![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
My Answers to HWCase5, Q1
Nov. 2nd, 2022 09:05 pmQ1. As a “case” to discuss for this unit, use a law related to security, privacy, etc. Suggestions: HIPAA, FERPA, Computer Security Act, Sarbanes-Oxley, Gramm-Leach-Bliley,COPPA, Payment Card Industry Data Security Standard (PCI DSS), US Patriot Act, Section 508 of the Americans with Disabilities Act, or some other law.
A link or other citation to the case you are using, or if it is from personal experience, point that out.
A list of 8 or more important facts about the case. These could help you tell your group members or anyone or remind yourself what the case is all about.
A list of questions (4 or more) to think about or discuss about the case.
Answer:
The source of my case is US v Andrew Auernheimer
Eight important facts are:
Four questions to ask about the case are:
Three additional standard questions:
A link or other citation to the case you are using, or if it is from personal experience, point that out.
A list of 8 or more important facts about the case. These could help you tell your group members or anyone or remind yourself what the case is all about.
A list of questions (4 or more) to think about or discuss about the case.
Answer:
The source of my case is US v Andrew Auernheimer
Eight important facts are:
- When the iPad was released customers were required to register their accounts through an AT&T website.
- The website required your personal information to sign-up including your name, address, email address, and phone number.
- When testing the websites security, Andrew Auernheimer discovered a flaw that allowed him to gain access to the email addresses of all their customers.
- Andrew notified AT&T about the security vulnerability but they did not respond and took no action to correct it.
- In response Andrew decided to leak customer's emails to the press to publicize the vulnerability, although much of it was redacted.
- After the press made a story about it, AT&T hit back hard by alerting the federal government.
- The federal government then prosecuted Andrew for violating the Computer Fraud & Abuse Act. The government then claimed that the act took place in New Jersey to elevate the charge from a misdemeanor despite nothing having occurred there.
- He was subsequently convicted for 41 months and forced to pay $73,000 in restitution.
Four questions to ask about the case are:
- Was the verdict of Andrew's case ethical?
- If Andrew were to go back in time, how should he have tackled the issue differently, or did he do it right the first time?
- If despite all attempts to contact them about the problem, AT&T ignored it, is it ethical to reveal the problem to the public like Andrew did?
- Andrew was trying to shed light on a security vulnerability that AT&T wasn't fixing. Should revealing security vulnerabilities like he did be punishable by law?
Three additional standard questions:
- What does virtue ethics say about this case?
- What does utilitarianism say about this case?
- What does deontology say about this case?
