Personal Privacy Protection in an Austrian Online Survey

AUTHOR

Anne Siegetsleitner and Martin Weichbold
University of Salzburg
Austria

ABSTRACT

Computer systems often change the framework of human subjects research. This is evident in the case of human subjects research on the Internet. Online surveys like the one we will critically examine in this paper involve new ethical challenges to the researcher. We will (1) consider the question which features of the survey are problematic from an ethical viewpoint regarding personal privacy protection and (2) make some recommendations how the design of the survey could be ethically improved without unreasonably impeding the new and desirable possibilities of online surveys. The results will not reveal great dangers because the data is not sensitive enough, nevertheless, they will show very well how ethical problems are currently handled in online research and how the situation can be improved.

The social research project we will examine was a common click-me survey on the World Wide Web carried out by a student of an Austrian university. In a questionnaire visitors of the official Web site provided by an Austrian tourist information were mainly asked for their evaluation of the Web site and their attitude towards an Austrian city. The communicated purpose was to improve the Web site, but the project was also carried out in order to get answers to methodological questions, e.g. how different versions of the questionnaire change the access and break off rate.

The examination will follow basic international privacy principles more or less implemented in national privacy laws. The basic question, however, is whether the data gained by the survey is personal data at all. Most answers asked for can be deemed ‘personal’ in the common sense of the term. The answer to the question whether it is personal data according to the European Union directive on data protection (95/46/EC) is more difficult. There, ‘personal data’ means any information relating to an identified or identifiable natural person. In our case, it depends mostly on the issue whether an IP-address in connection with the provided answers or some additional data is suitable to identify the respondent, and on the condition whether a respondent provided an e-mail address in order to participate in a lottery which was offered to the respondents. At least in the second case the data is also personal data in the strict sense.

The four core principles of personal privacy protection applied to the WWW and the respective problematic features of the survey are:

  1. Notice. Users of a Web site should be informed (a) what data is collected, (b) how it is collected, (c) for which purposes it is used, (d) whether the data will be disclosed to other entities, and (e) whether other entities are collecting data through the site. The questionnaire is accessible via a link at the tourist information’s Web site where participants were not informed that the data was directly provided to a server of a software company and that the project was carried out by a student as an academic survey. Nor were they informed about the fact that some data will be collected non-reactively and that resistant cookies were used. Moreover, they were only partly informed about the purpose of the survey.
  2. Choice. Users should be given the possibility to choose freely whether, by whom and for which purposes their personal data will be used. In the survey respondents could not deny the use of a cookie (if their browser did not provide this possibility) or the use of their data for the methodological purpose. Probably, they also got the misleading impression that the tourist information was carrying out the project. Therefore, the software company as well as the student got the data without the respondents consent.
  3. Access. Web sites should offer users reasonable access to data a Web site has collected about them. In this survey there were no such possibilities.
  4. Security. The provided data should be protected against unauthorized access, destruction or manipulation during transmission and storage and be stored in an anonymous form. In this case the data is not encrypted during transmission and storage, and not stored in an anonymous form. It is accessible to the software company.

Some of the improvements we recommend are:

First of all, it should be precisely determined who is responsible for carrying out the project, and who is authorized to get the data. The student? The tourist information? The software company which was consulted for practical reasons?

Notice: Potential respondents should be informed prior to the questionnaire about the responsible entity, who will get the data, and the general purpose of the survey. This can be done in a short form and a link to an extended version. Further information is problematic due to methodological reasons. But this information (e.g. the methodological purpose) should be disclosed at the end of the questionnaire and prior to final submission. This respects the respondents’ autonomy who should provide data freely.

Choice: Respondents should be asked for consent for the use of the cookie in a reasonable way.

Access: Respondents should have the possibility to ask for the deletion of all or part of the data (e.g. e-mail address), during or subsequently to the survey.

Security: As far as reasonable, data should be encrypted during transmission and storage, and decryption should be limited to the responsible entity. E-mail addresses should be separated from the rest of the data. Data that is not necessary or as soon as it is no longer necessary for the purpose of the survey should be deleted (e.g. deletion of IP-addresses after the control of multiple participation). The software company should be obliged to provide the security mechanisms.

With respect for the good will and the personal privacy of Internet users academic online research can preserve its high reputation. After all, these recommendations will not unreasonably impede the new and desirable possibilities of online research but increase its ethical score.

Research Ethics and the Internet

AUTHOR

Paul Schuegraf and Richard Rosenberg
Department of Computer Science
University of British Columbia
Vancouver

ABSTRACT

The tradition of ethics in psychological and sociological research is being confronted with a new dimension in studies done using the Internet, which thwarts the conventional application of many of the principles of ethical research. The problem of exactly how modern researchers should carry out research on or involving the Internet can be subdivided into a number of problems that are fundamentally ethical in nature and those which involve technical matters. For example, obtaining informed consent from subjects is one of the fundamental tenets of research in the social sciences. However, suppose that a researcher wished to incorporate into his work a message posted to any one of the thousands of publicly accessible newsgroups. Is the researcher obligated to obtain consent from the poster? After all, researchers have traditionally been exempt from obtaining consent for data collected from public sources such as television, radio, books, and open records and spaces.

On the other hand, it has been argued (King, 1996) that some virtual communities have a high degree of perceived privacy. Despite the fact that messages are publicly available, members of the community participate with a belief that privacy will be maintained by other members, allowing for a limited public discussion of sensitive issues. The fact that the information can be perceived as both public and private is the ethical aspect of the issue. Now suppose that the researcher has concluded that the community to which the desired message was posted operates with a high level of perceived privacy, and to proceed without obtaining consent from the person who posted the message would be ethically unacceptable. By what means should the researcher inform the potential subject, and how can he or she verify the validity of the consent should it be given? Assuming that the researcher is not able to meet personally with the subject and is thus forced to obtain information through the Internet, many problems can arise. There may be difficulty in obtaining contact information, the wrong person may be contacted, the subject may be underage or not sufficiently mentally competent to give consent or the subject may falsify information (including age) in responding. The difficulty in obtaining consent ethically when the need for it has been accepted is a new technical problem that does not appear in conventional study and consequently is not dealt with in ethics procedures.

In this paper, we examine some of the problematic areas of Internet research, some ethical, some technical, and some that have both aspects, including informed consent. Another important issue is the varying degrees of public availability or group accessibility of different Internet forums. Much of the research that has been conducted regarding ethics on the Internet has mainly considered publicly accessible newsgroups and MUDs and MOOs. Many more forums exist, such as listservs, chat rooms, and bulletin boards, each with its own particular public or private character, and each with its own particular ethical concerns. For example, some forums, such as newsgroups and listservs, are archived, which means that researchers can have access to large amounts of data that are entirely naturalistic (free from experimental interference) and nearly impossible to obtain consent for.

Other issues addressed in this paper are confidentiality, data maintenance and security, how privacy and deception apply to naturalistic studies on the Internet, as well as the use of pseudonyms and personally identifiable information. We examine the ethics guidelines of the American Psychological Association and the Social Sciences and Humanities Research Council of Canada, as well as those of the researchers’ home university, concluding that these guidelines often fail to provide sufficient guidance for those conducting research on the Internet. Guidelines for off-line research simply assume that researchers have access to a certain amount of basic information about the subject: one of the biggest problems with Internet research is the difficulty of verifying subjective data. Any data related to the physical world (age, sex, location, and occupation) can be falsified by the subject with little trouble. In this sense Internet research is more akin to historical or archaeological research, except that attempting to verify subjective data can lead to further ethical complications.

Several examples of Internet research are considered, including two that have been criticized for their ethical approaches (Finn and Lavitt, 1994, and Rimm, 1995). We finish by examining some possible approaches to the suggested problems, concluding however that there are far more questions than answers. Nevertheless, the potential value of the Internet as an area for research is immense; new ways must be found to apply the essential concepts of ethical research to this important but problematic domain.

Social and ethical aspects of the Y2K problem

AUTHOR

László Ropolyi
Department of History and Philosophy of Science
Eötvös University
1518 Budapest, Pf. 32.
Hungary

ABSTRACT

According to several analyses the Year 2000 computer problem (the Millennium Bug, Y2K Crisis, Time Bomb 2000, etc.) has been the most significant and enormously dangerous technological difficulty in the history of mankind. In spite of this, many experts have emphasized a radically different opinion: the difficulty was not real, no significant danger was expected due to the date problem. The debate between the different groups of “experts” about the nature and treatment of the problem has been widely popularized, in this way the public was informed, however, the lay public was not able to estimate the reality of the risk and the possible consequences of the problem and certain hysteric and apocalyptic reactions were observed especially in the USA. This strange situation demands a detailed social, socio – psychological, psychological, ethical and philosophical investigation.

Studying hundreds of web pages devoted to the problem I shall present a philosophical analysis of the “Year 2000” computer problem in order to demonstrate its most important social and ethical aspects and to contribute to the understanding of the problem with some ideas.

  1. At the beginning of the events (a few years earlier) the Year 2000 problem seemed like an enormous software business. Later (a few months before the crucial date) the problem liberated from this framework and became similar to a complete social catastrophe which can destroy the whole human (especially the Western) civilization: the dangers appeared in the personal life of the citizens as well; the collapse of the networks of water, and of electricity supply, and of banking, moreover, the end of the modern city and/or society was visionized. How and why did the problem change so radically? It had clear social and ethical causes.
  2. The Year 2000 problem was a complex problem of three – relatively separated – sub-problems: a technical-technological, a business related, and a social sub-problem. The direct technical problem of the date representation in computers did not have any difficulty, for the most experts it was clear that this problem can be solved in a very simple way. However, essential groups of the lay intelligentsia did not trust these computer experts. Realizing the dimension of the technological task it was demonstrated that most technological projects did not get finished in due time, especially in the software industry, so it would be important to take into account the presumable technical, economical, social difficulties. The crucial question is: the presence or absence of the trust of the public in the solution of the technical problem. How and why was this trust constructed or destroyed? A sharp struggle of the social actors for forming of the public opinion in question has been observed. During this struggle the technical problem was transformed into a problem of business and politics.
  3. The business related problem had many different aspects. There were some forecasts about the economic crisis and some others about the economic boom caused by the Y2K problem. One of the most important phenomena was probably the appearance of the ideas and activity of the so called survivalists, who – due to the possible collapse of the trade systems – suggested to buy, to store, to supply practically everything which is important for the civilized life. They have emphasized the possible risks of the date problem and with the ideological support of certain apocalyptic religious prophets and movements they have suggested to prepare to a social chaos saying that they are “dedicated to helping you prepare the worst, while hoping for the best”. In this way the question of trust was directly related to the trading activity motivated by a fear of the end of civilization. The representatives of the survivalism were not basically interested in the solution of the technical problem of date but they were interested in a special managing of the fear of people. These relationships formed an advantageous environment to the emergence of the social problem of Y2K.
  4. The social problem has been three different managing strategies. The position of survivalism was characterized above. The critical opponents of the survivalist strategy pointed out its hidden business related aspect and criticized its pretended attitude. The government wanted to demonstrate its efforts to prepare its computer systems and that of the other critical sectors of the economy and society, in this way to save the public trust in itself, especially in its high level problem solving abilities.
  5. The Y2K problem and its treatment was very significant for the social scientists. It became clear that the modernity have already transcended. The modern computers build up into the social networks have a crucial role in the working of the postmodern network society. The serious anxiety of many people about the collapse of civilization is an important sign that in their thinking the network society represents already the civilized society. The actual running of the Year 2000 problem can be considered as a measurement process of the postmodernity of the present society.

Ethics in Computer Engineering

AUTHOR

Wade L. Robison
Ezra A. Hale Professor in Applied Ethics
Rochester Institute of Technology
Rochester, NY 14623

ABSTRACT

The intellectual core of engineering is a design solution to a particular kind of problem, and ethical issues are internal to that intellectual core. Teaching ethics to computer engineering students thus requires an understanding only of the intellectual core of engineering itself and thus of how design solutions are themselves ethically loaded.

Ethics is already in engineering and only needs to be revealed. Once revealed as internal to any design solution, ethical issues can become a subject of explicit discussion within the intellectual core of engineering itself.

We might imagine, using the Cartesian conceit, an evil genius of an engineer who makes our lives miserable by designing artifacts which mislead into mistakes even the most intelligent, the most highly trained, and the most highly motivated among us and which, in the most diabolically perverse cases, seduce us into producing the opposite of what we were led to expect by the design.

We are all familiar with such artifacts in our daily lives — stove tops whose design misleads us into turning on a burner other than the one we intend, doors that entice us into pushing when we must pull them open, and so on. We may have perverse engineers in our midst, but, far more likely, we have engineers who do not think through the implications of their design solutions for those who are to use the artifacts created in accordance with them.

Whenever there is a mechanical or technical failure, it is always a question where the responsibility ought to rest. A pilot who takes off on the wrong runway and so causes a catastrophic crash will be exonerated if something was amiss that would lead even an intelligent, well-trained, and highly motivated pilot to turn into the wrong runway. But if nothing was amiss, we must wonder about the pilot. Did the pilot make a stupid mistake? Was the pilot inexperienced — the Kennedy case? Was the pilot not motivated to survive — as suspected in the Egyptian air disaster?

These two variables — the nature of the situation and the nature of the operator — play against each other, with perfections of the one calling into question the other. A foolproof design must meet a superior fool not to work, and the most motivated of the best of the best must be misled by something problematic about the design. The ‘must’ indicates a conceptual necessity.

It can only be an heuristic ideal for engineers to solve a design problem with something so wonderfully perfect that it would take a perfect fool to misuse it. There are too many ways in which we humans can be foolish, ignorant, and unmotivated, and the bar would be too high if engineers had to design to make impossible the consequences of all our human failings. But it is an heuristic ideal — and an ethical one. For failures built into the design solution itself by, say, a perverse engineer or a careless one will have consequences, some no doubt unexpected, some almost certainly harmful.

It is a harm, although generally not a major one, to push against a door to open it when it must be pulled. It can cause grievous harm to turn on the wrong burner of a stove. And errors in computer programs can cause untold disasters — from directing an airplane, dependent upon the program for navigation, into a mountainside, as happened in Columbia, to causing the loss of data for a long-term experiment, to producing blackouts in the electrical grid, with all the attendant costs to industry and individuals, to mistakenly reading a signal as a launch for nuclear retaliation.

Indeed, as the world becomes more and more dependent upon technology and, in particular, upon computer programs and thus upon computer programmers, and as interconnections between various parts of this complex computer intrastructure increase, what could have been minor failings can take on catastrophic proportions. Recognizing that ethical considerations are part of the intellectual core of engineering ought to change the way we teach ethics within computer science and decrease the likelihood of graduating perverse or indifferent engineers.

The phrase ‘teaching ethics to computer students’ implies for some a particular view of the relations between technological and scientific disciplines on the one hand and ethics on the other. It is a view readily found in most introductory engineering books where a chapter or a section on ethics is mandatory, but is at the end of the book or at least in a separate section, easily bypassed, relegated by its placement to a side issue, distinct from the ‘real business’ of engineering. It is a view that leaves opens the all-to-common response, ‘I’m not responsible for what people do with what I design.’ But if an engineer’s design invites harms and it need not, then, indeed, the engineer is responsible. A code is a contingent string, and no code must be written so as to cause harms. It may be written that way, for there are too many untoward variables for anyone to guard against. But it is incumbent upon engineers to do what they can to achieve the heuristic ideal of perfection, and it is incumbent upon us as educators to teach our students that they have an obligation, internal to the intellectual core of their discipline, to strive for that ideal.

Protecting the electronic participant: ethical codes and cyber-research gone awry

AUTHOR
Paula Roberts
University of South Australia

ABSTRACT

On-line discussion groups represent a rich data repository for social scientists, as is reflected in rapidly increasing activity in cyber-research. Existing research ethics codes for the protection of participants (for example, Commonwealth of Australia, 1999) rest on four major principles; integrity (the ethical conduct of research), respect (the process of informed consent), beneficence (maximising the benefits for research participants) and justice (the fair distribution of the project’s burdens and benefits). These principles, deemed appropriate for human subjects research in the physical world, are now found wanting when applied to cyber-research, as is indicated by case studies of virtual research projects gone awry (Kling, 1996).

This paper applies these four ethical research principles to Kling’s case studies as a means of analysing the appropriateness of transferring existing codes to the very different social and technical environments of virtual space.

First principle: integrity
Thomas (in Kling, 1996) reports an undergraduate study involving an analysis of erotica files on electronic bulletin boards and Usenet postings obtained from the private files of users on a university computer system. System operators collected other data for the study and provided demographic details of users including position (faculty, staff, student) and department. Here the electronic context provided the researcher with access to a store of personal and potentially damaging information together with unknowing research subjects who displayed naive expectations of security and privacy which were easily breached by an inexperienced and unethical researcher aided by unethical systems operators and inadequate research supervision.

Second principle: respect for participants and the process of informed consent
King (in Kling 1996) describes a project (Finn & Lavitt 1994) which examined a nationally accessible sexual-abuse-survivors support group. Data was down-loaded for analysis and publication, bypassing the vital ethical principle of gaining informed consent, with the researcher later justifying his actions by arguing that messages posted on an electronic bulletin board system are public information. This case reveals the blurred distinction of the private and public in cyberspace and highlights the disinhibiting effect of computer-mediated communication with its potential for damaging public exposure when researchers objectify their subjects and devalue their personal information (Shrum 1995).

Schrum argues that collectivities that emerge around sensitive topics should be viewed as closed groups because of their vulnerability and susceptibility to damage, and where even sensitive participant observation can be disastrous to participants’ on-line experiences, as Reid (1996) describes in her case study.

The process of informed consent protects the right of subjects to choose whether or not to participate in a study after being informed of its parameters and possible benefits or harms, and to withdraw from the study at any time. But gaining informed consent is made difficult by the shifting population of on-line groups, and where age and possible vulnerability are masked by anonymity, which may compromise both research validity and the safety of participants, who mostly are unaware that their personal data will be stored for an indefinite period in an electronic medium dependent for its security on system administrators (Reid 1996).

Third principle: beneficence, maximising benefits for the participants
As a benefit, the convenience of on-line communication may offer access to those who would otherwise be precluded from taking part in a study, and e-mail interviews make possible quick responses and clarification of concepts, thus allowing participants greater insights into the purposes and processes of the research than is possible in one-off, face-to-face interviews (Murray & Sixsmith 1998). However, the constantly changing membership of on-line communities complicates efforts to conduct debriefings and follow-up research which are necessary in order to assess the long-term benefits or harm to subjects.

Fourth principle: justice in sharing the project’s benefits and burdens
While cyber-research may provide greater inclusivity for participants in research, thereby giving them a voice (Hewson et al. 1996), the principle of justice bears directly on the selection and recruitment of participants where it is only just and right to ensure that subjects are selected for reasons directly related to the problem being studied, instead of for their easy availability, compromised position, or potential for manipulation.

While these are issues for physical as well as virtual settings, participants in on-line communities may be compromised by their easy availability and, in view of the global, social and economic disparity in Internet access and usage, achieving a fair distribution of the burden and rewards of on-line research may be impossible.

Conclusion: ‘Bottom-up’ ethical wisdom for computer-mediated social research
In these early developmental stages of an emergent cyber-research paradigm, it is imperative that a code of ethics encompass the diversity of cyber research sites and researcher goals, the complexities of the electronic medium in the generation and storage of research data, and the effects of the medium on the behaviour and expectations of research participants.

The problem of how private data can be differentiated from public data, when all data exist in the same transparent electronic medium, may remain a question to be resolved by the ethical judgement of the individual researcher, as may the selection of research participants, for although it is possible to join an on-line discussion surreptitiously for research purposes, it is no more appropriate than taping a conversation without permission (Shrum 1995).

The efficacy of developing a code of ethics for cyber-research is challenged by some theorists. Waskul & Douglass (1996) point out that ethical codes systemise ethical considerations and provide guidelines for the researcher, but are not safe havens to hide from the responsibility of making sound ethical choices.

Likewise, Allen (1996) argues that reliance on ethical guidelines may inhibit a ‘bottom up’ ethical wisdom, which is dependent for its development on concrete experience and the ethical work of everyday life rather than abstract rules (Bakhtin 1993). Allen suggests also that researchers should be required to report on the conditions that grounded their ethical choices and the consequences for their subjects of these choices.

It may be that these open reflections are the best way of building an understanding in the scholarly and wider community of the complexities of cyber-research and its ethical conduct.

REFERENCES

Allen, C. (1996) What’s wrong with the ‘Golden Rule’? Conundrums of conducting ethical research in cyberspace, The Information Society. 12:175-187.

Bakhtin, M.M. (1993) Toward a Philosophy of the Act, Austin, University of Texas Press.

Commonwealth of Australia (1999) National Statement on Ethical Conduct in Research Involving Humans. Canberra, ACT. AusInfo Publishing.

Finn, J. & Lavitt, M. (1994) Computer-based self-help groups for sexual abuse survivors, Social Work with Groups, 17: 21-46.

Hewson, C.M., Laurent, D. & Vogel, C.M. (1996). Proper methodologies for psychological and sociological studies conducted via the Internet. Behavioral Research Methods, Instruments and Computers, 28(2): 186-191.

King, S. A. (1996) Researching Internet communities: Proposed ethical guidelines for the reporting of results, The Information Society. 12:119-127.

Kling, R. (1996) Special edition on Internet Research Information Society 12.

Murray, C. D. & Sixsmith, J. (1998) E-mail: A qualitative research medium for interviewing? International Journal of Social Research Methodology 1(2): 103-121.

Reid, E. (1996) Informed consent in the study of on-line communities: A reflection on the effects of computer-mediated social research, The Information Society. 12:169-174.

Schrum, L. (1995) Framing the debate: Ethical research in the information age, Qualitative Inquiry, 1(3): 311-326.

Thomas, J. (1996) When cyberresearch goes awry: The ethics of the Rimm ‘Cyberporn’ Study, The Information Society. 12:189-198.

Waskul, D. & Douglass, M. (1996) Considering the electronic participant: Some polemical observations on the ethics of on-line research. The Information Society. 12: 129-139.

Virtuous hackers community of practice

AUTHOR
Paula Roberts and Jenny Webber
University of South Australia

ABSTRACT

Losses due to computer break-ins by malicious outsiders or disgruntled employees are estimated to cost companies billions of dollars each year (Taylor 1999), but the detection and prosecution of these intruders is difficult because companies subjected to security break-ins are often oblivious to such damage, while others who do detect breaches of their information systems choose not to disclose such events, fearing the commercial damage associated with loss of consumer confidence once weaknesses in corporate computer systems are revealed.

Behar (1997) notes that security issues have come into sharper focus as greater corporate dependence on e-mail and networks has been matched by increasing amounts of economic espionage from ‘crackers’, that is, malicious intruders. This increased vulnerability to attack has been paralleled by government requirements that companies take responsibility for keeping their own data secure, and be held liable for losses incurred by ‘downstream’ companies damaged by the host company’s lax computer security.

Some former hackers from the heyday of thrill-seeking computer break-ins are now assisting system operators to establish and maintain sound security practices by testing system vulnerability with their own specialised knowledge, thus helping to foil the activities of the malicious, criminal ‘crackers’ (Sprenger 2000).

Taylor (1999) believes this hacker expertise is needed because a knowledge gap has developed in the security industry as computer programming has moved from a craft-based practice, (typically that of the early creative, if less-than-disciplined hackers), to a scientific reliance on standardised procedures. Deficiencies in computer security reveal problems caused by a similar change in computing education, reflected in an under-valuing of practical knowledge of system vulnerability gained by experimental, hands-on experience. Taylor argues that crackers take advantage of this situation and simply use trivial holes left by inexperienced programmers who have not been taught the limitations of system security.

But the use of hackers by the security industry begs the ethical question of whether hackers who have developed their skill by breaking into organizational systems should now be used for the rightful purpose of strengthening computer security.

However, it could be argued that these former hackers display an ethos, not imposed by professional codes of conduct, but one based on an intrinsic set of values and beliefs, inspired by an inherent respect for computers and the information computers contain, which is accompanied by an abhorence for those who do not share this respect. The practical application of this ethos is displayed, when, for no apparent pecuniary gain, hackers have spent considerable time in obsessively tracking down malicious intruders and bringing them to account for the damage they have caused, not only to organizations, but to the ethos of the former hacking fraternity (Stoll 1991; Shimomura 1996).

Developing ethical sensitivity in a community of practice
Roush (1995) cites the hacker, ‘Knightmare’, who in his book, Secrets of a Super Hacker, defines an ethos of mature, ‘responsible’ hacking, explained as ‘never harming any computer, software, system or person, nor profiting from a “hack”, but instead informing computer managers of their systems’ weaknesses’. Thus a ‘true hacker’ has ‘the ability to steal money, information, software, and hardware and to commit sabotage and espionage, but chooses to do none of these things’ (Roush 1995:35).

This passion for their computing craft in a hacker community of elitist computing skill was accompanied by a contempt for government and corporate computer systems which, in the hackers’ view, constituted a misuse of information technology by contradicting the constitutional rights of citizens with respect to the freedom of information. Thus the hacker ethos has reflected both an intrinsic desire to preserve and extend its own conduct and expertise, and an external motivation to attack and expose the vulnerability of institutionalised computer data systems.

Blum (1994: 146) discusses the relationship between virtue and community in the writings of MacIntyre (1984: 194) who states ‘the essential function of the virtues is clear. Without them, without justice, courage and truthfulness, practices could not resist the corrupting power of institutions’ (1984: 194). Blum argues that virtues can only be learned and sustained in a community of practice. Thus, the ethics of virtue are not an alternative, but are complementary to the ethics of universality, that is, while based upon universal ethical principles, the commonly held views of the practice community are indigenous and characteristic to its particular activities.

Furthermore Blum argues, ‘a practice, like a profession, is characterized as much by the way its participants conduct themselves as in the skills they develop and the purposes to which they are committed’. Therefore, if hacking is perceived by hackers as an elite practice, with internal goals and standards which are pursued in a moral way for their own sake, then a member of the hacking practice-community would be expected only ever to apply their elite technical expertise to responsible hacking, and not to malicious cracking. Members would also be required to track down and expose deviates (crackers), who by their behaviour were damaging both the integrity of the practice-community, and the wider society.

Such virtuous hacking stems from an earlier craft-like bricoleur approach to computer programming. This holistic approach to computing explains hacking’s lasting appeal to subsequent generations and is the strongest reason why hacking is likely to survive in some form or another, even as programming develops towards more science-based methods (Taylor 1999:88).

There are parallels here in the training of artisans in the guilds of pre-industrial times, a training embedded in the craftsman/apprentice relationship which encouraged not only a transfer of skills but also the development and then guardianship of the ethos of the craft for future generations.

Thus, contemporary computing ‘apprentices’ should be assisted in developing a moral sensitivity for the systems they use and the safety of the information which computers store, at the same time that computing expertise develops. This skills/ethics dichotomy presents a strong argument for an integrated approach to the teaching of computing ethics in mainstream computing subjects (Roberts 1994; Roberts & Webber 1999) so that computing skill development is matched by the development of a moral sensitivity for the social responsibility that skill entails.

REFERENCES

Behar, R. (1997) ‘Who’s reading your e-mail’. Time, February 3, 64-67.

Blum, L.A. (1994) Moral Perception and Particularity. Cambridge: Cambridge University Press.

MacIntyre, A.C. (1984) After Virtue: A Study in Moral Theory, 2nd Edn. Notre Dame: Notre Dame University Press.

Roberts, P.M. (1994) ‘The place and pedagogy of teaching ethics in the computing curriculum’ Australian Educational Computing, April.

Roberts, P.M. & Webber, J. (1999) ‘Visual Truth in the Digital Age: Towards a Protocol for Image Ethics’ Australian Computer Journal, 31, 3:78-82.

Roush, W. (1995) ‘Hackers: Taking a byte out of computer crime’. Technology Review, April: 32-40.

Shimomura, T. (with Markoff, J.) (1996) Take-Down: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw – By the Man Who Did It. New York: Hyperion.

Sprenger, P. (2000) ‘Tiger teammates, hacking bright’ Information Age, August/September: 32.

Stoll, C. (1991) The Cuckoo’s Egg. New York: Doubleday.

Taylor, P.A. (1999) Hackers: Crime in the Digital Sublime. London & New York: Routledge.