Anonymous: Muckrakers, Gray Hackers, or Criminals?
In John Bunyan's Pilgrim's Progress, a man with a muck rake looks downward and rakes endlessly, constantly tackling the muck on the floor without looking up. President Theodore Roosevelt used that image at the turn of the last century to describe a group of investigative journalists intent on exposing waste, fraud, abuse, and related social issues surrounding corrupt politicians, businessmen and companies.
In his autobiography, President Theodore Roosevelt said of these men and women:
There are, in the body politic, economic and social, many and grave evils, and there is urgent necessity for the sternest war upon them. There should be relentless exposure of and attack upon every evil man whether politician or business man, every evil practice, whether in politics, in business, or in social life. I hail as a benefactor every writer or speaker, every man who, on the platform, or in book, magazine, or newspaper, with merciless severity makes such attack, provided always that he in his turn remembers that the attack is of use only if it is absolutely truthful.
In today's wired environment, some have suggested that those who use the Web to publish "exposés" about alleged wrongdoing or post embarrassing information about companies and governments are the muckrackers of our times.
But are they really? Is WikiLeaks founder Julian Assange a muckraker for posting tens of thousands of pages of classified documents on the Internet? There is the fundamental question of whether he is even a journalist, but that is a topic for a different day. The original muckrakers were attempting to expose some wrong -- whether it was the condition of meatpacking plants or the abuses of mental health institutions. It is not clear that WikiLeaks is doing the same. The exposés of the 1900s lead to social change. The WikiLeaks posts have resulted in embarrassment and national security compromises that place our nation at risk. The incidents have shown the vulnerability of our classified system and the need to safeguard information more strongly, but in a manner that has weakened the underlying systems.
Putting aside WikiLeaks, consider the activities of the Anonymous hacking group. Last month the group broke into security firm HBGary Federal and obtained and disclosed 78,000 confidential corporate e-mails. The e-mails showed alleged proposals to attack critics of the Chamber of Commerce and Bank of America by doing such things as leaking forged documents to critics that would undermine them publicly. The release not only implicated the parties above but also the Hunton & Williams law firm, Palantir Technologies and Berico Technologies. The result: firings and damage control. Late last week, Anonymous released a new set of stolen documents, allegedly showing that Bank of America had engaged in fraud, through its subsidiary Balboa, with regards to "force place insurance."
Are the Anonymous hackers muckrakers? Should we consider how the systems are broken into? The muckrackers of Roosevelt's era disguised their identities in order to infiltrate the institutions they wanted to expose. If the Anonymous hackers used technology to disguise their identities to get into the systems and gather information can we say that is equivalent? Unfortunately, the analogy doesn't fully work -- breaking into computer systems is criminal, regardless of the technique used. Networks are based on the authentication of identity and on the premise that you are who you say you are and if you are not, then the systems do not function properly. A brick and mortar comparison just does not equate.
If the Anonymous hackers are not muckrakers, can a case be made for them to be considered "gray hackers?" Gray hackers refer to those who engage in security research in order to better secure, as opposed to exploit, systems. They are "gray" in that their activities can be illegal, but they often are conducted ethically, disclosing the vulnerabilities they discover to those at risk. It does not appear that the Anonymous hackers were undertaking their activities in a manner intended to secure the HBGary Federal or Bank of America systems, and they certainly did not reveal to the companies their vulnerabilities. It is safe to say that the gray hacker label should be off the table.
While the Anonymous hackers' activities appear to be criminal they do raise a larger issue alluded to earlier. In a world where so much of our lives are online, how do we balance privacy and security concerns against the value of exposing wrongdoing within the government and the private sector? Do we need to consider a new set of rules for ensuring a balance? Do we even need a balance, or is our current system sufficient?