Concepts, Issues and Resources: Structuring Ethical Curricula in the Information Age
By Sarah Gordon
E-mail:[email protected]
This paper was first prepared for the 1995 IFIP Technical Committee 11 Working Group 11.8
Workshop on xxxx, held in Capetown South Africa, May xxxx, 1995.
© 1995 Indiana University Department of Math and Computer Science.
This document may not be reproduced in whole or in part, stored on any
electronic information system, or otherwise be made available without
prior express written consent of the author and copyright holder.
Introduction
According to experts in the field of Information Technology, one of the most
pressing need facing students in computer related fields is a lack of
understanding of the social and ethical implications of computerization.
In "Integrated Social Impact and Ethical Issues Across the Computer
Science Curriculum" [Holz, Martin 92] we read:
Computer technology is particularly powerful due to its
potential to change how we think about ourselves as human
beings, how we make decisions in governance and social
policy, and how we save and pass on knowledge...
This challenge is particularly difficult given the traditional
mindset of technically trained professionals who view social
impact and ethics issues as topics auxiliary to the foundation
material in computer science...
Technical issues are best understood (and most effectively
taught) in their social context, and the societal aspects
of computing are best understood in the context of the
underlying technical deatil...
This paper will address what is often said to be the most serious problem
there is in implementing the sort of approach suggested by Holz and Martin:
The most serious problem in implementing this integrated
approach across the computer science curriculum is the lack
of familiarity that most professors have in locating and
preparing materials to deal with the social and ethical issues
[Holz, Martin 92]
We will identify some major ethical issues as they relate to computer
based interactions, and provide a compact guide which educators can
use to guide them in quickly obtaining materials needed for a more thorough
exploration of these issues.
Definitions
One of the first things we must recognize is the lack of familiarity
students may have with some terms we may take for granted; even people in
computing sciences may be unfamiliar with some of the terminology used in
discussion of the ethical issues relating to technology. While they may
have familiarity with the technology and with ethics, they have not been
exposed to many of technological implementations which help create ethical
conflicts. Additionally, since the computing sciences are so new, it is
possible that students and educators are not sufficiently aware of the
end-result of some computer based interactions. In some cases, people may be
using different terminology or analogies which may not be be conducive to a
thorough discussion and understanding of the topics at hand. For this reason,
a beginning course in social and ethical implications of technology must define
terms - even those which may appear obvious. Some suggested terms are: e-mail,
Internet, software, privacy, property, virus, world wide web, html,
virus, copyright, shareware, IRC, ftp. These terms are used frequently in discussion of
ethics and technology; however, some of the terms (privacy, property) are subject to
interpretation. Others, (html, www, ftp), are not as widely known. The instructor may wish
to let students list terms they are familiar with, to build a list of key words
for future classes.
Once there are some definitions, (and in some cases, a decision that
there are no adequate definitions that are generically applicable),
traditional ethical terms and concepts can offer a solid base for
exploration of modern technology. A discussion of Duty and
Rights is a good place to start. Such a discussion can refresh the
concepts of duty and rights; the instructor may wish to present in
concise form a overview of "ethics" including deontology,
utilitarianism, aristotlean and other ethical models of choice. From this point,
issues related to duty and rights become clear as we explore some of the new
concepts.
Duty and Rights
Traditionally ethics are viewed as how we behave in our interaction
with other people, or in our behaviours which affect people. There are
some basic rules:
These rules are, of course, based on principles, which are in turn based
on ethical theories of the varying types discussed above. The premise of
these theories and their applications appear to be how we relate to other people
and how our actions affect others as well as ourselves. The introduction of
computing technology introduces an "interface". This interface is, of
course, the computer. When we communicate electronically, we can forget
there are people involved. This becomes more likely when we spend a lot
of time in computing environments, away from other human beings. These
computing environments are called "cyberspace" by some. In these
environments, depersonalization and desensitization can and do occur.
This depersonalization effect can manifest itself in various ways, from
withdrawal from "real life", to abberant social behaviours. However, it
is important to remember that what we may consider "wrong" may be
considered "right" in the cyberspace environment, or it may even be
considered a "non-issue". What sorts of behaviours and concepts exist in
this environment? We will examine those which exist, and attempt to
define some of the issues which we must address if we are to overcome
our ambivalence on standards for judging the ethical status of a given
situation.
Concept: Hacking
Issues: Damage, Ownership, Breaking in
The first concept we will examine is "hacking". Much formal written work
has been done on hacking. There are books available at most libraries
which tell the stories of hackers breaking into computers, and of the
subsequent chases by law enforcement. Some even discuss the successful
arrest and prosecution of these 'bad guys'. [Sterling, 1992] [Stoll,
1989] However, there are people who question the validity of some of
the more conservative views toward computer hacking. Some
serious issues need to be raised in a discussion of hacking. Denning
[Denning, 1991] discusses the curiousity, peer pressure and thrill that
contribute to some hackers motivations. When we examine the
psycho-socio makeup of any group of young people, we find this is not at
all an abnormal set of motivations. We hear from many persons called
hackers that damage is wrong. This is not so far from our own perception
of what is wrong. We would all agree that damage is generally wrong.
This is a generic social principle.
"Leave only footprints, take only memories" is one slogan some members
of the hacking community adhere to. "We don't hurt anyone" is a common
claim of hackers. These claims lead us to some issues, such as what is hurting?
What is damage?
Is reading your electronic files "damaging" you? What is the importance
of intent and motivation? Do people have a right to "equal access" as
many hackers claim? What part do freedom and creativity, espoused by
many hackers, play in the general development of computing technologies?
Is creating new accounts damage? Is reading a password file damage, and
if so, what kind of damage is it? Damage to who? Is exploring a system
damage? Is it true that we would not be as technologicially advanced today if
not for hackers?
What constitutes breaking into a a system? If a system is on the Internet
and it is left "open", is it breaking in if you log in without specific
authorization?
If you can log in as guest, are you breaking in if you do?
If you are not specifically invited to access a system, are you breaking
in if you access that system? What are the responsibilities of the
adminstrators of systems? Is it helping administrators to break into
systems and tell them how you did it? How should we define and assess
penalties for electronic crimes. What -are- electronic crimes? What -is-
damage? Who defines it? We come full circle.
There are many resources for information on hacking. Usenet newsgroups,
mailing lists, ftp sites, magazines, and IRC all offer a way to gain
insights into the hacking culture.
Newsgroups
alt.2600
alt.security
comp.security.misc
comp.security.unix
comp.dcom.telecom.tech
alt.dcom.telecom
Web sites
www.2600.com
underground.org
Mailing lists
firewalls ([email protected])
bugtraq ([email protected])
FTP sites
ftp.etext.org
ftp.fc.net/pub/paranoia/pub/phrack/pub/deadkat
ftp.2600.com
ftp.cert.org:/pub
People
[email protected] (Will Spencer)
[email protected] (Sarah Gordon)
[email protected] (Morton Swimmer)
[email protected] (Paul Ducklin)
Concept: Ownership
Issues: Who owns data about you? Should software be free? Who owns the Internet?
Some of the questions we ask about hacking seem to be based on our lack
of true understanding and definition of various forms of ownership; of
systems and of the Internet in general. Classical definitions of IP aside,
there appears to be in our computing community some dissension as to who
actually owns (or who SHOULD own) "things" on the Internet. The Internet itself
is not owned by anyone, although small parts of it seem to be getting swallowed up
by commercial interests. There are people who feel that software itself
should be free. Reasons such as the encouragement of social cohesiveness
and enhanced development capability are usually cited by those taking
this position. [Stallman] SPA (The Software Publishers Association) and other
business oriented groups work to combat software piracy (which would not
exist if software were free). [SPA] Piracy is rampant, depriving developers of
huge revenues. Why do people feel it justifiable to copy software and
use it without paying for it? These issues are worth discussion. Do
people have a right to try software first? Do developers have a duty to
let them? What about the argument that without copyright, there is little
(if any) incentive for innovation?
Ownership Resources
People and organizations
[email protected]
[email protected]
Concept: Privacy
Issues: Who should be able to read your mail? Who owns information about you?
"Who owns what" also applies to concepts like E-Mail. Based on our
traditional concepts of mail, we consider electronic mail to be
private; however this is not necessarily the case.
It is not only trivial to read someone's mail, but many companies do it as a
matter of routine. There are other questions we must consider when
we move from paper mail into electronic mail. Who owns your electronic mail?
Do companies have the right to read it? Does your service provider have
the right to read it? Do they have a duty to inform you if this is their
practice? Can a University rightfully decide what is an
appropriate topic for you to discuss in public forum or e-mail? These
issues are complex.
There are others. Privacy and ownership of
information are not only up for discussion in broad generic
philosophical terms, but in real life impacting terms. Information on
you is collected routinely. Who owns this information? Some of the types
of information include your health records, driving records, neighbors,
employment history. What ethical conflicts arise in the gathering and
accessibility of this kind of information? Is a computer a good place to
store this information? What, if any, safeguards should be required?
What can you do to protect your privacy? What is the governments role in
providing privacy. Is there a right to privacy in cyberspace? To answer
some of these questions, we must first initiate informed discussions. We
can make use of the same technology that helps form the questions by
accessing information available via:
Privacy Resources
Newsgroups
alt.privacy
alt.privacy.clipper
alt.privacy.anon-server
comp.society.privacy
Mailing lists
privacy ([email protected])
FTP sites
ftp.vortex.com/privacy
ftp.eff.org/pub/EFF/Policy/Privacy
People
[email protected] (privacy advocate)
[email protected] (Philip Zimmerman)
These are places to go for information on privacy, and the other
concepts that go along with it: anonymity and cryptography.
Concept: Anonymity
Issues: Does anonymity change behaviour? Is anonymity ever justified?
What are your rights in electronic transactions?
Anonymity in life (specifically, in non-computer based) has been shown to change
behaviours. In experiments throughout history, people have been shown
to be less responsible in a group situation or where their indentity is not known.
Computers can encourage and facilitate anonymity, and multiple or fake
(not necessarily fradulent) identities. What sorts of ethical issues
arise due to this process? Do you have the right to know who you are
talking to? Do you have the right to hide who you are? Anonymous mailers
and anonymous remailers add more depth to the discussion. It is possible
to be totally anonymous on the internet, although total anonymity
requires some effort. In what situations is anonymity justified, if it
is ever justified at all? What are the affects of anonymity on electronic
communications?
Anonymity Information Resources
Newsgroups
alt.anonymous
alt.anonymous.messages
alt.privacy
alt.privacy.anon-server
Web Sites
draco.centerline.com:8080/~franl/crypto/remailers.html
Cypherpunks
FTP Sites
aql.gatech.edu/pub/crypto/remailer/pub/crypto/premail
ftp.csua.berkeley.edu:/pub/cypherpunks
People
[email protected] (Ralph Levien, maintains list of reliable remailers)
[email protected] (Cypherpunks)
Concept: Cryptography
Issues: Who owns the code?
Privacy, some say, can only be ensured by cryptography. Some people say
strong cryptography is needed to ensure the government cannot read
private individual communications. Some cryptographic products are on
the lists of things that cannot be exported, and are seen as 'weapons'.
What are the issues surrounding cryptography and who are the
cypherpunks? What is PGP? What is PEM? This information is available from
various electronic sources:
Cryptography Resources
Newsgroups
sci.crypt
talk.politics.crypto
Web Sites
www.eff.org/dan/stuff.html
draco.centerline.com:8080/~franl/crypto/cryptography.html
Mailing Lists
Cryptography ([email protected])
FTP sites
ftp.eff.org:/pub/EFF/Issues/Clipper_Capstone_EES_escrow
Concept: Viruses
Issues: Do you have a "right" to pass out viruses? Do you have a "duty" not to? Are computer viruses artificial life?
Viruses are another new concept in computing. The debate surrounding
them seems to center around several issues: is virus writing a right?
should virus distribution be made illegal. These questions are usually
met with a variety of arguments from both sides, ranging from "Viruses
are constitutionally protected" to "Viruses are Artificial Life"
research. Neither of these has been proven and the debate goes on. You
can get information about the debate and viruses from:
Anti-Virus Resources
People
[email protected] (Sarah Gordon)
[email protected] (Vesselin Bontchev)
[email protected] (Rob Slade)
[email protected] (Fridrik Skulasson)
[email protected] (Richard Ford)
[email protected] (Ian Whalley)
There are various mailing lists and newsgroups dealing with the topic: comp.virus, alt.comp.virus are two of the more
used ones. FTP sites with information about viruses include ftp.informatik.uni-hamburg.de (login anonymous, username as password),
and ftp.datafellows.com.
Other sites which are easily accessible via the Internet contain live viruses
and viral source code. It is the opinion of this author that
such distribution of viruses constitutes irresponsible action on the
part of the account owner and should be discouraged. However, it is not
illegal in some countries to make this information available, so
discouraging will probably take the form of peer and societal pressures.
More Anti-Virus Resources
Newsgroups
comp.virus
alt.comp.virus
Web sites
www.ncsa.com
www.commandcom.com
www.datafellows.com
Mailing lists
virus-l (address)
FTP sites
ftp.informatik.uni-hamburg.de
ftp.commandcom.com
ftp.datafellows.com
Conclusion
The resources provided by this paper can provide instructors and
students with information sufficient to begin a discussion on ethical
issues related to computing. This list of resources is, however, by
no means exhaustive. It is our hope that by encouraging the student to
explore these issues, we are at the same time encouraging an evolution
in the computing community's approach to these dilemmas.
Please note: The resources listed in this document are subject to change.
Due to the nature of the Internet, there is no guarantee that any or all
of these sites will be operational at any time. Newsgroups are formed
and abandoned. However, all of the sites and newsgroups mentioned in this
paper were operational when this paper was drafted. Should you find any of
these sites are no longer operational, or any of the newsgroups no longer
exist, please do not panic. This is the nature of the Internet.
© 1995 Sarah Gordon. This document may not be reproduced in whole or in
part, stored in any electronic information system, or otherwise made
available without specific prior express written permission of the author.
All rights reserved.
Bibliography
Denning, Dorothy. Dorothy Denning. "The United States vs. Craig Neidorf".
Communications of the ACM, No. 3 Vol.34 March 1991
Holz, H.J. and Martin, C.D. H.J. Holz and C.D. Martin. "Education and
Society" ed. R. Aiken, Information Processing 92, Volume II, Elsevier
Science Publishers, North Holland 1992. Proceedings IFIP 12th World
Computer Congress, Madrid, Spain. September 7-11, 1992. pp137-143
NET (Nationwide Electronic Tracking). "For Sale, Data About You". Harper's
Magazine, 1992
Stallman, Richard. Richard Stallman. "Why Software Should Be Free". Free
Software Foundation. April 1992
SPA: Software Publishers Association. "Is it O.K. to copy my
Colleague's Software?" SPA. 1994
Sterling, Bruce. Bruce Sterling. The Hacker Crackdown: Law and Disorder
on the Electronic Frontier. Bantam Books. 1992
Stoll, Cliff. Cliff Stoll. The Cuckoo's Egg: Tracking a Spy Through
the Maze of Computer Espionage. Doubleday Books. 1989
Other books of Interest:
Hafner, Katie and Markoff, JOhn. Katie Hafner and John Markoff. Cyberpunk: Outlaws and Hackers on the Computer Frontier.
Simon & Schuster. 1991
Forrester, Tom and Morrison, Perry. Tom Forester and Perry Morrison. Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing
MIT Press. 1990.
The Knightmare. Secrets of a Super Hacker.
Loompanics Unlimited, 1994
About the Author
Sarah Gordon's work in various areas of IT Security can be found profiled in
various publications including the New York Times, Computer Security Journal
and Virus Bulletin. She is a frequent speaker at such diverse conferences
as those sponsored by NSA/NIST/NCSC and DEFCON. Recently appointed to the
Wildlist Board of Directors, she is actively involved in the development
of anti-virus software test criteria and methods. She may be reached as
[email protected]