系统管理员,他批评黑客们所使用的正当理由,认为这是沉溺于“位置伦理”的现代趋势的一个例子.

在谈到网络蠕虫案件时,他说:大多数人拒绝根据“是非”来判断.

相反,他们根据结果,或根据实际损害,或附带损害或他们自己的个人想法来判断行动.

在我看来,莫里斯的所作所为是错误的,不管损失有多大,因此他应该准备好为自己的行为付出代价.

其他许多人没有这种“狭隘的心态”.

顺便说一句,位置伦理是同样的一种推理,它会问:“什么时候偷一块面包是正确的?”我相信答案是“也许有一天这是必要的,但这永远是不对的”(鲍勃约翰逊:电子邮件采访).

“唧唧”《犯罪现场调查》中的“基什”分子毫不含糊地谴责黑客行为及其缺乏道德规范.

他们认为,黑客所表现出的道德缺失表明了更广泛的社会衰退.

因此,Smb将所谓的普通人道德沦丧描述为道德沦丧,而不是道德沦丧,而是非道德风尚的蔓延:“我还远不能确信,道德沦丧是黑客所独有的.

我认为这是一个社会问题,在这个行业中,我们认为这表现为黑客攻击.

问题是不道德而不是不道德”(Smb:E-mail采访).

同样,鲍勃约翰逊认为:从更大的意义上说,我认为他们(黑客和病毒)是同一个问题的一部分,这是普通人道德的退化,即正直和诚实.

在美国有一句流行的谚语:“除非被抓住,否则你不会真的超速.”.我相信一个有道德的人既不会侵入系统,也不会写病毒(鲍勃约翰逊:电子邮件采访).

Cosell进一步认为,“普通人道德的退化”适用于黑客对财产权的不尊重:这里的问题是道德问题,而不是损害.

我会避免“今天的孩子是恐怖分子”的说法,但其中的某些部分是无法避免的:黑客们认为整个世界都欠他们娱乐,他们能设法闯入的任何东西都是公平的游戏[这是一个令人震惊的步骤,超越了一个本应受到谴责的地位,任何没有完全确定的事情都是公平的游戏(Cosell:电子邮件采访).

约翰斯顿和伍德(1985年,文腾1990年引用)在英国社会态度调查中对社会和商业伦理问题进行了研究.

他们的主要结论是,影响人们道德判断能力的最重要因素是年龄,除此之外,似乎很难针对现代世界,特别是商业领域出现的许多情况,指出明确的道德界限和指导方针.

因此,文腾在报告的摘要中描述了:“在从非法给清洁工小费到严重腐败的各种情况下,在‘对’和‘错’之间没有明确的界限.

在情况因动机问题和远离日常经验而复杂的情况下,分组变异最大(Vinten 1990:3).

黑客符合这两个标准.

“虚拟现实”或“网络空间”的出现往往使计算与“日常体验”脱节.

这直接导致许多计算环境的伦理地位模棱两可,如果要成功地控制计算,就需要由占主导地位的社会群体来维护伦理标准.

Vinten的计算机伦理研究(1990)指出,伦理判断往往更严厉,做出判断的人越老.

CSI的成员一直对黑客的道德立场持强烈的批评意见.

他们往往比黑客年长,多年来一直从事计算机行业.

相比之下,黑客更倾向于把电脑作为一种嗜好,他们可能通过黑客来获取他们年轻时无法通过合法手段获取的系统.

这种年龄差异或许是CSI和CU4成员的道德观存在如此根本差异的原因之一.6.3.2对匿名性的恐惧CSI对黑客的认知中,一个共同的主题是他们倾向于在入侵者的行为背后假设最坏的意图,这一趋势受到黑客本质上是匿名的事实的鼓励:侵入我的财产和侵入我的计算机之间有很大的区别.

一个更好的类比可能是凌晨3点在你的高层办公楼里发现一个非法闯入者,并得知他的背包里有一些工具、一些电线、一个计时器和几个爆炸帽.

他可以说他没有埋炸弹,但你怎么能确定呢?(科塞尔:电子邮件采访).

另一个生动的例子是黑客的匿名性引起的怀疑以下是DTI安全意识部门的Mike Jones所做的比较.

我指出,许多黑客感到受到建制派的伤害,因为他们认为建制派更感兴趣的是起诉他们,而不是修补他们在活动中指出的漏洞.

琼斯承认犯罪现场调查局对特警有偏见.

然而,这种偏见是基于黑客可能造成的潜在损害.

即使没有黑客的恶意意图,对发生了什么危害的怀疑和怀疑仍然存在:假设你出来到你的车上,你的帽子稍微抬起,你看着帽子下面,有人在篡改引线,或者看起来像刹车管上有记号.

你能把引擎盖放下,说“哦,他们可能没有伤害”然后开车离开吗?或者你能怀疑他们做错了什么,他们锯断了刹车管或其他什么东西.

假设一天早上,维修人员来到一个吊杆前,发现有人闯入,其中一台发动机的外壳上有螺丝刀的痕迹,现在他们会往里面看,说“这里没什么大问题”,还是说“嘿,我们必须把这台发动机拆开,或者至少仔细看一看,这样我们才能核实无论做了什么都没有损害引擎”(琼斯:伦敦采访).

这两个引文提供了一个重要的解释,所谓的偏执和下意识的反应黑客活动从计算机构.

犯罪现场调查局对犯罪嫌疑人的普遍偏见因匿名的黑客攻击而加剧.

由于无法评估入侵者的动机以及所造成的任何伤害很难被发现的可能性,匿名性会鼓励怀疑和偏执.

除此之外,计算机介导通信(CMC)所提供的匿名性还鼓励黑客向外部世界和媒体投射具有夸张威胁性的人物.

Barlow(1990)描述了他遇到的一些黑客,他们以前用攻击性的电子邮件姿态吓坏了他.

当巴洛真正与两名黑客面对面时,他们:擦洗得很干净,穿着时髦.

他们看起来像鸭子一样危险.但是.作为.媒体发现,让他们高兴的是,男孩们在咆哮的网络空间中漫步,形成了明显更炫目的形象.

闪烁的双星铬尖峰,他们大步走过克里格灯,进入数字距离.

在那里他们将是不法分子.

他们开始相信自己听起来那么糟糕只是时间问题.

在其他人之前没有任何时间(巴洛1990:48).

因此,CMC提供的匿名性使得黑客文化能够沉溺于奢侈的角色扮演中,这增强了外界对它作为潜在危险的地下运动的看法.

黑客组织一般都会选择五颜六色的名字,比如“坏蛋妈的混蛋、混沌电脑俱乐部、死亡圈、末日农民”5,等等.6.4“他们和我们”情景的伦理基础6.4.1在处理聪明、好奇的头脑时,模糊和退化的伦理破解、病毒书写和所有其他方面都属于可能的范畴.

这类事情的道德标准来得晚些.

在此之前,计算机用户仍处于破解等的初级阶段(刻赤:电子邮件采访).

每当技术在法律和非法行为中占有重要地位时,界定法律和非法行为的道德界限就更容易模糊.

像克朗克船长这样的人物的行为受到了赞赏和谴责.

反对对信息财产关系进行妥协和制度化的尝试可能存在于对技术的这种叛逆性操纵中,而且在像Richard Stallman和规划自由联盟这样的人物的智力和政治平台上也更“尊重”.

涉及使用计算机的活动已经产生了许多质量上的新情况关于所涉行为是否合乎道德存在争议.

这些活动往往集中在这样的问题上:未经授权访问和/或使用某人的计算机、系统或数据是否可以与涉及物理访问或操纵实物或财产的更传统的犯罪相比较.

这种模棱两可的一个例子是,尽管麻省理工学院早期黑客的特殊行为被善意地容忍了,但现在媒体却把黑客描绘成有邪恶协会,并受到法律起诉.

尽管随着时间的推移,黑客攻击的动机和对财产权的漠视一直保持不变,但这种社会价值观的明显变化还是发生了.

以前关于计算机的特别道德的例子比比皆是.

麻省理工学院第一代黑客未经授权使用设备(Levy 1984:20)、电话窃听(pg 92)、未经授权修改设备(pg 96)和规避密码控制(pg 417)6等非法活动.

Bloombecker举了一个例子,说明当局对小学生行为的反应可能代表了社会对它最初鼓励的计算机活动的矛盾反应.

在某些情况下,很难做出明确的道德判断:想想数学老师在不知情的情况下表达的困境,她谈到了9岁和10岁的学生在允许他们使用学校计算机时表现出的热情.

”她说:“他们太激动了,以至于为了进入系统而斗争.

他们中的一些人甚至把其他人的名字从注册名单上完全抹掉.

她似乎从来没有想到,这对学生的道德生活没有很好的准备.

不幸的是,无论是对社会还是那些需要指导的人来说,计算机界都没有一个标准来精确定义游戏何时失控.

如果一个学生未经允许使用一小时的计算机时间,一所大学的计算机系可能会认为这是犯罪盗窃服务,而另一所大学的计算机系则认为这是一种值得称赞的聪明做法(Bloombecker 1990:42).

一些计算活动的这种模棱两可的道德状况是由于计算作为人类努力的一个领域的相对较新的出现.

这导致了缺乏容易达成一致的计算规则:“事实上,如果我们要设计一个人格测试来发现计算机罪犯,第一个也是最困难的任务是这项任务并没有消除大多数最优秀的头脑谁使计算是什么”(布卢姆贝克1990:39).

还有一个更为复杂的因素,至少在某种程度上,社会鼓励人们“沉迷于”计算机,因为它被认为是智力努力的有益出路.

现在我们来谈谈计算机伦理复杂性的更具体的例子.6.4.2行业道德模糊的例子——甚至在计算机专业人员之间,对于什么构成了应对计算机领域某些研究和教育问题的正确程序,往往缺乏一致意见.

这种缺乏共识的一个具体例子是,科恩发表了一篇题为“友好传染:利用计算机病毒的微妙力量”的文章(1991年),引起了辩论.

科恩在文章中建议,计算机病毒预防产品的供应商应发起一场鼓励开发新病毒的竞赛,但附带条件是,病毒的传播能力应固有地受到限制,并且只有在系统所有者知情同意的情况下,才应在系统上进行测试.

斯帕福德回应道:“对于科恩博士在这个领域内的声誉来说,实际上提倡不受控制地书写任何病毒,即使是按照他的规定,也是不负责任和不道德的行为.

以这种方式行动,可能会通过混淆所涉及的道德和危险来鼓励更多的“野生”病毒的发展(斯帕福德1991:3).

此外,在某些情况下,甚至发表“修正案”也可被视为不道德行为,导致先前所称的“默默无闻的安全”现象.

斯帕福德认为:“我们应该意识到,如果用户不愿意或无法安装更新和修复程序,那么广泛发布细节将危及网站.

出版应该有一个有用的目的.

危害他人机器的安全或试图迫使他人做出他们无法做出或负担不起的改变是不道德的”(斯帕福德1990:12).

黑客攻击引发的一些道德问题上的分歧,在互联网蠕虫病毒爆发后,计算机专业人士就这一事件的道德和技术影响展开了激烈的辩论,这也是一个证据.

这场辩论倾向于支持上述论点,认为道德亚群体的变异和普遍缺乏明确的道德界限是现代道德环境的典型特征,特别是当对具体行为背后的原始动机有不同意见时.

这种争论反映在“计算机机械协会(ACM)通信”的书信论坛上,即使是ACM的主席也因其在信的标题“卫生课”中所表明的立场而受到了相当尖锐的批评,即可以认为互联网蠕虫是有益的,因为它提高了人们对它的认识安全措施.

总统的观点被论坛的一位撰稿人描述为“一个巨大的判断错误,在个人责任和道德行为问题上向世界发出了错误的信息.

[它]是不可原谅的,是道德相对主义的一种实践”(丹尼,彼得1990:523).

类似地,另一位作者也指出了网络蠕虫事件产生的情感的不同本质,当他尖锐地说:斯帕福德称赞“UNIX”老男孩“网络”与蠕虫搏斗的功效时,他并没有解释这些自命的消防指挥官如何允许这种已知的危险存在这么长时间.

如果像莫里斯这样的人和像他这样的人是对互联网正常工作的最大威胁,那么我们根本就不会面临任何威胁.

另一方面,如果我们对这一事件的道德化的关注使我们对严重的安全威胁视而不见,降低了我们社区的文明标准,那么我们确实会损失很多(Denning,Peter 1990:pp 526+7).6.4.3技术和伦理在这些伦理问题中的一些潜在问题是斯帕福德(1990)所指出的“把计算机简单地看作机器和算法,以及.

不理解其使用中固有的严重道德问题”(斯帕福德1990:12).

斯帕福德指出,在人们的生活中,没有解决计算决策的最终结果,因此也没有认识到计算的伦理成分.

因此,他认为,随之而来的一个普遍的失败是,没有教授计算机的正确的伦理使用:计算从历史上脱离了社会价值观和人类价值观,计算被视为数字,与数字没有伦理关系,我们只是计算0和1的值,而没有灰色区域,没有影响区域,这导致的问题不仅仅是信息的盗窃,它还导致了软件生产的问题,软件也要对损失、损坏和伤害负责,因为我们无法理解计算机是其产品的工具.

涉及到人类,而人类在另一端受到影响(斯帕福德美国采访).

这是因为计算机系的工作人员经常对这个主题感到不舒服,或者不相信它很重要.

他们的背景主要是数学或科学理论,因此他们不充分理解如何实际问题的使用可能适用于计算.

斯帕福德认为,工程提供了一个比科学更合适的计算模型,因为它涉及人类和科学的层面.

计算机科学ce在很大程度上确实是一门工程学科,在定义这个领域时出现的一些困难是因为参与计算的人们认为它是一门科学,而不了解它的工程方面.

工程师,在很长一段时间里,一直被教导适当性、道德和合法性的问题,而这往往是工程课程的一个必要部分.

计算不仅仅是处理数字和抽象,事实上它背后有非常强大的应用程序,一个非常强大的现实世界组件(斯帕福德美国采访).

然而,计算具有非物质维度的程度,不断缓解了斯帕福德希望以类似于工程学科的方式从伦理角度进行计算的愿望.

计算的“真实世界”和“虚拟世界”之间有一个根本的区别,正是这种区别使得伦理判断从前者到后者的字面转换变得困难,甚至站不住脚.

将道德判断从一个领域转移到另一个领域的正确平衡是值得商榷的.6.5边界形成-媒体的作用本节揭穿了一些耸人听闻的、妖魔化的、神话化的黑客行为,这些黑客行为发生在最近大量处理这个问题的书籍、文章和电视节目中.

它还纠正了大多数关于黑客攻击主题的著作集中于黑客或其对手的活动和生活史的细节的压倒性倾向.

通常,但表面上,根深蒂固的心理异常被作为黑客活动的解释,而忽视了这些行为的伦理和政治影响.

可以说,媒体对黑客攻击的描述的总体效果是CSI污名化和关闭项目的其他方式的延续.

(i) “黑客畅销书”这一流行趋势的两个例子是克利福德·斯托尔的《布谷鸟蛋》和哈夫纳和马尔科夫的《赛博朋克》.

他们在语言选择和语调上多次使用夸张的一个例子是,他们考虑了雇佣黑客从事安全工作所涉及的问题.

”但雇一个这么刻薄的人?这就像给波士顿勒死者一份在护理学校宿舍的维修工作”(Hafner和Markoff,1991:40).

这两本书都对计算机界产生了巨大的影响,但在讲述不同的黑客事件时,它们似乎都沉溺于对琐碎琐碎细节的依赖.

例如,在《布谷鸟的蛋》一书中,我们看到了作者女朋友的各种描述,以及他们共同的加州生活方式的一些看似无关紧要的细节.

在赛博朋克,许多未经证实的猜测是关于黑客的精神状态.

因此,作者写到凯文·米特尼克:凯文三岁时,父母分居.

他的母亲雪莉在当地一家熟食店找到了一份服务员的工作,开始了一系列新的关系.

每次凯文开始接近一个新父亲,这个人就消失了.

凯文真正的父亲很少有联系.

他再婚了,又有了一个儿子,体格健壮,长相英俊.

凯文高中的时候,就在他要安顿进一所新学校的时候,一家人搬走了.

凯文用电话寻求安慰并不奇怪(哈夫纳和马尔科夫1991:26).

这种有点武断的动机分配导致作者将凯文·米特尼克称为“黑暗面”黑客,而他们对《互联网蠕虫》作者罗伯特·莫里斯的分析则更少谴责,尽管后者造成了更多的损害和数据恢复时间的工时.

二新闻和电视媒体在报道计算机安全问题时,面临着如何准确和娱乐性地报道技术问题的长期问题.

一般来说,媒体倾向于报道那些含有最高程度“电子杀伤力”的报道,并夸大了黑客攻击的“黑暗”奥蒂斯.

例如,第四频道的一部电视纪录片“Dispatches”将其对黑客行为的调查命名为“技术之日”,而1991年2月版的GQ杂志则关注保加利亚病毒作者的成长,被称为“撒旦病毒”.

除了上述两种对电脑安全问题的处理方法外,我还将查看1989年12月17日星期日记者发表的一篇题为“机器中的一个窃听器”的文章和美国时事/聊天节目“杰拉尔多”一集的部分抄本,以了解媒体对黑客问题的处理方法.

电视对计算机安全问题的描述似乎是最肤浅的,依赖于耸人听闻的技术.

报纸和杂志上的文章,对入侵/编写病毒的技术进行了相对全面和准确的技术描述,但仍不成比例地使用“阴暗面”图像7.

”这篇文章是一个例子,说明新闻界倾向于关注计算机安全故事中的“性感”元素.

它包含了一个愤世嫉俗的描述,艾玛尼科尔森M.P.的未经证实的声称,黑客技术是用于恐怖主义目的的欧洲绿色运动等和她对黑客的情绪化描述为:“.

恶毒、下流的恶棍,在业余用户的屏幕上充斥色情内容”(马修斯1989:39).

然而,尽管消除了这种说法中的一些危言耸听的倾向,但记者们选择的黑客的例子是“计算机无政府主义者Mack Plug”.

他们除了声称“几乎所有的黑客都是独行侠”(这一说法被我对荷兰黑客团体的采访驳倒),他们对他的黑客活动的描述似乎故意过分强调更“迷人”的黑客类型,而牺牲了对更平凡的现实和日常黑客:目前他正在黑客电子腿标签.

”他说:“我把时间缩短到27秒,你只要在标签旁边放一个微型录音机,当警察打电话来检查你是否在那里时,你就可以录下标签发出的声音,然后把它们传到你的答录机上.”.当警察再打电话来时,我的机器就会播放这些声音.

我会有一个故障安全不在场证明,我可以回到黑客进入军情五处(马修斯1989:39).

杰拉尔多节目8 1991年9月30日,杰拉尔多聊天节目的重点是黑客攻击.

其中一张照片显示荷兰黑客以超级用户身份访问美国国防部电脑.

节目的演播室部分涉及对克雷格·奈多夫(化名奈特·雷霆)的采访,他在美国接受了一个法庭诉讼,据称他收到了紧急服务电话计算机程序的源代码.

内多夫案件的检察官唐英格拉姆也接受了采访.

下面我将从随后的对话中摘录一些内容,作为一个例子,说明黑客行为在媒体上以肤浅、琐碎和夸张的方式呈现的程度.

在节目的导言部分,电影“死硬二号”的节选被放映,恐怖分子接管了一个机场的电脑.

节目的总体基调是耸人听闻的,其中一位嘉宾黑客克雷格·内多夫(Craig Neidorf)被杰拉尔多(Geraldo)和唐·英格拉汉姆(Don Ingraham)反复称为“疯狂黑客”(Mad Hacker),他一直选择情绪化和危言耸听的语言,如以下例子所示:杰拉尔多:唐,你如何回应这么多黑客的共同感受,他们所做的是一项公共服务.

他们暴露了我们安全系统的缺陷?唐:是的,就像那些在校园里强奸校友的人一样,也暴露了我们国家高等教育安全的缺陷.

这完全是胡说八道.

他们只不过是互相炫耀,满足自己的欲望,去了解一些他们不知道的事情.

关于这个问题,在30秒内给出一个最坏的情况,黑客活动可能导致什么.

他回答说:“他们擦我们的通讯系统.

做起来相当容易.

没人跟别人说话,没人动,病人得不到药.

我们跪在地上.

“Dispatches——《技术之日》(the day of the technopath)9艾玛·尼科尔森(Emma Nicholson M.P.)在Dispatches节目中接受采访时说,“一个真正优秀的黑客随时都可以打败洛克比炸弹手,而且”,“也许只有一小部分人不喜欢人类,但他们确实喜欢,其中一些人拥有很高的计算机技能”.

以下是该节目旁白评论中的另一个例子:直到现在,人们都亲切地将这位电脑黑客视为一位技术娴熟的技术专家,痴迷地在自己的书房里翻来覆去,一个无害的怪人在国际电脑网络中寻找乐趣.

但今天很明显,任何计算机,任何地方,都可能因别有用心而被侵入和干扰.

技术官僚已经转变成技术路线.

政府和企业不愿承认,它们脆弱易受此类威胁,害怕失去公众信心,也害怕将自己设定为跟踪其电子通道的技术路线的目标.

(第6章第一部分结束,第二部分如下)——第1部分(共2部分)结束,计算机地下文摘∗9.

59***********************日期:1997年6月18日17:25,发件人:P.A.Taylor@socialogy.

salford.ac.uk主题:文件1-“黑客”书籍预览:他们和我们(第2部分,共2部分)(主持人注:这是第2部分,共2部分)比如9.

59,保罗·泰勒即将出版的《黑客》一章的结论).

——6.

6边界形成过程和类比的使用本章前几节已经确定,围绕计算机使用的伦理问题既复杂又容易从根本上对比CSI和CU成员的解释.

随后发生在两个群体之间的争论被证明是边界形成过程的一部分,通过这一过程,两个群体都加强了自己的身份.

本节分析了类比在这一过程中的使用方式,它既是研究黑客行为伦理辩论中某些问题的解释工具,又是传达所持观点力量的一种方法.

在安全问题的伦理辩论中,物理类比的作用已经通过CSI使用它们来表达对黑客所构成威胁的匿名性质的恐惧得到了说明.

Jerry Carlin在回答“系统破坏者是否因为在数据安全方面的一般商业不负责任而成为‘替罪羊’”这一问题时,生动地说明了使用物理类比的一般容易程度和背后的感觉强度他回答说:“把罪行归咎于受害者是很时髦的,但如果有人被强奸,就不能责怪那个人在抵御袭击方面没有做得更好!”(卡林:电子邮件采访)谢里森是少数几个在讨论黑客攻击时不使用类比的受访者之一,他认为:通常,类比辩论是一个非常薄弱的论点.

在讨论法律时,非律师常常试图以这种方式处理争论.

我认为,如果我们依靠类比,我们不可能在确定适当的行为上走得很远.

我们需要发展的是一些可接受行为的社会定义,然后构建“新技术的旧法律”.

物理类比可能有助于在辩论中得分,但在这里根本没有帮助(谢里森电子邮件采访).

计算的灰色和不确定的道德品质使得建立这样一个“可接受的行为”的准则变得很困难,并且试图这样做,以便使用物理类比.

戈尔茨坦(黑客杂志“Phrack”的编辑)通过质疑一个比喻的使用来探究黑客行为的伦理含义,这个比喻将黑客行为比作非法侵入:有些人会说访问电脑远比走进一栋没有上锁的办公楼要敏感得多.

“如果是这样,为什么还是这么容易做到?”?如果有可能的话为了方便未经授权访问一台有我个人信息的电脑,我想了解一下.

但不知何故,我不认为运行该系统的公司或机构会告诉我,他们存在巨大的安全漏洞.

另一方面,黑客对他们发现的东西非常开放,这就是为什么大公司如此憎恨他们(Goldstein 1993).

关于黑客行为的道德辩论经常使用“盗窃”和“侵入”这样的物理类比.

物理类比的选择反映了讨论者最初的伦理立场,并且会偏向于讨论者试图建立的观点,因此某些情绪化的形象,如强奸和入室行窃被反复使用.

(i) 财产问题CSI成员倾向于强调与信息相关的授权和访问权标准.

这些标准被认为是对计算机问题的伦理观点的基础,因为它们源于基本的信念,即信息和计算机系统是其所有者的唯一财产,以同样的方式存在于实物中的产权.

物理类比成为限制计算机安全辩论的一种手段:“涉及隐私、财产、占有个人主义的问题,充其量是国家监督的过度,同时它关闭了对信息技术的公司所有者和机构赞助者(最受重视的‘目标’)活动的任何审查大多数黑客).

这是一个相当偏袒的解释,类比在社会塑造边界形成发生在计算中的作用.

一个不那么有争议的评估是,与CU相比,CSI强调了系统所有者的财产权,它使用的类比通常是戏剧性的和生动的:“对于攻击者来说,存在的d’=88tre是没有理由攻击系统的,因为它们比殴打婴儿更脆弱.

”因为他们不能自卫.

如果你要表现出一个弱点,你必须得到系统管理员的许可,并且非常小心地去做”(科恩:电子邮件采访).

试图强调黑客攻击倾向于侵犯财产权的类比所面临的困难,集中在我们已经视为信息越来越非实质性的方面,这一点也在第7章中显示,为起草有效的计算机滥用立法创造了各种问题:“可复制性是电子媒体所固有的.

你可以复印一本书,但不是很好,你没有一个很好的装订和封面.

电子媒体、录像带、计算机光盘等不受此限制.

既然复制能力是媒体的天性,试图阻止它似乎是愚蠢的”(Mercury:e-mail采访).

软件复制是一个例子,说明了计算机内部的复制本质上比物理商品更容易:可复制性是媒体本身固有的.

例如,Maelstrom认为他:“记不起一个有效的类比.

偷窃是指未经某人允许而拿走他人的东西.

当你盗用你不偷的东西时,你就复制了.

同样,在破解的情况下:绝对不能将“盗窃”和“侵入”的物理类比应用于计算机系统的“破解”.

计算机是以零位和一位表示的信息的存储库.

房屋和财产在本质上更有价值.

信息在系统上受到适当保护,不存在“盗窃”问题.

加密本来应该是一个标准功能,真正的机密信息不应该以任何方式通过远程方式访问(测试人员:电子邮件采访).

(ii)类比-为了强调匿名入侵者对系统的潜在危害,使用的物理类比倾向于集中于伴随入室盗窃的恐惧和侵犯感.

CSI和CU之间的争执至于闯入系统是否合乎道德,通常是参照闯入建筑物的类比来进行的.

然而,由于现实世界和网络空间之间的差异,即使是这样一个简单的类比也有不同的解释:“我的类比是走进一栋办公楼,问一位秘书去档案室的路是哪条,然后复印一些复印件.

与闯入某人的家有很大不同”(科恩:电子邮件采访).

科塞尔提出了下面的场景,他试图用这个场景来阐述黑客攻击的道德问题:想想:现在是仲夏,你碰巧在山上攀爬,看到一群青少年在一个废弃的滑雪场周围闲逛.

人身伤害是没有问题的,因为几个月内不会有人在身边.

他们有条不紊地搜查每一辆卡车、大楼、外屋、棚屋等,试着打开每一扇窗户,试着撬开每一把锁.

当他们找到可以打开的东西时,他们会潜入其中,过一段时间就会出现.

从你的角度看,你看不到任何盗窃或破坏的实际证据,但你也看不到他们在里面做什么,不管是什么(Cosell:CuD 3:12 April 1991).

在这种情况下,会出现各种各样的问题,例如:你报警了吗?入侵者会被指控什么?如果你是度假村的主人,你的反应会有所不同吗?有人更同情黑客的观点,说明了CSI和CU这两个组织对道德问题的概念化以及对物理类比的相应使用的根本不同的方式.

他回答说:你当然应该报警.

除非他们被授权进入物业,(由业主)他们是非法闯入,并且在撬锁的情况下,打破和进入.

然而,你试图把闯入滑雪场等同于闯入电脑系统.

区别在于:100次中有99次,闯入计算机系统的人只想学习,忘记了密码等等.

100次中有99次,闯入滑雪场的人都是免费的(罗布·海因斯反刍3:13).

CU指控CSI宁愿使用物理类比来边缘化一个群体,而不是利用他们的信息来提高系统的安全性:当你把黑客称为“盗窃和盗窃”.

很容易把这些人看作是顽固的罪犯.

但事实并非如此.

我不认识窃贼,但我和很多黑客在一起.

它有一个明确的目的是模糊这种区别,就像亲民主的示威者被紧张的政治领导人称为暴乱者一样.

那些在这个行业中宣称的人担心黑客会暴露出他们系统中的漏洞,而他们很快就会忘记这些漏洞(Emmanuel Goldstein:CuD 1:13).

这是为什么物理类比不可避免地只能是粗略的分析近似和修辞手段来解释计算问题的原因的一个解释,它们经常被CSI在他们的话语中使用.

约翰逊反驳说,黑客的目的是很有用的,他指出了安全缺陷:如果一名警察走在街上测试大门,看他们是否锁上了,这在他的“宪章”范围内,无论是在道德上还是法律上.

如果一个是开放的,他是在同一个’宪章’调查-看看是否有其他人侵入.

然而,在他的“宪章”里,他没有进去窥探我的私人物品,也没有猎取枪支或毒品等非法物品.

如果我回家发现警察在我家,我可以很好地假设他帮了我一个忙,因为他发现我的门没有锁.

然而,如果一个自命的“邻里观察”班长决定走在街上检查门把手,他可能超出了他的“章程”.

如果他发现我的门没锁就进了房子,那他就是在非法闯入.

没有自命的看门狗和救世主试图“制造”我,生活已经够复杂的了你的生命安全(鲍勃约翰逊:电子邮件采访).

因此,黑客被认为没有“宪章”来证明他们入侵他人系统的正当性,这种入侵被称为入侵.

然而,对于那些希望将黑客行为认定为不道德行为并给其贴上标签的人来说,即使将其与非法侵入相比较,也往往过于有限.

非法侵入是一种民事行为,而不是刑事犯罪.

Onderwater用他特别的比喻来区分这一点:“在荷兰,如果有人把门打开,而那人走进来,站在客厅里,交叉双臂,什么也不做,那就是非法侵入.

”与此相反,黑客攻击涉及到积极克服黑客面前的任何安全措施,Onderwater认为这更像是对这样一种情况的分析:你发现有人在你的房子里,他正在你的卧室里翻看你的衣服,你说“你在干什么?”他说:“嗯,我在花园后面散步,我看到如果我能上你邻居的棚子,就有可能上到排水沟,可以上你浴室的窗户,把它打开,这是你的错误,所以我要警告你.

你不会认为这是非法侵入,你会认为这是闯入,我认为这与黑客攻击是一样的(Onderwater:Hague访谈).

(I I I)拒绝破解和进入类比-黑客使用物理类比:国际象棋vs破解和进入Gongrijp对黑客背后动机的描述是我遇到的典型黑客.

他专注于它所提供的智力刺激,而不是仅仅想侵入计算机系统.

他强调了象棋般的计算机安全特性,并竭力拒绝任何将黑客攻击与物理入侵相比较的类比.

Gongrijp认为:计算机安全就像一场象棋游戏,所有这些人说闯入我的计算机系统就像闯入我的房子:胡说,因为保护你的房子是一件非常简单的事情,你只要把门锁和窗户上的栅栏锁上,然后只有暴力才能进入你的房子,就像打碎窗户一样.

但是一台电脑有十万种复杂的进入方式,而且它是一个与确保电脑安全的人下棋的游戏.

他们的工作是使新版本的Unix系统更加安全,黑客的工作是入侵(Gongrijp:Amsterdam访谈).

高根斯认为:人们似乎无法理解这样一个事实:一群20岁的孩子可能比他们知道的要多一点,与其好好利用我们,不如把我们关起来,不停地让事情过去.

你不能阻止窃贼在你开门的时候抢劫你,但是把能帮你关上门的人锁起来,另一个窃贼就会直接进来(Goggans 1990).

这些综合观点的含义是,将黑客攻击与入室行窃进行比较的类比失败了,因为用于阻止入室行窃的现实世界障碍并没有在计算机的虚拟世界中使用.

这些预防措施要么根本没有使用,要么与可用于计算的“门”和“锁”有着质的不同.

这些障碍可以由技术知识渊博的年轻人克服,而不需要任何形式的暴力或体力.

克服这些障碍具有非暴力和知识性,这在更为传统的入室行窃形式中并不明显,因此对这种类比的整体适用性提出质疑.

(四)使用物理类比作为解释工具的问题以下摘录是对保罗·贝德沃斯案无罪判决的报纸社论回应.

它把电脑成瘾比作身体上的药物成瘾:这肯定是一个错误的判断.

贝德沃思先生熬夜非同寻常,他只是在做他同事多年来所做的事情.

几十所大学和私人公司都可以培养出十几个像他一样专注的软件呆子.

在毒品案件中很少有陪审团看起来如此沉着关于青年和上瘾的混合(Ind 18.3.93:编辑第25页).

这篇社论强调了这些类比是如何被用来试图对一个模棱两可的伦理内容的活动作出伦理反应的.

正如戈尔茨坦所指出的那样,如果使用这种类比成功地将黑客攻击和一项活动进行了令人信服的比较,那么就更容易将其定性为恶意活动.

这一技术的适应性表现在社论继续使用物理类比,以引起批评回应,这次是针对先前被恶意黑客攻击的受害者:“保持这些密码不变,就像让行政长官的档案柜不上锁一样.

当他们的内心秘密被公开时,这样做的组织几乎不会期望公众的同情.

“物理类比在任何试图污名化/黑客事件的“道德化”的项目中都不会成功的主要原因是很难说服人们相信在虚拟现实中发生的事件与现实世界中的犯罪行为相当的事实.

例如,我们已经看到了打破和进入类比的弱点.

他们对黑客入侵不包含侵犯个人物理空间的相同威胁,因此对个人构成直接和实际的物理威胁这一事实感到困惑.

在完全没有这种威胁的情况下,黑客活动将主要被视为一种智力活动和虚张声势的表现,而不是犯罪行为,即使有时,直接的人身伤害可能是黑客造成的技术干扰的间接结果.

因此类比的使用充满了等价性问题.

虽然它们可以作为真实世界和虚拟世界之间的粗略比较,虽然它们是天生的,但有时是微妙的,两个世界之间的实际和道德差异意味着,在寻求理解计算的实际和道德含义时,不能依赖类比作为一个完整的解释工具:它们只是不能很好地映射,而且可以创建微妙而深刻地误导人的模型.

例如,当我们想到现实世界中的盗窃时,我们想到的是一种行为,在这种行为中,我可能只通过从你的物品中移除它来获得对该物品的占有.

如果我偷了你的马,你就不能骑马了.

有了信息,我可以复制你的软件或数据,并让你拥有完全不变的副本(巴洛:电子邮件采访).

计算机处理的信息是这样的,当在真实世界和虚拟世界之间寻找对应时,先前的稀缺性概念就会崩溃.

然而,受影响的不仅仅是稀缺性的概念,在最基本的层面上,信息与现实世界的关联程度是值得怀疑的:物理(和生物)类比往往是误导性的,因为它们吸引来自不同法律所处领域的理解.

信息学经常通过选择诸如“智能”或“病毒”这样的术语误导天真的人,尽管信息系统可能无法与人脑相比.

许多用户(甚至是“专家”)认为密码是一个“密钥”,尽管您可以很容易地“猜测”密码,但很难对密钥进行等效操作(Brunnstein:e-mail interview).

物理类比不可避免地存在缺陷,因为它们只能被用来近似于“网络空间”中发生的事情,以便将其与日常的物理世界联系起来.

因此,他们试图使用一个更自然、更舒适的参照系来评估和理解计算活动.

因此,CSI经常使用这种语言来描述计算机攻击,而学术网络的安全漏洞(缩写为JANET)被称为“强奸JANET”.

斯帕福德承认他的一个系统至少被黑客入侵了三次,他辩称:“没有学到任何我以前不知道的东西.

我对整件事感到很不安,没有从中看到任何积极的东西.

“(斯帕福德美国采访[重点挖掘]).

CU强调了虚拟世界和现实世界之间的差异,并认为在这种情况下使用物理语言是不必要的.

例如,尽管如此使用身体语言,很难想象计算机入侵会像强奸的实际身体侵犯一样造成创伤.

第二,截然相反,质疑物理类比有效性的原因是,用于描述计算机入侵的类比并没有夸大计算中的情况,实际上低估了入侵造成的危害,这是由于先前确定的黑客攻击的一般方面.

在约翰·佩里·巴洛的《犯罪与困惑》一书中,作者将黑客与十九世纪美国牛仔作了比较,并将黑客与牛仔作了具体的比较,说明了隐喻使用中存在的一些问题.

这一比喻的基础在于,黑客被视为新计算领域的先驱,正如牛仔被描绘成“蛮荒西部”的先驱一样.

除了上述对侵入和盗窃概念在计算领域的适用性的讨论之外,这种隐喻还提供了一个有用的例子,说明类比在讨论黑客攻击时的适用性和局限性.

评论员倾向于“定制”计算机安全辩论中使用的常用隐喻,以便从该隐喻中获得进一步论证的重点:我们对牛仔的“了解”大多是神话、对“独立男人”的未经证实的颂扬、好莱坞创作,和故事元素,包含许多种族主义和性别歧视的观点.

我怀疑破解者/黑客要么像神话中的牛仔,要么像真正的牛仔.

我认为我们应该从简单但不充分的牛仔类比转向其他更有经验的讨论(谢里森:电子邮件采访).

使用“简单但不充分的类比”的倾向明显适用于牛仔隐喻的创始者本人.

因此,当我问约翰·佩里·巴洛(John Perry Barlow)他对这个比喻的准确性的看法时,他回答说:“鉴于我是第一个使用这个比喻的人,你可能问错人了.

或许不是,因为我现在更倾向于把饼干看作是土著人而不是牛仔.

当然,他们有印度人的财产观”(巴洛:电子邮件采访).

对于黑客和牛仔的比较,更多的负面反应来自黑客自己:谁是电子牛仔.

电子农场主,电子酒馆管理员?. 我不卖.我也别无选择.

我等待黑客发展自己的文化,自己的成见.

很久以前有一个电视节目,“让枪会旅行”是关于一个叫“帕拉丁”的枪手的.骑士的比喻.但没有一个被广泛接受.

牛仔的行为像牛仔,不是骑士,不是希腊人,也不是穴居人.

黑客是黑客而不是牛仔(马洛塔:电子邮件采访).6.7专业化项目6.7.1创造计算机安全市场和职业精神创造“他们和我们”的局面是建立与黑客文化和道德相对的职业地位的过程的一部分.

在第5章中已经发现CSI和CU之间缺乏合作的例子,它给出了CSI不能充分信任黑客以使合作可行的各种原因.

CSI和Cu之间存在的拮抗作用有助于形成边界的过程,但也有广泛的信念,随着两组之间的分化的正当原因,也有一个制造差异的元素.

下面是两个例子,一个来自商业部门,一个来自CU,这些人相信CSI的一部分正在为自己创造一个市场利基,然后有必要将黑客排除在外:计算机安全行业听起来像是一些高价的公司向我保证.

他们所做的大部分工作都可以在一份两页的小册子中总结出来——不管怎样,这是常识.

一个顾问——特别是在美国——花费他或她的努力的四分之三来证明这笔费用是合理的(巴里贝茨:电子邮件采访).

这些病毒程序快让我恶心了!在从bbs大量下载的两年里,我还没有从一个bbs中发现病毒.

彼得·诺顿应该被毒死在地上然后开枪!麦卡菲也(埃里克亨特:电子邮件采访).

上述观点的真实性可能难以从CSI与CU之间存在的对立中分离出来.

但有关“病毒炒作”被用作帮助创建计算机安全市场手段的指控来自安全从业人员自己:很难了解事实,因为媒体炒作被那些试图出售反病毒设备、程序、扫描仪等的人用作导火索.

这在很大程度上是由对市场感兴趣的公司提出的,他们试图通过向人们灌输对上帝的恐惧来刺激市场,以便销售他们的产品,但销售这些产品是基于恐惧而不是建设性的利益,因为这个行业的大多数产品都是基于建设性的利益.

你总是先卖利益,这是在恐惧的背后卖利益,这是完全不同的,“你最好使用我们的产品或其他”(泰勒:克努茨福德采访).

由于计算机病毒的出现,一种新的物理语言进一步加强了第3章中概述的对信息的专有态度的执行和推进的整个过程.

软件被感染,系统被称为反复被“强奸”.

计算机病毒的描述与讨论滥交性行为的危险性时所用的术语类似.

预防性安全措施被认为是必要的,以保护道德上的大多数人不受“无保护的接触”与少数群体的退化.

罗斯认为,“病毒性歇斯底里症”被软件业故意用来增加市场销量:软件厂商现在正从公众对程序拷贝的不信任中获利.

这些病毒的作用是有利可图地打击版权犯罪,并产生对病毒抑制器的全新工业生产的需求,以遏制其影响.

在这方面,很难看出从长远来看,病毒很难使工业生产者受益更多(Ross 1990:80).

除了CSI从与病毒相关的关注中获得的实际好处之外,它们对系统安全构成的威胁被用来加强意识形态上对黑客的反对和他们的反专有态度:病毒意识的恐惧和厌恶显然助长了私有化的偏执气氛,而私有化在后福特主义的新秩序中越来越定义社会身份.

其结果是,在心理社会层面上,围绕着强化的私人领域关闭了队伍,这与我们可能认为的居住在信息技术的建筑中心的伦理观直接背道而驰.

在其基本组装结构中,信息技术是一种处理、复制、复制和模拟技术,因此不承认私有信息财产的概念(Ross 1990:80).

边界形成练习需要排除黑客在计算领域的影响,同时,为“合法的”安全专业人员开发一个一致的道德价值体系.

边界形成的一个例子是计算机病毒和蠕虫的出现,以及罗伯特·莫里斯和互联网蠕虫的特例.

康奈尔大学发表了一份关于网络蠕虫事件的官方报告,结论是导致这一行为的原因之一是莫里斯缺乏道德意识.

报告谴责了莫里斯母校哈佛(Harvard)矛盾的道德氛围,在那里,他未能在计算环境中培养出明确的对错伦理意识.

最重要的是,对莫里斯夫妇的判决这个案例充满了隐含的假设,在强调职业道德与黑客职业道德对立的过程中,暴露了一个边界形成的过程.

Dougan和Gieryn(1988)在他们对事件发生后不久发生的电子邮件争论的分析中总结了对互联网蠕虫响应的边界形成方面.

计算机界的特点是在对事件的反应上分成两个学派.

第一组被描述为围绕“机械团结”的原则组织起来的,第二组是“有机团结”的原则.

机械团结小组的约束性原则是,他们强调莫里斯案的道德方面,他的行为被视为明显错误,为了防止今后可能发生的事件,需要吸取的教训是,需要颁布职业道德守则.

这些观点已经在本研究对黑客攻击的鹰派反应的描述中得到了说明.

第二个组织主张一个更符合CSI的鸽派因素的政策,以及那些认为他们的专业知识可以更有效利用的黑客.

他们批评第一组未能防止“等待发生的事故”,并期望计算机伦理学的教学能解决他们认为本质上是技术问题的问题.

在他们看来,通过传播适当的职业道德准则来消除这一问题的可能性似乎很小:我想提醒大家,真正的坏人并不认同我们的道德,因此不受他们的约束.

我们应该尽可能地让这种情况再次发生变得困难(同时保持有利于研究的环境).

虫子睁开了眼睛.

让我们不要再说“先生们不要释放蠕虫”(Dougan and Gieryn 1988:12)来关闭它们.

黑客克雷格·奈多夫(Craig Neidorf)在他关于CSI会议的报告中,强调了关于黑客攻击的争论集中在一个专业化的项目上,争论的焦点是两个群体的主要区别在于他们试图利用的知识的形式,而不是内容:Zenner和Denning11都一样讨论了弗拉克12篇文章的性质.

他们发现,出现在Phrack中的文章包含了在其他计算机和安全杂志上公开找到的相同类型的材料,但有一个显著的差异.文章的基调.Phrack中名为“How to Hack Unix”的文章通常包含与您在ACM的通信中可能看到的文章非常相似的信息,这篇文章名为“Securing Unix Systems”.

(克雷格·内多夫:CuD 2.07).其含义是,黑客的安全知识不是由于缺乏技术价值以外的原因而获得的.

相反,CSI未能更充分地利用这些知识,因为它干扰了他们的边界形成项目,该项目的中心是试图定义黑客和“计算机专业人员”之间的区别:具有讽刺意味的是,这些黑客可能是出于同样的探索需要,测试激励计算机专业人员的技术极限.

他们分解问题,发展对问题的理解,然后克服问题.

但显然,并非所有的黑客都认识到,穿透自己电脑的技术秘密与穿透属于他人的电脑网络之间的区别.

这就是计算机专业人员和对计算机了解很多的人之间的一个关键区别.

(爱德华·帕里什1989).

另一个有趣的例子是,CSI和CU有着相似的共同特征,克利福德·斯托尔(Clifford Stoll)对伯克利大学(Berkeley University)计算机实验室的入侵进行了调查,他随后以畅销书《布谷鸟蛋》(the Cuckoo’s Egg)的形式撰写了这一调查.

托马斯指出:任何一个计算机专业的学生都能认同并欣赏斯托尔在试图通过国际网关和计算机系统迷宫追踪黑客时的执着和耐心.

但是,斯托尔显然忽略了他与那些他谴责的人之间的明显的亲和力.

他只是拒绝将黑客视为“怪物”,并且对自己的活动和地下计算机的活动之间的相似性几乎一无所知.

这正是斯托尔的工作如此危险的原因:他的工作是自我提升的无反省的练习,这本书将技术官僚的神圣世界与那些挑战它的人的亵渎活动区分开来.

斯托尔在没有理解的情况下污名化(托马斯1990).

使斯托尔的行为更不容易理解的是,在整本书中,他叙述了他自己是如何从事同样的活动,他批评其他人沉溺其中.

斯托尔把黑客称为“怪物”,尽管他有一些相同的资格13,这一事实表明,CSI已经进入了边界形成过程.

这一过程还涉及其他参与黑客事实上边缘化的团体,而实际上并不直接参与计算,这类团体的例子包括参与起草黑客立法的各种政府机构和政治家.

这些组织加在一起,促成了对黑客攻击的回应,被一些观察人士称为“政治迫害”心态.6.7.2政治迫害和黑客——政治迫害心理的一部分原因,据称已适用于黑客,是社会内部日益趋向于消费私有化的趋势,在前几章中已经讨论过.

信息商品化的压力可以看作是现代社会公共风气衰退的一种延伸,伴随着对替罪羊的寻找,这将证明从社群主义精神中撤退是正当的.

黑客是现代社会的最新替罪羊,包括共产主义、恐怖主义、绑架儿童者和艾滋病:越来越多的邻国生活在武装的大院中.

警报声持续不断.

潜在的快乐的人们把他们的生命交给了公司国家,就好像这个世界在集体豁免的面纱之外是如此危险,以至于他们别无选择.

现代最完美的妖怪是网络朋克!他太聪明了,让你觉得比平时更蠢.

他知道这个复杂的国家,你永远迷失在其中.

他理解那些你无法理解的东西的价值.

他是盲人国家的独眼人(巴洛1990:56).

这是人们对黑客恐惧的根源,也是他们在社会上被贴上越轨标签的原因,尽管正如我们前面所看到的,黑客与CSI同行有一些相同的特征.

黑客的共同特征和越轨状态同时存在,这是一个必然的结果,即:被称为越轨行为的各种行为对应于社会赋予其最高溢价的价值.

唯物主义文化被盗窃所困扰(尽管在一个乌托邦公社里,所有财产都是共享的,这种犯罪毫无意义).

一种越轨行为与一个社区的显著价值观之间的对应并非偶然.

离经叛道者和墨守成规者都受到同样的文化压力的影响,因此他们有一些共同的价值观,如果不是全部的话,尽管他们通过合法手段追求有价值的目标的机会可能不同.越轨.出现在人们最害怕的地方,部分原因是每个社区都鼓励一些成员成为达斯·维德,把“原力”带到“黑暗面”(Dougan和Gieryn 1990:4).

CSI和CU之间的激烈对抗,以及本章中对媒体的夸张描述,是黑客被边缘化并被定义为越轨的过程的一部分.

在下面的引文中,斯托尔被挑出来拟人化这个过程,但他使用的方法与本章中引用的所有其他数字是相同的,这些数字通过他们表达的观点的强度和他们选择表达的类比,对“他们和我们”的情况作出了贡献:当目标被贴上标签时,政治迫害就开始了作为“他人”,作为与普通人截然不同的东西.

在斯托尔六世呃,黑客和女巫一样,都是和我们其他人不太一样的生物,他反复使用诸如“老鼠”、“怪物”、“破坏者”和“混蛋”这样的贬义词,把黑客变成了一个没有人性的东西.

在一个典型的堕落仪式的例子中,斯托尔通过断言和夸张而不是理性的论证,将黑客的道德地位重新定义为某种威胁(托马斯1990).6.7.3结束-政治迫害过程的态度演变是促进Bijker and Law(1992)分析为结束的一种手段.

从麻省理工学院早期黑客的良性宽容到目前反黑客立法的氛围,社会态度的演变,可以有效地说明这一概念.

除了列维确定了三代黑客14,兰德雷思还暗示第四代黑客的到来,他谈到了大约在他加入的被称为“核心圈”的精英黑客组织成立时,CU发生的重大变化.

除了微型计算机日益分散的影响外,还有黑客电影《战争游戏》的影响:“几个月内,自称黑客的人数翻了两番,然后翻了两番.

你再也找不到任何旧的布告栏了——电话号码整晚都占线.

更糟糕的是,你可以小心翼翼地进入一个系统,却发现几十个新手轻快地到处乱跑文件”(兰德瑞斯1985:18).

这些“想要的”黑客反映了黑客行为的最新表现形式的原始黑客伦理的相对不成熟和缺失.

末日军团的克里斯·高甘斯赞同这种对铜环境基本性质变化的认同.

在早期:人们很友好,电脑用户很社交.

信息是自由传递的,地下有一种真正的兄弟情谊.

随着时间的推移,人们变得越来越反社会.

随着蓝盒子的难度越来越大,地下社会的感觉开始消失.

人们开始囤积信息,投案报复.

今天的地铁不好玩.

它非常渴望权力,几乎是野性的行动.

人们被分为:你喜欢我还是喜欢他,你不能两者都喜欢.

与我一起成长、在其中学习并为之贡献的亚文化,已经堕落成一些恶心和扭曲的东西,我羞愧地承认与之相关.

一切都变了,一切都死了,我确信十年内不会有计算机这样的东西在地下.

我很高兴我看到它在它的黄金时期(Goggans:电子邮件采访).

因此,地下计算机性质发生变化的一个原因很简单,就是更多的潜在黑客到来了精英如GGGANGs的黑客们认为,这在某种程度上降低了CuaRADARIEE以前在CU中存在的精神和氛围.

有助于激发黑客动机的优越感已经被太多“想成为”的年轻黑客所削弱.

单纯的数字就意味着先前黑客们强调分享知识和教育年轻黑客的重要性的终结.

在麻省理工学院孤立的学术背景下,第一代黑客的特殊行为常常因其创造性而受到赞扬.

在更广泛的现代计算社区中,类似的行为往往会自动产生更大的破坏性,容易受到指责.

这种态度转变的原因与计算机作为一种技术的发展密不可分.

赫什伯格认为,计算机安全可以与莱特兄弟的实验相提并论,但除了这种外围的“鸽派”情绪外,CSI和整个社会的气氛对黑客声称他们代表无辜的智力探索者越来越不同情:计算机安全已经关闭.

莱赫特对黑客进化的看法与赫什伯格的看法不一致.

他也用飞机来比喻,但更喜欢要强调的是:当第一批“飞机黑客”开始使用他们的设备时,他们基本上可以随心所欲.

如果他们撞车自杀,那就太糟糕了.

如果他们的飞机能工作-那就更好了.

在建造工作飞机成为可能之后,接下来的一段时间里,任何人都可以建造一架并在他喜欢的地方飞行.

但从长远来看这是站不住脚的.

如果你今天想坐飞机,你必须拿到执照.

你必须在一整套规章制度下工作(杰瑞·莱赫特:CuD 4.18).随着时间的推移,技术不断发展,因此,随着社会对不断变化的技术的适应,人们与这项技术的互动,即使保持不变,也会被不同的看待.

这方面的一个例子是系统崩溃的角色不断变化.

在早期的计算中,计算机的功能是通过大玻璃阀门来实现的,这些阀门在使用相对较短的时间后容易过热,从而导致系统崩溃.

即使黑客对发生的一些系统崩溃负有责任,但事实上它们同样可能是由其他非黑客手段造成的,这导致了一种气氛,即黑客引发的崩溃被认为是一个小的不便,即使按照今天的标准,它们具有极强的破坏性.

因此,这是一个例子,说明在评估技术的伦理内容之前,必须考虑到涉及技术的行为的社会背景.6.8结论本章追溯了CSI和CU之间的伦理争论的起源,展示了计算机引发的一些情况的新颖性如何导致了协商过程.

这一过程采取的形式明显不同的伦理反应的新情况,正在作出和相互竞争.

这两个群体的利益和观点形成了鲜明的对比,因为黑客认为他们的活动表明了对潜在的政府和商业侵犯隐私行为的道德关切,而犯罪现场调查局更倾向于将这些活动视为不道德行为或社会价值普遍下降的证据.

对于CSI的观点有两个重要的怀疑因素.

首先,黑客行为本质上是不道德的论点被削弱了,因为作为Levy文件,在早期麻省理工学院黑客的时代,同样的黑客行为被认为是不道德的,被仁慈地容忍了.

布卢姆贝克甚至声称,如今被称为计算机罪犯的东西,有助于使计算机成为现实.

科恩还声称,非官方地说,黑客经常被商业化地用来检查系统的安全性.

第二,本章已经表明,计算的一个日益增长的方面是它产生新情况的方式,在这种情况下,对与错之间似乎没有明确的界限.

这一点在最脱离日常经验的技术所产生的情况下最为明显,典型的是网络空间的概念.

黑客行为的伦理不确定性也因其活动往往受到一系列复杂因素的推动而加剧.

CSI内部以及CSI和CU之间都存在着激烈的争论,这一事实意味着,任何所谓的黑客不道德行为都是由麻省理工学院(MIT)从宽容到现在的犯罪化氛围所形成的一种观念的社会塑造造成的.

这种社会形成过程的一个重要部分是在计算机伦理形成过程中使用物理类比的方式.

作为小组划分过程的一部分,它们越来越多地被用于对问题的专业讨论.

以前只有模糊或不确定的计算机伦理,现在使用物理类比来建立更清晰的计算规则.

首先需要使用物理类比,因为黑客攻击发生在人类体验的全新领域:网络空间.

事实上,现实世界和网络空间是如此不同的领域,这就需要对hacki做出解释和道德判断从一个传统的参照系出发,即使用基于物理世界的类比.

因此,在讨论黑客行为的法律和伦理问题时,经常使用物理类比和隐喻,是试图以实际的方式重新定义信息产权的概念,因为它们将应用于计算机时代.

在犯罪现场调查中,类比的使用比黑客自己使用的要普遍得多.

这是因为犯罪现场调查局总的来说需要在网络空间和现实世界之间进行比较,以便使他们的角色合法化,并妖魔化犯罪现场调查局.

黑客没有这种需要.

他们的行为是建立在接受计算机作为智力和社会实验领域的基础上的,他们发现它很有吸引力,因为它不同于现实世界.

综上所述,每一代人都有长期的说法,认为这个年龄段的年轻人基本上是不道德的,他们预示着整个道德秩序的崩溃.

这种主张可能是人类状况及其代际关系中不可避免的一部分.

然而,这项研究更关注的是计算的特定方面,这些方面导致了计算机用户所面临的定性的新环境,而这些环境的道德标准是不确定的.

这些情况鼓励行为,这被认为是不道德的,假设一个充分和令人信服的比较,可以与非计算的情况.

正是试图将计算机引发的场景的伦理概念化的困难,导致人们试图将其转化为更容易理解和更常见的场所体验.

然而,这一章表明,人们怀疑“现实世界”的伦理是否能以这样一种字面的方式进行转换.

CSI所谓的双重标准的各种例子都说明了这一点.

这些例子暗示,计算伦理的模糊性使得产生的任何职业伦理准则都可能更多地是一个群体将其价值体系强加于另一个群体的结果,而不是一个群体在伦理辩论中具有任何内在优越的道德优势.

一个群体的价值体系可以强加给另一个群体的过程已经在一个参照系中进行了分析,该参照系比较了黑客从主流计算机使用到政治迫害的日益边缘化.

对黑客逐渐被污名化的一种分析是,黑客已经成为一种堕落仪式的一部分,一个更占主导地位的社会群体为了提升其职业兴趣,逐渐将他们与“正常”社会疏远.

媒体在这一过程中的作用已经通过它将黑客投射为污名化的“他人”的方式表现出来,从而帮助CSI的边界形成专业化过程.

文中列举了群体分化和专业化进程的具体例子,涉及病毒的出现和互联网蠕虫的具体案例.

考虑到犯罪嫌疑人与犯罪现场调查官在道德上的分歧程度以及犯罪现场调查“地下”这一事实所带来的刺激,通过传播适当的职业道德准则消除计算机安全威胁的可能性似乎很小.

尽管如此,一旦职业化进程启动,人们还是会试图通过立法,将这一新生但占主导地位的群体对计算机伦理困境的反应编纂成法典.

后来计算机技术的关闭,在20世纪80年代和90年代,CU的嬉皮精神似乎越来越不合时宜,他们的立场似乎已经吸收了国家对计算机技术发展的支持.

史蒂夫·沃兹尼亚克(Steve Wozniak)等第二代硬件黑客已经看到了他们的“健康绿色”产品(因此得名“苹果”)如他们所愿地被大众所接受,但却明显地被视为一种商品化产品.

这也许是一个refl市场参与和吸收剧烈变化的能力.

对于黑客来说,它威胁要破坏他们作为一个体现另类价值观的群体的地位.

新一代的“想成为”黑客之所以意义重大,是因为它代表的不仅仅是青少年,他们对非法计算的智力挑战和力量感兴趣.

此外,它们还代表着越来越多的信息被视为“阿米加儿童”类型群体形式的可交易商品的趋势.

他们的非法黑市活动以及他们对获取和操纵他人信息的道德影响的貌似非道德的观点,代表了一个极端的极端极端,这也包括“良性”黑客的活动.

这是一个光谱,其各个点反映了一些伦理问题,社会仍然必须令人满意地解决有关信息及其不断变化的性质的影响.

社会对信息反应的不稳定性质的一个例子是,人们仍然怀疑其对黑客的关闭政策的影响.

问题仍然来自上述分析,即对CU态度的演变是否是对其性质向更犯罪化环境转变的反应,或者将黑客行为视为犯罪和不道德活动的趋势是否已经具有自我实现预言的性质,把可能成为“快乐黑客”的人推进地下犯罪集团的怀抱.

后一种情况的含义将在下一章中讨论.

因此,Eric Goggans和Robert Schifreen(以及在实地工作中遇到的其他几名黑客)创办了自己的计算机公司.

Herschberg教授通过其咨询工作与黑客和安全行业有联系并产生互动,以及授权和未授权(在接受文件化的黑客攻击代替论文的情况下)使用学生测试系统.

2种对边界越轨的恐惧被生动地描绘在这样的城市传说中,比如墨西哥狗和窒息的杜宾犬(C.F.伍尔格)(1990).

3约瑟夫·刘易斯·波普(Joseph Lewis Popp):他在1990年1月被指控使用隐藏在软盘中的特洛伊木马向系统随后被感染的接收者勒索钱财.

然而,审判没有上法庭,因为他的辩方辩称他精神上不适合受审.

他们描述了他是如何把卷发器放在胡子上,头上戴着一个纸箱,显然是为了保护自己免受辐射.4 c.f.附录1关于年龄因素的现场调查统计证据的总结.

5 Sterling 1993:95 6参考文献摘自CuD 4.

11 7,如Paul Mungo文章标题所示:“撒旦病毒”(c.f.Bibliography)8 c.f.CuD 3:37 9频道4电视,1989年11月10 c.

f Woolgar 1990.

11前者是1990年E911审判中克雷格·内多夫的辩护律师,多萝西·丹尼是华盛顿乔治敦大学的计算机科学家,对CU问题有学术兴趣.

12 CU电子杂志13托马斯对布谷鸟蛋的评论包括许多斯托尔沉迷于诸如未经许可借用他人电脑和未经授权监控他人电子通信等活动的例子.14 c.f.完整账户的附录2.

——————————日期:1997年5月7日星期四,22:51:01 CST发件人:CuD版主主题:文件2——Cu摘要标题信息(自1997年5月7日起保持不变)Cu摘要是每周电子期刊/通讯.

订阅是免费的电子版.

CuD可以作为Usenet的新闻组:comp.

society.

cu-digest,或者在“Subject::line:subscribe cu-digest发送消息到:cu-digest-request@weber.ucsd.edu不要向版主发送订阅.

编辑可通过语音(815-753-6436)、传真(815-753-6359)或美国邮件联系:Jim Thomas,社会学系gy,NIU,DeKalb,IL 60115,USA.

向不明嫌犯发送一条单行消息:不明嫌犯CU-DIGEST发送到CU-DIGEST-REQUEST@WEBER.UCSD.EDU(注意:不明嫌犯的地址必须与您的发件人:行相对应)CuD问题也可以在Usenet comp.

society.

CU-DIGEST新闻组中找到.

在IBMBBS SIG的DL0和DL4的CompuServe上,LAWSIG的DL1上,以及电信的DL1.

PF*NPC RT库和病毒/安全库中的GEnie.

PC电信论坛中“计算通讯”下的“美国在线”.

Internet SIG的一般讨论数据库中的Delphi.

RIPCO BBS(312)528-5590(以及Internet上的RIPCO).

CuD也可通过1:11/70的Fidonet文件请求获得.

欢迎使用未列出的节点和点.

在意大利:零!CuD/欧洲:nic.funet.fi在pub/doc/CuD/CuD/(芬兰)ftp.

warwick.ac.uk在pub/CuD/(英国)CuD的最新版本可以从CuD摘要网站获得:URL:http://WWW.soci.niu.edu/~Cu Digest/COMPUTER UNDERGROUND Digest是一个开放的论坛,致力于计算机专家之间的信息共享,以及对不同的观点.

只要来源被引用,CuD材料可以为非盈利目的再版.

作者拥有假定的版权,应与他们联系以获得转载许可.

除非另有说明,否则假设发给版主的非个人邮件可以重印.

鼓励读者提交有关计算机文化和通信的合理文章.

与简短的回答相比,文章更受欢迎.

除非绝对必要,请避免引用以前的帖子.

免责声明:此处所述观点不一定代表主持人的观点.

摘要贡献者承担所有责任,确保提交的文章不违反版权保护.

——————————计算机地下文摘第2部分(共2部分)结束#9.

59***********************************.

,网络安全教程them_and_us.txt,tags |
paper,Date: 18 Jun 97 17:25
From: P.A.Taylor@sociology.salford.ac.uk
Subject: File 1--Paul Taylor's Forthcoming "Hacker" Book

((MODERATORS' NOTE: A few years ago, Paul Taylor solicited
information on "hackers" in a CuD post for his Phd dissertation.
He completed it, and it will soon be published by Routledge and
Kegan Paul. The publication date is anticipated to be in early
1998, and the tentative title: HACKERS: A STUDY OF A
TECHNOCULTURE, although Paul is still searching for (and is open
to) suggestions. Sadly, though, publishers usually suggest the
final title and their choice usually prevails. The estimated
price for the paperback version should be about 15 pounds, which
would make the US version about $20.

CuD will run a chapter, which will be divided into two sections
of this CuD issue because of length)).

------------------

Jim has kindly agreed to put up on CuD an excerpt from my
forthcoming book on hackers. Its present form is straight from
my PhD thesis but I would like to use peoples' feedback to help
me up-date my work prior and to make it more accessible to a
non-academic audience. If you have any comments or views on my
portrayal of hacking then please contact me -
p.a.taylor@sociology.salford.ac.uk.

The reason for putting up the posting is

a) to thank and give something back to the original people who
contributed.
b) to stimulate further interest that will help in the up-dating
of the original work - specifically ...
i) what do people think are the major developments in the CU over
the last 3/4 years?
ii) what do people think are the major differences (if any)
between the CU scene in the US as compared to Europe/rest of the
world?

There's an open invite for people to contact me and discuss the
above and/or anything else that they think is relevant/important.
Below is a brief overview of
the eventual book's rationale and proposed structure.

Hackers: a study of a technoculture

Background

"Hackers" is based upon 4 years PhD research conducted from
1989-1993 at the University of Edinburgh. The research focussed
upon 3 main groups: the Computer Underground (CU); the Computer
Security Industry (CSI); and the academic community. Additional
information was obtained from government officials, journalists
etc.

The face-to-face interview work was conducted in the UK and the
Netherlands. It included figures such as Rop Gongrijp of
Hack-Tic magazine, Prof Hirschberg of Delft University, and
Robert Schifreen. E-mail/phone interviews were conducted in
Europe and the US with figures such as Prof Eugene Spafford of
Purdue Technical University, Kevin Mitnick, Chris Goggans and
John Draper.

Rationale

This book sets out to be an academic study of the social
processes behind hacking that is nevertheless accessible to a
general audience. It seeks to compensate for the "Gee-whiz"
approach of many of the journalistic accounts of hacking. The
tone of these books tends to be set by their titles: The Fugitive
Game; Takedown; The Cyberthief and the Samurai; Masters of
Deception - and so on ...

The basic argument in this book is that, despite the media
portrayal, hacking is not, and never has been, a simple case of
"electronic vandals" versus the good guys: the truth is much more
complex. The boundaries between hacking, the security industry
and academia, for example, are often relatively fluid. In
addition, hacking has a significance outside of its immediate
environment: the disputes that surround it symbolise society's
attempts to shape the values of the informational environments we
will inhabit tomorrow.

Book Outline

Introduction - the background of the study and the range of
contributors

Chapter 1 - The cultural significance of hacking: non-fiction and
fictional portrayals of hacking.

Chapter 2 - Hacking the system: hackers and theories of technological change.

Chapter 3 - Hackers: their culture.

Chapter 4 - Hackers: their motivations

Chapter 5 - The State of the (Cyber)Nation: computer security weaknesses.

Chapter 6- Them and Us: boundary formation and constructing "the other".

Chapter 7 - Hacking and Legislation.

Conclusion

Paul Taylor

------------------------------

Date: Mon, 16 Jun 1997 14:05:55 +0100
From: P.A.Taylor@sociology.salford.ac.uk
Subject: Preview of "Hacker" book: THEM AND US (Part 1 of 2)

Chapter 6 - 'Them and us'

6.1 INTRODUCTION

6.2 BOUNDARY FORMATION - 'THEM AND US'
6.2.1 The evidence - Hawkish strength of feeling

6.3 REASONS FOR 'THEM AND US'
6.3.1 Ethical differences between the CSI and CU
6.3.2 The fear of anonymity

6.4 THE ETHICAL BASIS OF THE 'THEM AND US' SCENARIO
6.4.1 Blurred and vestigial ethics
6.4.2 Industry examples of blurred ethics
6.4.3 Technology and ethics

6.5 BOUNDARY FORMATION - ROLE OF THE MEDIA

6.6 BOUNDARY FORMATION PROCESS AND THE USE OF ANALOGIES

6.7 THE PROJECT OF PROFESSIONALISATION
6.7.1 Creation of the computer security market and professional ethos
6.7.2 Witch-hunts and hackers
6.7.3 Closure - the evolution of attitudes

6.8 CONCLUSION

6.1 INTRODUCTION

Hackers are like kids putting a 10 pence piece on a railway line to see if
the train can bend it, not realising that they risk de-railing the whole
train (Mike Jones: London interview).

The technical objections of the hawks to hacking, which reject the argument
advocating cooperation with hackers, are supplemented by their ethical
objections to the activity, explored in this chapter. Previous chapters
have shown that there is some interplay and contact between the hacker
community and the computer security industry, as well as the more
subsidiary group: the academics1. The much more common relationship
between hackers and the computer security industry, however, is the
thinly-veiled or open hostility evident in the opinions of the hawks.
This chapter examines the basis of this hostility. The groups' contrasting
ethical stances are highlighted, and their origins explained. The
technical evolution of computing is shown as creating new conditions that
demand ethical judgements to be made with respect to what constitutes
ethical use of computer resources. The CU and the CSI have different
ethical interpretations that are expressed in a process of debate. This
debate then becomes part of a boundary forming process between the two
groups. Two identifiable influences upon such ethical judgements are the
age of the person making the judgement, and the extent to which technology
plays a part in the situation about which an ethical judgement has to be
made.
Elements of the CSI and the CU stand in identifiable opposition to each
other. This chapter shows how this opposition is maintained and
exacerbated as part of a boundary forming process. Ethical differences
between the two groups are espoused, but examples are given of the extent
to such differences are still in a process of formation within computing's
nascent environment. Thus the type of mentality within the CU that fails
to accept any ethical implications from phone-phreaking or hacking is
sharply opposed by the CSI, whose typical sentiment is that computer users
such as hackers have forgotten "that sometimes they must leave the playpen
and accept the notion that computing is more than just a game" (Bloombecker
1990: 41). This contention that hackers have failed to psychologically
"come out of the playpen" is illustrative of some of the marked ethical
differences between the two groups.
This chapter, however, draws attention to examples of the more ambiguous
and blurred ethical situations within computing, and how an on-going
process of negotiation, group differentiation and boundary formation, is
required to maintain such differences between the groups. The ethical
complexities surrounding computing are becoming increasingly important as
it becomes a more prevalent aspect of everyday life. The CSI, as a part of
a dominant social constituency of business and political interests, is
involved in a process of attempting to impose its interpretation of such
ethical issues upon computing. Advocates of different ethical approaches
find themselves increasingly separated by moral boundaries that have become
codified into professional regulations and government legislation.
The "them and us" scenario caused by the contrasting ethical stances is
fuelled by the media's portrayal of hackers as unethical outsiders. The
most obvious manifestation of this is the evolution of attitudes held
towards hackers by the dominant social constituency. The 'true hackers' of
MIT were active from the late 1950's and were instrumental in the
development of both hardware and software, whereas hackers are now largely
perceived as a problem to be legislated away. This evolution in
perceptions is simultaneously a result of the emergence of the CSI as a
constituency, and a causal factor in that development. To illustrate the
process of boundary formation we note comparisons of the debate surrounding
Robert Morris Jr's intrusion into the internet system with the language and
attitudes displayed during the Salem Witch trials (Dougan and Gieryn 1988).
The press, in particular, has been particularly active in the process of
stereotyping and sensationalising hacking incidents, the process helping to
produce a deviant group status for hackers.
The chapter also includes analysis of one of the most interesting aspects
of the boundary forming process between the CSI and the CU, namely, the way
in which physical comparisons are made between situations that arise in
computing and the real world. These metaphors are used as explanatory
tools and also in the production and maintenance of the value systems that
separate the two groups. The physical analogies used seem to fulfil both
of these functions. They allow what would otherwise be potentially
complicated technical and ethical questions to be approached in a more
manageable and everyday manner, yet they also contribute directly to the
formation of ethical boundaries due to their particular suitability as a
means of sensationalising hacking issues.
Public commentators such as Gene Spafford have made various polemical
statements of what hacking and its implications are: employing a hacker, is
like making 'an arsonist your fire chief, or a paedophile a school
teacher.' The actions of hackers are thus forcefully taken out of the
realms of 'cyberspace' and reintroduced into the concrete realm of
threatening real world situations. If the comparison is accepted, then the
danger and harm to be suffered from such actions are more readily
understood and feared, and hackers as a group may then be effectively
viewed as moral pariahs. With reference to Woolgar's (1990) attempt to
link computer virus stories with the prevalence of 'urban/contemporary
legends', it can be pointed out that the physical analogies used by the CSI
in discussions of computer ethics emphasise the transgressive 'breaking and
entering' qualities of hacking2. In contrast, the CU reject such dramatic
analogies and prefer to emphasise the intellectual and pioneering qualities
of hacking which we will subsequently analyse with respect to their chosen
analogies: comparisons of hacking's intellectual nature and frontier ethos
to a game of chess and the Wild West, respectively.

6.2 BOUNDARY FORMATION - 'THEM AND US'

Dougan and Gieryn (1988), like Meyer and Thomas (1990), have compared the
process of boundary formation within computing with the historical examples
of formalised witch trials. This is an extreme process of 'boundary
formation' whereby groups differentiate themselves by marginalising other
groups thereby establishing their own identity. "Witch hunts" occur in
periods of social transition and we have seen in Chapter 3 that IT is
undergoing a period of social change. The economic order is attempting to
impose property relations upon information, yet its changing nature
undermines its properties as a commodity.
Computer counter-cultures are increasingly perceived as a threat to the
establishment's ability to control technology for its own purposes. The
initial awe and even respect with which hackers were originally viewed as
'technological wizards' has given way to the more frequent hawkish
perception that they are 'electronic vandals'. Dominant social groups
initially mythologise and then stigmatise peripheral groups that do not
share their value-structure. In the case of hackers, this tendency has
been exacerbated by the fear and ignorance encouraged as a result of
hacking's covert nature and the difficulties of documenting the activity.

Dougan and Gieryn (1988), amongst others, point out that such concepts of
deviancy have a function. Put simply, a community only has a sense of its
community status by knowing what it is not. Distancing themselves from
outsiders helps members within that group feel a sense of togetherness.
Furthermore, cultures that emphasise certain values over others will tend
to label as deviant those activities which threaten its most prized value.
In the particular case of hackers, their stigmatisation and marginalisation
has occurred because they have threatened, with their information-sharing
culture, one of the basic crutches of the capitalist order: property
rights. The facilitating feature of the boundary forming process between
the CU and the CSI is the sense of otherness and lack of affinity with
which they confront each other: the "them and us" scenario.

6.2.1 The evidence - hawkish strength of feeling

Direct access to the debate between the CSI and CU can be obtained by
looking at examples of e-mail correspondence known as 'flames'. These are
strongly worded, and often insulting electronic mail messages. They serve
to illustrate the antagonism that exists between the CSI and CU. The
following are examples of the expressions used on e-mail to describe
hackers and hacking:

I am for making the penalties for computer trespass extremely painful to the
perpetrator ... Most administrators who've had to clean up and audit a
system of this size probably think that a felony rap is too light a
sentence. At times like that, we tend to think in terms of boiling in oil,
being drawn and quartered, or maybe burying the intruder up to his neck in
an anthill (Bob Johnson: RISKS electronic digest, 11:32).

electronic vandalism (Warman: e-mail interview).

Somewhere near vermin i.e. possibly unavoidable, maybe even necessary pests
that can be destructive and disruptive if not monitored (Zmudsinki e-mail
interview).

Mostly they seem to be kids with a dramatically underdeveloped sense of
community and society
(Bernie Cosell: e-mail interview).

Opposition to hacking practices has become increasingly non-specific and
moralistic, an example being Spafford's argument that using hackers'
knowledge on a regular basis within the computer security industry is
equivalent to employing a known arsonist as your fire-chief, a fraudster as
your accountant, or a paedophile as your child-minder. The technical
insights that they could provide or could be derived as a by-product of
their activities become subordinate to the need to express opprobrium
against the morality of the actions themselves. The language of blame and
morality is consistently used by hawkish members of the CSI to refer to
hackers in what they would argue is a process of 'blame displacement'. The
CSI are accused of using moral condemnation as a means of deflecting any
responsibility and blame for security breaches that might be attached, not
just to the perpetrators of intrusions, but also their victims. As
Herschberg said:

The pseudo-moral arguments and the moralistic language certainly cloud the
issue in my view. I think it obscures the fact that system owners or
system administrators have a moral duty to do at least their level best to
stop penetrations. They are very remiss in their duty, they couldn't care
less and therefore at least, there is quite an understandable tendency to
blame the penetrator rather than blaming themselves for not having taken at
least adequate counter measures, in fact in some cases counter measures
have not been taken at all ... if it is proved to you that you haven't done
your homework, then you almost automatically go into a defensive attitude
which in this case, simply amounts to attacking the hacker, blaming him
morally, heaping opprobrium on his head ... yes, the fear factor is
involved (Herschberg: Delft interview).

This undercurrent of moral censure was a recurrent quality of the
field-work interviews with members of the CSI, for example:

I've been in this game ... this is my 36th year, in the interests of hacking
as a whole I think hacking is something which is derogatory; to be played
down, to possibly in fact, be treated as a minor form of criminal activity
... the last thing you want to do is to make hackers into public figures;
give them publicity. I think it needs to be played down when it occurs,
but it shouldn't occur ... I wouldn't have them, no, under any
circumstances (Taylor: Knutsford interview).

Dr Taylor and others interviewees, involved in the provision of computer
security, had had surprisingly little direct contact with hackers. I asked
him about this lack of direct contact/interplay and his perceptions of the
motivations of hackers:

Well, there shouldn't be [any interplay] because the industry doesn't want
to hear about hackers and certainly doesn't want to see the effects of what
they do ... To me I'm not concerned with what the hacker does, I'm more
concerned with keeping him out to start with ... You've talked to what are
called the more ethical members of the hacking community for whom it's an
intellectual challenge, but there are in fact people who are psychopaths,
and Doctor Popp3 is one of these, where they just want to level a score
with society which they feel has been unfair to them ... A chap called
Whitely has just gone to prison for four years for destroying medical data
at Queen Mary's hospital, London. He just destroyed utterly and he wasn't
just a hacker that was browsing, he was a psychopath almost certainly
(Taylor: Knutsford interview).

In contrast, and as an illustration of the negative perceptions each groups
has of the other, a hacker, Mofo, argues that psychotic tendencies are not
the sole preserve of the hacking community:

my experience has shown me that the actions of 'those in charge' of computer
systems and networks have similar 'power trips' which need be fulfilled.
Whether this psychotic need is developed or entrenched before one's
association with computers is irrelevant. Individuals bearing such faulty
mental health are present in all walks of life. I believe it is just a
matter of probability that many such individuals are somewhat associated
with the management of computers and networks [as well as intrusion into
computer systems] (Mofo: e-mail interview).

Taylor is wary of the damage to computing that greater publicisation of
hacking could cause, yet as the above reference to Dr Popp and Nicholas
Whitley shows, ironically, he seemed to be dependent upon the most
publicised cases of hacking for his perceptions of hackers. A further
argument that prevents the CSI accepting hackers as potentially useful
fault-finders in systems is the simple charge that without the existence of
hackers in the first place, there would be very little need for extensive
security measures. Even if hackers are of some use in pointing out various
bugs in systems, such a benefit is outweighed by the fact that a large
amount of computing resources are 'wasted' on what would otherwise be
unnecessary security measures. For example, Dr Taylor's view is that:

hacking is a menace that stops people doing constructive work ... A lot of
money get's spent today on providing quite complex solutions to keep ahead
of hackers, which in my view should not be spent ... They're challenging
the researchers to produce better technical solutions and they're
stimulating the software service industry which provides these solutions
and makes money out of it. But you answer the question for me, what's that
doing for society? (Taylor: Knutsford interview).

Thus one reason for the use of moral language is in order to displace blame
from those in charge of the systems where security is lax, to those who
have broken that lax security. Irrespective of the state of security of
systems, there is a project of group formation whereby those who implement
computer security wish to isolate and differentiate themselves from the CU,
in a process that highlights the inherent differences that exist between
the two groups. This project is vividly illustrated in the following
excerpt from the keynote Turing Award acceptance speech given by Ken
Thompson:

I have watched kids testifying before Congress. It is clear that they are
completely unaware of the seriousness of their acts. There is obviously a
cultural gap. The act of breaking into a computer system has to have the
same social stigma as breaking into a neighbor's house. It should not
matter that the neighbour's door is unlocked. The press must learn that
misguided use of a computer is no more amazing than drunk driving of an
automobile (Thompson 1984: 763).

This degree of sentiment was consistently expressed amongst some of the
most prominent and accomplished of those figures from the computer security
industry who were generally opposed to hackers:

Unfortunately ... it is tempting to view the hacker as something of a folk
hero - a lone individual who, armed with only his own ingenuity, is able to
thwart the system. Not enough attention is paid to the real damage that
such people can do...when somebody tampers with someone else's data or
programs, however clever the method, we all need to recognise that such an
act is at best irresponsible and very likely criminal. That the offender
feels no remorse, or that the virus had unintended consequences does not
change the essential lawlessness of the act, which is in effect
breaking-and-entering. And asserting that the act had a salutary outcome,
since it led to stronger safeguards, has no more validity than if the same
argument were advanced in defense of any crime. If after experiencing a
burglary I purchase a burglar alarm for my house, does that excuse the
burglar? Of course not. Any such act should be vigorously prosecuted
(Parrish 1989).

Several of the above quotations are notable for their heavy reliance upon
the visual imagery of metaphors comparing the ethical issues arising from
computing with real-world situations, a topic that will be looked at
shortly.

6.3 REASONS FOR 'THEM AND US'

6.3.1 Ethical differences between the CSI and CU

Having identified the strength of feeling of hawkish views of hacking, this
section explores the ethical basis of that antagonism. The following
quotation from a member of the CSI illustrates the stark difference between
the ethical outlooks of certain members of the computing constituency.
Elements of the CSI vehemently oppose the "playpen attitude" advocated by
elements of the CU. Presupposing that no harm is done, hackers tend to
believe that it is not wrong to explore systems without prior permission,
whilst those concerned with the security of those systems would
characterise such a belief as offensive:

Just because YOU have such a totally bankrupt sense of ethics and propriety,
that shouldn't put a burden on *me* to have to waste my time dealing with
it. Life is short enough to not have it gratuitously wasted on
self-righteous, immature fools...If you want to 'play' on my system, you
can ASK me, try to convince me *a priori* of the innocence of your intent,
and if I say "no" you should just go away. And playing without asking is,
and should be criminal; I have no obligation, nor any interest, in being
compelled to provide a playpen for bozos who are so jaded that they cannot
amuse themselves in some non-offensive way (Cosell CUD 3:12).

When we examine the factors underpinning the CSI's and CU's contrasting
ethical interpretations we find an important feature is the tendency of the
CSI to denigrate, or devalue the ethics articulated by hackers. Bob
Johnson, a Senior Systems analyst and Unix System Administrator at a US
military installation criticises the justifications used by hackers as an
example of the modern tendency to indulge in "positional ethics".
Referring to the Internet worm case he states:

The majority of people refuse to judge on the basis of "right and wrong".
Instead, they judge the actions in terms of result, or based on actual
damages, or incidental damages or their own personal ideas. In my mind,
Morris was WRONG in what he did, regardless of damages, and should
therefore be prepared to pay for his deeds. Many others do not suffer from
this "narrow frame of mind". By the way, positional ethics is the same
line of reasoning which asks, "When would it be right to steal a loaf of
bread?" I believe that the answer is "It may someday be necessary, but
it's never right" (Bob Johnson: e-mail interview).

The "hawkish" elements of the CSI are unequivocal in their condemnation of
hacking and its lack of ethics. They argue that the lack of ethics shown
by hackers is indicative of a wider societal decline. Thus Smb
characterises the alleged degeneration of the average persons ethics, not
as a breakdown in morality, but rather as a spread of amorality: "I'm far
from convinced that the lack of ethics is unique to hackers. I think it's
a societal problem, which in this business we see manifested as hacking.
Amorality rather than immorality is the problem" (Smb: E-mail interview).
Similarly, Bob Johnson argues that:

In a larger sense, I view them [hacking and viruses] as part of the same
problem, which is a degeneration of the average persons ethics - i.e.
integrity and honesty. There's a popular saying in America - 'You're not
really breaking the speed limit unless you get caught. I believe an
ethical person would neither break into systems, nor write viruses (Bob
Johnson: e-mail interview).

Cosell takes this argument further, the "degeneration of the average
person's ethics" is applied to a loss of respect by hackers for property
rights:

The issue here is one of ethics, not damages. I'll avoid the "today's
children are terrors" argument, but some parts of that cannot be avoided:
the hackers take the point of view that the world at large OWES them
amusement, and that anything they can manage to break into is fair game [an
astonishing step beyond an already reprehensible position, that anything
not completely nailed down is fair game] (Cosell: e-mail interview).

A study into social and business ethical questions was carried out by
Johnston and Wood (1985, cited by Vinten 1990) for the British Social
Attitudes Survey. Apart from their major conclusion that the single most
important factor influencing the strength of people's ethical judgements
was age, it seems difficult to point to clear ethical boundaries and
guide-lines in relation to many of the situations that arise in the modern
world, especially in the realms of business. Thus in his summary of the
report Vinten describes how: "In situations ranging widely from
illegitimate tipping of dustmen to serious corruption, no clear-cut
boundaries emerged as between 'right' and 'wrong' ... Sub-group variation
was greatest where situations were complicated by motivation questions, and
by being remote from everyday experience" (Vinten 1990: 3). Hacking
fulfils both of these criteria.
The advent of "virtual reality" or "cyberspace" tends to divorce computing
from "everyday experience". This leads directly to an ambiguous ethical
status for many computing situations and a concomitant need to assert
ethical standards by the dominant social constituency if it is to succeed
in exerting control over computing. Vinten's study of computer ethics
(1990) points out that ethical judgements tend to be harsher, the older the
person making the judgements. Members of the CSI consistently have
strongly critical views of the ethical stance taken by hackers. They tend
to be older than hackers, having been involved with computers, as a career,
for many years. Hackers, in contrast, tend to use computers more as a
hobby and may hack in order to gain access to systems which their youth
precludes them from obtaining access to by legitimate means. This age
difference is perhaps one reason why there are such fundamental differences
in the ethical outlook of members of the CSI and CU4.

6.3.2 Fear of Anonymity

One of the common themes that stems from the CSI's perception of hackers is
their tendency to assume the worst intent behind the actions of intruders,
a tendency encouraged by the fact that hacking is intrinsically anonymous:

There is a great difference between trespassing on my property and breaking
into my computer. A better analogy might be finding a trespasser in your
high-rise office building at 3 AM, and learning that his back-pack
contained some tools, some wire, a timer and a couple of detonation caps.
He could claim that he wasn't planting a bomb, but how can you be sure?
(Cosell: e-mail interview).

Another vivid example of the doubt caused by the anonymity of hackers is
the comparison below made by Mike Jones of the DTI's security awareness
division. I pointed out that many hackers feel victimised by the
establishment because they believe it is more interested in prosecuting
them than patching up the holes they are pointing out with their activity.
Jones accepted that there was prejudice in the views of the CSI towards the
CU. That prejudice, however, is based upon the potential damage that
hackers can cause. Even if there is no malicious intention from the
hacker, suspicion and doubt as to what harm has been done exists:

Say you came out to your car and your bonnet was slightly up and you looked
under the bonnet and somebody was tampering with the leads or there looked
like there were marks on the brake-pipe. Would you just put the bonnet
down and say "oh, they've probably done no harm" and drive off, or would
you suspect that they've done something wrong and they've sawn through a
brake-pipe or whatever... say a maintenance crew arrived at a hanger one
morning and found that somebody had broken in and there were screw-driver
marks on the outside casing of one of the engines, now would they look
inside and say "nothing really wrong here" or would they say, "hey, we've
got to take this engine apart or at least look at it so closely that we can
verify that whatever has been done hasn't harmed the engine" (Jones:
London interview).

These two quotations proffer an important explanation of the alleged
paranoid and knee-jerk reactions to hacking activity from the computing
establishment. The general prejudice held by the CSI towards the CU is
heightened by the anonymous quality of hacking. The anonymity encourages
doubts and paranoia as a result of being unable to assess the motivation of
intruders and the likelihood that any harm that has been committed will be
difficult to uncover.
In addition to these points, the anonymity afforded by Computer Mediated
Communication (CMC) encourages hackers to project exaggeratedly threatening
personalities to the outside world and media. Barlow (1990) describes
meeting some hackers who had previously frightened him with their
aggressive e-mail posturing. When Barlow actually came face to face with
two of the hackers they:

were well scrubbed and fashionably clad. They looked to be as dangerous as
ducks. But ... as ... the media have discovered to their delight, the boys
had developed distinctly showier personae for their rambles through the
howling wilderness of Cyberspace. Glittering with spikes of binary chrome,
they strode past the klieg lights and into the digital distance. There
they would be outlaws. It was only a matter of time before they started to
believe themselves as bad as they sounded. And no time at all before
everyone else did (Barlow 1990: 48).

The anonymity afforded by CMC thus allows hacking culture to indulge in
extravagant role-playing which enhances the perception of it in the eyes of
outsiders as being a potentially dangerous underground movement. Hacking
groups generally choose colourful names such as "Bad Ass Mother Fuckers,
Chaos Computer Club, Circle of Death, Farmers of Doom"5, and so on.

6.4 THE ETHICAL BASIS OF THE 'THEM AND US' SCENARIO

6.4.1 Blurred and vestigial ethics

Cracking, virus writing, and all the rest, fall into the realm of
possibility when dealing with intelligent, curious minds. The ethics of
such things come later. Until then, users of computers remain in this
infancy of cracking, etc. (Kerchen: e-mail interview).

The ethical edges demarcating legal and illicit acts have a higher tendency
to be blurred whenever technology has a significant presence in the context
of the act. The acts of such figures as Captain Crunch have been received
with a combination of admiration and condemnation. Opposition to attempts
to commodify and institutionalise informational property relations can
exist in such rebellious manipulations of technology; but also more
'respectably' in the intellectual and political platforms of such figures
as Richard Stallman and the League for Programming Freedom. Activities
involving the use of computers have given rise to a number of qualitatively
new situations in which there is a debate as to whether the act in question
is ethical or not. These activities tend to centre upon such questions as
whether the unauthorised access to and/or use of somebody's computer,
system, or data can be adequately compared to more traditional crimes
involving the physical access or manipulation of material objects or
property.
An example of such ambiguity is the fact that whereas the idiosyncratic
behaviour of the early hackers of MIT was benignly tolerated now hacking is
portrayed in the press as having evil associations and is subject to legal
prosecution. This apparent change in social values has occurred despite
the fact that the motivations and lack of regard for property rights
associated with hacking have remained constant over time. Examples of the
previously ad hoc morality with respect to computers abound. The first
generation MIT hackers engaged in such illicit activity as using equipment
without authorisation (Levy 1984: 20), phone phreaking (pg 92),
unauthorised modification of equipment (pg 96) and the circumvention of
password controls (Pg 417)6. Bloombecker gives the example of how
authority's reaction to the behaviour of small school children may
represent society's ambivalent response to the computing activities it
originally encourages. Definitive ethical judgements can prove difficult
to make in certain situations:

Think of the dilemma expressed unknowingly by the mathematics teacher who
spoke of the enthusiasm her 9 and 10-year-old students exhibited when she
allowed them to use the school's computers. "They are so excited" she
said, "that they fight to get onto the system. Some of them even erase
others' names from the sign-up lists altogether". The idea that this was
not good preparation for the students' moral lives seemed never to have
occurred to her ... Unfortunately, both for society and for those that need
the guidance, there is no standard within the computer community to define
precisely when the playing has got out of hand. If a student uses an hour
of computer time without permission, one university computer department may
consider it criminal theft of service, while another views it as an
exercise of commendable ingenuity (Bloombecker 1990: 42).

This ambiguous ethical status of some computing activities is due to the
relatively recent advent of computing as an area of human endeavour; this
has led to a lack of readily agreed-upon computing mores: "Indeed, if we
were to devise a personality test designed to spot the computer criminal,
the first and most difficult task would be to create a task that did not
also eliminate most of the best minds who have made computing what it is"
(Bloombecker 1990: 39). There is the further complicating factor, that to
some extent at least, society encourages "getting hooked" upon computing,
since it is perceived as representing a beneficial outlet for intellectual
endeavour. We now turn to more specific examples of computing's ethical
complexity.

6.4.2 Industry examples of blurred ethics

There is often a lack of agreement even amongst computer professionals as
to what constitutes the correct procedures with which to confront certain
research and educational issues within computing. A specific example of
this lack of agreement is the debate caused by the publication of an
article by Cohen, entitled "Friendly contagion: Harnessing the Subtle
Power of Computer Viruses" (1991). In the article, Cohen suggests that the
vendor of a computer virus prevention product should sponsor a contest
encouraging the development of new viruses, with the provisos that the
spreading ability of the viruses should be inherently limited, and that
they should only be tested on systems with the informed consent of the
systems owners. Spafford responded with the charge that: "For someone of
Dr Cohen's reputation within the field to actually promote the
uncontrolled writing of any virus, even with his stated stipulations, is to
act irresponsibly and immorally. To act in such a manner is likely to
encourage the development of yet more viruses "in the wild" by muddling the
ethics and dangers involved" (Spafford 1991: 3). Furthermore, even the
publication of "fixes" can be viewed in certain instances as an unethical
act, leading to what has been previously described as the phenomenon of
"security through obscurity". Spafford argues that: "We should realize
that widespread publication of details will imperil sites were users are
unwilling or unable to install updates and fixes. Publication should serve
a useful purpose; endangering the security of other people's machines or
attempting to force them into making changes they are unable to make or
afford is not ethical" (Spafford 1990:12).
The disagreement over some of the ethical questions thrown up by hacking
was also in evidence in the aftermath of the Internet Worm when a debate
raged amongst computer professionals as to the ethical and technical
implications of the event. The debate tending to support the above
argument positing ethical sub-group variation and a general lack of
clear-cut moral boundaries as typical of the modern ethical environment,
especially when there are contrasting opinions as to the originating
motivations behind specific acts. Such a debate was reflected in the
"Communications of the Association of Computing Machinery (ACM)" Forum of
Letters, where even the ACM's president received quite strident criticism
for his position indicated in the title of his letter: "A Hygiene Lesson",
that the Internet Worm could be viewed as beneficial in so far as it
increased awareness of security practices. The president's view was
described by one contributor to the forum as, "a massive error in judgement
which sends the wrong message to the world on the matters of individual
responsibility and ethical behaviour ... [it] is inexcusable and an
exercise in moral relativism" (Denning, Peter 1990: 523). Similarly,
another writer illustrates the disparate nature of the feelings produced by
the Internet Worm incident when he pointedly remarks:

while Spafford praises the efficacy of the ''UNIX 'old boy' network" in
fighting the worm, he does not explain how these self-appointed fire
marshals allowed such known hazards to exist for so long ... If people like
Morris and people like him are the greatest threat to the proper working of
the Internet then we face no threat at all. If, on the other hand, our
preoccupation with moralizing over this incident blinds us to serious
security threats and lowers the standards of civility in our community,
then we will have lost a great deal indeed (Denning, Peter 1990: pp 526
+7).

6.4.3 Technology and ethics

Underlying some of these problems with ethics has been the tendency
identified by Spafford (1990) to "view computers simply as machines and
algorithims, and ... not perceive the serious ethical questions inherent in
their use" (Spafford 1990: 12). Spafford points to the failure to address
the end result of computing decisions upon people's lives, and hence the
accompanying failure to recognise the ethical component of computing. As a
result, he argues, there is a subsequent general failure to teach the
proper ethical use of computers:

Computing has historically been divorced from social values, from human
values, computing has been viewed as something numeric and that there is no
ethical concern with numbers, that we simply calculate values of 0 and 1,
and that there are no grey areas, no impact areas, and that leads to more
problems than simply theft of information, it also leads to problems of
producing software that is also responsible for loss and damage and hurt
because we fail to understand that computers are tools whose products ...
involve human beings and that humans are affected at the other end
(Spafford US interview).

This is due to the fact that often the staff of computer faculties are
uncomfortable with the subject, or don't believe it's important. Their
backgrounds are predominantly in mathematics or scientific theory and hence
they don't adequately understand how practical issues of use may apply to
computing. Spafford suggests that engineering provides a more appropriate
model of computing than science in so far as it addresses the human as well
as the scientific dimensions.

Computer science is really, in large part an engineering discipline and that
some of the difficulties that arise in defining the field are because the
people who are involved in computing, believe it's a science and don't
understand the engineering aspects of it. Engineers, for a very long time,
have been taught issues of appropriateness and ethics and legality and it's
very often a required part of engineering curricula ... computing is more
than just dealing with numbers and abstractions, it does in fact have very
strong applications behind it, a very strong real-world component (Spafford
US interview).

The extent to which computing has a non-material dimension, however,
constantly mitigates against Spafford's desire for computing to be
ethically approached in a similar manner to an engineering discipline.
There is a fundamental difference between the 'real world' and the 'virtual
world' of computing, and it is this difference which makes the literal
transposing of ethical judgements from the former to the latter, difficult,
if not untenable. The correct balance with which to transpose ethical
judgements from one realm to another is debateable.

6.5 BOUNDARY FORMATION - ROLE OF THE MEDIA

This section debunks some of the sensationalising, demonising, and
mythologising of hacking that has occurred with the recent spate of books,
articles and television programmes dealing with the issue. It also
corrects the overwhelming tendency of most of the writings on the subject
of hacking to concentrate on the minutiae of the activities and life
histories of hackers or their adversaries. Frequently, but superficially,
deep-rooted psychological abnormalities are offered as explanations for
hacking activity, whilst ignoring the ethical and political implications of
those acts. The overall effect of the media portrayal of hacking, it could
be suggested, is a continuation by other means of the CSI's project of
stigmatisation and closure.

(i) 'Hacker best-sellers'

Two examples of the tendency towards sensationalism are The Cuckoo's Egg by
Clifford Stoll and Cyberpunk by Hafner and Markoff. An example of the many
uses of hyperbole in their choice and tone of language is their
consideration of the issues at stake in the hiring of a hacker for security
work. "But hire such a mean-spirited person? That would be like giving
the Boston Strangler a maintenance job in a nursing-school dormitory"
(Hafner and Markoff, 1991: 40). Both of these books made a large impact on
the computing public and yet both seem self-indulgent in their reliance
upon trivial and tangential details in the narration of different hacking
episodes. In The Cuckoo's Egg, for example, we are given various
descriptions of the author's girlfriend and seemingly irrelevant details of
their shared Californian lifestyle. In Cyberpunk, many unsubstantiated
conjectures are made as to the state of mind of the hacker. Thus the
authors write about Kevin Mitnick:

When Kevin was three, his parents separated. His mother, Shelly got a job as
a waitress at a local delicatessen and embarked upon a series of new
relationships. Every time Kevin started to get close to a new father, the
man disappeared. Kevin's real father was seldom in touch; he remarried and
had another son, athletic and good-looking. During Kevin's high school
years, just as he was getting settled into a new school, the family moved.
It wasn't surprising that Kevin looked to the telephone for solace (Haffner
and Markoff 1991: 26).

This somewhat arbitrary assignation of motivation leads the authors to
label Kevin Mitnick as the "dark-side" hacker, whereas their analysis of
Robert Morris, author of the Internet Worm, is much less condemning despite
the fact the latter was responsible for much more damage and man-hours of
data-recovery time.

(ii) Press and Television

The media faces, in its reporting of computer security issues, the
perennial problem of how to report technical issues in a both accurate and
entertaining manner. Generally, the media has tended towards reporting
those stories that contain the highest degree of 'electronic lethality' and
it has exaggerated the 'darkness' of hacking motives. For example, a
Channel Four television documentary "Dispatches" entitled its investigation
of hacking "The day of the Technopath", whilst the February 1991 edition of
GQ magazine concerned the growth of virus writers in Bulgaria and was
called "Satanic Viruses".
Along with the above two treatments of the computer security issue I will
also look at a Sunday Correspondent article of the 17th December 1989
entitled "A Bug in the Machine" and part of the transcript of an episode
of the U.S. current affairs/chat-show programme, "Geraldo", for a sample of
media treatments of the hacking issue. The television portrayals of the
problem of computer security seem to be the most superficial and dependent
upon sensationalising techniques. Newspaper and magazine articles to give
relatively thorough and accurate technical descriptions of what it is to
hack/write viruses but still make disproportionate use of 'dark-side'
imagery7.

"A Bug in the Machine"

This article is an example of the tendency of the press to concentrate upon
the "sexy" elements of computer security stories. It contains a cynical
description of Emma Nicholson M.P.'s unsubstantiated claims that hacking
techniques are used for terrorist purposes by the European Green movement
amongst others and her emotive description of hackers as: " ... malevolent,
nasty evil-doers who fill the screens of amateur users with pornography"
(Matthews 1989: 39). Yet whilst dispelling some of the alarmist tendencies
of such claims, the example of a hacker chosen by the journalists is that
of the "computer anarchist Mack Plug". Apart from making their own
unsubstantiated claim that "Nearly all hackers are loners" (a contention
refuted by my interviews with groups of Dutch hackers), their description
of his hacking activity seems to deliberately over-emphasise the more
"glamorous" type of hacking at the expense of describing the more mundane
realities and implications of everyday hacking:

At the moment he is hacking electronic leg tags. "I've got it down to 27
seconds" he says, "All you have to do is put a microset recorder next to
the tag and when the police call to check you're there, you tape the tones
transmitted by the tag and feed them on to your answering machine. When
the cops call back again, my machine will play back those tones. I'll have
a fail-safe alibi and I can get back to hacking into MI5 (Matthews 1989:
39).

Geraldo Programme8

On September 30th 1991, the Geraldo chat-show focused on hacking. It
involved a presentation of various hacking cameo shots, one of which showed
Dutch hackers accessing US Department of Defense computers with super-user
status. The studio section of the show involved an interview with Craig
Neidorf (alias Knight Lightning), who underwent a court case in the U.S.
for having allegedly received the source code of the emergency services
telephone computer programs. Also interviewed was Don Ingraham the
prosecuting attorney in Neidorf's case.
Below I include excerpts from the dialogue that ensued as an example of the
extent to which hacking is presented in the media in a superficial,
trivialised and hyperbolic manner. In the introductory part of the show,
excerpts from the film "Die Hard II" are shown in which terrorists take
over the computers of an airport. The general tone of the show was
sensationalistic with one of the guest hackers Craig Neidorf being
repeatedly called the "Mad Hacker" by Geraldo and Don Ingraham consistently
choosing emotive and alarmist language as shown in the following examples:

Geraldo: Don, how do you respond to the feeling common among so many hackers
that what they're doing is a public service; they're exposing the flaws in
our security systems?

Don: Right, and just like the people who rape a co-ed on campus are
exposing the flaws in our nation's higher education security. It's
absolute nonsense. They are doing nothing more than showing off to each
other, and satisfying their own appetite to know something that is not
theirs to know.

And on the question of th
give, in 30 seconds, a worst case scenario of what could result from the
activities of hackers. To which he replies: "They wipe out our
communications system. Rather easily done. Nobody talks to anyone else,
nothing moves, patients don't get their medicine. We're on our knees."

Dispatches - "the day of the technopath"9

Emma Nicholson M.P. interviewed in the Dispatches programme, states, "A
really good hacker could beat the Lockerbie bomber any day, hands down"
and, "Perhaps only a small fraction of the population dislikes the human
race, but they do, and some of them are highly computer-skilled".
The following is another example taken from the programme's voiced-over
commentary:

Until now the computer hacker has been seen affectionately as a skilled
technocrat, beavering away obsessively in his den, a harmless crank
exploring the international computer networks for fun. But today it's
clear that any computer, anywhere, can be broken into and interfered with
for ulterior motives. The technocrat has mutated to the technopath ...
government and business are reluctant to admit that they're fragile and
vulnerable to such threats, frightened of either the loss of public
confidence or of setting themselves up as targets for the technopaths who
stalk their electronic alleyways.

(End of Part one of Chapter 6; Part II follows)

------------------------------

End of Part 1 (of 2) Computer Underground Digest #9.59
************************************

Date: 18 Jun 97 17:25
From: P.A.Taylor@sociology.salford.ac.uk
Subject: File 1--Preview of "Hacker" book: THEM AND US (part 2 of 2)

((MODERATORS' NOTE: This is Part two (of 2) of CuD 9.59, the
conclusion of Paul Taylor's chapter from his forthcoming hacker
book)).

------

6.6 BOUNDARY FORMATION PROCESS AND THE USE OF ANALOGIES

The previous sections of this chapter have established that the ethical
issues surrounding computer usage are both complex and liable to
fundamentally contrasting interpretations by the members of the CSI and the
CU. The debate that subsequently occurs between the two groups has been
shown as part of a boundary forming process by means of which both groups
reinforce their own identities. This section analyses the way in which
analogies are used within this process as both explanatory tools with which
to examine some of the issues in the ethical debate over hacking, and also
as a method of conveying the strength of opinion that is held.
The role of physical analogies in the ethical debate over security issues
has already been illustrated with the CSI's use of them to express fears of
the anonymous nature of the threat hackers pose. The general ease with
which physical analogies are used and the strength of feeling behind them
is vividly illustrated by Jerry Carlin's response to the question, ''Have
system breakers become the 'whipping boys' for general commercial
irresponsibility with regard to data security?" He replied, "It's
fashionable to blame the victim for the crime but if someone is raped it is
not OK to blame that person for not doing a better job in fending off the
attack!" (Carlin: e-mail interview) Sherizen was one of the few
interviewees to refrain from using analogies in his discussion of hacking,
contending that:

Usually, arguing by analogy is a very weak argument. When it comes to
discussing the law, non-lawyers often try to approach arguments this way.
I don't think that we can go very far to determine appropriate behaviours
if we rely upon analogies. What we need to develop are some social
definitions of acceptable behaviour and then to structure "old law for new
technologies." The physical analogies may help to score points in a debate
but they are not helpful here at all (Sherizen e-mail interview).

The grey and indeterminate ethical quality of computing makes it difficult
to establish such a code of 'acceptable behaviour', and it is in an attempt
to do so that physical analogies are used. Goldstein (editor of Hacking
magazine 'Phrack') explores the ethical implications of hacking by
questioning the use of an analogy that likens hacking to trespass:

Some will say ... 'accessing a computer is far more sensitive than walking
into an unlocked office building.' If that is the case, why is it still so
easy to do? If it's possible for somebody to easily gain unauthorised
access to a computer that has information about me, I would like to know
about it. But somehow I don't think the company or agency running the
system would tell me that they have gaping security holes. Hackers, on the
other hand, are very open about what they discover which is why large
corporations hate them so much (Goldstein 1993).

The moral debate about hacking makes frequent use of such physical
analogies of 'theft' and 'trespass'. The choice of the physical analogy
reflecting the initial ethical position of the discussant and will be
biased towards the point that the discussant is attempting to establish,
and hence certain emotive images such as rape and burglary are repeatedly
used.

(i) Property issues

Members of the CSI tend to emphasise the authorisation and access rights
criteria relating to information. Such criteria are held to be fundamental
to an ethical outlook on computing issues because of they stem from the
basic belief that information and computer systems are the sole property of
their owners, in the same way that property rights exist in material
objects. Physical analogies become a means to restrict the computer
security debate: "to questions about privacy, property, possessive
individualism, and at best, the excesses of state surveillance, while it
closes off any examination of the activities of the corporate owners and
institutional sponsors of information technology (the most prized 'target'
of most hackers)." (Ross 1990: 83). This is a rather partisan
interpretation of the role analogies play in the socially shaping boundary
formation occurring within computing. A less controversial assessment,
would be that in contrast to the CU, the CSI emphasises the property rights
of system owners with its use of analogies that are often dramatic and
vivid: "As far as the raison d'=88tre for attackers, it is no more a valid
justification to attack systems because they are vulnerable than it is
valid to beat up babies because they can't defend themselves. If you are
going to demonstrate a weakness, you must do it with the permission of the
systems administrators and with a great deal of care" (Cohen: e-mail
interview).
The difficulty faced with analogies that seek to emphasise the way in which
hacking tends to transgress property rights, centres upon what we have
already seen as the increasingly immaterial aspects of information and
which is also shown in Chapter 7 to create various problems for drafting
effective computer misuse legislation: "copyability is INHERENT in
electronic media. You can xerox a book but not very well and you don't get
a nice binding and cover. Electronic media, video tape, computer discs
etc., do not have this limitation. Since the ability to copy is within the
nature of the media, it seems silly to try to prevent it" (Mercury: e-mail
interview). Software copying is an example of how duplication within
computing is inherently more easy than with physical commodities:
copyability is intrinsic to the medium itself. For example, Maelstrom
contends that he: "can't remember a single analogy that works. Theft is
taking something else that belongs to someone without his/her permission.
When you pirate you don't steal, you copy" (Maelstrom: e-mail interview).
Similarly, in the case of cracking:

In absolutely no case can the physical analogies of 'theft' and
'trespassing' be applied in the matter of computer system 'cracking'.
Computers are a reservoir for information expressed in bits of zeroes and
ones. Homes and property have things far more intrinsically valuable to
harbour. Information protected properly whilst residing on a system is not
at issue for 'theft'. Encryption should have been a standard feature to
begin with and truly confidential information should not be accessible in
any manner via a remote means (Tester: e-mail interview).

(ii) Analogies - breaking and entering

In order to emphasise the potential harm threatened to systems by anonymous
intruders the physical analogies used tend to concentrate upon the fear and
sense of violation that tend to accompany burglaries. The dispute between
the CSI and the CU as to whether it is ethical to break into systems is
most often conducted with reference to the analogy of breaking and entering
into a building. Because of the divergence between the real world and
cyberspace, however, even such a simple analogy is open to varying
interpretations: "My analogy is walking into an office building, asking a
secretary which way it is to the records room, and making some Xerox copies
of them. Far different than breaking and entering someone's home" (Cohen:
e-mail interview).
Cosell presents the following scenario with which he attempts to frame the
ethical issues surrounding hacking:

Consider: it is the middle of summer and you happen to be climbing in the
mountains and see a pack of teenagers roaming around an
abandoned-until-snow ski resort. There is no question of physical harm to
a person, since there will be no people around for months. They are
methodically searching EVERY truck, building, outbuilding, shed etc.,
trying EVERY window, trying to pick EVERY lock. When they find something
they can open, they wander into it, and emerge a while later. From your
vantage point, you can see no actual evidence of any theft or vandalism,
but then you can't actually see what they're doing while they're inside
whatever-it-is (Cosell: CuD 3:12 April 1991).

From this scenario, various questions arise, such as: do you call the
Police? what would the intruders be charged with? and would your response
be different if you were the owner of the resort? Someone more sympathetic
to the hacker point of view illustrated the fundamentally different way in
which the two groups, CSI and CU, conceptualise the ethical issues and the
corresponding use of physical analogies. He responded that:

Of course you should call the cops. Unless they are authorised to be on the
property, (by the owner) they are trespassing, and in the case of picking
locks, breaking and entering. However, you're trying to equate breaking
into a ski resort with breaking into a computer system. The difference
being: 99 times out of 100, the people breaking into a computer system only
want to learn, have forgotten a password, etc. ... 99 times out of 100, the
people breaking into the ski resort are out for free shit (Rob Heins CuD
3:13).

The CU accuse the CSI of preferring to use physical analogies in order to
marginalise a group, rather than make use of their information for
improving the security of systems:

When you refer to hacking as 'burglary and theft' ... it becomes easy to
think of these people as hardened criminals. But it's just not the case.
I don't know any burglars or thieves, yet I hang out with an awful lot of
hackers. It serves a definite purpose to blur the distinction, just as
pro-democracy demonstrators are referred to as rioters by nervous political
leaders. Those who have staked a claim in the industry fear that the
hackers will reveal vulnerabilities in their systems that they would just
as soon forget about (Emmanuel Goldstein: CuD 1:13).

This is one explanation of why, if physical analogies are inevitably only
crude analytical approximations and rhetorical devices with which to
conceptualise computing issues, they are frequently used by the CSI in
their discourse. Johnson argues in response to the claim that hackers
serve a useful purpose by pointing out security faults that:

If a policeman walks down the street testing doors to see if they are
locked, that's within his 'charter'- both ethically and legally. If one is
open, he is within the same 'charter' to investigate - to see if someone
else is trespassing. However, it's not in his 'charter' to go inside and
snoop through my personal belongings, nor to hunt for illegal materials
such as firearms or drugs ... If I come home and find the policeman in my
house, I can pretty well assume he's doing me a favour because he found my
door unlocked. However, if a self-appointed 'neighbourhood watch' monitor
decides to walk down the street checking doorknobs, he's probably
overstepped his 'charter'. If he finds my door unlocked and enters the
house, he's trespassing ... Life is complicated enough without
self-appointed watchdogs and messiahs trying to 'make my life safe (Bob
Johnson: e-mail interview).

Thus, hackers are seen to have no 'charter' which justifies their
incursions into other peoples' systems, such incursions being labelled as
trespass. Even comparisons to trespass, however, tend to be too limited
for those wishing to identify and label hacking as an immoral act.
Trespass is a civil and not a criminal offence. Onderwater, makes this
distinction with his particular use of analogies: "Trespassing means in
Holland if somebody leaves the door open and the guy goes in, stands in the
living room, crosses his arms and doesn't do anything." In contrast,
hacking involves the active overcoming of any security measures put before
hackers, Onderwater sees it as more analagous to the situation whereby:

you find somebody in your house and he is looking through your clothes in
your sleeping room, and you say 'what are you doing?' and he says 'well, I
was walking at the back of the garden and I saw that if I could get onto
the shed of your neighbour, there was a possibility to get onto the gutter,
and could get to your bathroom window, get it open, that was a mistake from
you, so I'd like to warn you ... You wouldn't see that as trespassing, you
would see that as breaking and entering, which it is and I think it's the
same with hacking (Onderwater: Hague interview).

(iii) Rejection of breaking and entering analogies - hackers use of
physical analogies: chess vs breaking and entering

Gongrijp's description of the motives lying behind hacking was typical of
the hackers I met. He concentrated on the intellectual stimulation it
affords as opposed to any desire just to trespass onto computer systems .
He emphasised the chess-like qualities of computer security, and was at
pains to reject any analogies that might compare hacking to physical
breaking and entering. Gongrijp contended that:

Computer security is like a chess-game, and all these people that say
breaking into my computer systems is like breaking into my house:
bull-shit, because securing your house is a very simple thing, you just put
locks on the doors and bars on the windows and then only brute force can
get into your house, like smashing a window. But a computer has a hundred
thousand intricate ways to get in, and it's a chess game with the people
that secure a computer... it's their job to make the new release of their
Unix system more secure, and it's the job of the hackers to break in
(Gongrijp: Amsterdam interview).

Goggans turns the burglar analogy on its head when he argues that:

People just can't seem to grasp the fact that a group of 20 year old kids
just might know a little more than they do, and rather than make good use
of us, they would rather just lock us away and keep on letting things pass
them by ... you can't stop burglars from robbing you when you leave the
doors open, but lock up the people who can close them for you, another
burglar will just walk right in (Goggans 1990).

The implication of these combined views, is that the analogy comparing
hacking with burglary fails because the real world barriers employed to
deter burglars are not used in the virtual world of computing. Such
preventative measures are either not used at all, or are of a qualitatively
different kind to the 'doors' and 'locks' that can be used in computing.
Such barriers can be overcome by technologically knowledgeable young
people, without violence or physical force of any kind. The overcoming of
such barriers, has a non-violent and intellectual quality that is not
apparent in more conventional forms of burglary, and which therefore throws
into question the whole suitability of such analogies.

(iv) Problems of using physical analogies as explanatory tools

The following excerpt is a newspaper editorial response to the acquittal of
Paul Bedworth case. It compares computer addiction to a physical addiction
for drugs:

This must surely be a perverse verdict ... Far from being unusual in staying
up half the night, Mr Bedworth was just doing what his fellows have done
for years. Scores of universities and private companies could each produce
a dozen software nerds as dedicated as he ... Few juries in drug cases look
so indulgently on the mixture of youth and addiction (Ind 18.3.93:
editorial p. 25).

This editorial emphasises how such analogies are utilised in an attempt to
formulate ethical responses to an activity of ambiguous ethical content.
As Goldstein pointed out, it becomes easier to attribute malign intent, if
using such analogies succeeds in making a convincing comparison between
hacking and an activity the public are more readily inclined to construe as
a malicious activity. The adaptability of this technique is shown by the
way the editorial continues to utilise a physical analogy in order to
elicit critical responses, this time against the victims of the previously
maligned hacker: "Leaving those passwords unchanged is like leaving the
chief executive's filing cabinet un-locked. Organisations that do so can
expect little public sympathy when their innermost secrets are brought into
public view."
The main reason why physical analogies tend not to succeed in any attempted
project of stigmatisation/'ethicalisation' of hacking events is the
difficulty of convincing people that events that transpire in virtual
reality are in fact comparable and equivalent to criminal acts in the
physical world. We have seen for example the weaknesses of breaking and
entering analogies. They flounder upon the fact that hacking intrusions do
not contain the same threats of transgression of personal physical space
and therefore a direct and actual physical threat to an individual. With
the complete absence of such a threat, hacking activity will primarily
remain viewed as an intellectual exercise and show of bravado rather than a
criminal act, even if, on occasion, direct physical harm may be an indirect
result of the technical interference caused by hacking.
Thus the use of analogies is fraught with problems of equivalence. Whilst
they may be useful as a rough comparison between the real and virtual
worlds, the innate but sometimes subtle, practical and ethical differences
between the two worlds mean that analogies cannot be relied upon as a
complete explanatory tool in seeking to understand the practical and
ethical implications of computing:

They simply don't map well and can create models which are subtly and
profoundly misleading. For example, when we think of theft in the physical
world, we are thinking of an act in which I might achieve possession of an
object only by removing it from yours. If I steal your horse, you can't
ride. With information, I can copy your software or data and leave the
copy in your possession entirely unaltered (Barlow: e-mail interview).

Information processed by computers is such that previous concepts of
scarcity break down when correspondence is sought between the real and
virtual worlds. It is not just conceptions of scarcity that are affected,
however, the extent to which information correlates with the real world is
questionable at the most fundamental levels:

Physical (and biological) analogies often are misleading as they appeal to
an understanding from an area in which different laws hold. Informatics
has often mislead naive people by choosing terms such as 'intelligent' or
'virus' though IT systems may not be compared to the human brain ... Many
users (and even 'experts') think of a password as a 'key' despite the fact
that you can easily 'guess' the password while it is difficult to do the
equivalent for a key (Brunnstein: e-mail interview).

Physical analogies are inevitably flawed in the respect that they can only
ever be used as an approximation of what occurs in 'cyberspace' in order to
relate it to the everyday physical world. Thus they attempt to evaluate
and understand computing activities using a more natural and comfortable
frame of reference. Hence the language is often used by the CSI to
describe computer attacks, and a security breach of the academic network
with the acronym JANET, was referred to as the 'rape of JANET'. Spafford
admitted to having one of his systems hacked into at least three times, he
argued that he: "didn't learn anything in particular that I didn't know
before. I felt quite violated by the whole thing, and did not view
anything positive from it."(Spafford US interview [Emphasis mine]). The CU
stresses the differences between the virtual and real worlds and contends
that the use of physical language in such a situation is not warranted.
For example, despite such use of the language of physicality, it is
difficult to conceive of a computer intrusion that could be as traumatising
as the actual bodily violation of a rape. A second, diametrically opposed,
reason for questioning the validity of physical analogies would be that
instead of overstating situations within computing, analogies used to
describe a computer intrusion actually understate the harm caused by the
intrusion due to the generic aspects of hacking identified earlier.
In John Perry Barlow's "Crime and Puzzlement" recourse is made to the
metaphors comparing hackers with cowboys from the nineteenth century USA.
This specific comparison of hackers with cowboys illustrates some of the
problems associated with the use of metaphors. The basis of this metaphor
rests upon the view of hackers as pioneers in the new field of computing,
just as cowboys were portrayed as pioneers of the 'Wild West'. Such a
metaphor, in addition to the above discussion of the applicability of the
concepts of trespass and theft to the world of computing, provides a useful
example of both the suitability and limitations of analogies in discussions
of hacking. Commentators tend to 'customise' common metaphors used in the
computer security debate, in order to derive from the metaphor the
particular emphasis desired to further the point being argued:

Much of what we 'know' about cowboys is a mixture of myth, unsubstantiated
glorification of 'independent he-men', Hollywood creations, and story
elements that contain many racist and sexist perspectives. I doubt that
cracker/hackers are either like the mythic cowboy or the 'true' cowboy ...
I think we should move away from the easy-but-inadequate analogy of the
cowboy to other, more experienced-based discussions (Sherizen: e-mail
interview).

The tendency to use the 'easy-but-inadequate analogy' applies significantly
to the orginator of the cowboy metaphor himself. Thus, when I asked John
Perry Barlow his views as to the accuracy of the metaphor, he replied:
"Given that I was the first person to use that metaphor, you're probably
asking the wrong guy. Or maybe not, inasmuch as I'm now more inclined to
view crackers as aboriginal natives rather than cowboys. Certainly, they
have an Indian view of property" (Barlow: e-mail interview).
More negative responses to the comparison of hackers with cowboys came from
the hackers themselves:

WHO is the electronic cowboy ... the electronic farmer, the electronic
saloon keeper? ... I am not sold. I offer no alternative, either. I wait
for hacking to evolve its own culture, its own stereotypes. There was a
T.V. show long ago, 'Have Gun Will Travel' about a gunslinger called
'Palladin'. The knightly metaphor ... but not one that was widely
accepted. Cowboys acted like cowboys, not knights, or Greeks, or cavemen.
Hackers are hackers not cowboys (Marotta: e-mail interview).

6.7 THE PROJECT OF PROFESSIONALISATION

6.7.1 Creation of the computer security market and professional ethos

The creation of the 'them and us' situation forms part of the process
whereby a professional status opposed to the hacking culture and ethic is
established. Examples have already been seen of the lack of cooperation
that exists between the CSI and the CU in Chapter 5, it gave various
reasons for the CSI not being able to trust hackers sufficiently enough for
cooperation to be feasible. The antagonism that exists between the CSI and
the CU contributes to a process of boundary formation, but there is also
the widely-held belief that, along with legitimate reasons for
differentiation between the two groups, there is also an element of
manufactured difference. Below are two examples, one from the commercial
sector, and one from the CU, of people who believe parts of the CSI are
involved in creating a market niche for themselves from which it then
becomes necessary to exclude hackers:

Computer security industry' sounds like some high-priced consultants to me.
Most of what they do could be summarised in a two-page leaflet - and its
common sense anyway. A consultant - particularly in the U.S. - spends
3/4ths of his or her effort justifying the fee (Barrie Bates: e-mail
interview).

These virus programs are about to make me sick! In two years of heavily
downloading from BBSs, I've yet to catch a virus from one. Peter Norton
should be drug to a field and shot! McAffe too (Eric Hunt: e-mail
interview).

The veracity of opinions such as those above may be difficult to separate
from their origin in the antagonism that exists between the CSI and the CU,
but allegations that 'viral hype' has been used as a means of helping to
create a computer security market come from security practitioners
themselves:

It's very hard getting facts on this because the media hype is used as a
trigger by people who are trying to sell anti-virus devices, programs,
scanners, whatever. This is put about very largely by companies who are
interested in the market and they try to stimulate the market by putting
the fear of God into people in order to sell their products, but selling
them on the back of fear rather than constructive benefits, because most of
the products in the industry are sold on constructive benefits. You always
sell the benefit first, this is selling it on the back of fear which is
rather different, "you'd better use our products or else" (Taylor:
Knutsford interview).

The whole process of enforcing and furthering the proprietary attitude to
information outlined in Chapter 3 is further strengthened by a new language
of physicality resulting from the advent of computer viruses10. Software
is infected, and systems are spoken of in terms of being repeatedly
'raped'. Computer viruses are described in terms similar to those employed
in discussions of the dangers of promiscuous sex. Prophylactic safety
measures are seen to be necessary to protect the moral majority from
'unprotected contact' with the degeneracy of a minority group. Ross argues
that 'viral hysteria' has been deliberately used by the software industry
to increase its market sales:

software vendors are now profiting from the new public distrust of program
copies ... the effects of the viruses have been to profitably clamp down
on copyright delinquency, and to generate the need for entirely new
industrial production of viral suppressors to contain the fallout. In this
respect it is hard to see how viruses could hardly, in the long run, have
benefited industry producers more (Ross 1990: 80).

In addition to the practical benefits the CSI has derived from the concerns
associated with viruses, the threat they pose to systems' security has been
used to reinforce ideological opposition to hackers and their
anti-proprietary attitudes:

Virus-conscious fear and loathing have clearly fed into the paranoid climate
of privatization that increasingly defines social identities in the new
post-Fordist order. The result -- a psycho-social closing of the ranks
around fortified private spheres -- runs directly counter to the ethic that
we might think of as residing at the architectural heart of information
technology. In its basic assembly structure, information technology is a
technology is a technology of processing, copying, replication, and
simulation, and therefore does not recognise the concept of private
information property (Ross 1990: 80).

The boundary formation exercise necessitates the exclusion of hackers from
influence within computing, whilst, at the same time, developing a
consistent ethical value system for 'legitimate' security professionals.
An example of boundary formation in action is the advent of computer
viruses and worms and the particular case of Robert Morris and the Internet
Worm. Cornell University published an official report into the Internet
Worm incident, concluding that one of the causes of the act was Morris'
lack of ethical awareness. The report censures the ambivalent ethical
atmosphere of Harvard, Morris' alma mater, where he failed to develop in a
computing context a clear ethical sense of right and wrong. Most
significantly, the judgement made upon the Morris case was full of implicit
assumptions that betrayed a boundary forming process in the way it stressed
the need for professional ethics in opposition to those of hackers.
Dougan and Gieryn (1988), sum up the boundary-forming aspects of responses
to the Internet Worm in their analysis of the e-mail debate that occurred
shortly after the incident. The computer community is characterised as
falling into two schools of thought with regard to their response to the
event. The first group is described as being organised around a principle
of 'mechanic solidarity, the second, one of 'organic solidarity'. The
mechanic solidarity group's binding principle is the emphasis they place
upon the ethical aspect of the Morris case, his actions are seen as
unequivocally wrong and the lesson to be learnt in order to prevent future
possible incidents is that a professional code of ethics needs to be
promulgated. These viewpoints have been illustrated in this study's
depiction of the hawkish response to hacking. The second group advocates a
policy more consistent with the dovish element of the CSI and those hackers
that argue their expertise could be more effectively utilised. They
criticise the first group for failing to prevent 'an accident waiting to
happen' and expecting that the teaching of computing ethics will solve
what they perceive as an essentially technical problem. The likelihood of
eliminating the problem with the propagation of a suitable code of
professional ethics seems to them remote:

I would like to remind everyone that the real bad guys do not share our
ethics and are thus not bound by them. We should make it as difficult as
possible -- (while preserving an environment conducive to research) for
this to happen again. The worm opened some eyes. Let's not close them
again by saying 'Gentlemen don't release worms' (Dougan and Gieryn 1988:
12).

The hacker Craig Neidorf known as 'Knight Lightning', in his report on a
CSI conference, underlines the theory that the debate over hacking centres
upon a project of professionalisation, with the argument that what mostly
distinguishes the two groups is the form, rather than content of the
knowledge they seek to utilise:

Zenner and Denning11 alike discussed the nature of Phrack's12 articles.
They found that the articles appearing in Phrack contained the same types
of material found publicly in other computer and security magazines, but
with one significant difference. The tone of the articles. An article
named 'How to Hack Unix' in Phrack usually contained very similar
information to an article you might see in Communications of the ACM only
to be named 'Securing Unix Systems'. (Craig Neidorf: CuD 2.07).

The implication is that hackers' security knowledge is not sought due to
reasons other than its lack of technical value; instead the CSI fails to
utilise such knowledge more fully because it interferes with their
boundary-forming project that centres upon attempting to define the
difference between a hacker and a 'computer professional':

Ironically, these hackers are perhaps driven by the same need to explore, to
test technical limits that motivates computer professionals; they decompose
problems, develop an understanding of them and then overcome them. But
apparently not all hackers recognise the difference between penetrating the
technical secrets of their own computer and penetrating a network of
computers that belong to others. And therein lies a key distinction
between a computer professional and someone who knows a lot about
computers. (Edward Parrish 1989).

Another interesting example of the similar traits that the CSI and CU share
in common, is the case of Clifford Stoll's investigation of an intrusion
into the Berkeley University computer laboratories, which he subsequently
wrote up in the form of a best-selling book, The Cuckoo's Egg. Thomas
points out that:

Any computer undergrounder can identify with and appreciate Stoll's
obsession and patience in attempting to trace the hacker through a maze of
international gateways and computer systems. But, Stoll apparently misses
the obvious affinity he has with those he condemns. He simply dismisses
hackers as 'monsters' and displays virtually no recognition of the
similarities between his own activity and those of the computer
underground. This is what makes Stoll's work so dangerous: His work is an
unreflective exercise in self-promotion, a tome that divides the sacred
world of technocrats from the profane activities of those who would
challenge it; Stoll stigmatises without understanding (Thomas 1990).

What makes Stoll's behaviour even less understandable is that throughout
the book he recounts how he himself engages in the same kind of activities
that he criticises others for indulging in. This fact that Stoll labels
hackers as 'monsters' despite the fact he shares some of their qualities13
is indicative of the boundary forming process the CSI have entered upon.
The process also involves other groups that are involved in the de facto
marginalisation of hackers whilst not actually being directly involved in
computing, examples of such groups are the various government agencies and
politicians involved in the drafting of legislation about hacking.
Combined together, these groups have contributed towards a response to
hacking that has been labelled a 'witch-hunt' mentality by some observers.

6.7.2 Witch-hunts and hackers

Part of the cause of the witch-hunt mentality, that has allegedly been
applied to hackers, is the increasing tendency within society towards the
privatisation of consumption examined in the early chapters. The pressures
to commodify information can be seen as an extension of the decline of the
public ethos in modern society which is accompanied by the search for
scapegoats that will justify the retreat from communitarian spirit. The
hacker is the latest such scapegoat of modern times in a series including
Communism, terrorism, child abductors and AIDS:

More and more of our neighbours live in armed compounds. Alarms blare
continuously. Potentially happy people give their lives over to the
corporate state as though the world were so dangerous outside its veil of
collective immunity that they have no choice ... The perfect bogeyman for
modern times is the Cyberpunk! He is so smart he makes you feel even more
stupid than you usually do. He knows this complex country in which you're
perpetually lost. He understands the value of things you can't
conceptualize long enough to cash in on. He is the one-eyed man in the
Country of the Blind (Barlow 1990: 56).

This is the root of peoples' fear of hackers and the reason why they are
labelled as deviant within society despite the fact that, as we have seen
above, hackers share some of the same characteristics as their CSI
counterparts. The simultaneous existence of shared characteristics and
deviant status for hackers is a necessary result of the fact that:

The kinds of practices labelled deviant correspond to those values on which
the community places its highest premium. Materialist cultures are beset
by theft (although that crime is meaningless in a utopian commune where all
property is shared) ... The correspondence between kind of deviance and a
community's salient values is no accident ... deviants and conformists both
are shaped by the same cultural pressures -- and thus share some, if not
all, common values -- though they may vary in their opportunities to pursue
valued ends via legitimate means. Deviance ... emerges exactly where it is
most feared, in part because every community encourages some of its members
to become Darth Vader, taking 'the force' over to the 'dark side' (Dougan
and Gieryn 1990: 4).

The vocalised antagonism between the CSI and CU and the exaggerated
portrayals of the media examined in this chapter are part of the process
whereby hackers are marginalised and defined as deviant. In the quotation
below Stoll is singled out to personify this process but the method he uses
is held in common with all the other figures quoted in this chapter who
contribute to the 'them and us' scenario by the strength of the views they
express and the analogies they choose to express them with:

Witch hunts begin when the targets are labelled as 'other', as something
quite different from normal people. In Stoll's view, hackers, like
witches, are creatures not quite like the rest of us, and his repetitious
use of such pejorative terms as 'rats,' 'monsters,' 'vandals,' and
'bastard' transforms the hacker into something less than human ... In a
classic example of a degradation ritual, Stoll -- through assertion and
hyperbole rather than reasoned argument -- has redefined the moral status
of hackers into something menacing (Thomas 1990).

6.7.3 Closure - the evolution of attitudes

The witch hunt process is a device to facilitate what Bijker and Law (1992)
have analysed as closure. The notion is usefully illustrated by examining
the evolution of society's attitudes from the benign tolerance of the early
MIT hackers to the present climate of anti-hacking legislation. In
addition to Levy's identification of three generations of hackers14,
Landreth suggests the arrival of a fourth generation of hackers when he
talks of a major change occurring in the CU around about the time the
elitist hacking group he joined known as the "Inner Circle" was set up. In
addition to the effect of the increased dispersal of micro-computers, there
was also the effect of the hacker movie Wargames.: "In a matter of months
the number of self-proclaimed hackers tripled, then quadrupled. You
couldn't get through to any of the old bulletin boards any more - the
telephone numbers were busy all night long. Even worse, you could
delicately work to gain entrance to a system, only to find dozens of
novices blithely tromping around the files" (Landreth 1985 :18). These
'wannabe' hackers reflect the relative immaturity and absence of the
original hacker ethic that characterises the latest manifestation of
hacking. Chris Goggans from the Legion of Doom concurs with this
identification of a change in the basic nature of the CU environment. In
the early days:

People were friendly, computer users were very social. Information was
handed down freely, there was a true feeling of brotherhood in the
underground. As the years went on people became more and more anti-social.
As it became more and more difficult to blue-box the social feeling of the
underground began to vanish. People began to hoard information and turn
people in for revenge. The underground today is not fun. It is very power
hungry, almost feral in its actions. People are grouped off: you like me
or you like him, you cannot like both ... The subculture I grew up with ,
learned in, and contributed to, has decayed into something gross and
twisted that I shamefully admit connection with. Everything changes and
everything dies, and I am certain that within ten years there will be no
such thing as a computer underground. I'm glad I saw it in its prime
(Goggans: e-mail interview).

Thus one reason for the changing nature of the computer underground is
simply the fact that more would-be hackers arrived. 'Elite' hackers such
as Goggans felt that this cheapened in some way the ethos and atmosphere of
camaradarie that had previously existed within the CU. Feelings of
superiority which help to fuel the motivation of a hacker had become
undermined by the advent of too many 'wanna-be' young hackers. Sheer
numbers alone would mean the demise of the previous emphasis hackers placed
upon sharing knowledge and the importance of educating young hackers. The
idiosyncratic actions of the first generation hackers, within the isolated
academic context of MIT, were often praised for their inventiveness.
Similar actions in the wider modern computing community tend to be
automatically more disruptive and liable to censure.
The reasons for this change in attitude are inextricably linked with the
evolution of computing as a technology. Herschberg argues that computer
security can be compared to the experiments of the Wright brothers, yet
apart from such peripheral 'dovish' sentiments, the climate within the CSI
and society as a whole is increasingly unsympathetic to the claims by
hackers that they represent innocent intellectual explorers: closure in
computer security has occurred. Leichter's perception of the evolution of
hacking is at odds with that of Herschberg. He too uses an airplane
analogy but prefers to emphasise that:

When the first 'airplane hackers' began working on their devices, they were
free to do essentially as they pleased. If they crashed and killed
themselves well, that was too bad. If their planes worked - so much the
better. After it became possible to build working airplanes , there
followed a period in which anyone could build one and fly where he liked.
But in the long run that became untenable ... If you want to fly today, you
must get a license. You must work within a whole set of regulations (Jerry
Leichter: CuD 4.18).

Over time, technologies develop, and as a result, people's interactions
with that technology, even if they remain unchanged, will be viewed
differently as society adapts to the changing technology. An example of
this is the changing role of system crashes. In the earliest days of
computing, the computers functioned by means of large glass valves, which
after relatively short periods of use were liable to over-heat, thus
causing a system crash. Even if hackers were responsible for some of the
system crashes that occurred, the fact that they were equally liable to be
caused by other non-hacker means, led to a climate whereby hacker-induced
crashes were accepted as a minor inconvenience even when they were
extremely disruptive by today's standards. This is an example, therefore,
of the importance of taking into account the societal context of an act
involving technology before an evaluation of its ethical content is made.

6.8 CONCLUSION

This chapter has traced the origin of the ethical debate between the CSI
and the CU, showing how the novel nature of some of the situations thrown
up by computing has resulted in a process of negotiation. This process
takes the form of markedly different ethical responses to the novel
situations being made and competing with each other. The contrasting
interests and perspectives of the two groups is highlighted by the fact
that whilst hackers see their activity as manifesting ethical concern over
potential governmental and commercial abuses of privacy, the CSI prefers to
see the activity as unethical or as evidence of a general decline in social
values.
There are two important elements of doubt regarding the view of the CSI.
Firstly, the argument that hacking is intrinsically unethical is weakened
by the fact that, as Levy documents, the same acts of hacking that are now
criticised as immoral, were benignly tolerated in the days of the early MIT
hackers. Bloombecker even goes so far as to claim that what would nowadays
be labelled a computer criminal, helped to make computing what it is.
Cohen also asserts, that unofficially, hackers are often used commercially
to check the security of systems. Secondly, the chapter has shown, that an
increasing aspect of computing is the way in which it produces novel
situations where there seem to be no clear-cut boundaries between right and
wrong. This is most noticeable in the situations produced by technology
that are most divorced from everyday experience, typified by the notion of
cyberspace. Ethical uncertainty concerning hacking is also exacerbated by
the fact that the activity is often motivated by a series of complex
factors. The fact that there is a keen debate, both within the CSI, and
between the CSI and the CU, implies that any purported immorality of
hacking is due to the social shaping of a perception that has evolved from
the MIT days of benign tolerance to the present atmosphere of
criminalisation.
An important part of this process of social shaping is the way in which
physical analogies are used in the formation of computer ethics. They are
being increasingly used in professional discussions of the issues as part
of the process of group delineation. Where previously there were only
blurred or indefinite computer ethics, physical analogies are now used to
establish clearer computing mores. The need to use physical analogies in
the first place arises because hacking takes place in the qualitatively
new realm of human experience: cyberspace. The fact that the real world
and cyberspace are such different realms has led to a need to explain and
make ethical judgements about hacking from a conventional frame of
reference, that is, using analogies based upon the physical world.
The constant use of physical analogies and metaphors in discussing the
legal and ethical issues of hacking is thus an attempt to redefine, in a
practical manner, the concept of informational property rights, as they are
to be applied in the computer age. The use of analogies is much more
common within the CSI than it is from hackers themselves. This is because
the CSI have a general need to make comparisons between cyberspace and the
real world in order to legitimate their role and to demonise the CU.
Hackers do not have this need; their behaviour is based upon accepting
computing as a realm of intellectual and social experimentation, and they
find it attractive because of the very fact that it is different from the
real world.
In summary, there are perennial claims from each successive generation that
the youth of the age are largely unethical, and that they are harbingers of
a break-down in the general moral order. Such claims are perhaps an
inevitable part of the human condition, and its inter-generational
relations. This study, however, is more concerned with the specific
aspects of computing that give rise to qualitatively new circumstances
facing computer users, the ethics of which are indeterminate. These
situations encourage behaviour, which, to be recognised as unethical,
assumes that an adequate and convincing comparison can be made with
non-computing situations. It is the difficulty of attempting to
conceptualise the ethics of computer-induced scenarios that leads to
attempts to translate them into a more easily understood and common-place
experience.
The chapter shows, however, that there is doubts as to whether 'real-world'
ethics can be transposed in such a literal manner. This is illustrated by
the various examples given of the CSI's alleged double standards. These
examples imply that the vagueness of computing ethics is such that any
professional code of ethics that is produced is likely to be more the
result of one group enforcing its value system on another group, rather
than one group having any inherently superior moral advantage in the
ethical debate.
The process whereby one group's value system can be imposed upon another
has been analysed in a frame of reference that compares the increasing
marginalisation of hackers from mainstream computer usage to the practice
of witch-hunts. One analysis of the gradual stigmatisation of hackers is
that they have been part of a degradation ritual whereby a more dominant
social group has progressively alienated them from 'normal' society in
order to promote its professional interest. The role of the media in this
process has been shown by the way it projects hackers as stigmatised
'others', thus aiding the boundary forming professionalisation process of
the CSI.
Particular examples of the process of group differentiation and
professionalisation have been given, relating to the advent of viruses and
the specific case of the Internet Worm. The likelihood of eliminating
threats to computer security with the propagation of a suitable code of
professional ethics seems remote considering the extent of the CU's ethical
disagreement with the CSI and the thrill obtained from the very fact that
the CU is 'underground'. Despite this, once the process of
professionalisation has been initiated, the temptation is to proceed to
codify the nascent but dominant group's response to computing's ethical
dilemmas, by means of legislation.
The subsequent closure of computing technology has occurred to such an
extent that the hippy-like ethos of the CU looks increasingly anachronistic
in the 1980's and 90's. In so far as hackers have represented a force of
anti-capitalistic information-sharing, their stance seems to have absorbed
within the state's sponsorship of the development of computing technology.
The second generation hard-ware hackers such as Steve Wozniak, have seen
their 'wholesome and green' product (hence the name 'Apple') brought to the
masses as indeed they wished, but significantly as a commodified product.
This is perhaps a reflection of the market's ability to co-opt and absorb
radical change. It threatens, in the case of hackers, to undermine their
status as a group embodying alternative values. The new generation of
'wanna-be' hackers, is significant because it represents more than simply
adolescent boys intrigued by the intellectual challenge and feelings of
power of illicit computing. In addition, they also represent the
increasing tendency of information to be viewed as a tradeable commodity in
the form of 'Amiga kid'-type groups. Their illicit blackmarket activities
and their seemingly amoral views regarding the ethical implications of
accessing and manipulating other peoples' information represents the
extreme end of a spectrum which also includes the activity of 'benign'
hackers. It is a spectrum whose various points reflect some of the ethical
issues that society still has to satisfactorily address regarding
information and the implications of its changing properties.
An example of the unsettled nature of society's response to information is
the doubt that still remains regarding the effects of its policy of closure
towards hackers. The question still arises from the above analysis of
whether the evolution of attitudes towards the CU is in response to a
change in its nature towards a more crime-orientated environment, or
whether the increased tendency to perceive and portray hacking as a
criminal and unethical activity has taken on the quality of a
self-fulfilling prophecy, driving would-be 'pleasure hackers' into the arms
of the criminal underground. The implications of this latter scenario are
examined in the next chapter.

1 Thus Eric Goggans and Robert Schifreen (as well as several other hackers
encountered in the fieldwork) have started their own computer firms;
Professor Herschberg has contacts with and produces interaction between
hackers and the security industry by means of his consultancy work, and the
authorised and unauthorised (in the case of accepting a documented hack in
lieu of a dissertation) use of students to test systems.
2 Fear of boundary transgression is vividly portrayed in such urban legends
as 'The Mexican Dog' and 'The Choking Doberman', c.f. Woolgar (1990).
3 Joseph Lewis Popp: he was charged in January 1990 with using a trojan
horse hidden within a diskette to extort money from recipients whose
systems had subsequently become infected. The trial did not come to court,
however, because his defence argued that he was mentally unfit to stand
trial. They described how he had taken to putting hair curlers in his
beard and wearing a cardboard box on his head in an apparent attempt to
protect himself from radiation.
4 c.f. Appendix 1's summary of the fieldwork's statistical evidence of the
age factor.
5 Sterling 1993: 95
6 references taken from CuD 4.11
7 As shown with the title of Paul Mungo's article: "Satanic Viruses" (c.f.
bibliiography)
8 c.f. CuD 3:37
9 Channel 4 Television, November 1989

10 c.f Woolgar 1990.

11 The former was the defence lawyer for Craig Neidorf in the E911 trial of
1990, Dorothy Denning being a computer scientist from Georgetown
University, Washington, with an academic interest in CU issues.
12 CU electronic magazine
13 Thomas' review of The Cuckoo's Egg includes numerous examples of Stoll
indulging in such activities as borrowng other peoples' computers without
permission and monitoring other peoples' electronic communications without
authorisation.
14 c.f. Appendix 2 for a full account.

------------------------------

Date: Thu, 7 May 1997 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 2--Cu Digest Header Info (unchanged since 7 May, 1997)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6359)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5590 (and via Ripco on internet);
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

In ITALY: ZERO! BBS: +39-11-6507540

UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Part 2 (of 2) of Computer Underground Digest #9.59
************************************

人已赞赏
安全工具

<p>cifs.<p>txt文件.</p>

2020-2-6 3:17:26

安全工具

<p>序列攻击.<p>txt.</p>

2020-2-6 3:17:33

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索