I get a lot of interesting email. Today I received an email from a student in Japan asking me the question “Do you think that hackers will decrease if we improve Information-ethics-education?” My first thought was yes. My second thought was no. My third thought was maybe. Helpful answers? Perhaps not but it is a complex question.
By hacking I assume, based on context, that me means the breaking into systems sort of hacking rather than the old-fashioned “trying all sorts of things to see what one can learn sort of hacking” that was the more common meaning in “the old days.” And of course many of the people breaking into systems even today claim no malicious intent. They seem oblivious to the feelings of violation that people quite naturally feel from having strangers poking through their computers. If we started some ethics training in young people learning computer science maybe we could help there.
I do think that ethics training is quite necessary and that it will help reduce some forms of hacking by the sorts of people who get formal education in computing and IT. It doesn’t reach or do much with the self-taught learners or the people who are learning informally from people who are already hacking. So the effects of ethics training on hacking or as I would prefer to say “cracking” are perhaps limited. That doesn’t mean it should not be done. I note that it is included as a part of the APCS curriculum.
Also it is most often the people who get formal training who wind up in commercial software development (Though not always of course) and there we may need ethics training even more. Take the case of the two programmers recently arrested as being complacent in the Bernie Madoff Ponzi scheme. Perhaps some more ethics training would have helped there. Maybe not of course as a lot of money can move many people. But one can have hope.
The motivations for cracking are many. Sometimes it is money. Sometimes it really is learning. And sometimes it is people looking for a chance to prove themselves. I think we can help the latter two by a combination of ethics training and increasing the legitimate options for learning and proving ones self.
Frankly that is one of the cool things about the DreamSpark program. If a student can get a legitimate copy of Windows Server 2008, set it up, secure it from Internet endeavors and demonstrate to peers or potential employers that they know what they are doing that is a good thing. That they can do it without cracking some company security is bonus! We can also provide show off opportunities in schools, in contests (see the Imagine Cup for example) and service projects that may help as well. But at the root we have to instill some ethical sense in students from the very early days. School is a good place to start.
BTW as a starting point for discussion there is a link to the ACM Code of Ethics and Professional Conduct.
Ethics cannot just be taught in any specific class, but it learned through life. Going to school with responsible peers and decent role models are surely the best way for students to gain an understanding of what is acceptable.
Hacking splits off into maliciousness and curiosity. One can be curious and not malicious. I find 'cracking' very fascinating but not for malicious purposes, mainly for the purpose of protecting against it.
In my first Security Class, our Professor said "I can't teach you how to be a good Lock Smith, without becoming a good Lock Pick"
Before the turn of the century - we were also required to take a class in "Ethics in Engineering" -- something I doubt it still required.
Because of the "anonymity" of the Internet . . . I fear some people feel more comfortable exploring their "lock picking" skills.
So, yes - we need to bring back ethics training!
Blake Handler - Microsoft MVP
"The Road to Know Where"
Ethics and morals are sort of related. We have not been able to teach morals and I do think ethics will be a winner either. It has been demonstrated over and over, if it is a choice between money or ethics, money will win because there is alway someone will to forgo their ethics for money. I think Ryan hit it directly on the head with peers and role models. Classes do not teach ethics, parents, friends and life experience do. I have lived in some interesting place in the world, places where ethics are simply not affordable. Pure survival is the goal. Some of those places were not technologically backward.
It is a simple fact that I either need a piece of software to do something I know it can do and some company, not always M$, is not allowing me do this or allowing me the freedom to make it do this. I have and will reverse engineer or crack it as needed. I will NOT however, pirate software. I run OSX or Linux and I always pay for my software, hence why I feel it is my right to make it do my biding.
When it comes to private networks or systems, it depends on what is on it. 99% of the time it is curiosity or the need for a particular piece of what I feel should be common knowledge. I do believe in intellectual property rights and a person's right to privacy but at the same time, don't hamper my right to access a given information source.
Hacker ethics are vastly different from business ethics or everyday ethics. I have taken classes in both human relations and business ethics as well as sociology and psychology. Each culture has its own separate form of ethics, so called hackers, in the original sense, have theirs and they can not be taught by anyone but another respected hacker. I will not listen to anyone, especially most computer professionals, tell me about ethics when they have no concept of the world in which I live in and the methods employed by me to learn my craft. So called normal ethics should not and will never apply to me.
While on that thought of dreamspark, does the expression studio that is released under it come with a serial code, tried installing it, and it says that I have a 60 day trial version, is this correct?
While on the cracking/hacking theme, there is a great resource available on the net. Its called hacker high school. weww.hackerhighschool.org a great way to get students to think about security all taught around lessons. A great one to do when you have a little time available.
Another thing that I am also doing is getting students to read books, there is a great book by Cory Doctorow called Little Brother, free ebook availble here http://craphound.com/littlebrother/download/
The other one that I have just found while doing some research for this message is Hacker Cracker by David Chanoff
Gerald, you should be able to find a serial code for Expression on the Dreamspark web site. Check the help if you can't find it.