Bruce Schneier - A Hackers Mind: How the Powerful Bend Societys Rules, and How to Bend them Back

A HACKERS MIND

HOW THE POWERFUL BEND SOCIETYS RULES, AND HOW TO BEND THEM BACK

Bruce Schneier

To Tammy

Contents

A HACKERS MIND

, it never runs uphill.

It never has, and it never will.

But if you get enough money involved,

Theres bound to be a loophole in the natural law.

And water, is gonna flow uphill.

Water Never Runs Uphill, Jim Fitting, Session Americana

A company called Uncle Milton Industries has been selling ant farms to children since 1956. The farms consist of two vertical sheets of clear plastic about a quarter inch apart, sealed at the sides, and with a top you can open up. The idea is that you fill the space with sand and put ants into the two-dimensional environment. Then, you can watch them dig tunnels.

The box doesnt come with any ants. It would be hard to keep them alive while it sat on the store shelf, and theres probably some child safety regulation about insects and toys. Instead, the box comes with a card where you can write your address, send it to the company, and receive back a tube of ants in the mail.

When most people look at this card, they often marvel that the company would send a customer a tube of ants. When I first looked at the card, I thought: Wow, I can have this company send a tube of ants to anyone I want.

Security technologists look at the world differently than most people. When most people look at a system, they focus on how it works. When security technologists look at the same system, they cant help but focus on how it can be made to fail: how that failure can be used to force the system to behave in a way it shouldnt, in order to do something it shouldnt be able to doand then how to use that behavior to gain an advantage of some kind.

Thats what a hack is: an activity allowed by the system that subverts the goal or intent of the system. Just like using Uncle Miltons system to send tubes of ants to people who dont want them.

I teach cybersecurity policy at the Harvard Kennedy School. At the end of the first class, for the next time we meet. I tell the students that they will be expected to write down the first hundred digits of pi from memory. I understand that it is not realistic to expect you to memorize a hundred random digits in two days, I tell them. So I expect you to cheat. Dont get caught.

Two days later the room is buzzing with excitement. Most of the students dont have any new ideas. Theyve written the digits on a tiny scrap of paper, which they hide somewhere. Or they record themselves reading the digits, and try to conceal their earbuds. But some are incredibly creative. One student used an invisible ink and wore glasses that made the digits visible. One student wrote them out in Chinese, which I dont read. Another encoded the digits in different-colored beads and strung them on a necklace. A fourth memorized the first few and the last few and wrote random digits in the middle, assuming that my grading would be sloppy. My favorite hack was from a few years ago. Near as I could tell, Jan was just writing the digits down in orderalbeit very slowly. He was the last one to finish. I remember staring at him, having no idea what he might be doing. I remember the other students staring at him. Is he actually calculating the infinite series in his head? I wondered. No. He programmed the phone in his pocket to vibrate each digit in Morse code.

The point of this exercise isnt to turn my class into cheaters. I always remind them that actually cheating at Harvard is grounds for expulsion. The point is that if they are going to make public policy around cybersecurity, they have to think like people who cheat. They need to cultivate a hacking mentality.

This book tells the story of hackingone thats very different from whats depicted in movies and TV shows, and in the press. Its not the story youll find in books teaching you how to hack computers or how to defend yourself against computer hackers. It tells the story of something much more endemic, something fundamentally human, and something far older than the invention of computers. Its a story that involves money and power.

Kids are natural hackers. They do it instinctively, because they dont fully understand the rules and their intent. (So are artificial intelligence systemswell get to that at the end of the book.) But so are the wealthy. Unlike children or artificial intelligences, they understand the rules and their context. But, like children, many wealthy individuals dont accept that the rules apply to them. Or, at least, they believe that their own self-interest takes precedence. The result is that they hack systems all the time.

In my story, hacking isnt just something bored teenagers or rival governments do to computer systems or that less ethical students do when they dont want to study. It isnt countercultural misbehavior by the less powerful. A hacker is more likely to be working for a hedge fund, finding a loophole in financial regulations that lets her siphon extra profits out of the system. Hes more likely in a corporate office. Or an elected official. Hacking is integral to the job of every government lobbyist. Its how social media systems keep us on their platforms.

In my story, hacking is something that the rich and powerful do, something that reinforces existing power structures.

One example is Peter Thiel. The Roth IRA is a retirement account allowed by a 1997 law. Its intended for middle-class investors, and has limits on both the investors income level and the amount that can be invested.. Because he was one of the founders of PayPal, he was able to use a $2,000 investment to buy 1.7 million shares of the company at $0.001 per share, turning it into $5 billionall forever tax free.

Hacking is the key to why we often feel that government is unable to protect us against powerful corporate interests, or wealthy personal interests. Its one of the reasons we feel powerless against state authority. Hacking is how the rich and powerful subvert the rules to increase both their wealth and power. They work to find novel hacks, and also to make sure their hacks remain so they can continue to profit from them. Thats the important point. Its not that the wealthy and powerful are better at hacking, its that theyre less likely to be punished for doing so. Indeed, their hacks often become just a normal part of how society works. Fixing this is going to require institutional change. Which is hard, because institutional leaders are the very people stacking the deck against us.

All systems can be hacked. Many systems are currently being hackedand its getting worse. If we dont learn how to control this process, our economic, political, and social systems will begin to fail. Theyll fail because theyll no longer effectively serve their purpose, and theyll fail because people will start losing their faith and trust in them. This is already happening. How do you feel knowing that Peter Thiel got away with not paying $1 billion in capital gains taxes?

But, as I will demonstrate, hacking is not always destructive. Harnessed properly, its one of the ways systems can evolve and improve. Its how society advances. Or, more specifically, its how people advance society without having to completely destroy what came before. Hacking can be a force for good. The trick is figuring out how to encourage the good hacks while stopping the bad ones, and knowing the difference between the two.