Insider threats, otherwise known as frustrated grown-ups with real jobs, also constitute a significant challenge for information security. The Wall Street Journal recently reported on a survey which showed that 71 percent of IT managers and executives believe insider threats present the greatest risk to their companies.
And the recent high-profile security breach at LinkedIn shows that one of the greatest risks to our personal security is ourselves: more than two-thirds of the leaked LinkedIn passwords were eight characters or fewer in length, and only one percent used the mix of upper- and lower-case characters, numbers, and symbols that makes passwords difficult to crack.
But these more serious threats don't seem to loom as large as hackers in the minds of those who make the laws and regulations that shape the Internet. It is the hacker -- a sort of modern folk devil who personifies our anxieties about technology -- who gets all the attention. The result is a set of increasingly paranoid and restrictive laws and regulations affecting our abilities to communicate freely and privately online, to use and control our own technology, and which puts users at risk for overzealous prosecutions and invasive electronic search and seizure practices. The Computer Fraud and Abuse Act, the cornerstone of domestic computer-crime legislation, is overly broad and poorly defined. Since its passage in 1986, it has created a pile of confused caselaw and overzealous prosecutions. The Departments of Defense and Homeland Security manipulate fears of techno-disasters to garner funding and support for laws and initiatives, such as the recently proposed Cyber Intelligence Sharing and Protection Act, that could have horrific implications for user rights. In order to protect our rights to free speech and privacy on the internet, we need to seriously reconsider those laws and the shadowy figure used to rationalize them.
* * *
The hacker character in mainstream culture has evolved as our relationship with the technology has changed. When Matthew Broderick starred in War Games in 1983, the hacker character was childish, driven by curiosity and benign self-interest, and sowed his mayhem largely by accident. Subsequent incarnations, like those in Hackers, Sneakers, GoldenEye, and Live Free or Die Hard became more dangerous and more intentional in their actions, gleefully breaking into protected networks and machines and causing casual destruction incomprehensible to techno have-nots. The hacker in American film, almost always white, middle class, and male, is immature, socially alienated, vindictive, and motivated by selfish goals or personality problems. The plots of such films are built on apocalyptic techno-paranoia, reflecting a belief that hackers have supreme control over the technologies that make the world run.