AUTHOR
Sam Nitzberg
ABSTRACT
At its origins, the modern computer was a tool used to advance the state of warfare. As the scope and role of the computer has widened, so have societies’ reliance upon the computer. This dependence has rendered nations increasingly vulnerable to attacks upon their computing infrastructures. For the aggressor, this provokes some interesting ethical quandaries regarding target selection and the resulting conflicts of any information-warfare or computer-initiated attack.
While this subject might seem remote or fanciful to some, these issues are already upon us. The usefulness of the role of the computer in conflict is just beginning to become apparent, with computers being used between nations, small groups, hackers, and corporations. One major irony is that as computers are brought to bear in more conflicts in the new information age, corporations, and not just governments, are destined to become increasingly common targets. If the relevant issues are not properly addressed and understood in the corporate world, the resulting quagmire will be far more costly than if these issues are properly studied and prepared for.
The rapidly growing spread of technology and information into all sectors of the public and private sectors, coupled with the very fast spread of computer security information as well as analysis tools renders virtually any computing platform subject to attack. Computer security and attack tools are freely available from the internet; these tools may be used to perform a host of functions including: analyzing either local or remote computer networks or systems for exploitable vulnerabilities, tools to crack and defeat passwords or password systems, with which access to systems to which the hostile party is interested may be achieved, and denial of service tools, with which corporations or other organizations may be targeted in an attempt to cripple their computers’ connectivity and halt their operations. Fortunately, a wealth of information and tools are also available with which organizations may defend themselves – often by using technologies which are similar to the aggressors’.
Engaging in conflict through the web holds great promise for both the “Underdog,” – those of limited means and resources, who wish to accomplish an objective through unorthodox means, and for the “Fat Cat,” those with resources and power who wish to maintain their position. Methods of interest to the underdog include whispering-smear campaigns, propaganda web pages, electronic communication making use of strong cryptography (itself controlled as a munition under the laws of numerous governments), and non-lethal means of harassment. Methods of interest to the Fat Cat include electronic surveillance, waging of information warfare (both commercial and military) against other states by the use of methods including the targeting and interrupting of banking, phone, traffic, or other systems, as well as attacks upon military systems and organizations relying upon computers.
Inroads are being made toward addressing issues of computers, crime, and conflict at various stages of development for computer-users. Computer and ethics courses are starting to address these issues at the undergraduate level, and professional organizations, such as the ACM (Association for Computing Machinery), are adopting codes of ethics for their members. Many corporations are defining what constitutes legitimate use of their computing resources and formally proclaiming their positions in corporate computing security and use policy documents, which are enforced as corporate edicts. The added exposure and debate of these issues will help establish norms for behavior, and assist in identifying misdeeds.
Some problems remain, however. Several pieces of national legislation (American) are technically flawed to the point of being either arbitrarily enforced, or enforced at will. Legal precedents determined in courtrooms often do not have analogous precedents, and, therefore, are likely to have unpredictable results. A number of protests which have taken place through methods of computer conflict have violated various laws – but were performed for a “greater good.” Additionally, while the codes of ethics or conducts being adopted by professional organizations seek to ensure proper and professional behavior on the part of their members, these codes of conduct sometimes include very general terms, such as those restricting their associations’ members from performing harm. Such clauses would seem to violate the very functions of a great many members professional activities which involve the use of computers – especially those activities related to assist in the waging of war (more popularly referred to as defense), or for the engaging of computer-based warfare. At the other end of the spectrum, it would be very hard to identify any job which produces absolutely no harm. All of these aforementioned policies and mechanisms will contribute to the growing awareness of computer security and related ethical issues.
Although there are a great number of players engaging in information warfare and computer conflict, methods by which computers may be effectively secured are known. Due to the growing intrusion of the computer into all realms of everyday personal and professional life, the ubiquity of computers, and the quickly shared knowledge of their vulnerabilities, companies and organizations can and must assure their own protection. This is not merely of pragmatic concern, but a moral and ethical mandate due to the severe consequences to stockholders and customers, and to populaces as a whole, given the growing importance and reliance by society upon computing systems.