Tuesday, November 17, 2009

Hacking and Ethics

I get a lot of interesting email. Today I received an email from a student in Japan asking me the question “Do you think that hackers will decrease if we improve Information-ethics-education?” My first thought was yes. My second thought was no. My third thought was maybe. Helpful answers? Perhaps not but it is a complex question.

By hacking I assume, based on context, that me means the breaking into systems sort of hacking rather than the old-fashioned “trying all sorts of things to see what one can learn sort of hacking” that was the more common meaning in “the old days.” And of course many of the people breaking into systems even today claim no malicious intent. They seem oblivious to the feelings of violation that people quite naturally feel from having strangers poking through their computers. If we started some ethics training in young people learning computer science maybe we could help there.

I do think that ethics training is quite necessary and that it will help reduce some forms of hacking by the sorts of people who get formal education in computing and IT. It doesn’t reach or do much with the self-taught learners or the people who are learning informally from people who are already hacking. So the effects of ethics training on hacking or as I would prefer to say “cracking” are perhaps limited. That doesn’t mean it should not be done. I note that it is included as a part of the APCS curriculum.

Also it is most often the people who get formal training who wind up in commercial software development (Though not always of course) and there we may need ethics training even more. Take the case of the two programmers recently arrested as being complacent in the Bernie Madoff Ponzi scheme. Perhaps some more ethics training would have helped there. Maybe not of course as a lot of money can move many people. But one can have hope.

The motivations for cracking are many. Sometimes it is money. Sometimes it really is learning. And sometimes it is people looking for a chance to prove themselves. I think we can help the latter two by a combination of ethics training and increasing the legitimate options for learning and proving ones self.

Frankly that is one of the cool things about the DreamSpark program. If a student can get a legitimate copy of Windows Server 2008, set it up, secure it from Internet endeavors and demonstrate to peers or potential employers that they know what they are doing that is a good thing. That they can do it without cracking some company security is bonus! We can also provide show off opportunities in schools, in contests (see the Imagine Cup for example) and service projects that may help as well. But at the root we have to instill some ethical sense in students from the very early days. School is a good place to start.

BTW as a starting point for discussion there is a link to the ACM Code of Ethics and Professional Conduct.

No comments: