Peeping Into A Hacker’s Mind: Can Criminological
Theories Explain Hacking?
I.
INTRODUCTION
If you know the enemy and know yourself, you need not fear the result of a hundred
battles. If you know yourself but not the enemy, for every victory gained you will also
suffer a defeat.
-Sun Tzu, Chapter III, The Art of War
Sun Tzu’s exposition about knowing one’s enemy has emerged as a recondite problem
for legal scholars in the face of lack of efficient rules concerning hacking and continues
to haunt them due to lack of understanding of the operating criminal mind and its
underlying designs and motivations. The information revolution has lead to creation of
‘information highways’ operating across the globe through interconnected computer
networks. The change has been unprecedented but surely not without pitfalls. The rapid
metamorphosis of social values and structures is resulting into a control deficit and the
consequent emergence of new computer crimes like hacking which have transgressed
national boundaries through a burgeoning interconnected cyberspace (which has
amplified opportunities for crimes like privacy violation and the information theft). Given
the presence of the networked computers in almost every aspect of modern life, the
amount of sensitive information stored on networks, and the relative ease with which
computer crimes may be committed, the study of computer crime demands greater
attention from researchers, law enforcement agencies and legislators. Law codes
throughout the world have proved ineffective in curbing the expanding domain of
hacking behaviour and hence a need has arisen to re-look at the strategies for containing
this emergent menace. This paper seeks to make a modest attempt to peep into the
hacker’s mind i.e. to understand the criminal behaviour of hackers and locate the source
of the rot. I seek to deploy the traditional criminological theories based on psychology,
social learning and rational choice to examine how they may be applied to develop an
1
Electronic copy available at: http://ssrn.com/abstract=1000446
understanding of this new deviant behaviour. However, this paper is only a modest
attempt to understand the explanations that these theories may provide for hacking and
thus does not seek to delve into the empirical verifications and other abstract theoretical
or logical contradictions that have been offered by the critics.
II. “HACKER”: THE CLASSICAL CONUNDRUM OF CLASSIFICATION
In order to explore the working of the criminal mind, it is required to develop an
understanding of different hacking-types so that there can be systematic deduction and
analysis of behavioural differences with varied underlying motivations. Rogers (2002)
argues that hackers are not a homogenous group and granulization and classification is
essential to pin up researches on understanding their behaviour. Generally speaking,
hacking is a successful or unsuccessful attempt to gain unauthorized use or unauthorized
access to a computer system.1 However, a lack of consensus over the connotation of the
term ‘hacker’ has been evident over the years. Originally, the term denoted outstanding
and radical programmers in the computer science fields who hailed usually from Berkley,
Stanford or MIT.2 Later, the concept underwent radical metamorphosis. Hollinger (1988),
based on a progression ranging from less skilled to technically elite computer crimes,
divided hackers into three categories: pirates, browsers, and crackers. Pirates, the least
technically proficient hackers, confine their activities to copyright violations through
software piracy. The browsers, with a moderate technical ability, gain unauthorized
access to other people’s files but do not usually damage or copy the files. The crackers,
the most proficient hackers, abuse their technical abilities by copying files or damaging
programs and systems. McAfee Corporation adopts the classification of hackers into
White Hats and Black Hats.3 White Hats tend to find flaws in security networks for
security corporations and thus contribute to the beneficial improvement of computer
1
Under Section 66 of the Information Technology Act, 2002, a person is said to have committed hacking if
he, with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or
any person, destroys or deletes or alters any information residing in a computer resource or diminishes its
value or utility or affects it injuriously by any means.
2
Peter T. Leeson & Christopher J. Coyne, The Economics Of Computer Hacking, 1 J.L. Econ. & Pol'y
511 (2005), at 513.
3 See Cynthia Fitch, Crime and Punishment: The Psychology of Hacking in New Millenium, (Dec 16,
2003), retrieved from (Last accessed on
July 10, 2007).
2
Electronic copy available at: http://ssrn.com/abstract=1000446
services for the users. Black Hats, the ill-intentioned hackers who abuse their skills, can
be further subdivided into angry hackers, script kiddies, and agenda hackers. Angry
hackers, motivated by hatred for a particular company or group, dedicate their resources
to harm them. Script kiddies create mischief on the internet for fun and use hacking tools
made by others. Agenda hackers include those disillusioned by political or economic
agendas or engaging in terrorist activities through large scale disruption of computer
networks. Lemos (2002) refers to a third group of hackers called Gray Hats who are
independent security experts, consultants or corporate security researchers and are
essentially reformed Black Hats like Kevin Mitnick.4 Finally, Rogers (2002), using the
findings from works of the computer security industry has categorized hackers into seven
distinct groups on a continuum of lowest to highest technical ability5 viz. Tool
kit/Newbies (NT), cyberpunks (CP), internals (IT), coders (CD), old guard hackers (OG),
professional criminals (PC) and cyber-terrorists (CT). The NTs are at initial stages of
hacking with limited programming skills and use tools and information provided on
internet by experienced hackers. CPs, skilled enough to write their own programs,
maliciously deface web pages and send viruses, worms and junk mails. Disgruntled
employees or ex-employees who hack into or attack their employer’s computer systems
either by abusing their privileges or special knowledge constitute the internal group and
conduct a formidable 70% of all hacking activity. OG hackers have high levels of skill
and understanding of computer systems and programming but are not malicious in their
intent and look upon hacking as an intellectual endeavour. Lastly, the PCs and CTs, the
most dangerous hackers, are highly skilled, use the latest technology and may act as
mercenaries for corporate or political purposes.
III. A PSYCHODYNAMIC PERSPECTIVE ON HACKING
Psychodynamic theories of crime were built on the ashes of Cessare Lombroso’s famous
biological theory of crime which had conjured up a ‘predestined actor model’ for the
4
Mitnick had been convicted for a four year term for his hacking spree in US and is presently acting as a
security advisor forming his own security company. He is being hired by companies to break into their
computer networks, reveal their security system weaknesses, and teach them how to better protect
themselves at high pay packages. See Talya Halkin, Legendary hacker Mitnick turns legit, The Jerusalem
Post (Feb. 24, 2006).
5
See also Cynthia Fitch, supra note 3.
3
criminal and explained criminal activity as an outcome of factors internal to human body
creating inherent ‘criminal dispositions’. They brought forth the ‘criminal mind’ as the
force behind crime, operating free from differences of social milieu.6 There seems to be a
natural link between hacking activities and hacker’s psychology as they indicate
premeditated and learnt patterns of behaviour. I propose to discuss three prominent
psychological theories viz. Sigmund Freud’s psychoanalytic theory, B.F. Skinner’s
Operant Conditioning and Hans Eysenck’s EPN theory.
(A) The New Age Hacker & Freud’s Psychoanalysis
Psychoanalytic theory, as developed by Sigmund Freud, relies on the hypothetical
fragmentation of human personality into unconscious and conscious forces.7 Freud
proposed that human conduct is governed by three forces viz. Id, Ego and Superego. Id
represents the unconscious impulsive force which includes primitive biological needs like
thirst, hunger and sex etc. He proposed a conflict of Id with Superego, which according to
him, represented the inner moral agency, whose development depends primarily on
satisfying parent-child relationships. The formation of superego depends on the norms
and moral values learnt by the child from his parents and guardians. In this paradigm, ego
represents the conscious part of personality which seeks to balance the above two
opposing forces. Behaviour depends on the balance of the psychic energy system and any
disturbance in this system may produce maladaptive development.8 Thus, he highlighted
two causes of deviant behaviour (1) an inadequate superego formation and functioning
due to impaired parent-infant relationships whereby the individual fails to control the
impulse of Id, and (2) repressed unconscious desires stemming from a failure to express
strong emotional ties with another person, often the parent. August Aichhorn, another
renowned psychoanalyst, stated that there was some underlying predisposition termed
“latent delinquency” which causes the later criminal behaviour. A failure in
psychological development accentuates the initial asocial tendency (latent delinquency)
with which every child is born and thus results in deviant behaviour. Other
6
See Roger Hopkins Burke, An Introduction to Criminological Theory (Lawman Pvt. Ltd., New Delhi,
2001) p. 77.
7
See Larry J. Seigel, Criminology (Wadsworth, 7th ed., 2000) p.163.
8
Burke, supra note 6, at pp.78-79.
4
psychoanalytic theorists felt that the inability to postpone immediate gratification in order
to achieve greater long-term gains was a key factor in criminal behaviour.9
Strictly, psychoanalytic theories are more suited for crimes that result from unconscious
conflicts like sexual offences or kleptomania. They are not well equipped to explain premeditated and planned computer crimes. The psychoanalytic theories concentrate mainly
on unconscious factors and the child-parent interactions. A failed bond with a parent is
unlikely to lead a child to acquire computer knowledge and practice hacking. Rogers
(2000) argues that although several of the more infamous hackers had associations with
dysfunctional families, this is not sufficient to explain their choice of the criminal activity
to engage in as hacking does not seem to fit in the traditional view of “repressed desires”
in the unconscious. Hacking is a conscious activity dependent on specific technical skills,
operational
knowledge
of
computers,
networks
and
advanced
technological
understanding. To be successful at hacking the individual also has to plan the attack in
some detail i.e. choose victim system or networks based on their security levels or other
interests of the hacker. Thus, Freudian psychoanalytical theory fails to account for the
emergent hacking behaviour due to its inherent structural constraints.
(B) Is Hacking a Conditioned Behaviour?
B.F. Skinner’s has argued that human behaviour is determined by the environmental
consequences it produces for the individual involved. A behaviour that produces
beneficial and desirable consequences multiplies in frequency; which is called
reinforcement of the said behaviour. On the other hand, behaviour, which produces
undesirable consequences, decreases in frequency due to punishment. Behaviour
therefore operates on the environment to produce results that are either reinforcing or
punishing.10 Thus, a rewarding criminal activity leading to increase in prestige, money, or
feelings of adequacy makes the person more likely to engage in further criminal activity.
If the consequences are negative viz. arrest or ostracisation, then the frequency of future
criminal behaviour should be reduced. Operant conditioning can be used to explain
general delinquency as opposed to focusing on specific offences where its application is
structurally constrained due to uncertainty in determination of offence-specific levels of
9
Id, at p.79.
Id, at pp.83-84.
10
5
rewards and punishments. Penalties for computer crime may have minimal effect as
hackers constitute a counterculture and operate in a world of anonymity where chances of
being caught are miniscule. In such a scenario, penalties might serve more as a challenge
to boast about eluding them. Wible (2003) also argues that punishment alone may not be
the best preference-shaping model in the computer-crime context. Moreover, hackers
who have been caught and repeatedly punished, with no obvious reinforcement, still
continue to engage in the activity as if it was an ‘addiction’.
(C) Hans Eysenck’s Theory: The EPN Criteria
Focussing on influence of both social and biological factors on individual personality,
this theory is based on the notion that through heredity some individuals are born with
certain learning abilities which are conditioned by environmental stimuli. The theory is
premised on two dimensions of personality viz. extraversion (E) and neuroticism (N)
existing on a continuum. The extraversion dimension ranges from high (extravert) to low
(intravert) and neuroticism dimension from high (neurotic) to low (stable). There is a
separate third dimension called ‘psychoticism’ (P) which seeks to measure attributes such
as aggression, preference for solitude, and lack of feelings for others.11 According to the
theory, children learn to control antisocial behaviour through the development of a
conscience which is a set of conditioned emotional responses to environmental stimuli
associated with antisocial behaviour e.g. an act of punishment from a parent for some
antisocial act. The conditioning socializes the child but its nature is integrally connected
with the EPN parameters of an individual’s personality. High E and high N scores
indicate poor conditionability and poor socialization producing an inclination towards
criminal behaviour. On the other hand, low E and low N scores lead to good
conditionability and effective socialization resulting in better internalisation of social
norms and reduced deviancy. High scores on the third dimension psychoticism (P) would
indicate hostility towards others and an inclination to more aggressive, violent criminal
behaviour.
11
Id, at pp. 84-85.
6
Rogers (2000) points out that Eysenck’s theory is “geared more toward anti-social
behaviour, and has had mixed results in predicting general deviancy”. The development
of conscience in relation to hacking activity becomes irrelevant as parents are unaware of
basics of computers and thus fail to condition the children in the right direction. There are
hardly any crystallised social norms or morals governing use of the new computer
technology. Thus, the proposition that a conditioned moral reflex against hacking can
develop in such a state of absolute moral ambiguity is untenable. Moreover, the theory
would predict that hackers should be high on the extraversion scale i.e. having unstable
personalities. However, Rogers (2000) argues that the majority of the arrested hackers
and those, which have responded to surveys, indicate they are withdrawn, uncomfortable
with other people and are intraverts. The theory fails on certain major behavioural
explanations concerning hackers’ personalities.
IV. I HAVE LEARNT TO HACK: APPLYING SOCIAL LEARNING THEORIES
Social learning, as Seigel (2000) puts it, looks upon crime as a product of learning the
‘norms, values and behaviours’ associated with the criminal activity. This may involve
the acquisition of knowledge concerning the techniques of crime commission and
achieving moral disengagement by discovering appropriate rational justifications for the
deviant behaviour. Prima facie, hacking appears to be a learnt and acquired behaviour and
thus it becomes a moot question: how the hacker learns to hack? Learning theories may
help in discovering the agencies and social processes (based on interaction through the
internet) through which a predilection for hacking and the knowledge to implement it
may be acquired. In this respect, I propose to examine the Differential Association theory
proposed by Sutherland, the Differential Reinforcement theory propounded by Ronald
Akers and the Neutralization theory of David Matza and Gresham Sykes.
(A) Differential Association and Differential Reinforcement
The explanation of hacking through social learning theory approach is inextricably linked
to one of the core sociological theories of crime i.e. Sutherland’s differential association
theory. Differential association is premised on the notion that modern society contains
conflicting structures of norms and behaviours giving rise to crime which is a learnt
7
behaviour. Normative conflict at the individual level is translated into individual acts of
delinquency through differential association learnt through communication usually in
intimate groups. In other words peer pressure and peer attitudes influence behaviour.
12
Contact with persons who have favourable definitions towards crime, leads to an
individual learning similar definitions. The theory does not indicate that the group of
association has to be one of criminals; rather the group should express favourable
attitudes toward crime. When criminal behaviour is learnt, the learning includes
techniques of committing the crime, which are sometimes very complicated, sometimes
simple and the specific direction of motives, drives, rationalizations, and attitudes. When
the criminal contacts outweigh the non-criminal contacts of a person depending on the
frequency, duration, priority, and intensity, he resorts to crime. Ronald Aker’s theory of
Differential Reinforcement stems from Sutherland’s idea that learning is a component of
criminal behaviour and Skinner’s theory of operant conditioning. The theory agrees that
criminal behaviour is learnt through the various groups and associations which an
individual maintains. It goes further to state that the behaviour then continues or is
maintained directly by the consequences of the act i.e. operant conditioning. It states that
a criminal act occurs in an environment if the individual has been reinforced for behaving
in a similar fashion in the past, and the negative consequences of the behaviour are very
weak to produce deterrence. However, the learning becomes complex due to differential
schedules of reinforcement and punishment involved in a criminal activity. This may
result in crystallisation of such deviancy into a personality trait or habit.13 The use of
differential reinforcement theory has been historically focussed on stealing and property
related offences as they fit nicely into the theory due to assured positive gains unless the
individual is arrested.
Sutherland’s theory easily applies to hacking as a person learns hacking through online
communities which share such information. However, after the simple learning process is
over Aker’s theory comes into play in a big way to help the individual maintain his
deviancy. It is evident that the hackers are learning their respective criminal behaviour,
12
Sutherland & Cressey, Principles of Criminology (Times of India Press, Bombay, 6th edn., 1968) pp.7580.
13
See Burke, supra note 6, pp. 93-94.
8
and are doing so amongst individuals who hold positive attitudes toward such behaviour.
The continuation of hacking may be due to several reinforcing factors viz. increase in
knowledge, prestige within the hacking community or overall fame by focussed media
attention.14 In some rare cases, prestigious companies have hired hackers who have
penetrated their systems e.g. the legendary Kevin Mitnick which has created an
impression that hackers can acquire good jobs in the computer security industry. Rogers
(2002) gives an example of an Israeli youth charged with attacking US Military networks
who was given a lucrative promotional contract with a European computer manufacturer,
and was praised by the Prime Minister of Israel for his ingenuity. He illustrates the
serious undermining of punitive elements in anti-hacking laws by the lack of stiff
sentences e.g. in Canada, the average sentence for the offence is an alternative measures
for a youth and a conditional discharge for an adult.
The core concepts of differential reinforcement, learned behaviour through various
groups, and maintenance of the behaviour via reinforcement appear to be especially
relevant to hacking. Adamski (1999) has pointed out the existence of popular hacker
cultures and sub cultures through data gathered on internet search engines across 14
countries. Although hackers are thought to be solitary with less developed social skills,
social skills, they still have an empirically proved desire for affiliation and recognition by
peers. Hackers tend to associate with other individuals who also engage in hacking
behaviour in the form of purely electronic associations e.g. online chat sessions, or more
intimately through hacking clubs like Cult of the Dead Cow CDC, Legion of Doom etc.
Adamski (1999) points out how hackers even hold conventions such as the Defcon in Las
Vegas to share their skills, ideas and technical information. Thus, both Sutherland’s and
Aker’s theories provide a highly useful insight to the dynamics behind hacking activities.
(B) Albert Bandura’s Social Learning Theory
Albert Bandura's social learning theory states that both deviant and normative human
behaviour is learned through a mix of observed behaviour, communication with others,
14
See Peter T. Leeson & Christopher J. Coyne, supra note 2, at 524, report that hackers may generate
instant ‘stardom’ through participation and peer recognition in online communities.
9
encounters with disciplinary action and cognitive modelling.15 The learning at cognitive
level occurs in the family, subcultures and the social environment through observation
whereby people imagine themselves in similar situations with similar outcomes. The
learnt behaviour may be reinforced or punished. In this respect, Bandura subscribes to
several essential concepts of the operant conditioning theory viz. reinforcement,
punishment, and motivation. He enumerates three aspects to motivation viz. external
reinforcement, vicarious reinforcement, and self-reinforcement. External reinforcement is
similar to Skinner’s concept of reinforcement. Vicarious reinforcement is derived from
observing other people’s behaviour being either reinforced or punished. Selfreinforcement refers to one’s sense of pride or self image or self expected standards of
behaviour. Criminal behaviour is maintained through a complex schedule of
reinforcement and punishment throughout the life of the individual. If criminal behaviour
has been reinforced in the past, there is expectancy that it will be reinforced in the future.
The theory has primarily been used to understand aggressive behaviour and violent
criminal offences such as assaults or robbery.16
This theory can be successfully used to understand the behaviour of hacking. The theory
states that criminal behaviour is acquired through observational learning, and the
reinforcement from the behaviour comes from external and internal sources. As
previously stated, hacking is a behaviour where imitation and modelling seem to play an
important role. It has been likened to a subculture, which reinforces adherence to its own
moral code. In case of computer activity, the peer group or social circles which influence
the deviant behaviour of hackers are virtual. Hacking is a matter of expertise as it
involves knowledge of inter-connected cyber information highways and their functioning
which cannot be within the exclusive domain of anyone individual. The new age
computer culture has changed the nature of physical association and interaction to cyberinteraction which is not limited by boundaries of physical locations. Thus, hackers learn
and improve their skills through exchange of information mainly on the Internet Relay
Charts and special forums. Cynthia Fitch (2003) points out that the lengthy existence of
15
Alfred L. Mcalister & Albert Bandura, Mechanisms Of Moral Disengagement In Support Of Military
Force: The Impact Of Sept. 11 , Journal Of Social And Clinical Psychology, Vol. 25, No. 2, 2006, p.141, at
142-147.
16
Ibid.
10
hacker groups like cDc (Cult of the Dead Cow) and L0ph for many decades and closely
knit work culture points out to a more personal relation between elite hackers. The
existence of hacker subcultures justifies the application of social learning theory.
Bandura’s social learning constructs have also been successfully applied to music piracy
through peer-to-peer networks.17
(C) Neutralization Theory & Hacking
David Matza’s and Gresham Sykes’s Neutralization Theory regards process of becoming
criminal as a learning experience.18 They argue that all criminals have conventional
values and attitudes like normal people but what distinguishes them is their uncanny
ability to drift from the normal life to existing parallel subterranean values19 through
certain neutralization techniques like denial of responsibility, denial of injury and denial
of victim.20 This helps criminals to cleanse their moral conscience and remove the feeling
of guilt. Spafford (1990) lists three major ethical justifications for hacking as
improvement in security by discovering loopholes, knowledge acquisition by students
and protection of society against corporations by ensuring free access to information. The
peer groups contribute in such moral disengagement by lavishing praise on the hacking
exploits of individuals and creating an impression that the activities are justified. Rogers
(2001) has reported that:
“Self censure can be disengaged or weakened by stripping the victim of
human attributes, or shifting the blame onto the victim…Blaming the
victim or circumstances allows the perpetrators to view themselves as
victims who were provoked. The perpetrator’s actions now become
17
Nathan W. Fisk, Social Learning Theory as a Model for Illegitimate Peer-to-Peer Use and the Effects of
Implementing a Legal Music Downloading Service on Peer-to-Peer Music Piracy, A Thesis Presented to
The Faculty of the Department of Communication (September 14, 2006), retrieved from
(Last accessed on July
10, 2007).
18
See Seigel, supra note 7, at p.232.
19
Matza and Sykes define ‘subterranean values’ as the morally tinged influences that have become
entrenched in the culture and are privately practiced and admired but are publicly condemned.
20
Matza and Sykes offer five such techniques (viz. condemnation of the condemned and appeal to higher
loyalties) out of which only three may correctly apply to hacking behaviour.
11
construed as defensive. The victims are blamed and accused of bringing
the actions upon themselves.”21
Hackers often blame the system administrator for improperly securing his system or for
denying access to sites that they legitimately think they should be allowed to access e.g.
university’s system administrator denying access to movie download sites is used as a
pretext to hack the administrator as low cost entertainment is considered as an essential
ingredient of student life by the hackers. Hackers also blame software vendors for
restricting access to free flow of information and thus morally justify their activity as
being conducive to ensure information to everyone acting as self proclaimed knighterrants. This behaviour reflects the popular ‘Robin Hood’ syndrome by which individuals
neutralize their ethical judgments.22 Hacking sub-cultures entrenched on the internet offer
examples of the parallel subterranean culture which appreciates the publicly illegal
hacking activities. Thus, it is safe to conclude that Matza’s and Sykes’s Neutralization
theory succeeds in explaining hacker behaviour to a certain extent.
V.
HACKING & COGNITIVE THEORIES
Cognitive theories, though a subset of psychological theories, have a basis different from
psychodynamic theories. They focus on the dynamics of mental process and the cognitive
schemes through which people perceive and represent the world. In this section, I propose
to utilise the major theory falling in the moral development branch viz. Kohlberg’s Moral
Development Theory.
Kohlberg’s Moral Development Theory
Grounded in the belief of an indispensable link between social and moral development,
Kohlberg’s theory of moral development postulates that moral reasoning develops in a
sequential manner as the person matures. Broadly, Kohlberg divides the moral
development of a person into three stages. The lowest stage is called the preconventional
stage which typifies criminals i.e. stage where people put their desires first and obey law
21
Marcus Rogers, A Social Learning Theory and Moral Disengagement Analysis of Criminal Computer
Behavior: An Exploratory Study (2001), University of Manitoba, Canada, p.40.
22
See Susan J. Harrington, Software Piracy: Are Robin Hood & Responsibility Denial at Work?, cited from
Ali Salehnia, Ethical Issues of Information Systems ( IRM Press, Hershey, USA, 2002) p.179.
12
only for the fear of punishment. Beyond this lies the convention stage where people learn
to obey law and accept it from the viewpoint that it ought to be followed and finally the
post conventional stage of a fully morally developed character where individual can test
the law against abstract concepts such as justice, fairness and respect for human beings
and their rights. Criminal behaviour arises when an opportunity to offend occurs and
there is a delay in the development of moral reasoning in the individual. The individual
cannot control the temptation to engage in the activity and commits the crime. Siegel
argues that the structural constraints of the theory limit its application to understanding of
general delinquency and possibly white-collar and corporate crime.23 Rogers (2001)
proposes that moral development theory is useful only in understanding a subset of
hackers. He points out that documented anecdotal accounts of the lack of concern by
hackers over the systems they have attacked and written interviews with convicted
hackers portray them as being more concerned with fulfilling their own material needs
regardless of the consequences and Kohlberg’s lower pre-morality stage of hedonism
perfectly explains this behaviour. Contrary to this, there is a strongly held view that
hacker cultures are governed by certain universal ‘ethical norms’ like (a) access to
computers should be unlimited and total, (b) all information should be free, and (c) No
intentional damage to any system. The internet is replete with hacker manifestos claiming
that they subscribe to a higher moral code wherein the authors claim that hacking is
actually benefiting mainstream society by exposing the weaknesses of the multinational
corporations which is positive social behaviour. Himma (2005) calls this ‘hacktivism’ or
value based hacking. However, it is believed that hacker ethics are never followed and
are only put forward as pretensions to present hacking as a socially beneficial activity.
Spafford (1990) describes all hacking activity as unethical, immoral and disruptive
despite its contribution to security improvements. Wible (2003) believes that while a
cohesive hacker community bound by ethical guidelines is no longer dominant, remnants
of the old hacker ethic remain and emphasizes on an effort to help rebuild a community
of hackers, through rewarding contests, in which a body of positive social norms can be
sustained. Still (2006), however, portrays the motivations ‘hacktivism’ in a positive light
23
See Siegel, supra note 7, at p.167.
13
and states that all hackers are not merely thrill or fame seekers; rather hacktivists are an
“organized, technically skilled, politically conscious and socially aware individuals who
seek to challenge the authority of oppressive nation states” like China which are engaged
in providing state-sponsored information to citizens and curbing the freedom of speech
and expression. Thus, the moral development theory provides mixed results.
VI. RATIONAL CHOICE THEORY OF HACKING
The rational choice theory gives primacy to opportunity of crime commission and the
willingness of the individual to flout legal norms when he views the outcome as
beneficial. However, it is distinct from Akers’s reinforcement theory in portraying crime
as a ‘seduction’ i.e. activity capable of producing a natural ‘high’ like drugs in certain
individuals. Ferrell (1997) describes it as the “exhilarating, momentary integration of
danger, risk and skill” which motivates a person towards criminal behaviour.
Hacking as Entertainment: Does Crime Really Seduce?
Professor Jack Katz (1988), in his revolutionary work Seductions of Crime, transgressed
the normal social constructs used in formulation of learning and psychological theories to
portray crime as the ‘forbidden fruit’. Katz argues that individuals involved in criminal
activities actually are engaged in broader efforts to transcend their social environments
and though the ‘transcendence’ may be transitory yet it produces a strong seduction for
evil.24 A scintillating example is proffered by the account of the well known hacker
Kevin Mitnick, presently the CEO of Mitnick Security Consulting.25 Graobsky (2000)
describes the seduction for hacking, from the hacker’s perspective, ‘as an act of power, be
gratifying in and of itself’ and beset by the adventure of the ‘exploration of unknown’.
Foster (2004) offers anecdotal evidence of computer crime offenders suggesting that the
typical computer offender is “almost always male, aged from mid-teens to mid-20s,
lacking in social skills, fascinated with technology, an underachiever in other areas (e.g.
education)- who sees the computer as a means of being important or powerful”. He also
24
John Hagan, The Pleasures Of Predation And Disrepute, 24 Law & Soc'y Rev. 165 (1990).
Mitnick once said “I guess I was curious. I was a very curious kid. I was into like magic. When I was
young I was fascinated by magic. I always liked to learn how to do particular illusions and how all these
tricks worked.”, retrieved from (Last
accessed on July 10, 2007).
25
14
proffers evidence that such offenders are generally “unusually bright, eager, highly
motivated, courageous, adventuresome and qualified people willing to accept a technical
challenge.” Leeson & Coyne (2005) argue that economics of fame-driven hacking is a
reality and operates as a “market”; one side of which has the producers of hacks who
desire fame. When hackers are better known within the hacker community, they tend to
supply a greater quantity of hacking and thus notoriety acts as a prime driving force. An
empirically informed study conducted by Orly Turgeman-Goldschimdt(2005) presents
the positive attractions of hacking through hackers’ own accounts. She concludes that
hackers do not live in a vacuum and equates hacking to a “play”. After an analysis of
primary accounts of hacker motivation, she notes:
“For the hackers, then, hacking is a new form of entertainment based on
the play-like quality that characterizes the use of digital technology and is
a new form of social activity. Hacking can be considered a new form of
entertainment that could not have existed before the development of an
adequate technology.”
Goldschimdt stresses on the values of individualism viz. individual choice, freedom, and
happiness, and argues that being a part of the Western civilization, hackers seek pleasure,
fulfilment, and knowledge. The study seems too culture specific and takes a myopic view
limited to western civilization only. However, the following salient conclusions from the
accounts are noteworthy:
(I)
Economic Accounts: Goldschimdt’s accounts, as a rule, focus more on
ideology and sideline profit motive which patently is a lopsided conclusion as
the desire to make money is associated with specific software piracy offences
like trading protected software for profits and such financial motivations are
far from hidden.26
(II)
Deterrent Factor: The probability of being caught and the severity of
punishment, if high, may act as effective deterrents. However, she finds that in
case of computer related offences both components are low and thus
deterrence is negligible.
26
See Peter T. Leeson & Christopher J. Coyne, supra note 2.
15
(III)
Lack of Malicious or Harmful Intentions: One of the recurring accounts
among the hackers is that they did not have any malicious intent or no harm
was actually done. Goldschimdt concludes that many hackers pretend to be
morally justified and absolve themselves of harbouring any harmful
intentions.
(IV)
Intangible Offences: Computer related offences are part of the new breed of
offences which are intangible i.e. there is a lack of physical sense of their
commission. Thus, the offender cannot feel that the damage has been done, in
the physical sense, as the electronic information in computer systems can be
stolen without physical interaction. This weighs against the probability of
guilt generation.
(V)
Nosy Curiosity and Voyeurism: The hackers’ accounts point to a voyeuristic
curiosity i.e. one driven by seduction of the unknown, the desirable secrets or
the confidential. This account is mostly given for offences involving
unauthorized browsing through other’s files, and justifies Katz hypothesis to a
certain extent.
(VI)
Revenge: This is a common excuse for offences of virus spreading and
crashing computer systems. Revenge is explained, as pointed out below, by
Gottfredson and Hirschi (1990) in terms of lower degree of self control in
crime-conducive situations.
(VII) Ease of Execution: Hackers, bent on presenting their genius, ability and
proficiency, sideline the ease of execution as an explanatory account as it
negates their uniqueness. However, the advantage of digital pseudonymity of
offender surely reduces the chances of detection.27
Thus, a range of multifarious factors is involved in triggering hacker motivations. Lastly,
Gottfredson and Hirschi (1990) have linked crime with offender’s personality and
resultant degree of self control. According to the self-control hypothesis, persons with
low self-control are driven away by opportunity of crime commission. Criminal
behaviour is therefore mediated on an individual level by the presence of criminal
27
See Neal Kumar Katyal, Criminal Law In Cyberspace, 149 U. Pa. L. Rev. 1003 (2001).
16
opportunity. Individuals low in self-control have a tendency to ignore the long-term
consequences of their actions in their decision-making process as well as to be reckless
and impulsive, which leads to a greater likelihood of engaging in crime when presented
with the opportunity as they cannot resist the seduction of crime. This hypothesis differs
from Katz’s proposition of commission of crime offering positive rewards like fame and
certainly seems applicable in cases of hacking by internal groups.
VII. CONCLUSION
There can never be a perfect ‘accounting for all reasons’ theory for a new unconventional
crime like hacking. As Katsh (1995) puts it, the emerging legal landscape in relation to
cyberspace is not very easy to see and thus to understand the changes, it is necessary to
“look beyond the surface of law” to recognize “so much that is hidden from view”. These
latent elements may contribute in structuring the laws and increase their efficacy by
providing the missing policy links. A common thread running through all theoretical
explanations is the system of ‘rewards’, both pecuniary and non-pecuniary, to the
hackers. It is necessary to efface this system by limiting the ability of big corporations to
hire notorious hackers for hefty benefits. Secondly, there is an urgent need to somehow
regulate hacker communities operating on the internet. A separate online world has come
into existence and governments need to divert their resources to check the growth of
hacker cultures through prohibition of hacker magazines and websites. Though such a
step may be accused of overreach but ultimately the social benefit will far outweigh the
minimal inconvenience caused and in fact, right to speech and expression is subject to the
need for social order and classes like ‘hacktivists’ who claim to represent the voice of
subalterns in majoritarian societies cannot claim immunity from general law on moral
grounds. Social learning theories emphasize on proper law enforcement as learning
essentially takes place through imitation and reinforcements through rewards. Thirdly,
there is a need to shed the ‘one-size-fits-all’ approach in devising punishment schedules
as hacker motivations differ over a wide spectrum. Legal responses to crime are
ineffective or prove to be worse if they do not account for the social context in which
they are applied and are not careful about the social meaning that a particular penalty
may convey in that context. A differential targeting of hacker classes, as Leeson & Coyne
17
(2005) put it, will make the punitive law more effective and rationalized. Lastly, we live
in an age of absolute moral uncertainty where no consensus exists about the definitions of
right or wrong and the judgmental criteria to place any behaviour in either of the
categories. Hacking produces rewards and seduces the youth and the lack of internal
controls in form of ethical standards facilitates the commission. Thus, a suggested
alternative strategy may include education concerning computer ethics at early stages of
school to condition young minds. Active teaching through proper channels induces
‘differentiation’ capabilities paving way for responsible behaviour. On the whole, there is
a need for behavioural sciences to focus more attention on hacking and uncover the
distinct motivations for hacking through empirically verified propositions, which
traditional criminological theories may not completely explain, and thus contribute
towards increasing the efficacy of existing legal regime.
18
Selective References
Articles
1) Adamski, A. (1999), “Crimes Related to the Computer Network, Threats and
Opportunities. A criminological perspective”, retrieved from (Last accessed on July 10,
2007).
2) Ferrell, Jeff (1997), “Criminological Versthen: Inside the Immediacy of Crime”,
Justice Quarterly 14(1997), pp.3-23 at 12.
3) Fitch, Cynthia (2003), “Crime and Punishment: The Psychology of Hacking in
New Millenium”, retrieved from (Last accessed on July 10, 2007).
4) Foster, David Robert (2004), “Can The General Theory Of Crime Account For
Computer Offenders: Testing Low Self-Control As A Predictor Of Computer
Crime Offending”, retrieved from (Last accessed on July 10, 2007).
5) Grabosky, Peter (2000), “Computer Crime: A Criminological Overview”, p.19,
retrieved from (Last accessed on July 10, 2007).
6) Himma, Kenneth (2005), "Hacking as Politically Motivated Digital Civil
Disobedience: Is Hacktivism Morally Justified?”, retrieved from (Last accessed on July 10, 2007).
7) Hollinger, R. (1988), "Computer hackers follow a guttman-like progression",
Social Sciences Review, Vol. 72, pp.199-200.
8) Leeson, Peter T. & Coyne, Christopher J., “The Economics Of Computer
Hacking”, 1 J.L. Econ. & Pol'y 511(2005).
9) Lemos, Robert (2002), “New Laws Making Hacking a Black and White Choice”,
CNET News, retrieved from
(Last accessed on July 10, 2007).
19
10) Rogers, Marcus (2000), “Psychological Theories of Crime and Hacking”,
retrieved from (Last accessed on July 10,
2007).
11) Rogers, Marcus (2001), “A Social Learning Theory and Moral Disengagement
Analysis of Criminal Computer Behavior: An Exploratory Study”, University of
Manitoba, Canada.
12) Rogers, Marcus (2002), “A New Hacker Taxonomy”, retrieved from (Last accessed on July 10, 2007).
13) Spafford, Eugene H. (1992), “Are computer hacker break-ins ethical?” Journal of
Systems and Software, 17(1), pp.41–48.
14) Still, Brian (2006), “Hacking for a Cause”, ICFAI Journal of Cyber Law, Vol V,
No.1, February, 2006, p.22.
15) Turgeman-Goldschmidt, Orly (2005), “Hackers' Accounts: Hacking as a Social
Entertainment”, Social Science Computer Review, Vol. 23, No. 1, pp.8-23,
retrieved
from
(Last
accessed on July 10, 2007).
16) Wible, Brent (2003), “A Site Where Hackers Are Welcome: Using Hack-In
Contests To Shape Preferences And Deter Computer Crime”, 112 Yale L.J. 1577
(2003).
Books
1) Gottfredson, M. R. & Hirschi, T. (1990), A General Theory of Crime, Stanford:
USA.
2) Katsh, M. Ethan (1995), Law in a Digital World, Oxford University Press: New
York.
3) Katz, Jack (1988), Seductions of Crime: Moral and Sensual Attractions in Doing
Evil, New York: Basic Books.
20
MIT Sloan School of Management
Working Paper 4425-03
September 2003
Why Hackers Do What They Do: Understanding
Motivation Effort in Free/Open Source Software Projects
Karim R. Lakhani and Robert G Wolf
© 2003 by Karim R. Lakhani and Robert G Wolf. All rights reserved.
Short sections of text, not to exceed two paragraphs, may be quoted without
explicit permission, provided that full credit including © notice is given to the source.
This paper also can be downloaded without charge from the
Social Science Research Network Electronic Paper Collection:
http://ssrn.com/abstract=443040
Why Hackers Do What They Do: Understanding Motivation and
Effort in Free/Open Source Software Projects1
By
Karim R. Lakhani* and Robert G Wolf **
*MIT Sloan School of Management | The Boston Consulting Group
**The Boston Consulting Group
September 2003
1
We would like to thank the developers on the SourceForge.net F/OSS projects for being so generous with their
time while answering our survey. We would also like to thank the following colleagues for their helpful comments
and feedback during the early versions of this chapter: Jeff Bates, Jim Bessen, Paul Carlile, Jonathon Cummings,
Joao Cunha, Chris DiBona, Jesper Sorensen, and Eric von Hippel. The following colleagues at BCG were extremely
helpful during the study: Mark Blaxill, Emily Case, Philip Evans and Kelly Gittlein. Mistakes and errors remain
ours. Karim Lakhani would like to acknowledge Canada’s Social Science and Humanities Research Council for
their generous support.
Abstract:
In this paper we report on the results of a study of the effort and motivations of individuals to
contributing to the creation of Free/Open Source software. We used a Web-based survey,
administered to 684 software developers in 287 F/OSS projects, to learn what lies behind the
effort put into such projects. Academic theorizing on individual motivations for participating in
F/OSS projects has posited that external motivational factors in the form of extrinsic benefits
(e.g.: better jobs, career advancement) are the main drivers of effort. We find in contrast, that
enjoyment-based intrinsic motivation, namely how creative a person feels when working on the
project, is the strongest and most pervasive driver. We also find that user need, intellectual
stimulation derived from writing code, and improving programming skills are top motivators for
project participation. A majority of our respondents are skilled and experienced professionals
working in IT-related jobs, with approximately 40 percent being paid to participate in the F/OSS
project.
2
1 Introduction
“What drives Free/Open Source software (F/OSS) developers to contribute their time and
effort to the creation of free software products?” is an often posed question by software industry
executives, managers, and academics when they are trying to understand the relative success of
the Free/Open Source software (F/OSS) movement. Many are puzzled by what appears to be
irrational and altruistic behavior by movement participants: giving code away, revealing
proprietary information, and helping strangers solve their technical problems. Understanding the
motivations of F/OSS developers is an important first step in determining what is the behind the
success of the F/OSS development model in particular and other forms of distributed
technological innovation and development in general.
In this paper we report on the results of a continuing study of the effort and motivations
of individuals to contributing to the creation of Free/Open Source software. We used a Webbased survey, administered to 684 software developers in 287 F/OSS projects, to learn what lies
behind the effort put into such projects. Academic theorizing on individual motivations for
participating in F/OSS projects has posited that external motivational factors in the form of
extrinsic benefits (e.g.; better jobs, career advancement) are the main drivers of effort. We find in
contrast, that enjoyment-based intrinsic motivation, namely how creative a person feels when
working on the project, is the strongest and most pervasive driver. We also find that user need,
intellectual stimulation derived from writing code, and improving programming skills are top
motivators for project participation. A majority of our respondents are skilled and experienced
professionals working in IT-related jobs, with approximately 40 percent being paid to participate
in the F/OSS project.
The chapter is organized as follows. We review the relevant literature on motivations
(section 2) and briefly describe our study design and sample characteristics (section 3). We then
report our findings on payment status and effort in projects (section 4), creativity and
motivations in projects (section 5), and the determinants of effort in projects (section 6). We
conclude with a discussion of our findings (section 7).
3
2 Understanding motivations of F/OSS developers
The literature on human motivations differentiates between those that are intrinsic (the
activity is valued for its own sake) and those that are extrinsic (providing indirect rewards for
doing the task at hand)(Amabile 1996; Deci and Ryan 1985; Frey 1997; Ryan and Deci 2000).
In this section we review the two different types of motivations and their application to
developers in F/OSS projects.
Intrinsic Motivation
Following Ryan and Deci (2000: pg. 56) “Intrinsic motivation is defined as the doing of
an activity for its inherent satisfactions rather than for some separable consequence. When
intrinsically motivated, a person is moved to act for the fun or challenge entailed rather than
because of external prods, pressures, or rewards.2” Core to the theory of intrinsic motivation is a
human need for competence and self-determination which are directly linked to the emotions of
interest and enjoyment (Deci and Ryan 1985: pg. 35). Intrinsic motivation can be separated into
two distinct components: 1) enjoyment-based intrinsic motivation and 2) obligation/communitybased intrinsic motivation (Lindenberg 2001). We consider each of them below.
Enjoyment based intrinsic motivation
Having fun or enjoying oneself when taking part in an activity is at the core of the idea
of intrinsic motivation (Deci and Ryan 1985). Csikszentmihalyi (1975) was one of the first
psychologists to study the enjoyment dimension. He emphasized that some activities were
pursued for the sake of the enjoyment derived from doing them. He proposed a state of “flow”,
in which enjoyment is maximized, characterized by intense and focused concentration; a
merging of action and awareness; confidence in one’s ability; and the enjoyment of the activity
itself regardless of the outcome (Nakamura and Csikszentmihalyi 2003). Flow states occur a
person’s skill matches the challenge of a task. There is an optimal zone of activity in which flow
is maximized. A task that is beyond the skill of an individual will provoke anxiety, and a task
that is below the person’s skill level will induce boredom. Enjoyable activities are found to
provide feelings of “creative discovery, a challenge overcome and a difficulty resolved”
(Csikszentmihalyi 1975: pg 181). Popular accounts of programming in general and participation
2
The subject of intrinsic motivation has been well studied in psychology (for reviews see: Deci and Ryan (1999),
Deci, Koestner, and Ryan and Lindenberg (Lindenberg 2001).
4
in F/OSS projects (Himanen 2001; Torvalds and Diamond 2001) in particular attest to the flow
state achieved while by people engaged in writing software. Thus F/OSS participants may be
seeking flow states by selecting projects that match their skill levels with task difficulty, a choice
that may not be available in their regular jobs.
Closely related to enjoyment-based intrinsic motivation is a sense of creativity in task
accomplishment. Amabile (1996) has proposed that intrinsic motivation is a key determining
factor in creativity. Amabile’s definition of creativity consists of: 1) a task that is heuristic (no
identifiable path to a solution) instead of algorithmic (exact solutions are known), and 2) a novel
and appropriate (useful) response to the task at hand (Amabile 1996: pg 35). Creativity research
has typically relied on normative or objective assessments of creativity with a product or process
output judged creative by expert observers. Amabile (1996: pg. 40), however, also allows for
subjective, personal interpretations of creative acts. In particular, she proposes a continuum of
creative acts, from low level to high level, where individual self-assessment can contribute to an
understanding of the social factors responsible for creative output. Thus in our case, a F/OSS
project dedicated to the development of a device driver for a computer operating system may not
be considered terribly creative by outside observers, but may be rated as a highly creative
problem-solving process by some individuals engaged in the project.
Obligation/community based intrinsic motivations
Lindenberg (2001) makes the case that acting on the basis of principle is also a form of
intrinsic motivation. He argues that individuals may be socialized into acting appropriately and
in a manner consistent with the norms of a group. Thus the goal to act consistently within the
norms of a group can trigger a normative frame of action. The obligation/community goal is
strongest when gain seeking (gaining personal advantage at the expense of other group members)
by individuals within the reference community is minimized. He also suggests that multiple
motivations, both extrinsic and intrinsic, can be present at the same time. Thus a person who
values making money and having fun may choose opportunities that balance economic reward
(i.e. less pay) with a sense of having fun (i.e. more fun).
In F/OSS projects, we see a strong sense of community identification and adherence to
norms of behavior. Participants in the F/OSS movement exhibit strong collective identities.
Canonical texts like “The Jargon File,” “The New Hacker Dictionary”(Raymond 1996), “The
Cathedral and the Bazaar”(Raymond 1999), and the General Public License (GPL) (Stallman
5
1999) have created shared meaning about the individual and collective identities of the hacker3
culture and the responsibilities of membership within it. Indeed, the term hacker is a badge of
honor within the F/OSS community, as opposed to its derisive use in popular media. The hacker
identity includes solving coding problems, having fun and sharing code at the same time.
Private-gain seeking within the community is minimized by adherence to software licenses like
the GPL and its derivatives, which allow for user rights to source code and subsequent
modification.
Extrinsic Motivation
Economists have contributed the most to our understanding of how extrinsic motivations
drive human behavior. “The economic model of human behavior is based on incentives applied
from outside the person considered: people change their actions because they are induced to do
so by an external intervention. Economic theory thus takes extrinsic motivation to be relevant for
behavior” (Frey 1997: pg. 13).
Lerner and Tirole (2002) posit a rational calculus of cost and benefit in explaining why
programmers choose to participate in F/OSS projects. As long as the benefits exceed the costs,
the programmer is expected to contribute. They propose that the net benefit of participation
consists of immediate and delayed payoffs. Immediate payoffs for F/OSS participation can
include 1) being paid to participate and 2) user need for particular software (von Hippel 2001).
Although the popular image of the F/OSS movement portends an entirely volunteer enterprise,
the possibility of paid participation should not be ignored as an obvious first-order explanation of
extrinsic motivations. Firms may hire programmers to participate in F/OSS projects because
they are either heavy users of F/OSS-based information technology (IT) infrastructure or
providers of F/OSS-based IT solutions. In either case, firms make a rational decision to hire
programmers to contribute to F/OSS projects.
3
Hacker as in The New Hacker Dictionary (Raymond 1996): “hacker n. [originally, someone who makes furniture
with an axe] 1. A person who enjoys exploring the details of programmable systems and how to stretch their
capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs
enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A
person capable of appreciating hack value. 4. A person who is good at programming quickly. 5. An expert at a
particular program, or one who frequently does work using it or on it; as in `a Unix hacker'. (Definitions 1 through 5
are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an
astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or
circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by
poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker.
6
Another immediate benefit relates to the direct use of the software product. Research on the
sources of innovation has shown that users in general and lead users in particular have strong
incentives to create solutions to their particular needs (von Hippel 1988). Users have been
shown to be the source of innovations in fields as diverse as scientific instruments (Riggs and
von Hippel 1994), industrial products (von Hippel 1988), sports equipment (Franke and Shah
2003), and library information systems (Morrison, Roberts, and von Hippel 2000). Thus user
need to solve a particular software problem may also drive participation in F/OSS projects.
Delayed benefits to participation include 1) career advancement [job market signaling
(Holmström 1999)] and 2) improving programming skills (human capital). Participants indicate
to potential employers their superior programming skills and talents by contributing code to
projects where their performance can be monitored by any interested observer 4. Similarly, firms
looking for a particular skill in the labor market can easily find qualified programmers by
examining code contributions in the F/OSS domain.
Participants also improve their programming skills through the active peer review that is
prevalent in F/OSS projects (Moody 2001; Raymond 1999; Wayner 2000). Software code
contributions are typically subject to intense peer review both before and after a submission
becomes part of the official code base. Source code credit files and public e-mail archives
ensure that faulty programming styles, conventions, and logic are communicated back to the
original author. Peers in the project team, software users, and interested outsiders readily find
faults in programming and often suggest specific changes to improve the performance of the
code (von Krogh, Spaeth, and Lakhani 2003). This interactive process improves both the quality
of the code submission and the overall programming skills of the participants.
3 Study Design and Sample Characteristics
Study Design
The sample for the survey was selected from among individuals listed as official
developers on F/OSS projects hosted on the SourceForge.net F/OSS community Web site. At the
start of our study period (fall 2001), SourceForge.net listed 26,245 active projects. The site
requires project administrators to publicly characterize their project’s development status
(readiness of software code for day-to-day use) as Planning, Pre-Alpha, Alpha, Beta,
4
The widespread archiving of all F/OSS project related materials like e-mail lists and code commits can allow for a
detailed assessment/proof of individual performance.
7
Production/Stable or Mature. Projects that are in the Planning or Pre-Alpha stage typically do not
contain any source code and were eliminated from the population under study, leaving in 9,973
available projects for the sample.
We conducted two separate but identical surveys over two periods. The first was targeted
at Alpha, Beta, and Production/Stable projects and the second at Mature projects. Because of
the large number of Alpha, Beta and Production/Stable projects and the need to mitigate the
effects of self-selection bias, we selected a 10 percent random sample from those projects and
extracted individual e-mails from projects that listed more than one developer5. Those led to
1648 specific e-mail addresses and 550 projects. The second survey’s sample was selected by
obtaining the e-mail addresses of all participants in Mature projects that were on multiple person
teams. This procedure identified 103 projects (out of 259) with 573 unique individuals (out of
997).
We collected data through a Web-based survey. We sent personalized e-mails to each
individual in our sample, inviting him or her to participate in the survey. Each person was
assigned a random personal identification number (PIN) giving access to the survey.
Respondents were offered the opportunity to participate in a random drawing for gift certificates
upon completion of the survey.
The first survey ran from October 10 to October 30, 2001. During this time 1530 e-mails
reached their destinations and 118 e-mails bounced back from invalid accounts. The survey
generated 526 responses for a response rate of 34.3%. The second survey ran from April 8 to
April 28, 2002. Of the 573 e-mails sent, all e-mails reached their destinations. The second
survey generated 173 responses for a response rate of 30.0%. Close examination of the data
revealed that 15 respondents had not completed a majority of the survey or had submitted the
survey twice (hitting the send button more than once). They were eliminated from the analysis.
Overall the survey had 684 respondents from 287 distinct projects, for an effective response rate
of 34.3%. The mean number of responses per project was 4.68 (sd = 4.9, median = 3, range = 125).
5
The greater than one developer criteria was used to ensure selection of projects that were not ‘pet’ software
projects parked on SourceForge.net, rather projects that involved some level of coordination with other members.
8
Who are the developers?
Survey respondents were primarily male (97.5%) with an average age of 30 years6 and
living primarily in the developed Western world (45% of respondents from North America (US
and Canada) and 38% from Western Europe). Table 1 summarizes some of the salient
characteristics of the sample and their participation in F/OSS projects.
======insert table 1 about here============
The majority of respondents had training in information technology and/or computer
science, with 51% indicating formal university-level training in computer science and
information technology. Another 9% had on-the-job or other related IT training. Forty percent of
the respondents had no formal IT training and were self taught.
Overall, 58% of the respondents were directly involved in the information technology
(IT) industry with 45% of respondents working as professional programmers and another 13%
involved as systems administrators or IT managers. Students made up 19.5% of the sample and
academic researchers 7%. The remaining respondents classified their occupation as “other.” As
indicated by Table 1, on average the respondents had 11.8 years of computer programming
experience.
4 Payment Status and Effort in Projects
Paid Participants
We found that a significant minority of contributors are paid to participate in F/OSS
projects. When asked if they had received direct financial compensation for participation in the
project, 87% of all respondents reported receiving no direct payments. But, as Table 2 indicates,
55% contributed code during their work time. When asked: “if a work supervisor was aware of
their contribution to the project during work hours”, 38% of the sample indicated supervisor
awareness (explicit or tacit consent) and 17% indicated shirking on their official job while
working on the project. The combination of those who received direct financial compensation
and those whose supervisors knew of their work on the project created a category of “paid
6
At time of study.
9
contributors” consisting of approximately 40% of the sample. This result is consistent with the
findings from other surveys targeting the F/OSS community (Hars and Ou 2002; Hertel, Niedner,
and Herrmann 2003).
======insert Table 2 about here ========
Effort in projects
We define effort as the number of hours per week spent on a project. This measure has
been used in previous F/OSS studies (Hars and Ou 2002; Hertel, Niedner, and Herrmann 2003)
and provides an appropriate proxy for participant contribution and interest in F/OSS projects.
Survey respondents were asked how many hours in the past week they had spent working on all
their current F/OSS projects in general and “this project” (the focal project on which they were
asked motivation questions) in particular. Respondents said that they had on average spent 14.1
hours (sd=15.7, median = 10, range: 0-85 hours) on all their F/OSS projects and 7.5 hours (sd =
11.6, median = 3, range: 0-75 hours) on the focal project. The distribution of hours spent was
skewed, with 11% of respondents not reporting any hours spent on their current F/OSS projects
and 25% reporting zero hours spent on the focal project. Table 3 indicates that paid contributors
dedicate significantly more time (51%) more to projects than volunteers.
===== Table 3 about here =====
Overall, paid contributors are spending more than two working days a week and
volunteer contributors are spending more than a day a week on F/OSS projects. The implied
financial subsidy to projects is substantial. The 2001 United States Bureau of Labor Statistics
wage data7 indicated mean hourly pay of $30.23 for computer programmers. Thus the average
weekly financial contribution to F/OSS projects is $353.69 from volunteers and $535.07 from
paid contributors via their employers.
5 Creativity and motivation in projects
Creativity and flow
Respondents noted a very high sense of personal creativity in the focal projects. They
were asked to: “imagine a time in your life when you felt most productive, creative, or inspired.
7
Available at http://www.bls.gov/oes/2001/oes_15Co.htm, accessed April 2, 2003.
10
Comparing your experience on this project with the level of creativity you felt then, this project
is.” More than 61% of our survey respondents said that their participation in the focal F/OSS
project was their most creative experience or was equally as creative as their most creative
experience. Table 4 describes the response patterns. There was no statistical difference between
the responses provided by paid and volunteer developers.
===== Table 4 about here =====
It may seem puzzling to non-practitioners that software engineers feel creative as they are
engaged in writing programming code. As Csikszentmihalyi (1975; 1990; 1996) has shown,
however, creative tasks often cause participants to lose track of time and make them willing to
devote marginal hours to the task, a psychological state he calls flow. It appears that our
respondents do experience flow while engaged in programming, Table 5 indicates that 73% of
the respondents lose track of time “always” or “frequently” when they are programming and
more than 60% said that they would “always” or “frequently” dedicate one additional hour to
programming (“if there were one more hour in the day”). Again, there was no significant
statistical difference between the answers provided by volunteers and paid contributors.
=====Insert Table 5 about here ===========
Motivations to contribute
Table 6 provides a breakdown of the ratings of the motivations to contribute to the focal
F/OSS project. Respondents were asked to select up to three statements (the table shows the
exact wording used in the survey) that best reflected their reasons for participating and
contributing to “this” project. As discussed in the literature review, motivations can be put into
three major categories: 1) enjoyment-based intrinsic motivations, 2) obligation/community-based
intrinsic motivations, and 3) extrinsic motivations. We find evidence for all three types of
motivations in F/OSS projects.
====Insert Table 6 about here =======
User needs for the software, both work and nonwork-related, combine to be the
overwhelming reason for contribution and participation (von Hippel 1988, 2001, 2002), with
more than 58% of participants citing them as a important. But, since we asked separate questions
about work and nonwork-related user needs, we also report that 33.8% of participants indicated
11
work-related need and 29.7% participants indicated nonwork-related need as a motive for
participation. Less than 5% of respondents chose both types of user needs as being important8.
The top single reason to contribute to projects is based on enjoyment-related intrinsic
motivation: “Project code is intellectually stimulating to write” (44.9%). This result is consistent
with our previous findings regarding creativity and flow in projects. Improving programming
skills, an extrinsic motivation related to human capital improvement, was a close second, with
41.8% of participants saying it was an important motivator.
Approximately one-third of our sample indicated that the belief that “source code should
be open,” an obligation/community motivation, was an important reason for their participation.
They were followed closely by those who indicated that they contributed because they felt a
sense of obligation to give something back to the F/OSS community in return for the software
tools it provides (28.6%). Approximately 20% of the sample indicated that working with the
project team was also a motivate for their contribution. Commonly cited motivations like
community reputation, professional status, beating closed source software (Raymond 2001,
Lerner and Tirole 2002) were ranked relatively low.
Another source of an obligation/community motivation is the level of identification felt
with the hacker community. Self-identification with the hacker community and ethic should
drive participation in projects. Respondents to our survey indicated a strong sense of group
identification with 42% indicating that they “strongly agree” and another 41% “somewhat agree”
that the hacker community is a primary source of their identity9. Nine percent of the respondents
were neutral and 8 percent were somewhat to strongly negative about the hacker affiliation10.
Table 6 also indicates significant differences in motivations between paid contributors
and volunteers. The differences between the two groups are consistent with the roles and
8
A detailed examination of the difference in project types between those that stated work-related needs and
nonwork-related needs showed that there was no technical difference between them. A majority of the projects that
were indicated as nonwork were of sufficient technical scope and applicability that firms also produced similar
proprietary versions. We therefore see a blurring of distinction in the software produced for work and nonwork
purposes. The general-purpose nature of computing and software creates conditions such that a similar user need
can be high in both work and nonwork settings.
9
Respondents were given the definition of hacker in f.n. 1 when asked the question about identity.
10
The results were identical when we controlled for paid contributor status on a project.
12
requirements of the two types of F/OSS participants. Paid contributors are strongly motivated by
work-related user need (56%) and value professional status (22.8%) more than volunteers. On
the other hand, volunteers are more likely to participate because they are trying to improve their
skills (45.8%) or need the software for non-work purposes (37%).
To better understand the motives behind participation in the F/OSS community, and the
fact that no one motivation, on its own, had more than 50% importance, we decided to do a
cluster analysis to see whether there were any natural groupings of individuals by motivation
type. We used k-means cluster analysis, with random seeding. The four-cluster solution provided
the best balance of cluster size, motivational aggregation, stability and consistency and is
presented in table 7. The motivations that came out highest in each cluster have been highlighted.
====== Insert table 7 about here=====
Cluster membership can be explained by examining the motivation categories that scored
the highest in each cluster. Cluster 3 (29% of the sample), consists of individuals who
contribute to F/OSS projects to improve their programming skills and for intellectual stimulation.
None of the members of this cluster noted nonwork need for the project and very few, 12%,
indicated work-need for the code. Members of this group indicated an affinity for learning new
skills and having fun in the process. The actual end product does not appear to be a large
concern; both enjoyment-based intrinsic motivation and career-based extrinsic motivation are
important to this group.
All members of Cluster 2 (27% of the sample) indicate that nonwork need for the code is
an important motive of their participation. The primary driver for this group is extrinsic user
need. Similarly, Cluster 1 (25% of the sample) represents individuals who are motivated by work
need with a vast majority (86%) paid for their contributions to F/OSS projects. This cluster can
also be thought of as composed of people with extrinsic motivations. Cluster 4, (19% of the
sample) consists of people motivated primarily by obligation/community-based intrinsic
motivations. A majority of them report group-identity centric motivations derived from a sense
of obligation to the community and a normative belief that code should be open.
13
A clear finding from the cluster analysis is that the F/OSS community has heterogeneous
in motives to participate and contribute. Individuals may join for a variety of reasons, and no
one reason tends to dominate the community or cause people to make distinct choices in beliefs.
These findings are consistent with collective action research, where group heterogeneity is
considered an important trait of successful movements (Marwell and Oliver 1993).
6 Determinants of Effort
Our findings so far have confirmed the presence of all three types of motivations, with no
clear and obvious determinants of effort. We do note that paid contributors work more hours.
Given that there were not that many significant differences in motivations between paid and
volunteer contributors, however, we are left with an open question regarding the effect of
motivation types on effort in projects. To address the question we ran an ordinary least squares
(OLS) regression on the log of hours/week11 dedicated to the focal project.
Table 8 presents the standardized12 values of the coefficients of significant variables in
the final regression. A personal sense of creativity on a F/OSS project has the largest positive
impact on hours per week. Being paid to write code and liking the team have significant positive
effects that are approximately half the size of a sense of creativity. Caring about reputation in
the F/OSS community has about one-third the impact as feeling creative on a project. Hours
dedicated to other F/OSS projects has a negative impact equal to that of creativity on the current
project. We can see that various F/OSS projects compete for time, and distractions from other
projects can reduce the hours spent on the focal project. Having formal IT training also reduces
the number of hours spent on a project.
11
We chose to use the log of project hours/week because of the skewness in the reported data. A log transformation
allows us to better represent the effects of small changes in the data at the lower values of project hours/week. It is
safe to argue that there is a significant difference between 4 and 8 project hours/week and 25 and 29 project
hours/week. The magnitude of the effort expended is much greater at the lower values of the measure and the log
transformation allows us to capture this shift. Since the log of zero is undefined, all zero values were transformed to
0.00005, giving us the desired impact for a very small and insignificant value.
12
Standardizing the variables to allows us to make comparison across all motivation factors, since the original
variables had different underlying values. All variables in the regression were transformed so that the mean = 0 and
the variance = 1.
14
====== Insert table 8 about here=====
As mentioned in the literature review, proponents of intrinsic motivation theories have
assembled an impressive array of experimental evidence to demonstrate that extrinsic rewards
have a negative impact on intrinsic motivations. An obvious test in our study is to see the impact
of the interaction between being paid and feeling creative on the number of hours per week
dedicated to a project. Regression analysis showed that there was no significant impact on the
hours per week dedicated based on the interaction of being paid and feeling creative. Hours per
week dedicated to a project did not decline given, that those who are paid to contribute code are
also feeling creative in that project.
Researchers engaged in studying creativity have traditionally used third-party
assessments of innovative output as measures of creativity. Thus our finding that a sense of
personal creativity is the biggest determinant of effort in F/OSS projects may be due to the
inherent innovativeness of the project itself and not to personal feelings of being creative. Since
we have multiple responses from many projects, we can test whether the creativity felt is
endogenous to the project or to the individual. Results from a fixed-effects regression (Greene
2000) on showed that a personal sense of creativity in a project is still positive and significant,
indicating that the sense of creativity is endogenous and heterogeneous to the people within
projects.
8.0 Discussion
The most important findings in our study relates to both the extent and impact of the
personal sense of creativity developers feel with regard to their F/OSS projects. A clear majority
(>61%) stated that their focal F/OSS project was at least as creative as anything they had done in
their lives (including other F/OSS projects they might engage in). This finding is bolstered by the
willingness of a majority of survey participants willingness to dedicate additional hours to
hacking and, consistent with a state of flow, the observation of frequently losing track of time
while programming. These observations are reinforced by the similar importance of these
creativity-related factors for both volunteer and paid contributors.
15
The importance of the sense of creativity in projects is underscored by examining the
drivers of effort in F/OSS projects. The only significant determinants of hours per week
dedicated to projects were (in order of magnitude of impact):
•
enjoyment-related intrinsic motivations in the form of a sense of creativity,
•
extrinsic motivations in form of payment, and
•
obligation/community-related intrinsic motivations.
Furthermore, contrary to experimental findings on the negative impact of extrinsic
rewards on intrinsic motivations (Deci, Koestner, and Ryan 1999) , we find that being paid and
feeling creative on F/OSS projects does not have a significant negative impact on project effort.
Therefore, work on the F/OSS projects can be summarized as
•
a creative exercise
•
leading to useful output
•
where the creativity is a lead driver of individual effort.
Programming has been regarded as a pure production activity that is typified as requiring
payments and career incentives to induce effort. We believe that this is a limited view. At least
as applied to hackers on F/OSS projects, we should regard their activity as a form of joint
production-consumption that provides a positive psychological outlet for the participants as well
as useful output.
Another central issue in F/OSS research has been the motivations of developers to
participate and contribute to the creation of a public good. The effort expended is substantial.
Individuals on average contribute 14 hours per week. But there is no single dominant
explanation for an individual software developer’s decision to participate and contribute in a
F/OSS project. Instead we have observed an interplay between extrinsic and intrinsic
motivations: neither dominates or destroys the efficacy of the other. It may be that the autonomy
afforded project participants in the choice of projects and roles one might play has “internalized”
extrinsic motivations.
Therefore, an individual’s motivation containing aspects of both extrinsic and intrinsic is
not anomalous. We have observed clusters of individuals motivated by extrinsic, intrinsic, or
hybrid extrinsic/intrinsic factors. Dominant motives do not crowd out or spoil others. It is
16
consistent for someone paid to participate in the F/OSS movement to be moved by the political
goals of free software and open code.
Other issues merit further investigation. The presence of paid participants, 40% of our
study sample, indicates that both IT-producing and using firms are becoming an important source
of resources for the F/OSS community. The contribution of firms to the creation of a public
good raises questions about incentives to innovate and share innovations with potential
competitors. In addition, the interaction between paid and volunteer participants within a project
raises questions about the boundaries of the firm and appropriate collaboration policies.
In conclusion, our study has advanced our understanding of the motivational factors
behind the success of the F/OSS community. We note that the F/OSS community does not
require any one type of motivation for participation. It is a “big tent.” Its contributors are
motivated by a combination of intrinsic and extrinsic factors with a personal sense of creativity
being an important source of effort.
17
Table 1 - General Characteristics of Survey Respondents
Variable
Obs
Mean
Std. Dev.
Age
Years Programming
Current F/OSS Projects
All F/OSS Projects
Years since first contribution
to F/OSS community
Min
Max
677.00
673.00
678.00
652.00
29.80
11.86
2.63
4.95
7.95
7.04
2.14
4.04
14.00
1.00
0.00
1.00
56.00
44.00
20.00
20.00
683.00
5.31
4.34
0.00
21.00
18
Table 2-Location and Work Relationship for F/OSS Contributions
Is supervisor aware of
work time spent on the
F/OSS project?
Yes aware
No, not aware
Do not spend time at
work
Total
Freq. Percent
254 37.69
113 16.77
307 45.55
674 100.00
19
Table 3 - Hours Spent / Week on F/OSS Projects
Average (sd)
Paid
Contributor (sd)
Hours/week on all 14.3 (15.7)
17.7 (17.9)
F/OSS projects
7.5 (11.6)
10.3 (14.7)
Hours/week on
focal F/OSS
project
* Two tailed test of means assuming unequal variances
Volunteer (sd)
11.7 (13.5)
t statistic (pvalue)*
4.8 (0.00)
5.7 (8.4)
4.7 (0.00)
20
Table 4 – Creativity in F/OSS projects
Compared to your most
creative endeavour, how
creative is this project
Much less
Somewhat less
Equally as creative
Most creative
Total
Freq. Percent
55
8.16
203 30.12
333 49.41
83 12.31
674 100.00
21
Table 5 – “Flow” experienced while programming
Ratings on 'Flow"
Variables
Always
Frequently
Sometimes
Rarely
Never
Total
How likely to lose
track of time
when
programming (%)
21.39
51.33
22.27
4.28
0.74
100
How likely to
devote extra hour
in the day to
programming (%)
12.92
47.14
34.51
4.11
1.32
100
22
Table 6– Motivations to contribute to F/OSS projects
Motivation
Enjoyment based Intrinsic Motivation
Code for project is intellectually stimulating to write
Like working with this development team
Economic/Extrinsic based Motivations
Improve programming skills
Code needed for user need (work and/or non-work)*
- Work need only
% of respondents
indicating up to 3
statements that
best reflect their
reasons to
contribute (%)
% volunteer
contributors
% paid
contributor
Significant
difference (t
statistic/p
value)
44.9
20.3
46.1
21.5
43.1
18.5
n.s.
n.s.
41.3
58.7
33.8
45.8
19.3
33.2
55.7
3.56 (p=0.0004)
10.53
(p=0.0000)
5.16 (p=0.0000)
3.01 (p=0.0000)
- Non-work need
29.7
37.0
18.9
Enhance professional status
17.5
13.9
22.8
Obligation/Community based Intrinsic Motivations
Believe that source code should be open
33.1
34.8
30.6
n.s.
Feel personal obligation to contribute because use F/OSS
28.6
29.6
26.9
n.s.
Dislike proprietary software and want to defeat them
11.3
11.5
11.1
n.s.
Enhance reputation in F/OSS community
11.0
12.0
9.5
n.s.
* Aggregation of responses that indicated needing software for work and/or non-work related need . Not an actual survey question. Overlap in
user needs limited to 4.9% of sample. n.s. = not significant.
23
Table 7 Cluster results based on motivations and paid status
Motivations
Work need
Non-work need
Intellectually stimulating
Improves skill
Work with team
Code should be open
Beat proprietary software
Community reputation
Professional status
Obligation from use
Paid for contribution
Total % of sample in each
cluster
Cluster 1 Cluster 2 Cluster 3 Cluster 4
(%)
(%)
(%)
(%)
8
12
28
91
0
2
11
100
41
45
12
69
19
20
43
72
17
16
19
28
12
22
42
64
11
8
9
19
8
11
13
14
6
22
18
25
23
20
6
83
18
26
32
86
25
27
29
19
n = 679
24
Table 8 Significant Variables in Regression of Log (Project Hours/Week) and Motivations
Variable
Standardiz t-statistic
(p-value)
ed coefficient
Creative project
1.6
6.00
experience
(0.000)
Paid status
0.88
3.12
(0.002)
Like team
0.84
2.76
(0.004)
Enhance community
0.56
2.00
reputation
(0.046)
Differential hours
-1.6
-6.00
(0.000)
IT training
-0.6
-2.28
(0.023)
R-Square = 0.18, N = 630
25
References
Amabile, Teresa M. 1996. Creativity in context. Boulder, CO: Westview Press.
Csikszentmihalyi, Mihaly. 1975. Beyond Boredom and Anxiety: The Experience of Play in Work
and Games. San Francisco: Jossey-Bass, Inc.
———. 1990. Flow: The Psychology of Optimal Experience. New York: Harper and Row.
———. 1996. Creativity: Flow and the Psychology of Discovery and Invention. New York:
HarperCollins.
Deci, Edward L, R Koestner, and Richard M Ryan. 1999. A meta-analytic review of experiments
examining the effects of extrinsic rewards on intrinsic motivation. Psychological Bulletin
125:627-688.
Deci, Edward L, and Richard M Ryan. 1985. Intrinsic motivation and self-determination in
human behavior. New York, NY: Plenum Press.
Franke, Nikolaus, and Sonali Shah. 2003. How communities support innovative activities: an
exploration of assistance and sharing among end-users. Research Policy 32 (1):157-178.
Frey, Bruno. 1997. Not just for the money: an economic theory of personal motivation.
Brookfield. VT: Edward Elgar Publishing Company.
Greene, William H. 2000. Econometric Analysis. Upper Saddle River, NJ: Prentice- Hall Inc.
Hars, Alexander, and Shaosong Ou. 2002. Working for free? Motivations for participating in
Open-Source projects. International Journal of Electronic Commerce 6 (3):25-39.
Hertel, Guido, Sven Niedner, and Stefanie Herrmann. 2003. Motivation of software developers
in Open Source projects: an Internet-based survey of contributors to the Linux kernel.
Research Policy in press.
Himanen, Pekka. 2001. The Hacker Ethic and the Spirit of the Information Age. New York:
Random House.
Holmström, Bengt. 1999. Managerial Incentive Problems: A Dynamic Perspective. Review of
Economic Studies 66 (169-182).
Lerner, Josh, and Jean Tirole. 2002. Some Simple Economics of Open Source. Journal of
Industrial Economics 50 (2):197-234.
Lindenberg, Siegwart. 2001. Intrinsic motivation in a new light. Kyklos 54 (2/3):317-342.
Marwell, Gerald, and Pamela Oliver. 1993. The Critical Mass in Collective Action: A MicroSocial Theory. Cambridge, UK: Cambridge University Press.
Moody, Glen. 2001. Rebel Code: Inside Linux and the Open Source Revolution. New York:
Perseus Press.
Morrison, Pamela D, J H Roberts, and Eric von Hippel. 2000. Determinants of user innovation
and innovation sharing in a local market. Management Science 46 (12):1513-1527.
Nakamura, Jeanne, and Mihaly Csikszentmihalyi. 2003. The construction of meaning through
vital engagement. In Flourishing: positive psychology and the life well-lived, edited by C.
L. Keyes and J. Haidt. Washington, DC: American Psychological Association.
Raymond, Eric. 1996. The New Hacker Dictionary - 3rd Edition. Cambridge, MA: MIT Press.
———. 1999. The Cathedral and the Bazaar: Musings on Linux and Open Source from an
Accidental Revolutionary. Sebastopol: CA: O'Reilly and Associates.
Riggs, William, and Eric von Hippel. 1994. Incentives to innovate and the sources of innovation:
The case of scientific instruments. Research Policy 23 (4):459-469.
Ryan, Richard M, and Edward L Deci. 2000. Intrinsic and Extrinsic Motivations: Classic
Definitions and New Directions. Contemporary Educational Psychology 25:54-67.
26
Stallman, Richard. 1999. The GNU Operating System and the Free Software Movement. In
Open Sources: Voices from the Open Source Revolution, edited by C. DiBona, S.
Ockman and M. Stone. Sebastopol, CA: O'Reilly.
Torvalds, Linus, and David Diamond. 2001. Just for fun: the story of an accidental
revolutionary. New York, NY: HarperCollins.
von Hippel, Eric. 1988. The Sources of Innovation. New York, NY: Oxford University Press.
———. 2001. Innovation by User Communities: Learning from Open Source Software. Sloan
Management Review 42 (4):82-86.
von Krogh, Georg, Sebastian Spaeth, and Karim R Lakhani. 2003. Community, Joining, and
Specialization in Open Source Software Innovation: A Case Study. Research Policy
forthcoming.
Wayner, Peter. 2000. Free For All: How Linux and the Free Software Movement Undercuts the
High-Tech Titans. New York: HarperBusiness.
27
Purchase answer to see full
attachment