Hacking, Security, and Information War Adam D. Moore Information School Hacking, Security, and Information War
Hacking and Hacktivism The Hacker Ethic: information belongs to everyone and putting up fences or restricting access is wrong. Ideas belong to us all and intellectual property/privacy rights run counter to this. The Hacktivist: attacks on corporate and governmental sites are sometimes justified as a form of civil disobedience
What is a hacker? Hacker: “A person with an enthusiasm for programming or using computers as an end in itself.” Or, “A person who uses his skill with computers to try to gain unauthorized access to computer files or networks.” – Oxford English Dictionary Self-described hackers – enjoy experimenting with technology and writing code. Media-labeled hackers (crackers) – break into systems, cause damage, and write malware. Ethical hackers – former hackers or crackers who have joined the security industry to test network security and create security products and services. February 2004…https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CCwQFjAC&url=http%3A%2F%2Fwww.dartmouth.edu%2F~marionba%2Fengs69%2FEthics_Law_Privacy_ENGS69.ppt&ei=EN1jVazjKsbpsAXJ9YGACA&usg=AFQjCNEcKho927WDCTtP4ZvlwbcPcAQ75Q&bvm=bv.93990622,d.b2w
Good or Bad Hackers? Black Hats – break into systems, develop and share vulnerabilities, exploits, malicious code, and attack tools. Grey Hats – are in hacker ‘no-man’s land,’ may work as security professionals by day and ‘hack’ by night. White Hats – are part of the ‘security community,’ help find security flaws, but share them with vendors so that products can be made safer. February 2004…. February 2004…https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CCwQFjAC&url=http%3A%2F%2Fwww.dartmouth.edu%2F~marionba%2Fengs69%2FEthics_Law_Privacy_ENGS69.ppt&ei=EN1jVazjKsbpsAXJ9YGACA&usg=AFQjCNEcKho927WDCTtP4ZvlwbcPcAQ75Q&bvm=bv.93990622,d.b2w
Arguments for Hacking Security: Hacker break-ins are ethical on this view because they illustrate the defects in computer networks. Morris' internet worm actually helped create a more secure system. Idle System Argument: According to this argument, hacker break-ins are ethical because they are merely using a system that is idle anyway — if they do not mess anything up it is as if they were not there at all. What could be wrong with this?
The Security Argument P1. It is morally permitted to trespass on the property of others as long as one’s motives are good and no harm is done (no harm, no foul). P2. Many hackers have good intentions and do no damage. C3. Some hacking should be permitted Problems: Fred and Ginger Case Motives are irrelevant (Dr. Demento) Doing no harm is irrelevant (Dr. Demento again…) Imposing unconsented to risks is a harm
Arguments for Hacking The Student Hacker Argument: Suppose we couple the idle system argument with the good that is obtained in terms of learning. Students are simply learning how systems operate. The Social Protector Argument: Hackers break-ins are justified because they protect civilians against "big brother" government and corporations. The government and businesses as well, have lots of information about us than they should have. The hacker is merely keeping these institutions honest.
Himma: Hacktivism Elements of civil disobedience: Open/public. . .knowing violation Non-violent (civil), pure speech acts vs. behavior Violates the law Purpose = protesting the law, political expression
Justified if: committed openly properly motivated Greta Pittenger Annie Christensen Rachel Wishkoski Jeffrey Lopez Evaluative framework Justified if: committed openly properly motivated willing to accept responsibility plausible position thoughtful justification no significant damage to innocents calculated to advance debate According to Himma, justified/excused civil disobedience that shouldn’t be punished meets the following criteria: “First, the act is committed openly by properly motivated persons willing to accept responsibility for the act. Second, the position is a plausible one that is, at the very least, in play among open-minded, reasonable persons in the relevant community. Third, persons committing an act of civil disobedience are in possession of a thoughtful justification for both the position and the act. Fourth, the act does not result in significant damage to the interests of innocent third parties. Fifth, the act is reasonably calculated to stimulate and advance debate on the issue.” For example, Civil Rights sit-ins https://upload.wikimedia.org/wikipedia/commons/2/28/Richmond34.jpg
NOT justified: committed openly properly motivated Greta Pittenger Annie Christensen Rachel Wishkoski Jeffrey Lopez Evaluative framework NOT justified: committed openly properly motivated willing to accept responsibility plausible position thoughtful justification no significant damage to innocents calculated to advance debate According to Himma, unexcused civil disobedience doesn’t meet those criteria For example, the 1999 Seattle WTO protests https://upload.wikimedia.org/wikipedia/commons/thumb/6/63/WTO_protests_in_Seattle_November_30_1999.jpg/320px-WTO_protests_in_Seattle_November_30_1999.jpg
Himma: Hacktivism Pure speech acts vs. behavior Civil disobedience requires behavior Thus, civil disobedience requires a stronger justification In a properly administered democracy we each have the right express ourselves In violating the law (civil disobedience) we are claiming for ourselves a larger role. . .why are those who are disobedient so privileged?
Himma: Hacktivism When is Hacktivism Morally Permitted? Correct purpose, motivation Amount of harm? Violent acts are not civil! Amount of harm to third parties? Accepting responsibility? Is the political agenda supported by adequate reasons?
Greta Pittenger. Annie Christensen. Rachel Wishkoski Greta Pittenger Annie Christensen Rachel Wishkoski Jeffrey Lopez Punishment “Acts of electronic civil disobedience committed anonymously should be punished to the full extent under the law.”(p. 23) Earlier in the article, Himma concludes that a legitimate state is permitted to punish unjustified acts of civil disobedience (this is different from being obligated to punish) Revisits this idea at the end of the article to ask if unjustified electronic civil disobedience (hacktivism) should be punished, and how Why punishment? “provide (1) an incentive for hacktivists to do more than just anonymously claim responsibility for their actions and (2) a significant deterrent to anonymous cyberattacks of any kind, no matter how well motivated they might be.” (p. 23)
Greta Pittenger. Annie Christensen. Rachel Wishkoski Greta Pittenger Annie Christensen Rachel Wishkoski Jeffrey Lopez Himma’s conclusion “Hacktivism is impermissible [and should be punished] insofar as such acts result in significant harms to innocent third-parties or insofar the persons responsible for such acts conceal their identities to avoid the potential legal consequences.” (p. 2)
The Case of Aaron Swartz https://www.youtube.com/watch?v=dU5JWT0hFlc Group Work: Related to PACER or JSTOR: --Was this hacktivism? -- Was this ‘taking’ theft or stealing? --Was there harm done? -- Does the notion of ‘stealing’ rely on ‘harm?’ --What is ‘harm’?
TOR, The Dark Web, and Bitcoin Group work: After watching the video. . .Get into 3-4 person groups and answer the following questions. What are some of the positives about TOR, the Dark Web, and Bitcoin (in general, for libraries)? What are some of the negatives about TOR, the Dark Web, and Bitcoin (in general, for libraries)? Should these technologies be regulated (eliminated)? Is it possible to regulate/eliminate these technologies?