Question: Future Sessions• AI and Military (UAS)

• Virtual Worlds

• Privacy and NSA

• Free Software Movement

Professional Issues in Computing:

Hacking

Kevin Macnish (IDEA CETL)

Plan

• “Hacking”• What’s wrong?

– Harm– Consent– Lying

• Hackers’ lines of defence– The significance of intention– Specific lines of defence

What is “Hacking”?

• Breaking into systems

• Modifying programs

• Improvising

What is “Hacking”?

• Breaking into systems• Modifying programs• Improvising

Which Hat are You Wearing?

• White Hat

• Grey Hat

• Black Hat

Which Hat are You Wearing?

• Grey Hat

• Black Hat

Which Hat are You Wearing?

• White Hat

• Grey Hat

Which Hat are You Wearing?

• White Hat

• Grey Hat

• Black Hat

Intention

Consent

What is Your Purpose?• Pen testing• Cyber crime (e.g. Interview)• State-sponsored

– Espionage (e.g. NSA)– Disruption (e.g. Stuxnet, SEA)

• Lone wolf (McKinnon)• Hacktivist (Anonymous, Wikileaks)

Ethical Concerns• Interview with a Blackhat• Not without ethics

– Paedophiles and revenge porn fair game– Felt bad when friend victim

• Real victims• Stealing money• Making people vulnerable

What’s Wrong with Hacking - Effects

• Harm & Damage– Loss of productivity– Financial losses– Damage to equipment

• Interference & violating autonomy– Preventing equipment from functioning– Stopping people doing what they want to do

• Violations of Privacy– Theft of phone numbers, bank records, etc.

Exposing Weaknesses

TinKode

What’s Wrong with Hacking - Consent

• Analogy with trespass– Property rights: may control access to and the use of

property.• “If you leave the door open, you can’t complain if

someone enters.”– Yes, you can.

• Consent is the key issue– What access to their computer systems has the user

been given consent to access?– If you accept the trespass analogy, effectiveness of

security is irrelevant.

Use Without Consent

• You do not have consent to use your neighbour’s property– Entering their house for fun is not permissible– Entering their house to rescue a child is right

• Violating people’s property rights is always problematic, but it can be outweighed.

What’s Wrong with Hacking– Lying / Deception

• Presenting yourself as someone else– E.g. at login as a system administrator

• In virtually every ethical theory there is something wrong about lying and deception – even where it can sometimes be outweighed

Lines of Defence

Lines of Defence

• Intention – “I didn’t mean to harm anyone”

• Triviality – “we’re just a few meddling kids”

• Benefit of exposing lax security

• Educational benefit to the hacker

• “Hacktivism” as civil disobedience

Which (if any) of these do you think is a convincing defence?

Intention

• Intention is relevant to blame– Connected with belief / knowledge– Adds wrong motives to wrong actions– Murder worse than manslaughter

• But you can still do the wrong thing even if your motives are innocent– Manslaughter is still wrong!

Triviality – “just kids messing”

• Trivial wrong is still wrong• Proportionality

– Lesser wrongs deserve lesser blame/criticism• What’s trivial?

– The wrong or the perpetrators?• This objection has some (limited) force

– But only if the wrongs really are trivial– Trivial to whom?

Benefit to the Hacked• Claim: the hacker benefits the hacked organisation

– Security weaknesses are highlighted– Some advise sys admins how to deal with weaknesses

• Assumes there are wrongs in hacking– If so, then the “benefit to the hacked” defence fails– Or is it only consequences that matter?

• Is it acceptable to wrong someone in order to show them that they are in danger of being wronged?– E.g. Rape– Issue of consent again – could be implied?– What if you do this to a complete stranger?

Hacktivism as Civil Disobedience

• When is civil disobedience justified?– Wider question– Includes context

• Importance of democracy– In democracies there is a fair decision

procedure, so it is not normally justified to reject rules agreed by democratic procedure.

– Sometimes it is still justified

Weighing Reasons

Against

• Lying/deception• No consent• Possible harms• Against the law

In favour

• ?

Recap

• “Hacking”

• What’s wrong?

• Hackers’ lines of defence