The Semantics of the Hacker Mindset and the Criminal Mind

Bruce Schneier posted a very good essay on fundamental qualities of the hacker mindset a couple of days ago. As seems to be the common scenario around here, I agree whole-heartedly with his analysis; so I will merely entreat you to read his post yourself in exchange for not belaboring it here on my own blog.

However, one small paragraph stood out for me, and I’ve been mulling it for several days.

For years I have refused to play the semantic “hacker” vs. “cracker” game. There are good hackers and bad hackers, just as there are good electricians and bad electricians. “Hacker” is a mindset and a skill set; what you do with it is a different issue.

I am a semantic nitpicker. The precise defintion and connotation of a word is very important to both my exposition and comprehension of a sentence. It’s how I’m wired. In conversation, I get quite confused if a word doesn’t make sense in context with the rest of a sentence, or if I miss a word because of a thick accent, background noise, or poor pronunciation. I often joke with my geek friends that my parser is not very fault-tolerant, and simply throws an exception in the face of bad input.

Thus, I have always done my best to keep the distinction between hacker and cracker. That is, a hacker seeks out the limits of a system’s capability; a cracker exploits those limits - to the detriment of others - for their own gain. I think Schneier does a disservice when he fails to seperate the two. His analogy to electricians seems reasonable on the surface, but there is a flaw: An electrician with questionable morals might put people, structures, and other property at risk with shoddy workmanship or cut corners, but the scenarios in which he can actively subvert his trade for ill are limited; it’s just not too easy to break into someone’s house with bad wiring. That difficulty means that it is rarely done, and thus needs no differentiating vocabulary.

Bruce would have found a far more apt analogy in locksmiths. The skillset of a locksmith is easily subverted to criminal ends. It’s common sense! But most locksmiths are not thieves, and our language makes a fairly strong distinction between the two. We call the former to help us get into our home when the key has been lost, and we call the latter burglars.

I would imagine most honest, professional locksmiths would be quite unhappy if the law or laymen referred to having one’s home broken into and robbed as “locksmithing.” Similarly, as I fancy myself an honest (albeit not very good) hacker, I think the distinction is an important one to make.

Already, in the few short decades in which the idea of hacking has existed, we have seen the media, lawbooks, and populace demonizing hackers. There is nothing illegal here, and in the vast majority of cases the hacker’s powers are used for good and not evil. Those who do otherwise deserve such a negative distinction.

Unfortunately, the de facto nature of the vernacular means the war is lost. Fortunately, I can still rant on my blog. It’s what I do.