Question: Future Sessions AI and Military (UAS) Virtual Worlds Privacy and NSA Free Software Movement

Professional Issues in Computing: Hacking Kevin Macnish (IDEA CETL)

Plan “Hacking” What’s wrong? –Harm –Consent –Lying Hackers’ lines of defence –The significance of intention –Specific lines of defence

What is “Hacking”? Breaking into systems Modifying programs Improvising

What is “Hacking”? Breaking into systems Modifying programs Improvising

Which Hat are You Wearing? White Hat Grey Hat Black Hat

Which Hat are You Wearing? Grey Hat Black Hat

Which Hat are You Wearing? White Hat Grey Hat

Which Hat are You Wearing? White Hat Grey Hat Black Hat Intention Consent

What is Your Purpose? Pen testing Cyber crime (e.g. Interview) State-sponsored –Espionage (e.g. NSA) –Disruption (e.g. Stuxnet, SEA) Lone wolf (McKinnon) Hacktivist (Anonymous, Wikileaks)

Ethical Concerns Interview with a Blackhat Not without ethics –Paedophiles and revenge porn fair game –Felt bad when friend victim Real victims Stealing money Making people vulnerable

What’s Wrong with Hacking - Effects Harm & Damage –Loss of productivity –Financial losses –Damage to equipment Interference & violating autonomy –Preventing equipment from functioning –Stopping people doing what they want to do Violations of Privacy –Theft of phone numbers, bank records, etc.

Exposing Weaknesses

TinKode

What’s Wrong with Hacking - Consent Analogy with trespass –Property rights: may control access to and the use of property. “If you leave the door open, you can’t complain if someone enters.” –Yes, you can. Consent is the key issue –What access to their computer systems has the user been given consent to access? –If you accept the trespass analogy, effectiveness of security is irrelevant.

Use Without Consent You do not have consent to use your neighbour’s property –Entering their house for fun is not permissible –Entering their house to rescue a child is right Violating people’s property rights is always problematic, but it can be outweighed.

What’s Wrong with Hacking – Lying / Deception Presenting yourself as someone else –E.g. at login as a system administrator In virtually every ethical theory there is something wrong about lying and deception –even where it can sometimes be outweighed

Lines of Defence

Intention – “I didn’t mean to harm anyone” Triviality – “we’re just a few meddling kids” Benefit of exposing lax security Educational benefit to the hacker “Hacktivism” as civil disobedience Which (if any) of these do you think is a convincing defence?

Intention Intention is relevant to blame –Connected with belief / knowledge –Adds wrong motives to wrong actions –Murder worse than manslaughter But you can still do the wrong thing even if your motives are innocent –Manslaughter is still wrong!

Triviality – “just kids messing” Trivial wrong is still wrong Proportionality –Lesser wrongs deserve lesser blame/criticism What’s trivial? –The wrong or the perpetrators? This objection has some (limited) force –But only if the wrongs really are trivial –Trivial to whom?

Benefit to the Hacked Claim: the hacker benefits the hacked organisation –Security weaknesses are highlighted –Some advise sys admins how to deal with weaknesses Assumes there are wrongs in hacking –If so, then the “benefit to the hacked” defence fails –Or is it only consequences that matter? Is it acceptable to wrong someone in order to show them that they are in danger of being wronged? –E.g. Rape –Issue of consent again – could be implied? –What if you do this to a complete stranger?

Hacktivism as Civil Disobedience When is civil disobedience justified? –Wider question –Includes context Importance of democracy –In democracies there is a fair decision procedure, so it is not normally justified to reject rules agreed by democratic procedure. –Sometimes it is still justified

Weighing Reasons Against Lying/deception No consent Possible harms Against the law In favour ?

Recap “Hacking” What’s wrong? Hackers’ lines of defence