Have You Hugged a Hacker Today?
Aug 29, 2000 12:00 AM PT
The Information Age is killing critical thinking. The steady barrage of more facts and figures than any human mind can digest results in absurdly swift processing with little or no reflection, much less complex deliberation. The ever increasing pressure to rush to judgment can lead to strangely counterproductive conclusions -- as in the case of what to do with notorious ex-hackers who are ready to go back to work.
There are a lot of people who think that a fallen anti-hero, like convicted hacker Kevin Mitnick, should have a few appendages removed to keep him from ever again committing a computer crime. Less extreme, more popular opinions range from forever barring him from access to computers to forever barring him from talking about computers -- or at least, from getting paid for it. Only in America does the real life sentence begin after a criminal gets out of jail.
Throw the Book
For those readers who are feeling the steam building between your ears, let me state unequivocally that I favor prosecution of cybercrime to the full extent of the law. I also support the adoption of new laws to address the potential for technological innovations in crime. Nevertheless, I say that after a criminal has paid his debt to society, it should be stamped "Paid in Full." Anyone who thinks an ex-con hasn't been punished enough should tell it to the judge.
Mitnick, for example, was the subject of an intense FBI investigation that resulted in a sentence of 46 months in federal prison. "Our vigorous prosecution of Kevin Mitnick sends a message to anyone else who believes that the new technological frontier can be abused for criminal purposes," said United States Attorney Mayorkas last year. "We will track you down, electronically or by any other means, prosecute you and put you in prison."
Mitnick's plea agreement with the government established that he would be on supervised release for three years, during which time his access to computers and his employment in the computer industry would be severely restricted. He also agreed that any profits from films or books based on his criminal activity would go to the victims of his crimes for a period of seven years following his release from prison.
Wipe the Slate
That's all good. The point I am making is that when his sentence is over, it should be over. There was an uproar earlier this summer when Mitnick got the go-ahead to work as a Web writer, security consultant and lecturer. I say, if it's okay with the court, let the guy get on with doing what he does best. I don't think it would serve anyone's interests to redirect him into a career as an airplane mechanic or a backhoe operator, for example.
People who have screwed up, even very badly, should be able to make a fresh start when they are permitted to re-enter society. That used to be a fundamental American principle. Sure, they are going to carry around a certain amount of baggage -- that comes with the territory. They will have to inform prospective employers of their convictions, and those who became famous for their crimes will probably never fully restore their sullied reputations. But they should be allowed the opportunity to try.
What's In It for Them
The impulse to draw trigger-quick conclusions has led some observers to think that acquiring fame as a hacker is an easy ticket to a great job. That notion presupposes that the high-tech companies and government agencies who court hackers would benefit in some way from their notoriety, which makes no sense. Would the presence of a known felon on the staff boost investor, consumer, or citizen confidence?
What the prospective employers are undoubtedly interested in are the skills of the former offenders, which are valuable resources that should be put to good use. The fame of an individual like Mitnick ensures a high level of security surrounding his hire. I find it impossible to believe that a known hacker would be allowed to function without some pretty serious checks and balances in place.
After all, the employer would not want its own systems to be vulnerable to attack -- that's a given. Also, the employer would be responsible for the individual's work product, and thus could be liable for damages if the hacker were to strike anyone else.
Furthermore, hackers are by definition intelligent people. Having been caught once, only the most grandiose among them would ignore the likelihood of being caught again -- especially while performing a job under the scrutiny of alert and aware supervisors.
The Deterrence Factor
Some people argue that with examples like Mitnick, teen hackers will be encouraged to follow in his "glamorous" footsteps with an eye to landing a six-figure job after they have done a little easy time in the federal pen.
There is something wrong with the kind of thinking that supposes any amount of prison time is "easy." For skilled tech workers, it is easy to get the attention of recruiters, to land job interviews and to attract offers with top salaries and attractive perks. It is not easy -- for anyone -- to give up several years of personal freedom, even in a minimum security joint.
I don't think that teen hackers embark on their adventures in cybercrime with long-term career development in mind. They are in it for the thrill of doing something no one else has yet accomplished, and they have every intention of getting off scot-free.
Use the Force
If those who have still escaped detection can be lured away from the dark side by the offer of a handsome salary with a reputable organization, I am all for it. Better than leaving them to their dangerous devices.
As U.S. Assistant Secretary of Defense Arthur Money recently said to a crowd of cyber-vandals in Las Vegas, Nevada, "I would rather have my attention focused on what rogue states are doing to us than being harassed seven times a day figuring out what some guy is doing to us."
Guys like Mitnick are not role models for anyone. There is nothing glamorous about getting busted. No one cheers for the fellow who meets the news cameras with his sweater pulled up over his head.
Rehabilitated computer criminals can become positive role models, however, if allowed to turn their genius toward solving some important problems for society.
Whether ex-hackers are viewed as clever scam artists who are conning their employers out of undeserved paychecks or as valuable resources who have talent and expertise to contribute to the world is entirely a matter of perception. Nevertheless, a careful, dispassionate approach to the subject -- rather than a knee-jerk response -- must yield the conclusion that the cynical point of view simply doesn't make sense.