Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ethics, Privacy, and Hacking 2

Status
Not open for further replies.

CajunCenturion

Programmer
Mar 4, 2002
11,381
US
We've seen over the past several weeks quite a few statements regarding the importance of the "right to privacy" and the "right to anonymity". Understandably, violations of privacy are deemed to be unethical.

We've also seen a few people adopt the position that there is nothing ethically wrong with benignly hacking into another's system.

Can we reconcile these two positions? Can it be okay to ethically hack into someone's system and at the same time, not unethically violate their right to privacy?

Or is there a heirarchy of these ethical conumdrums? and if so, what is the order of precendence and why?

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
<teasing>
it all depends against whom the nefarious acts are committed
</teasing>

So your point is that if a sequence of individual acts are required for one purpose, we can deem the individual actions ethical and/or unethical on their own, without regard to whether the purpose is ethical or not.

I guess maybe now we can start two new subjects - MicroEthics and MacroEthics.

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
&quot;Can it be okay to ethically hack into someone's system and at the same time, not unethically violate their right to privacy?&quot;

It seems to me that the question is loaded and the answers so far given bear out that supposition.

sleipnir214 said

&quot;And I think we should keep comparisons to the law out of the mix, too.&quot;

...yet it is not possible to &quot;divorce&quot; the &quot;right to privacy&quot; from legal aspects because it is a legal principle. Yet sleipnir214 does recognise that the law and ethics have never been constant companions.

The legal &quot;right to privacy&quot; counters an individuals claim to be able to &quot;invade that privacy if the opportunity presents itself or is manufactured etc.&quot;

So, by divorcing the legal aspects of the question you establish tension between an individuals right to privacy with an individuals right to breach privacy. Who is to say that &quot;ethically&quot; my right to see what I want to see is any less or more valid than an individuals right to privacy. The tension is between the principles &quot;you can't look&quot; and &quot;but I can see&quot;.

The question of a hierachy of &quot;ethical conundrums&quot; is certainly an intruiging point to consider. Certainly in the field of criminology theories such as the &quot;Techniques of Neutralisation&quot; (enter into google for results, thanks) attempt to demonstrate that the individual may see a hierarchical justification to their actions. Also, we have a legal system that has an obvious ordering of crimes and penalties. So, in an ethical debate is it possible to have a &quot;hierarchy of ethics&quot;. In considering this point it is necessary to question an individuals motivation. For example, &quot;I did it because I wanted to look&quot; or &quot;I did it because I wanted to help&quot;. Two reasons that could be given for the same breach of someone's privacy.

The question why &quot;ethical&quot; actions may be ordered hierarchically is to do with legitimacy. As I have already stated, with the removal of the legal aspect of a &quot;right to privacy&quot; there is a tension between the &quot;right to privacy&quot; and &quot;the right to look&quot;. With these points in tension, there will be an &quot;argument&quot; around why some's right to privacy is greater than someone's right to look. This will hinge on what can be seen as the most legitimate reason.

So to answer CajunCenturion's questions;
1. It is ethical to hack into someone else's system (but not legal).
2. It is ethical to violate someone's privacy (but not legal).
3. &quot;Ethical&quot; actions can be ordered in aspects of motivation (this assumes that consensus can be reached, which in itself is a point to debate).
4. &quot;Why&quot; ethical actions would be ordered is that it would be necessary to be able to resolve civil disputes if the legal &quot;right to privacy&quot; did not exist.

As a footnote, I would just add that what I state above is my interpretation of how I would engage constructively with the questions posed by CajunCenturion. They do not necessarily reflect my own views.

Kind regards.
 
You're absolutely right, it is a loaded question, and given the interplay, one can easily get twisted.

You are also correct that all of the issues (except perhaps the heirarchiy) that you identify for consideration have been exposed at one time or another in the various examples, analogies, and comments made thus far, and should be taken into account when considering the issue with all its twists and turns.

Now that we understand the environment, and how you'd engage - we anxiously await your engagement, if you feel so inclined.

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Lol,
touché.

My own perspective revolves around the adages;

&quot;treat others as you would have others treat you&quot; and &quot;do unto others as they do unto you&quot;.

From this perspective, the motivation of the &quot;hacker&quot; is not of prime concern. It is &quot;my&quot; interpretation of the actions and intentions of the hacker that are paramount. So, I might shoot the &quot;good samaritan&quot; thinking that his intentions were other than honourable. Therefore I would &quot;probably&quot; advocate &quot;do nothing.&quot;

But again, it would take quite a considerable amount of time to flesh out that position - time which I really haven't got at the moment ;-)

I would add that I appreciate your insight that the answer I gave in my previous post was far from being a complete analysis of the situations and questions provided by yourself.

All the best.
 
Perhaps what we as a community need to help resolve this issue is an agency (similar to the police force) to help address security concerns. For instance, rather than hacking a system that is launching a DOS attack, you could forward the information to this agency which could then launch an &quot;ethical hack&quot; and take care of the notifications, etc. This would relieve us from the ethical and legal responsibilities.

If the police are passing by a house and see a door wide open, the have full legal rights to wander in to make sure everything is OK. It might be useful to establish a group to do that.

I realize that this would be a very difficult thing to set up, and trust would need to be established, etc. It was just an idea that was floating around in my head and I thought I'd put it out there.

[aside]
Does anybody else miss the days when DOS mean &quot;Disk Operating System?&quot;
[/aside]
 
Isn't this all a teeny bit hypothetical. I mean, if you had a neighbour who lived under a compulsion to wander round checking people's doors are locked, wouldn't you worry about his psychological state and feel a bit uncomfortable about him? And if you came home and found someone wandering about your house....
I've never had the faintest urge to get into someone else's computer, or check someone's car door. And if I ever do, I'll start worrying about myself.
 
I am relieved to see the correct metaphor put in place. Indeed, on my own property I expect to be able to leave the door open if it pleases me.
Yet I absolutely do not expect anyone I don't know to judge that if the door is open they can come in.
I will accept the presence of a policeman come to check, of course.
This metaphor is perfectly valid in all situations.
It was mentioned in this thread that someone looking through the window and witnessing an agression would have performed ethically. Sorry, but if the agressor had the ethics of not going in in the first place, there would be no agression taking place.
In short, I feel we are all a bit too intrigued by the technical aspects and possibilities, and we need to recenter ourselves to a more down-to-earth situation.
Hacking would simply not happen if a potential hacker compared what he was going to do and asked himself if he would break into a house in the same way. After all, hacking a secure system is just finding a window to break. Hacking an unsecure system is finding a window/door that is open.
Although I acknowledge that there is a very legal difference, in essence the hacker is doing the same thing : gaining egress to a place he was not invited to.
If I go into my garden and, upon my return, find someone I don't know in my house, I'm phoning the police ASAP. I don't care if he wanted to make sure that my cat was well fed, he's a nut and I want to make sure he's prosecuted.
Unfortunately, it is quite easy to find a counter example. If I go into my garden leaving the door open and, upon my return, fall in the stairs and knock myself into a coma, and thereupon a perfect stranger comes in because he was genuinely worried about an open door and found me and phoned for help, I would obviously be indebted to that person for life.
Right, I've put myself into a fine mess now ;-)
 

You're wandering through the city when you come across an empty office building. Have you done anything unethical?

You pull on the door, and it opens. You stand outside for a moment. Have you done anything unethical?

After a brief pause, you stick your head inside and look around. Have you done anything unethical?

You cautiously enter the building and glance around the reception area, but proceed no further. Have you done anything unethical?

From this point on, most people would probably agree that proceeding any deeper into the building would be inappropriate (unless there were an obvious reason to do so, such as hearing a call for help).

Most people would also agree that wandering by and glancing over is not an ethical issue. Arguably, though, once you try that door, there will be people that want to know why you're wandering around the city pulling on doors.


One more: After you make the decision to leave the building, do you feel ethically bound to call the owner of the building and let them know that the door is open?

(Yes, I used an office building instead of a house on purpose.)

 
Its never ethical to hack (or to try to hack) into somebody's system without explicit consent - regardless of the reason. If I did have a major hole in the security of my system that somebody found and they wanted to inform me, the proper thing to do is to send a email to the registered address by doing a WHOIS query on the IP/DNS name. Going into the system and closing the port on my behalf may seem like a nice, friendly thing to do - but its a violation and I would be very unhappy if somebody did so. Also, what if that particular server was just a honey pot that a admin has set up to get somebody who is trying to hack the system, but covering their tracks? You've just ruined an investigation!

Steve Hewitt
Systems Manager
 
Hi Stevehewitt,

My first observation is you didn't answer Cajun's questions...

My second observation is that &quot;setting a honey pot&quot; is inviting hacking, it is entrapment and not very ethical or legal in some parts of the world ;-)

Or are you able to &quot;ethically&quot; reconcile entrapment? Bearing in mind that a honey pot, as you have already mentioned, may not &quot;catch&quot; the person you are searching for. Or is it you are not bothered who you catch? Are you really suggesting that all systems should have &quot;honey pots&quot; to catch all hackers?

My little world of ethical behaviour tells me that if I do not respect my property, then I should not expect someone else to respect it, to do otherwise is hypocritical. Other people will say that ethically, they have a right to treat their property in any manner they see fit.

Which &quot;ethical viewpoint&quot; is more correct?

All the best.
 
HESCott - Your analogy of using a business instead of a residence allows for entry in the public foyer which exists in a business but not in a resisdence. Yes that does make a difference if you assume a priori that every server that you're touching belongs to a business. But because that behavior is based on an unreasonable assumption, I would have difficulty accepting it as ethical behavior.

PCLine - Bringing in the notion of respect does complicate the issue, because I don't think we can equate ethics and respect. Ethics comes from within, and although its based on the predominate social mores and traditions of the culture, it is an internal set of rules that govern your own behavior. You stated that your expectation of how your property is to be respected is based on how much respect you have for your own property, or more to the point, that your respect for another's property is based on how much respect they have for their property as a basis of ethical behavior, in my opinion is off-base in that the basis of ethical behavior does not come from within (the actor), but rather the victim.

I'm not sure that I agree with the respect aspect of that either because my ethics, and in a similar vien, my degree of respect, is based more on the golden rule, in that my behavior is based on how I would want you to treat and/or respect me -- not on how I see you treating/respecting yourself.

I think its also fails to take into account the difference between the owner who is not aware of the problem, as opposed to the owner who ignores the problem.

I agree completely that ethically, an individual has the freedom to treat their own property any way they see fit (provided they are not endangering others in doing so), but that does not mean that its ethically ok for me to tread your property in the same way. In other words, just because you &quot;steal <or insert other action&quot; from yourself does not mean that I can steal from you.

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Hi CajunCenturion,

I don't necessarily disagree with any of your assessments of what I have written so far. But, and there is always a but in a debate, lol...

Ethics are not internalised, respect may well be internalised, ethics are structural. I am sure you know what I mean by that statement, maybe ;-)

How you or me or anyone else reconciles ethical behaviour is primarily based on what is viewed as consensually acceptable.

I would suggest that your last example has strayed into the &quot;legal realm&quot; of ethics. I would say that ethically people would see nothing wrong with treating you in the same manner you treat yourself :) though how you treat yourself may be illegal and us doing likewise may be illegal.

All the best.
 
PCLine:
Ethics must be internal -- otherwise no one would ever take an ethical stand different to that of his peers.

While I agree that the current ethical consensus influences our own ethics, if you look at history you will find that all corrections of social injustice began with a person or small group of people taking an ethical stand in the face of the opposition and vilification of their peers.


Want the best answers? Ask the best questions: TANSTAAFL!
 
Hi sleipnir214,

Yes what you say is correct. But I wasn't saying that we don't have an opinion on what is ethical and what is not ethical ~ clearly we do. What I am saying is that your opinion of ethical behaviour has to be cosensualised by society for it to be legitimate. If your opinion of ethical behaviour runs contrary to society's view then you are labelled &quot;deviant&quot;. That is not to say that society won't change &quot;its mind&quot; and agree with you, given time. But at that time, your ethics &quot;count for nothing&quot; because society doesn't agree ~ you are just a deviant.

I hope that clarifies my point.

All the best.
 
Then I can choose whether my ethics must be legitimized by society. Personally, I don't need the approbation of the world.

Keep in mind, too, that a society's stamp of approval on an act does not necessarily make that act ethical -- take the actions of Nazi Party during World War 2 as an example.


Want the best answers? Ask the best questions: TANSTAAFL!
 
Hi again sleipnir214,
Your first statement, &quot;Then I can choose whether my ethics must be legitimized by society.&quot; still doesn't &quot;free you&quot; from the label of deviancy ~ in fact your disregard for societies norms amplifies your deviancy ~ and though you may &quot;think you are the most ethical person in the world&quot; society thinks you are wrong!

Your second statement, &quot;Keep in mind, too, that a society's stamp of approval on an act does not necessarily make that act ethical -- take the actions of Nazi Party during World War 2 as an example.&quot; is firstly ambiguous(just who are you saying endorsed the &quot;nazi&quot; parties actions and which actions are you referring to? And secondly it is a subject that could not be properly discussed nor should it be discussed here! (Information Technology Ethics Forum).

All the best.
 
sleipnir - &quot;a society's stamp of approval on an act does not necessarily make that act ethical -- take the actions of Nazi Party during World War 2 as an example&quot;

whilst I am in no way contradicting the statement, could I suggest that an act is neither ethical nor unethical, but is perceived as such by an individual.

Such a view may be shared by society (but don't ask me to define society!) in which case it's safe to say such an act is generally considered ethical or unethical. But subsequent changes in society's mores may alter this perspective.

<marc> i wonder what will happen if i press this...[pc][ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top