Q3. Write up your case on your blog with the following subheadings:

“The facts of the case.” Here is where you describe the case in your own words.
“Analysis.” Examine the case in terms of the questions.
“My conclusions.” Your conclusions and opinions about the case. Be sure to explain and justify what you write. 3 sentences of average length or more.
“Future environment.” Describe your vision of a future in which technology is more advanced than today, or society has changed in some significant way, such that the ethical issues of the case would be even more important than they are in today’s world. 3 sentences of average length or more.
“Future scenario.” Describe how this ethical case (or an analogous one) would or should play out in the environment of the future, and give your opinions about it. 3 sentences of average length or more.


Answer:



The facts of the case.


When the original iPad was released, customers had to register their new device under AT&T and a man by the name of Andrew Auernheimer discovered a security vulnerability with their registration website. He was able to gain access to the emails of all who signed up. He tried contacting AT&T to get them to fix the issue but he was met with silence. In response he went to the news and gave them redacted emails with a description of the problem to try and publicize it so that it would get fixed. Once the news story ran and AT&T found out about it they contacted the federal government to get him tried for violating the Computer Fraud & Abuse Act. He was sentenced for 41 months and had to pay a $73,000 restitution.

Analysis.


The virtue ethics approach would view Andrew as a 'good' character because he was trying to fix a problem that could've impacted many people. He wanted to fix an issue that was otherwise being ignored. The deontological approach would view him as bad. Although he simply wanted the issue fixed, when he publicized that it existed it opened up the possibility of other people finding it and exploiting it. The utilitarian approach would view him as 'good'. This is because in the end, the problem did end up getting fixed and nobody else was able to exploit it before then.

Conclusions.


The conclusion of the case was very unsatisfying. The government forced charges upon him much greater than his crime, many of which weren't even applicable to his actions. He ended up being tried and forced to pay a large sum for trying to do a good deed. Had the problem been left unattended bad actors could have used this exploit for negative effects.

Future Environment.


In the future I envision there would be a system in place to pay people for finding and revealing security exploits such as this. Many companies already have such a system in place, but having one in place globally would benefit everyone. The incentive for most hackers in exploiting security vulnerabilities is either money or social justice. At the very least this would get rid of the money incentive greatly decreasing the number of hackers.

Future scenario.


In the future say a large company like AT&T had another worse security vulnerability that revealed more than just emails. Say it gave access to passwords, credit card information, and addresses too. A hacker that gained access to information like that has two options, to sell it on the black market, or to reveal the exploit. In my future both deeds are rewarded with monetary value so when faced with a crime that pays money and a legal avenue to make money, more people would choose the legal way instead, reducing the amount of crime and exploited systems that occur.
Q1. As a “case” to discuss for this unit, use a law related to security, privacy, etc. Suggestions: HIPAA, FERPA, Computer Security Act, Sarbanes-Oxley, Gramm-Leach-Bliley,COPPA, Payment Card Industry Data Security Standard (PCI DSS), US Patriot Act, Section 508 of the Americans with Disabilities Act, or some other law.

A link or other citation to the case you are using, or if it is from personal experience, point that out.
A list of 8 or more important facts about the case. These could help you tell your group members or anyone or remind yourself what the case is all about.
A list of questions (4 or more) to think about or discuss about the case.


Answer:

The source of my case is US v Andrew Auernheimer

Eight important facts are:


  • When the iPad was released customers were required to register their accounts through an AT&T website.

  • The website required your personal information to sign-up including your name, address, email address, and phone number.

  • When testing the websites security, Andrew Auernheimer discovered a flaw that allowed him to gain access to the email addresses of all their customers.

  • Andrew notified AT&T about the security vulnerability but they did not respond and took no action to correct it.

  • In response Andrew decided to leak customer's emails to the press to publicize the vulnerability, although much of it was redacted.

  • After the press made a story about it, AT&T hit back hard by alerting the federal government.

  • The federal government then prosecuted Andrew for violating the Computer Fraud & Abuse Act. The government then claimed that the act took place in New Jersey to elevate the charge from a misdemeanor despite nothing having occurred there.

  • He was subsequently convicted for 41 months and forced to pay $73,000 in restitution.



Four questions to ask about the case are:

  • Was the verdict of Andrew's case ethical?

  • If Andrew were to go back in time, how should he have tackled the issue differently, or did he do it right the first time?

  • If despite all attempts to contact them about the problem, AT&T ignored it, is it ethical to reveal the problem to the public like Andrew did?

  • Andrew was trying to shed light on a security vulnerability that AT&T wasn't fixing. Should revealing security vulnerabilities like he did be punishable by law?


Three additional standard questions:

  • What does virtue ethics say about this case?

  • What does utilitarianism say about this case?

  • What does deontology say about this case?

Profile

Will

November 2022

S M T W T F S
  1 23 45
678 910 1112
1314151617 1819
20212223242526
27282930   

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 16th, 2025 04:23 pm
Powered by Dreamwidth Studios