Presentation is loading. Please wait.

Presentation is loading. Please wait.

Did he break the British Computer Society Code of Conduct?

Similar presentations


Presentation on theme: "Did he break the British Computer Society Code of Conduct?"— Presentation transcript:

1 Did he break the British Computer Society Code of Conduct?
Contemporary Practices in Information Technology 7WCM0005/7WCM0006 (SDL) Gary McKinnon Did he break the British Computer Society Code of Conduct? Discussion on whether Gary McKinnon broke the British Computer Code of Conduct What was his job at the time? Systems administrator What did he do? In his own words: He was on a moral crusade to find classified documents about Unidentified Flying Objects (UFOs). Hacked into US military computers looking for said evidence to prove the existence of UFOs and free energy. Deleted critical files from operating systems Removed weapons logs Copied sensitive data onto his own machine Cost of fixing the issues (according to the US military) $700,000 Morality; We must consider, when ethically analysing, that all proposed theories are for the betterment and overall happiness of society as a whole. References; BBC (14 December 2012) Profile: Gary McKinnon [Online] Available from - [Accessed: 15th February 2015] WIKIPEDIA (2001) Gary McKinnon [Online] Available from - [Accessed: 14th February 2015]

2 Kantianism 2 categorical imperative formulations
First formulation – correct Second formulation –correct What is Kantianism? Ethical theory of the German philosopher Immanuel Kant ( ). Based on the fact that your actions should be guided by moral laws. Kant had 2 categorical imperative formulations to figure this out; 1: Act only from moral rules that you can at the same time will to be universal moral laws You cannot put into action universally someone being of high moral standing such as being the last one to leave a falling building and make it universal, i.e. if everyone was the last one to leave no one would leave and no one benefits. However you can put something like being kind into a universal moral rule which benefits everyone involved. 2: Act so that you always treat yourself and other people as ends in themselves, and never only as a means to an end Treat others as you would like to be treated yourself, but not when its for personal/selfish gains. i.e. Your morals are honourable. Analysis from the above; How does this fit in with the Gary McKinnon case? 1: Lets make the assumption, using the first formulation, that Gary McKinnon felt morally obliged to break into secure facilities and retrieve classified documents. This cannot be made universal, in our current sociological model, due to the innate historical difficulties of (which I believe stem from) sharing. With this to one side lets take into consideration the current sociological model and the aspect of security. Gary McKinnon got access to ‘secure’ military systems by ‘hacking’ in however applying the first formulation and allowing everyone access to said ‘secure’ systems would be catastrophic. This would mean the small amount of civil liberties we give up in order to be safe goes out of the window. Lets say the UFOs* that McKinnon was looking at were actually strategically placed military satellites that pick up or watch particular areas of interest which had prevented ‘X’ amount of deaths over the years. That information released to everyone would cause international uproar. There is a rule of thumb in IT and that’s not to give anyone access unless they need it this remains true in this instance in the case of security. *Assuming that he was looking for extra-terrestrial UFOs not terrestrial. However using the model of Kant we have to assume that if EVERYONE acted in this UNIVERSAL way would it be morally wright to do what he did? The answer is yes. 2: The morals using on a Kantian formulation would suggest that his morals were honourable as his interest was for the greater good. In his own words “There is reversed engineered technology out there that provides free, clean energy and we have elderly people at home who cannot afford it”. The fact that he did so with the intention of informing others so they can base there own opinions is morally correct. References; Quinn, M. (2014) Ethics for the Information Age - Fifth Edition (pages: 20-25) Wikipedia (n.d.) Kantianism. [Online] Available from - [Accessed: 17th February 2015] YouTube (17th December 2012) UFO Hacker Gary McKinnon talks about NASA Hack. [Online] Available from - [Accessed: 15th February 2015]

3 Act Utilitarianism Gary McKinnon US Military The World
Attributes Hacking Against Hacking Intensity 10 Duration 1 Certainty 7 Porpinquity 6 Fecundity 8 Purity 4 Extent Total 52 2 US Military Attributes Hacking Against Hacking Intensity 10 Duration Certainty Porpinquity 1 Fecundity 8 Purity 3 2 Extent Total 5 49 The World Attributes Hacking Against Hacking Intensity 8 1 Duration 10 Certainty 5 Porpinquity Fecundity Purity 3 2 Extent Total 54 9 What is Act Utilitarianism? Jeremy Bentham ( ) and John Stuart Mill ( ) Greatest Happiness Principle An action is right (or wrong) to the extent that it increases (or decreases) the total happiness of the affected parties Complete analysis rules; Intensity: Magnitude of the experience Duration: How long the experience lasts Certainty: Probability it will actually happen Propinquity: How close the experience is in space and time Fecund: Its ability to produce more experiences of the same kind Purity: Extend to which please is not diluted by pain, or vice versa Extend: Number of people affected Below is an analysis using the complete analysis laid out by Bentham which looks beyond the simple benefits and harms of Act Utilitarianism approach focussing more on the actions and possible consequences of his actions may of resulted in. What did Gary McKinnon want to get at? He believed that things like free energy, UFOs and Anti-Gravity existed. If it did and he exposed this technology it would of changed the world with an initial period of unrest the benefits would of outweighed the unrest period. Analysis from the above; Let us assume we are taking the initial ‘hack’ of Gary McKinnon (March 2002, arrest date) up unto the present day (March, 2015). We will use 0 – 10 to measure with 0 being the least benefit/pleasure and 10 being the highest in the hedonic calculus. Who was affected by the intrusion of Gary McKinnon? The US military Gary McKinnon The World The US Military – Assuming he caused the issues stated Intensity: Pain, system and logistics issues caused by Gary? Duration: How long was he ‘snooping for’ 2/3 months? Certainty: Will the US military allow this to continue? Propinquity: How close was he, physically? Fecundity: Will the US military learn from this? Purity: How free from pain will the US gov’t be? Extent: The extent of who was affected (at the time) by the ‘attack’? Outcome: 5 for hacking and 49 against Gary McKinnon – Assuming he found evidence Intensity: How high will the pleasure be for Gary McKinnon? Duration: How long will the pleasure last? Certainty: How certain will the pleasure be? Propinquity: How near in space and time will that pleasure be? Fecundity: How much more pleasure will come out of this action for him? Purity: How free from pain will Gary be? Extent: How many more people will receive happiness from Gary? Outcome: 52 for hacking and 2 against The World – assuming Gary McKinnon was successful and proved certain technology existed Intensity: How much pleasure will the world get from this action? Duration: How long will the pleasure last for the world? Certainty: How certain will the benefit be for the world? Propinquity: How near in space and time will that benefit be? Fecundity: How much more benefit will come out of this action? Purity: How free from pain will the world be? Extent: How many more will benefit from the actions of one? Outcome: 54 for hacking and 9 against Using act utilitarianism we can surmise that Gary McKinnon was morally in the correct to snoop. References; Quinn, M. (2014) Ethics for the Information Age - Fifth Edition (pages: 25-30)

4 Rule Utilitarianism Gary McKinnon US Military The World
Attributes Hacking Against Hacking Intensity 10 Duration 1 Certainty 7 Porpinquity 6 Fecundity 8 Purity 4 Extent Total 52 2 US Military Attributes Hacking Against Hacking Intensity 10 Duration Certainty Porpinquity 1 Fecundity 8 Purity 3 2 Extent Total 5 49 The World Attributes Hacking Against Hacking Intensity 8 1 Duration 10 Certainty 5 Porpinquity Fecundity Purity 3 2 Extent Total 54 9 What is Rule Utilitarianism? Jeremy Bentham ( ) and John Stuart Mill ( ) Analysis from the above; Did the actions increase peoples happiness more than it decreased? The morality of what Gary McKinnon was doing by stating that we should all have access to the technology would be morally correct. This is due to the overall benefit to everyone would of gained however we have another question that has come from this. Has the weaknesses in network security now heightened the job market in IT security globally? Yes it has, albeit an indirect consequence (as far as we are aware) from the ‘hack’ it is still a benefit globally that has fuelled a dwindling IT sector. Could this now ultimately lead to war and financially benefitting the US government (who own 90% of the worlds arms manufacturing)? I suppose this is another conversation for another time. References; Quinn, M. (2014) Ethics for the Information Age - Fifth Edition (pages: 30-34)

5 Social Contract Theory
Established moral rules Government capable of enforcing the rules Fail What is Social Contract Theory? Thomas Hobbes ( ) Without rules, regulations and a way of enforcing them people would not create anything of worth as they would not be sure they could keep it. Therefore we can surmise a mans worth will be nothing if not short, living in fear and on the brink of destruction. A social theory contract is comprised of two things in a civilised society; 1: The establishment of a set of moral rules to govern relationships amongst citizens 2: A government capable of enforcing these rules Analysis from the above; We can take from the above that the actions of Gary McKinnon accessing a governmental department that was not suppose to be accessed undermines the principles of the social theory contract and fails as such. References; Quinn, M. (2014) Ethics for the Information Age - Fifth Edition (pages: 34-41) Wikipedia (n.d.) Thomas Hobbes [Online] Available from: [Accessed: 1st March 2015] BBC (14 December 2012) Profile: Gary McKinnon [Online] Available from - [Accessed: 15th February 2015]

6 Question Did he break the BCS code of conduct?
What is the BCS code of conduct? What ethics do you have to abide by? How do these relate to Gary McKinnon? In order to be able to answer the question of whether Gary McKinnon had broken the BCS code of conduct we must initially find out what they are and who they apply to. Does the BCS code of conduct even apply to Mr McKinnon? No – however for the remainder of this presentation we will act upon the assumption that he is a member of the BCS and the ethics apply Why did this not apply, he was not a member however the ethical side still remains. The conducts are; 1. Public Interest; You shall: a. have due regard for public health, privacy, security and wellbeing of others and the environment. b. have due regard for the legitimate rights of Third Parties*. c. conduct your professional activities without discrimination on the grounds of sex, sexual orientation, marital status, nationality, colour, race, ethnic origin, religion, age or disability, or of any other condition or requirement d. promote equal access to the benefits of IT and seek to promote the inclusion of all sectors in society wherever opportunities arise. 2. Professional Competence and Integrity; a. only undertake to do work or provide a service that is within your professional competence. b. NOT claim any level of competence that you do not possess. c. develop your professional knowledge, skills and competence on a continuing basis, maintaining awareness of technological developments, procedures, and standards that are relevant to your field. d. ensure that you have the knowledge and understanding of Legislation* and that you comply with such Legislation, in carrying out your professional responsibilities. e. respect and value alternative viewpoints and, seek, accept and offer honest criticisms of work. f. avoid injuring others, their property, reputation, or employment by false or malicious or negligent action or inaction. g. reject and will not make any offer of bribery or unethical inducement. 3. Duty to Relevant Authority; a. carry out your professional responsibilities with due care and diligence in accordance with the Relevant Authority’s requirements whilst exercising your professional judgment at all times. b. seek to avoid any situation that may give rise to a conflict of interest between you and your Relevant Authority. c. accept professional responsibility for your work and for the work of colleagues who are defined in a given context as working under your supervision. d. NOT disclose or authorise to be disclosed, or use for personal gain or to benefit a third party, confidential information except with the permission of your Relevant Authority, or as required by Legislation. e. NOT misrepresent or withhold information on the performance of products, systems or services (unless lawfully bound by a duty of confidentiality not to disclose such information), or take advantage of the lack of relevant knowledge or inexperience of others. 4. Duty to the Profession; a. accept your personal duty to uphold the reputation of the profession and not take any action which could bring the profession into disrepute. b. seek to improve professional standards through participation in their development, use and enforcement. c. uphold the reputation and good standing of BCS, the Chartered Institute for IT. d. act with integrity and respect in your professional relationships with all members of BCS and with members of other professions with whom you work in a professional capacity. e. notify BCS if convicted of a criminal offence or upon becoming bankrupt or disqualified as a Company Director and in each case give details of the relevant jurisdiction. f. encourage and support fellow members in their professional development. Analysis from the above; b: Was any regard taken for the third party, being that of the US military? c: His skills out performed his role as an administrator so the question is were the skills he gained relevant to his role? f: avoid injuring others property by false or malicious or negligent action or inaction. Did his actions actually cause the damage stated? Would neglect be putting up notes on internal sites stating there security is crap? Would picking up the phone/writing a report on the security flaws be better? a: Did McKinnon’s actions fall under the relevant authority being the US government? b: Did McKinnon avoid a situation as not to cause conflict between himself and the relevant authority? 3. d: Did McKinnon disclose any confidential information? e: Did McKinnon take advantage of the lack of relevant knowledge or inexperience of others? a: Did he bring the reputation of the profession into disrepute? b: Could he of done more to improve the security? 4. d: Did he act with integrity and respect? References; BCS.org (n.d.) BCS Code of Conduct [Online] Available from - [Accessed on: 18th February 2015] BCS.org (n.d.) Homepage [Online] Available from - Image: [Accessed on: 5th March 2015]

7 Analysis 1 1. b: have due regard for the legitimate rights of Third Parties*. 2. c: develop your professional knowledge, skills and competence on a continuing basis, maintaining awareness of technological developments, procedures, and standards that are relevant to your field. 2. f: avoid injuring others, their property, reputation, or employment by false or malicious or negligent action or inaction. 3. a: carry out your professional responsibilities with due care and diligence in accordance with the Relevant Authority’s requirements whilst exercising your professional judgment at all times. 3. b: seek to avoid any situation that may give rise to a conflict of interest between you and your Relevant Authority. b: Was any regard taken for the third party, being that of the US military? c: His skills out performed his role as an administrator so the question is were the skills he gained relevant to his role? f: avoid injuring others property by false or malicious or negligent action or inaction. Did his actions actually cause the damage stated? Would neglect be putting up notes on internal sites stating there security is crap? Would picking up the phone/writing a report on the security flaws be better? a: Did McKinnon’s actions fall under the relevant authority being the US government? b: Did McKinnon avoid a situation as not to cause conflict between himself and the relevant authority? Debates from the above; 1. b: We can assume that Gary McKinnon did not take into consideration of the rights of the third party. We can come to this by the fact instead of informing them of the issues he instead looked for material. 2. c: Gary McKinnon did indeed develop his professional knowledge, skills and competence on a continuing basis. We have to make the assumption that as a systems administrator he had intimate knowledge of administering enterprise level infrastructures. However having the intimate knowledge of administrating systems and writing Perl scripts that scan online computers for blank administrator passwords is another thing entirely. We can safety assume that Gary McKinnon had gone above and beyond to the point of causing more harm than good. As Kant surmised having too much knowledge can also be a bad thing. 2. f: As the US government has stated that they suffered damages up to the value of $700,000 we have to assume that this is true and an honest estimation of the damages caused by Gary McKinnon. Therefore Gary McKinnon caused damages to the US government. 3. a: Assuming if you hack someone's network they (or the government thereof) is the relevant authority in the matter. In this instance Gary McKinnon was in all intents and purposes trespassing on a companies network exercising no professional judgments at all. 3:. b: Gary McKinnon stated that when he was on the network he did not want to cause any conflict he was just looking for information. However just by being somewhere he was not supposed to be he was indeed increasing the chances of causing conflict . This has resulted in a 10 year long court case for extradition to the US to face charges. References; BCS.org (n.d.) BCS Code of Conduct [Online] Available from - [Accessed on: 18th February 2015]

8 Analysis 2 3. d: NOT disclose or authorise to be disclosed, or use for personal gain or to benefit a third party, confidential information except with the permission of your Relevant Authority, or as required by Legislation. 3. e: NOT misrepresent or withhold information on the performance of products, systems or services (unless lawfully bound by a duty of confidentiality not to disclose such information), or take advantage of the lack of relevant knowledge or inexperience of others. 4. a: accept your personal duty to uphold the reputation of the profession and not take any action which could bring the profession into disrepute. 4. b: seek to improve professional standards through participation in their development, use and enforcement. 4. d: act with integrity and respect in your professional relationships with all members of BCS and with members of other professions with whom you work in a professional capacity. 3. d: Did McKinnon disclose any confidential information? e: Did McKinnon take advantage of the lack of relevant knowledge or inexperience of others? a: Did he bring the reputation of the profession into disrepute? b: Could he of done more to improve the security? 4. d: Did he act with integrity and respect? Debates from the above; 3. d: Gary McKinnon had no business being on the internal network of the US government apart from his personal gain. However this point may or may not be pertinent as he did not (or does not) have any hard evidence to back up his claims of UFO’s. Would it be OK to surmise that his word is enough? 3. e: The question from this point of the BCS code of conduct is: Did Gary McKinnon take advantage of a system where there may have been a lack of knowledge on internal systems? The answer to this would be yes. Rather than report the issue and show due diligence in the matter (and by his own words) we know that this was a hunt for knowledge to be used for the potential advancement of mankind as a whole. Although his moral intentions are just his actions were not. 4. a: We can surmise quite quickly that by hacking without any prior agreements Gary McKinnon did not hold up the reputation of the profession and did take action which has bought the profession into disrepute i.e. A 10 year legal battle which has reformed the IT security stance globally. 4. b: Instead of reporting the network security issues Gary McKinnon used his knowledge to probe in order to find out classified information. Although he did not improve the standards his actions ultimately did. 4. d: Gary McKinnon did not have any integrity as he was not honest and subsequently had weak moral principles. References; BCS.org (n.d.) BCS Code of Conduct [Online] Available from - [Accessed on: 18th February 2015]

9 Conclusion Were his morals just?
Does this fall in line with the BCS code of conduct? Answer: He broke them Now we have gone through the BCS code of conduct we can now safely ask ourselves the original question; Did Gary McKinnon break the BCS code of conduct? With the information gone through logically and pragmatically we can conclude that Gary McKinnon did break the BCS code of conduct. Debates from the above; Although we take away from this that Gary McKinnon did indeed break the code of ethics we have to also ask ourselves the question; Should the initial administrators of the military network fall under the scrutiny of the utilitarian approach as they would fail by allowing this to happen in the first place by locking the machines down. References; TheTimes (n.d.) ImageArchive [Online] Available from - [Accessed: 5th March 2015]

10 Thank You Take away thoughts; Health Mistakes
We have since found out that Gary McKinnon has Asperger's syndrome. His IP address was not hidden when the ‘hacks’ had taken place. Debates from the above; Health Would Asperger's of caused Mr McKinnon to act in a way that is bound by interest and curiosity? Legalities Not being extradited has caused massive upheaval and a large legal battle. Would this happen now or was it only highlighted in this event? Mistakes Not hiding your IP address is a rookie mistake He could of used multiple VPN tunnels to get through and even just hiding his IP address Did he have the know how to do this or was he just lucky? References; BBC (16th October 2012) Gary McKinnon extradition to US blocked by Theresa May [Online] Available from - [Accessed: 28th February 2015] The Independent (4th August 2009) The Big Question: What exactly did Gary McKinnon do wrong, and should he be extradited? [Online] Available from - [Accessed on: 28th February 2015]


Download ppt "Did he break the British Computer Society Code of Conduct?"

Similar presentations


Ads by Google