Computer Hacking and Ethics - Thoughts on computer crime from 1985

hacking
philosophy
crime

#1

I came by an article today from 1985 (find it here: Computer Hacking and Ethics by Brian Harvey University of California, Berkeley).

Here’s the few paragraphs that stuck with me:

In the context of computer systems, there is a similar dichotomy. There are some career criminals who steal by electronic means. This small group poses a large problem for society, but it’s not a new one. Thieves are thieves. Just as banks use special armored cars, they must also develop special armored computer systems. But the rest of us don’t use armored cars for routine transportation, and we don’t need armored computer systems for routine communication either. (Of course there is a large middle ground between heavy security and no security at all. My purpose here is not to decide exactly what security measures are appropriate for any particular computer system. Instead, I just want to make it clear that, while in this paper I’m not trying to address the problem of professional criminals, I’m not trying to deny that there is such a problem either.)

To bring forward some modern day context, in my country/state joyriding can carry up to 5 years in prison, while the hacking equivilent is up to 2 years in prison.

Maybe things have improved? I don’t know. If memory serves me people usually get charged with way more computer offence than should actually be applicable (though this is wholly conjecture on my part without any more research)

There is also a middle ground between the young person who happens to break unimportant rules in the innocent exercise of intellectual curiosity and the hardened criminal. Consider the hypothetical case of a young man whose girlfriend moves to Australia for a year, and so he builds himself a blue box (a device used to place long distance telephone calls without paying for them) and uses it to chat with her for an hour every other day. This is not intellectual curiosity, nor is it a deliberate, long-term choice of a life of crime. Instead, this hypothetical adolescent, probably normally honest, has stepped over a line without really noticing it, because his mind is focused on something else. It would be inappropriate, I think, to pat him on the head and tell him how clever he is, and equally inappropriate to throw him in prison. What we must do is call his attention to the inconsistency between his activities and, most likely, his own moral standards.

Advocating for lighter sentences for nonviolent crime is a good thing in my opinion. An interesting hypothetical the author introduced, the distinction between a one-off crime and a choice to live through crime is one usually left up to the discretion judge and/or jury here.

Anyway, though you guys might like a short read.


(Command-Line Ninja) #2

I agree with that reasoning. There is a difference in stealing (taking money from somebody), and not paying for something you should be paying for.

Take for example piracy. Should somebody who downloads a Movie without paying really be treated like somebody who physically went into a shop, undetected, and stole a movie. The latter is taking from an individual, it is literally creating a loss; whereas the former doesn’t affect them at all, expect that they would’ve bought it had they obtained it via traditional means.

There is a huge difference between somebody who breaks into a system to see if he can, and somebody who breaks into a system with the intention of selling the information obtained (which will later be used for the theft of money from innocent clients).

The ignorance in the legal arena behind computer crime and security is astounding and has caused the harsh sentences that stand today. Just my 0.00001BTC…


#3

There is a huge difference between somebody who breaks into a system to see if he can, and somebody who breaks into a system with the intention of selling the information obtained (which will later be used for the theft of money from innocent clients).

I guess the issue is a lot of courts don’t have the technical expertise to determine this?

I have a friend in my country (Australia) who has 1-4 years left on his sentence (depending on parole). He was charged with: Unauthorised Access With intent and like 20 other counts of something like fraud and financial gain by deception.

Allegedly he had “hacked” (through password re-use) into an accountancy firm from his home computer (I know) and stolen/copied thousands of documents. What actually happened was IT at the accountancy firm had forgotten to unshare the dropbox all the accountants used with him when he was made redundant.

I don’t think he should have gotten any time as it was the fault of the firm, but they spun it as him selling the documents online to criminals (they’d had several clients claim their rivals/competitors had obtained their financial records). Long story short: He was given a deal which amounted to him having to spend a maximum of 4 years imprisonment (he’ll probably get out on parole this year or next year).

The reason he was convicted was, I think, due to a:

  • Total misunderstanding of how computers and IT work by judges and lawyers
  • Embarrassment by the firm and a need for a scapegoat
  • Failure of the firms IT to have standard onboard/offboard procedures

That being said it didn’t help that as police investigated they found various laptops running Kali/ParrotOS etc. Encrypted partitions and files and hard drives.

Just been on my mind lately.


(Command-Line Ninja) #4

This is awful. Getting caught and going to prison is a nasty thing; especially with computer hacking charges. Your hopes on getting a job, where you even touch a computer, is insanely reduced when you get charged with it.

I hear the life after prison is better in America than UK or Austrailia. Does anybody else have any experience of going to prison on hacking charges, or know of somebody who has? I’d love to hear your experience and thoughts.


(Austin) #5

I don’t personally have any experience but I remember hearing Samy Kamkar talking about this in a video of his day 2 talk at AusCert 2017
AusCERT2017 Day 2 Samy Kamkar: The Less Hacked Path
Now he wasn’t wrongly accused but what he has done since getting out of prison I think shows its better in the US.


(Burning away in an Explosion) #6

Well America’s totally cool. 3 times and your lifetime in I heared. But I have no experience with UK and Australia. How are they doing it there? Also I guess living in society after having stayed in prison is totally awful 'cause you’re totally fucked.


(Command-Line Ninja) #7

We’ll for some reference. Kevin Mitnick is walking around a security researcher, after committing a lot of fraud.

https://www.reddit.com/r/IAmA/comments/646vk9/iama_convicted_lulzsecanonymous_hacker_ama/

This hacker (although his comments are deleted), I recall him speaking about having no chance at even getting a job where he even uses a computer in his work. Based in the UK, you can see the contrast.