The last four blog past have all been centered around the NSA controversy, so I was happy when I realized that today’s article has nothing to do with that. Today’s article is about the use of the term “Ethical Hacker” in the computing world. The position of the writers of the article is that prefixing the term “ethical” onto “hacker” really is meaningless, and doesn’t need to be used. My position is slightly different. I agree with the article that ethics doesn’t not really play a part in the technical term “hacker”, but I would believe that the title “ethical hacker” can still be used legitimately.
As computer security systems have improved there has also arisen a subset of computer techies who dedicate their lives to finding ways to break through that same security. Some do it for nefarious reasons, looking to acquire bank account passwords, or sensitive business information, or the like. A great number of others do it simply for the thrill and recognition of having cracked a particularly difficult code. But regardless of the reason, the fact remains that it is very hard (read: impossible) for a corporation trying to protect its data to think of every possible way that a hacker could exploit vulnerabilities, especially since hackers tend to be able to think of very innovative ways of working their chosen craft. As such companies have begun to hire the hackers themselves to try and break the company’s security, and then report ways to shore up the found weaknesses. As hackers generally have a bad reputation in the computer world, it has become relatively standard practice to refer to those who hack for criminal reasons as “blackhat hackers”, or just the regular hackers, while the ones who hack to help improve security are called “whitehat hackers”, or “ethical hackers”.
This brings us to the subject of our article today. The argument of the writers is largely a semantic one. They present five different arguments for the illogicality of the use of the term “ethical hacker”. These arguments are as follows: 1. The hacker is a hacker no matter what else you do. if you think of a hacker as a criminal, then adding “ethical” makes no sense, while if you think of it simply as someone likes to mess with computer systems then there’s nothing ethical about it, just like there’s nothing ethical about any other interest or hobby. 2. Adding “ethical” doesn’t really do anything to help the image of hackers. 3. Hacking isn’t about right or wrong, but rather about breaking into computer systems, for whatever reason. “Ethical” is not part of the equation. 4. Many people have criminal records for hacking which were caused by dumb laws on the subject. This does not justify or require a change in the term used. 5. Sometimes people talk about an “ethical hacker” as someone who was a non-ethical hacker, but then change over to help people. This doesn’t change what he does, only who he’s doing it for. The article asserts that in the end there is no difference between a regular hacker and an “ethical hacker” is function, simply in their attitudes toward what they are doing, therefor calling a hacker “ethical” makes as much sense as calling someone an “ethical locksmith” (their actual example),
I agree with them that there is “technically” no morality or ethics attached to hacking. A hacker is by definition simply someone who breaks through computer security, and that would apply equally whether they are hacking an ATM or just destroying their own firewalls in their basement for fun. The problem in the argument of the article is that it does not give proper attention to the denotation vs. connotation of words. Yes, there is nothing wrong with hacking… except for the fact that whenever one says “hacking” the word is immediately associated with all the stigma attached to those people who use hacking for criminal purposes. The attachment of the term “ethical” therefore does not actually refer to the type of actions performed by the hacker, but rather to the type of person that the hacker is. It is a retronym. Originally all hackers would have been thought of as “ethical hackers”, but now there is a need to distinguish between ethical and non-ethical hackers, the good guys and the bad guys. After all, 1 Peter 2:12 tells us to “keep [our] conduct among the Gentiles honorable, so that when they speak against [us] as evildoers, they may see your good deeds and glorify God on the day of visitation.” That would be very hard if when people hear that we’re a “hacker” they think that we steal confidential information, instead of simply stress-testing the company’s computer security.
The writer’s of this article are correct in saying that the term “ethical hacker” does not make any real sense. Hacking is neither ethical nor unethical, but rather an action similar to running or solving a puzzle. However, this does not mean that the term should not be used. In today’s world, where there are so many hackers who mean to do harm, it is helpful to have a term with clarifies that the work a hacker does is not in any way immoral. Clarity of speech is extremely important, and the term “ethical hacker” helps with that immensely.