1. 17 April Reverse Engineering Ethics Privacy Introduction

2. Reverse Engineering

3. What is it? Discovering the technology through analysis of a program’s structure and operation Analyzing a system to identify its components and interrelationships in order to create a higher abstraction Is it legal? Associated with hackers and crackers

4. Fundamental Problem Understanding code with … no comments meaningless variable names no visible structure void p (int M) { int c = 2; while (c <= M) { int t = 2; boolean f = true; while (t ** 2 <= c) { if (c % t == 0) { f = false; break; } t++; } if (f) l(c); c++; } }

5. Reverse Engineering Lots of tools for simple translation Disassemblers, decompilers, hex editors, … How useful are these? What can they do and not do? Approaches to Understanding Source-to-source translation Object recovery and specification Incremental approaches Component-based approaches Wikibook on the topic http://en.wikibooks.org/wiki/Reverse_Engineering http://en.wikibooks.org/wiki/Reverse_Engineering

6. Uses of Reverse Engineering Reasonably legal managing clearly owned code recovery of data from proprietary file formats creation of hardware documentation from binary drivers (often used for producing Linux drivers) enhancing consumer electronics devices malware analysis discovery of undocumented APIs (but probably a bad idea) criminal investigation copyright and patent litigation Probably unethical even when legal malware creation, often involving a search for security holes breaking software copy protection (games and expensive engineering software)

7. Digital Millennium Copyright Act (1998) Criminalizes production and dissemination of technology that can circumvent measures taken to protect copyright Exceptions Interoperability between software components Retrieval of data from proprietary software Full text http://www.copyright.gov/legislation/dmca.pdf

8. Ethics

9. ACM Code of Ethics and Professionalism (Excerpt) GENERAL MORAL IMPERATIVES Contribute to society and human well-being Avoid harm to others Be honest and trustworthy Be fair and take action not to discriminate Honor property rights including copyrights and patent Give proper credit for intellectual property Respect the privacy of others Honor confidentiality ORGANIZATIONAL LEADERSHIP IMPERATIVES Articulate social responsibilities Enhance the quality of working life Proper and authorized uses of computing and communication resources Ensure that those affected by a system have their needs clearly articulated; validate the system to meet requirements Protect the dignity of users

10. Intellectual Honesty (McConnell, Code Complete)Code Complete Refusing to pretend you’re an expert when you’re not Readily admitting your mistakes Trying to understand a compiler warning rather than suppressing the message Clearly understanding your program – not compiling it to see if it works Providing realistic status reports Providing realistic schedule estimates and holding your ground when management asks you to adjust them

11. Whistle Blowing What are the alternatives? When is it okay? When is it not a choice?

12. Ethics of a project intended use potential misuse consequences fairness to the knowing users implications for unknowing users NUMB3RS episode

13. Privacy When you walk into the store, the big-screen displays "Hello Tom," your shopping habits, and other information from Minority Report

14. Some Views on Privacy “All this secrecy is making life harder, more expensive, dangerous …” Peter Cochran, former head of BT (British Telecom) Research “You have zero privacy anyway.” Scott McNealy, CEO Sun Microsystems “By 2010, privacy will become a meaningless concept in western society” Gartner report, 2000

15. Why Should We Care? Privacy Issues Compartmentalizing our lives Ability to build relationships