This is an early draft of the Words (introduction) chapter from the upcoming Singularity System sourcebook “Infowar”:
Hacking is cool! It’s one of the cornerstones of science fiction, especially cyberpunk. Console cowboys jacking their brains into the matrix to ride the electron high, otaku in basements lit only by the green glow of screens, fingers flying over the keys as they crack through encryption, cyber-commandoes spoofing the camera sensors of enemy robots and the cyber-eyes of enemy soldiers to become invisible, and so on, and so on.
Why is hacking in roleplaying games so rarely cool? Why are hacking rules in games so often, in fact, a complete nightmare to interact with?
Let’s look at one case study that I’m intimately familiar with: Shadowrun. The game has a setting that is universally beloved, yet through three decades and five editions, its hacking rules have been almost universally described as impenetrable, incomprehensible, over-complicated, nonsensical, and just not very fun. For the first three editions of the game, hacking was a very complicated minigame that dedicated hacker-archetype characters (“Deckers”) could play for hours with the GM while the rest of the gaming group went out for pizza or played Super Smash Brothers or something. Or sat around the table bored and increasingly disengaged.
For these reasons—the unapproachable complexity of the rules and the “let’s all go get pizza while the Decker does whatever it is he does factor—most players at most tables simply did not play Deckers. The hacking rules were hand-waved entirely, or Decking was something that the PCs hired NPCs to do, and could therefore be handled smoothly off-camera without engaging with the rules. Decker became synonymous with NPC at most tables. And this attitude—people don’t actually play Deckers—would later become an insurmountable handicap to actually making hacking in the game fun.
The fourth edition of the game took a few steps in the right direction by making everything wireless, meaning that hackers could roll with the team and hack everything within line of sight. This encouraged Deckers to be with the team rather than waiting in a van somewhere. There were a few basic problems with this.
Let’s say that you had a Decker who wanted to hack an enemy’s gun or an enemy’s cyberware to deactivate them, in the middle of a firefight.
This was possible, but it took at least four times as long and was at least four times as complicated as a street samurai shooting someone in the face or a mage blasting someone with a manabolt. The net result of this was that the enemy whose gun you were thirty percent of the way done hacking usually had already had his head blown off by the street samurai or was incinerated by the mage’s fireball.
To make matters worse, it was always possible to set “wireless” on your gear to “off”, making you immune to hackers. Early supplements introduced the “skinlink”, which let you do the above, but explicitly without any of the drawbacks of not having an active wireless connection. In other words, every character had the cheap option to just “set hacking to no” and be immune to hacking. So of course every player character took that option.
The fifth edition of this game tried to address these issues in a way that more or less universally failed to fix anything, and in some cases actively made things worse. One interesting thing was, at the time, I was lobbying for hackers to be able to hack enemies’ guns or cyberware as quickly and as simply as the street samurai could shoot someone or the shaman sling a spell. In other words, I wanted to make hacking simpler and more streamlined, and I wanted to remove the concept of “set hackable to off”. The fan base did not want any of this, because they all seemed to view hacking as something that would happen to their character, not something their character could do to others. The idea of deckers being able to hack someone’s cyberware or weapons in a single combat turn was offensive to them, because, subconsciously, PCs weren’t Deckers—no one actually plays deckers. This, of course, went back to the fundamental problem of the first three editions of the game: that hacking was so painfully complicated that no one wanted to engage with it. Therefore, it became an NPC activity.
That’s more than enough about Shadowrun. I don’t have nearly as much experience with other games where hacking is possible, but I’ve never heard of an RPG in which the hacking rules are especially fun and approachable.
Right now, my favorite hacking rules are the ones which amount to “make one (contested) roll, and if you succeed, you get the target system to do what you want it to”.
This is how I handle hacking in HERO System: if you want to hack a system, you make a Computer Programming roll. If the system’s security countermeasures were set up beforehand, then a retroactive Computer Programming roll is made for the character that set them up. If the system has some kind of active security monitoring—a dedicated wage slave white hat hacker or even an AI—then it makes a Computer Programming roll right now instead. If the hacker’s Computer Programming roll beats the system’s, they have access and get to do whatever they want. Dirt simple, right?
The other hacking “system” I liked was the way that I had a GM run Eclipse Phase for me once. Basically, if you wanted to hack something, you rolled Infosec and if you succeeded, you had hacked the target system and gotten it to do what you want. Pretty simple, right? Those Eclipse Phase guys must be some smart game designers. Except, actually cracking open the Eclipse Phase rulebook, and found an entire chapter full of hacking rules, The Mesh, which was no less than a whopping, very dense 35 pages long. It included literally over a hundred multi-level headings and sub-headings. Now I’ve never actually played with the Eclipse Phase hacking rules: for all I know they might be very good. But what I do know is that the way that the Eclipse Phase GM chose to handle hacking was not representative of them, and that this doesn’t necessarily speak to their accessibility and ease of use.
So again, we come to our question. Why is hacking in roleplaying games so rarely cool? Why are hacking rules in games so often, in fact, a complete nightmare to interact with? Why are hacking systems in most games so complicated than a hand-wavy stopgap of “to hack a thing, roll hacking, and if you succeed, you hacked the thing” can actually be more fun to play with than the rules that were written?
I think that the problems with hacking in games can be traced back to the problems with hacking in movies. Think back to any movie you have ever seen with “Hollywood Hacking” in it. Real hacking is cool, but it is boring to watch. Boring is anathema to Hollywood, so instead we get “Hollywood Hacking”, scenes and portrayals of hacking created by people that obviously know fuck-all about computers. And this can quickly become very, very silly:
Hacking in real life mostly involves hours and hours of cautious, exacting, and tedious “sitting at a computer, entering commands into a text prompt”. At a minimum, Hollywood hacking requires a hacker who is typing as fast as humanly possible, as though the speed at which he types is directly related to his chance to penetrate computer security. But Hollywood also likes really excessively flashy graphical interfaces—the exact thing that real hackers don’t use because they are an unnecessary distraction and a waste of bandwidth. But usually a flashy GUI isn’t enough and the hacker is manipulating three dimensional holographic polygons or navigating through a three dimensional digital maze or some shit. It has fuck-all to do with real hacking, but it looks cool.
Anyone who knows anything about how computers and hacking in real life, tends to have a negative reaction to this portrayal. Uproarious laughter at the dumbness on display is probably the most common reaction, but actual annoyance is a close second.
“Oh My God. This is…this is brain poison.”
– Penny Arcade, “Brains With Urgent Appointments”
Sometimes the stupidity of Hollywood Hacking with its “rule of cool” departures from reality is even played up to the point of parity. Meet Kung Fury’s Hackerman:
On average, people who make (roleplaying) games know and care a lot more about how computers work in real life than people who make movies. When I look at the hacking rules designed for the roleplaying games I talk about, what I see is a desire to make the rules for penetrating computer security realistic, and not silly, stupid, and dumb like the Hollywood Hacking described above. In and of itself, this is a noble goal, but realism (as opposed to genre-realism, which is essential), except when used in very carefully restricted doses, is poison to game design. Because reality is not inherently fun, and games must be. Realism is like any spice used in cooking—use too much and you ruin the dish.
Compared to the smart people that made the Matrix rules for Shadowrun and the Mesh rules for Eclipse Phase, I know very little about computer science. In fact, almost nothing. Oh, I know enough to give a flavor of verisimilitude, and I know enough to ask someone smarter if I think knowing a bit about “how things really work” would help inform fun gameplay. But I have no investment in real computer science, and no loyalty to portraying it overly accurately when it comes to creating fun and playable rules for information warfare.
Hacking is cool, and for hacking to be cool in games, it cannot be strictly speaking “realistic”. Because games must be fun, and real life hacking is not fun to do—at least not in a way that is compatible with playing a game. Hacking also must be streamlined enough that the dedicated hacker character can resolve their hacking quickly in real time, without everyone else getting bored and going out for pizza.
It is with these design goals in mind that I set out to design hacking and information warfare rules for the Singularity System—compatible with any science fiction setting—that are both easy to use and fun.