8/7/2019 Tapping Underground Innovation

1/4

FIELDWORK.) H J...'1, 5t~

tlII:5/,tj ~Yb~\ t:. \'\ t 1"" Jtrt:) r

.~

/..'J~

Iground community finds a proprietary systemworth exploring, the company can do little to pre-vent that activity, and the opportunities for suchinnovation have only increased as products havebecome more electronically sophisticated. Con-sider, for example, how microchips now controlnot only robotic dogs but everything frommicrowave ovens o automobiles. Thus, instead ofexpending tremendous resources n an attempt tobuild impenetrable products, companies shouldexpect and plan for their systems o be breached.The goal then becomes one of peaceful -if notmutually beneficial- coexistence. o achieve his,however,companies first need to understand howunderground communities operate.

Companiestypically haveantagonisticrelationshipswith hackers,"madders" andothers who altertheir products.but is there away to work with-instead ofagainst -suchundergroundinnovators?ETHAN MOlLiCK

Elitesand KiddiesUnderground groups typically contain two distinctclasses: lites and kiddies. "Elite" is a term reservedfor those who truly innovate -the wizards whounderstand the inner workings of a proprietarysystem and are able to make it do things neverintended by its developers. "Kiddie" is short for"script kiddie:' signifying someone who does nottruly understand a system but merely uses toolscreated by the elites to exploit the system n someway. At first this might seem ike the natural dividebetween experts who understand products andothers who just use hem -the difference betweenauto mechanics and the average consumer whodrives but has ittle working knowledge of cars.Thedistinction, however, s far more complex.

In an underground community, elite statuscomes from achievement, usually from originalwork with some scientific or engineering signifi-cance and not from pranks or thefts. Generallyspeaking,elites are not interested in innovating forthe sake of theft. To them, underground innova-tion, no matter how seriously it is taken, is pri-marily a hobby motivated by intellectual curiosity.Many elites have normal day obs or they attendschool, playing the role of hacker only during their

Many complicated,proprietary systemsattract a dynamiccommunityof under-ground innovatorswho exploreand alterthem -and notalways in ways thatmanufacturers ppreciate. hese ndividualshavelittle regard or the businessmodels that compa-

nieshavecarefullydevisedo profit from hose ys-tems. Instead, hey are driven by utility, curiosityand occasionallyeven anger,bypassing echnicaland legal safeguards n their drive to explore.Called by different names -hackers, phreakers,crackers and modders, among them -theseunderground nnovatorshave complexand oftenantagonistic relationships with the companieswhoseproducts heymodify. For nstance, fteranavid customer evelopedree software or Aibo tomake the mechanical dog dance, manufacturerSonyCorp. espondedwith a threatof legalaction.Did Sonymiss a golden opportunity, or are thepotential benefitsof tapping into suchunautho-rized activitiesnot worth the possible isks?

To answer hat, I have studied undergroundinnovations n various industries, ncluding soft-ware, telecom,video gamesand DVDs. For thisresearch,monitored messageoards, tudiedpri-mary digital document repositories and inter-viewed a number of underground innovators,outsideanalysts nd company mployees.n manycases,underground innovation triggers a warbetween he community and the company.But ifhandled properly, t can also ead to cooperationbetween he two parties, potentially resulting innewbusinessmodelsand novelproducts.

Few companiesactually plan for -let alonedesire the emergence f an undergroundcom-munity. Instead, hey go to great engths o securetheir proprietarysystemso discourage uchactiv-ities. But thoseefforts are often utile. If an under-IIlust',"'" '" Midlael 'Iorgen,'em SUMMER 2005 MIT SLOAN MANAGEMENT REVIEW 21

8/7/2019 Tapping Underground Innovation

2/4

FIELDWORK

activity that was potentially illegal. This vi-.;w istypical: During the discovery period the under-ground innovators perceive heir work as harmlessor evenas possibly helpful.2. Exploitation When news of the discovery spreads,reaching other potential elites and the first kiddies,the stage s set for exploitation. During this phase,the number of people with access o the under-ground information can increase dramatically, aswhen Esquiremagazinepublished an article in 1971that introduced the blue box to hundreds of thou-sands of readers. Exploitation is often a time of

great nnovation -underground activityUnderground communities typically contain two has yet to be sp.ecifically~ut1awed,.and

many people are mterested m becommg adistinct classes: elites and kiddies. Each plays a very part of the community, discovering andsharing new ideas. But it is exactly thisburst of activity that leads to abuse. Kid-dies eager o be recognized as elites might

publish simple guides for resolving technical prob-lems or createsoftware packages hat automate cer-tain underground processes. Also, the socialcontrols that kept information in the hands of elitesbegin to break down, as knowledge is disseminatedfreely via Web sites and other means. At this point,some of the early elites. might divorce themselvesfrom the community, refusing to take responsibilityfor the process hey started.

free time. To that end, though, they will devotecountless hours attempting to perform some com-plex task, ike writing software code that enhancesthe functionality of an existing program, forwhich remuneration is unlikely. Elites are theheroes of the underground; some are even wor-shipped like rock stars. For elites, credit and repu-tation matter tremendously, serving as both areward for their work and as a way to distinguishthemselves from the vast majority of the under-ground community -the kiddies.

Not only do kiddies represent a considerablylarger group, they also have a much wider range of

different role in the innovation life cycle.motivations. Many are aspiring elites, but someare pure vandals who are responsible for the vastmajority of hacking damage.Kiddies are also morelikely to be caught, and their ploys often receiveextensive media coverage, ainting people's per-ceptions of the entire underground community.The Underground CycleElites and kiddies play very different roles in thelife cycle of an underground innovation. Thatcycle typically includes the following six stages: 1)discovery, (2) exploitation, (3) reaction, (4) war,(5) incorporation and (6) boredom.

3. ReactionThe company becomes aware of theunderground activities, sometimes becauseof eco-nomic damage caused but more frequently as aresult of media coverage or an announcement bythe innovators themselves,who might be eager oshare heir discoverieswith the world. If the under-ground innovations threaten the company's busi-ness model, the organization can go quickly fromdefense to offense, starting with threats of legalaction and criminal prosecution. In effect, thecompany turns the underground community intocriminals, making what might have been innocentinnovations into illicit activities. Of course, by thistime the genie is already out of the bottle, but manycompanies still go into attack mode, hoping to atleast suppress he further spread of information ifnot wipe out the community entirely.

1. Discovery Elites are the first to uncover theinner workings of a proprietary system. Theirexploration tends to be small-scale, with onlyhandfuls of users innovating, often by workingdirectly with one another. With "phreaking:' or thehacking of the phone system, discovery com-menced in the late 1960s,when the original MITTech Model Railroad Club, among other aspiringengineers around the country, investigated howthe phone network responded to the playing ofvarious audio tones into a receiver. An importantearly invention of thesegroups was the "blue box:'which mimicked the tone used by pay phones toindicate that a coin had been inserted. This wasseen as a natural extension of the work the clubwas doing with early computers, rather than as an

4. War In the war stage, the innovators whoweren't scared off by any strong-arm tactics (or

22 MIT SLOAN MANAGEMENi REVIEW SUMMER 2005

8/7/2019 Tapping Underground Innovation

3/4

whL might have even been attracted to the danger)wage an all-out battle, increasingly harassing thecompany. The fight transforms the undergroundcommunity, altering its basic motivations. Earlyon, elites might have viewed themselves in fairlybenign terms, perhaps as outside experts orexplorers. Even after kiddies begin to wreak havoc,elites often do not see heir role in the damage (orthey are able to rationalize to themselves that theybear little responsibility). But the war stagechanges all that. Many underground innovatorsare certainly scared off, but those who remainbegin to adopt an "us versus them" mentality.Often they will focus their efforts on the mostsecure (and typically the most valuable) systems,inflicting substantial damage to the company.

To exacerbate matters, the underground com-munity often begins to justify its actions byappealing to higher principles. In the 1970s, orexample, phreakers came to see themselves asunderdogs fighting against the government andbig business to keep information -and technol-ogy -in the hands of the public. More recently,asimilar call to arms has been heard in response ocourt decisions regarding DVD encryption andthe file sharing of music. Companies, for theirpart, increase their arsenal of technological, legaland public relations maneuvers to thwart theunderground. The result: an escalating arms racebetween the two parties.

Incorporation can follow even the nastiest ofwars. Consider Microsoft Corp:s acrimonious bat-tle with LOpht Heavy Industries, he Boston hackergroup. In 1997,LOpht uncovered a serious securityflaw in Wmdows NT, Microsoft's operating system.But Microsoft essentially dismissed LOpht's workby not acknowledging the severity of the problemand by performing just minor fixes to address t.That reaction infuriated LOpht, which thenresponded by releasing LOphtcrack,an easy-to-useprogram for exploiting the NT flaw. Microsoft'sflagship product thus becamevulnerable to hordesof kiddies. Throughout the ensuing battle,Microsoft kept denying that LOphtcrack exposedany real security issues,and LOpht continued toissue new versions of the hacker program.

But incorporation eventually took place. In2000, LOpht oined up with @stake nc., an Inter-net security firm that is now part of SymantecCorp., to become a legitimate business. Soonafter, Microsoft and other industry leaders,including @stake,unveiled a new policy for theresponsible disclosure of software bugs. Theini-tiative set forth a method for hackers to reportsecurity flaws -and to get credit for doing so. Inreturn, the hackers would withhold any publicrelease of information about the flaw until 30days had elapsed. Both parties had thus come toan accommodation of sorts.6. BoredomUnderground innovators are driven bytwo desires -to discover hings and to be recog-nized for those achievements. As soon as theopportunities for either fade, the communitybegins to enter the final stage: boredom. Duringthis period, the underground doesn't usually dis-band; it simply moves on to a more interestingarea,starting the innovation cycle over again witha new technology to explore. The hacker commu-nity, for example, has persisted over years, but itsareas of interest have changed, shifting fromaccessing forbidden databases to discoveringweaknessesof wireless Internet hotspots. Giventechnology's rapid life cycle,new products quicklybecome of interest while past ones become"uncool" and obsolete.

5. Incorporation ltimately, though, the strugglebecomes battle of attrition. From he company'sperspective, rackdownsare only partially effec-tive, as new underground members eplace hosewho have eft. And the undergroundsuffersas hefear of getting caught and the maturing of thecommunity results n the departure of valuableelitesseekingmore egitimateuses f their talents.Thus incorporation occurs, n which he two par-ties reachan uneasyaccommodation,with someelitesgoing to work for the companieswhile oth-erscontinue o battle against hosesameorganiza-tions. Elites therefore fight againstelites,solvingproblems that their former colleagues ave cre-ated. At best, his phaseevolves nto "productiveantagonism," n which underground nnovationsmake their way nto the corporateworld evenasthe peopledoing that \"ork continue to flout thetechnological nd egalboundaries.

A Different Strategy

23UMMER 2005 MIT SLOAN MANAGEMENT REVIEW

For many products, the emergence f under.ground innovators s inevitable, et the relation-

8/7/2019 Tapping Underground Innovation

4/4

~FIE,LDWORK-'rewards that encourages positive innl!vations.Elites -called "modders" because they modifyexisting games -are routinely recognized fortheir accomplishments. For example, they aregiven important responsibilities, such as moderat-ing an official board or testing new software. Onecompany -Epic Games nc. -even sponsored a$1 million contest for the best modifications of itsproducts. And companiesalso have been known tohire some of the best modders. The bottom line?By the early 1990s, the same community thatdeveloped methods of illegally copying computergames also was responsible for groundbreakingmodifications that added exciting new contentand functionality to existing games.

An ancillary benefit of working with elites isthat it can help limit the material produced andavailable to destructive kiddies. Consider theunderground community that has sproutedaround TiVo Inc., the digital videorecorder serv-ice. Thanks to TiVo's amicable relationship withelites, many unofficial discussion boards on theInternet have voluntarily implemented self-polic-ing mechanisms to discourage innovations thatmight harm the company. For instance, the largestTiVo hacking site has banned the topic of "videoextraction" (the copying of saved programs) aswell as any talk about ways to get around payingfor the subscription service.

Even when an underground communityappears hellbent on destructive activities, compa-nies should still consider alternatives o all-out war.Although AT&T Corp. was certainly justified foraggressively ursuing fraud casesagainst blue-i;>oxusers, he company may have missed an opportu-nity to tap into technology from the phreakermovement. Instead of waging a battle against theentire underground community, what if AT&T hadapproached a number of the elites as innovativehobbyists rather than as criminals, perhaps evenproviding those individuals with tools to focustheir efforts toward constructive innovations?What benefits could AT&T have reaped? Unfortu-nately, he company will never kno\,".

ship between a company and a community's elitesdoes not necessarilyhave to lead to war and incor-poration. With careful management, t can insteadresult in an alternative stage -symbiosis -aslong as the needs of the two parties aren't entirelyat cross-purposes. n the best of cases, ny damagefrom destructive innovations that might occur isoutweighed by the benefits of other constructiveunderground work.

In symbiosis, companies deploy different tac-tics for elites and kiddies, in contrast to the tradi-tional practice of treating the two groups thesame. Specifically,businesses ry to establisha dia-logue with those elites who might make positivecontributions. Identifying at least a few such indi-viduals is not difficult. They are the ones who actas moderators on popular online discussionboards or who write the software that everyoneelse in the community uses. Becauseelites oftenwant recognition for their work, they will usuallybe responsive to unofficial contacts from compa-nies and also can often be helpful in identifyingother elites. But companies should be careful tokeep the initial contact light and unofficial untilmore is known about the community. Obviously,giving the wrong individuals an official stamp ofapproval could have disastrous consequences.

Cultivating elites might require a completelynew mind-set. For example, when hackers find asecurity hole in a product and publish that infor-mation, the company's typical reaction is out-rage. Instead, the organization might considermaking an overture to the hackers, thankingthem for uncovering the hole and perhaps askingif they've found other problems. Remember thatelites want recognition for their achievements,mainly as a sign of respect. But this does notmean that companies need to pander to them.Nor should they perform the equivalent of pay-ing protection money to an elite mob. Instead,they need to nurture constructive elites, even asthey deploy more aggressivemeans to thwart thedestructive kiddies.

A good model of this can be found in the videogame industry. Manufacturers of computer gameshave no tolerance for those who copy their prod-ucts illegally, but at the same time they haveactively pursued relationships with elites. To facil-itate this, the industry opened up its games o usermodifications, and it implemented a system of

Ethan Motlick is a doctoral student at the MIT SloanSchool of Management. He can be reached at emol/ick@mit.edu.Reprint 46406. For ordering information. see ;,age I.Copyright @ Massachusetts Institute of Techn"llIgy. 2005. Allrights reserved.

24 MIT SLOAN MANAGEMENT REVIEW SUMMER2005