SlideShare uma empresa Scribd logo

Are Computer Hacker Break-ins Ethical -- Spafford

Transferir como PPT, PDF
Mia Eaker
Mia Eaker

Are Computer Hacker Break-ins Ethical -- Spafford

Educação
1 de 41
“Are Computer Hacker Break-ins Ethical?” Eugene Spafford
Spafford’s Points Against Hacking: 1. Ethics should be measured by an act itself, not its consequences. 2. Hacker break-ins are immoral acts. 3. They are never ethical regardless of circumstances. 4. Computer professionals need to spread the word.
In 1988… Robert T. Morris released the first Internet worm
Morris Worm • Reason-- Supposedly to expose security flaws • Unexpected Result-- The worm ran amok • Consequence-- Expensive damage at hundreds of locations
Morris was sentenced to three years probation, 400 hours community service, a fine of $10k, and costs of damage.
Ethics Theories
Why ethics theories? • Spafford reminds us that to say something is right/wrong, we need to know why… • Intuitions are unreliable.
Two Big Ethics Theories Here 1. Consequentialism • An act is right or wrong based on its effects 1. Deontology • The act itself is right/wrong • Effects don’t matter
Consequentialism Why is this wrong?
Consequentialism Spafford does not like consequentialism. 1. Effects are unpredictable. What are effects of GMO’s?
Consequentialism Spafford does not like consequentialism 2. Counter intuitive- results. Execution of smokers…
Deontology The act itself can be deemed right/wrong, independent of consequences. Why is this wrong?
Deontology Also has problems: 1.Under-determines actions • “treat workers like human beings” • Can’t use workers as means– business problems? 2.Counter-intuitive results • “are there Jews in your attic?”
Harder than it looks: 1. The problems are similar, and 2. Spafford says he likes deontology… • But all of his arguments are consequentialist.
From Spafford--- “A system of ethics that considered primarily only the results of our actions would not allow us to evaluate our current activities at the time when we would need such guidance; if we are unable to discern the appropriate course of action prior to its commission, then our system of ethics is of little or no value to us. To obtain ethical guidance, we must base our actions primarily on evaluations of the actions and not on the possible results.” “We cannot know, for instance, if increased security awareness and restrictions are better for society in the long-term, or whether these additional restrictions will result in greater costs and annoyance when using computer systems. We also do not know how many of these changes are directly traceable to incidents of computer break- ins.”
Spafford’s arguments
They say: Hacker ethic “Information wants to be free.” Should people be allowed to own information? What kind?
Spafford says: “Destroys Privacy and Property”
Problems: • Consider bank balances, medical records, credit history, employment records, etc. • The problem is both a matter of theft and of being able to alter information. • If everyone has access, how can we trust it to be unaltered?
But notice: • You still need a theory of privacy and property. • Closed/proprietary may be bad for security. • Room for a middle: CC licenses, etc.
They say: Hacker Ethic “We show security problems to a community that will not otherwise notice.”
Spafford says: People care about security – just report it! “Your sprinklers don’t work!” So I set a fire to show you…?
They say: Hacker Ethic “Exposing security flaws is a service.” Is this a service? What could be the consequences?
Spafford says: 1. “Assumes there is some compelling need to force users to install fixes” and 2. This need justifies break-ins • Consider– Would it be justifiable to break in to a home repeatedly to demonstrate its lack of security? • Deontology– It must be universalizable (hints at this through analogies, but never really says it…) Let’s grant that (2) is false…
Spafford says: “The claim is made that without highly-visible break- ins, vendors will not produce or distribute necessary fixes to software. This attitude is naive, and is neither economically feasible nor technically workable. Certainly, vendors should bear some responsibility for the adequacy of their software, but they should not be responsible for fixing every possible flaw in every possible configuration.”
They say: Hacker Ethic They are making use of idle machines not being used anywhere near their capacity. Therefore, they are entitled to use them.
Spafford says: 1) These systems are not meant for general use; they serve specific purposes. 2) There is no other circumstance where someone can buy and maintain a product and then have others claim a right to it. • What if someone stole your car and claimed that you weren’t using it enough?
They say: Hacker Ethic • Student Hackers claim to do know harm– they are merely learning how systems work. • Furthering education • Cost Effective • Harmless
Spafford says: 1) Writing vandalware and breaking into a system has nothing to do with education. 2) People who are “learning” or “looking around” can’t possibly guarantee that they are not making changes or causing harm.
They say: Hacker Ethic Some hackers break into systems to watch for data abuse are actually protectors with good intentions. •“Keeping ‘Big Brother’ a bay” Sounds noble---
Spafford says: *Spafford agrees that there may be misuse of personal data by both corporations and government.* However— 1)This could actually cause more secrecy from such agencies. (further restrictions to access such data) 2)Do we want hackers protecting us? Shouldn’t we be relying on professionals and designers concerns with our rights?
A complication: While widely read and cited, Spafford’s paper is from 1992. How may the situation have changed since then?
A complication: • Institutions hired security staff, but • Most computers were less vulnerable then: • Internet was dial-up • Through proprietary or exclusive networks
A complication: Today’s “massive set of always-on, powerful PCs, many with high-speed Internet connections and run by unskilled users, is a phenomenon new to the twenty-first century.”
A complication: Today, there may very well be a reason to “force users to install security fixes.” You owe it to me to get your vaccines.
Spafford also says: • Not every site has the resources to patch software. • Vendors can’t be responsible for everything users do. • It would likely raise costs and be unappealing to users. “It is unreasonable to expect the user community to sacrifice flexibility and pay a much higher cost per unit simply for faster corrections to the occasional security breach. That assumes it was even possible for the manufacturer to find those customers and supply them with fixes in a timely manner, something unlikely in a market where machines and software are often repackaged, traded, and resold.”
An obvious solution: Auto-updates, remote server software, etc.
Nobody likes this… (an early search result for WGA)
The openness of the net is a major source of its value.
In sum: 1. Internet security is a real problem. 2. The nature of the problem changes with the technology. 3. Solving it requires balancing values like privacy, property, openness, etc. 4. Ethics helps give us the tools to do that.
What do you think? Should we consider some acts of hacking as ethically permissible based on consequences? Should we consider this action unethical in all circumstances?

Recomendados

Open Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun RathodOpen Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun RathodFalgun Rathod
 
OPSEC for hackers
OPSEC for hackersOPSEC for hackers
OPSEC for hackersgrugq
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensicsMarco Alamanni
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRishab garg
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts Sophos
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Simplilearn
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGoutham Shetty
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 

Recomendados

Open Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun RathodOpen Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun RathodFalgun Rathod
 
OPSEC for hackers
OPSEC for hackersOPSEC for hackers
OPSEC for hackersgrugq
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensicsMarco Alamanni
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRishab garg
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts Sophos
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Simplilearn
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGoutham Shetty
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesSam Bowne
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats mohamad Hamizi
 
Honeypots e honeynets
Honeypots e honeynetsHoneypots e honeynets
Honeypots e honeynetsMarcos Flávio Araújo Assunção
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingAryan Saxena
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
A project approach to HIPAA
A project approach to HIPAAA project approach to HIPAA
A project approach to HIPAADaniel P Wallace
 
SWOT Analysis- MP3 Player
SWOT Analysis- MP3 PlayerSWOT Analysis- MP3 Player
SWOT Analysis- MP3 Playercloestead
 
Cybercrime
CybercrimeCybercrime
CybercrimeAreliyKarla3
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Network Intelligence India
 
Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesInformation Technology
 
Bilgi güvenliği ve Kriptografi Soruları
Bilgi güvenliği ve Kriptografi SorularıBilgi güvenliği ve Kriptografi Soruları
Bilgi güvenliği ve Kriptografi SorularıAhmet Han
 
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | EdurekaComputer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | EdurekaEdureka!
 
Rapid Threat Modeling : case study
Rapid Threat Modeling : case studyRapid Threat Modeling : case study
Rapid Threat Modeling : case studyAntonio Fontes
 
Enforcing Your Code of Conduct: effective incident response
Enforcing Your Code of Conduct: effective incident responseEnforcing Your Code of Conduct: effective incident response
Enforcing Your Code of Conduct: effective incident responseAudrey Eschright
 
Assessing network security
Assessing network securityAssessing network security
Assessing network securityAbhinit Kumar Sharma
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackDharmesh Makwana
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Physical Security
Physical SecurityPhysical Security
Physical Securitykavitha muneeshwaran
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)Security Bootcamp
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBugRaptors
 
It's white, no it's "Black or White"
It's white, no it's "Black or White"It's white, no it's "Black or White"
It's white, no it's "Black or White"Makala D.
 

Mais conteúdo relacionado

Mais procurados

CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesSam Bowne
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats mohamad Hamizi
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
A project approach to HIPAA
A project approach to HIPAAA project approach to HIPAA
A project approach to HIPAADaniel P Wallace
 
SWOT Analysis- MP3 Player
SWOT Analysis- MP3 PlayerSWOT Analysis- MP3 Player
SWOT Analysis- MP3 Playercloestead
 
Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesInformation Technology
 
Bilgi güvenliği ve Kriptografi Soruları
Bilgi güvenliği ve Kriptografi SorularıBilgi güvenliği ve Kriptografi Soruları
Bilgi güvenliği ve Kriptografi SorularıAhmet Han
 
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | EdurekaComputer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | EdurekaEdureka!
 
Rapid Threat Modeling : case study
Rapid Threat Modeling : case studyRapid Threat Modeling : case study
Rapid Threat Modeling : case studyAntonio Fontes
 
Enforcing Your Code of Conduct: effective incident response
Enforcing Your Code of Conduct: effective incident responseEnforcing Your Code of Conduct: effective incident response
Enforcing Your Code of Conduct: effective incident responseAudrey Eschright
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackDharmesh Makwana
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)Security Bootcamp
 

Mais procurados (20)

CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats
 
Honeypots e honeynets
Honeypots e honeynetsHoneypots e honeynets
Honeypots e honeynets
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
A project approach to HIPAA
A project approach to HIPAAA project approach to HIPAA
A project approach to HIPAA
 
SWOT Analysis- MP3 Player
SWOT Analysis- MP3 PlayerSWOT Analysis- MP3 Player
SWOT Analysis- MP3 Player
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System Vulnerabilities
 
Bilgi güvenliği ve Kriptografi Soruları
Bilgi güvenliği ve Kriptografi SorularıBilgi güvenliği ve Kriptografi Soruları
Bilgi güvenliği ve Kriptografi Soruları
 
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | EdurekaComputer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
 
Rapid Threat Modeling : case study
Rapid Threat Modeling : case studyRapid Threat Modeling : case study
Rapid Threat Modeling : case study
 
Enforcing Your Code of Conduct: effective incident response
Enforcing Your Code of Conduct: effective incident responseEnforcing Your Code of Conduct: effective incident response
Enforcing Your Code of Conduct: effective incident response
 
Assessing network security
Assessing network securityAssessing network security
Assessing network security
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Physical Security
Physical SecurityPhysical Security
Physical Security
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
 

Destaque

Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBugRaptors
 
It's white, no it's "Black or White"
It's white, no it's "Black or White"It's white, no it's "Black or White"
It's white, no it's "Black or White"Makala D.
 
Logicalfallacies
LogicalfallaciesLogicalfallacies
LogicalfallaciesMia Eaker
 
Kantian Condemnation of Commerce in Organs
Kantian Condemnation of Commerce in OrgansKantian Condemnation of Commerce in Organs
Kantian Condemnation of Commerce in OrgansMia Eaker
 
Inquiry Project Assignment Presentation
Inquiry Project Assignment PresentationInquiry Project Assignment Presentation
Inquiry Project Assignment PresentationMia Eaker
 
Research Methods
Research MethodsResearch Methods
Research MethodsMia Eaker
 
MLA1103Fall2014
MLA1103Fall2014MLA1103Fall2014
MLA1103Fall2014Mia Eaker
 
Sunstein: Democracy and the Internet
Sunstein: Democracy and the InternetSunstein: Democracy and the Internet
Sunstein: Democracy and the InternetMia Eaker
 
Chapter 7: Deontology
Chapter 7: DeontologyChapter 7: Deontology
Chapter 7: Deontologydborcoman
 
Cultural Relatvism
Cultural RelatvismCultural Relatvism
Cultural RelatvismMia Eaker
 
Deontological ethics
Deontological ethicsDeontological ethics
Deontological ethicsFede Fretes
 
Artificial intelligence and ethics
Artificial intelligence and ethicsArtificial intelligence and ethics
Artificial intelligence and ethicsMia Eaker
 
Deontology intro
Deontology introDeontology intro
Deontology introMia Eaker
 
Digital Essay Intro & Brainstorming
Digital Essay Intro & BrainstormingDigital Essay Intro & Brainstorming
Digital Essay Intro & BrainstormingMia Eaker
 

Destaque (16)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
It's white, no it's "Black or White"
It's white, no it's "Black or White"It's white, no it's "Black or White"
It's white, no it's "Black or White"
 
Logicalfallacies
LogicalfallaciesLogicalfallacies
Logicalfallacies
 
Kantian Condemnation of Commerce in Organs
Kantian Condemnation of Commerce in OrgansKantian Condemnation of Commerce in Organs
Kantian Condemnation of Commerce in Organs
 
Inquiry Project Assignment Presentation
Inquiry Project Assignment PresentationInquiry Project Assignment Presentation
Inquiry Project Assignment Presentation
 
Inquiry1104
Inquiry1104Inquiry1104
Inquiry1104
 
Research Methods
Research MethodsResearch Methods
Research Methods
 
MLA1103Fall2014
MLA1103Fall2014MLA1103Fall2014
MLA1103Fall2014
 
Sunstein: Democracy and the Internet
Sunstein: Democracy and the InternetSunstein: Democracy and the Internet
Sunstein: Democracy and the Internet
 
Deontological ethics
Deontological ethicsDeontological ethics
Deontological ethics
 
Chapter 7: Deontology
Chapter 7: DeontologyChapter 7: Deontology
Chapter 7: Deontology
 
Cultural Relatvism
Cultural RelatvismCultural Relatvism
Cultural Relatvism
 
Deontological ethics
Deontological ethicsDeontological ethics
Deontological ethics
 
Artificial intelligence and ethics
Artificial intelligence and ethicsArtificial intelligence and ethics
Artificial intelligence and ethics
 
Deontology intro
Deontology introDeontology intro
Deontology intro
 
Digital Essay Intro & Brainstorming
Digital Essay Intro & BrainstormingDigital Essay Intro & Brainstorming
Digital Essay Intro & Brainstorming
 

Semelhante a Are Computer Hacker Break-ins Ethical -- Spafford

Testing Is How You Avoid Looking Stupid
Testing Is How You Avoid Looking StupidTesting Is How You Avoid Looking Stupid
Testing Is How You Avoid Looking StupidSteve Branam
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggadabotor7
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfMahdi_Fahmideh
 
Introduction to ethics
Introduction to ethicsIntroduction to ethics
Introduction to ethicsSaqib Raza
 
Cybersecurity Course in Chandigarh Join Now
Cybersecurity Course in Chandigarh Join NowCybersecurity Course in Chandigarh Join Now
Cybersecurity Course in Chandigarh Join Nowasmeerana605
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
Computer ethics-presentation-1221139444034074-9
Computer ethics-presentation-1221139444034074-9Computer ethics-presentation-1221139444034074-9
Computer ethics-presentation-1221139444034074-9sajida zafar
 
2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference Rea & Associates
 
The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!Frode Hommedal
 
Are computer hacker break ins ethical
Are computer hacker break ins ethicalAre computer hacker break ins ethical
Are computer hacker break ins ethicalUltraUploader
 

Semelhante a Are Computer Hacker Break-ins Ethical -- Spafford (20)

Testing Is How You Avoid Looking Stupid
Testing Is How You Avoid Looking StupidTesting Is How You Avoid Looking Stupid
Testing Is How You Avoid Looking Stupid
 
Puna 2015
Puna 2015Puna 2015
Puna 2015
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
 
Introduction to ethics
Introduction to ethicsIntroduction to ethics
Introduction to ethics
 
Nfwordle
NfwordleNfwordle
Nfwordle
 
ethics final project
ethics final projectethics final project
ethics final project
 
Ethical issues
Ethical issuesEthical issues
Ethical issues
 
Cybersecurity Course in Chandigarh Join Now
Cybersecurity Course in Chandigarh Join NowCybersecurity Course in Chandigarh Join Now
Cybersecurity Course in Chandigarh Join Now
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
Computer ethics-presentation-1221139444034074-9
Computer ethics-presentation-1221139444034074-9Computer ethics-presentation-1221139444034074-9
Computer ethics-presentation-1221139444034074-9
 
2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference
 
Bob Gourley
Bob GourleyBob Gourley
Bob Gourley
 
The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!The Internet is on fire – don't just stand there, grab a bucket!
The Internet is on fire – don't just stand there, grab a bucket!
 
Ece481 lecture4engsocexp
Ece481 lecture4engsocexpEce481 lecture4engsocexp
Ece481 lecture4engsocexp
 
Are computer hacker break ins ethical
Are computer hacker break ins ethicalAre computer hacker break ins ethical
Are computer hacker break ins ethical
 
SIP report.pptx
SIP report.pptxSIP report.pptx
SIP report.pptx
 

Mais de Mia Eaker

Integrating Outside Material1104
Integrating Outside Material1104Integrating Outside Material1104
Integrating Outside Material1104Mia Eaker
 
KeyConcepts&Inquiry
KeyConcepts&InquiryKeyConcepts&Inquiry
KeyConcepts&InquiryMia Eaker
 
Research Strategies & Your Inquiry
Research Strategies & Your InquiryResearch Strategies & Your Inquiry
Research Strategies & Your InquiryMia Eaker
 
Search Sentences
Search SentencesSearch Sentences
Search SentencesMia Eaker
 
Plagiarism, Academic Conventions, & Annotated Bibs
Plagiarism, Academic Conventions, & Annotated BibsPlagiarism, Academic Conventions, & Annotated Bibs
Plagiarism, Academic Conventions, & Annotated BibsMia Eaker
 
Preliminary Research Strategies Spring 2017
Preliminary Research Strategies Spring 2017Preliminary Research Strategies Spring 2017
Preliminary Research Strategies Spring 2017Mia Eaker
 
Inquiry Spring 2016
Inquiry Spring 2016Inquiry Spring 2016
Inquiry Spring 2016Mia Eaker
 
Integrating Outside Material
Integrating Outside MaterialIntegrating Outside Material
Integrating Outside MaterialMia Eaker
 
Plagiarism&Paraphrasing
Plagiarism&ParaphrasingPlagiarism&Paraphrasing
Plagiarism&ParaphrasingMia Eaker
 
Focusing your LOI
Focusing your LOIFocusing your LOI
Focusing your LOIMia Eaker
 
Mc cormick -_violent_video_games
Mc cormick -_violent_video_gamesMc cormick -_violent_video_games
Mc cormick -_violent_video_gamesMia Eaker
 
Final examstudyguide
Final examstudyguideFinal examstudyguide
Final examstudyguideMia Eaker
 
Ethical Frameworks Intro
Ethical Frameworks IntroEthical Frameworks Intro
Ethical Frameworks IntroMia Eaker
 
Ethical Frameworks Intro
Ethical Frameworks IntroEthical Frameworks Intro
Ethical Frameworks IntroMia Eaker
 
Critical Thinking & Logic in Ethics
Critical Thinking & Logic in EthicsCritical Thinking & Logic in Ethics
Critical Thinking & Logic in EthicsMia Eaker
 
Intro to Ethical Decision Making: Ethics and Moral Values
Intro to Ethical Decision Making: Ethics and Moral Values Intro to Ethical Decision Making: Ethics and Moral Values
Intro to Ethical Decision Making: Ethics and Moral Values Mia Eaker
 
Rogerian argumentpp[1]
Rogerian argumentpp[1]Rogerian argumentpp[1]
Rogerian argumentpp[1]Mia Eaker
 

Mais de Mia Eaker (17)

Integrating Outside Material1104
Integrating Outside Material1104Integrating Outside Material1104
Integrating Outside Material1104
 
KeyConcepts&Inquiry
KeyConcepts&InquiryKeyConcepts&Inquiry
KeyConcepts&Inquiry
 
Research Strategies & Your Inquiry
Research Strategies & Your InquiryResearch Strategies & Your Inquiry
Research Strategies & Your Inquiry
 
Search Sentences
Search SentencesSearch Sentences
Search Sentences
 
Plagiarism, Academic Conventions, & Annotated Bibs
Plagiarism, Academic Conventions, & Annotated BibsPlagiarism, Academic Conventions, & Annotated Bibs
Plagiarism, Academic Conventions, & Annotated Bibs
 
Preliminary Research Strategies Spring 2017
Preliminary Research Strategies Spring 2017Preliminary Research Strategies Spring 2017
Preliminary Research Strategies Spring 2017
 
Inquiry Spring 2016
Inquiry Spring 2016Inquiry Spring 2016
Inquiry Spring 2016
 
Integrating Outside Material
Integrating Outside MaterialIntegrating Outside Material
Integrating Outside Material
 
Plagiarism&Paraphrasing
Plagiarism&ParaphrasingPlagiarism&Paraphrasing
Plagiarism&Paraphrasing
 
Focusing your LOI
Focusing your LOIFocusing your LOI
Focusing your LOI
 
Mc cormick -_violent_video_games
Mc cormick -_violent_video_gamesMc cormick -_violent_video_games
Mc cormick -_violent_video_games
 
Final examstudyguide
Final examstudyguideFinal examstudyguide
Final examstudyguide
 
Ethical Frameworks Intro
Ethical Frameworks IntroEthical Frameworks Intro
Ethical Frameworks Intro
 
Ethical Frameworks Intro
Ethical Frameworks IntroEthical Frameworks Intro
Ethical Frameworks Intro
 
Critical Thinking & Logic in Ethics
Critical Thinking & Logic in EthicsCritical Thinking & Logic in Ethics
Critical Thinking & Logic in Ethics
 
Intro to Ethical Decision Making: Ethics and Moral Values
Intro to Ethical Decision Making: Ethics and Moral Values Intro to Ethical Decision Making: Ethics and Moral Values
Intro to Ethical Decision Making: Ethics and Moral Values
 
Rogerian argumentpp[1]
Rogerian argumentpp[1]Rogerian argumentpp[1]
Rogerian argumentpp[1]
 

Último

HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 

Último (20)

HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 

Are Computer Hacker Break-ins Ethical -- Spafford

  • 2. Spafford’s Points Against Hacking: 1. Ethics should be measured by an act itself, not its consequences. 2. Hacker break-ins are immoral acts. 3. They are never ethical regardless of circumstances. 4. Computer professionals need to spread the word.
  • 3. In 1988… Robert T. Morris released the first Internet worm
  • 4. Morris Worm • Reason-- Supposedly to expose security flaws • Unexpected Result-- The worm ran amok • Consequence-- Expensive damage at hundreds of locations
  • 5. Morris was sentenced to three years probation, 400 hours community service, a fine of $10k, and costs of damage.
  • 7. Why ethics theories? • Spafford reminds us that to say something is right/wrong, we need to know why… • Intuitions are unreliable.
  • 8. Two Big Ethics Theories Here 1. Consequentialism • An act is right or wrong based on its effects 1. Deontology • The act itself is right/wrong • Effects don’t matter
  • 10. Consequentialism Spafford does not like consequentialism. 1. Effects are unpredictable. What are effects of GMO’s?
  • 11. Consequentialism Spafford does not like consequentialism 2. Counter intuitive- results. Execution of smokers…
  • 12. Deontology The act itself can be deemed right/wrong, independent of consequences. Why is this wrong?
  • 13. Deontology Also has problems: 1.Under-determines actions • “treat workers like human beings” • Can’t use workers as means– business problems? 2.Counter-intuitive results • “are there Jews in your attic?”
  • 14. Harder than it looks: 1. The problems are similar, and 2. Spafford says he likes deontology… • But all of his arguments are consequentialist.
  • 15. From Spafford--- “A system of ethics that considered primarily only the results of our actions would not allow us to evaluate our current activities at the time when we would need such guidance; if we are unable to discern the appropriate course of action prior to its commission, then our system of ethics is of little or no value to us. To obtain ethical guidance, we must base our actions primarily on evaluations of the actions and not on the possible results.” “We cannot know, for instance, if increased security awareness and restrictions are better for society in the long-term, or whether these additional restrictions will result in greater costs and annoyance when using computer systems. We also do not know how many of these changes are directly traceable to incidents of computer break- ins.”
  • 17. They say: Hacker ethic “Information wants to be free.” Should people be allowed to own information? What kind?
  • 19. Problems: • Consider bank balances, medical records, credit history, employment records, etc. • The problem is both a matter of theft and of being able to alter information. • If everyone has access, how can we trust it to be unaltered?
  • 20. But notice: • You still need a theory of privacy and property. • Closed/proprietary may be bad for security. • Room for a middle: CC licenses, etc.
  • 21. They say: Hacker Ethic “We show security problems to a community that will not otherwise notice.”
  • 22. Spafford says: People care about security – just report it! “Your sprinklers don’t work!” So I set a fire to show you…?
  • 23. They say: Hacker Ethic “Exposing security flaws is a service.” Is this a service? What could be the consequences?
  • 24. Spafford says: 1. “Assumes there is some compelling need to force users to install fixes” and 2. This need justifies break-ins • Consider– Would it be justifiable to break in to a home repeatedly to demonstrate its lack of security? • Deontology– It must be universalizable (hints at this through analogies, but never really says it…) Let’s grant that (2) is false…
  • 25. Spafford says: “The claim is made that without highly-visible break- ins, vendors will not produce or distribute necessary fixes to software. This attitude is naive, and is neither economically feasible nor technically workable. Certainly, vendors should bear some responsibility for the adequacy of their software, but they should not be responsible for fixing every possible flaw in every possible configuration.”
  • 26. They say: Hacker Ethic They are making use of idle machines not being used anywhere near their capacity. Therefore, they are entitled to use them.
  • 27. Spafford says: 1) These systems are not meant for general use; they serve specific purposes. 2) There is no other circumstance where someone can buy and maintain a product and then have others claim a right to it. • What if someone stole your car and claimed that you weren’t using it enough?
  • 28. They say: Hacker Ethic • Student Hackers claim to do know harm– they are merely learning how systems work. • Furthering education • Cost Effective • Harmless
  • 29. Spafford says: 1) Writing vandalware and breaking into a system has nothing to do with education. 2) People who are “learning” or “looking around” can’t possibly guarantee that they are not making changes or causing harm.
  • 30. They say: Hacker Ethic Some hackers break into systems to watch for data abuse are actually protectors with good intentions. •“Keeping ‘Big Brother’ a bay” Sounds noble---
  • 31. Spafford says: *Spafford agrees that there may be misuse of personal data by both corporations and government.* However— 1)This could actually cause more secrecy from such agencies. (further restrictions to access such data) 2)Do we want hackers protecting us? Shouldn’t we be relying on professionals and designers concerns with our rights?
  • 32. A complication: While widely read and cited, Spafford’s paper is from 1992. How may the situation have changed since then?
  • 33. A complication: • Institutions hired security staff, but • Most computers were less vulnerable then: • Internet was dial-up • Through proprietary or exclusive networks
  • 34. A complication: Today’s “massive set of always-on, powerful PCs, many with high-speed Internet connections and run by unskilled users, is a phenomenon new to the twenty-first century.”
  • 35. A complication: Today, there may very well be a reason to “force users to install security fixes.” You owe it to me to get your vaccines.
  • 36. Spafford also says: • Not every site has the resources to patch software. • Vendors can’t be responsible for everything users do. • It would likely raise costs and be unappealing to users. “It is unreasonable to expect the user community to sacrifice flexibility and pay a much higher cost per unit simply for faster corrections to the occasional security breach. That assumes it was even possible for the manufacturer to find those customers and supply them with fixes in a timely manner, something unlikely in a market where machines and software are often repackaged, traded, and resold.”
  • 37. An obvious solution: Auto-updates, remote server software, etc.
  • 38. Nobody likes this… (an early search result for WGA)
  • 39. The openness of the net is a major source of its value.
  • 40. In sum: 1. Internet security is a real problem. 2. The nature of the problem changes with the technology. 3. Solving it requires balancing values like privacy, property, openness, etc. 4. Ethics helps give us the tools to do that.
  • 41. What do you think? Should we consider some acts of hacking as ethically permissible based on consequences? Should we consider this action unethical in all circumstances?