Spring 2001
© 2000, 2001, Richard A. Stanley
10:Legal and Ethical Issues
Prof. Richard A. Stanley
WPI EE579T/10 #1

“If you’re gonna do the crime, be prepared to do the time.”
Anonymous
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #2

• Review last week’s lesson
• Look at network security in the news
• Legal and ethical issues
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #3

• There is a set methodology to follow to gain network access (but this isn’t a cookie-cutter sort of approach)
• The methodology follows from the architecture and the software of the network
• The types of attacks vary widely, and new ones are constantly being developed
• Basic countermeasures and sound auditing will go a long ways towards securing the network
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #4

• Abraham Abdallah
– Brooklyn, NY bus boy who stole identity of
217 of Forbes 400 richest folk
– Indicted for violation of 18 USC 1341, 1343
• 1341: Frauds and Swindles
• 1343: Fraud by Wire, Radio, or Television
– What does this mean?
– Is identity theft not an issue here?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #5

• Microsoft Explorer 6.0 upgrade will include enhanced privacy features
– Increased control over how much personal information is collected when users visit particular Web sites
– Platform for Privacy Preferences (P3P)
– Five privacy settings will be included, some allowing users whether to accept cookies.
• PGP inventor says encryption flaw minor
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #6

• Microsoft certificates hijacked
– Imposter duped VeriSign into issuing a pair of digital certificates in Microsoft's name.
– Danger exists that imposter could post a virus on the Net that would appear to be a legitimate posting authenticated by Microsoft
– Executable content like Active X and Office macros are the most vulnerable
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #7

• Lion worm
– Scans Internet looking for Linux computers with a known vulnerability
– Worm steals password file, sending it to a
China.com site
– Utility developed to detect the Lion's presence in infected systems
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #8

Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #9

• What is illegal
• What are the elements of proof
• What constitutes evidence
• How to protect the evidence
• Whom to call
• When to call them
• What to tell them
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #10

• Criminal
– Charges brought by state in name of the people
– No private prosecutions (cf. U.K. law)
– No double jeopardy (what does this mean?)
– Penalties: incarceration, death and/or fines
• Civil
– Action brought by one party against another
– Penalties: deprivation of property
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #11

• Law enforcement agencies
– Investigate crimes, collect evidence
• Prosecutors
– Evaluate evidence, decide whether to prosecute
– Represent state in criminal matters
• Courts
– Hear evidence, reach conclusion on guilt
• Defense attorneys
– Represent the accused
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #12

• English Common Law (except Louisiana)
– Statutes (enacted by legislatures)
– Case law
– Precedents
• State/local vs. Federal law
– Jurisdiction
– Pre-emption
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #13

• Computer crime is one of -- if not THE -fastest growing crime categories
• “That’s where the money is”
• Fraud loss in Southern NY area alone,
Jan ‘95 to Jan ‘00: nearly $400,000,000
• This isn’t just “victimless, white-collar crime:” nearly 2/3 of those arrested were carrying automatic weapons
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #14

• If you operate a network service, you face civil liability if civil codes are violated
– Copyright protection
– Trademark protection
– Other intellectual property
• Pressure from various entities
– Privacy
– Content
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #15

• Example: until late 1998, it was NOT illegal in the U.S. to steal someone else’s identity
• Where you are defines what is illegal
– OK to use another name in US if not to defraud
– Illegal in U.K.
• You WILL be involved in this if you are involved in computer security
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #16

• You are NOT a law enforcement officer!
• You need to know about computer law to be an effective computer security person, just as you need to know about motor vehicle law to be an effective driver
• Ignorance is not an excuse
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #17

• Just like engineering, they have a language
• 18 USC § 2319 decodes as “Title 18, United
States Code, Section 2319”
• State laws have their own abbreviations, but follow the same pattern:
– In New York: PL = Penal Law
– In Mass: MGL = Mass. General Laws
– In Conn: CGS = Conn. General Statutes, etc.
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #18

• It is not permissible to break the law in order to enforce it
– IRC sessions and law enforcement
– Automatic actions to counter hacking
– Eavesdropping (but not always)
• Depending on your point of view, this is a basic preservation of constitutional liberty or a gift to law breakers. But it is the law!
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #19

• Can’t cover everything, so will concentrate on US federal law, with added local & foreign examples
• US Code can be found on the Web at: www4.law.cornell.edu/uscode
• Title 18 is the criminal title: it defines federal crimes and criminal procedure
• All the laws of the United States are found
(somewhere) in the Code
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #20


Title 1 General Provisions

Title 2 The Congress

Title 3 The President

Title 4 Flag and Seal, Seat Of Government, and the States

Title 5 Government Organization and Employees

Title 6 Surety Bonds (repealed)

Title 7 Agriculture

Title 8 Aliens and Nationality

Title 9 Arbitration

Title 10 Armed Forces
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #21


Title 11 Bankruptcy

Title 12 Banks and Banking

Title 13 Census

Title 14 Coast Guard

Title 15 Commerce and Trade

Title 16 Conservation

Title 17 Copyrights

Title 18 Crimes and Criminal Procedure

Title 19 Customs Duties

Title 20 Education
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #22


Title 21 Food and Drugs

Title 22 Foreign Relations and Intercourse

Title 23 Highways

Title 24 Hospitals and Asylums

Title 25 Indians

Title 26 Internal Revenue Code

Title 27 Intoxicating Liquors

Title 28 Judiciary and Judicial Procedure

Title 29 Labor

Title 30 Mineral Lands and Mining
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #23


Title 31 Money and Finance

Title 32 National Guard

Title 33 Navigation and Navigable Waters

Title 34 Navy (repealed)

Title 35 Patents

Title 36 Patriotic Societies and Observances

Title 37 Pay and Allowances Of the Uniformed Services

Title 38 Veterans' Benefits

Title 39 Postal Service

Title 40 Public Buildings, Property, and Works
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #24


Title 41 Public Contracts

Title 42 The Public Health and Welfare

Title 43 Public Lands

Title 44 Public Printing and Documents

Title 45 Railroads

Title 46 Shipping

Title 47 Telegraphs, Telephones, and Radiotelegraphs

Title 48 Territories and Insular Possessions

Title 49 Transportation

Title 50 War and National Defense
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #25

• What is illegal depends on:
– where the crime occurred
– who has jurisdiction
• this is not always determined by geography (e.g., bank robbery is always a federal crime in the
U.S.A.)
• there may be overlapping jurisdiction
• prosecutors may decide to proceed in one jurisdiction because of penalties available
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #26

• Criminal Code of Canada: www.efc.ca/pages/law/cc/cc/html
• Mass. General Laws: www.state.ma.us/legis/laws/mgl
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #27

• What is prohibited, often in excruciating detail
• What must be proven to prove the crime
(often by inference)
• What the penalty is for violating the law
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #28

• Regulations are not laws -- they describe details of how to comply with the law
• Annotations in laws trace the history of the law’s development--what was illegal yesterday may not be illegal today (e.g.
Prohibition), and vice versa
• You need a lawyer or a law enforcement agent to help with the details
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #29

• Regulations provide detailed information on how laws are to be applied
– Code of Federal Regulations (CFR) [44 USC §
1510]
– Code of Massachusetts Regulations (CMR)
– Similar taxonomy to statutes
• Regulations are not laws, but failure to observe their requirements can often lead to serious problems
• In some cases, violation of a regulation is a violation of a statute
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #30

• For the most part, law enforcement agents are intelligent, honest, and hard-working
• Pay scales are far below private industry, so finding agents with technology skills is hard, especially CURRENT technology
• They want to do a good job -- taking criminals off the street is what they do
• You need their help, and they need yours.
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #31

• All crimes are not prosecuted
• The likelihood of prosecution depends on
– Magnitude of the crime
– Likelihood of conviction
• Will the jury understand the crime?
• How good is the evidence?
• You can improve probability of prosecution by knowing what you are doing and keeping the evidence sound
• Prosecutors get performance reviews, too
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #32

• FBI
– Federal Bureau of Investigation
– Part of US Department of Justice
– Charged with enforcement of federal laws
– Other counterparts
• Canada: RCMP
• Germany: Bundeskriminalpolizei
• Many nations have no counterpart
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #33

• USSS
– United States Secret Service
– Best known for protecting the President
– Part of the Treasury Department
– Primary jurisdiction in counterfeiting (all sorts), currency and electronic crime
– Foreign counterparts: no exact ones. RCMP in
Canada has many of same roles
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #34

• US Customs Service
– Responsible for collecting duties and preventing smuggling
– Primary enforcement agency protecting US borders
– If you bring it into the US, it is their business
– Part of the Treasury Department
– Nearly every nation has an equivalent agency
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #35

Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #36

• Federal law
– 18 USC § 1030 -- Fraud, use of computers for economic espionage, computer intrusions
• Massachusetts law
– 266 MGL § 33A. Intent to defraud commercial computer service; penalties
– 266 MGL § 120F. Unauthorized access to computer system; penalties
• Canadian Law
– Criminal Code of Canada, 342.1
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #37

• Knowing, intentional unauthorized access or access beyond authorization is a crime, depending on the computer and what is accessed
• Trafficking in computer access information a crime
• Severe punishments provided
– As much as 10 years imprisonment
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #38

MGL CHAPTER 266. CRIMES AGAINST PROPERTY.
Chapter 266: Section 120F. Unauthorized access to computer system; penalties.
Section 120F. Whoever, without authorization, knowingly accesses a computer system by any means, or after gaining access to a computer system by any means knows that such access is not authorized and fails to terminate such access, shall be punished by imprisonment in the house of correction for not more than thirty days or by a fine of not more than one thousand dollars, or both.
The requirement of a password or other authentication to gain access shall constitute notice that access is limited to authorized users.
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #39

342.1
(1) Every one who, fraudulently and without colour of right,
( a ) obtains, directly or indirectly, any computer service,
( b ) by means of an electro-magnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system,
( c ) uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph ( a ) or ( b ) or an offence under section 430 in relation to data or a computer system, or
( d ) uses, possesses, traffics in or permits another person to have access to a computer password that would enable a person to commit an offence under paragraph ( a ), ( b ) or ( c ) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years, or is guilty of an offence punishable on summary conviction.
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #40

• 18 USC
§
3482. Evidence and witnesses - (Rule)
• SEE FEDERAL RULES OF CRIMINAL
PROCEDURE
Competency and privileges of witnesses and admissibility of evidence governed by principles of common law, Rule 26
Can you see the utility of a good attorney here?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #41

Presumption of integrity
31.3
For the purposes of subsection 31.2(1), in the absence of evidence to the contrary, the integrity of an electronic documents system by or in which an electronic document is recorded or stored is proven
( a ) by evidence capable of supporting a finding that at all material times the computer system or other similar device used by the electronic documents system was operating properly or, if it was not, the fact of its not operating properly did not affect the integrity of the electronic document and there are no other reasonable grounds to doubt the integrity of the electronic documents system;
( b ) if it is established that the electronic document was recorded or stored by a party who is adverse in interest to the party seeking to introduce it; or
( c ) if it is established that the electronic document was recorded or stored in the usual and ordinary course of business by a person who is not a party and who did not record or store it under the control of the party seeking to introduce it.
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #42

• 18 USC § 471 -- Counterfeiting US notes
• 18 USC § 1028 -- Identity theft
• 18 USC § 1029 -- Fraud and related activity in connection with access devices
• 18 USC § 2252 -- Kiddy pornography
• 18 USC § 2318 -- Counterfeit computer labels, program documentation, packaging
• 18 USC § 2319 -- Copyright infringment
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #43

• Deals with “false identification document”
– Making, transfer, use, possession all crimes
– Identity documents covered
• Any identification document issued under by or under the authority of the United States
– Includes federal, state, local, foreign government, international quasi-governmental organization
– Birth certificate, driver’s license, personal ID card
– Penalties up to 15 years imprisonment
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #44

• Know the applicable law where you operate
• When you determine a violation has probably occurred:
– Save the audit logs and any other documentary evidence of the offense
– Notify your supervisor
– Call the authorities
– Keep your suspicions close hold
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #45

• First, call the local police
– Describe what you think you have
– Ask for advice
– Announce intention to call federal law agency
• Call the feds
– FBI
– USSS
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #46

• Get to know the cognizant law enforcement agents, local and federal
• Find out if you can help them
– Low investment, high payoff
– They’ll be more responsive if they know you
• Don’t cry wolf
– Be sure you know what you are talking about
– Have the information to support your claim
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #47

• Be certain your organization intends to pursue the criminal case to the end; otherwise, you are wasting everyone’s time and they won’t thank you
• Keep your mouth shut except to the police; the libel laws are still in full effect
• Don’t forget you don’t carry the badge
• Don’t talk down to the police
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #48

• Be sure you have written policy for your employees about what is and what is not permitted, and make sure you can show they have read it
• Don’t exceed your authority
• Don’t be unreasonable
• Don’t be capricious -- the same penalty for the same infraction should be the rule
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #49

• Copyrights [17 USC]
– Protect expression of ideas, not the idea itself
– Gives author exclusive rights to copy & sell
– Can cover “any tangible medium of expression”
– Work must be original to the author
– Subject to “fair use”
– Marking required
– Lasts for 50 years after death of last author
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #50

• Copyright valid without registration, but registering helps insure protection
• Infringement resolved in the courts
• U. S. Govt. works in public domain, but not all governments (cf. Crown Copyright)
• Programs can be copyrighted, but…
• Copyright limits distribution, not use
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #51

• Create the work
• Mark the work with copyright notice
• File a copyright form
• Distribute the work
EE579T/10 #52 Spring 2001
© 2000, 2001, Richard A. Stanley
WPI

• Basic statute is 17 USC § 506
– Title 17 deals with copyrights
– Section 506 treats remedies for infringement
– For legal consistency, penalties are in the criminal title, Title 18
• Up to 3 years imprisonment, first offense
• Up to 6 years imprisonment, second or subsequent offense
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #53

• Protect inventions [35 USC]
• Object patented must be “nonobvious”
• Patent goes to first to invent (in U.S.)
• Requirements for patent
– Search for prior art
– Patent Office determination that it is novel
– Issuance of patent
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #54

• Valid for 20 years since US ratification of GATT harmonization, earlier 17 years, not generally renewable
• Requires disclosure of all working details
• A patent is a public document
• Infringement must be opposed. Claims:
– This isn’t infringement
– The patent is invalid
– The invention is not novel
– The infringer invented first
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #55

• Software can be patented
• Easier to patent a process in which software forms a part, but then use of the software outside the process is not covered
• Not much case law yet
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #56

• Is a civil, not a criminal matter
– Cf. Copyright violations
• Remedies provided
– 35 USC § 271 defines infringement
– 35 USC § 281 provides for civil remedy
– 35 USC § 284 et seq. provide for damages
• If you participate in infringement, you could be a defendant
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #57

• Gives a competitive edge over others
• Must always be kept secret
• Applies well to software
• Hard to enforce (e.g. reverse engineering)
EE579T/10 #58 Spring 2001
© 2000, 2001, Richard A. Stanley
WPI

• Generally, if you were paid to produce it by your employer, they own the property
• If you produce it on your own time, but use skills learned on the job, they may still own the property
• Intellectual property agreements
• Employment contracts
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #59

• Freedom of Information Reform Act of 1986
[5 USC § 552]
– Requires disclosure of Executive Branch data except in cases of national security or personal privacy
– Significant impact on computer security
• Privacy Act of 1974 [5 USC § 552]
• Fair Credit Reporting Act [15 USC § 1681]
– Places limits on data collected on individuals and uses to which data can be put
– Consumer right to know contents of own files
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #60

• Censorship
• Privacy
• Actions of others
• Responsibility to report crimes
• Public approbation vs. legal action
• Whose laws apply?
– Cf. eBay and Nazi memorabilia in France
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #61

• What if…
– One of your employees is using your network to do something illegal?
– Someone outside the organization is using your network resources for illicit purposes?
– Your system is broken into and important information goes missing or becomes public?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #62

• For intellectual property?
• For personal data?
• For financial data?
• For proper operation of the network?
• How and where are these things defined?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #63

• Information Management
– Data acquisition
– Access
– Stewardship
• Information Security
– Ownership of intellectual property
– Crime
– Liability and reliability
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #64

• Ethics and the law are not the same
• Ethic is an objectively defined standard of right or wrong
• Ethical standards tend to be idealistic
• Set of ethical principles is an ethical system
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #65

LAW
• Formal, written
• Interpreted by courts
• Established by legislature
• Applies to everyone
• Conflict, “right” resolved by courts
• Enforceable
ETHICS
• Unwritten principles
• Interpreted by indiv.
• Presented by religions, philosophers, etc.
• Personal choice
• No external arbiter of
“right” or conflict
• Limited enforcement
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #66

• Complex
• Ethics and religion
• Ethics not universal
• Ethics does not provide unique, immutable answers
– Ethical pluralism
– Very unlike scientific view of “truth”
– Rarely a higher authority
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #67

• How to approach an ethical issue?
– Understand the situation
– Know several theories of ethical reasoning
– List the ethical principles involved
– Determine which principles outweigh the others
• First and third are key
• Easy to go off at half cock
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #68

• Teleology
– Focus on consequences
– Egoism: benefits to person taking the action
– Utilitarianism: benefits to entire world
• Deontology
– Focus on sense of duty
– Some things are just intrinsically good
– Rule-deontology
– Act-deontology situation ethics
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #69

Dave works as a programmer for a large software company. He writes and tests utility programs. His company operates two shifts: during the day, program development and online applications are run; at night batch production jobs are completed. Dave has access to workload data and learns that adding programming work to the night shift runs would not adversely affect performance of the computer to other users.
Dave comes back after normal hours to develop a program to manage his own stock portfolio. His drain on the system is minimal; he uses very few expendable supplies such as paper. Is Dave’s behavior ethical?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #70

• Ownership of resources
• Effect on others
• Universalism principle
• Possibility of detection, punishment
• Other issues?
• Which are more important than others?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #71

Donald works for the county health department as a computer records clerk, where he has access to files of patient records. For a scientific study, a researcher -- Ethel -has been granted access to the medical portion, but the corresponding names, of some records.
Ethel finds some information that she would like to use, but she needs the names and addresses in order to contact these people for more information and for permission to do further study.
Should Donald give Ethel the names and addresses?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #72

• Job responsibility
• Use
• Possible misuse
• Confidentiality
• Tacit permission
• Propriety
• Law
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #73

Kevin Mitnick, the notorious computer hacker accused of causing millions of dollars in damage to technology companies, has been ordered to get off the lecture circuit or risk going back to prison. The federal probation department sent word through his probation officer that his activities must stop, Mitnick said.
“They’re saying I can no longer write or speak about technology issues.” Mitnick said in a telephone interview. “I think it is an abrogation of my First Amendment rights. …
Probation is not supposed to be punitive.”
Government officials could not be reached for comment.
Are Mitnick’s actions ethical? Are the government’s?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #74

The school computer center
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #75

(ACM Code of Ethics and Professional Conduct)
• Contribute to society and human well-being
• Avoid harm to others
• Be honest and trustworthy
• Be fair and take action not to discriminate
• Honor property rights including copyrights and patents
• Give proper credit for intellectual property
• Respect the privacy of others
• Honor confidentiality
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #76

• Can or should you have an ethics policy?
• Why or why not?
• Are you aware of organizations that do have ethics policies?
EE579T/10 #77 Spring 2001
© 2000, 2001, Richard A. Stanley
WPI

• Privacy
– What is it?
– How to protect it?
– What do customers and employees expect?
– What do they have a right to expect?
– Where is the Constitutional right to privacy found?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #78

• Network security involves a close interaction of legal and ethical issues
• Ethics and the law are not the same
• There are no hard and fast answers to ethical questions, but there are guidelines
• It doesn’t hurt to seek others’ opinions, but the ultimate responsibility rests with you
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI EE579T/10 #79