Well to be very honest I’m hacker apprentice, and definitively I’m not a criminal by any measure. I recall being a young boy and being fascinated by the books about ‘How things work’ when I had the chance to hit the school library. I really wanted to understand inside out how it was possible for iron in the form of a boat to stay afloat and sail, or cruise the skies in the form of an aeroplane, not to mention making it to the moon. Certainly, I was looking forward to contributing inventions of my own, and since the age of mechanics was over, I set my mind on computers. Mind you, this was when computers were sold with 1KB of (RAM) memory and 8 bits CPU.
I was always interested in understanding the mechanics that made that possible, the pieces of software code that enabled the magic; I was always being curious and defiant.
My first summer job, some 25 years ago, was all about sorting dusty folders, and I mean paper folders on dusty shelves, not files on a computer at the ease of a mouse click. The only mice around would be the kind with four legs and a tail.
One day, I was excited to see a printer being installed in a lovely computer room, producing documents with nicely arranged tables with names and figures. When one of the senior finance department guys came in to retrieve it and continue to work on his desk, to my astonishment he was reading the information and then copying it by hand one row at a time. I was puzzled so I approached him, “Why do you copy data by hand? You could ask the computer to print a second copy!” He volunteered that it was impossible for a computer to write the payroll checks since the amounts need to be written both in numbers and letters, and the computers could only deal with ‘numbers’.
Ha! That was my opportunity to get away from the dusty folders! I created a proposal for an enhancement to the payroll application (we called it a “program” on those days) that would write payroll checks straight from the computer printer with no human needing to write up the checks. Of course, I succeeded, and the financial guy was so happy to get released of his tedious task and I was equally happy to leave those paper folders “in the dust.” I’d just hacked the payroll program — for purposes of good — I just reversed how it worked, enhanced it and delivered value to the company.
Of course, I’m hacker, and I’m proud of it even if I’m only an apprentice, I’m still interested in understanding how things work, and how I can enhance them, and how to make them more functionality rich or more secure. I have the privilege of being acquainted with some serious hackers like Chema Alonso, who recently led an initiative out of his blog to ask the RAE (the Royal Academy of Spanish language) for a change of the official definition of hackers as a computer pirate. You can join the request at change.org . As he puts it, he’s not someone unlocking a piece of software for profit, illegally downloading movies, or publishing a dialer app on a marketplace. He’s a very serious security researcher leading an organization that works side by side with law enforcement across the globe to make the Internet a more secure place to work, play, learn, connect with friends or conduct business. I’m grateful that Chema is hacking apps for the benefit of all us, and you should be too.
Yes, there are cybercriminals, and they should be prosecuted to the full strength of the law and to that end we’re seeing the Obama administration doing advancements on the Computer Fraud and Abuse Act (CFAA), originally passed back in 1984 (Orwell anyone?) However, first things first. A hacker is a hacker and it’s not necessary a cybercriminal. So what constitutes a cybercrime? Here is where the mess heats up, as many eyebrows have raised after having had access to some drafts of the new plan, reviewed by experts who have expressed concerns with the definitions as being very broad and not necessarily connected with a criminal act. I’m neither a lawyer nor a legal expert but I need to concur with the view of Professor Orin Kerr expressed on a fine article at ArsTechnica, please allow me to cite two quick passages:
A hacker would exceed authorization when accessing information “for a purpose that the accesser knows is not authorized by the computer owner.”
If your employer has a policy that ‘company computers can be accessed only for work-related purposes,’ and you access the computer for personal reasons, then you presumably would be accessing the computer for a purpose that you know the employer has not allowed”
Similar law enforcement efforts are popping out across various countries, like these days in France still under the shock of the Al Qaeda backed murders of the Charlie Hebdo staffers; the country is more easily biased towards trading privacy for security, granting law enforcement agencies rights to peer over our communications to guarantee that we are not engaged in criminal activities. But how that could be different from the control that we are seeing from the Chinese authorities controlling the Internet flowing to their citizens through a firewall commonly referred as the Great Firewall?
But of course, this sets the stage for a broader topic. What constitutes a crime? And frankly speaking, that’s a tough one, a very tough one. So complex that I can’t even frame it properly, because as you would recall I’m neither a lawyer nor a criminal, only a hacker apprentice. Thoughts out there?
jaume ayerbe 