Editor’s Note: Bruce Schneier is a security technologist and author of “A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back,” “Click Here to Kill Everybody” and “Data and Goliath.” The following essay is adapted from “A Hacker’s Mind.” The opinions expressed in this commentary are his own. View more opinion on CNN.
The Roth IRA is a retirement account allowed by a 1997 law. It’s intended for middle-class investors and has limits on both the investor’s income level and the amount that can be invested.
But billionaire Peter Thiel and others found a hack. As one of the founders of PayPal, Thiel was able — entirely legally — to use an investment of less than $2,000 to buy 1.7 million shares of the company at $0.001 per share, turning it into $5 billion in 20 years — all forever tax-free, according to ProPublica. (Thiel’s spokesperson didn’t respond to ProPublica’s questions about its 2021 report.)
Less profitable, but maybe more fun, was the “Pudding Guy.” In 1999, he found a loophole in how airline frequent flyer programs worked, buying 12,150 single Healthy Choice pudding cups at 25 cents each, giving him 1.2 million miles for $3,150 — and lifetime gold frequent flyer status on American Airlines.
Hacking is a computer term. It refers to finding unanticipated and unintended functionality in a system and using that functionality to make the system do things it wasn’t intended to do. In the computer world, it usually means gaining some sort of unauthorized access.
But all sorts of systems of rules can be hacked. Tax loopholes are hacks. So too are gerrymandering, the filibuster (invented by a Roman senator), and — if you think about it — the way Covid-19 hijacks our cells’ protein production. People can hack market systems, financial regulations, political rules, religious codes … anything.
I just published a book about hacking. In “A Hacker’s Mind,” I paint a picture of powerful hackers bending systems of rules to their own advantage at the expense of society. But hacking has its positive uses as well. At its core, hacking is about finding novel failure modes that have not yet been exploited. When they work, they result in the rules evolving — for better or worse.
Orthodox Jews are masters at hacking their religious rules. Work is prohibited on the Jewish Sabbath. This includes lighting a fire, which has been extended to include creating a light of any kind or doing anything that requires electricity.
Growing up in the 1970s, my cousins had a timer attached to the television’s power cord. The timer would turn the television on and off automatically — no human action required — so the only debate was what single channel to set the TV to before sundown Friday.
Carrying things in public is prohibited, which means you can’t carry a house key with you when you go out. But if that key is integrated into a wearable piece of jewelry, that doesn’t count, and you can take it with you.
When I was a kid, these sorts of ways of precisely following the letter of the rules to avoid their spirit felt contrived. But they’re really the method by which the 2,000-year-old Jewish law has adapted over the centuries to modern times. It’s hacking and — more importantly — the integration of those hacks into our ever-evolving society.
A successful hack changes the hacked system as it is repeatedly used and becomes popular. It changes how the system works, either because the system gets patched to prevent it or expands to encompass it. Hacking is a process by which those who use a system change it for the better — in response to new technology, new ideas and new ways of looking at the world.
This is hacking as evolution. In my book, I write about modern banking, high-frequency trading, luxury real estate and my thoughts about what much of what the gig economy companies are doing. These are all innovations that have changed society. And it continues. Today, there’s a Bluetooth device that makes a smartphone usable on Shabbat. The hack is that the buttons constantly have a small current running through them, so pressing them does not close a circuit — which makes it permissible under Jewish law.
So, yes, hacking is often used by people trying to gain an advantage. But harnessed well, hacking is a way of accelerating system evolution by incorporating an adversary in the process. And this sort of evolution is essential if systems are to survive.
An ossified system can’t respond to hacks and therefore has trouble evolving. Contemporary political science research suggests that when those in power refuse to allow their societies to evolve, their entrenchment can end up breaking the political systems.
Hacking provides such an evolutionary path. Whenever a court takes an old law and applies it to a new situation, it’s hacking that law. Whenever someone invents a new trick to bypass an old law, they’re hacking that law. The legislative process is slow; hacking can be much faster.
This is the positive side of hacking. A hack might violate the intent of an existing rule or norm. But it doesn’t necessarily violate the greater social contract.
In the 1760s, an English schoolmaster named John Entick hacked trespass law, which previously only applied to citizens invading each other’s property, to constrain the government as well. It was an unanticipated and unintended use of trespass law: a hack.
The court decided that the social contract was enhanced by enabling citizens to be secure on their own property and by not enabling the privacy of their homes to be violated by the government without due process. While a hack benefits the hacker at the expense of another part of the system, sometimes that expense is minimal. And if a hack falls within the spirit of the social contract, it can be an innovation that the system would benefit from absorbing.
Here’s a more modern example: People are hacking the notion of corporate personhood in attempts to win rights for nature, great apes, rivers, etc. The very concept of corporate personhood is a hack of the 14th Amendment, which lays out the rules of citizenship and the rights of citizens.
This disruptive power can also be harnessed by those at the bottom of our power structure and serve as an engine for social change. It’s how revolutions happen. Hacking is one of the weapons of the weak — and an important one at that.
In Darwinian evolution, nature decides which hacks stay and which hacks go. It can be cold and brutal but doesn’t play favorites. In social system evolution, the powerful are the favorites and often get to decide which hacks stay and go. If this isn’t fixed, then allowing hacks to drive evolution of systems will perpetuate status quo injustices.
The future of social hacking must combine the push to evolve with a focus on the greater good — or we’ll see our social systems begin to break down.
Society needs the innovative power of hacking. But today, because of the power of technology, damaging hacks can do more damage more quickly than ever before. But while hacking could soon be an existential risk — consider what could happen when artificial intelligence starts discovering and executing new hacks, and what happens if they affect climate — there is also reason for optimism.
The computing-driven technological advances that will exacerbate hacking also have the potential to make things better, by defending against bad hacks while finding and promoting the good ones. The trick is going to be getting the governance systems right.
We must build resilient governing structures that can quickly and effectively respond to hacks. It won’t do any good if it takes years to patch the tax code, or if a legislative hack becomes so entrenched that it can’t be patched for political reasons. We need society’s rules and laws to be as patchable as your computers and phones.