HomeIntroducing CybercultureBook ReviewsCourses in CybercultureEvents and ConferencesFeatured LinksAbout RCCS

View All Books

Hackers: Crime in the Digital Sublime

Author: Paul Taylor
Publisher: London & New York: Routledge, 1999
Review Published: July 2000

 REVIEW 1: Maren Hartmann
 REVIEW 2: EJM Duggan

Paul Taylor offers a study of hacking in a social context, based on interviews with members of three groups: British and Dutch hackers; computer scientists; and computer security practitioners in a book that is, by turns, both fascinating and frustrating. Taylor opens the book with an acknowledgment that one of the key notions of his study, viz. "expert knowledge," and the boundaries between groups are "unusually fluid" (x) and contested, which make it difficult "to pursue the main focus of [the] book" -- the relationship between the computer underground and the computer security industry. While Taylor asserts that present perceptions of hacking "are a direct result of a series of conflicts between various social groups" (xi) he might have foregrounded more explicitly the way in which these conflicts are mediated. Some deeper analysis of the construction of hacking discourse in the narratives of "news" in the press and on television -- as well as in the more clearly fictionalized narratives in popular culture (eg. films and novels), and in legislation -- would have added a dimension to this study, which tends to take a rather en passant approach to the process of mediation.

That said, the introduction does offer a lot of examples of the hysterical sentencing/media hyperbole surrounding computer crime and/or "hacking." Taylor also briefly describes some of the manifestations of hyperbole found in non-fiction books and Hollywood films (and offers some examples of the media's hyperbolic excess in a short appendix). However, this does rather tend to suggest that the relationship between the moral panic whipped up around hacking and the shift to a negative emphasis in the term itself is not only tangible -- perhaps even more so than the tricky-to-define relationship between the computer underground and the computer industry -- but is a topic that would benefit from some sustained analysis.

In the first chapter, "Them and Us: The Hack," Taylor seeks to define the term "hack," and suggests that a hack needs to fulfil three criteria: simplicity, mastery, and illicitness. Chapter Two, "Hacking Culture," discusses the evolution of the hacker. Originally, this term had fairly benign, even positive connotations, when used to describe what Taylor calls "first generation" hackers, the pioneering computer workers of the 1950s and 60s. Steadily the meaning has changed to become, in general use, a fairly negative term when used to describe the current or "fourth generation" hackers: those who gain illegal access to other people's computers.

In the third chapter, "The Motivations of Hackers," Taylor discusses the boundaries/relations between hackers and conflicts/negotiations between hacking/non-hacking groups. Rather unsurprisingly, we learn that hackers' motivation might be attributed to one or more of the following factors: addiction; curiosity; boredom; feelings of power/kudos/rebellion.

More tantalizing is what Taylor appears to leave unsaid. Because Taylor makes a number of references to Edinburgh University within the space of a few pages (49-55), the reader wonders what, if any, connection exists between them? Perhaps there is no connection, but the cluster of references makes the reader feel that there is something here that requires some clarification. According to Taylor, Brian Thompsett, quondam Edinburgh academic (now at Hull) encountered problems with the Edinburgh University Computer Service (EUCS) because his usage went beyond what was deemed "reasonable" -- Taylor divulges no more information on "reasonable" than this. However, after some dispute, Thompsett was apparently given a machine by EUCS "to do with as he pleased" (55). Others -- presumably Thompsett's students, although Taylor is not clear on this either -- are encouraged to use this machine, known as The Tardis, in ways not otherwise permitted.

In the same chapter, Taylor goes onto discuss Paul Bedworth, an Edinburgh student, who was prosecuted for hacking in 1993 -- and subsequently acquitted -- under the UK's (1990) Computer Misuse Act (46 and 49-50). On the same page Taylor attributes comments about computer "addiction" to one John Taylor, "a University of Edinburgh computing officer," culled from an interview with Taylor (49).

The reader is left to wonder what is -- if indeed there is any -- the connection between the Bedworth case, Taylor and Thompsett. Scope for speculation only increases when one discovers, after looking up Taylor on the University of Salford Web site, that Taylor's MA and PhD are Edinburgh awards.

Chapter Four, "The State of the Industry," suggests that the frequency or level of hacking that actually occurs is difficult to gauge because the companies or organizations that suffer from hacking may be reluctant to draw attention to it. This is compounded by the fact that hackers themselves tend to be boastful and may overstate the frequency or the outcomes of their hacking activities. Software companies also tend, according to Taylor's correspondents, to apparently lurch between apathy and over-reaction about system security following any sensationalized reporting of a major hacking incident; over-reaction tends to be short-term, however, and apathy is soon resumed. This, Taylor concludes, together with the suggestion that the development, marketing, and updating/patching of software is such that operating systems may have less than optimum security, only serves to facilitate hacking.

Another factor discussed in Chapter Four is what Taylor calls "The Knowledge Gap." This is the "knowledge gap" that exists between the nine-to-five security people and the enthusiastic hobby-hackers, which is another way of saying that the hackers may have a greater degree of enthusiasm in their endeavors than those responsible for system security. While this is an interesting aspect of the dynamic between the hackers and the hacked, it might have been better placed in the previous chapter, under the discussion of motivation.

In Chapter Five, "Them and Us: Hawks and Doves," Taylor suggests that the range of attitudes within the computer industry towards hacking constitutes a spectrum, ranging from "hawkish" to "dovish." Again, it is not surprising to read that while hackers or former hackers might be able to provide the computer industry useful insights into system security, they tend to be a stigmatized, marginal group.

Although Chapter Six is called "The Professionalisation Process," it is about legislation rather than "professionalism." Hackers are compared to early aviators: the first pilots were respected mavericks but, as the flight industry developed, this group, at one time a necessity, became less welcome, less tolerated, and, in the face of increasing bureaucracyand legislation around flying, less viable. This analogy is much more interesting than the usual trespasser/burglar analogies. Taylor goes on to argue that, as information and information systems are more rigorously commodified, hacking becomes increasingly stigmatized, and legislation develops to support this through the criminalization of hacking and hacking-related behavior and attitudes. It may be the case though that legislation will never be much more than a symbolic gesture, as it will always lag behind the phenomenon it seeks to contain.

In the penultimate chapter, "The Construction of Computer Ethics," Taylor discusses the debate which developed in what he calls "the computer community" in the wake of the 1988 Internet Worm incident, in terms of how responses to the Worm and the treatment of its initiator, Robert Morris Jr, can be grouped as "mechanical" (hawkish) or "organic" (dovish). Again, some attention is given to the analogies which are used to construct the discourse within which hacking (and related activities) are debated: the hackers themselves dispute or refuse the analogies which are used to disparage and criminalize their activities, and some consideration is given to the appropriateness of the criminal analogies (burglary, theft, trespass, etc.) which are used to discuss hacking in the UK's Parliament and in the media.

In the Conclusion, Taylor offers a concise if unsurprising precis of the phenomenon: "The ever-present conflict between the computer underground and the computer security industry can ultimately be reduced to the clash between an order established in a physical, mechanical era and the radically new implications of computing technologies" (159).

Taylor also suggests that hacking might be seen as a manifestation of resistance to the establishment's control of technology, though there may be some ambivalence about the notion of hacking as a form of counter-cultural resistance, as some of Taylor's sources suggest that, in fact, hacking embraces an establishment work ethic. This argument, however, is neither sustained nor overly convincing.

While Taylor does offer some interesting and insightful discussion of hacking and hacking-related topics, the book offers no great surprises, and is frustrating in a number of ways, mainly in terms of its organization and referencing. For example, in terms of the organization of material, one feels that the balance between Taylor's own words and the words of others, whether quoted from secondary sources or from interviews, is such that Taylor's voice is at times in danger of disappearing altogether. Whilst the information and discussion offered is interesting, one gets the sense of being overwhelmed by too many lengthy quotations from secondary sources and interviewees. Also, the content seems quite disparate -- almost random -- in places, and one feels that better (or some!) cross-referencing is needed.

Moreover, the constant misuse of "Cf" in the notes is annoying -- Taylor appears to use the latinate abbreviation Cf [confrere] or "compare" when he really means "see" -- and this might have been corrected by the publisher's editor, as might the tendency to refer to newspaper titles rather than to authors when newspaper articles are cited (eg. 7-8; 164-165; and passim).

Several incidents of truncated URLs in the bibliography do not cause the interested reader insurmountable difficulties, but are irritating, as is the fact that no URLs are cited for CUD or Phrack articles. Hugo Cornwall's The Hacker's Handbook, available in paper and electronic formats, appears to be a conspicuous omission from Taylor's bibliography, as is the elusive "Leary (1994)" cited on p. 170. These errors and omissions might have been corrected at the proofing stage.

Taylor has produced a useful and interesting -- if unsurprising -- book, despite -- in spite of -- all its flaws, but it is not the definitive work on hacking. One feels that there is some editing work left to do here and perhaps enthusiasm or institutional RAE (Research Assessment Exercise) pressures resulted in a case of slightly premature publication. I look forward to a revised -- and much improved -- second edition.

EJM Duggan:
EJM Duggan is Cultural Studies Route Leader at Suffolk College, Ipswich, UK, where he teaches Cultural Studies, Media Studies, and Literary Studies modules, including the cyberstudies course Future Visions. He has published numerous articles and reviews in a range of academic and non-academic journals, and his fiction has appeared in Crime Time and Blue Murder.  <eddie.duggan@suffolk.ac.uk>

©1996-2007 RCCS         ONLINE SINCE: 1996         SITE LAST UPDATED: 12.10.2009