Tuesday, May 6, 2014

A Door We Must Choose Ourselves - A Revisit

A power indeed we have learned, for the dark side is as tasty as the light. Although not as epic as the powers Jedis hold, I have learned a great deal from this class. These skills that I have learned have opened many doors for me. These doors, however, are no longer simply labeled as good and bad, dark and light, but rather each of these doors hold a cautionary question: "Is this ethical?"

In general, I would not perform actions on networks and computers if they have analogous actions performed on homes or organizations that I would reject; homes or organizations are defined by their property lines. As such, intrusive actions are analogous to entering someone's property, while non intrusive actions are analogous to actions performed from outside the property. Just as I would only enter a home if let in, I would only enter a network or computer if I was let in. In most cases, the method of entrance to a home or network is determined either explicitly by the home owner, or at the location the agreement to enter was made at, in either case there in a clear means and agreement of entering. As such I only enter computers or networks that I have been given explicit consent, and by extension the mode of entrance. Once inside a property, the rules of interaction are sometimes explicitly noted upon entry. There are some situations where someone is explicitly given power such as a administrator, or penetration tester. Thankfully, I do not plan on working within the IT fields. I do not wish to be put in situations where I must pick between upholding job efficiency and retaining moral code. But if I were, I would choose to uphold the privacy of people as much as I can and only breach such conditions if it was clear and imminent that the person or people risk the safety of others or breach any rules of the property. I hold this analogous to being a security guard, I would not peek into a bathroom stall unless it was clear and imminent that the person was performing actions that either endangered others or violated the organization's rules. I for one would not work for an organization who's rules did not have a clear purpose, or if they had obscure rules but did not explicitly and clearly state these rules. If these rules are not clear as a non administrator, I would proceed with caution and try to figure them out. Just as I try not to make too many assumptions when in someone's house I will not make too many assumptions in another's network or computer. I will often limit my actions to common actions performed by non enlightened personnel, so no hacking or scanning when inside a network or computer.

Non-intrusive actions are fair to me. Just as there are fences you can lean on an buildings you can look at, there are parts of a system that you are allowed to interact with such as ports. So any information gathering is fair game as long as it's information that is publicly available. And port scanning is fair game. Since I know these skills I have the responsibility to inform people if I do find any vulnerabilities when scanning. I also do not consider these vulnerabilities as open doors but instead a closed door with a faulty lock. In both cases I would not take advantage of the problem.

Although many consider packet sniffing fair game, thinking that the information is in free air, that it is information that is available to collect and decrypt. I think otherwise as I think this analogous to finding a delivery truck and opening the letters inside. So no, I do not consider packet sniffing acceptable and I would not do it.

To summarize, any information that is publicly available is fair to interact with, any intrusive action must be given explicit consent, and any vulnerabilities I find must be reported accordingly. This outline of my actions are of course a mere guideline and put into many theoretical settings. My actual actions will be based on much more than what is outlined and will require information such as the purpose of performing such actions as well who it affects and the level of communication with the people effected.

Below is a reflection I previous wrote in the original version of this post:

Throughout the class we learned how to hack. We learned how to search for vulnerabilities within a network, and exploit them. We learned that through old and possibly current systems, we are able to access the internal information not available to the public. In many cases, these actions are deemed illegal outside a virtual or closed environment. And to most, the combination of the words "hacking" and "illegal" induce an almost automatic response to labeling these actions as "bad" or unethical. But early in the class we realized that these lines are not as defined as we thought. We watched a documentary for class on Anonymous and their hacktivism. Through this film and our discussion, the class came to the understanding that laws regarding technology, just like all laws, can come under scrutiny and that its status as a law does not define it as unethical. We also ran through the scenario of being a penetration tester. We assume that since it is our job to test a system, and that we have a certain level of access to their information, that what we do is okay. But does this make it okay to sift through personal information that may be within the bounds of your contract as well? What if you realize that the company you work for runs a shady business in the side, but you are contractually obligated not to divulge any information found in the network. This is where our lines begin to blur, and where we began to paint our own lines. Because without this guideline, the task of determining what is right and what is wrong no longer default to the law, but instead it is determined by our own hands. This is our first responsibility: judging our own actions.




In class we learned how to collect packets that are sent over the network that are not necessarily meant for us. There are some arguments that suggest that these packets are free for the taking since they are in free air, and that the information in public space is public as well. But we can also liken this situation to playing catch, when we throw the ball to our friend, do we loose ownership of the ball? We ran through many similar situations regarding property, but what was apparent to me is that our current view on technological philosophy is ancient. This is our second responsibility, moving forward our philosophical views on technology.

No comments:

Post a Comment