Final

[paefcais1617.git] / assignment1 / a.tex

%&a
\begin{document}
\maketitle
Regarding the case of \JS{} I will bring out an advice for further action. In
the first paragraph we dwell a little over the facts. Following we analyse the
facts from different ethical frameworks. Lastly, the third paragraph will draw
a conclusion and a verdict.

\paragraph{Facts}
Surrounding the case of \JS{} we became aware of several facts.
\Jo{} is a seasoned hacker and is thought of as such by his fellow students.
Moreover, \Jo{} is admired for his hacking skills.
\Jo{} was in his opinion challenged by a remark the teacher made about the
superb security of the medical centre's system. \Jo{}'s fellow students did not
thought so.
\Jo{} immediately gave in and confessed
while stating he did not meant to do harm with it.
While the dean has a good idea of what hacking is in the eyes of computer
science students. On the other hand, some others in the board see ``hacking''
as deviant behaviour. 

Not all information is relevant for the case. Factual information given about
the location of the university and the courses \Jo{} currently takes are not
relevant. On the other hand, some other information that would be useful is
missing. Information about the curriculum concerning courses about hacking and
security can shed a light on the motives of \Jo{} and what is common knowledge
about, possibly ethical, hacking.

\paragraph{Ethical perspective}
My gut reaction to this case is to not give Jon a heavy penalty
but instead to let him go clear with just a stern lecture. The action was
clearly thought through and but he did not seem to be able to understand the
impact of his action. This intuition arises mainly from the fact that no data
was touched and \Jo{} is a well-performing student. However, there is also a
voice that says that because \Jo{} is a seasoned hacker he could have and
should have known better.

Looking just at law one can conclude that it is justified to punish \Jo{} since
breaching into unauthorized systems is against the law. However, laws form no
absolute ethical wager and therefore we should test the case against several
theories to form a conclusion. Law does acts as a kind of average of ethics in
a society or at least the average of the lawmakers ethics.

The main two ethical theories are \emph{consequentialism} and
\emph{deontologism}. I will analyze the case from both of the theories.

\emph{Consequentialism} is the view on ethics that dictates that an action is
good or bad when the consequences are good or bad. From a purely
consequentialists point of view \Jo{} should not need to be punished. This is
because no files were read and thus no privacy has been infringed on and no
negative consequences other than the time lost on this case have happened. One
could even argue that the consequences were merely positive since the system
administrators can improve the security of the system. This is of course a
little short sighted because bad results have happened indirectly. If the hack
becomes public the people will likely lose faith in the security of the system.
Moreover, while the leak will be known to the administrators it might not be
possible to fix it immediately due the nature of the breach or sheer resources.
In short this means that in the eyes of \Jo{} his action had no negative
effects but in contrary some members of the board will reason the other way
around.

Another entirely different theory is the \emph{Deontological theory}.
\emph{Deontologism} is the view on ethics that dictates that if an action is
good or bad is only determined by the nature of the action. From the given
facts it is clear that some members of the board think of hacking as an
inherently bad behaviour. \Jo{} on the other hand thinks it is fun and does it
for the sake of creativity and testing the limits of the system. The shift in
normativity in cyberspace has been described by
Nissenbaum~\cite{nissenbaum2004hackers}. This influences the deontological way
of reasoning significantly since for one side the action is not inherently bad
but for the other it is. This is a similar phenomenon that we see when we
analyze the case with a \emph{consequentialistic} approach.

A sub in \emph{deontologism} is \emph{contractarianism}. In this
framework the right or wrongness of an action is determined by what rational
people would do.  This view on ethics poses the same problem as
\emph{consequentialism} and \emph{deontologism} in the sense that there is no
consensus about what rational people would do. The chasm between opinions about
hacking results in a chasm between opinions about the sentence to \Jo{}.

To reason from a purely \emph{deontological} or \emph{consequentialistic} point
of view can be considered dangerous since they are very absolute and allow
strange loopholes. Therefore Ross~\cite{ross1930good} came up with a theory
that combines the two systems in such a way that sometimes inherently bad
actions may be taken as long as it serves a greater good. This theory can be
projected on the case. \Jo{} committed an inherently bad action, in the eyes of
some, for the sake of improving himself and the security of the system. Whether
this is a greater good is again thought of very differently in the board.

\paragraph{Conclusion}
It is not fair to punish \Jo{} severely, for example by expelling him, just to
send a message. In this way \Jo{}, and therefore hackers, will be demonized.
Also, one could argue that the university, as an academic organization should
try to act in an objective rational way without setting a political statement.
Hacking has more and more gotten a political connotation lately. Thus punishing
\Jo{} very severely will send out a political message which a university should
refrain from as much as possible.

A university is a progressive objective and scientific organization that must
be aware of the change in normativity happening. Therefore my advice is to keep
the original meaning of hacking in mind when giving a verdict. \Jo{} thinks of
himself as an original hacker and acted as such. We  must not see hackers as
deviants but as creative people. Together with the fact that \Jo{} handled
accordingly by not looking at the data and wanting to report the leak to the
system administrators makes me vouch for just giving \Jo{} a stern lecture.
Moreover, to improve the view on hackers it might be fruitful to focus more on
ethics in the curriculum. We can send a message much stronger than sheer
punishment to the population by educating how to behave in cyberspace as a
professional.

\bibliographystyle{ieeetr}
\bibliography{a}
\end{document}