Hacking: Rights, Hacktivism, and Counterhacking

Similar documents
Ethics in the age of Informatics, Big Data and AI

Criminal Justice Without Moral Responsibility: Addressing Problems with Consequentialism Dane Shade Hannum

Consistency with the New Zealand Bill of Rights Act 1990: Conservation (Infringement System) Bill

Elliston and Martin: Whistleblowing

YMCA NSW Whistle Blower Policy

TORTS SPECIFIC TORTS NEGLIGENCE

The Limits of Self-Defense

CCPA Analysis Of Bill C-36 An Act To Combat Terrorism

Combatants, non-combatants and opportunistic killings. Helen Frowe Stockholm University

Hacktivism and the Future of Political Participation. A thesis presented by. Alexandra Whitney Samuel

Kenneth Einar Himma Winter 2014 (Tuesday & Thursday, Room 441, 1:30 p.m. 3:20 p.m. Friday, April 12, April 26, 1:30 p.m. 10:20 p.m.

Lecture 7 Act and Rule Utilitarianism. Based on slides 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley

Directors' Duties in Guernsey

Social Studies Power, Active Citizenship, and Change. Outcome 12

U.S. Department of Justice. Criminal Division 13-CR-B. September 18,2013

UNITED STATES DISTRICT COURT EASTERN DISTRICT OF PENNSYLVANIA

IN THE DISTRICT COURT OF JOHNSON COUNTY, KANSAS CRIMINAL COURT DEPARTMENT. No. 14CR853 Div. 17 STATE S MOTION IN LIMINE REGARDING NECESSITY DEFENSE

Investigatory Powers Bill

CSE 3482 Introduction to Computer Security. Law & Ethics

Calif. Privacy Act Will Increase Data Breach Liability

D R A F T : N O T F O R D I S T R I B U T I O N

California Bar Examination

Ethics Handout 18 Rawls, Classical Utilitarianism and Nagel, Equality

Ethics of Information Security

CED: An Overview of the Law

Responsible Victims and (Partly) Justified Offenders

Hacking and the Law. John MacKenzie

Damages in Tort 6. Damages in Contract 18. Restitution 27. Rescission 32. Specific Performance 38. Account of Profits 40.

STATE OF KANSAS v. ANTHONY A. ALLEN. No. 74,639 SUPREME COURT OF KANSAS. 260 Kan. 107 (1996)

THE IRAQ WAR OF 2003: A RESPONSE TO GABRIEL PALMER-FERNANDEZ

Civil Disobedience and the Duty to Obey the Law: A Critical Assessment of Lefkowitz's View

Immigration. Our individual rights are (in general) much more secure and better protected

KNOWLEDGE GURU. Player s License Agreement

THE PERSONAL DATA PROTECTION BILL, 2018: A SUMMARY

Statement on Security & Auditability

REGULATION OF INVESTIGATORY POWERS BILL SECOND READING BRIEFING

Data protection and journalism: a guide for the media

Unit 1 Research Project. Eddie S. Jackson. Kaplan University. IT590 Legal and Ethical Issues in IT. Professor Linnea Hall, JD, MSBA

Justifying Uncivil Disobedience. Ten-Herng Lai PhD Student Australian National University

Global Economic Crime Survey Italian Addendum 2016

The Impact of Surveillance and Data Collection upon the Privacy of Citizens and their Relationship with the State

Legal Ethics of Metadata or Mining for Data About Data

COURT OF APPEAL FOR ONTARIO

Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at

CRS Report for Congress

IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF NORTH CAROLINA Civil Action No. 5:08-CV D

Inquiry into Comprehensive Revision of the Telecommunications (Interception and Access) Act 1979

The United Nations study on fraud and the criminal misuse and falsification of identity

ORGANISATION OF EASTERN CARIBBEAN STATES

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995

Jus in Bello through the Lens of Individual Moral Responsibility: McMahan on Killing in War

EDITORIAL POLICY GUIDANCE NOTE PRIVACY AND FACTUAL ENTERTAINMENT

Chapter 1: Computer Forensics and Investigations as a Profession

Chapter 6. Disparagement of Property 8/3/2017. Business Torts and Online Crimes and Torts. Slander of Title Slander of Quality (Trade Libel) Defenses

LAWS1100 Final Exam Notes

How to Use Torts Tactically in Employment Litigation

The Internet and the Tragedy of the Commons

Borland v. Sanders Lead Co. 369 So. 2d 523 (Ala. 1979) Case Analysis Questions

NC General Statutes - Chapter 36F 1

Varieties of Contingent Pacifism in War

FILED to the ALPR data sought in this case. APR

REVISOR PMM/NB A

THE SURVEILLANCE AND COMMUNITY SAFETY ORDINANCE

Phil 290, February 22, 2011 Christiano, The Constitution of Equality, Ch. 7

Free Speech on the Internet Jeremy D. Mishkin

Oxford Handbooks Online


@ On computers and other networks by the cyber criminals using authorized or unauthorized entry

Examinable excerpts of. Bail Act as at 30 September 2018 PART 1 PRELIMINARY

Damages Actions for Breach of the EC Antitrust Rules

Mendocino Community Network Services Contract

Q. What do the Law Commission and the Ministry of Justice recommend?

Introduction to Criminal Law

Litigation Options For Post-Cyberattack 'Active Defense'

Submission of the. New South Wales Council for Civil Liberties. to the. Commonwealth Attorney-General s Department

1. The physical element of a crime is the a. mens rea b. actus reus c. offence d. intention

Bradley v. American Smelting & Refining Co.,

The Honorable Reena Raggi Chair, Advisory Committee on Criminal Rules

Discuss the George Zimmerman case. What defense he is expected to claim, and why may he qualify under the facts and circumstances?

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures

INFORMATION BULLETIN

WHISTLE BLOWING AND EMPLOYEE LOYALTY DUSKA

IN THE HIGH COURT OF NEW ZEALAND WELLINGTON REGISTRY CIV [2014] NZHC NICOLAS ALFRED HAGER Applicant

9th Circ.'s Expansive Standard For Standing In Breach Case

H.R The 2001 Anti-Terrorism Legislation [Pub. L. No (Oct. 26, 2001)]

MORAL responsibility for an unjust threat, or a threat of wrongful harm, is,

Submission to the Foreign Affairs, Defence and Trade Committee on the New Zealand Intelligence and Security Bill

OFFICIAL POLICY. Policy Statement

Accountability Report Card Summary 2018 South Dakota. South Dakota has the worst state whistleblower laws in the country:

Corporate Litigation: Standing to Bring Consumer Data Breach Claims

IC ARTICLE 39. REVISED UNIFORM FIDUCIARY ACCESS TO DIGITAL ASSETS ACT

Rawls versus the Anarchist: Justice and Legitimacy

BINDING EFFECT OF DECISIONS ADOPTED BY NATIONAL COMPETITION AUTHORITIES

FINAL EXAMINATION DIRECTIONS: Write your answers on the ANSWER SHEET provided.

Running Head: The Consequentialism Debate 1. The Consequentialism Debate. Student s Name. Course Name. Course Title. Instructors name.

Public Consultation on the Smart Borders Package

Transnational Radical Party (TRP) FILLING THE "DEMOCRATIC DIGITAL DIVIDE"

MODULE 5: unlawfulness

Bowie City Police Department - General Orders

Slide 1. Slide 2 Basic denial defence which is used when the accused claims that he or she was not present at the time of the offence.

Transcription:

Hacking: Rights, Hacktivism, and Counterhacking Kenneth Einar Himma acknowledges that hacker once had a positive connotation, but reserves the term hacking to refer to acts in which one person gains unauthorized entry to the computers of another person (191-2) Himma s views (in some contrast to Wilson s!) are a good deal more skeptical about what, if anything, might morally justify hacking. 1

The Prima Facie Case Defined as a species of unauthorized entry, it seems obvious that hacking is prima facie morally wrong: Hacking is analogous to trespass; trespass onto physical property is wrong (whether or not it gives rise to harm) since it violates the owner s property rights; similarly, digital trespass is wrong since it violates the computer owner s right to exclude others from the use of her property. But, the trespass analogy is imperfect 1. Not all trespass is morally wrong; infringement of property rights can sometimes be justified (e.g., venturing onto private property in order to apprehend a fleeing murderer). So, hacking could be morally justified if it brings about a good that outweighs the evil that it creates. 2. Hacking does not (except trivially e.g., by consuming electricity, bandwidth, computing cycles) involve the kind of physical intrusion associated with trespass. 2

So perhaps we can supplement property rights considerations with privacy rights considerations: My computer is not only my (physical) property, it is also a space in which I have a legitimate expectation of privacy. a private space in which I may store sensitive information. Unauthorized access intrudes on this expectation. But privacy rights too hold only prima facie (e.g., intrusion into a terrorist s computer to prevent an imminent attack) Benign Hacking: Social Benefits So infringement of rights can sometimes justified; the onus presumably then lies with the hacker to show that specific instances of hacking are justified and so morally permissible. Can benign motivations based on social benefits, such as testing systems for security or drawing attention to security flaws ( Wilson s research and security hackers ) serve to justify hacking? 3

Himma: No, since these social benefits could be achieved without infringing property or privacy rights. More importantly: If privacy and property are genuine moral rights, then we cannot justify their infringement simply on the grounds that doing so would be beneficial: rights trump consequences (Dworkin) This, I d say, approaches question-begging. Compare stealing $1B from Bill Gates (in order to do good) with taxing him the same amount (in order to support welfare rights). Benign Hacking: Preventing Waste Himma: This is at least the right kind of argument (in that it seeks to identify a principle [i.e., a countervailing right] that could justify infringing property/privacy rights) But again, according to Himma, the argument fails; essentially on the same grounds as above: A property right is a right to exclude. The fact that I m not using my bike doesn t justify you borrowing it; ditto when it comes to my computing resources or software. 4

Benign Hacking: Free Flow of Content Perhaps a right to freedom of expression is strong/important enough to justify infringement of property/privacy rights (and so to justify hacking)? Himma: If a right to freedom of expression is held to entail that therer can be no legitimate restrictions on the free flow of content, then a) the very idea of privacy rights becomes untenable and b) this would be inconsistent with the idea of moral IPRs (e.g., copyright) (I m not sure that even the most rabid defender of an IP anarchist view would make a claim quite that strong) Still, Himma larger point is worth considering: Just because some has a right (e.g., to freedom of expression), this does not entail that she can do whatever she likes to exercise that right. Assume I have a right to certain information on your computer. This does not justify me breaking into your home to access this information. This again may verge onto question-begging, however: Never? Not if, say, I m your parent or a professional with whom you have a fiduciary relationship? This would still be an infringement of property rights, but acting to exercise a right to information might still at least be mitigating. 5

Hactivism & Civil Disobedience As we ve seen, some benign hacking (e.g., a DoS directed toward a wicked organization) is purported to be justified on political grounds. So perhaps civil disobedience can provide a justification for at least some forms/instances of hacking? Civil Disobedience (CD) 1. open 2. knowing 3. commission of some nonviolent act 4. that violates law L 5. for the expressive purpose of protesting or calling attention to the injustice of L, some other law, or the legal system as a whole (195, approximately in keeping with Rawls, 1971) 6

Himma: CD involves expression but it should not be adequated to expression; it is primarily conduct rather than a pure speech act (and so demands a higher standard of moral justification) In a decent democratic society, justified CD will presumably be relatively rare, since citizens have other means available to express their views (197). Nonetheless, CD is at least sometimes morally justified. Hacktivism vs. Cyberterrorism In justifying CD, actors should consider that there are moral limits on the costs one can impose on innocent third parties on the strength of even a laudable motivation (198, emphasis added). Defacement of a web site will presumably cause only relatively minor harm to third parties; a sustained DoS attack (say, on a private commercial web site) may cause very considerable harm. (Though we might want to ask whether third parties are always necessarily innocent third parties.) 7

Also: Himma (and others) assert that agents must be willing to accept responsibility for CD as a necessary (but not sufficient) condition for justification. Acting anonymously, clandestinely, shades into cyberterrorism and/or ordinary vandalism. Proper hactivism should show itself to be ethically motivated. Accepting responsibility as a group (as terrorists often do), Himma suggests, is not sufficient, since it allows the individual hacktivist to avoid facing the consequences of her action. Also: the motivating agenda behind electronic CD may be less transparent in cases of ordinary CD (204). A DDos against Amazon could mean many things, not all of them appropriately political. Moreover, even when the motivating agenda is clear, it may be morally inadequate or unacceptable. See his discussion of the Hacker Ethic and MilwOrm (205-6) So, in sum, hacking-as-cd might be justifiable, but most actual CD hackers fail to offer an adequate justification. 8

Counterhacking Is active response either cause harm to hackers or identify them morally justified? 1. Digitally-based (as opposed to, e.g., physical assault) 2. Implemented after intrusion has been detected, for investigative, defensive or punitive purposes 3. Non-cooperative implemented without the consent of at least one of the parties involved or affected 4. Have causal impacts on remote systems Nonstarters: Retaliation and Punishment Retaliation is morally wrong in that is motivated simply by a desire to even the score, for revenge, and is not responsive to justice or desert. In a society with a functioning legitimate government it is morally impermissible for private persons to punish those powers are monopolized by governments. (I.e., Himma is presuming the context of judicial punishment if, e.g., parents have the moral prerogative to punish their children, this would be an important exception to his assertion.) 9

The Defense Principle We general accept that persons have a moral right to use force in self-defence, provided that the force used is i) proportional, ii) necessary, and iii) directed only toward the immediate source of the threat. In view of iii) the Defense Principle will not justify force used against an innocent bystander (i.e., third party) The Necessity Principle It is also (fairly) commonly accepted that it is morally acceptable to infringe (as opposed to violate) rights in order to bring about a significantly greater good. This will be the case when i) the value of the right being infringed < the value of the good being secured and ii) there is no other way to bring about the good being secured except through infringement of the right. The Necessity Principle could justify infringement of the rights of innocent bystanders (e.g., shoving a bystander out of the way in order to save a life) 10

Aggressive (i.e., harm directing) responses will generally be ruled by out the Defense Principle in that they are a) not necessary and b) will (often) involve harm to third parties (e.g., owners of malware-infected computers used in DDoS attack) They will also generally be ruled by the Necessity Principle in that the unpredictable harms created by an aggressive response may well outweigh the moral good that the response intended to produce. Benign responses intended to identify an attacker (e.g., tracebacks) cannot be justified by the Defense Principle (since they do not defend against attacks), but might be justified under the Necessity principle (e.g., to secure the good of brining wrongdoers to justice ) But even benign responses can potentially infringe the rights of innocent third parties (e.g., they may identify the wrong party, in the case of a sophisticated, multi-layer attack and, in any case, involve accessing the third party s computer with her permission). 11

Inadequacy of Law Enforcement Perhaps active response can be justified on the grounds that i) digital intrusion is the sort of thing that the state ought to protect us from and ii) the state is doing an inadequate job of it, so, iii) private parties are entitled to use active measures to protect themselves. ii) is likely correct: law-enforcement agencies typically lack sufficient resources for digital crime investigations, which both highly labour-intensive and may involve jurisdictional complexities. Himma: Nonetheless, this argument falls short. It assumes that private parties will be able to do for themselves what the state has failed to do, but this is usually just factually in correct. Moreover, aggressive countermeasures are not only unlikely to succeed in protecting against attack, they may simply result in escalation. 12

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback