Final

[paefcais1617.git] / assignment2 / a.tex

%&a
\begin{document}
\maketitleru[authorstext={Author:},
        course={Philosophy and Ethics of Computer and Information Sciences}]
\section{Grey Hat Cracking Should Be Legalized}\label{sec:grey}
In the digital world the notion of property is significantly different than the
notion of property in the real world. Property in the digital world can be
interchanged, duplicated and changed without physical intervening. This means
that property and ownership is much more a matter of trust and regulations than
anything of material kind. By this definition the notion of \emph{going
equipped} in the digital world is vastly different than in the physical world.
One can go \emph{non-equipped} but having the tools within reach and the other
way around. There is hardly a concept of distance in the digital world.

Grey hat hacking means black hat hacking with good intents. Grey hat hacking is
not hacking for the sake of cracking but for the sake of improving the security
and notifying the owner of the system. Often this is compared to breaking into
a house and informing the owners on how to improve their door locks. However,
with the aforementioned notion of property, this is not an analogous issue.
Grey hat hacking, as is digital property is built around trust. Moreover, while
the actions of a black and grey hat hacker look the same, a grey hat hacker
will not misuse the system by for example planting back doors. To notice the
difference between black and grey hat one has to know and master the
techniques.

All of this means that there is an extremely thin line between grey and black
hat hacking. Some might even argue that there is no difference. Allowing or
even encouraging grey hat hacking leads to the classical slippery slope
problem. The confusion arises from the fact that opinions might differ. Imagine
a case where medical data has been compromised but the hacker did not look at
the data. The stakeholders in the privacy of the data such as patients and
doctors might view the deed as black hat. On the other hand, the hacker himself
might view the case a grey hat because he informed the administrators and did
not touch the data. Especially while the current view on hacking ever so much
is changing it very quickly becomes a slippery slope.

The best solution at this point in time is in my opinion to tolerate, not
actively chasing them, grey hat hackers and keep testing the boundaries using
the court of law. In this way true grey hat hackers will possibly be bothered
and not punished and true black hat hackers will be punished true the court of
law. Society will change and with it the view on hacking. Police forces will
have to acquire trained IT professionals to keep up the pace with the black hat
hackers.

\section{Web Scrapers and Robot Denial Files}
The current state of practise for \verb|robots.txt| files is that they are
read, parsed and acted upon. However, accessing data that is explicitly denied
by the \verb|robots.txt| file is not illegal in the current state of the
internet. When information is placed on the web it is known that it is visible
for everyone. When you do not want your information to be visible you can place
it behind portals in such a way that only authorized visitors can see the
content, and thus not robots. Regulating the content access and forcing the
regulations requires a fundamental change in the way we view the internet. The
internet can not be the anarchistic place anymore and requires laws and control
over the content.

The current state of the internet does not require such an extension to the
\verb|robots.txt| protocol. When you want information not to be seen by other
you should not put it online. And if you do want to put it online you can hide
behind a digital wall. Therefore I think the change would be bad and would not
improve the internet as it is. When for example stores think they are scraped
in a bad way (such as taxes, postage etc.) they can just improve their scraping
interface. Web store aggregators just want to sell as much as possible and
probably want to assist in improving the websites by using dedicated
\emph{API}s for example.

Changing the internet to facilitate this behaviour has too many bad
consequences. All traffic must be monitored to see whether it concerns a robot
or a normal user. The openness and freeness of the internet will come to an end
and is therefore not desirable.

\section{An Immune System for the Internet}
This case is very much similar to the first case discussed in
Section~\ref{sec:grey}. However, the nature of this discussion point is even
more extreme. Patching systems through breaking in can be seen as grey hat
hacking. The methods used are bedraggled but the consequences are positive.
However, this matter is different from the previous ones in the sense that it
proposes to allow such behaviour. This case proposes to encourage breaching
systems to patch them.

From a purely consequentialists point of view there is nothing wrong with it.
The victims machine will be patched and no harm is done besides walking into an
already open door. However, from a deontological point of view this is wrong
because you have to resort to inherently bad techniques such as breaching into
systems and changing systems unauthorized.

The same problem as the similar discussion point arises which is the thin line
between good and bad. The opinions on what is a well-patched system might
change and there might even be a schism in the population on certain patches.
Take for example the \emph{phone-home} patch that was introduced in
\emph{Windows 7} that adds the similar \emph{phone-home} functionality to the
system that is present in the successor \emph{Windows 10}. This functionality
allows the system to call back to the servers of \emph{Microsoft} to send
information such as statistics. Some user might deliberately ignore this patch
because it infringes on their privacy. \emph{Microsoft} on the other hand will
probably state that it is necessary to guarantee a good user experience and
possibly even to guarantee safety. Obviously this example is arcane and
artificial but similar problems may arise.

Therefore the solution to this problem is to disallow placing ``good'' malware
on systems. Following the same principles as the previous case it might be
legal to notify the users in some way of their unpatched systems. But again,
this is a very thin line and has to be tested continuously via the court of
law.
\end{document}