Computer Hacking or Political Hackery?

by on September 13, 2006 · 14 comments

Assuming that Declan’s explanation for how the Angelides campaign got the Schwarzenegger audio is right (and it’s consistent with everything I’ve seen on the subject), the media coverage of the story is incredibly lazy. Whether the Angelides campaign’s actions constitute “hacking” or not is not a complicated question. The way to answer it would be to get a precise description of what they did from the two campaigns (the Schwarzenegger campaign says they have logs of the access, so they should be able to answer specific questions about it), and then to ask a computer expert whether that specific sequence of actions constitutes hacking.

Yet not one of those stories features a quote from a computer science professor, a webmaster, or anyone else with technical expertise in administering web sites. Each and every reporter takes an agnostic stance, as if it’s a complex and difficult question that will take days of painstaking research to answer. It seems to me that this does their readers a disservice.

Presumably, the idea here is that a “balanced” story is one that faithfully reports the opinions of each side, without passing judgment on either side’s position. This is appropriate in cases where the statements in question are matters of opinion. But a good journalist should do some independent research to verify assertions that are matters of fact. If candidate Smith says the sky is blue, and candidate Jones says it’s green, the good reporter looks up at the sky and reports on what color it looks like to him, he doesn’t pretend that the color of the sky is a matter of opinion.

SHARE: 14 comments

About Tim Lee

Timothy B. Lee (Contributor, 2004-2009) is an adjunct scholar at the Cato Institute. He is currently a PhD student and a member of the Center for Information Technology Policy at Princeton University. He contributes regularly to a variety of online publications, including Ars Technica, Techdirt, Cato @ Liberty, and The Angry Blog. He has been a Mac bigot since 1984, a Unix, vi, and Perl bigot since 1998, and a sworn enemy of HTML-formatted email for as long as certain companies have thought that was a good idea. You can reach him by email at leex1008@umn.edu.

Read more articles by Tim Lee.

  • http://weblog.ipcentral.info/ Noel Le

    Yet not one of those stories features a quote from a computer science professor, a webmaster, or anyone else with technical expertise in administering web sites.

    Hmmmm, maybe there are not enough “bright lines” to distinguish these techies from media trolls who love to grab the lime-light and pass themselves off as experts of whatever-kind.

    Wait, Tim, aren’t you a web expert. Give them a call.

  • http://mcgath.blogspot.com Gary McGath

    The problem is that there is no generally agreed definition of “hacking.” The word is so abused that it has no meaning. You might as well ask a biology professor whether a certain medical condition is “gross.”

    My sense from the articles is that the site had extremely sloppy security measures; probably the approved way to get at the files required a password, but a slightly less obvious way (such as looking inside directories that weren’t protected from being listed on a browser) offered no protection at all. Is looking inside a directory listing “hacking”? There’s no objective definition of the term that will give a yes or no answer.

  • http://weblog.ipcentral.info/ Noel Le

    Yet not one of those stories features a quote from a computer science professor, a webmaster, or anyone else with technical expertise in administering web sites.

    Hmmmm, maybe there are not enough “bright lines” to distinguish these techies from media trolls who love to grab the lime-light and pass themselves off as experts of whatever-kind.

    Wait, Tim, aren’t you a web expert. Give them a call.

  • http://www.techliberation.com/ Tim Lee

    Gary: I’m not sure that’s quite right. Yes, the term “hacking” is horribly over-used and mis-used, and it has no clear definition. But I think there’s a fair amount of consensus consensus among computer security professionals about the substance of the matter: specifically what constitutes ethical versus unethical access to online resources. Obtaining someone’s password through fraud, brute-force cracking techniques, or eavesdropping, I think, are clearly unethical. (“Hacking” in colloquial terms) So is exploiting a server bug such as a buffer overflow to gain unauthorized access to the files.

    I can’t imagine a computer security professional putting what the Angelides campaign did in the same category. The governor’s office (unintentionally, we presume) offered those files for download to the world at large. By any reasonable definition, accessing such files isn’t “hacking.”

  • http://mcgath.blogspot.com Gary McGath

    The problem is that there is no generally agreed definition of “hacking.” The word is so abused that it has no meaning. You might as well ask a biology professor whether a certain medical condition is “gross.”

    My sense from the articles is that the site had extremely sloppy security measures; probably the approved way to get at the files required a password, but a slightly less obvious way (such as looking inside directories that weren’t protected from being listed on a browser) offered no protection at all. Is looking inside a directory listing “hacking”? There’s no objective definition of the term that will give a yes or no answer.

  • http://www.techliberation.com/ Tim Lee

    Gary: I’m not sure that’s quite right. Yes, the term “hacking” is horribly over-used and mis-used, and it has no clear definition. But I think there’s a fair amount of consensus consensus among computer security professionals about the substance of the matter: specifically what constitutes ethical versus unethical access to online resources. Obtaining someone’s password through fraud, brute-force cracking techniques, or eavesdropping, I think, are clearly unethical. (“Hacking” in colloquial terms) So is exploiting a server bug such as a buffer overflow to gain unauthorized access to the files.

    I can’t imagine a computer security professional putting what the Angelides campaign did in the same category. The governor’s office (unintentionally, we presume) offered those files for download to the world at large. By any reasonable definition, accessing such files isn’t “hacking.”

  • http://weblog.ipcentral.info/ Noel Le

    I guess “Hacking” can join “Monopoly” as the most mis-used term…

  • http://weblog.ipcentral.info/ Noel Le

    I guess “Hacking” can join “Monopoly” as the most mis-used term…

  • http://mcgath.blogspot.com Gary McGath

    Tim: There certainly are legitimate questions that can be asked about whether the access was ethical, whether it was legal, and (the precondition of answering both those questions) just what was done. But asking whether it was “hacking” is just the wrong question to ask.

  • http://www.techliberation.com/ Tim Lee

    The problem is that “hacking” is the word that non-technical people use for accessing a computer system in an unethical manner. I agree that it would be better if people used more precise terminology, but it’s a battle we lost 5-10 years ago. Like it or not, that’s the word that mainstream journalists are going to use when they ask questions about this incident. I’d rather have computer scientists answering those questions than political strategists.

  • http://mcgath.blogspot.com Gary McGath

    Tim: There certainly are legitimate questions that can be asked about whether the access was ethical, whether it was legal, and (the precondition of answering both those questions) just what was done. But asking whether it was “hacking” is just the wrong question to ask.

  • http://www.techliberation.com/ Tim Lee

    The problem is that “hacking” is the word that non-technical people use for accessing a computer system in an unethical manner. I agree that it would be better if people used more precise terminology, but it’s a battle we lost 5-10 years ago. Like it or not, that’s the word that mainstream journalists are going to use when they ask questions about this incident. I’d rather have computer scientists answering those questions than political strategists.

  • http://http:/0zu.tw/ shorturl

    8021580a36de Hi http:/0zu.tw/ shorturl

  • shorturl

    8021580a36de Hi http:/0zu.tw/ shorturl

Previous post:

Next post: