This blog post examines from multiple angles whether hacking for public benefit can be justified, the appropriateness of its methods, and the necessity of legal regulation.
Hacking refers to ‘the act of unauthorized intrusion into another person’s computer system to destroy or delete data and programs’. In modern society, where information has become a vital asset, survival depends not only on individual capability but also on the presence or absence of information. Against this backdrop, hacking is viewed as an act similar to physical theft. Consequently, hacking is primarily used in a negative sense and is socially discouraged. However, in recent times, public interest hacking—hacking that benefits the majority—has been on the rise. This includes activities that pursue the public good by disclosing data from organizations that previously monopolized and kept information private. As the potential social benefits of hacking increase, diverse opinions are emerging regarding whether it should be legally regulated. Meanwhile, there is significant support for ethical hacking as an effective means to address the problem of information monopolization by powerful entities. However, this article argues that ethical hacking, being an unethical act of unauthorized intrusion into another’s computer system, also requires legal regulation.
The first reason public interest hacking requires legal regulation is the inherent unsuitability of hacking as a means. The globally renowned hacking group Anonymous has hacked into North Korea’s internet to provide its citizens with free internet access and hacked into pedophile sites to expose member lists. These cases had public interest objectives that most would consider justifiable. However, they carry the inherent problem of being based on hacking, a means fraught with ethical controversy. According to the principles governing restrictions on fundamental rights, even normally prohibited acts can be specially permitted for a legitimate purpose. Public interest hacking must also operate under similar principles. These principles include the legitimacy of the purpose, the appropriateness of the means, and the minimization of harm. While public interest hacking is likely to be deemed legitimate in purpose, it cannot be freely permitted if it fails to satisfy both the appropriateness of means and the principle of minimal harm. The appropriateness of means involves confirming whether the causal relationship between the purpose and the means is adequate. However, it is difficult to be certain that hacking for public interest purposes will always yield public benefit. In other words, the causal relationship between hacking and the public interest purpose is unclear. Consequently, public interest hacking fails to meet the requirement of appropriateness of means and should be avoided.
Conversely, some argue that public interest hacking should be freely permitted, citing its strong advantages and its unique status as an irreplaceable means. They contend that public interest hacking is the most effective tool for solving the increasingly prominent problem of information monopolization by governments and large corporations. The logic is that if hacking is the only way to solve information monopoly, it should be permitted. However, this argument lacks persuasiveness because alternatives exist. Media organizations and oversight bodies were originally established to address information monopoly. Although these institutions have failed to fulfill their original roles, leading to the emergence of public interest hacking as an alternative, strengthening and independently operating these institutions is a better solution than hacking. Among the principles for restricting fundamental rights, the principle of least harm is also crucial. Among multiple alternatives, one that cannot minimize harm cannot be justified. Public interest hacking groups have weaknesses in this regard. Media organizations and watchdog groups do not use inappropriate means and act after carefully analyzing the social impact of disclosing monopolized information. However, public interest hacking groups often disclose information without such considerations. Therefore, public interest hacking should operate under legal regulation, maintaining a complementary relationship with other alternatives to advance toward a transparent society.
The second reason legal regulation is necessary for public interest hacking is that these groups themselves represent a form of information monopoly power, and information disclosed based on their judgment can cause unforeseen harm. While they criticize organizations that monopolize information for profit and pursue the public good, their actions are also based on the judgment of a specific group, meaning they effectively monopolize the public good. This signifies no substantive difference from information monopolies, and without legal regulation, hacktivist groups could lose their legitimacy.
Furthermore, if hacking groups unilaterally decide whether to disclose information obtained through hacking, there is a risk of disclosure occurring without sufficient review. Some human rights organizations are demanding that hacking groups delete personal information of individuals collaborating with international organizations that they have disclosed. This demonstrates how hasty disclosure can violate human rights. Additionally, WikiLeaks has faced questions about the accuracy of its information after disclosing numerous documents without sufficient review. Consequently, indiscriminate information disclosure could potentially cause social disruption. Indeed, Navi Pillay, the UN High Commissioner for Human Rights, issued a joint statement urging WikiLeaks and various governments and corporations to utilize information within the bounds permitted by international law. Thus, regulating hacktivism is a crucial issue for societal safety.
This article does not argue for banning hacktivism itself. In a society where information is an asset, hacking for the public good can be an effective problem-solving tool. However, if permitted indiscriminately, it is impossible to predict what long-term adverse effects hacking for the public good might cause. Hacking groups like Anonymous or WikiLeaks have only recently begun operating primarily for public-interest purposes, and there are no known cases of them using hacking for malicious ends. However, we cannot be certain that newly emerging hacking groups will operate solely for public benefit. Therefore, legal regulation is necessary to ensure public interest hacking occurs with public consent or to enable collaboration between hacking experts and specialists who can assess the social impact of information disclosure. Even if it entails current inefficiencies, establishing regulations for public interest hacking to prepare more safely for an uncertain future is the desirable direction.
