Newspaper Editorial Insists Hackers Must Be Punished, While Misunderstanding Nearly Every Detail
from the apparently never dept
We just recently wrote about a trio of recent situations — all involving young hackers probing for information, leading to either criminal charges or threats of criminal charges against them — that show what happens when people in power don’t understand how technology works. They were all cases where the individuals involved may have done things that some would think inconsiderate, but that hardly should rise to the level of “criminal” behavior — especially with threats of many years in jail. Presenting the flipside to that argument: the editorialists at the Toronto Globe and Mail, who show why those who don’t understand technology have no business writing about it. The editorial is headlined When did it become wrong to punish hackers?, which already suggests problem number one. Hacker is a generic term that does not automatically imply malicious attacks, yet the Globe and Mail immediately seems to assume otherwise. That might be news to the US government, which just announced its own National Day for Civic Hacking (despite filing charges against such civic hackers…).
A Montreal school is being widely criticized for expelling a student who hacked into its computer system and helped expose flaws in the system’s security. The student now has been offered jobs by computer security companies, including the one that ran the system he hacked into. In the Internet age, the hacker is celebrated as a hero and the school is pilloried for being an overbearing, defensive holdover from a bygone age. It’s an unfair presumption that needs to be corrected.
That’s one version of the story. The hacker is celebrated as a hero because he did something useful: exposed a security flaw that could have been used by someone malicious for nefarious purposes. We generally want to celebrate those who spot danger and warn people away from it. And the school is being pilloried because it expelled this person. Without Ahmed Al-Khabaz’s help, the data of students would be at risk. Doesn’t it seem somewhat overbearing to blame the messenger? What exactly is “unfair” about the presumption? After pointing out that Al-Khabaz “discovered a serious flaw” the editorial still supports his expulsion, apparently entirely based on the fact that the company, Skytech, felt his probing was an attack:
… Mr. Al-Khabaz then went on and carried out what the company considered to be a “cyber-attack” on the school’s production servers. The company notified the school, and Mr. Al-Khabaz was hauled on the carpet. The company accepted the student’s explanation and noted that he “demonstrated great talent in computer science.” They dropped the matter and offered Mr. Al-Khabaz a job, but Dawson’s administrators felt the student had gone too far and expelled him on the grounds he had violated the college’s code of conduct.
What the company considered a “cyber-attack” could also be described as “checking to see if the flaw was fixed.” And, clearly, they didn’t think it was a huge problem if they offered him a job, and noted his “great talent.” So why does the school still think he went too far?
Dawson’s officials are right: Rules exist for a reason, and students cannot expect to break them without consequence. Why have them, otherwise?
Ahhhhhh. Rules are rules. Rules exist for reasons, but sometimes those reasons are bad. And punishing people for breaking rules in ways that help people seems like sending the exact wrong message. Sometimes rules should be broken, because the rules are wrong.
The editorial then moves on to Aaron Swartz:
Swartz, who had a history of depression, was facing a slew of charges for allegedly downloading publicly funded academic journals from a large database that charged a fee for access. His family and supporters blame overzealous prosecutors for his death; the prosecutors insist – again, quite rightly – that “stealing is stealing.”
Uh, “stealing is stealing” is a tautology, so of course it’s right. But what’s “wrong” is arguing that what Swartz did was “stealing.” He stole nothing. He downloaded papers from MIT’s open network, which was set up with a site license from JSTOR allowing open downloading of those journal articles, all of which remained on the site for anyone else to download.
Go ahead, explain what was “stolen”?
In the age of the Internet, the massive downloading for free of music and movies and other copyrighted material has muddied the waters for many people.
It seems to have “muddied the waters” for the editorial writers of the Toronto Globe and Mail who don’t seem to realize that neither case had anything to do with the “massive downloading for free of music and movies.”
They seem to have forgotten that privacy rights and copyright laws are among the foundations of our economy. These are things that are not to be shoved aside by the absolutism of Internet activism.
Oh really? If privacy rights are the foundation of the economy, then, er, isn’t it a good thing that Al-Khabaz alerted officials to a hole that exposed the private info of students. He did nothing to compromise anyone’s privacy rights at all. Similarly, Aaron Swartz did not violate any copyright law, and he was not charged with copyright law violations.
So, seriously, how does a huge mainstream publication like the Globe and Mail get away with writing a piece of garbage this ridiculous? It claims things that simply aren’t true, completely flips around reality, and then seems to wrap it up in some bizarre “rules are rules” argument, that makes no sense since the rules it says people violated… weren’t even violated.
And the Globe and Mail thinks people should pay its meter to access this kind of crap?