When you stop and think about it, the World Wide Web today is kind of similar to the old Wild West. There are good guys roaming the web, bad guys, and even vigilantes.
The good guys might be the white hat hackers – people who hack to help find the weaknesses in network security and thereby help to strengthen it. Then there are black hat hackers, the bad guys who hack just to wreak havoc on the Internet. And then there are the gray hat hackers – the vigilante hackers like the group Anonymous and Ghost Squad Hacking (GSH), who say they are only seeking justice.
The Wild Wild West in the Ether
The sheriff is hell-bent on chasing down the gang that’s been rustling cattle, robbing banks, and hassling the homesteaders. He’s got a couple deputies but the territory is too big to cover they have yet to catch the outlaws. And the outlaws are smart and know where to hide. Finally, some cowboys decide to take matters into their own hands. The cowboys are frustrated with the state of the law and its lack of enforcement. The cowboys get the outlaws, but not without breaking a few laws themselves.
We’ve all seen the great Western movies and are familiar with the vigilante cowboy who’s not exactly law-abiding (like Clint Eastwood in Unforgiven). However, he’s not outright evil like the outlaws.
Now, take away the horses and replace them with computers. Insert keyboards in place of the guns. And, instead of law enforcement, outlaws, and cowboys there are white hat hackers, black hat hackers, and vigilante hackers. It certainly does have a Wild West feel to it.
Western stories such as those we’re all familiar with – whether from novels or movies – always bring up the question of justice. At what point is breaking the law justified in the pursuit of justice? Is vigilantism ever ethical? Is hacking, at the very least, ever okay?
The Law, Ethics, and Catholicism
From reports of hackers hacking into voting machines to WikiLeaks publishing secret information that hackers have supplied to them, hacking has been dominating the news. But how legal or ethical is it? Even though vigilante hackers seem to be out to expose illegal activities and catch crooked politicians and high-ranking government officials red-handed, is hacking into a government, corporate, or private computer or network really ethical? Do the ends justify the means?
And even more to the point, how should Catholics view the act of hacking? Does the Catechism of the Catholic Church (CCC) offer any guidance?
One thing that has to be made clear from the outset is that computer hacking falls under the auspices of the Computer Fraud and Abuse Act (CFAA) of 1986. It makes any knowingly unauthorized access or exceeding unauthorized access into a protected network or computer a federal crime. For a network or computer to be protected, as defined under this law, it must have authentication (i.e. username and password) and authorization (i.e. permissions and rights).
Many might rightly argue that if you gain access to a “protected” computer or network without the use of authentication (password), that you’re technically not violating the law because the law uses the word “and.” This mean there must be both authentication and authorization in order for it to be protected; i.e., both must be present for the law to apply. If one is absent the law is null and void.
For example, if I gain access to a network for which I know I don’t have authorization, but I technically didn’t “break-in” since I was not required to put in a username or password, would I be violating this law? Some have argued no. In fact, there are many cases that have been argued this way.
Andrew ‘Weev’ Auernheimer, a gray hat hacker, was convicted of violating the CFAA by gaining unauthorized accessed to a server. However, there weren’t any passwords protecting the data he stole. His conviction was later overturned because there was no circumvention of passwords and, furthermore, no private data was obtained – the data stolen were email addresses, which are publically accessible.
Of course, one can argue that ‘Weev’ accessed the information knowing he was not authorized for it. Common sense and reason also points to this. However, as with all legal cases, we can’t just rely on only reason and common sense to convict or not convict a perpetrator. It’s a legal loophole based on the technicalities of the law, as illustrated in Weev’s case.
The laws regarding hacking then are not crystal clear and need to be updated. Does this nullify CCC 1880 and 1900 on the person and society and the duty of obedience to the law? How can any good citizen obey a nebulous or poorly written law?
At the same time, CCC 1903 also states in part:
“Authority is exercised legitimately only when it seeks the common good of the group concerned and if it employs morally licit means to attain it. If rulers were to enact unjust laws or take measures contrary to the moral order, such arrangements would not be binding in conscience.”
CCC 2242 is even more to the point:
“The citizen is obliged in conscience not to follow the directives of civil authorities when they are contrary to the demands of the moral order, to the fundamental rights of persons or the teachings of the Gospel. Refusing obedience to civil authorities, when their demands are contrary to those of an upright conscience, finds its justification in the distinction between serving God and serving the political community. ‘Render therefore to Caesar the things that are Caesar’s, and to God the things that are God’s.’ ‘We must obey God rather than men’.”
The Law’s Intent
So as Catholics we are not bound to obey a law that is contrary to the moral order. We are in fact, obliged in conscience not to follow the directives of civil authorities when they are contrary to the demands of the moral order. Is the CFAA contrary to the demands of the moral order? Does it allow the perpetration of illegal and immoral activities? Are we obligated to obey it? The answers are no, yes and yes. The intent of the CFAA is to protect a law abiding individual’s or organization’s privacy. The fact that a criminal can make use of a good, moral law, even if it is outdated, does not change the law’s intent.
But despite the law, might hacking still be okay if it results in good consequences, such as catching immoral activity? One way to answer this question is to take a look at the Principle of Double Effect and the action of hacking itself.
Double Effect And Hacking
Without getting too philosophical or abstract, the Principle of Double Effect states that an action may be morally permissible even if there are unintended bad (or evil) consequences. In order for this action to be allowed morally and ethically, four conditions must be met:
- The action is morally good or, at the very least, morally indifferent.
- The bad consequences must only be an incidental factor and not an actual factor in accomplishing the good.
- The evil that results must not be intended.
- There must be a grave reason for performing the action.
Now that we know what conditions must be met, we can look at the actual action of hacking.
At its base level and without getting too technical, hacking is essentially gaining unauthorized access to a protected network or computer. It’s like breaking and entering. In some instances it could be called technical eavesdropping, in others spying, and still others the outright stealing of information. If we confine the action of hacking to these parameters it almost always seems that hacking is fundamentally wrong, which means that the first condition is not met. But there’s more to consider.
Could There Be Exceptions?
Permission and intent also must be taken into account.
Permission applies strictly to white hat hackers – people who are being hired to hack into systems by the owners of the systems in order to detect security weaknesses. In this case, all conditions are met and hacking is ethical and justified.
Intent, however, is harder to reconcile. We could argue all day long about the true intentions of vigilante hackers and, when it comes down it, we’ll never really know. Sometimes we do get to catch a glimpse of the intentions. For example, such people as S1edge from GSH claim to be working to protect innocent lives and catch corrupt governments and they use hacking to do it.
Is Hacking Morally Permissible?
If good intentions are all that is required does this make hacking morally permissible? Delving deeper into this and using the four conditions of Double Effect, it becomes less black and white:
- The action: Vigilante hackers have no permission to access the information. They are violating privacy – an essential part of maintaining the common good in society and respect for the individual (CCC 1907).
- The consequences: Corruption or illegal or immoral activities are made public, but not every single time. Sometimes a hack uncovers nothing that is illegal, corrupt or immoral. In fact, it’s usually by pure accident that a hacker does uncover corruption.
- The intention: Although it’s considered stealing because they are not privy to it, the main intention seems to be good – to expose corruption. But, as the old saying goes: the road to hell is paved with good intentions.
- The reason: The “grave reason” is exposing corruption that is undermining the justice system and working against the common good. No moral society can function with a government that’s being run by lawless individuals.
It would seem as if #4 is the most important point here: the hack exposes corruption that undermines the common good. However, this is using a good intention to justify an immoral action and the consequences just happen to prove to have grave reason behind it. We have to be very careful as this could lead down a very slippery slope in justifying evil actions.
The Danger of Consequentialism
Many times hackers target anyone or any organization without true justification. The police cannot enter a home without a search warrant, or search a car without reasonable suspicion. A hacker, however, is conducting a search merely in the hope of exposing some criminal activity. If a hacker were to uncover unsavory actions or information that present a real and clear danger to the common good, could the action be justified ex post facto, meaning the act of hacking was not moral but produced good consequences that were accidental?
By answering this question in the affirmative and saying that vigilante hacking is justifiable and moral in these cases, we are treading dangerously close to justifying fundamentally evil actions based on the ends. This is called consequentialism. As Catholics, we know that we can never justify an intrinsically evil action simply because it produces a good result. In fact, we can only reasonably apply the Principle of Double Effect if the action is morally indifferent.
Vigilante Hacking Is (Almost Always) Immoral
Vigilante hacking is immoral most of the time and cannot be justified. It is breaking and entering, violating privacy and the respect for the individual. It is also theft of personal and private property (information). Breaking and entering, and by the same account hacking, is always wrong without legitimate reasonable cause because the action itself is wrong. This is not like using killing as a defense whereas defense is the main action, and killing is the unintended result.
Despite this, it’s difficult to ignore the good consequences that can sometimes result from such actions. In the case of WikiLeaks, hackers provided information that exposed the duplicitous actions of politicians and government officials that are undermining the common good.
When the common good is undermined the justification for hacking seems even stronger when government officials are abusing their power of authority. There have been some reports that some of the hackers were directed in their efforts by government or law enforcement officials who were being prevented by their superiors from taking appropriate legal action. Only in such an instance could hacking be seen as a defense of the moral order and the rights of individuals – CCC 2242.
Most Vigilante Hackers Are Not Heroes
Overall it would be hard to go so far as to call vigilante hackers ‘heroes’ for a number of reasons:
- For the most part vigilante hackers are deciding, all by themselves, who to hack and what information is pertinent to the common good. They could just as easily decide that certain information that is not necessary to the common good, but is instead dangerous, needs to be released under the guise of “freedom of information.”
- They have no loyalty to the state or society, only to their own group – as long as that group doesn’t disagree with their methods. Like all revolutionaries, hackers can just as easily turn on their own people if they deem them a danger to their cause, even if that cause turns against the common good.
- Their actions have no respect for laws and authority, even if the consequences lead to catching lawless individuals. The problem with vigilantism is that vigilantes often recognize no boundaries. Their mantra is the end does justify the means, no matter the consequences or the means.
Today, as we see more than ever how corrupt and lawless government officials use privacy and technology to hide their illegal actions and activities, it seems as if such vigilante hacking is almost justifiable. However, it would behoove us to recognize the dangers and immorality of vigilante hacking and not view groups like Anonymous and GSH as heroes, nor sing their praises.