Thursday, 27 February 2014

How to teach hacking in school and open up education

open education
Whatever you may have heard about hackers, the truth is they do something really, really well: discover. Hackers are motivated, resourceful, and creative. They get deeply into how things work, to the point that they know how to take control of them and change them into something else. This lets them re-think even big ideas because they can really dig to the bottom of how things function.
Furthermore, they aren't afraid to make the same mistake twice just out of a kind of scientific curiosity, to see if that mistake always has the same results. That's why hackers don't see failure as a mistake or a waste of time because every failure means something and something new to be learned. And these are all traits any society needs in order to make progress. Which is why we need to get it into schools.
Beginners in Open Source week

View the complete collection of Beginners in Open Source articles

Now, there is the expected resistance from school administrations and parents. Mostly because people don't know what hacking really is. Many people who have been called hackers, especially by the media, or who have gotten in trouble for "hacking" were not, in fact, hackers. Most all of them were just thieves and fraudsters. When you read in the news, Teen girl hacks Facebook to harass a classmate, what you're seeing is a sensationalized headline. What a hacker reads in that headline is: Mean girl watched classmate type in her Facebook password and then logged in as her. That mean people and criminals do bad things with communications medium is not a reason to fear the medium. Schools are there to educate and can embrace this distinction for real change.
Hacking is a type of methodology. It's a way to do research. Have you ever tried something again and again in different ways to get it to do what you wanted? Have you ever opened up a machine or a device to see how it works, read up on what the components are, and then make adjustments to see what now worked differently? That's hacking. You are hacking whenever you deeply examine how something really works in order to manipulate it, often creatively, into doing what you want.
A hacker is a type of hands-on, experimenting scientist, although perhaps sometimes the term "mad scientist" fits better, because unlike professional scientists they dive right in, following a feeling rather than a formal hypothesis. That's not necessarily a bad thing. Many interesting things have been designed or invented by people who didn't follow standard conventions of what was known or believed to be true at the time.
For example...
  • The mathematician, Georg Cantor, proposed new ideas about infinity and set theory that caused outrage amongst many fellow mathematicians to the point that one called his ideas a "grave disease" infecting mathematics.
  • Nikola Tesla is another person considered a "mad scientist" in his day, but he knew more about how electricity behaved than anyone else. He designed possibly the first brushless motor that ran on AC electricity but is mostly known for the Tesla effect and the Tesla coil.
  • Then there was Ignaz Philipp Semmelweis who figured out that doctors need to wash their hands between treating patients to keep diseases from spreading. He wondered if the diseases following him around between patients were his fault, so he decided to try washing hands between his patient visits and sure enough the transmissions disappeared. His ideas went against both the scientific conventions of what was known at the time about germs (nothing) as well as the convenience of the doctors who felt it was too much hassle to keep washing their hands.
It just so happens that the way the Internet is designed and the huge number of different applications, systems, devices, and processes it has makes it the most common place to find hackers. You could say it's a place where information can run free because it was built open and free by hackers so it's the best playground for hackers. But it's not the only place. You can find great hackers in almost every field and industry and they all have one thing in common: they spend time learning how things work so they can make them work in a new way. These hackers didn't look at something as the original designers did, but instead saw bigger or better potential for it and hacked it to be something new.
What you may think you know about hackers is that they can break into other computers and take over other people's accounts. They can read your email without you knowing. They can look through your web cam without your permission and can see you and hear you in the supposed privacy of your own home. That's not untrue.
Some hackers see network security as just another challenge, so they tinker with ways to trick or fool the system, but really what they're trying to do is out-think the network installers or designers. They discover as much about the network as they can, where it gets its instructions, the rules it uses, and how it interacts with operating systems, the other systems around it, the users who have access to it and the administrators who manage it. Then they use that to try different ways of getting what they want. This kind of hacking can be greatly beneficial to the world for understanding how to be safer and for building even better technology.
Unfortunately though, sometimes the hacking is done by criminals and what they want is illegal, invasive, and destructive. And those are usually the only hackers you read about in the news. A hacker is not someone who posts to someone's account when they leave a social media page open or shoulder-surfs passwords and then logs into their account later. That's not hacking. A hacker also is not someone who downloads a script kiddie tool to break into someone’s email. Those aren't hackers; those are just thieves and vandals.
Hacking itself is not illegal. At least not any more than throwing a rock is illegal. It all comes down to intent. If you throw a rock and your intent is to injure someone, that's a crime. If your intent is not to hurt someone, but someone does get hurt, that may not be a crime, but you are responsible for your actions and will have to pay restitution. An Institute for Security and Open Methodologies (ISECOM) project called the Hacker Profiling Project found that the most damage from hacking comes from young, inexperienced hackers damaging other people's property by accident. Which is something parents and teachers already teach kids when it comes to rock-throwing, but it doesn't translate well when it comes to how to behave in cyberspace. If we are teaching hacking, then we can also teach responsibility, accountability, and make it clear how to behave when hacking around other people's property. This will encourage students to stick to hacking the things they bought and own.
The caveat to that is that there are cases where it may be illegal to hack something you bought and own. There are hackers who have been punished for hacking their own devices and computers. These things were closed to prevent them from being copied or changed despite that they paid for it and own it. These are hackers who hacked programs, music, and movies they bought so it looked, behaved, and sounded the way they wanted to or played on other devices they bought and owned and were prosecuted for it. Especially when they openly shared their ideas with others. Hackers will find that any closed source software they buy may be illegal to hack, even if it's just to check for themselves that it's secure enough to run on their own computer. This is because many of the things that you purchase may come with Copyright and a contract as an End User License Agreement (EULA) that says you can't. And you agree to it when you open or install the product, even if you can't read it or find out about it after you've opened or installed the product. Yes, that's sneaky and unfair.
But that's all the more reason to teach young people to hack. You see, education is open. It can be legally hacked to teach kids to think openly, be inspired, be curious, and thus, to be a hacker. What hacking is really about is taking control of something if you don't like how it works. Why would you do this? To have the freedom to make something you own do what you want. And to keep others from changing something you own back to the original form or copying all your ideas, drawings, writings, and pictures to a cloud somewhere to be controlled by someone else who claims it's for your "best interest."
As a hacker, you know what your own best interest is. Sometimes you buy something and the company you bought it from will attempt to forcefully or slyly make sure you can't customize it or change it beyond their rules. You can't play it somewhere else or use it any other way than as intended, supposedly to protect you. And that might be okay to agree to as long as you accept the fact that if you break it then you can't expect them to fix it or replace it. That would mean that hacking something you own does more than make it yours, it makes it irrevocably and undeniably yours. As scary as that may sound to some, it certainly has its advantages. Especially if you want to keep others, like the company that made it and the marketing company they're re-selling your information and habits to, out of your stuff.
And finally, of course knowing how to hack makes you more secure. For many, many people, security is about putting a product in place, whether that's a lock or an alarm or a firewall or anything that theoretically keeps them secure. But sometimes those products don't work as well they should, or they come with their own problems that just increase your "Attack Surface," when a security product should be shrinking it. (The Attack Surface is all the ways, all the interactions, that allow for something or someone to be attacked.)
And yeah, good luck getting that product improved in a mass-marketing, pay-as-you-go, copyrighted, closed-source, "you bought it as-is and that's what you have to live with" kind of world. That's why it's so important to know how to hack your security. A hacker wouldn't buy the same padlock you would because a hacker sees locks in terms of how many seconds they would need to open it. Hackers learn to analyze a product and figure out where it fails and how to change it so it works better. Then they might have to hack it some more to keep that company they bought it from, from changing it back to the default!
So hacking in terms of breaking security is just one area that hacking is useful, because without being able to do that, you may have to give up some freedom or some privacy that you don't want to give up. (And some of you may not care right now about certain things you do or say or post, but the Internet has a long memory and it's getting better and better at helping others recall those memories of you. What goes on the net stays on the net. And kids today are pretty much born on the net.) Not to mention technology is getting more and more out of our ability to control it. That mobile phone of yours or that new flatscreen with built-in camera for Skype are likely doing things that you don't know and don't control with what they see and hear. It takes some hacking to wrestle that control back.
Schools and educators who read this and want to teach their students to hack, and what hacking can be, need to be aware upfront that it won't be easy. There will be resistance from closed minds. School administrations may also need to contend with the fact that hacking some things may be illegal in their state, and they will need to get open source hardware and software to try to stay on the legal side of things. When teaching students how to hack and what hacking is, it can be hard to do with words. Try experiences and putting it into practice to really get your point across.
Free, open projects like Hacker Highschool can help kids develop the skills, feeling, and intuition through practice with support so they don't break the wrong things. The possibility of breaking something is simply part of the process, and should not be a factor keeping teachers and schools from teaching hacking. They should provide that support with an open source and open minded effort.

No comments:

Post a Comment