Thursday, October 28, 2010

Hackers Firesheep & Latent Evil

In America there is a saying “guns don’t kill people.” Some people add “people with guns kill people.”

This does put a handy slogan on a view about moral responsibility. On the face of it, the sayings are accurate: while a gun can be used to kill a person, guns are not themselves moral agents.

As such, a gun or any weapon, bears no moral responsibility for any deaths that it might be used to bring about.

Today, we will be looking at applying this argument to the use of hacking program, in particular, one called Firesheep, not to be confused with the user-friendly browser Firefox or the emulator Sheepshaver.

Firesheep was written by Eric Butler and brings easy to use 'hacking' functionality to the Firefox web browser. The 'add-on' allows users to view information in internet cookies at sites such as Twitter, Facebook. Flickr, Tumblr and Yelp.

Fortunately, Firesheep is limited in what it can do. It can allow a user to get usernames and session number IDs but it cannot be used to get passwords. In effect, it allows users to view information e.g. a person’s Facebook or Amazon account, but does not let users do anything that would require a password.

It is also limited to hacking on the same network. However, this means that if you are reading this blog on a public wi-fi, then someone with Firesheep could be reading through your darkest Facebook secrets. It is very popular for the 'man-in-the-middle' interceptions used in cafes and public sites. So remember that the creepy fellow sitting two tables down, may also be reading your pages and Tweets too.

The creator, Eric Butler makes it very clear that he sees himself as a white hat: he is hacking to expose vulnerabilities so that they will be fixed. Interestingly, he does directly address the moral issue at hand: “The attack that Firesheep demonstrates is easy to do using tools that have been available for years. Criminals already knew this, and I reject the notion that something like Firesheep turns otherwise innocent people evil.” (Discuss!)

Firefox's response to the topic of Firesheep and hacking on their browser

On the face of it, Butler may be correct. Firesheep, like other tools, is not some sort of cursed weapon that can possess the mind of potential victims and compel them to do evil, unlike television and other media. Clearly, the same is true of other potential harmful pieces of technology, such as guns and junk food.

Therefore, Butler and the other folks who make such tools openly available, are not directly accountable for what people do with the tools. Using the same argument as arms dealers, saying, “I just provide the weapons, the customer does the actual killing.”

Clearly, Butler has no malign intent in creating and releasing Firesheep. Rather, he seems to be like Dr. Gatling, he is hoping (albeit naively) that his creation will do good, rather than generating further evil.

There is another, deeper concern. Namely that providing the tools that makes misdeeds easier makes a person accountable to a degree. While the person who invents or distributes such tools or weapons does not make people evil or make them do misdeeds, the person does make such misdeeds easier.

Check out what Network World are saying about the Firefox and Firesheep threat

Therefore, the person providing the tool does play an indirect causal role in the misdeeds, especially if the tool or weapon serves as a “but for” cause e.g. if someone would have been unable to track down the whereabouts of, and start stalking, their Ex girl friend, without using Firesheep. The assumption is that the Ex would not have been stalked but for intervention of Firesheep. Therefore, making misdeeds easier does appear to bring with it a degree of moral accountability.

Butler answers this sort of criticism by stating that other tools already exist to do just what Firesheep does. Firesheep is just a better known and easier to use tool. So, to use an analogy, Butler is not inventing the gun, he is merely making the gun easier to use.

“Firesheep doesn’t hack. People hack with Firesheep.” You decide!

No comments:

Post a Comment