About Hacking, But Legal
Hacking, But Legal publishes original investigative journalism and analysis on security, technology, privacy, crime, civil liberties, policy, law, and democracy.
This is not a curated newsletter of external links—it is a space for sustained reporting on how systems fail, who bears the consequences, and what can be done.
My work connects technical problems to their political and human costs.
As a threat researcher and hands-on practitioner of information security, I treat cybersecurity not as an abstract engineering discipline, but as critical infrastructure for democratic participation, personal safety, and institutional accountability.
I feel the same way about investigative journalism—A free and factual press is critical infrastructure.
Is This Newsletter For Me?
This publication is for readers who want to understand how power actually works.
…Not in the abstract, but through the specific failures, cover-ups, and systemic gaps that affect real people. If you’ve ever felt that mainstream coverage of technology and security skims the surface of what’s really happening, you’re in the right place. If you’re looking for hot takes or a curated link digest, you are not.
My writing assumes technical literacy, but I won’t often demand it of you. I strive to explain complex systems clearly and refuse to dumb them down. Recent investigations have documented surveillance operations by private intelligence firms, the degradation of safety infrastructure on major platforms, and how regulatory, democratic, and ethical gaps can leave vulnerable communities at risk.
The through-lines in this work are consistent: cognitive and non-linear warfare, disinformation, terrorism, insider threats, and the surveillance economy. I'm interested in how adversaries exploit infrastructural weakness, how policy lags dangerously behind technical reality, and how platform design choices quietly shape who gets harmed. Marginalized communities bear disproportionate risk in nearly every system I examine—that isn’t a coincidence, and is rarely peripheral to the story.
About Jackie Singh
I’ve worked at the intersection of cyber and kinetic warfare for twenty years.
My work is regularly cited by Bloomberg, CNN, BBC, The Washington Post, USA Today, Mother Jones, Vice, and Newsweek, among others.
My background includes serving in the US Army in Iraq, more than a decade of cleared defense contracting, leading strategic and technical security teams from director-level roles at major corporate consultancies, and direct involvement in assuring the cybersecurity posture of the Biden/Harris U.S. Presidential Campaign. I was subsequently honored to serve as a strategist at the Surveillance Technology Oversight Project, a New York City-based 501(c)3 nonprofit organization that relentlessly advocates for our privacy rights and litigates to challenge government use of mass surveillance.
This work has unfortunately led to threats, libel, and harassment.
Rather than be intimidated into silence, I’ve forged ahead with documenting how coordinated harassment campaigns operate and what platforms fail to do about them.
My role is to communicate urgent and complex topics in a clear, precise, and compelling manner. Four years in, the work has deepened in scope, in sources, and in what it’s willing to say.
My main priority is to benefit my readers, and because of this, I rarely paywall my work.
Why Subscribe?
Your subscription is what makes my research possible and keeps it free for everyone else. If you directly support this publication with a paid monthly or annual subscription,
You’ll be a funder of independent journalism—No corporate underwriting, no editors answering to advertisers. Just me, the story, and you. What I cover, I cover without permission.
You’ll enable sustained, longform reporting—Investigations that can take weeks or months to complete properly, may require some degree of legal review, or simply demand a level of time and resources most outlets cannot afford
You’ll help others get access—My newsletter subscribers are generous individuals who subsidize free access to this content for everyone else, including academics and security researchers who often operate on a shoestring budget (like me). A paid subscription ensures those students, journalists, activists, and people in countries with limited resources can read this work without barriers.
You’ll easily connect with me—Only subscribers can engage directly with my reporting by commenting on stories, asking questions in the members-only Chat, and perhaps even shaping what gets covered next.
You’ll be supporting accountability journalism—Every subscription to this Substack funds work that holds institutions and individuals accountable for failures that affect real people.
This model assumes that serious investigative work should not be locked behind paywalls. Subscribers make that possible by funding work that everyone can read, irrespective of their ability to pay. Please note that very important and laborious stories may be paywalled to help support my ongoing research costs.
These stories reach hundreds of thousands of readers. I’m glad you’re one of them.
My reporting here is part of a larger effort, one that also takes shape through consulting work, public testimony, and reporting that extends across Twitter, TikTok, and BlueSky, as well as ongoing collaboration with journalists, researchers, academics, and analysts who are asking the same hard questions.
This newsletter is the core of it: the place where the most sustained, carefully documented work is published. I’ll keep making these problems visible—and where possible, helping to address them directly.
