British journalist Misha Glenny has an excellent summary of his new book Dark Market: How Hackers Became the New Mafia in The New York Times this week.
The last line of the op-ed sums his points up well: “And therein lies the paradox: the spread of malfeasance on the Internet is the result of its openness, but this very openness may also be the best way to combat the threats.”
Of course “openness” takes on a dual meaning in this context. In the first instance, the openness to which he refers is technical; the second is political. Switch out the clever turn of phrases with the terms “technical insecurity and the absence of law” and “trusted discourse among nation states to establish Internet governance” and one has less a paradox and more of a challenge before us.
This piece takes up three Internet pages, long by NYT standards. Topically, it covers a lot of ground from cyber security in its three main forms: crime, hacktavism and advanced persistent threats, to cyber espionage both in the industrial and governmental forms, from Adobe to Merkel. And yet, not once, in the entire article, does Glenny mention higher education.
This omission is most unfortunate. It perpetuates the Ivy Tower illusion in the age of the Internet, a place – virtual or real – that is immune from threats. This omission is also quite incorrect. As the repositories of everything from marketable intellectual property (say, in a pharmaceutical patent) to research data in fields that span the spectrum of knowledge from physics to philosophy, United States higher education, still the most revered in the world (although increasingly challenged to hold that mantel), is a treasure trove for criminals, hacktavists and antagonistic nation-states. Our networks are hit just as much if not more than the statistics that Glenny sites.
In that light, I would like to go back to the concept of “openness” that Glenny uses as the literary linchpin to make his point. Ironically, for his omission to mention higher education, it is precisely the term that comes up most frequently in discussions about this topic on campus. The lead line goes something such as this one: “I don’t mind if foreign countries take my stuff. It is intended for open access, they can have it.”
Wow! I am just going to come right out and say it: that, from the mouth of people whom we otherwise look up to for their knowledge, is remarkably ignorant. From those who make their livings on categories, taxonomies and distinctions, this view demonstrates a frighteningly pedestrian degree of analysis. Perhaps the most understandable misgiving, given the Ivy Tower trope, is that it is naïve. Understandable but not excusable. It is naive about the technologies that these professors use for their research (why would they want to lose control over their data?), how the Internet works (even at a basic level, because I am the first to admit that I am not a technologist), and worse yet, human nature and the world around us (heads buried in research to that degree of naiveté helps me appreciate why higher education as a sector is not a leader of public policy and so frequently on the ropes when under attack from the public or vested interests).
Allow me pause to make clear that this position is not uniform among faculty. There are some members of our collective faculty who stand at the forefront of issues (take Fred Schneider at Cornell for instance). We have within our ranks great leaders (Michael McRobbie and Fred Cate at Indiana University are examples). When the uneducated view gets in the way of making progress, however, it beckons light. And so, because this is a blog, and not an academic paper on the subject, I am going to draw a few distinctions out to help cohorts in the academy make their case.
Open, legal, permitted access of results is completely different from insecure, illegal penetration of unauthorized access to research. That the results be made available is a conclusion to which Congress and the agencies in conjunction with leaders of higher education, who collectively have the authority to decide, have come to as a matter of reasoned policy. Legal access has all the surrounding benefits of responsible use of the resources and content purposefully made available to serve the public. That policy speaks to the social good of not-for-profit higher education’s missions. Finally, results assume integrity of the data under the researcher's control and responsibility for accuracy, consistent with established research methods.
A policy of open, legal permitted access should not be confused with the absence of international law to criminalize aberrant behaviors or the inability to prosecute violation of the domestic law. Every intentional compromise that occurs in the U.S. is a violation of the Computer Fraud and Abuse Act of 1986: unauthorized access to computers connected to the Internet. Moreover, illegal access opens a Pandora's box of unwanted potential behaviors: tampering with the research method and/or the data in violent contradiction with the requisite methodological control over the research process. Implicit permission to access and interference with networked systems invites progressive criminal and destructive acts. It sends the message that academics don’t value their work product. Going further down this path invites the notion that such a view lacks common sense. Think about its analogy in physical space: do researchers not lock the doors of their laboratory or care about the potential for contamination? Are these researchers not stewards of institutional resources? Once one makes that connection, only naive thinking about the world conflates open access with illegal trespass, subterfuge and theft.
The MIT Report in the aftermath of the Schwartz case called for more education to students about the Internet. Internet malfeasance suggests that it is time to extend that conclusion to faculty and administrators. Openness is a good theme from which to start this conversation but we must unpack its meanings. As masters of analysis, higher education has much to gain to educate itself on this issue and, in keeping with its missions, help to educate the public. But in order to do so, it must be involved in these conversations with everyone from journalists to governments to activists.