Professor Scott J. Shapiro Delves into the History and Ethics of Hacking

computer code on a screen

In his book, Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks (Farrar, Straus and Giroux, 2023), Professor Scott J. Shapiro ’90 traces the very human history behind hacking. Shapiro argues that psychological and social forces shape cybercrime and cyberwarfare, threats that are much-feared but rarely, if ever, understood.

Fancy Bear goes Phishing Book Cover

Fancy Bear Goes Phishing dispels common misconceptions about hacking, the act of breaching a computer system or otherwise exploiting its vulnerabilities. Hacking, Shapiro explains, is not only a matter of technical computation, or “downcode.” He uncovers how “upcode,” the norms that guide human behavior, and “metacode,” the philosophical principles that govern computation, determine what form hacking takes. Shapiro examines the interplay between upcode, downcode, and metacode in five historical examples — one of which concerns the titular Fancy Bear, a cyberintelligence unit within the Russian military.

LISTEN: Scott Shapiro talks about the lessons to be learned from the five hacks in his book on The Lawfare Podcast

Fancy Bear Goes Phishing brought Shapiro back to his earliest passion: computer programming. In the introduction, Shapiro recounts the first time a classmate in ninth grade biology showed him how to use a computer. “I was obsessed with computer programming for the next decade,” he recalls. But though Shapiro went on to declare a major in computer science and found his own computing company, he eventually turned to philosophy and law.

The idea to write about hacking came to Shapiro after he co-authored The Internationalists: How a Radical Plan to Outlaw War Remade the World (Simon & Schuster, 2017) with Oona Hathaway ’97, the Gerard C. and Bernice Latrobe Smith Professor of International Law. Shapiro and Hathaway’s book examines the modern history of war and efforts to establish global peace. The Internationalists left Shapiro thinking about cyberwar, which is often said to be how wars of the future will be waged.

Scott Shapiro portrait
Professor Scott J. Shapiro

To understand the technical dimensions of his subject, Shapiro taught himself how to hack.

“Given my extensive technical background in computer science, I figured it wouldn’t take me long to get up to speed,” he writes. “But I was wrong. So wrong.”

Shapiro’s research led him to memorize coding languages, audit a graduate-level seminar on operating systems, and frequent hacking conventions. In the process, he devised a cutting-edge course about lawyering in the information age.

Shapiro hopes to equip future lawyers and policymakers with the technical knowledge required to regulate the digital realm. While he does not minimize the harm done by hacking, Shapiro finds widespread alarmism to be unfounded.

“Cybersecurity is not a primarily technological problem that requires a primarily engineering solution,” Shapiro concludes. “We need to pay attention to our upcode, determine where the vulnerabilities lie, and fix those rules so that we produce better downcode.”

Scott J. Shapiro is the Charles F. Southmayd Professor of Law and Professor of Philosophy at Yale Law School. He also serves as founding director of the Yale CyberSecurity Lab. Shapiro’s areas of interest include jurisprudence, international law, constitutional law, criminal law, and cybersecurity. He holds a B.A. and Ph.D. in philosophy from Columbia University and a J.D. from Yale Law School.

Shapiro was co-editor of The Oxford Handbook of Jurisprudence and Philosophy of Law (Oxford University Press, 2002) and serves as an editor of Legal Theory and the Stanford Encyclopedia of Philosophy. In addition to Fancy Bear Goes Phishing and The Internationalists, he is the author of Legality (Harvard University Press, 2011).