This report deals in identifying the ethical issues of Kevin Mitnick and his computer hacking history and weather the accusations and they way FBI prosecuted his case were correct or not . Each of the issue raised would further be discussed by using the three ethical theories of Consequence-Based, Duty-Based and Character-Based. Apart from that the general role of a computer professional will also be described later on in this report in terms of using their knowledge and expertise in terms of hacking. Hence this report will be divided into two parts the first part focusing on highlighting the ethical issues and his prosecution and second would deal with the computer professional part.
A detail description of his history of hacking is mentioned in the case scenario which will be described later on in the report. Firstly a brief introduction of ethics and its three theories would be discussed which will make it easy to understand and to implement it on the Kevin Mitnick case.
Ethics has been described in many ways by different people over the history including same great Greek philosophers such as Socrates, Aristotle, and so on. Greeks mostly defined ethics as the study of what was good for the infidel and the society. The easiest way to describe ethics would be differing and reflecting a human being character in terms of what is good or bad, right or wrong, fair and unfair, responsible or irresponsible. It will lead a human being moral character to be in good conduct.
Ethics can also be referred as to what humans are suppose to do if they follow the prescribe standards of right and wrong, which normally would lead him in terms of rights, his benefit to society, his obligations etc. Also ethics and can be referred as studying of moral character of human being and developing it to an ethical standard.[1]
“ Ethics begins when elements within a moral system conflict.”[1]
¿½Ethics exists in many forms in branches, literatures, eras, traditions. All of them following the root hub of ethics but the form of ethics which is highlighted and followed in our case study for this report are what is called Cyberethics.
Cyberethics
To understand the meaning of cyberethics a person should be aware of the term Cybertechnology. All the devices used in modern era in the field of cyber space such as hand held devices, personal computers, mainframes, networks and mainly the Internet can be termed as a part of Cybertechnology.
¿½Cybertechnology in terms refers to a broad spectrum of technologies that ranges from stand alone computers to the clustered of networked computing, information and communication technologies¿½ [2]
Different definitions of cyberethics exists mostly dealing with ethical issues with certain type of online activities for e. g. pornography, gambling etc. It can be referred as certain types of laws which are not monitored by the judicial or law governing bodies but from and individual himself which go beyond his moral values which would be something different from cyber law which has to governed and monitored by a governing body.
¿½Cyberethics can be defined as the field of applied ethics that examines moral, legal and social issues in the development and use of Cybertechnology¿½ [2]
Ethical Theories
Since this report has to follow certain type of ethical theories in order to identify the ethical issues a brief description of each one of them has been mentioned below.
Consequence-Based
As the name suggest consequence based theories produces the most desirable outcomes for it member morally. The providing of ultimate standards for consequence of actions against which the moral decisions were evaluated is highlighted in this theory. The goodness or right identified by consequence would be something regarded as Consequence-Based ethical theory which gives some outcome for someone. But whose outcome would be the question here that who should benefit from this outcome? This argument has mostly been provided by some big Utilitarian thinkers such as Jeremy Bentham, John Stuart Mill, and Henry Sedgwick etc. The argument provided by them normally follows the theory that an act of some individual or a whole social policy would be acceptable if it¿½s providing great benefits for a majority of individuals which would be affected with the given policy or from the provided act by the certain individual.¿½Jeremy Bentham states that
¿½ People are driven by their interests and their fears, but their interests take precedence over their fears, and their interests are carried out in accordance with how people view the consequences that might be involved with their interests. “ Happiness” on this account is defined as the maximization of pleasure and the minimization of pain¿½. [3]
This form of ethics mainly explains that whatever happen sand outcome or result is achieved should be in a favor of large number of population rather than that of a certain minority. They should provide happiness to everyone rather than just one person who would be satisfied when a certain kind of act is performed.
Duty-Based
Duty based Ethical theory is something which gives the concept of Deontology derived from the Greek word Deon which means Duty. The concept of Deontology is the approach in which goodness and right would be achieved by studying the act of an individual or social policy rather than the consequence which its leads too.
Immanuel Kant was one of the Deontological thinkers who always criticized Utilitarian thinkers saying that morality must be defined as the duty of an individual to one another rather than consequence which are produced when a certain individual performs a certain type of action. He said happiness is not the concern in terms of morality. He said that it was the motives and goals of a human being which made him to choose right or wrong rather than the consequences.
W. D Ross another deontological thinker argument is
¿½Utilitarianism seems to simplify unduly our relations to our fellows. It says, in effect, that the only morally significant relation in whom my neighbors stand to me is that of being possible beneficiaries of my action. They do stand in this relation to me, and this relation is morally significant. But they may also stand to me in the relation of promise to promisor, of creditor to debtor, of wife to husband, of fellow countryman to fellow countryman, and the like; and each of these relations is the foundation of a…duty…¿½[4]
So in short a Duty-based approach leads us to a conclusion that morality of a human being would be carried out by the acts he perform which would justify if he¿½s right or wrong. His Duty toward honesty, Justice, violence etc is what will be regarded his moral duty rather than himself being happy if he tells a lie.
Character-Based
Character Based theory reject the first two theories which focus on consequence or an act, instead this theory focuses on an individual character and is also mostly known as Virtue Ethics. Its main concerns are with individual¿½s moral character and don¿½t rely on duties and consequences.
It has a very old history which rages back to great Greek philosophers like Aristotle and Plato who argued that each person has to obtain a right virtue since each of us will have a certain virtue in him which will be his strength or excellences which will lead towards a good or bad moral character.
Virtue ethics is somewhat which can be called as agent oriented rather the first two which are action oriented or rule oriented. The main question of what a virtue ethics would be follow in a certain type of situation in which he or she has to perform an action and weather the individual has to do it or not instead it would go the other way around seeking the information of what kind of person I should be?.
¿½It is only by means of this idea [of virtue] that any judgment as to moral worth or its opposite is possible…Everything good that is not based on a morally good disposition¿½is nothing but pretence and glittering misery¿½ [5]
Background
Our case study focuses on a person named Kevin Mitnick who was the first hacker in computer to reach the FBI most wanted listed. He was arrested on Feb 15 1995 by FBI in which he was accused of number of acts which included breaking into computer systems and networks all over the world and altering information which lead the company to invest into new security measures and also for the charge of violations of his terms and conditions on the period of probation for his previous computer crimes. He was caught by the help of a Japanese computer security expert Tsutomo Shimomura whose system is said was hacked by Kevin Mitnick in San Diego Supercomputer Center which made him furious in tracking and helping the FBI.
His hacking started in his school days where he got fascinated with computers in a computer class. His passion of technology made him learn quickly and he soon managed to Hack LA public school districts computer. At age of 17 he Hacked into Pacific Bell and altered phone bills. Same year he gain access to information valued at $200, 000 for a San Francisco Company. Caught and prosecuted earned him a probation of 6 months. During that period he again hacked into the judge and probation officers and judge phone disconnected and bills accredited. Interestingly the police caught the system has been accessed from outside but nothing showed up in their database.
He also hacked into NORAD a missile monitoring company in states. Obviously this one could have had catastrophic effects . In 1988 he was accused of two crimes one of them was of accessing a MCI network for long distance call and second stealing a computer system which caused damaged of up to $4 million for a company. For this reason the judge decided to put him on jail without bail. During his bail attempts prosecutors presented evidence of him breaking into National Security Agency computers and also that a false story being printed that a bank lost $400 million in first quarter of that year. This happened just after 4 days when Mitnick was denied a job in that bank. Finally Mitnick pleaded guilty and was sentenced to jail for 18 months and 3 years of probation.
In 1992 FBI suspected him of hacking into Pacific Bell of which evidence was found later on which made Mitnick flee from FBI. Evidence of altering driving license record to set up a false identity was retrieved. In this period the police came up to very close encounters of arresting him but Kevin always managed to move on.
Finally being found and arrested in 1995 was charged with various new crimes and violation of his parole. He was Denied bail and it was ensured that there was no equipment of computers handed to him in jail so he could commit more crime. Phone calls were closely monitored and in 1997 Mitnick pleaded guilty and was sentenced to jail for 22 months for charges of accessing phone system in order to get free long distance calls and then a 3 years probation period in which he would stay away from anything ¿½Hi-tech¿½ Most of his crimes still remain unsolved and he was released in January 2000 and expiration of probation in 2003. [6][7][8]
Ethical Issues
The ethical issues for the given case study and their discussion from the above discussed theory are highlighted and discussed below.
* Hacking into a number of companies and accessing their computer networks and gaining access to unauthorized files or data. Was it ethical to gain access of such files or data or merely breaking into a computer network?
Applying the consequence based approached breaking into a computer network or gaining access to secure files only benefited Mitnick and no one else. According to utilitarianism the majority must gain happiness on the base of a consequence but in this case it Kevin himself who gained happiness and not the majority hence this act would be regarded as wrong for Kevin that it was not ethical for him to gain or break into a computer network
The duty based approach and deontology theory would easily say it¿½s wrong. By his acts it can concluded that is not right to gain access to another computer networks. That is stated in the ten commandments of ethics as well which was defined in 1992. All Company would have secure files and data and would not be wanted to breached by an outsider. Hence it was completely wrong by Mitnick to do so.
Character Based approach in Kevin¿½s case would want him to break into computer networks for his passion of technology and the sake of fun. His thirst for knowledge still exists and breaking into these computers made him gain more knowledge which was more fun for him. But morally this was wrong. By virtue ethics he should have chosen the right path rather then this wrong path. Hence it was still unethical for him to break into computers.
* In his hacking history Kevin never gained any financial outcome but instead he did it for the sake of challenge or sometimes to extract revenge on people . So was it ethical to do so and to take such challenges or seek revenge from people?
Consequence based theory would again say ¿½No¿½ in this case merely of the fact that extracting revenge from some people or winning a challenge to prove your ability would just be beneficial for Kevin himself which in this case would be a minor individual and will be happy himself only. The majority of people would not be happy from this outcome.
Duty based approach would say seeking revenge or damaging or doing unauthorized things of which you¿½re not authorized to do would again lead to ¿½NO¿½. Mitnick was not supposed to do it since it not an act which an individual is suppose to do.
Character-based or virtue ethics justifies to pick good habits of your moral character and leave the odd one behind to be a good human being and in this case doing good for yourself by causing harm to others isn¿½t something good for and individual characters and in this case Kevin Mitnick.
* Hacking into his school district computer system and Pacific Bell for altering Phone Bills. Was it ethically right for him at age 17 to break into a computer of his school and in pacific bell to alter phone bills?
Consequence approach would again say NO since he did it for himself again in this case . The Benefit of this hack was for his own good and not for anyone else. Especially the alteration of phone bills is going to create losses for the phone company which might turn up into large numbers as well. So it was completely wrong in doing so.
Duty Based approach applied on this issue would again lead to the conclusion of ¿½No¿½ since there is no act or policy which would suggest Kevin to break into school system or into phone company to alter his phone bills. Based on the outcome of his acts he was totally wrong in do so again.
Character Based approach would again lead to the fact that morally as an individual he knew it was wrong in doing so but again he preferred to adopt his bad habit in this case which was again wrong and lead to such an outcome hence it¿½s a ¿½No¿½ again.
* Being on probation for his conviction Mitnick got his parole officers phone disconnected and altered the computer record of the judge of his case in a credit service computer . Was it ethical for Kevin to do such an act ?
Applying Consequence based approach it¿½s again going to lead to the fact of ¿½No¿½ because the result of this act was something bad for his parole officer and the judge. It was an act done by Kevin for his own satisfaction that was the minority in this issue and being in probation he should have avoided such consequences which he didn¿½t.
Duty Based again would not support Kevin in this issue. His act was defiantly wrong in this case because the judge could have had bad impacts and the parole officer must have been unhappy to and misguided due to Kevin acts. And being on probation one shouldn¿½t go against the law but Kevin did for his personal vendetta.
Character based theory wouldn¿½t allow someone¿½s moral character to take revenge and hurt someone else which in this case again leads to ¿½No¿½. Hurting someone for the sake of revenge is what would be considered a bad habit or an act leading to something which would not be regarded as morally good and if u knows that the law is restricting you from something a good moral character wouldn¿½t want someone to go against the law to seek his own happiness.
* Convicted Stealing software from a company in Santa Cruz, California and no conviction record was on FBI database. Was it Ethical to steal and alter records?
Consequence based theory wouldn¿½t allow stealing or altering to be me permissible. Stealing is something which would not be allowed in any circumstances and even if we assume it does it wouldn¿½t be something beneficial for majority in this case the California Company and the alteration of record of FBI. This time as well it¿½s ¿½No¿½.
Duty based will not support an act of stealing or altering which won¿½t be regarded something as good so this time even in comparisons of acts it¿½s a NO from this point.
Character Based would say that stealing to be considered as one of the bad habit of a human being and alteration of record can be considered of something as manipulation of record and in this case of a bad deed which Kevin was convicted so it¿½s a ¿½No¿½ this time as well.
* Breaking into North American Air Defense Command (NORAD) missile defense system. Was it ethical for him to break into a defense system of a country?
The first approach of Consequence Based would hugely argue because gaining access to such delicate system could have catastrophic affects on millions of people. Harming or altering of those files would have been really dangerous. So it¿½s a ¿½No¿½ again.
Second approach of duty based wouldn¿½t allow any such policy or rule for an individual to again access to such delicate system cause of the dangerous outcomes it can lead it into hence its ¿½No¿½ again.
Third approach of Character based would not consider it to be a good habit of one moral character in doing so because it would harm so many people so it¿½s a ¿½No¿½ from this point of view as well.
* Charge of two new crimes: Accessing MCI network for long distance calls and causing $ 4 million damage to Digital Equipment Corporation. Was it ethical to illegally access MCI and cause damage of worth $ 4 million to a company?
Consequence would say ¿½No¿½ cause again the minority gets benefit from this case that is Kevin and not the majority Both of them MCI and Digital Cop lost lots of money because of this act performed by Kevin who were the majority in this issue .
Duty Based wouldn¿½t support Kevin as well cause because of this both those companies had to face huge losses from the act that Kevin had performed. No such policy or act would be permissible for any individual in the world to do so. Hence ¿½No¿½ is the answer
Character based would again regard this as ¿½No¿½ cause as stated above again and again alteration of records and damaging files and causing harm to others would be regarded as a good deed or good habit so it¿½s a ¿½No¿½ again.
* Judge denied him bail and ordered him to be held in jail? Was he ethical in doing so? This period lasted for eight months in solitary consignment for Kevin.
Consequence based might support this act of judge because Kevin was causing harm to large majority of people but putting him on solitary consignment for 8 months without bail and from the fact that it was not proven at that time that Kevin had committed those acts was a bit harsh on Kevin. So it¿½s a split decision I guess.
Duty based would support the judge too cause he was causing harm to major companies and people but still the decision was too harsh for Kevin cause he deserved a trial at least . Everyone does.
Character based would not support the judge since it was a fact the Kevin was notorious but he deserved a trial and even if the judge thought he didn¿½t, putting him in solitary consignment prison was totally wrong. A normal jail would have been alright to stop Kevin from his notorious activities but solitary consignment was something very wrong and very harsh.
* Kevin fleeing from the authorities on a number of occasions for two years and using fake identities to hide himself from the authorities during his probation. Was it ethical for him to do so?
Kevin did for his own good and during this period he caused damaged to majority with his notorious activities so consequence Based would support him on this issue.
Duty based would also not support him since it¿½s not right to take misguide law by using fake identities and stay on a run for two years.
Character based wouldn¿½t support him to since it¿½s not right for someone to take law in his own hands and using fake identities by damaging other people identities to keep yourself. It¿½s a definite ¿½No¿½ since it¿½s not a good deed
* Was it ethically right for Shimomura to help FBI in catching Kevin?
All the three theories of character duty and consequence based would support Shimomura in this issue its ethically right for anyone to help the law to catch someone who has been causing harm to the community. And it was morally right for every individual to help to catch Kevin.
* After being caught Kevin was held in Federal prison from 1995 to 1997 without bail and without trial by the FBI. Was it ethically right to do so.?
Consequence would again support the FBI since Kevin was harm to many firms companies and people but only if Kevin was charged after trial to stay in prison.
Duty Base shouldn¿½t support this act of FBI since they were laws by now to convict Kevin but FBI didn¿½t even allow a fair trial to run which is not supported so YES| they were ethically wrong in doing so.
Character Based wouldn¿½t support the FBI too since it¿½s not right for anyone to stay in prison for a period of 2 years without bail or trial. At least a trial should have been offered to Kevin and then if found guilty he should have faced what he deserved.
Role of a professional
A professional is someone who holds a degree in a particular field in terms of education and then uses his expertise in his relative field and makes sure that his professionalism follows the code of ethics which will include terms such as Behavior, sociality, confidentiality etc. When a professional is hired somewhere a contract and a bond is created between the two to follow certain acts and rules or policy within the organization and one of them is the security concern of misusing the data of an organization
Organizations related to Information Technology or having the IT dept within them also maintain a policy between their engineers and themselves. In our particular case the role of a software engineer, hardware engineer or an application engineer they should follow those rules and policies but also IEEE CODE OF ETHICS which is the main source of ethics code for any IT professional which should be followed by any professional related to the field of information and technology and in our case being software, application and hardware engineers [9]
Usage of knowledge for Hacking by a professional
In regards to using their knowledge for hacking can be something quite disastrous. If we take each of them individually and start with the hardware engineer obviously he can use it the right way or the wrong way since hardware devices manually build are quite useful in hacking mainly portable devices something like which Kevin Mitnick used for hacking into McDonalds drive through system. But is it right for them to do so and the answer is obviously no cause it¿½s against the code of ethics which exists in many forms related to cyber technology
Same goes to a software engineer and application engineer cause software and application level technical support is quite useful to build or modify codes of a program and make it useful for something negative which is obviously something which would not be appreciated in our society because it¿½s going to be harmful to many .
. But can all this knowledge be used in a positive way? Can hacking be positive? The answer to this question is yes and is something what is called ethical hacker.
Ethical Hacker vs. Hacker:
Hacker being the one using his knowledge on the darker side tries to break into systems. While a Ethical hacker is someone who does what is called penetration testing and hacks into systems just to identify security flaws and then inform companies to secure those flaws and sometimes providing them with solutions to those flaws as well but he has normally doing it for a security firm who is licensed to do so and has the right or permission of doing so . An individual if doing it all alone by himself would be considered to have committed a crime.. To stop or catch a hacker is what can be called ethical hacker as well.
In our case study Tsutomu Shimomura is an ethical hacker who used his knowledge to catch a hacker Kevin Mitnick. Kevin Mitnick also nowadays is an ethical hacker who runs his security company and does penetration testing for various organizations but this time having his rights to do it in a legal way and gets paid off well for doing so.
Conclusion
Information technology has had good and bad impacts as any other technology in the world. In the world of Cybertechnology hacking is the negative side. Kevin Mitnick curiosity for technology lead him in Hacking but what started out as the sake of fun did turn up to be quite disrupting when converted into major form. However being a bit realistic the Decision of FBI holding him solitary confinement for 8 months without bail and trial would be something regarded as unfair for a guy of Kevin caliber since it¿½s quite clear that he was a genius. And if a genius is treated this way his bound to go on the run when FBI suspects him later to be committing that crime again even though if he¿½s not committed the crime he would be afraid of facing the same thing without bail and would want to run away from it. Psychologist has stated in the documentary movie ¿½Freedom Downtime ¿½Life of Kevin Mitnick¿½ that it was an event which will want each individual to run away and that¿½s what made him run. And then obviously his bad part took over him of which he evaded FBI for two years. Then again being caught Kevin did not get bail or a trial for 2 years since 1995 and 1997 was again wrong. If Kevin did something wrong he should have been punished after a fair trial which he wasn¿½t granted. Besides Lawyer stated in that movie that even murder¿½s get bail and trial why not Kevin? Kevin did deserve to be punished for his acts since they were totally unethical at the time but if FBI had use the law in a sincere way maybe Kevin wouldn¿½t end up that way and Kevin would have only been sentenced for the time period he deserved. An interesting part of American judiciary is that Kevin is the longest held person in history without trial or bail which can be figured out as to be totally unfair for him. After his sentence and probation of 3 years ending in 2003 Kevin has started a security consulting company and is now offering a role of ethical hacker and using penetration testing to check his clients security flaws and using the code of ethics quite well. His professional approach towards his clients and himself leads us to the fact that he has been using his knowledge now in a positive way to secure his reputation and prove to the entire world that he¿½s genius.