The Hacker’s Fallacy

The single most widely held piece of The Hacker’s Ethic is “As long as the motivation for doing something is to learn and not to otherwise gain or make a profit, then doing it is acceptable.” This is actually quite a strong, respected, and widely held ethos among people who call themselves nonmalicious hackers.

To be a hacker, a person’s primary goal must be to learn for the sake of learning — just to find out what happens if one does a certain thing at a particular time under a specific condition (Emmanuel Goldstein, 2600 Magazine, Spring 1994). Consider the hack on Tonya Harding (the Olympic ice skater who allegedly arranged to have her archrival, Nancy Kerrigan, beaten with a bat). During the Lillehammer Olympics, three U.S. newspaper reporters, with the Detroit Free Press, San Jose Mercury News, and The New York Times, discovered that the athletes’ E-mail user IDs were, in fact, the same as the ID numbers on the backs of their backstage passes. The reporters also discovered that the default passwords for the Olympic Internet mail system were simple derivatives of the athlete’s birthdays. Reporters used this information to gain access to Tonya Harding’s E-mail account and discovered that she had 68 messages. They claim not to have read any of them. They claim that no harm was done, nothing was published, no privacy was exploited. As it happens, these journalists were widely criticized for their actions. But the fact is, a group of savvy, intelligent people thought that information technology changed the ground rules.

The Free Information Fallacy

There is a common notion that information wants to be free, as though it had a mind of its own. The fallacy probably stems from the fact that once created in digital form, information is very easy to copy and tends to get distributed widely. The fallacy totally misses the point that the wide distribution is at the whim of people who copy and disseminate data and people who allow this to happen.

ACTION PLAN

The following procedures can help security managers encourage ethical use of the computer within their organizations:

•  Developing a corporate guide to computer ethics for the organization.

•  Developing a computer ethics policy to supplement the computer security policy.

•  Adding information about computer ethics to the employee handbook.

•  Finding out whether the organization has a business ethics policy, and expanding it to include computer ethics.

•  Learning more about computer ethics and spreading what is learned.

•  Helping to foster awareness of computer ethics by participating in the computer ethics campaign.

•  Making sure the organization has an E-mail privacy policy.

•  Making sure employees know what the E-mail policy is.

Exhibits 1 through 6 contain sample codes of ethics for end users that can help security managers develop ethics policies and procedures.

Exhibit 1.  The Ten Commandments of Computer Ethics

Exhibit 2.  The End User’s Basic Tenets of Responsible Computing

Exhibit 3.  Four Primary Values

Exhibit 4.  Unacceptable Internet Activities

Exhibit 5.  Considerations for Conduct

Exhibit 6.  The Code of Fair Information Practices

RESOURCES

The following resources are useful for developing computer-related ethics codes and policies.

Computer Ethics Institute

The Computer Ethics Institute is a non-profit organization concerned with advancing the development of computers and information technologies within ethical frameworks. Its constituency includes people in business, the religious communities, education, public policy, and computer professions. Its purpose includes the following:

•  The dissemination of computer ethics information.

•  Policy analysis and critique.

•  The recognition and critical examination of ethics in the use of computer technology.

•  The promotion of identifying and applying ethical principles for the development and use of computer technologies.

To meet these purposes, the Computer Ethics Institute conducts seminars, convocations, and the annual National Computer Ethics Conference. The Institute also supports the publication of proceedings and the development and publication of other research. In addition, the Institute participates in projects with other groups with similar interests. The following are ways to contact the institute:

Dr. Patrick F. Sullivan

Executive Director

Computer Ethics Institute

P.O. Box 42672

Washington, D.C. 20015

Voice and fax: 301-469-0615

psullivan@brook.edu