Chapter 5, Crime and Security Video Solutions, A Gift of Fire: Social, Legal, and Ethical Issues for Computing Technology | Numerade (2024)

What did the word "hacker" mean in the early days of computing?

Is it legal to release a computer virus that puts a funny message on people's screens but does not damage files?

What is phishing?

Give an example of hacking by a government.

Describe one method financial websites use to convince a consumer the site is authentic.

What is one technique fingerprint readers use to ensure they are not reading a fake finger?

For what Web-based service did the U.S. government arrest several business executives from England?

Your roommate Chris uses your computer at night while you sleep. Your roommate Robin takes your car at night while you sleep and drives it around for a while. Neither has your permission; neither does damage. List several characteristics of the two events that are similar (characteristics related to the effects of the events, ethics, legality, risks, etc.). List several characteristics of the two events that are different. Which would offend you more? Why?

Consider the analogy between occasional downtime on the Web as a result of viruses, worms, or denial-of-service attacks and vehicle traffic slowdowns on roads during rush hour or bad weather. Describe similarities; then evaluate. Are both side effects of modern civilization that we have to get used to? How can individuals and businesses reduce the negative impacts on themselves?

Describe two tools hackers used, or vulnerabilities they exploited, to steal consumer data from Target.

Some people argue that a hacker who defaces a Web page of a government entity such as the White House, Congress, or Parliament should receive harsher punishment than a hacker who defaces a Web page of a private company or organization. Give some arguments for and against this view.

Hacktivists might argue that presenting their views on their own websites and social media platforms is not enough because most people who would look there already share those views.
They want to reach people who visit sites with opposing views. Analyze this argument for hacktivism.

In Section 5.3.3 , we described the incident in which a hacker group hacked into the Bay Area Rapid Transit system (BART) to protest BART's shut down of wireless communication in some BART stations. Was this a form of hacktivism? Was it ethical? Give reasons.

A hacker group stole client credit card numbers from a security firm and used them to make donations to charities. Part of the purpose of the hack was to demonstrate the weakness of security at the firm. Analyze the ethics of this incident.

After terrorist attacks in Paris, the hacking group Anonymous said it disrupted Twitter accounts belonging to members of Islamic State and posted personal information about them online. List at least two questions we should ask when considering whether the group's actions were ethically acceptable.

Describe a (hypothetical) hacking attack by a foreign government that you would consider an act of war. Indicate what characteristics of the attack lead to that conclusion.

In what way is the history of the Internet responsible for its vulnerability?

To reduce scams that steal from people banking online, some people suggest creating a new Internet domain "bank," available only to chartered banks. Consider the identity theft and fraud techniques we discussed. Which ones would this new domain help prevent? For which would it be ineffective? Overall, do you think it is a good idea? Why or why not?

Some young hackers argued that, if the owners of a computer system want to keep outsiders out, it is their responsibility to provide better security. Ken Thompson, one of the inventors of UNIX, said, "The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor's house. It should not matter that the neighbor's door is unlocked. ${ }^{58}$ Which position do you agree with more? Give your reasons.

In Section 5.5.1 , we gave an analogy between merchants accepting some amount of shoplifting, on the one hand, and merchants and credit card companies accepting some amount of credit card fraud, on the other hand. Identify a strength and a weakness of this analogy.

We saw that hackers and identity thieves use many techniques and continually develop new ones. Think up a new scheme for obtaining passwords or some type of personal information that might be useful in identity theft. Then describe a possible response to protect against your scheme.

In Section 5.5.1 , we described a customer authentication method that calculates a risk score based on many details of a customer's typical activities on a company's website. To use this method, the site must store many details of each customer's visits to the site. Does this violate the privacy principles in Figure $\mathbf{2 . 1}$ of collecting only the data needed and not storing data longer than needed? Explain your answer.

Does requiring both a fingerprint and a password to log in to a system meet the criteria of multifactor authentication, described in Section 5.5.1 ? Explain.

In one multifactor authentication scheme, after the person types a username and password, the website sends a code to the person's mobile phone. The person must enter the code to continue. Give one argument for and one argument against using this method for access to Medicare accounts.

What penalty, from Harvard, MIT, or the law, do you think would have been appropriate for Aaron Swartz's massive downloading of research papers from JSTOR? (See Section 5.6 .1 .)

Suppose a 16-year-old releases automatic-dialing software that will flood the emergency 911 telephone system with calls, knocking out service. He claims he was experimenting with the software and released it by accident. What penalty do you think is appropriate?

The terms of use of the website for a major concert ticket seller prohibit automated purchases. Should a person who used a software program to purchase a large number of tickets be prosecuted for exceeding authorized access to the site? Why or why not?

Evaluate arguments in favor of and against passage of a law making the writing and publication of a computer virus a crime. (See Section 5.6 .2 .) Would you support such a law? Why?

Identify several issues raised by this scenario:
Someone in California posts on amazon.com a very critical review of a new book written by a British author. The review says the writer is an incompetent fool without a single good idea; he can't even express the bad ideas clearly and probably did not graduate from grade school; and he should be washing dishes instead of wasting the reader's time. The author files a lawsuit for libel in England against the reviewer and Amazon.

Using some of the ethical principles in Chapter 1 , analyze the ethics of the action of the U.S. blogger who posted details about the Canadian trial (Section 5.7.1 ). Do you think he should have done it?

During World War II, "Radio Free Europe" broadcast news and other information into German-controlled countries. It was illegal to listen to those broadcasts in those countries. During the "Cold War," the Soviet Union jammed Western radio broadcasts into that country. In the discussion of the Yahoo/France case (Section 5.7.1 ), we asked: "Should a speaker have an obligation not to make available speech that others do not want to hear (or that governments do not want the people of a country to hear), or should listeners have the task of covering their ears?" Does your answer for the Yahoo case differ from your answer in the German and Soviet examples? If so, how and why? If not, why not?

Assume you are a professional working in your chosen field. Describe specific things you can do to reduce the impact of any two problems we discussed in this chapter. (If you cannot think of anything related to your professional field, choose another field that might interest you.)

Think ahead to the next few years and describe a new problem, related to issues in this chapter, likely to develop from digital technology or devices.

These exercises require some research or activity.
The section on hacking by governments (Section 5.3.4 ) describes, mostly, incidents of hacking for military or strategic purposes. Find information about hacking for industrial or economic espionage. Summarize your findings. What responses are appropriate?

These exercises require some research or activity.
Find out if Facebook v. Power Ventures has been retried (after the 2016 9th Circuit Appeals Court decision described in Section 5.6.1 ). Tell the current status of the case. Find out if there have been recent prosecutions for violating the Computer Fraud and Abuse Act for unauthorized access in other cases that do not involve hacking. If so, describe the issues in one such case.

These exercises are for class discussion, perhaps with short presentations prepared in advance by small groups of students.
Near the end of Section 5.5.3 , we described three examples of disclosing vulnerabilities in computer systems. Discuss and evaluate them. Were they handled responsibly?

These exercises are for class discussion, perhaps with short presentations prepared in advance by small groups of students.
Some people argue that without the constant threats and challenges provided by (unauthorized) hackers, we might not learn of vulnerabilities, and security would be weak. Are hackers heroes? Do they perform a public service by finding and publicizing computer security weaknesses?

These exercises are for class discussion, perhaps with short presentations prepared in advance by small groups of students.
Do we have an ethical responsibility to maintain up-to-date antivirus protection and other security software on our personal computers and devices to prevent their being infected with remotely controlled software that harms others? Should a law require that everyone install such software? Consider analogies from several other technologies or areas.

These exercises are for class discussion, perhaps with short presentations prepared in advance by small groups of students.
Suppose a denial-of-service attack shuts down several thousand websites, including retailers, stock brokerages, and large corporate entertainment and information sites, for several hours. The attack is traced to one of the following perpetrators. Do you think different penalties are appropriate depending on which it is? Explain why. If you would impose different penalties, how would they differ?
a. A foreign terrorist who launched the attack to cause billions of dollars in damage to the U.S. economy.
b. An organization publicizing its opposition to commercialization of the Web and corporate manipulation of consumers.
c. A teenager using hacking tools he or she found on a website.
d. A hacker group showing off to another hacker group about how many sites it could shut down in one day.

These exercises are for class discussion, perhaps with short presentations prepared in advance by small groups of students.
Suppose a local community center has invited you, a group of college students, to make a 10-minute presentation about protecting smartphones from malicious software. Plan and give the presentation.

These exercises are for class discussion, perhaps with short presentations prepared in advance by small groups of students.
Consider the Target breach described in Section 5.3.2 . What mistakes, if anly, did each of the following people make and what was their level of responsibility?
a. The Fazio Mechanical employee who received the phishing email
b. The system administrator at Fazio Mechanical
c. The Fazio Mechanical website developer
d. The developer of Target's electronic billing system
e. The developer of Target's contract submission system
f. Target system and network administrators
g. Target cashiers
h. Target executives
i. Shoppers using credit cards at Target in 2013

These exercises are for class discussion, perhaps with short presentations prepared in advance by small groups of students.
How should the U.S. government respond to a hacking attack by China in which the hackers shut down critical military communications for several hours?*
*This is hypothetical; such an attack has not occurred.

These exercises are for class discussion, perhaps with short presentations prepared in advance by small groups of students.
Should violation of the terms of agreement of a website be a crime? Why or why not? If you think it should depend on the type of site and the type of violation, explain the criteria to make the distinction.

These exercises are for class discussion, perhaps with short presentations prepared in advance by small groups of students.
As we discussed in Section 5.5.4 , several tech companies have added strong encryption for some user communications and stored data that can prevent (or make extremely difficult) access by phone thieves, hackers, and the government. The companies themselves cannot access the data when requested by law enforcement agencies.
a. Assume there is no law prohibiting or restricting use of technologies that prevent government access. You are a committee of high-level executives of a major tech company debating whether to implement such technology in your operating system for smartphones and other products. Mention several relevant issues and discuss them.
b. Argue that people should be free to use (and companies free to provide) the best available tools to protect privacy and security. Address the problems of investigating serious crimes and terrorism.
c. Argue that a law should require that the technology allow law enforcement access to communications and stored data. Address concerns of opponents of such laws described in Section 5.5 .4

These exercises are for class discussion, perhaps with short presentations prepared in advance by small groups of students.
A judge in the state of Kentucky seized the Web addresses of more than 100 gambling sites that allow people to gamble at online slot machines and roulette tables. Such gambling is illegal in Kentucky. The online gambling companies whose sites were seized do not have a physical presence in Kentucky. Give arguments for and against the judge's action.