This report deals in classifying and recognising the ethical issues in the case of Kevin Mitnick and his computer hacking history, also the matter that the accusations and the way FBI prosecuted his case was correct or wrong. Each and every issue raised would be discussed further by using the three theories of consequence-Based, Duty-Based and Character-Based. Along with these explanations the general role of a computer professional will also be described in term of their knowledge and expertise leading to hacking. Hence this report will be divided mainly in two parts; the first part will focus on the highlights of ethical issues while the second would deal the computer professional part.
A detail sketch of Kevin Mitnick’s history of hacking is cited in the case scenario which is the part of the report described later. Firstly short introduction of ethics and its three theories are going to be discussed which will lead a way easy to understand and fair well to implement it on the Kevin Mitnick case.
ETHICS:
Ethics has been described in many different ways by different people over the man history including some great Greek philosophers such as Socrates, Aristotle and many more. Greeks typically defined ethics as the study of what was good for the infidel and the society. The simplest way to explain ethics is to differ and reflect a human character in the terms of good or bad, right or wrong, fair or unfair, also responsible or irresponsible. On conclusion it will lead a human being moral character to be in good conduct.
Ethics can also be referred as to what humans are supposed to do when they have to follow the prescribed standards of rights and wrongs, which normally would lead him in terms of rights, his benefits to the society he lives, his obligations and so on. Also ethics can be referred as studying of moral character of human being and developing it to an ethical standard. [1]
Ethics begins when elements within a moral system conflict. [1]
Ethics survives in many forms in branches, eras, traditions, literature etc. All of them follow the root hub of ethics but the form of ethics which is described and followed in this case study is called Cyberethics.
Cyberethics:
To understand the meaning of Cyberethics a good knowledge of Cybertechnology is essential. Modern era’s devices which are used in cyberspace such as handheld devices, personal computers, mainframes, networks and the most important the internet can be termed as a part of Cybertechnology.
Cybertechnology in terms refers to a broad spectrum of technologies that ranges from standalone computers to the clustered of networked computing, information and communication technologies. [2]
Various definitions of Cyberethics are there which are mostly dealing with ethical issues with certain types of online activities like pornography, gambling. It can be signified as certain laws which are not monitored by the judicial or law governing bodies but for an individual himself going beyond his moral values which would be something different from cyber law.
Cyberethics can be defined as the field of applied ethics that examines moral, legal and social issues in the development and use of Cybertechnology [2]
Ethical Theories
As this report has to follow certain type of ethical theories in order to identify the ethical issues a short description of each ethical theories are as below.
Consequence-Based
As by its name, consequence based theories responsible for producing the most desirable outcomes. The ultimate standards for consequence of actions against which the moral decisions evaluates is highlighted in this theory. The goodness or right identified by consequence would be something considered as Consequence-Based ethical theory which responsibly gives outcomes for someone, but who should be benefitted from this outcome? This argument has mostly been provided by different utilitarian thinkers such as Jeremy Bentham, Henry Sedgwick and John Stuart Mill. The argument provided by these thinkers follows the theory that an act of some individual or a whole social policy would be acceptable if it will provide benefits for majority of individuals which result in the effection with the given policy or from the provided act by specific individual.
Jeremy Bentham states that
People are driven by their interests and their fears, but their interests take precedence over their fears, and their interests are carried out in accordance with how people view the consequences that might be involved with their interests. [3]
Consequence-based ethics mainly describes that whatever happens the final results should be in benefitted to large number of population rather than that of a certain minority. Moreover it should provide happiness to everyone rather than just a single individual.
Duty-Based
Duty based ethical theory gives perception of Deontology which is derived from the Greek word Deon means Duty. Deontology is the approach which defines goodness and right that would be achieved by studying the act of an individual or social policy rather than the consequence it leads too.
Immanuel Kant is considered to be a great Deontological thinker who always criticized Utilitarian thinkers describing that morality must be defined as the duty of an individual to one another despite consequence produced normally when a certain individual performs a specific type of action.
He further said that happiness is not something which should be concerned in term of morality, the motives and goals of a human being are the qualities which make him able to choose right and wrong rather than consequences.
W. D Ross a deontological thinker states:
‘Utilitarianism seems to simplify unduly our relations to our fellows. It says, in effect, that the only morally significant relation in whom my neighbours stand to me is that of being possible beneficiaries of my action. They do stand in this relation to me, and this relation is morally significant. But they may also stand to me in the relation of promise to promisor, of creditor to debtor, of wife to husband, of fellow countryman to fellow countryman, and the like; and each of these relations is the foundation of a… duty…'[4]
So in short a Duty-Based approach gives a clear conclusion that morality of a human being would be carried out by the acts he performs able enough to justify being right or wrong. Honesty, Justice, Violence etc. should be the characteristics for which he will be regarded his moral duty rather than getting happy by telling a lie.
Character-Based
Character Based theory is something different which rejects the first two theories which were focusing on consequence and an act, despite this theory focuses on an individual character and is widely known as Virtue Ethics. The main concerns are the individual’s moral character which does not rely on duties and consequences.
It has very old history rages back to some great Greek philosophers like Aristotle and Plato who contended that each person has to obtain a right virtue as everyone will have a certain virtue in him which will be his strength and excellences leading toward good and bad moral character.
Virtue ethics is also considered to be an agent oriented rather than the first two which are action oriented and rule oriented.
It is only by mean of the idea of Virtue than any judgment done for a moral worth or its if its opposite possible, everything which are good and are not based on morally good disposition is simply nothing but pretence and glittering misery. [5]
Background
Our case study is about a person named Kevin Mitnick who is considered to be the first hacker in computer world to reach the FBI most wanted list. His arrest was taken place on 15 Feb 1995 by FBI in which he was accused of number of acts which included breaking into computer systems and networks all over the world and altering information which put damage to the company by investing more into new security measures and also for the charge of violations of his terms and conditions of his period of probation for his previous computer crimes. Mitnick was caught by the help of a Japanese computer security expert Tsutomu Shimomura whose system was hacked by Kevin Mitnick in San Diego Supercomputer centre which made him furious to track and help FBI.
This was Mitnick’s school days when for the first time he got fascinated with computers and start hacking. He was having strong passion of technology which made him learn quickly and he shortly managed to Hack LA public school districts computer. When Mitnick was just 17 he hacked into Pacific Bell and altered phone bills there, and in the same year he jumped into San Francisco Company’s network where he got access to some information valued of $200, 000. But he was caught and prosecuted which earned him a probation period of 6 months. He didn’t sit idle in probation period and hacked into the telephone company again and disconnected the probation officer’s phone and accessed a credit service computer and altered the computerised record of the judge on his case. Interestingly police caught the fact that the system has been accessed from outside. During this time he also convicted of stealing software from a company in Santa Cruz, California. NORAD, a missiles monitoring company in states, was his next victim, which could have catastrophic effects as NORAD is a part of an early warning system and responsible for monitoring possible missile attacks directed toward United States.
In 1988 he was accused of two more crimes, firstly accessing MCI network for long distance calls and secondly stealing some computer security system from a Digital Equipment Corporation causing a damage of $4 million in total. This time the judge decided to put Mitnick in jail without bail. During his bail attempts prosecutor presented evidence that he had penetrating a national security agency in Washington. He also planted a false story about a bank describing some heavy loss and where he was about to get job, the story was detected and Mitnick was accused responsible and denied for job. This was March 15 1989 when Mitnick pleaded guilty for the two crimes and sent to jail for one year with six months of psychological counselling and also with three years of probation.
In 1992 FBI suspect Mitnick of hacking into Pacific Bell system again, his work place as searched, he disappeared and evidences were found later. While searches were carrying on for Pacific Bell more evidences were found that Mitnick hacked California Driver Licence records to set up a false identity for himself and also posed as a police officer to collect some information. Warrant of arrest was issued against him but each time he managed successfully to flee from police raid.
Finally found and arrested in 1995 and was charged with various new crimes and violations of his parole. His bail was denied and it was ensured that no more computer equipment is handed to him in jail. His phone calls were closely monitored and in 1997 Mitnick was sentenced for 22 months after pleaded guilty. This sentence was followed by 3 years of probation period in which he was ordered to stay away from any Hi-Tech equipment. He was released in January 2000 and his probation was ended in January 2003. [6][7][8]
Ethical issues:
There are number of Ethical issues in the given case study, their discussion in the light of above theories.
* Hacking into the networks of different companies by gaining access to unauthorized files or data. Was it ethical to access private files and data or even just breaking into a computer network?
By applying the consequence based approach breaking in a computer network illegally and/or gain access to private files had benefited Mitnick only nor anybody else. Utilitarism states that the majority must gain happiness on the base of consequence but in the case of Mitnick he himself only gain happiness and not the majority, so it concluded that this act is going to be wrong for Mitnick that it is not ethical for him to gain or break into someone private computer network.
The duty base approach and deontology theory would easily say this was wrong. Mitnick’s act can be easily considered wrong to gain access to another computer networks. The ten commandments of ethics which was defined in 1992 states that all companies would have secure file and data and would not be breached by an unauthorized outsider. Hence this was completely wrong by Mitnick to do so.
If the current study case would be judged through character based ethical approach so it would be obvious that Mitnick break into computer networks for his passion of technology and for the sake of fun. His thirst of knowledge forced him to continue in breaking into computer networks and gain more knowledge which was a great fun for him. But if considered morally this is completely wrong. By virtue ethics Mitnick’s adopted path was not legitimate and he should have chosen the right path.
* Kevin Mitnick never done hacking for any financial purpose instead his hacking was just for the sake of challenge or sometime taking revenge from people. Was it Ethical to hack for any reason and to take challenges and getting revenge from people?
If this is to be dealt by consequence based theory , the answer would be definitely NO in this case totally because of the fact that extracting revenge from someone or going to win a challenge to prove his ability was beneficial for Mitnick only and majority of people would not be happy from this outcome.
Duty based approach would state again ‘NO’ as seeking revenge or damaging or doing any kind of unauthorized steps of which someone is not authorize to do. Mitnick was not supposed to do as this is not something an individual should act like.
Character based or Virtue ethics justify in picking good habits of one’s moral character and to leave the odd ones out to be a good human being for himself. In this case Mitnick has done good for himself by causing harm to others which isn’t something good for an individual character.
* Mitnick got access to his school computer network system and hacked Pacific Bell for altering phone bills. Was it ethically right for him to break into a computer of his school and Pacific Bell to alter phone bills while he was only 17 years old?
Consequence ethical approach would again say NO as this is something he totally done for himself. This is something he for his own benefit for his own good and not for anybody else. The alteration in the phone bills will lead to create losses for the phone company which might turn up into large number as well. Thus this was something completely wrong to do so.
Duty based ethical approach in this case would again lead to conclusion of ‘NO’ as there is no actor policy which allow Mitnick to break into school system or into Phone Company to alter his phone bills. Based on the outcome his act was considered to be totally wrong.
In the light of Character based approach, it leads to the fact that morally Mitnick knew that it was wrong in doing so but still he preferred to adopt his bad habit, which concludes that the outcome will be again ‘NO’.
* Mitnick was in his probation period when got access to telephone company and disconnect his parole officer’s phone, he also altered the computer record of the judge of his case in a credit service computer. Was it ethical for Kevin to do such an act?
Applying consequence based approach to this case will once again lead to NO because the result of what he done was bad for his parole officer and the judge. This is a kind of act which is considered as have done for his own satisfaction, being on probation he should have avoided such strong illegal moves but he didn’t.
Duty based approach would not go in favour of Mitnick in this issue. His act was definitely wrong as the judge would have very bad impact of him and as well parole office too must have been unhappy. While on probation one should be very careful about law and should not go against it but Mitnick do for his own feud.
Character based ethical theory never permit someone’s moral character to take revenge and to hurt someone , in this case according to this law it will again go for ‘NO’. Thinking of revenge and hurting someone is considered to be very bad habit and also if an act leading to something which is not taken morally good with the assurance that law is not allowing such deeds, so a good moral character will never allow someone to go against law to hunt for his own happiness.
* Mitnick found guilty in stealing software from a company in Santa Cruz California but at the same time there was not any convection record FBI database. Was it ethical to steal and alter record?
Consequence based theory would not tolerate stealing or altering. Stealing is something really bad which is not allowed in any circumstances and even if assumed it does it would be something advantageous to majority, but in this case as it is obvious no beneficial for majority so the answer is ‘NO’.
Duty based ethical approach strongly oppose act of stealing or altering which wont be considered good , so once again in comparisons of acts the answer is again ‘NO’.
Character based believes that stealing is one of the bad habits of a human being and unauthorized alteration of records is also of the same category. Mitnick was convicted of such bad deeds so the answer will be again ‘NO’ this time.
* Convicted of breaking into North American Air Defence Command (NORAD) missiles defence system. Was it ethical for Mitnick to break into a defence system of a country?
Judging the study case through Consequence based ethical approach, it would be a high dispute because getting access to such sensitive system could have catastrophic affects on millions of people. It would be extremely dangerous if such files to be changed or harmed. So the answer for this case will be ‘NO’
The duty based ethical approach would not allow any such policy or rule for someone who want to have unauthorized access to such delicate system as the outcome can be extremely dangerous. So the answer is ‘NO’.
The third approach of Character based would consider it to be worse habit of one moral character in doing so as the outcome can be something very harmful to large number of people. So it’s a NO.
* Mitnick accessed MCI network for long distance calls and in another case he caused $4 million damage to Digital Equipment Corporation. Was it ethical to illegally access MCI and cause damage of worth $4 million to a company?
The Consequence theory would say ‘NO’ because again the minority gets benefit which is Mitnick and the majority faces damages which is the MCI network also the Digital Cop lost lots of money which is again the majority in damage.
The Duty theory will again have no support for Mitnick as the case describes the huge losses for both the companies from what the Mitnick done with them. There is no such policy or act which can allow an individual to do so in any circumstances. So the answer is simply ‘NO’.
Character based theory is again on its answer with ‘NO’ and the reason for that is as stated above many times that alteration of records and damaging any private and confidential files cause harm to others which is considered a bad deed or bad habit.
* In 1988 Judge denied him bail and ordered him to be held in jail. Was the judge ethical in doing so? This period lasted for eight months in solitary consignment for Mitnick.
Now there is an additional act which is the Judge, Consequence based ethical theory has support with this act because Mitnick was responsible for causing harm to large majority of people but there is some conflict in the case as well, as Mitnick was put in jail for 8 months without bail and at that time it was not proved that these had been done by him, so this is a bit harsh on Mitnick, so here Mitnick get some support from Consequence theory.
In duty base Judge gets support which is from the reason that Mitnick had caused harm to major companies and people but still the decision was too harh for him as he deserved at least a trail.
As from Character based theory here the Judge lost his support as it was a fact that Mitnick was notorious but he deserved a trail and even if the Judge though he didn’t, it was a wrong decision to put him in a solitary consignment. Mitnick would have come to good way by putting him in a normal jail as it was very harsh to put him in a solitary consignment.
* While FBI was doing their most to catch Mitnick, he flee from the authorities on a number of occasions for two years by using fake identities to hide himself from the authorities. Was it ethical for him to do so?
Mitnick at this point again done everything for his own good and during this period he caused damage to majority with his activities, so Consequence based theory would not support him on this issue.
Using fake identities and staying on run for two years is not something good but a way to misguide law, which would not be supported by Duty based.
Using fake identities by damaging other people identities to keep himself safe is something taking law in his own hands. It is not a good deed so according to Character based theory the answer will a definite ‘NO’.
* Shimomura helped FBI to catch Mitnick, Was it ethically right for him to do so?
All the three ethical theories Consequence, Duty and Character based would support Shimomura, as ethically he is right. It is duty of everyone to help the law to catch someone who has been causing harm to the community, and it is morally right for every individual to help to catch law breakers like Kevin Mitnick.
* From 1995 till 1997 Mitnick was held in federal prison without bail and trail by FBI, was it ethically right to do so?
Consequence based ethical theory in this case is going to support FBI as Mitnick was harm to many Firm companies and people but the support is going through only if Mitnick was charged after trial to stay in prison.
As it has been described a number of times that law is superior than anything else, so in Mitnick’s case again FBI should have run the case under law and should have allowed a fair trial to convict Mitnick, which has not been done, so this time the Duty base approach is supporting Mitnick and the answer is yes as FBI were ethically wrong in doing so.
Character based would not support FBI as it is out of law to keep someone in prison for 2 years without fair trail and the chance for bail. At least he deserved fair trail and if found guilty then should have faced whatever he deserved.
Role of a Professional
A simple definition of a professional can be done like that, anyone who hold a degree in any particular field of education and then uses that knowledge in his relative field and making sure that professionalism follows the code of ethics including the terms Behaviour, society , confidentiality etc. At the time when a professional is hired, normally a contract or a bond is created between the two to follow certain defined acts and rules of policy and to keep high level of security by keeping the data safe and to avoid by missing any kind of data of the organization.
Organization which is totally related to Information Technology or having an IT department also maintain a specified policy between its engineers and themselves. In this particular case the role of a software engineer, hardware engineer or an application engineer have to follow those rules and policies but also IEEE CODE OF ETHICS which is considered to be the main source of ethics code for any IT professional should be followed by any IT professional related to any field of Information Technology and in this case being software, application and hardware engineer. [9]
Use of Knowledge for Hacking by a Professional
It is quite disastrous when a computer professional use his knowledge for hacking. By taking each of different IT professionals individually and considering hardware engineer first to discuss, it is coming obvious that hard ware engineer can use his knowledge both in right way or the wrong way, as hardware devices manually build are quite useful in hacking mainly portable devices which is something like which Kevin Mitnick used for hacking. A question arises here that is it right to do so? The answer is quite simple ‘NO’ because its against the code of ethics which exists in many forms of Cybertechnology.
Same rules and principles applied for software engineer and application engineer as software and application level technical support is quite useful to build or modify codes of program and make its own custom made to be useful for something negative, which is not appreciated in society because of it harmful nature to many.
A very technical question sometime being asked, Can all this knowledge be used in positive way? Can hacking be positive? The answer to these question is ‘YES’ and is something called Ethical Hacker.
Ethical Hacker vs. Hacker
Hacker is someone who uses his knowledge on negative side and breaks in system, while an ethical hacker is someone who is doing hacking which is called penetration testing and hacks into different systems in order to identify security holes and then inform companies with or without solutions. Such kind of work is normally being done by security firms who is licensed to do so and has authorized to do so. An individual, who is not a part of a security firm and have no pre confirmed authorization, breaking into system would be consider a crime. Ethical hacker has the duty of catching hackers as well.
In our case study Tsutomu Shirmomura is an ethical hacker who used his knowledge to catch a hacker Kevin Mitnick.
Time has changed now, Kevin Mitnick is no more hacker, rather he is ethical hacker now who runs his own security company and does penetration testing for various organizations by accessing their systems, but this time the access is legal, authorized and paid.
Conclusion
Like many other technologies Information technology has also had good and bad impacts. Hacking is considered to be a negative act in the world of Cybertechnology. Kevin Mitnick curiosity for technology made him a Hacker, first started with a fun but then turned up quite disrupting. However if the case is studied with some realistic fact, it is seem to be very unfair when FBI holding him solitary confinement for 8 months without bail and trail. It unfair for a person like Kevin Mitnick calibre as from the case study its quite obvious that he was a genius. And for sure if a genius is treated like this way he is bound to go on run. This leads to a situation that if he is suspected in the future and he has not committed that crime, he would be afraid of facing the same thing happened with him by putting him in prison without bail and trail. In a documentary movie on the life of Kevin Mitnick Freedom Downtime ‘ Life of Kevin Mitnick the reports from psychologist stated that it was an event which every individual will want to run away and then his bad part took over him of which he evaded FBI for two years. Putting Mitnick in jail for 2 years between 1995 and 1997 with not access to bail is again something wrong. A fair trail is a right of every individual when one does something wrong then why not this applied on Mitnick. There are statements from Lawyers that even murderers get bail and trail then why Mitnick didn’t? Whatever Mitnick had done he deserve to be punish for that as that were totally unethical with the time but if FBI would have used the law in sincere and fair way he wouldn’t end up that way and he would have only been sentenced for the time period he deserved. One of the most interesting part of American Judiciary is that Kevin Mitnick is the longest held person in history without trial or bail which can be considered as to be totally unfair for him. Mitnick has changed his life after ending his 3 years of probation in 2003, Mitnick has started a security consulting company and now offering a role of ethical hacker and using penetration which test to check his client security flaws and using the code of ethics quite well. Kevin Mitnick is now using his professional skills toward his clients and himself which leads to the fact that his knowledge is now being used for positive way to secure his reputation and prove to the entire world that he is a genius.