Just lately a distinct group of people have been in the news a lot.
By KELLY LUCK
Special to The Star
They are all individuals working alone, sometimes in positions of trust, sometimes not. Their stories tend to run the same: they have access to secrets that they feel need to be known. In the end, they give in to their conscience, and put the word out. Suddenly, they are public targets. Hounded, hunted, driven to flee or locked away for years. In public forums they are praised and condemned, their stories almost outweighing the information they released. They are leakers, and this is a bad time to be one.
Take Edward Snowden, who until this week had spent a month stuck in an airport trying desperately to find a country that will take him in. Or Bradley Manning, who spent three years in varying levels of confinement before finally coming to trial and now awaiting sentencing. Or even Deric Lostutter, who helped expose the Steubenville rapists. They got one and two years; he faces up to ten.
Being a whistleblower has always been a risky business. Take Daniel Ellsberg, for instance. Back in 1971 when he got the Pentagon Papers published, he faced 115 years under the Espionage Act for doing so, and he had The New York Times in his corner. Of course he was freed eventually, mostly because of the appalling misconduct of the Nixon administration, but the fact is that it seems the difference between embarrassing those in power and actual treason is getting smaller every day.
Now, most of us understand the importance of keeping strategic secrets quiet. What is it we all learned, loose lips sink ships? And yet, these days the cases most vigorously prosecuted are those which do not put lives or strategy in danger as much as make people look bad. And often the decision to leak is done out of moral imperative. It is a genuine wish to fix what the leaker sees as wrong.
Which all puts the practice of white hat hacking into peril. White hats, as cowboy movie aficionados will no doubt guess, are good guy hackers who find vulnerabilities in computer systems or websites and report them to be addressed and repaired. Often the errors are duly fixed, sometimes ignored, and sometimes the messenger is blamed. More than one white-hatter has found himself facing legal action for hacking which basically amounted to the equivalent of noticing someones back door wasnt closing properly.
For example: two months ago, I was at a website that shall remain nameless. I typed in the company I wanted to look up, and got an extensive error message. It seemed the site was extremely vulnerable to what are known as SQL Injections, in which code can be put into database queries to make them do what you want. A little experimentation, and I was able to get the entire contents of the database. I wrote an extensive message to the people at the site, explaining what was wrong and how to fix it. To date, the error is still there. Am I a hacker for finding this? For bringing it to their attention?
The fact is, information is more and more the currency of the age. With our world moving to pure data, and our laws and mindsets lagging behind, there are going to be more leaks, not fewer. We need to find the balancing point between treason and whistleblowing. Between saving lives and saving face. And we need to do it now.
Kelly Luck works in information technology. She lives in Kansas City. To reach her, send email to email@example.com or write to Midwest Voices, c/o Editorial Page, The Kansas City Star, 1729 Grand Blvd., Kansas City, MO 64108.