My Answers to HWCase5, Q3
Nov. 9th, 2022 10:57 pmQ3. Write up your case on your blog with the following subheadings:
“The facts of the case.” Here is where you describe the case in your own words.
“Analysis.” Examine the case in terms of the questions.
“My conclusions.” Your conclusions and opinions about the case. Be sure to explain and justify what you write. 3 sentences of average length or more.
“Future environment.” Describe your vision of a future in which technology is more advanced than today, or society has changed in some significant way, such that the ethical issues of the case would be even more important than they are in today’s world. 3 sentences of average length or more.
“Future scenario.” Describe how this ethical case (or an analogous one) would or should play out in the environment of the future, and give your opinions about it. 3 sentences of average length or more.
When the original iPad was released, customers had to register their new device under AT&T and a man by the name of Andrew Auernheimer discovered a security vulnerability with their registration website. He was able to gain access to the emails of all who signed up. He tried contacting AT&T to get them to fix the issue but he was met with silence. In response he went to the news and gave them redacted emails with a description of the problem to try and publicize it so that it would get fixed. Once the news story ran and AT&T found out about it they contacted the federal government to get him tried for violating the Computer Fraud & Abuse Act. He was sentenced for 41 months and had to pay a $73,000 restitution.
The virtue ethics approach would view Andrew as a 'good' character because he was trying to fix a problem that could've impacted many people. He wanted to fix an issue that was otherwise being ignored. The deontological approach would view him as bad. Although he simply wanted the issue fixed, when he publicized that it existed it opened up the possibility of other people finding it and exploiting it. The utilitarian approach would view him as 'good'. This is because in the end, the problem did end up getting fixed and nobody else was able to exploit it before then.
The conclusion of the case was very unsatisfying. The government forced charges upon him much greater than his crime, many of which weren't even applicable to his actions. He ended up being tried and forced to pay a large sum for trying to do a good deed. Had the problem been left unattended bad actors could have used this exploit for negative effects.
In the future I envision there would be a system in place to pay people for finding and revealing security exploits such as this. Many companies already have such a system in place, but having one in place globally would benefit everyone. The incentive for most hackers in exploiting security vulnerabilities is either money or social justice. At the very least this would get rid of the money incentive greatly decreasing the number of hackers.
In the future say a large company like AT&T had another worse security vulnerability that revealed more than just emails. Say it gave access to passwords, credit card information, and addresses too. A hacker that gained access to information like that has two options, to sell it on the black market, or to reveal the exploit. In my future both deeds are rewarded with monetary value so when faced with a crime that pays money and a legal avenue to make money, more people would choose the legal way instead, reducing the amount of crime and exploited systems that occur.
“The facts of the case.” Here is where you describe the case in your own words.
“Analysis.” Examine the case in terms of the questions.
“My conclusions.” Your conclusions and opinions about the case. Be sure to explain and justify what you write. 3 sentences of average length or more.
“Future environment.” Describe your vision of a future in which technology is more advanced than today, or society has changed in some significant way, such that the ethical issues of the case would be even more important than they are in today’s world. 3 sentences of average length or more.
“Future scenario.” Describe how this ethical case (or an analogous one) would or should play out in the environment of the future, and give your opinions about it. 3 sentences of average length or more.
Answer:
The facts of the case.
When the original iPad was released, customers had to register their new device under AT&T and a man by the name of Andrew Auernheimer discovered a security vulnerability with their registration website. He was able to gain access to the emails of all who signed up. He tried contacting AT&T to get them to fix the issue but he was met with silence. In response he went to the news and gave them redacted emails with a description of the problem to try and publicize it so that it would get fixed. Once the news story ran and AT&T found out about it they contacted the federal government to get him tried for violating the Computer Fraud & Abuse Act. He was sentenced for 41 months and had to pay a $73,000 restitution.
Analysis.
The virtue ethics approach would view Andrew as a 'good' character because he was trying to fix a problem that could've impacted many people. He wanted to fix an issue that was otherwise being ignored. The deontological approach would view him as bad. Although he simply wanted the issue fixed, when he publicized that it existed it opened up the possibility of other people finding it and exploiting it. The utilitarian approach would view him as 'good'. This is because in the end, the problem did end up getting fixed and nobody else was able to exploit it before then.
Conclusions.
The conclusion of the case was very unsatisfying. The government forced charges upon him much greater than his crime, many of which weren't even applicable to his actions. He ended up being tried and forced to pay a large sum for trying to do a good deed. Had the problem been left unattended bad actors could have used this exploit for negative effects.
Future Environment.
In the future I envision there would be a system in place to pay people for finding and revealing security exploits such as this. Many companies already have such a system in place, but having one in place globally would benefit everyone. The incentive for most hackers in exploiting security vulnerabilities is either money or social justice. At the very least this would get rid of the money incentive greatly decreasing the number of hackers.
Future scenario.
In the future say a large company like AT&T had another worse security vulnerability that revealed more than just emails. Say it gave access to passwords, credit card information, and addresses too. A hacker that gained access to information like that has two options, to sell it on the black market, or to reveal the exploit. In my future both deeds are rewarded with monetary value so when faced with a crime that pays money and a legal avenue to make money, more people would choose the legal way instead, reducing the amount of crime and exploited systems that occur.