The Kevin Mitnick case.
This discussion focuses on how much of criminal Kevin Mitnick
really is. "Mitnick has been described as more of a computer prankster
who used his hacking skills to harass companies and people he didn't like
rather than to enrich himself,"
Michael Shapiro. Consider these questions.
What rules of ethics did Mitnick violate?
Identify some of the stakeholders who were harmed by Mitnick's actions.
Since there is no evidence that Mitnick intended to profit from his actions,
should his transgressions be treated lightly?
How real was the harm to the other stakeholders?
Is it necessary to punish Mitnick severely to deter others from copycat
You may also find it helpful to reread the discussion of ethical principles
in Ch. 2 of Spinello and Chapter 7 on Ethical Issues and Information Security.
Can hacking be justified?
Here are four justifications sometimes given for hacking.
All information should be free, and if
it were free, there would be no need for intellectual property and security.
Break-ins illustrate security
problems and cause them to be fixed.
Hackers are doing no harm; they are just learning
about how computer systems operate.
Hackers break into systems to watch for abuse and hold "Big
Brother" at bay.
How can you argue against each of these justifications? Are the
arguments against them compelling? You may find it helpful to reread the
discussion of ethical principles in Ch. 2 of Spinello and the section on
pp. 198-201 entitled "Related Ethical Issues" (related to information security).
Do you think that it can ever be an ethical act to write a virus? Why or
Based upon one of the ethical theories we covered in Lecture 1, how could
you reason to your answer to question 1?
Is it unethical to induce others to perform unethical acts, specifically,
unauthorized copying of copyrighted software. Does it follow that organizing
a virus-writing contest is also unethical?
Is it ethical to write viruses for purposes of scientific research, such
as understanding evolution of living organisms, or testing the theory of
evolution? If so,what safeguards should be applied to this research? Who
should enforce the safeguards?
If all virus-writing is unethical, then should all virus-writing be equally
illegal and equally punished? Why or why not? You may allude to utilitarian
or deontological theory in support of your answer.
Should the penalty for creating viruses (and for sabotaging computers in
general) depend on the intent of the perpetrator, the amount of damage,
If the penalty depends on the amount of damage, how should the damage be
assessed, given that damage may be spread sparsely and widely throughout
The case of Craig Neidorf and Phrack.
This discussion deals with the ethics of publishing information
that may be helpful in breaking into computer systems. Consider these questions,
Did Neidorf do anything unethical?
Should he have been convicted?
Should newsletters like Phrack be discouraged? If so, how?
Is it possible to allow free publication of material like Phrack and still
convince would-be criminals that hacking is unethical?
Should it be possible to prosecute the publisher of Phrack if pre- cautions
are not taken and information published there leads to a crime?
Should the First Amendment extend to computer communication?
Is dissemination of material like Phrack protected by the First Amendment?
The trial judge in this case dismissed two friend-of-the-court briefs seeking
to have the case thrown out because it threatened constitutionally protected
speech, saying that the First Amendment doesn't protect otherwise criminal
conduct just because it involves speech.
Is prosecution of Phrack a threat to free expression?
Use the background material on pp. 201-201 of Spinello, and in the articles
week's We b page.
You may find it helpful to reread the discussion of ethical principles
in Ch. 2 of Spinello and the rest of Chapter 7 on Ethical Issues and Information
The diffrent views on hacking
Peruse the readings on hacking on this
week's Web page. You will probably find them much more sympathetic
to hackers than my lectures or the Spinello textbook (see pp. 198 ff.).
Why is this true?
One might hypothesize that it is due to an "institutional bias" against
restraints on one's profession. In general, people in a profession tend
to oppose governmental restraints on their profession. Trial lawyers, for
example, tend to oppose legal reforms that would make it more difficult
for people to sue. Manufacturing companies tend to oppose further government
regulations relating to safety and the environment. Timber companies oppose
restrictions on logging designed to protect endangered species. There is
a tendency in each profession to believe that its members "know best" how
to handle issues related to their occupation.
So, one might contend, people who program computers and networks tend
to oppose restrictions on their freedom to access computers. They may not
sympathize with the actions of "hackers," but they see restrictions designed
to prevent abuse as threatening their freedom to browse networks in new
and creative ways. Hence their outcries against prosecution of people engaged
in arguably "benign" forms of hacking.
Do you agree with the hypothesis expressed above?
Can you cite any places in the readings to support your position?
Should computer professionals be trusted to write the regulations on hacking
because they know their profession best? Or should society be skeptical
of their recommendations because of institutional bias?
The disgruntled employee and hacking.
Besides hacking, a related threat to information security is
sabotage by a disgruntled employee. Case 7.1 from Spinello, "The disgruntled
consultant," highlights this risk. Read the description on pp. 205-207
of the text and then answer Spinello's questions:
How could TTI improve its security policies and its procedures for dismissing
What should Dr. Bluestein say to his client, the Commerce Bank? Should
he be open and truthful about what went wrong or tell the executives at
Commerce something else?
Is TTI liable, that is, responsible, for Chase's reckless actions, or is
TTI the victim in this case? Should it compensate the bank in some way
for the delay in delivering the cash management application?
In answering these questions, you may find it helpful to read Chapter
7, and/or review the ethical principles in Chapter 2.