![[LWN Logo]](/images/lwn.banner.gif)
Date: Thu, 27 Jan 2000 01:49:59 -0700 From: mea culpa <jericho@DIMENSIONAL.COM> Subject: [ISN] REVIEW: "Hackers: Crime in the Digital Sublime", To: ISN@SECURITYFOCUS.COM From: "Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca> BKHAKERS.RVW 991024 "Hackers: Crime in the Digital Sublime", Paul A. Taylor, 1999, 0-415-18072-4, U$24.99 %A Paul A. Taylor drpaul_a_taylor@yahoo.co.uk %C 11 New Fetter Lane, London, England, EC4P 4EE %D 1999 %G 0-415-18072-4 %I Routledge %O U$24.99 +44-71-842-2214 info@routledge-ny.com %P 198 p. %T "Hackers: Crime in the Digital Sublime" Following in the footsteps of Sarah Ford, Dorothy Denning, and Ray Kaplan, Paul Taylor is attempting to open the world, and world view, of those who make informal attempts to penetrate computer and communications security to the security "expert." The book tries to explain motivations, culture, and background, with a view to the benefits of a dialogue between the official guardians and those who pry at the gaps in the armour. Using extensive interviews with people from both sides of the divide, Taylor attempts to put forward the reality behind the hype. Chapter one concentrates on the terms; hack, hacker, and hacking; emphasizing the original meaning of creative and useful mastery of the technology. Hacking culture is reviewed quite thoroughly in chapter two, although perhaps not enough attention is paid to the divisions and continuum that exists. (I was amused by the note in the preface to the effect that nobody would admit to distributing viruses: virus writers still occupy the lowest rung of the hacking ladder.) Motivation is explored, and possibly too much credence given to self- reporting, in chapter three. Chapter four is a marvel, a first rate examination, and indictment, of the state of computer security (or, perhaps, insecurity). Arguments for, and against, dialogue with, and employment of, those who have done unauthorized security breaking are given in chapter five. Chapter six, however, turns to presenting a number of sociological theories about why hackers might be marginalized. This material seems to have no purpose other than to propose that such people are being treated unfairly. Chapter seven is worse: even given the wretched track record of computer ethics literature it is disappointing in that presents little content that is germane to the discussion, and seems to wander off into miscellaneous speculation. The conclusion, in chapter eight, also meanders, but tries to dispel a number of myths that have grown up around the hacker idea. The book will probably not be a popular hit, which is a pity. I would suggest two reasons for the low profile. The first is that Taylor is making a conscious effort to avoid sensationalism, and, indeed, to counter the sensational, and misinformed, reports of computer security penetration that are prevalent in the popular media. The second reason is not inherent in the nature of the material and is somewhat unfortunate: Taylor's writing style is more "academic" than is necessary, using, for example, the passive voice most of the time. (I found the use of the word "whilst" to become quite jarring after a few pages.) A good copy editing would help: your humble scribe, world's worst proofreader that he is, still found a number of grammatical errors, even outside of the quotations. (Oddly, for all its academic formality, endnotes, and bibliography, the work falls short in terms of clarity of references and citations. I am quoted on page 84, but I can't figure out how. I am also dying to know who the other "Dr. Taylor" is.) The extensive use of interview materials, and quotations from other works, is both a strength and a weakness. No one perspective is allowed to dominate, and a great many arguments and opinions are presented. The constant quotes from a variety of sources, however, often reduce the readability of the work. I found the book very difficult and time consuming to get through. Added to this, Taylor's aversion to contaminating the source material with his own analysis ensures that the text is very demanding of the reader's own analytical skills and work. Taylor does make a serious effort to give a fair and even presentation to both sides of the argument, but it is still fairly obvious that his sympathies lie in "detente." The title of the book itself indicates this. There is a discussion of the derivation and evolution of the "hacker" term, but the acceptance of the "popular" status of the word to mean those who break into computers also allows those who break into computer systems to present arguments for their behaviour as a kind of discovery learning, without the supporting evidence that would otherwise be necessary. In this, Taylor's work shares a weakness with other, similar, books on the topic: "hacker" claims are taken at their own valuation without much analysis of either factual or motivational claims. Taylor has a great deal more material and a wider range of direct contacts than Levy (cf. BKHACKRS.RVW), Sterling (cf. BKHKRCRK.RVW), or Dreyfus (cf. BKNDRGND.RVW) and his conclusions are significantly more reliable, but the fundamental defect remains. There are also gaps in the coverage. Taylor does not dwell on the basic fragility of data, nor the tendency of digital systems to catastrophic failure under even the most minor perturbation. There are also indirect effects of unauthorized system penetration. To give only one example, the regular choice of NASA as a target, and the media hype over even minor success, has had a negative impact on budget appropriation, and therefore on the space program as a whole. You can't claim much for the advancement of knowledge out of that. With all the problems presented above, I still highly recommend this work to anyone in the security field, or to anyone who wants to understand either security work or an important part of the computer culture. For all its flaws, Taylor's book is the most extensive and detailed examination of the cracker phenomenon I have ever read. He exposes a number of nasty little secrets that the computer industry as a whole would prefer to forget. Hopefully this work will be continued, expanded, and refined, to become a valuable classic in technical security literature. copyright Robert M. Slade, 1999 BKHAKERS.RVW 991024 ISN is sponsored by Security-Focus.COM