通过

Hacking and Ethics

  • 项目

I get a lot of interesting email. Today I received an email from a student in Japan asking me the question “Do you think that hackers will decrease if we improve Information-ethics-education?” My first thought was yes. My second thought was no. My third thought was maybe. Helpful answers? Perhaps not but it is a complex question.

By hacking I assume, based on context, that me means the breaking into systems sort of hacking rather than the old-fashioned “trying all sorts of things to see what one can learn sort of hacking” that was the more common meaning in “the old days.” And of course many of the people breaking into systems even today claim no malicious intent. They seem oblivious to the feelings of violation that people quite naturally feel from having strangers poking through their computers. If we started some ethics training in young people learning computer science maybe we could help there.

I do think that ethics training is quite necessary and that it will help reduce some forms of hacking by the sorts of people who get formal education in computing and IT. It doesn’t reach or do much with the self-taught learners or the people who are learning informally from people who are already hacking. So the effects of ethics training on hacking or as I would prefer to say “cracking” are perhaps limited. That doesn’t mean it should not be done. I note that it is included as a part of the APCS curriculum.

Also it is most often the people who get formal training who wind up in commercial software development (Though not always of course) and there we may need ethics training even more. Take the case of the two programmers recently arrested as being complacent in the Bernie Madoff Ponzi scheme. Perhaps some more ethics training would have helped there. Maybe not of course as a lot of money can move many people. But one can have hope.

The motivations for cracking are many. Sometimes it is money. Sometimes it really is learning. And sometimes it is people looking for a chance to prove themselves. I think we can help the latter two by a combination of ethics training and increasing the legitimate options for learning and proving ones self.

Frankly that is one of the cool things about the DreamSpark program. If a student can get a legitimate copy of Windows Server 2008, set it up, secure it from Internet endeavors and demonstrate to peers or potential employers that they know what they are doing that is a good thing. That they can do it without cracking some company security is bonus! We can also provide show off opportunities in schools, in contests (see the Imagine Cup for example) and service projects that may help as well. But at the root we have to instill some ethical sense in students from the very early days. School is a good place to start.

BTW as a starting point for discussion there is a link to the ACM Code of Ethics and Professional Conduct .

Comments

  • Anonymous
    November 17, 2009
    Ethics cannot just be taught in any specific class, but it learned through life. Going to school with responsible peers and decent role models are surely the best way for students to gain an understanding of what is acceptable. Hacking splits off into maliciousness and curiosity. One can be curious and not malicious. I find 'cracking' very fascinating but not for malicious purposes, mainly for the purpose of protecting against it.

  • Anonymous
    November 17, 2009
    In my first Security Class, our Professor said "I can't teach you how to be a good Lock Smith, without becoming a good Lock Pick" Before the turn of the century - we were also required to take a class in "Ethics in Engineering" -- something I doubt it still required. Because of the "anonymity" of the Internet . . . I fear some people feel more comfortable exploring their "lock picking" skills. So, yes - we need to bring back ethics training! Blake Handler - Microsoft MVP "The Road to Know Where"

  • Anonymous
    November 17, 2009
    The comment has been removed

  • Anonymous
    November 17, 2009
    The comment has been removed

  • Anonymous
    November 17, 2009
    While on that thought of dreamspark, does the expression studio that is released under it come with a serial code, tried installing it, and it says that I have a 60 day trial version, is this correct?

  • Anonymous
    November 17, 2009
    The comment has been removed

  • Anonymous
    November 17, 2009
    Gerald, you should be able to find a serial code for Expression on the Dreamspark web site. Check the help if you can't find it.