Teaching Kids About Hacking
By Michelle Delio
Technical ignorance is an excuse used by too many parents and teachers in their failure to teach kids cyberethics, computer security consultant Winn Schwartau says.
So Schwartau wrote a book, Internet and Computer Ethics for Kids, to educate both computer-savvy youngsters and technically challenged adults.
Schwartau has been honored for his security work by heads of governments and the military in the United States and Europe, and has written or contributed to a dozen well-regarded books on computer and Internet security.
But some educators and security consultants aren't thrilled with Internet and Computer Ethics for Kids.
Schwartau hangs around with hackers, and that troubles some people. Others fret over the fact that his book doesn't present all forms of hacking as illegal or unethical, or -- for that matter -- doesn't state that any particular activity is strictly right or wrong.
Schwartau said he deliberately avoided sermonizing in his book, wanting instead to help kids create their own code of ethics.
"Kids do not need or want to be preached to by me or by anyone," Schwartau said. "They want to grow and think and make a few mistakes along the way. Didn't we?"
He believes that presenting kids with the unadorned facts is far more effective than simply telling them what they ought and ought not to do.
"Parents have to work with their kids as a team," Schwartau said. "It takes time, yes. It takes love, yes. And it takes flexible cooperation -- not absolutes. The Net is not static, ethics are bendable and parents must be bendable too."
Some kids agree.
"No one my age wants some adult to tell you that their way is the only way to do things," said Jason Mollin, 15, a student at New York's Brooklyn Technical High School.
"It's like drug education -- teachers tell you not to do any drugs, but drinking is totally sanctioned by society. What's up with that?" Mollin continued. "When old people start preaching at you, you can almost always find some hypocrisies or bullshit in what they say, and that just makes you want to go right ahead and do whatever they told you not to do."
But some adults feel that Schwartau should have defined and delineated cyberethics more clearly in his book.
Schwartau's longtime friend Mitch Kabay, of security firm Atomic Tangerine and a contributor to the book, said that he doesn't like the book because it is too "ethically neutral."
Others wonder whether Schwartau, who coordinates the raucous "Hacker Jeopardy" game at DefCon -- the world's largest hacker conference -- is the right person to write a book about cyberethics.
"Should someone who consorts with computer criminals be advising our kids about computer crime?" wondered psychologist Amy Lepen, a Manhattan psychologist who works with children who have been involved with the legal system.
(Lepen has only read excerpts from Schwartau's book, which will be published in May.)
Schwartau is no stranger to controversy.
His first book, The Complete Internet Business Toolkit, written with Chris Goggans, the editor of hacker magazine Phrack, was banned from export out of the United States because of its frank discussion of encryption.
Internet and Computer Ethics for Kids includes chapters on hacking, passwords, phreaking, privacy, viruses, spam, software piracy, online stalking, pornography, plagiarism and hacktivism.
Schwartau provides a legal section for each chapter, intended to serve as a guideline to help adults and kids decide "what is black and white as far as the law is concerned," but confines his discussion of do's and don'ts to a discussion of the situations that a kid might find him- or herself in.
Often the presented situations have no rigid right or wrong answer, but Schwartau still manages to make a strong case for being kind, respectful, and honorable, without ruling out the occasional exploration into the depths of a computer system.
"Hacking and cyber-ethics need not be in conflict," said Jeff Moss, founder of DefCon and BlackHat, a computer security service.
"You can be a hacker and be ethical at the same time."
Schwartau said he first began thinking about writing a computer ethics book for kids in 1992 when he realized he had inadvertently taught his daughter how to hack passwords during their father-daughter trips to the local Office Depot store.
"I guess I was at fault with my daughter.... We'd go play with computers at Office Depot or wherever, and I'd get frustrated because of the passwords the store used to keep people like me and my daughter from really using the machines. So, yeah, I guess, I hacked into them," he said.
"However, I also told her 'don't ever hurt the computers, because that's not fair or right.'"
But a few years later, when he discovered his youngest son was hacking into the neighbors' computers, Schwartau decided to put all of his current projects on hold to write the book.
"My son somehow discovered that hacking is a people issue, and that is how he gathered up the neighbor's passwords, by 'shoulder surfing' –- looking over their shoulders as they typed in their passwords, a classic social engineering trick," Schwartau said.
Schwartau said that he pretended to call the FBI when he found out what his son was doing.
"And my son was terrified. So I said 'Well, I guess I could help you fix it if you promise never to do this again.' I made him go to the neighbors, tell them what he had done and also what they needed to do to make themselves more secure," Schwartau said.
"He got a lesson for life in cyberethics. And I realized that schools don't teach this. And 99.9 percent of parents can't teach this. So I wrote a book about it."
. . . watch for more stories coming soon