Hackers, eh? Not the 1995 Angelina Jolie vehicle where young Zero Cool, childhood hacker, caused the NYSE to drop due to his computer antics. Here, “hackers” refers to the group of technologists as complex as the subject also noted in the title: ethics. Before these people were breaking into Target, Equifax, Blue Cross, and countless other victims’ systems, some of the early adopters of hacking targeted phone booths. Those, my youthful readers, used to provide the same basic calling function as your Galaxy or iPhone, only phone booths were publicly available transparent closets with a phone built inside. We dropped coins into a slot to make a call. We ignored the aroma of the public who’d used it before, some not for a call at all, transparency ignored. These so-called payphones were one original target, circa 1950s, of hackers who were then known as phreakers (“phone” melded into “freak”). They circumvented AT&T’s protocols by mimicking the tone made by coins dropping in.
Phreakers were hackers with malicious motives—i.e., stealing phone calls. Also, though, many manifested a sense of honor and accomplishment through their criminal antics. We can agree that rebelliousness and anti-establishment sentiments prevailed in the fifties and sixties, and these crafty scofflaws believed in freedom of communications. So born was one of the hacker’s ethics.
Ethics is a complicated and complex concept. Is it morality? More, less, different from morality? What sources lend to one’s ethic? Like fingerprints, we each bear very personal senses of ethics. Unlike fingerprints, if you are a respectable member of society your ethic will evolve and improve over time as your life experiences add up. Or, of course, it could change for the worse.
Many ethics scholars, whose day-to-day work is most unusual in examining this nebulous part of humanity, would say that our dynamic, personal ethic has inputs such as from family and upbringing values. Our religious beliefs contribute to our ethic. The laws and rules of living amongst others frame it. Sometimes, such as for us lawyers, a professional set of ethical rules confine our behavior and actions. Some people observe model behavior and try to replicate it by fine tuning their ethic to conform. There’s an inexhaustible list of inputs, but you can sense that morality does in fact bear, too. Whatever your guiding inputs, it’s still your personal ethic that informs your decisions and actions.
Hackers comprise a population as complex as the concept of ethics. They are highly skilled in technology. They’re creative. While we all tend to immediately think of the negative implications of hacking, which conjures scenes of breaking into something without having appropriate permission, hackers aren’t all bad. In fact, in recent years an entire discipline of ethical hacking has come into the profession.
An ethical hacker is someone who’s been trained, likely complemented with self-training, with the same basic knowledge, skills, and abilities as the unethical hackers. They use specialized tools and techniques to overcome security protocols within all levels and types of organizations. I suspect, for example, that when Sony, Marriott, or the companies mentioned above got hacked to detrimental, costly ends, they were simultaneously employing technology experts who serve them as ethical hackers. Those talented techies use their hacking toolboxes to test the security effectiveness. They, in one sense, play games for their work day, trying to break into their own company’s secured assets. They simulate security incidents in order to better be prepared. The best and brightest seek out the industry accepted designation as a Certified Ethical Hacker.
Think of ethical hackers no differently than locksmiths. Could a locksmith rather easily circumvent your front door lock? Could they install or fix your locks, all the while sneakily setting up an entryway that their conspirators later use to break in? There are many ways that the locksmith can use their skills for good or bad. Same with ethical hackers. In fact, just like locksmiths and their “system” of hardware security solutions—deadbolts, vehicle locks, combinations, other approaches, and all the special tools and tricks—the field of hackers and their skillsets is also comprised of good and bad actors. Those systems, whether computer systems or the hardware lock environment, need people who bear those special skills.
Even if you’ve always had the understanding that hacking, in and of itself, isn’t necessarily a wicked act, you and I are programmed, if you will, to hear or read the word and envision up its negatives. Every day there are newsworthy stories of the ill effects of hackers. It costs us, literally, billions of dollars at least every year. Companies that are hacked don’t typically just have a meeting postmortem and agree, “Welp. We got hacked again. Man, this is costing us a fortune.” No. Rather, it’s more like, “Whoa! That breach is going to cost us a ton. Where can we pass those costs along to our customers or clients without losing their business?”
Hacking and hackers are part of the technological landscape. More often than most believe, these experts provide benefits to companies, the government, and society at large. There are some skills and abilities that you bear that also could be used for good or for bad. It’s not limited to locksmiths, hackers, not law enforcement or lawyers, not any field of expertise. Your mere ability to speak and act puts you in the position to be capable of evil or good. Thus, no matter what the many, maybe indescribable, influences are that affect your personal ethic, it’s that framework that moves your words or actions in the direction they travel. I hope that, as I do when helping train ethical hackers, you embrace, celebrate, and continually advance your ethics for good.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at firstname.lastname@example.org.