R00tz Asylum Is Teaching Kids To Become Hackers,  And That’s A Good Thing

(Originally published by The Toolbox here)


On August 7th, computer geeks from across the world converged at DEFCON, a three-day long educational mecca, social getaway,  and networking opportunity for hackers rolled into one. While some may raise their eyebrows at the idea of a “hacker convention,” DEFCON challenges the stigma associated with hacking. The convention’s mission is not only to promote the code-breaking expertise of its participants, but to strengthen and celebrate the culture of hackers around the world. DEFCON attendees are aware that while it’s the province of would-be credit card thieves and malware engineers, “black hat” hacking — the type associated with destructive activities — is but one of its many variations. There’s no shortage of the “white hat” kind, black hat’s diametric opposite, in that it champions the application of code-breaking skills to the greater social good. If it weren’t for the efforts of a wide and vocal global network of white hat hackers, DEFCON wouldn’t exist.

It makes sense then that the first-ever organization dedicated to passing on the art of hacking-for-good held its second annual event at DEFCON this year. R00tz Asylum is a nonprofit that educates and inspires the next generation of white hats. R00tz explains that “a white hat hacker is someone who enjoys thinking of innovative new ways to make, break, and use anything to create a better world. Hacking gives you super-human powers. You can travel time and space. It is your responsibility to use these powers for good and only good.”

R00tz Asylum 2014 took place at Bally’s Hotel in Las Vegas, close to DEFCON’s main campus at the Rio Resort and Casino Complex. While DEFCON is geared toward adults and has been known for its grown-up antics over the years, R00tz’s separate location ensures that it’s a safe space for young people to learn, play, and connect with techies their own age. Children are not allowed into either R00tz or DEFCON without the accompaniment of a guardian; adults who choose to bring their children are warned that, as is the case with the greater hacking community, activities ranging from the mild-mannered to the decidedly-adult take place there. With this in mind, parents are responsible for what their young ones may be exposed to over the course of the event.

For those who sign their children up for R00tz Asylum, however, this admonition isn’t a turn-off. In fact, its necessity is part of what makes it so appealing. Many of its panels and workshops focus on mature subjects, and for good reason. The event’s organizers are aware that you can’t say the word “hacker” without calling to mind its negative connotations, even when you’re addressing groups whose average member hasn’t yet reached legal voting age. Instead of shying away from the more shadowy parts of the hacking world, R00tz confronts them directly as a way to spark a conversation about the ethics, responsibilities, and societal function of hackers.

The way they see it, this is beneficial for a number of different reasons. Abiding by its definition of “white hat,” R00tz exists not only as an educational venue, but as a means to harness the energy and intelligence of young computer geeks for good. The event’s organizers are aware that ethical standards for teaching hacking to young people haven’t yet been developed. Because the field is too new, and it’s a difficult topic to introduce in school computer science programs. But because computer literacy is rising so rapidly among people of all age groups, the organizers are hoping to jump-start a conversation on the ethics of code-breaking.

Outside the realm of R00tz, there’s an ongoing debate about whether skills necessary for breaching security systems should be introduced before young people have developed the same moral decision-making skills as adults. After all, a child who learns how to build websites while they’re in grade school might become a teenager who deals with angst by snagging private data. England is considering introducing programming into its standard curriculum for five year olds, a development that has raised some red flags. Carl Miller, research director at the Centre for the Analysis of Social Networking within the London-based think tank Demos, is one such critic and made the following statement.

“The course itself doesn’t seem to deal with the rights and wrongs of the use of these new skills…These are all necessary skills for the digital workplace and we have a shortage of them in the UK at the moment. But they absolutely can be used both for right or wrong.  These skills – technical prowess, an analytical ability and digital creativity – are exactly the ones needed for hacking.” 

Miller’s concerns are not wholly unfounded, of course; high-profile cases of black hat hacking have shown the world just how destructive it can be. The Heartbleed Bug [http://heartbleed.com/] is a noteworthy recent example, and there have been countless others. Of course, most hacks don’t happen on the scale of Heartbleed. A more common situation may come when a young woman with the ability to access her school’s electronic database realizes that she has the ability to change the grades on her report card. 

The idea behind R00tz is to create an alternative to the all-too-common recasting of hacking as a fringe or criminal hobby. This misdefinition might only encourage kids to explore their interest in computer systems from the perspective of wrongdoing, even if they start with seemingly petty activities like grade-altering. R00tz champions the idea that there are better uses for this kind of technical prowess; the young woman in this scenario could instead be helping out her school IT staff by testing their system, and in doing so, would hopefully be set on a path toward a lifetime of programming for the greater good.

This brings up the very practical angle of R00tz. Throughout the weekend of the event, it’s made clear that not only is it possible for school-age kids to pull off cool stunts without harming anybody, but that learning how to do so will set them up for a lucrative career and a role in an interesting worldwide community. R00tz’s events are split between workshops that focus on technical projects, such as hacking Christmas lights or pet-tracking devices, and more high-minded discussions led by seasoned white hats. In presenting their own experiences with candor and warmth, these speakers gain the trust of their young audience. Transparency and accountability are at the front of everybody’s mind in the hacking world. R00tz believes it’s possible to convince the next generation of hackers to go white hat by offering reliable firsthand testimonies of what the scene is really like, such as the one seen here:

R00tz staff know it’s no use to hide the fact that hacking brings up serious ethical conundrums. The organizations exists because many white hat hackers see youth education as one way to confront these issues head-on. Not only is it the right thing to do, it’s of critical importance to the future of information security. There’s a current shortage of highly skilled security experts, and the need is only growing. The hope that R00tz will jump-start the career path of programmers capable of tackling the future is no secret at the event. Several of its lecturers and workshop facilitators come from a security background, and they believe that introducing people to the field of data and systems protection while they’re young is critical to creating a solid defense against the next wave of digital criminals both in the US and globally.

There’s no question that the issues addressed at DEFCON and R00tz are serious. With this in mind, however, it’s important to note that curiosity, cleverness, and exploration is integral to hacker culture: it wouldn’t be what it is without an element of childlike playfulness. White hat hackers see themselves as promoters of the hacking style defined by famous programmer Richard Stallman, who in his seminal essay “On Hacking,” wrote “It is hard to write a simple definition of something as varied as hacking, but I think what these activities have in common is playfulness, cleverness, and exploration. Thus, hacking means exploring the limits of what is possible, in a spirit of playful cleverness.”

Hackers-for-good uphold the values Richard Stallman espouses, and it’s with a degree of cheerfulness and optimism more commonly ascribed to children than adults that white hats practice their craft. Though still in its early stages, R00tz Asylum promises to become an influential educational enterprise— not only for its chosen subject matter, but for its recognition that a mind toward the greater good is what catapults technical wizardry to the status of real-world superpower. That’s a concept that geeks of all ages can stand behind.


⚡️ emma stamm / 2016