This title might not be very clear, let me elaborate :
Let's say, you're a computer scientist on your browser. You innocently browse the web, looking for a new book about procrastination (or anything else). Suddenly, a click lead you to the homepage of EvilCorpWorld, a (fictional) company incarnating the opposite of your ethical views.
EvilCorpWorld isn't a "common evildoer", they blatantly make the world a worst place. According to your ethical views, they could be enslaving children, selling weapons to warlords, practicing tax fraud at country scale, they support network promoting racism and sexism...
On the homepage of EvilCorpWorld, you inadvertently notice a big security flaw. Something like "click here for rootshell (Admin only!)". For the sake of simplicity, let's say it's an actual flaw, not a honeypot or anything else.
Now you have three possibility :
- to tell : email EvilCorpWorld to warn them about the huge flaw.
- to poke : like with a stick, poke the flaw, trying to see how far you can get. Poking does not mix with wrongdoing on purpose or for benefit. It's more a playful activity.
- to delegate : unsure of what to do, asking someone more versed in infosec what they think
What would be the most ethical-wise thing to do (maybe something other than three options)?
This isn't as hypothetical as you might think.
Our IDS examines each incoming query and, if it decides it's malicious, it then sends a report to the ISP owning that IP address, who either cancels the account of the hacker, or removes any malware which sent the query.
In your case, I'd do the same thing i.e report the website to the ISP.
It works. ISP's loathe hackers nearly as much as we do, and they're only too pleased to take them off the air. To date: 118,747, and counting.
1. Only 3 choices exhibits the logical flaw of the excluded middle
(logical foundation)
2. How do you know EvilCorp won't exact revenge on you and your family?
(incommensurable power levels between individuals and groups)
3. How do you know the ISP isn't controlled by EvilCorp?
(delegation, subversion)
4. Cybersecurity and authentication are contradictions in terms.
(delegation and subversion, but also profit from other's incredulity of techology as magic)
5. "We can't solve problems by using the same kind of thinking we used when we created them." -- Einstein
(epistemology)
Robert Schaefer Elegant!
Yet I have to disagree with 2 : assuming Rousseau was right, the individuals acting collectively are the only source of power (the sovereign). EvilCorp can be destroyed.
Regarding 5, I propose a poetic thinking (Louise Michel)
Tout quartier pris par Versailles était changé en abattoir.
La rage du sang était si grande, que les Versaillais tuèrent de leurs propres agents allant à leur rencontre.
Delisting a URL is no more than the game of whac-a-mole.
https://en.wikipedia.org/wiki/Whac-A-Mole
May I suggest applying the proper length lever to the properly placed fulcrum?
https://wtf.tw/ref/meadows.pdf
For your reply to 5, Google translate was very helpful. Thank you for the reference to Michel.
One method, that is safe, more or less, for journalists who live in, or are citizens of nations that have strong libel laws and rule of law, except for the exceptions, i.e. Saudi Arabia (https://en.wikipedia.org/wiki/Assassination_of_Jamal_Khashoggi) is "name and shame" for example, slate's evil list: https://slate.com/technology/2020/01/evil-list-tech-companies-dangerous-amazon-facebook-google-palantir.html
Thanks for the list, 1, 2 and 3 weren't surprising but don't remember seeing 4 before.
Getting back on the initial topic, my question was more about the "ethically best option" rather than the "option I would advise". Let say one's end up with a root shell over all the assassinations drones of the US army.
It is probably wisest to close the computer, set the building on fire and run away.
It might be ethically preferable to run "crashAllDrone.sh", because assassination is hardly defendable.
It might be interesting to look at the sources for comments:
// TODO : refactor aimAt and fireAt
It seems there "must be" a best ethical choice given a degree of technical knowledge and a given moral philosophy. An utilitarian that master the shell would weight the outcome of each possible assassination ending up in a state of undecision. Someone more into Kant's and poor shell knowledge would do his best to stop the drones but would probably fail. Most anarchist would apply Kroptkine's views and try to stop the drones, if they know what a shell is.
The degree of technical knowledge is a term of the conundrum that is (as far as I know) rather new to this problem.
More specifically, the very high variance of technical knowledge in IT and the actual means of power given by such knowledge is a source of questioning.
I don't know how much people have even heard about "Cambridge Analytica", but I suspect it represents only a very small fraction of humans impacted by Trump election (given that all humans are impacted).
If we're accountable for our actions and predictable consequences, each member of the "technical" team in Cambridge Analytica is accountable to a great degree no?
- Badges
- Science topic
- Similar topics
- Philosophy
- Ethics