If hackers did not exist, the government would have to invent them

The hacker image that prevails in popular culture and news — an evil, juvenile tech technician wizard, who has the desire and ability to do great damage to innocent citizens and society as a whole — has little to do with reality.

This distorted picture directs attention and resources to fighting ghosts rather than solving much more common data security issues. According to the Privacy Rights Clearinghouse , the loss or improper disposal of paper documents, flash drives, laptops and computers has caused more than 1,400 data leaks since 2005 - almost half of all reported cases. As a result of these leaks, more than 180 million individual records were compromised, including names, social security numbers, addresses, credit card numbers and more. Compare this with 631 incidents during the same period, caused by hackers or viruses. It is much more likely that your private data will fall into the wrong hands due to the fact that someone will forget the service notebook in the subway car than the fault of the burglar.

Another serious threat is insiders or offended employees. A recent survey by The Wall Street Journal showed that 71% of IT managers considered this threat the most dangerous.

And finally, the recent leak of the linkedIn password database shows that the biggest threat to our security is ourselves: more than two-thirds of the passwords on LinkedIn were shorter than eight characters, and only one percent of the passwords contained letters in both registers, numbers and special characters.
')
But it seems that real threats are hard to compete with hackers in the minds of people who write laws. Hacker - modern babai, embodying all our fears of technology - is the focus of attention. As a result, more and more paranoid laws are being taken that interfere with free and private communication in the network, take away control of technology from us and put us at risk of unreasonable prosecution and overly aggressive investigation and surveillance procedures. The Computer Fraud and Abuse Act ( CFAA ), the cornerstone of US computer crime law, is full of too broad generalizations and vague definitions. Since its adoption in 1986, this act has caused many confusing precedents and exaggerated accusations. The US Department of Defense and Homeland Security use technological fears to push for more funding and push laws (such as the notorious SOPA and CISPA ) that can have dire consequences for our rights. In order to protect freedom of speech and privacy on the Internet, we should seriously reconsider our attitude to the grim image of a hacker, which serves as an excuse for expanding the powers of special services.

The image of a hacker in mass culture has evolved as our attitude towards technology has changed. In the 1983 film War Games, a hacker appeared in the image of a child, driven by interest and curiosity, who inadvertently disrupted the work of a military supercomputer. Subsequent incarnations in the films Hackers, Tihushniki, Golden Eye and Die Hard 4 became much more dangerous and acted deliberately, breaking into computer systems and causing irreparable damage to unfortunate victims. The hacker in the American film is almost always a white man, from the middle class, psychologically immature, asocial and vindictive. It is driven by selfishness or mental problems. The plot of such films is based on apocalyptic techno-paranoia, a belief in the hacker’s full control of any technology in the world.

News stories follow the same stamp of popular culture. The hacker dwelling in the dark basement is the main villain of the evening news and the front pages of newspapers, regardless of how close this image is to reality. The word “hacking” is used as a universal term for any cybercrime or incident, regardless of the method of its commission and the qualification of a “hacker”. Journalists often confuse potential vulnerabilities and hacking that actually occurred, taking news from computer security conferences that are of more academic importance than actual hacking of systems and algorithms. Anonymous, the news about which adds fuel to the fire of technological paranoia and, as Yohai Benkler wrote in a recent article in “Foreign affairs” , erases the distinction between electronic civil disobedience and cybercrime, thereby causing enormous harm to the very idea of ​​political activity in the internet.

The hacker lurks in the depths of the network, he is an elusive threat, he is able to strike, being on the other side of the planet. His pathological passion for technology, his primitive craving for cracking, cannot be curbed. He is asocial and he doesn’t care about the framework of behavior of normal people, he is only interested in a society of other hackers who are trying to outdo each other in an infantile passion for vandalism on the Internet. Add to this cocktail the superhuman abilities of manipulating with any piece of hardware capable of executing at least some code, and here it is - a modern scarecrow, from which you need to protect society at any cost.

To protect society and the state from the threat posed by this imaginary enemy, the US government adopts too broad and dullly written laws and regulations that seriously undermine freedom on the Internet and threaten its role as a platform for political debate and creative expression. Trying to replay the evil hackers, laws such as CFAA put certain actions on the network at the forefront, giving far less meaning to intention or actual damage from them. This leads to the fact that many completely innocent actions can potentially be prosecuted. When suspicion and fear of hackers become the basis of a policy on freedom, privacy and access to the Internet, bills such as CISPA emerge, which, if it becomes law, will have devastating consequences for online privacy. The demonic image of a hacker from the news and kinoboevikov serves as a demonstrative target and justification of such laws and rules. Instead of ghostly hackers, they will make us criminals and accomplices, confusing technical knowledge and skills with the intent to cause harm, as was the case with Bret McDanel , who served 16 months for sending several thousand emails with a message about a hole in the mail server after as a manufacturing company ignored all warnings about the threat.

Building a state and corporate policy on the image of a stereotypical movie villain is ineffective at best, and criminal at worst. The network is full of real threats, from a laptop forgotten on the bus or a disregard and illiterate attitude to security to the increasingly real danger of cyberwar between states. If you throw a disproportionate amount of forces to fight hackers, then there will be neither time nor resources to overcome real threats. Shutting down file sharing services, imposing criminal liability for jailbreaking, modding and violating terms of use, limiting the possibility of anonymous statements on the network, the government and special services derive maximum benefit from the atmosphere of fear and in vain spend government and corporate resources. Fortunately, some recent trials, such as the David Nozal case, are already narrowing the scope of the CFAA, which gives us hope that the Internet can be regulated by more adequate reality methods.

To develop reasonable rules of the game on the Internet, it is necessary to discard the hacker stereotype, as the main source of threat. In recent years, the Internet has become the main haven for free political debate, both in the United States and around the world. The Internet is used to exchange ideas, organize protests and overthrow dictators. We appreciate the freedom of speech here, in our country. But US laws governing the Internet have a disproportionately large effect on the rest of the world. We must ask ourselves if we want the next Arab Spring to be regulated to death by the rules adopted to combat the non-existent threat?