Coursework 1: legal and ethical studies
Questions
You boss is extremely impressed by your brilliant performance so far – as described by yourself – on the Master’s degree in Information Technology Security.
She has now been invited to nominate a delegate to the Ethics committee of the (fictional) professional society “The International Society of Information Technology Professionals”. This society is one of the biggest and most important of the professional societies and institutes and takes its position very seriously.
Knowing of your skill, professional rectitude, personal honesty, intelligence and interest in the theory and background of security, she has nominated you as easily the most appropriate person in the company. Congratulations.
Our first task is attached. You are to formally report on these four complaints.
Advice
While obviously Information knowledge, style and accuracy are all important; we are also looking for evidence of the critical analysis of such information. Students will be assessed on level of knowledge and understanding, quality of argument, style and expression and use of sources and referencing. It is certainly true that we are looking for a student’s personal opinion, however it would be reassuring to see indications that this opinion is shaped by the research carried out, by facts and by constructive thought.
Ethical scenarios
Background
You are appointed to one the Ethics subcommittees of the professional society “The International Society of Information Technology Professionals”, investigating complaints against members.
In practice, most complaints tend to be brought by large organisations. This is because complaints cannot be brought against large organisations; such disputes tend to end up in the courts. While an individual can also be sued in the courts, the costs involved and the probability that individuals are most unlikely in any case to be able to afford to pay significant compensation means that condemnation by one’s peers has proved to be most effective sanction.
This afternoon you have been asked to consider five normal complaints and to make eventual recommendations to the disciplinary committee of the Society. You are only to make a recommendation about the person who is the subject of the complaint.
The subcommittee are allowed to make one of the following recommendations.
· Complaints not upheld – effectively an acquittal
· Complaint upheld – no further action required (an exceptional recommendation)
· Complaint upheld – a fine imposed of up to 6 months salary and the complaint to be recorded for up to ten years on the professional register (the person might have difficulty in getting a new job). The size of fine and length of record – either might be zero – are to be part of the recommendation.
· Complaint upheld – removal of name from professional register (the person will never work in the industry again)
The punishment in recommendations 3 or 4 may be suspended for up to two years. This means that the punishment will be automatically imposed if and only if the person has a further complaint upheld within the time stated.
Each of the members of the subcommittee is requested to write a set of formal initial briefs (one brief for each complaint) to be sent to the subcommittee chair. Each brief is to contain sufficient details of the complaint and the arguments of both sides to be able to be understood when read alone; it should also include your recommendations with reasons. You may choose your own style of report or adapt that in the aide-memoire. Each brief is expected to be about 400 – 750 words; where appropriate, descriptions of the complaints may be repeated in distinct briefs.
Summary of complaints
Complaint 1: Depak Singh (no previous complaints)
Unethical conduct – carrying out work for which he was not qualified
Complaint 2: William Brown (no previous complaints)
Unethical conduct – carrying out work for which he was not qualified
Complaint 3: Professor Sir Jeremy Baightor (four previous complaints – none upheld)
Unethical conduct – failure to disclose conflicts of interest
Complaint 4: Dr Keith Northlanding (one previous complaint – none upheld)
Unethical conduct – unprofessional, high-handed and unacceptable behaviour
Complaint 1 and 2
Bill Brown and Depak Singh are both originally from New Zealand and went to school and university together. On graduation with good degrees in Computer Science, the decided to spend two years contracting in the United Kingdom. Both got contracting posts as consultants with “e><centric”, one of the top international consultancies which was recently spun off by its accounting parent company Ethan Extension.
Both Bill and Depak specialise in constructing and installing database. The nature of consultancy work means that both the friends are regularly outsourced to third party companies. Both are happy to be contractors; while they do not have notional security of full-time employees, they are better paid. In any case, they intend to return to New Zealand, eventually.
Then Depak meets a girl of whom even his parents approve, falls in love and gets married. Within a year, he has a little daughter. Deciding to settle in the UK, he accepts the offer of a full-time permanent post with e><centric.
Soon after this, e><centric is asked to set up the security for a web site for one of its smaller customers, illogica. Unfortunately, none of e><centric’s web security specialists are available; nevertheless e><centric accepts the work and Bill and Depak’s manager instructs them to go on-site to set up the website/
When Bill and Depak point out that neither has any direct experience of setting up secure websites, their manager tells manager tells them not to worry and that he is confident that they will be fine. In any case they will be able to contact the experts at e><centric if there is any problem.
Both Bill and Depak would like to do the work; it looks interesting and they would welcome the opportunity to broaden their experience. Nevertheless, Bill asks the manager if Illogica realise that they will be getting relatively inexperienced staff. The manager says no and that the client is not to be told this, that Bill and Depak will be fine, that they are to do their best but are not to tell Illogica under and circumstances.
Even so, Bill is still unhappy – he is fairly sure that Illogica are being charged for experts in web security – and wants to tell Illogica anyway. Depak points out that bachelor Bill may be OK – he can go back to NZ whenever he wants – but that he (Depak) has a wife, daughter, mortgage and dog can cant afford to be sacked. Bill and Depak therefore agree to do what the boss wants, and set the work.
However, one of the Illogica’s employees recognises Bill and realises that he has no experience in this field. Illogica have now filed complaints against both Bill and Depak. To your inquiry both repeat their great regret at what happened. Both accept their responsibilities; neither tries to blame the other.
Complaint 3
Professor Sir Jeremy Baightor is one of the foremost computer forensic experts in the world, and his services are in much demand, especially by prosecutors. Like many bright men, Baightor is arrogant and rude to those he considers his intellectual inferiors – which he would say is approximately some 99.96% of the population. Some of the deductions have been controversial; four convictions based on his evidence have been reversed after several years dispute with great publicity although Baightor personally has been exonerated in each case. It is also certainly true that Baightor has annoyed some powerful vested interests.
In particular, Baightor has created a statistical cryptanalytic tool called “Randomised Keyword Analysis” or RKA. While RKA does appear to give correct plaintext some of the time – Baightor claims about 40% to 45% while his detractors say no more than 21% – its success rate seems to depend critically on the original choice of key in the original encryption. It seems to be more successful when Baightor chooses the key for validation purposes rather than when he has no control over the key choice. Moreover, running the tools always gives a solution text, but there is no way to tell if this resulting text is correct (without knowing the key, which rather begs the question!). Baightor claims to have developed some rules of thumb for testing the accuracy of the decryption, but says that these “are too intuitive and too intellectually complex to be able to put into simple words, especially when most people are not capable of understanding then”! RKA does not provide a solution for the key, only for the text.
One of the Baightor’s most famous cases involved some internal comments contained in source code used in software developed by top software house “Greasy software”. It was claimed that Greasy programs in engine control computers has caused cars and “bendy-buses” to burst into flames without warning, and that several fatalities had followed. Greasy had always denied that their software had or could have been responsible; instead they asserted that it worked, that it had been developed using “best practice” and that they had no idea that any other interpretation was possible.
In a major class-action court case brought by dependants of those killed in car fires, the content of several encrypted internal Greasy source code comments became central. Greasy policy was to include a great deal of information encrypted in comments within its source code, which when compiled and linked could not be recovered. According to the decryption of these comments provided by RKA, senior management at Greasy had been aware of a software logic design flaw from a very early stage. However they had decided that the cost of publicly correcting the error, which would include the almost certain loss of a multi-billion defence contract to a European consortium, was greater than any nominal compensation that might be awarded in the future, are therefore the company to do nothing. Greasy denied that this translation was correct and provided an alternative innocuous plaintext. However they were unable to prove that their version was correct because all keys used at that time had subsequently been destroyed by USA Federal government order during a security scare. It was also shown that if the relevant key were publicised, then the philosophy behind the source code of many other Greasy programs would become public property, with consequences for intellectual property rights, operating system security and so on.
Despite establishing many serious academic points about the validity of RKA, Greasy lost the court case and were ordered to pay punitive compensation running into billions of dollars by a state jury in California. They also lost the subsequent appeal in the California State Appeals Court, although the compensation was reduced to several hundreds of millions of dollars. Greasy are still trying to lodge further appeal, claiming that the jury were emotionally influenced by the horrific injuries of the victims and by anti-big-business feelings rather than by the evidence. Similar cases are pending in several other jurisdictions.
Now it has been revealed that while carrying out (government funded) research refining and validating RKA, Baightor was also acting as a paid adviser for the plaintiff’s solicitors in the court cases and used much of the same material in both investigations. While he did mention this double funding in both submissions, it was buried in the very small print at the end of the documentation. Obviously Baightor is not Greasy’s favourite person, and the company has made a formal complaint about his behaviour, implying that there is a possibility that Baightor allowed the private payments to influence his research findings. It has been suggested that Baightor would have a vested interest in producing evidence against Greasy as this would enhance his reputation and that of RKA and also that the payments by the solicitors would have been much smaller if he had found no evidence and the case has been dropped.
To your inquiry, Baightor has said that your committee is not capable of understanding the problem and that the accusation is stupid and malicious, and not worth of a reply, so he wont give one.
Complaint 4
Dr Keith Northlanding is one of the outstanding and most unusual computer scientest currently working in field. Getting his first Dphil in psychology, supervised by Esyenck at Oxford, back in the mid-sixties, Keith moved into computer research in the new department of artificial intelegence at Edindrough working with Donald Mitchie. Here he develops some brilliant paradigms; cynics said his success stemmed from the fact that he treated the computer just like a psychological if not a psychotic patient. Quick and alert. Keith has one major fault; he makes up his mind almost instantaneously, and once he has made up his mind about an issue, it is almost impossible to persuade him even to admit the possibility of an alternative viewpoint, let alone to accept the alternative.
Although eight years ago, Richard Phillips, then a spotty bespectacled youth of 22, was sentenced to thirty five years imprisonment for a string of computer related offences, including information gained by his hacking to perform young women to perform a string of degrading sexual acts with him. The case was very controversial from the start; the lord chief justice threw out half the charges in pre-trial discussions before the jury was empanelled on the ground that black mailing a women to agree to sex did not constitute rape in law as she has consented. Richard vehemently denied all the charges, but was convicted almost solely on the expert evidence gleaned from his computer by professor Sir Jeremy Baightor, one of the foremost computer forensic experts in the world. Northlanding was not involved in any way in the case.
The case continued to be in the public view the first appeal was dismissed with the three judges on the Court of Appeals describing Richard as ‘manifestly guilty’ Among other journalistic investigations, a panorama programme on the BBC examined the case; during the programme Richard father Elvet and twin sister Kathryn described on screen how their computer had regularly seemed to have a mind of its own, running scripts and other anonymous programs which seemed never to have been installed or called. Northlanding watched the programme; it was the first he had heard of the case; he had never seen any of the documents, have never even met Richard, Kathryn or Elvent; nevertheless he became convicted almost immediately that Elvet was guilty of all the crimes. The moment the programme ended, Northlanding rang the local serious crime squad, who consequently arrested Elvetin a dawn raid – when unaccountably – the press and TV just happened to be passing by. The police seized his computer, took his apartment to pieces, questioned his friends, neighbours and work colleagues and held him for interrogation for 72 hrs before releasing him for lack of corroborating evidence.
Subsequently, a man from the other end of the country was convicted on overwhelming evidence of the same charges as Richard, together with further changes including placing malicious Trojans on the Phillips computer. This together with some other newly discovered evidence, proved that neither Richard nor Elvent could have been guilty; a different troika of judges on the Court of appeal quashed all Richard’s convictions, describing him as ‘manifestly innocent’
Elvet has now complained about Northlanding’s behaviour, describing it as ‘unprofessional, high-handed and unacceptable’.
The Chief Superintendent from the serious crime squad told your enquiry that when a famous expert – who happens to a advisor to and a personal friend of both Home Secretary and the Chief Constable – reports a crime and names a suspect, then you don’t ignore it. Elvet has been checked through all the databases both here and through Interpol; apart from one arrest(no charge) while taking part in anti-Vietnam demonstration while a student in Coventry in 1971 – he called a constable who asked him to move on a ‘lackey of capitalist facist state, and that come the revolution he (the policeman) would be the first to be strangled with the guts of the chief constable’ – he has no record for any sort in any country. He works in human resources for a car manufacturer in Midlands; has done so for the fifteen women. His son was seen as a bit of a computer nerd, but harmless; everybody was surprised by the conviction. One comment by the women across the road; ‘virus writing. Yes; fantasizing about connie from AOL advert, yes; rape, never!’The chief superintendent also said it might be regrettable, but any bobby can get £100 cash by tipping off the SUN and MIRROR newspaper about the raid.
To your enquiry, Northlanding has defended himself vigorously: ‘Elevt may not have don this particular one, but he clearly is guilty of something. He took on an undergraduate degree in Psychology at Warwick university; did you know that? Many psychology students know that there is something wrong with them mentally and choose to study the subject because they want to find out what it is. I’ve seen them, its why they make such a good subjects for surveys. Some only are autistic – it might be as mild as Asperger’s or Tourette’s. Others turn out to be paranoid schizophrenics or psychotic manic-depressives. He knows that he has problems.
‘Look at these piggy eyes, that tendency to acne, that self satisfied smirk. Look at his body –language; guilty in every mincing step; guilty every time he puts his hands up his mouth. H smokes; that’s a nipple substitute. No-one normal chooses round glasses like those; they are a signal to fellow paedophiles and rapists that the wearer is one of them. I know we no longer symptoms of self-abuse – you look at what ‘Scouting for boys’ (by Badan-Powell who was a wonderful empirical psychologist and judge of character) says about ‘beastliness’ and about smoking.
‘Any good psychologist can tell at once that he wants to be rapist; but has hasn’t the guts to accost grown women. I bet he watched dominant pornography as a child. Some of his sort turn to attacking children, but he’s just the type to blackmail poor inadequate kids into giving into him. The police had to investigate him. I had to tell them. It would have been unethical to do otherwise.
Credit:ivythesis.typepad.com
0 comments:
Post a Comment