Hacking is not a crime – and the media should stop using 'hacker' as a pejorative
Hackers are friends not foes, says Alyssa Miller in this opening argument for our latest debate
Register debate Welcome to the latest Register Debate in which writers discuss technology topics, and you – the reader – choose the winning argument. The format is simple: a motion is proposed, the argument for the motion is published today, and the argument against will be published on Friday.
During the week you can cast your vote using the embedded poll, choosing whether you're in favor or against the motion. The final score will be announced next Tuesday, revealing whether the for or against argument was most popular. It's up to our writers to convince you to vote for their side.
This week's motion is: Hacking is not a crime, and the media should stop using 'hacker' as a pejorative.
And now, arguing FOR the motion is ALYSSA MILLER...
Using the term “hacker” to describe cyber criminals is an unfortunate habit that plagues modern media. The accompanying imagery of hoodie-clad individuals hunched over computer displays in darkened rooms exacerbates the issue. The predominance of associating hacker with cyber criminals has exploded as cyber-attacks and breaches have become regular topics in mainstream media. However, using “hacker” in such a pejorative manner is perilous, both for its lack of precision and the counter-productive impact it can have on society.
Hacker has been used in connection with technology since at least the 1950s when a student in MIT’s Tech Model Railroad Club (TMRC) produced a dictionary of terms that defines both “hack” and “hacker.” At the time, the terms didn’t denote any form of criminality or ill intent. In fact in an annotated version of the dictionary that Peter Samson republished in September of 2005, he states his intended meaning of a hack as an “unconventional or unorthodox application of technology” and a hacker as one who “avoids the standard solution.”
However, since those beginnings, hacker has taken on more of a dual meaning. The concept of good and bad hackers is evident across society. The Oxford, Cambridge, and Merriam-Webster dictionaries each provide dueling definitions of hackers as both technology enthusiasts and criminal actors. Three popular hacker movies of the 1990s – Sneakers, Hackers, and The Net – depict conflicts between good hackers and criminal hackers. Including both noble and malicious actors under the same hacker umbrella confirms that hacking is a concept that is separate from one’s motivations or intentions.
The false equivalence between hacker and cyber criminal is also evident when, in some cases, the perpetrators of a crime may not be hackers at all. In a world where malware, ransomware, and other tools of the criminal trade are packaged and sold as commodity kits requiring no technological expertise, claiming the user of such a kit to be a hacker is dubious at best. Stating that hackers stole 3 million health records when the actors are not known is akin to claiming firearms enthusiasts robbed a bank simply because they were armed with guns.
Stating that hackers stole 3 million health records when the actors are not known is akin to claiming firearms enthusiasts robbed a bank simply because they were armed with guns
But it’s more than just the lack of precision that is problematic. Using hacker as a pejorative also distorts social views of hackers, fostering the belief that hackers are inherently malicious in nature. However, corporate America has shown us that clearly this is not the case. Hundreds of thousands of people are employed world-wide as so-called ethical hackers to help businesses find and remediate security vulnerabilities in their systems. Some organizations leverage bug-bounty programs, paying hackers that find and report security flaws in their systems. As Keren Elazari, security analyst and speaker put it, hackers are “the immune system of the internet.”
Allowing our media representations to portray hacker as equivalent to criminal actors makes the work of principled hackers even harder. For instance, in April of 2019, YouTube infamously banned “Instructional hacking and phishing” videos on their platform. Over the following months, many online content creators whose videos helped hackers learn the trade and advance their skills to perform better in their jobs, saw their channels demonetized and their content removed from the site. Thus, important resources for developing skilled defenders against cyber-criminals all at once were taken away.
It is important that the media be an active participant in accurately portraying the difference between hacking and criminal activity. Using inexact language and negatively influencing societal perception only serves to drive a wedge between those that count on technology to support their digital way of life and those best equipped to help defend it. ®
Alyssa Miller is a life-long hacker, security advocate, and cyber security leader. She is the Business Information Security Officer (BISO) for S&P Global Ratings and has over 15 years experience in security roles. She is heavily involved in the cyber-security community as an international speaker, author, and advocate. Alyssa is a member of the WiCyS Racial Equity Committee, Chapter Leader for Women of Security (WoSEC), and board member for Blue Team Con and Circle City Con. Her views, research, and career journey have been featured in “Tribe of Hackers: Blue Team”, SC Magazine, Cybercrime Magazine, and various other media appearances.