Government Use of Hackers as an Object of Fear
Interesting article about the perception of hackers in popular culture, and how the government uses the general fear of them to push for more power:
But these more serious threats don’t seem to loom as large as hackers in the minds of those who make the laws and regulations that shape the Internet. It is the hacker—a sort of modern folk devil who personifies our anxieties about technology—who gets all the attention. The result is a set of increasingly paranoid and restrictive laws and regulations affecting our abilities to communicate freely and privately online, to use and control our own technology, and which puts users at risk for overzealous prosecutions and invasive electronic search and seizure practices. The Computer Fraud and Abuse Act, the cornerstone of domestic computer-crime legislation, is overly broad and poorly defined. Since its passage in 1986, it has created a pile of confused caselaw and overzealous prosecutions. The Departments of Defense and Homeland Security manipulate fears of techno-disasters to garner funding and support for laws and initiatives, such as the recently proposed Cyber Intelligence Sharing and Protection Act, that could have horrific implications for user rights. In order to protect our rights to free speech and privacy on the internet, we need to seriously reconsider those laws and the shadowy figure used to rationalize them.
[…]
In the effort to protect society and the state from the ravages of this imagined hacker, the US government has adopted overbroad, vaguely worded laws and regulations which severely undermine internet freedom and threaten the Internet’s role as a place of political and creative expression. In an effort to stay ahead of the wily hacker, laws like the Computer Fraud and Abuse Act (CFAA) focus on electronic conduct or actions, rather than the intent of or actual harm caused by those actions. This leads to a wide range of seemingly innocuous digital activities potentially being treated as criminal acts. Distrust for the hacker politics of Internet freedom, privacy, and access abets the development of ever-stricter copyright regimes, or laws like the proposed Cyber Intelligence Sharing and Protection Act, which if passed would have disastrous implications for personal privacy online.
Note that this was written last year, before any of the recent overzealous prosecutions.
Clive Robinson • April 8, 2013 9:30 AM
The problem is not just in the US.
Back in the 1980’s in the UK various people were prosecuted with all sorts of nonsense in an attempt to define computer activities within existing fraud and other legislation.
Eventually a rather stupid attempt by the authorities to prosecute two supposed hackers (Robert Schifreen & Steven Gold) for pointing out a glaring error by system designers and system administrators resulted in the House of Lords throwing out the case and strongly telling parliment that it should come up with appropriate legislation ( http://en.m.wikipedia.org/wiki/Computer_Misuse_Act_1990 )
I was fortunate in that although I’d been involved in one or two other notable event’s prior to this [1] my natural waryness had stoped me becoming an earlier victim.
Basicaly British Telecom had two services the Gold business system and the Prestel TeleText system.
Basicaly Gold engineers and the Gold managment had lied to the press about the security of Gold after a highly embarising incident and I’d found out by a simple series of tests. And being involved with the Association of Commpuert Clubs (ACC), I pointed out this lie and the further security weaknesses to the senior ACC members Len Stuart and Vernon Quaintance involved with Gold&Prestel. I showed Len what the issue was and he encoraged me to write it up as a private page on Prestel (which I did) and he then contacted the Gold managment via Micronet800. Well nothing happened for a day or so then Gold Managment wanted to see a “demonstration of the fault”. I smelled a rat when they talked about “demonstrating the fault” after I’d provided explicit instructions via the ACC. I declined and there was then preasure applied via Micronet800 to do the demo. I spoke to my then boss about this and he spoke to a couple of legaly minded people who said don’t unless you’ve a cast iron guaranty of immunity. The preasure mounted and various people were saying “it’s just a demo” and I followed the advise and when I asked about immunity suddenly the whole demo idea disappeared, which made me deeply suspicious…
But back to Robert and Steve’s little misadventure which neearly cost them everything. Micronet800 was part of Prestel setup to involve computer clubs and smart kid programers such that bulk upload software for various home computers etc could be written and made available to push the system into mainstream use by small businesses etc (it never realy happened).
As part of this the Prestel engineers had set up a test system called pandora and put details of the admin login details on the home page. Also because they were either lazy or not worldly wise they had simply copied an active system over from backup tapes etc. Included in the Prestel system which all admins could see was a plaintext account and password file… hence the security problem which was brought to the attention of Robert (who was known as the “bug hunter” from his column in Acorn User Mag). Amongst other users details was HRH Prince Philip who was (and probably still is) a bit of a technophile…
So when I’d been told via Simon Williams (a co-worker) that Robin and Steven were taking their findings on the security to Dave Babski of Micronet800 and were going to demo it I said it was unwise and reiterated why I thought so. I was actually accused of being “paranoid” by one and others agreed with the “it’s just a demo” mantra so I said the were foolissh and I was not having anything to do with it and kept well out of it.
As it turned out I was right and observing a very low profile had prevented me becoming a British Telecom and Met Police scalp (unlike RS&SG).
Unfortunatly even the the Lords kicked out the prosecution, the resulting law was (and still is) a compleate shambles and has such broad definitions that software developers have been convicted under it when the clients they had worked for decided not to pay for the work etc…
[1] BT-Gold on Prime OS systems was BT’s flagship business system that they wanted to push into the market hence they pushed it onto the BBC Micro Live program as special interest” but realy as free advertising. Unfortunatly Gold had a number of technical and security weaknesses but they were not what caused Acorn’s Herman Hauser’s ACN001 account getting cracked by Oz&Yug. What actually happened was that the password (HH) was guessed and a copy of “The Hackers Song” was put in the acount startup script so it was displayed immediatly on login and was thus seen by over 10million viewers. Anyway the Gold engineers changed various programs within 24hours after the highly emmbarising BBC Micro live program and told various newspaper journalists that the system was secure. Unfortunatly it was not and atleast one of the changes made by the Gold engineers made things worse…