Actually, I really was a criminal…
When Mike wrote his review of Rob Graham’s post on what could define criminality on the Internet, he focused on the anonymization piece. Me? I was struck more by Rob’s “Witchcraft is not a crime” post in a very personal way:
The problem with computer geeks is that they are too smart. Boundaries obvious to the average person are invisible to geeks. They will run afoul of the law without being aware of it.
What computer geeks do seems like magic to the average person, to the “jury of your peers”. What’s more, magic is essentially the same as witchcraft. Once you believe someone has magical powers, you start to fear them, and question their good intentions. Thus, no matter how good a geek’s intention, it’ll seem like evil black magic to prosecutors and juries.
When I was young, before high school, I committed acts that I believe were criminal even under the laws at the time (mid 1980’s). The most common was phone phreaking – I had a source, and later a technique, for getting MCI codes that allowed me to make free phone calls from a pay phone. I also trafficked in stolen online credentials I gathered from the various bulletin board systems I was on. I even used some of these to log into services illegally. I pirated vast amounts of Commodore 64 software, often cracking some of it myself.
I had almost no skills. It was all trial and error.
At the time? I didn’t think I was doing anything wrong. To me it seemed no different than the times my dad tried to get free HBO by wrapping aluminum foil around our cable line and moving it around until we saw a blurry picture. I wasn’t “stealing” anything (by my flawed reasoning), just exploring a digital world that few people understood. Even my parents asked for the pay phone calls since there weren’t cell phones, and I could rarely hang onto a quarter to call home for a ride back after wrestling practice.
By the end of junior high school I realized this activity was illegal and I was risking my future, so I stopped. I probably still pirated C64 games, and continued to poke at the edges of any system I had access to, but a combination of prescience and puberty moved my spare time more into organized sports and other activities than my pre-script-kiddie script-kiddie endeavors.
But even as I got older I know I flirted with the illegal. I downloaded music in the early Napster days (and knew at least one FBI agent who did as well). I probed networks in ways that might now be considered breaking the terms of service.
As careful as I was. As ethical and thoughtful as I thought I was, I still technically broke laws. Just like every other good security professional I know.
We can’t but help see flaws in the system. Sometimes we probe the edges of those flaws to see where the limits are. By our interpretation this is often totally acceptable, but others do not always see it that way.
Personally I have long erred on the side of caution. I don’t take certain actions I think are totally fine if I think someone who could cause problems for me might see them another way. But it is always, ALWAYS a struggle to stay aware of these, often apparently arbitrary, lines when I am anywhere near the edge. Any time actual harm isn’t clear.