Hacking, Cybersecurity and the WCIT 2008

Is hacktivism ethical? I did give this question some thought. In the real world trespassing or breaking and entering without permission would make it an illegal act. But on the Internet what is illegal is not necessarily unethical. Furthermore, the boundaries of cyberspace are dynamic and ever-expanding. A set of principles have been created to align hacktivism with Gandhi’s philosophy of civil obedience thus drawing a line between what is ethical and unethical for hackers.

But what about hackers who don’t care about these set of ethics and just go about according to their own whims and fancies? What happens to hackers who are guilty of violating privacies, stealing information and identities, commiting fraud and extortion?

“Although law enforcement agencies are quick to trumpet their occasional victories against cybercriminals, they are rarely able to track down hackers sophisticated enough to pull off such complicated heists. Few hackers of this caliber are arrested, and fewer still spend time behind bars.” Greg Sandoval in Why Hackers are a Step Ahead of Law

Another issue would be the punishment for committing cyberterrorism. I am aware that just like in the real world some crimes are worse than others therefore different penalties are prescribed for different cases. Should a student who hacked into a university network to change his grades get the same punishment as hackers who committed credit card fraud to finance a terrorist group such as the Al-Qaeda?

Greg Sandoval mentioned that according to security analysts the rise of cybercrimes is due to the scarcity of law enforcements agents who match the sophisticated knowledge and skills of malicious “crackers”. Meanwhile, Don Sambadaraksa states that in nations like Thailand, information theft is not considered illegal, allowing hackers to walk scot-free from their punishment. Either way, the situation can be improved by making cyber security a priority and creating a clear set of rules and regulations and punishments to reduce cybercrimes of all sorts. A good start would be what most countries like Malaysia have done which is the setting up of an government agency to protect national online security. CyberSecurity Malaysia (formerly known as the Malaysian Computer Emergency Response Team - MyCERT) aims to improve the nation’s overall experience of IT users by reducing vulnerability and nurturing a culture of cybersecurity amongsts users, ISPs and other related parties.

The next possible step would perhaps be to have computer experts and government representatives from all around world meeting collectively to find and share effective ways to prevent cybercrimes globally. This is precisely what the World Congress on Information Technology (WCIT) can achieve this year.

The theme for the 16^th WCIT is “The Global Impact of Information and Communications Technology: Enable Businesses, Empower Societies, Enrich Economies”. It is currently taking place in Kuala Lumpur, Malaysia until the 22^nd of May 2008 to showcase international IT related issues including cybersecurity. The event was also used to launch a new organisation, the International Multilateral Partnership Against Cyber-Terrorism (IMPACT), with tech experts like Symantec's CEO, John Thompson and Google’s Vice-Chairman, Vint Cerf on the advisory board it aims to become a platform for international cooperation on cybersecurity. A great step towards a safer and more enjoyable online environment for everyone.