Hacking: who does what to whom?
« previous post | next post »
A couple of days ago, Jesse Sheidlower wrote to me about the recent climate-scientist email controversy. Since Jesse is a lexicographer, he wasn't writing about whether this is the blue-dress moment for anthropogenic climate change, or a nontroversy based on the shocking discovery that scientists are not always scrupulously fair-minded in private. Rather, Jesse was concerned about the argument structure of the verb hack.
For example, the lede sentence in the NYT's article on the subject (Andrew C. Revkin, "Hacked E-Mail Is New Fodder for Climate Dispute", NYT 11/21/2009) was this:
Hundreds of private e-mail messages and documents hacked from a computer server at a British university are causing a stir among global warming skeptics, who say they show that climate scientists conspired to overstate the case for a human influence on climate change.
This sentence assumes the frame <PERSON> hacks <DATA> from <SYSTEM>, where hack means something like "steal". This same frame is implied more succinctly by the headlined phrase "hacked email". A Google News search for "hacked email|emails" and "hacked data" shows that Norma Loquendi is happy with this. But Jesse expected hacked data to be data that has been modified illicitly, not data that has been obtained illicitly.
Some commenters will hasten to complain that illicit access to computer systems is cracking, not hacking. For the standard take on the origins of the positively-evaluated term hack among techies, see the Jargon File's entries for hack, hack value, hacker, etc., or read Stephen Levy's classic 1984 pop-ethnography Hackers (relevant quotes discussed here; or read the Wikipedia article on the Hacker Ethic). For some discussion of the diverse pre-electronic roots of hack, see "Joy and contempt", 5/25/2005.
But that's all irrelevant to the commonest contemporary usage, which centers on unauthorized or irregular access to computers, and involves at least the following frames:
- <PERSON> hacks <SYSTEM>
- <PERSON> hacks into <SYSTEM>
- <PERSON> hacks <DATA> [from <SYSTEM>]
The problem is that hacking (in this sense) involves an illicit purpose that might include either stealing data or modifying data. In either sense, hacked-as-modifier is not very common — but to the extent that it occurs, it seems to mean "stolen" rather than "modified". Before the recent East Anglia climate heist, I could only find one example of "hacked data" in the NYT archive (from 2005):
(link) Before 2003, there were plenty of examples of hacked data.
And one in COCA (from 2007)
Investigators believe it is the boldest tangible evidence of criminals cashing in on hacked data from TJX.
In both cases, hacked meant "stolen". However, the distinction between hacking-as-access and hacking-as-modification seems to depend in an obvious way on the contextual motivations involved.
There are lots of examples on the web where (for instance) the object of the verb hack is "credit card numbers", and all those that I've looked at involve stealing, not modifying. [Update: some also involve creating fake numbers that pass redundancy tests.] That's presumably because there's an obvious motivation for stealing credit card numbers, and little motivation for modifying them.
In contrast, if we search for something like "hack|hacked|hacking Wikipedia entries", we find exactly the opposite situation: people who hack Wikipedia entries don't steal them (since they're freely available), but rather modify them in an illegitimate way (since they have personal, political, ideological, or commercial motivations for doing so).
The same seems to be true for school records, grades, and so on — these are not freely available, but there's more motivation to modify them than to steal them.
In the case of the emails from the Climate Research Unit at East Anglia U., both sorts of motivation are present, and which one comes to mind first may depend on your beliefs. If you think that mainstream climate scientists are the agents of a conspiracy to destroy civilization, then you're likely to think that their e-mail archives contain proofs of their guilt, and so a scandal based on their "hacked e-mails" probably involves mere theft. If you think that mainstream climate scientists are rational people trying to prevent the destruction of civilization, then you're likely to think that their email archives are innocent, and so a scandal involving the contents of their "hacked e-mails" probably involves counterfeiting.
[Update — this is a bit like the changing frames of the verb rob, and many other examples of change-of-possession verbs where there are several different ways of organizing the participants. In current standard use, you rob someone (or a more figurative possessor) of something; but it used to be normal to rob something from someone, as in this couplet from Dryden cited in the MWDEU entry:
… They themselves contrive
To rob the Honey and subvert the Hive.
There are several verbs where the loser and the thing lost can be arranged in several ways: "strip A of B" and "strip B from A"; "take B from A" and "take A for B".
So it doesn't surprise me to find that "…hack [into] A for B" turns into things like "How to hack money from the Godfather in Mafia Wars", or "They hacked the [credit card] numbers from 9 major retailers", or "Many people used to hack CSS files from the web".]
Paul D. said,
November 23, 2009 @ 12:27 pm
I think it's a case of clueless journalists trying to get the hang of new lingo. It seems to me that anyone with substantial computer and hacking knowledge would consider "<PERSON> hacks <DATA>" to mean that the data itself is modified, a common example of which would be decryption.
<PERSON> hacks <SYSTEM> essentially has the same meaning then, casting the hacker as someone who illicitly gains access to *and* modifies a computer system. "<PERSON> hacks <DEVICE>:, same thing.
When it comes to cracking, we may be beyond what can be considered vernacular English and into technical jargon that has different meanings to different people and no meaning to most.
Chris Crawford said,
November 23, 2009 @ 12:28 pm
Perhaps in this case "hack" is to be interpreted as "break into". A person who breaks into a bank is not there to alter the money, and a person who breaks into his school records is not there to obtain copies.
Paul D. said,
November 23, 2009 @ 12:29 pm
Argh, the reply system stripped out all my angle brackets.
First instance should read PERSON hacks DATA. Right now it says " hacks ".
Second instance (start of 2nd paragraph) should read PERSON hacks SYSTEM.
Third instance (end of 2nd paragraph) should read PERSON hacks DEVICE.
[(myl) I think I've fixed it. For future reference, < … > have special meaning in html, and if you want literal angled brackets, you should use < and >]
J. Goard said,
November 23, 2009 @ 12:34 pm
If you think that mainstream climate scientists are the agents of a conspiracy to destroy civilization…
Come on, now.
Surely the hypothesis that they have (i) sincerely gotten involved with an alarmist position where tons of money, votes, and international power balances are on the line, and (ii) been influenced away from honest data collection and analysis, is worthy of more respect than you give it here. Apocalyptic fears, confirmation bias, and the us-against-them mentality are all commonplace social phenomena.
[(myl) You mean, they're human? Seriously, there's a spectrum of views here, and at one end there are those who do believe in all sorts of conspiracies, including one pushing anthropogenic global warming. To assume that "hacked e-mails" from climate scientists would of course show that their claims are concocted and that they enforce discipline by covertly undermining those who disagree, you'd have to believe that such scientists are consciously corrupt. And many people do, I think, believe this.
I agree that "involved in a conspiracy to destroy civilization" is one step beyond "consciously corrupt", and so maybe I should have stuck with "consciously corrupt". However, some quotes:
"If you own any shares in alternative energy companies I should start dumping them NOW. The conspiracy behind the Anthropogenic Global Warming myth (aka AGW; aka ManBearPig) has been suddenly, brutally and quite deliciously exposed." -James Delingpole, The Telegraph
"… emails suggesting conspiracy, collusion in exaggerating warming data, possibly illegal destruction of embarrassing information, organised resistance to disclosure, manipulation of data, private admissions of flaws in their public claims and much more" -Andrew Bolt, The Herald Sun.]
Mark P said,
November 23, 2009 @ 12:41 pm
In this use, hacked doesn't mean stolen to me. To me calling the emails "hacked" indicates that they were obtained by means of illicit access to a system. It is the means of access rather than the emails themselves that involved hacking.
[(myl) Um, what would "stolen" information be, other than information obtained by means of illicit access?]
Jesse Sheidlower said,
November 23, 2009 @ 1:20 pm
I just want to clarify that in my idiolect (and I do spend a fair bit of time programming, and hanging out with hacker types), the important thing about hacking is the object. If you hack a system, you're doing something to the system, and you'll have a "hacked system" (time to reinstall from trustworthy sources!). If you hack data, then you're doing something to the data (modifying it, in my idiolect), and if the result is "hacked e-mails", then they are modified e-mails.
You can certainly hack a system for the purpose of stealing data. I'm just barely OK with "e-mails hacked from a system", but hacked 'stolen' just doesn't work for me.
Colin Watson said,
November 23, 2009 @ 1:31 pm
As a frequent techie user of the "modify" sense of hack, I'd rarely apply that sense to data, and so would not have assumed it here. Far more common is something like "I hacked [up] your code to support some new options". One normally applies the modification sense to programs or (more widely) processes. Applying it to data is not unheard of but is unusual at least in my social circle.
In this, I disagree with Paul D. above; I'd interpret "<PERSON> hacks <DATA>" by noting that it doesn't really fit my initial attempt to parse it as jargon and that it must therefore be a shortening of "<PERSON> hacks <UNSPECIFIED SYSTEM> to acquire <DATA>", even though I find that shortening a bit clumsy. Regarding decryption, the point of breaking decryption is not to produce a modified version of the original file, but to gain unauthorised access to the information it contains!
Negatively-evaluated uses of hack where the primary meaning is "modify" rather than "break into" are rather new to me. One hears talk about "hacked web pages", but even then the main implication that comes across to me is that the hacker gained unauthorised access, and secondarily that he modified the system in order to boast about having done so.
J. Goard said,
November 23, 2009 @ 1:37 pm
I think most of us are semi-consciously corrupt a lot of the time, if only in what we choose to read, who we choose to cite, and which inconvenient experiments we shelve.
The more significant thing for me is the likely direction of bias. I predict that it is far more likely for researchers to be biased in favor of finding apocalyptic danger than against.
I don't believe in grand conspiracies, just run-of-the-mill cognitive biases and perverse social incentives.
slobone said,
November 23, 2009 @ 1:41 pm
Didn't the original meaning of "hack" have more to do with the skills required by a particular type of programming or Internet access than whether it was legal or illegal?
In the late 80's I knew a whiz kid who told me he got up early every morning to hack for a few hours before he left for his regular job. By this he meant writing programs (video games I think) that involved a lot of bit twiddling and intimate knowledge of the peculiarities of DOS. I doubt he was doing anything illegal.
Not that it isn't a fine line sometimes. There was the legendary hacker Captain Crunch, much admired by Steve Wozniak for cracking AT&T's long-distance codes in the 70's. He was consequently hired by Apple, but had to be let go when he couldn't be persuaded to discontinue his illegal activities. Or so rumor had it….
Philip TAYLOR said,
November 23, 2009 @ 1:44 pm
The opening para., just before the quotation, includes the words "the lede sentence". I have never before encountered this phrase, and whilst Google offers a small number of instances of said phrase (6 from the U.K., 25 000 in total), it appears to offer no obvious definition, nor is it prepared to offer a definition for "lede". May I therefore ask for clarification of the meaning of this phrase ? (The word "lede" appears in my 1933 O.E.D., but the only possible meaning appropriate to this context is marked as "obsolete" : "Obs. variant of 'Lead', sb. and v.").
[(myl) The OED, in this respect, fails to include a term in fairly widespread use. It's in the online Merriam-Webster and the American Heritage Dictionary; it's used as the title of the NYT's news blog; and it's often used in journalists' discussions of journalistic writing, at least in the U.S.]
slobone said,
November 23, 2009 @ 1:46 pm
PS to my post, Of course used in that sense, "hack" would be intransitive, so maybe it's not relevant here.
And @J Goard, I don't think you have to be a cynic to hypothesize that the direction in which exaggeration or outright faking of scientific data is most likely to go is whichever way will advance your career the quickest.
Ginger Yellow said,
November 23, 2009 @ 1:59 pm
If you think that mainstream climate scientists are rational people trying to prevent the destruction of civilization, then you're likely to think that their email archives are innocent, and so a scandal involving the contents of their "hacked e-mails" probably involves counterfeiting.
Not necessarily. You could think it involves quoting the emails out of context and/or without knowledge of internal disputes among climate scientists who think the evidence supports the anthropogenic hypothesis.
Ginger Yellow said,
November 23, 2009 @ 2:06 pm
Philip, "lede" is the US spelling of the journalistic term spelled "lead" in the UK, meaning the opening sentence or paragraph of a news article.
William Lockwood said,
November 23, 2009 @ 2:11 pm
While "hacked data" does sound pretty odd. I'd like point to "hacked copy" (cf "cracked copy" – 38Kghits) sounds perfectly fine to me, and shows plenty of ghits (186,000). "Hacked game" comes in at 302Kghits and "cracked game" gets 84.5Kghits.
While this is more the modifying of data, you could easily argue that it's the stealing of data as well – though not by way of illicit access.
Ray Girvan said,
November 23, 2009 @ 2:16 pm
I tend to extend "hack" to mean any process – not necessarily illicit – of getting some result out of a system in a form other than what the system's makers designed (for instance, using custom software such as CHDK that alters the functions of a digital camera).
Mark P said,
November 23, 2009 @ 2:37 pm
@MYL If I pick up a CD from a coworker's desk and it contains email, I have stolen emails but there was no illicit access, and no hacking. If I break into a building and steal the CD, there was illicit access but, again, no hacking. As I said, to me the term "hacking" refers to the means of access, and that means specifically illicit electronic access of a computer system.
[(myl) In fact, nothing is now generally known about how the East Anglia emails were leaked — it's quite possible that someone stole (or copied) a back-up tape. But if you want to be picky, we could gloss the hacked of the recent headlines as "stolen by illicit access".]
@J Goard – Based on at least the little I have seen of the stolen emails, some of the perceptions of bad faith are probably the result of the use of terms that mean one thing in one community but something else outside that community. For example, in the atmospheric science community, "bogused data" are sometimes used in models. In this case, the term actually refers to data that have been "made up" or generated from a different model and then used to help initialize a second simulation. This process has been shown to increase the accuracy of model results in many cases because of certain technical issues, but it doesn't mean the results of the model are bogus. It's an informal term that has become common within the community, but it could easily be understood as compromising the research by someone not familiar with the term or the process.
Brett said,
November 23, 2009 @ 2:43 pm
To me, "hack" in a computer sense primarily means breaking into something; this can encompass everything from getting inside somebody else's Web e-mail to overcoming the protection on a hardware device. I would never use "hack" to refer to modifying something, data or otherwise; I could speak of "hacked Web page," but the hacking involved would be related to the unauthorized access, not to the defacement of the page. "Hacked e-mails" sounds fine to me, although I understand it to be the e-mail system, not the messages themselves, that were hacked.
I do recognize that there is a distinctly different use of "hack" that may refer to quite different forms of computer usage. I would never call ordinary programming "hacking," although clearly some people do. My use of the term was probably most influenced by three things. In the movie TRON, Jeff Bridges' character Flynn admits to doing a bit of "hacking" as a way of not precisely admitting that he's been breaking into his former employer's computer system. The other characters correctly interpret this as an admission of guilt. There was also the video game Hacker, that begins with breaking into a computer system and finding out something you're not meant to know. And the third influence on my usage was MIT culture, which tended to sneer at "hack" used for anything that doesn't involve transgressing boundaries. "Hack" has a much broader meaning at MIT, referring to all sorts of pranks, but people who advertised jobs looking for "code hackers" were quietly snickered at.
Dan T. said,
November 23, 2009 @ 2:57 pm
"Hack", in its traditional techie senses, focused more on the display of technical ingenuity, and the pleasure derived by geeks from exercising this, than on what was actually gained or accomplished (licit or illicit) through the exercise of hacking. By this standard, using it to identify what was stolen is a strange usage that probably wouldn't have been used by the original users of the term.
Faldone said,
November 23, 2009 @ 3:00 pm
Is it possible that the e-mails were altered to clarify possibly ambiguous statements, e.g., "We believe that global warming is primarily caused by human activity" being changed to read "We don't believe that global warming is primarily caused by human activity"?
Dan T. said,
November 23, 2009 @ 3:03 pm
One might "hack into" some e-mail system, where the "hacking" consisted of successfully defeating whatever security that system had (the better the security, the bigger a hack it is to get past it), but you're not "hacking" the stolen messages themselves; that's merely reading and copying plain text data that's easily found once you've gotten past the security. If, on the other hand, your aim was to alter the system in some way, like to make it say "You Are A Loser!" next time they log in, then that would itself be a "hack" in addition to the hack of getting access to the system in the first place.
Dan T. said,
November 23, 2009 @ 3:04 pm
Making subtle alterations to message text in order to attempt some sort of social engineering on the readers of them might be considered a hack too.
Mark F said,
November 23, 2009 @ 3:12 pm
I think I sort of agree with Mark P. If you break into somebody's office and steal their lab notebooks, you haven't hacked them, you've just stolen them. Basically, "hacked" is more specific than "stolen" because it indicates that computers were involved.
Jake T said,
November 23, 2009 @ 3:22 pm
Jesse Sheidlower hits the nail on the head here. In circles where "hacking" is a regularly used verb, "hack" = modify.
This is an illustration of the journalist not quite understanding emerging vocabulary (and in the process of 'incorrectly' using it, perhaps begins to shift the meaning?)
[(myl) Maybe — but I bet that hacked meaning "obtained by hacking/cracking" is here to stay.]
Spell Me Jeff said,
November 23, 2009 @ 3:30 pm
I think "hack" still counts as a neologism, and given the rate of neologism-making associated with digital communication, it comes as no surprise that "hack's" meaning and syntax should still be in flux. The phenomenon is interesting to observe, and certainly to record, as Mark has diligently done.
Mark F said,
November 23, 2009 @ 3:35 pm
Sorry, I posted without refreshing. Mark P already covered what I said.
ellis said,
November 23, 2009 @ 4:28 pm
Out of curiosity – what on earth's a 'blue-dress moment'?
hapax said,
November 23, 2009 @ 4:29 pm
I always associate "hack" (in the sense of theft by means of illicit digital access) with "hock", which in the jargon of my (USA) youth, referred to shoplifting (horses, Rhine wine, and pawnshops being all sadly absent from my ken at the time).
Both of these were forms of stealing which were in a sense justified by the cleverness of the thief and the feeling that the victim "deserved" it.
Sili said,
November 23, 2009 @ 4:40 pm
I certainly had no trouble parsing "hacked emails" as "emails obtained by hacking a computer system.
The techies are of course allowed to keep their technical meaning, but they don't get to decide what a word means once it escapes into the general populace.
Just like the rest of us. ;-)
Sili said,
November 23, 2009 @ 4:42 pm
ellis,
It's a reference to the Starr Report.
John Lawler said,
November 23, 2009 @ 5:06 pm
Well, some of us have powers. Jesse can settle bets in bars authoritatively, for instance.
Boris said,
November 23, 2009 @ 5:13 pm
I am a programmer and would never describe ordinary coding as hacking, especially in a positive way. I might say I hacked something *up*, but that has a distinctly negative connotation, as if I'm saying it could have been done in a much better way. When you hack something up, it becomes a hack. It does not become hacked.
But mostly, in my usage, you can hack into X, meaning obtain access to a system, repository, or computer program X in a non-traditional way (not necessarily illegally or maliciously) using a computer, or you can hack X, which would mean modify X by hacking into it (illegally or maliciously).
X only becomes hacked if you hack it. It does not necessarily become hacked if you merely hack *into* it. Thus, if I hacked into a system to obtain E-Mails, nothing becomes hacked, not the system (because it was not changed in any way) and certainly not the E-Mails even if they were changed (because they are not a system, repository, or program). In fact, I would consider "hacked E-Mails" to be wrong regardless of what the intended meaning was. You can't hack into it, therefore, you can't hack it and it can't become hacked.
But that's just my opinion. Another usage of a technical term that really grates for me is saying "blog" when you mean "blog post" or "blog entry" (I don't remember whether LL has ever been guilty of this). "In tomorrows blog, I'll…" NO, NO, NO, it's the same blog!
Ben Anhalt said,
November 23, 2009 @ 5:34 pm
To me, hacked email is hacked in the same sense as freshly squeezed juice is squeezed. I guess verbs are often semantically broadened in this fashion where they gain the ability to take as their direct object whatever is the ultimate product of the action. Thus one can paint a canvass or paint a portrait.
Peter Taylor said,
November 23, 2009 @ 6:54 pm
The cited phrasing of messages "hacked from" a server is marked to me (native BrE speaker and programmer). It makes me think of using a pick-axe, but that clearly makes no sense in context. The most natural rewording would be along the lines of "messages and documents stolen by hacking into a computer server".
uberVU - social comments said,
November 23, 2009 @ 7:29 pm
Social comments and analytics for this post…
This post was mentioned on Twitter by slonob: Etymology of hack in the context of the climate change scientist emails. http://languagelog.ldc.upenn.edu/nll/?p=1914…
Layra said,
November 23, 2009 @ 7:53 pm
I've only heard hack (as an illegal maneuver) as "hack into", which means illicit access to both read and modify. In my particular lexicon, hacking a system is more about getting access rather than what is done once you've gotten said access. It's a matter of breaking-and-entering, rather than of robbing or vandalizing.
In contrast, a hack in programming is a piece of code that exploits a particular situation in an inelegant and non-robust fashion; this is generally considered bad programming.
Kenny V said,
November 23, 2009 @ 8:28 pm
To me, "hacked data" just sound like a a short way of saying "data gotten by means of hacking"
What is a blue dress moment?
[(myl) Something like this.]
Garrett Wollman said,
November 23, 2009 @ 10:54 pm
I'll keep it short and agree with other commenters that "hacked from" in this context is not part of my dialect.
The other Mark P said,
November 24, 2009 @ 12:06 am
There is no proof the data was externally accessed. It may have been released by a person from the inside. A leak in common parlance.
It is even possible that the action was entirely legal. Publicly funded information being released to the public by a concerned person with authority to do so. But who wanted to remain anonymous.
"Is it possible that the e-mails were altered to clarify possibly ambiguous statements,"
Well it's possible, but we have no evidence for that.
If the data has been altered, then you would expect the innocent to proclaim it fairly loudly. That has not been done, so the only reasonable assumption is that the data is good.
Phil said,
November 24, 2009 @ 6:23 am
Moving out of the world of systems and data, 'hack' certainly = 'modify' at Ikea Hacker. Nothing illicit is involved; if anyone's breaking into Ikea and stealing stuff, they're not posting about it there. The 'hacks' are home-modifications of Ikea furniture to customise them in some way not intended by the original designers.
Ginger Yellow said,
November 24, 2009 @ 7:19 am
It is even possible that the action was entirely legal. Publicly funded information being released to the public by a concerned person with authority to do so.
Not sure what public funding has to do with it – unlike the US, the UK has no law saying publicly funded data is available to all. The Guardian has only just succeeded in a multi-year campaign to get the government owned Ordnance Survey to provide its data to the public for free. And besides, data privacy law is much stricter here, so it's highly unlikely anybody would have the authority to release private emails.
rpsms said,
November 24, 2009 @ 12:47 pm
@William Lockwood:
a "hacked copy" is, in fact a copy with modified data. Most programs which are hacked or cracked have copy protection and they need to be altered in order to be useable.
lucia said,
November 24, 2009 @ 7:33 pm
I blog climate. I've been having trouble decided whether I should be using the word "hack" or "leaked". I've also observed some emails making a distinction between "hacked" and "stolen from a computer".
My background is engineering, I know plenty of computer scientists who, like me, use "hack" a variety of ways including: Banging quick and dirty code or breaking into computers (which might require banging out quick and dirty code or using a code or something. ) Periodically, some people pop up and complain that breaking into computers should be "cracking", but this complaint is pretty rare.
My main difficulty with word choice on my blog has related to some fact in dispute. I've read arguments over application of "hacker" to whoever leaked the documents form CRU. But this isn't so much a linguistic issue as a question of what happened.
For example: Gavin at Real Climate reports that hackers broke into their servers and uploaded a file. So, if true, I, and I think many people, would say "Someone hacked into RC's server."
In contrast, we aren't entirely sure if the CRU data was obtained by an internal user who had an account on the machine. If so, files were stolen, but, at conversations at Climate Audit, at least some who hold with the internal whistle blower theory don't consider that person to have "hacked" into CRU. I'm not sure everyone makes that distinction between "stolen from a computer" and "hacked", but at least some do.
On the more specific question of whether "hacked emails" is being understood as counterfeit: I don't think the word is being read to communicate that on climate blogs. Plenty of people have been discussing whether or not the hacked emails were edited or authentic. As far as I can tell, in this instance the word hacked is being used to suggest they were stolen from a computer. Whether or not they were filtered, edited, corrupted, or manipulated afterwards is a distinction made using a different set of words.
That said: I'm not running any codes to try to analyze how they word is really being used. Also, of course, many more precise speakers could object the use, but I think, in the current story, "hacked email" is being used to suggest "stolen from a computer by someone who has no authority to access that computer".
The other Mark P said,
November 25, 2009 @ 4:54 am
"so it's highly unlikely anybody would have the authority to release private emails"
I don't know about your work place, but I can't send a private e-mail at my job. If a person in the chain of command wants to release anything I send, they can.
I would also note that none of the e-mails pertain to genuinely private matters. That is one reason to strongly believe that they are leaked, not stolen. The third possibility, and it has happened before with CRU, is that they were left in a public place and taken.
Does it count as "hacked" if the hacker just happens to be looking in a folder and finds them? I have always felt "hacking" implied a level of skill – analogous to the difference between cat burglary and ordinary breaking and entering.
Ken Brown said,
November 26, 2009 @ 9:09 pm
The other Mark P said: ' "so it's highly unlikely anybody would have the authority to release private emails" I don't know about your work place, but I can't send a private e-mail at my job. If a person in the chain of command wants to release anything I send, they can. '
No way here. I work at a UK university and part of my job is managing email servers so I am in a postion where I could intercept or delete other people's mail if I wanted to. Data protection laws, and our university's conditions of employment, and our notion of academic freedom, and our own department's sense of ethics all say I can only do that to maintain the functioning of the system (for example I delete spam). But I would not be allowed to read or copy personal mail just because I wanted to. Nor would my managers be permitted to instruct me to, and if they did without reason I'd be in a strong position to refuse to help them (& I have done so in the past at another workplace). Things are different if the criminal law gets involved, but its not up to us to copy or publish private mail. And it makes no difference to the privacy that its on our kit – if it contains personal information about identifiable students or staff, its covered. We could delete it, but not publish it.