Hackers are humans too.

I started reading ‘Hacked: A radical approach to hacker culture and crime’ the other day, and the anthropologist in me was hooked. Through a vibrant ethnographic exploration, Kevin F. Steinmetz has managed to draw out the motivation, skill and humanity behind the ‘craft’ of hacking. Yes. Craft. 

And so, I decided that the law on computer misuse deserved a second look.

We’re taught as law students to view hacking as criminal, to put it in a box of ‘unauthorised’ ‘antisocial’ behaviour and leave the judges to impose their retributive justice. However, the law is an absolute struggle fest. I’m not just talking about prosecution rates, I’m talking about substantive oversights and regulatory undersights (is that a word?). Consider R v Cuthbert in which the defendant, wanting to ensure his charitable donation was actually going to the right people, fell afoul of s.1 of the Computer Misuse Act 1990 when he tested the website’s security. Or Bignell, in which the court determined that unauthorised access was completely distinct from that of unauthorised purpose; an arguably nonsensical decision.

We therefore turn, as one must, to the challenge of regulating the Internet and the following two policy approaches that demonstrate how our current approach to low-level cybercrime can be altered.

Kevin Steinmetz contends that by demystifying the social construction of hacking, legislators would be better equipped to develop an effective regulatory response. In his words: ‘hacking is an intrinsically human social and cultural phenomenon’ (216), which has been criminalised by a capitalist society. This approach illustrates what was effectively missing from early cyber-legislation, focused mainly on emulating the law of trespass and preventing access to computer networks. By developing a cultural understanding of technologically skilled consumers, distinct from that of dangerous criminals, the Cuthbert case would have had a very different outcome.

Furthermore, cultural and practical understandings of computer culture have already proved useful for software developers, who now benefit from exceptions under the Copyright, Designs and Patents Act 1988.

Stefan Fafinski suggests that domestic criminal law is inappropriate on its own to control computer misuse. In particular, Fafinski argues that theoretical understandings of criminal law fail to provide a justification for its wide application in the area of computer misuse. Instead, he advocates for a ‘constellation of control’ consisting of global extra-legal solutions. I find Fafinski’s proposal particularly interesting as he suggests that in order to effectively moderate this form cybercrime, regulative responses must attempt to mirror the digital architecture of the internet. More specifically, regulation must employ flexible, extra jurisdictional solutions on both state and individual levels in order to be effective.

In sum, the law of computer misuse has suffered a particularly turbulent history. Its critics have sighted lack of solid theoretical basis, of cultural sensitivity and a one-track regulatory response as the cause. However, there is hope. With many parts of internet law, it takes a Lessig-like recognition of competing influences in order to make this work.

30 March 2020

30 March 2020

30 March 2020