Virus Databases
Virus Links
Virus Research
Security



Concepts, Issues and Resources: Structuring Ethical Curricula in the Information Age

By Sarah Gordon
E-mail:[email protected]

This paper was first prepared for the 1995 IFIP Technical Committee 11 Working Group 11.8 Workshop on xxxx, held in Capetown South Africa, May xxxx, 1995.

© 1995 Indiana University Department of Math and Computer Science. This document may not be reproduced in whole or in part, stored on any electronic information system, or otherwise be made available without prior express written consent of the author and copyright holder.

Introduction

According to experts in the field of Information Technology, one of the most pressing need facing students in computer related fields is a lack of understanding of the social and ethical implications of computerization. In "Integrated Social Impact and Ethical Issues Across the Computer Science Curriculum" [Holz, Martin 92] we read:

Computer technology is particularly powerful due to its potential to change how we think about ourselves as human beings, how we make decisions in governance and social policy, and how we save and pass on knowledge...

This challenge is particularly difficult given the traditional mindset of technically trained professionals who view social impact and ethics issues as topics auxiliary to the foundation material in computer science...

Technical issues are best understood (and most effectively taught) in their social context, and the societal aspects of computing are best understood in the context of the underlying technical deatil...

This paper will address what is often said to be the most serious problem there is in implementing the sort of approach suggested by Holz and Martin:

The most serious problem in implementing this integrated approach across the computer science curriculum is the lack of familiarity that most professors have in locating and preparing materials to deal with the social and ethical issues [Holz, Martin 92]

We will identify some major ethical issues as they relate to computer based interactions, and provide a compact guide which educators can use to guide them in quickly obtaining materials needed for a more thorough exploration of these issues.

Definitions

One of the first things we must recognize is the lack of familiarity students may have with some terms we may take for granted; even people in computing sciences may be unfamiliar with some of the terminology used in discussion of the ethical issues relating to technology. While they may have familiarity with the technology and with ethics, they have not been exposed to many of technological implementations which help create ethical conflicts. Additionally, since the computing sciences are so new, it is possible that students and educators are not sufficiently aware of the end-result of some computer based interactions. In some cases, people may be using different terminology or analogies which may not be be conducive to a thorough discussion and understanding of the topics at hand. For this reason, a beginning course in social and ethical implications of technology must define terms - even those which may appear obvious. Some suggested terms are: e-mail, Internet, software, privacy, property, virus, world wide web, html, virus, copyright, shareware, IRC, ftp. These terms are used frequently in discussion of ethics and technology; however, some of the terms (privacy, property) are subject to interpretation. Others, (html, www, ftp), are not as widely known. The instructor may wish to let students list terms they are familiar with, to build a list of key words for future classes.

Once there are some definitions, (and in some cases, a decision that there are no adequate definitions that are generically applicable), traditional ethical terms and concepts can offer a solid base for exploration of modern technology. A discussion of Duty and Rights is a good place to start. Such a discussion can refresh the concepts of duty and rights; the instructor may wish to present in concise form a overview of "ethics" including deontology, utilitarianism, aristotlean and other ethical models of choice. From this point, issues related to duty and rights become clear as we explore some of the new concepts.

Duty and Rights

Traditionally ethics are viewed as how we behave in our interaction with other people, or in our behaviours which affect people. There are some basic rules:

These rules are, of course, based on principles, which are in turn based on ethical theories of the varying types discussed above. The premise of these theories and their applications appear to be how we relate to other people and how our actions affect others as well as ourselves. The introduction of computing technology introduces an "interface". This interface is, of course, the computer. When we communicate electronically, we can forget there are people involved. This becomes more likely when we spend a lot of time in computing environments, away from other human beings. These computing environments are called "cyberspace" by some. In these environments, depersonalization and desensitization can and do occur. This depersonalization effect can manifest itself in various ways, from withdrawal from "real life", to abberant social behaviours. However, it is important to remember that what we may consider "wrong" may be considered "right" in the cyberspace environment, or it may even be considered a "non-issue". What sorts of behaviours and concepts exist in this environment? We will examine those which exist, and attempt to define some of the issues which we must address if we are to overcome our ambivalence on standards for judging the ethical status of a given situation.

Concept: Hacking Issues: Damage, Ownership, Breaking in

The first concept we will examine is "hacking". Much formal written work has been done on hacking. There are books available at most libraries which tell the stories of hackers breaking into computers, and of the subsequent chases by law enforcement. Some even discuss the successful arrest and prosecution of these 'bad guys'. [Sterling, 1992] [Stoll, 1989] However, there are people who question the validity of some of the more conservative views toward computer hacking. Some serious issues need to be raised in a discussion of hacking. Denning [Denning, 1991] discusses the curiousity, peer pressure and thrill that contribute to some hackers motivations. When we examine the psycho-socio makeup of any group of young people, we find this is not at all an abnormal set of motivations. We hear from many persons called hackers that damage is wrong. This is not so far from our own perception of what is wrong. We would all agree that damage is generally wrong. This is a generic social principle.

"Leave only footprints, take only memories" is one slogan some members of the hacking community adhere to. "We don't hurt anyone" is a common claim of hackers. These claims lead us to some issues, such as what is hurting? What is damage? Is reading your electronic files "damaging" you? What is the importance of intent and motivation? Do people have a right to "equal access" as many hackers claim? What part do freedom and creativity, espoused by many hackers, play in the general development of computing technologies? Is creating new accounts damage? Is reading a password file damage, and if so, what kind of damage is it? Damage to who? Is exploring a system damage? Is it true that we would not be as technologicially advanced today if not for hackers?

What constitutes breaking into a a system? If a system is on the Internet and it is left "open", is it breaking in if you log in without specific authorization?

If you can log in as guest, are you breaking in if you do?

If you are not specifically invited to access a system, are you breaking in if you access that system? What are the responsibilities of the adminstrators of systems? Is it helping administrators to break into systems and tell them how you did it? How should we define and assess penalties for electronic crimes. What -are- electronic crimes? What -is- damage? Who defines it? We come full circle.

There are many resources for information on hacking. Usenet newsgroups, mailing lists, ftp sites, magazines, and IRC all offer a way to gain insights into the hacking culture.

Newsgroups
alt.2600
alt.security
comp.security.misc
comp.security.unix
comp.dcom.telecom.tech
alt.dcom.telecom

Web sites
www.2600.com
underground.org

Mailing lists
firewalls ([email protected])
bugtraq ([email protected])

FTP sites
ftp.etext.org
ftp.fc.net/pub/paranoia/pub/phrack/pub/deadkat
ftp.2600.com
ftp.cert.org:/pub

People
[email protected] (Will Spencer)
[email protected] (Sarah Gordon)
[email protected] (Morton Swimmer)
[email protected] (Paul Ducklin)

Concept: Ownership Issues: Who owns data about you? Should software be free? Who owns the Internet?

Some of the questions we ask about hacking seem to be based on our lack of true understanding and definition of various forms of ownership; of systems and of the Internet in general. Classical definitions of IP aside, there appears to be in our computing community some dissension as to who actually owns (or who SHOULD own) "things" on the Internet. The Internet itself is not owned by anyone, although small parts of it seem to be getting swallowed up by commercial interests. There are people who feel that software itself should be free. Reasons such as the encouragement of social cohesiveness and enhanced development capability are usually cited by those taking this position. [Stallman] SPA (The Software Publishers Association) and other business oriented groups work to combat software piracy (which would not exist if software were free). [SPA] Piracy is rampant, depriving developers of huge revenues. Why do people feel it justifiable to copy software and use it without paying for it? These issues are worth discussion. Do people have a right to try software first? Do developers have a duty to let them? What about the argument that without copyright, there is little (if any) incentive for innovation?

Ownership Resources

People and organizations
[email protected]
[email protected]

Concept: Privacy Issues: Who should be able to read your mail? Who owns information about you?

"Who owns what" also applies to concepts like E-Mail. Based on our traditional concepts of mail, we consider electronic mail to be private; however this is not necessarily the case.

It is not only trivial to read someone's mail, but many companies do it as a matter of routine. There are other questions we must consider when we move from paper mail into electronic mail. Who owns your electronic mail? Do companies have the right to read it? Does your service provider have the right to read it? Do they have a duty to inform you if this is their practice? Can a University rightfully decide what is an appropriate topic for you to discuss in public forum or e-mail? These issues are complex.

There are others. Privacy and ownership of information are not only up for discussion in broad generic philosophical terms, but in real life impacting terms. Information on you is collected routinely. Who owns this information? Some of the types of information include your health records, driving records, neighbors, employment history. What ethical conflicts arise in the gathering and accessibility of this kind of information? Is a computer a good place to store this information? What, if any, safeguards should be required? What can you do to protect your privacy? What is the governments role in providing privacy. Is there a right to privacy in cyberspace? To answer some of these questions, we must first initiate informed discussions. We can make use of the same technology that helps form the questions by accessing information available via:

Privacy Resources
Newsgroups
alt.privacy
alt.privacy.clipper
alt.privacy.anon-server
comp.society.privacy

Mailing lists
privacy ([email protected])

FTP sites
ftp.vortex.com/privacy
ftp.eff.org/pub/EFF/Policy/Privacy

People
[email protected] (privacy advocate)
[email protected] (Philip Zimmerman)

These are places to go for information on privacy, and the other concepts that go along with it: anonymity and cryptography.

Concept: Anonymity Issues: Does anonymity change behaviour? Is anonymity ever justified? What are your rights in electronic transactions?

Anonymity in life (specifically, in non-computer based) has been shown to change behaviours. In experiments throughout history, people have been shown to be less responsible in a group situation or where their indentity is not known. Computers can encourage and facilitate anonymity, and multiple or fake (not necessarily fradulent) identities. What sorts of ethical issues arise due to this process? Do you have the right to know who you are talking to? Do you have the right to hide who you are? Anonymous mailers and anonymous remailers add more depth to the discussion. It is possible to be totally anonymous on the internet, although total anonymity requires some effort. In what situations is anonymity justified, if it is ever justified at all? What are the affects of anonymity on electronic communications?

Anonymity Information Resources

Newsgroups
alt.anonymous
alt.anonymous.messages
alt.privacy
alt.privacy.anon-server

Web Sites
draco.centerline.com:8080/~franl/crypto/remailers.html
Cypherpunks

FTP Sites
aql.gatech.edu/pub/crypto/remailer/pub/crypto/premail
ftp.csua.berkeley.edu:/pub/cypherpunks

People
[email protected] (Ralph Levien, maintains list of reliable remailers)
[email protected] (Cypherpunks)

Concept: Cryptography Issues: Who owns the code?

Privacy, some say, can only be ensured by cryptography. Some people say strong cryptography is needed to ensure the government cannot read private individual communications. Some cryptographic products are on the lists of things that cannot be exported, and are seen as 'weapons'. What are the issues surrounding cryptography and who are the cypherpunks? What is PGP? What is PEM? This information is available from various electronic sources:

Cryptography Resources
Newsgroups
sci.crypt
talk.politics.crypto

Web Sites
www.eff.org/dan/stuff.html
draco.centerline.com:8080/~franl/crypto/cryptography.html

Mailing Lists
Cryptography ([email protected])

FTP sites
ftp.eff.org:/pub/EFF/Issues/Clipper_Capstone_EES_escrow

Concept: Viruses Issues: Do you have a "right" to pass out viruses? Do you have a "duty" not to? Are computer viruses artificial life?

Viruses are another new concept in computing. The debate surrounding them seems to center around several issues: is virus writing a right? should virus distribution be made illegal. These questions are usually met with a variety of arguments from both sides, ranging from "Viruses are constitutionally protected" to "Viruses are Artificial Life" research. Neither of these has been proven and the debate goes on. You can get information about the debate and viruses from:

Anti-Virus Resources
People
[email protected] (Sarah Gordon)
[email protected] (Vesselin Bontchev)
[email protected] (Rob Slade)
[email protected] (Fridrik Skulasson)
[email protected] (Richard Ford)
[email protected] (Ian Whalley)

There are various mailing lists and newsgroups dealing with the topic: comp.virus, alt.comp.virus are two of the more used ones. FTP sites with information about viruses include ftp.informatik.uni-hamburg.de (login anonymous, username as password), and ftp.datafellows.com.

Other sites which are easily accessible via the Internet contain live viruses and viral source code. It is the opinion of this author that such distribution of viruses constitutes irresponsible action on the part of the account owner and should be discouraged. However, it is not illegal in some countries to make this information available, so discouraging will probably take the form of peer and societal pressures.

More Anti-Virus Resources

Newsgroups
comp.virus
alt.comp.virus

Web sites
www.ncsa.com
www.commandcom.com
www.datafellows.com

Mailing lists
virus-l (address)

FTP sites
ftp.informatik.uni-hamburg.de
ftp.commandcom.com
ftp.datafellows.com

Conclusion

The resources provided by this paper can provide instructors and students with information sufficient to begin a discussion on ethical issues related to computing. This list of resources is, however, by no means exhaustive. It is our hope that by encouraging the student to explore these issues, we are at the same time encouraging an evolution in the computing community's approach to these dilemmas.

Please note: The resources listed in this document are subject to change. Due to the nature of the Internet, there is no guarantee that any or all of these sites will be operational at any time. Newsgroups are formed and abandoned. However, all of the sites and newsgroups mentioned in this paper were operational when this paper was drafted. Should you find any of these sites are no longer operational, or any of the newsgroups no longer exist, please do not panic. This is the nature of the Internet.

© 1995 Sarah Gordon. This document may not be reproduced in whole or in part, stored in any electronic information system, or otherwise made available without specific prior express written permission of the author. All rights reserved.

Bibliography

  1. Denning, Dorothy. Dorothy Denning. "The United States vs. Craig Neidorf". Communications of the ACM, No. 3 Vol.34 March 1991
  2. Holz, H.J. and Martin, C.D. H.J. Holz and C.D. Martin. "Education and Society" ed. R. Aiken, Information Processing 92, Volume II, Elsevier Science Publishers, North Holland 1992. Proceedings IFIP 12th World Computer Congress, Madrid, Spain. September 7-11, 1992. pp137-143
  3. NET (Nationwide Electronic Tracking). "For Sale, Data About You". Harper's Magazine, 1992
  4. Stallman, Richard. Richard Stallman. "Why Software Should Be Free". Free Software Foundation. April 1992
  5. SPA: Software Publishers Association. "Is it O.K. to copy my Colleague's Software?" SPA. 1994
  6. Sterling, Bruce. Bruce Sterling. The Hacker Crackdown: Law and Disorder on the Electronic Frontier. Bantam Books. 1992
  7. Stoll, Cliff. Cliff Stoll. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. Doubleday Books. 1989

Other books of Interest:

  1. Hafner, Katie and Markoff, JOhn. Katie Hafner and John Markoff. Cyberpunk: Outlaws and Hackers on the Computer Frontier. Simon & Schuster. 1991
  2. Forrester, Tom and Morrison, Perry. Tom Forester and Perry Morrison. Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing MIT Press. 1990.
  3. The Knightmare. Secrets of a Super Hacker. Loompanics Unlimited, 1994

About the Author

Sarah Gordon's work in various areas of IT Security can be found profiled in various publications including the New York Times, Computer Security Journal and Virus Bulletin. She is a frequent speaker at such diverse conferences as those sponsored by NSA/NIST/NCSC and DEFCON. Recently appointed to the Wildlist Board of Directors, she is actively involved in the development of anti-virus software test criteria and methods. She may be reached as [email protected]