Do hacker how-to guides constitute aiding and abetting a criminal?   Because you have the right to my opinion

The world of cyberspace is fraught with criminals, and many law abiding citizens are struggling to apply existing laws to the web.

For example, we see SQL Injection Hacking Attacks on video all published under the guise of helping the security administrator understand the methods used by criminals to steal data, but with complete disregard for the criminals who will use the instructions to commit crimes.  Many of these "researchers" hide behind the DMCA (Digital Millennium Copyright Act), saying that it gives them the right to reverse engineer software, find vulnerabilities and broadcast them to the public at-large.

However, the DMCA was designed to protect web hosting services and ISP's and not specific web publishers.  In this article, a retired judge Fadeley notes that offering DMCA protection to bloggers and web authors is a serious loophole in the DMCA, and that new legislation is required to make bloggers and "cyber bullies" responsible for damage to people.  See Time for DMCA reform for details.

Irresponsible or illegal?

But not everyone agrees.  Oracle Corporation recently chided some security experts as being "selfish", "irresponsible" and "dangerous" for openly publishing instruction on how-to hack into Oracle databases:

"A few hours after Litchfield went public with a technical description of the flaw, including a blow-by-blow demonstration of ease in which an attack could occur, Oracle lashed back, accusing the British researcher of putting its customers at severe risk for selfish, irresponsible reasons...

Even as he downplayed the severity of the flaw, Harris said Litchfield's decision to go the way of "irresponsible disclosure" was a "dangerous thing to do.""

These types of detailed hacking directions clearly provide criminals with a recipe for hacking into internet databases. 

So, is advising a criminal illegal?

It's clearly irresponsible to publish these guides knowing that criminals will use the techniques, and it shows a clear disregard for the safety of confidential data.  But is it illegal?

The US has felony laws prohibiting aiding and abetting criminal activities, but it is not clear whether these laws extend to aiding cyber criminals, computer fraud, and computer forgery.  According to the FindLaw entry on criminal aiding and abetting a criminal (emphasis added):

"A criminal charge of aiding and abetting or accessory can usually be brought against anyone who helps in the commission of a crime, though legal distinctions vary by state.

A person charged with aiding and abetting or accessory is usually not present when the crime itself is committed, but he or she has knowledge of the crime before or after the fact, and may assist in its commission through advice..."

The larger question is whether giving advice that might be used by criminals constitutes aiding and abetting?  It appears that fore-knowledge that the advice could be used to commit a crime is required to sustain charges of criminal aiding and abetting.

Aiding and abetting a criminal is a serious crime

An argument could be made that someone who publishes step-by-step instructions for hacking into a database could reasonably expect that their instructions will be used by criminals, thereby making them an accessory to the crime.

But what about the "white hat" hacker sites that publishes useful information for criminals under the guise of helping the good guys?  Do they have any culpability when the criminal testifies that they used the instructions to commit their crime, and they could not have done it without the step-by-step directions?

With today's internet technology it's relatively easy to restrict access to hacking how-to guides by simply verifying the "need to know" of readers and verifying the job title of the security administrator who wishes to see the information.

Obvious there is no simple answer to this question.  Free speech advocates strongly believe that people should have the right to publish instruction on how to commit mass murder by tainting consumer products, how to build a hidden bomb, how to embezzle money and other detailed how-to instructions that are of no value to anyone except criminals. 

On the other hand, courts have upheld that publishers are completely responsible for their works, and there is clear culpability when someone publishes information that hurts others.

See my related notes on internet publishing: