Don't be too harsh on hackers

Cybercrime laws can hurt people who have our best interests at heart

"In the following article we incorrectly referred to a piece of software called 'RemotelyAnywhere' as a hacking programme. The programme, made by 3am Labs, is designed for remote access and administration. It is used by thousands of enterprises worldwide."

So reads a correction that appears online above Jon Ronson's 2005 interview with Gary McKinnon, the British man who recently lost his appeal against extradition to the US in the House of Lords for perpetrating what has been described as the "biggest military computer hack of all time".

In one sense, Ronson got it right first time. To geeks, hacking describes all sorts of computing activity, from putting together code to testing the performance of computer hardware to its limits. Many computer experts who will never see the inside of a courtroom call themselves hackers. And yet, in the popular imagination, the computer hacker will always be a malicious geek, high on caffeine and up inside machines where he shouldn't be, in the small hours.

Even in the realm of computer security, there are good and bad hackers. So-called "black-hat" hackers maliciously subvert security systems: to steal money, identity or intellectual property. "White hats" are the good guys, using the same methods as the criminals in order to test systems that, for example, ensure your bank account is secure.

Occasionally you might find white hats working freelance to, say, demonstrate insecurities they think need addressing (as the Guardian and Adam Laurie did with the UK's new "ultra-secure" passports back in 2006). "Grey hats" are hackers of ambiguous ethics, penetrating secure systems just because they can. Often, it is the grey hats who wind up getting caught - too lazy, proud or obsessed to cover their tracks. From the outside, McKinnon looks like a classic grey hat, admitting to Ronson that his activity "was like a real game. It was addictive."

Since governments started targeting cybercriminals, white-hat hackers have voiced concerns that legislation being passed would also outlaw the tools of their trade. The UK has earned a harsh reputation for prosecuting hackers, but at the end of last year, the Crown Prosecution Service released guidelines on bringing prosecutions under the Computer Misuse Act. For some, these guidelines didn't go far enough, but they potentially incriminate white-hat hackers.

The history of networked computing is littered with dozens of young men who have been convicted of hack-related crime. Some - like Kevin Mitnick, who served five years in association with his cybercrimes, or Robert T Morris, who invented the world's first internet worm - end up with speaking engagements, jobs at security firms, or even associate professorships. Others are not so lucky, unable to get over the shock of incarceration so early in life.

Becky Hogge is a writer and technologist. She was formerly the technology director of award-winning current affairs website, and Executive Director of the Open Rights Group, a grassroots digital civil liberties organisation.

This article first appeared in the 11 August 2008 issue of the New Statesman, Spies for hire