SDSU
A Gift of Fire:
Social, Legal, and Ethical Issues for Computers and the Internet
(2nd ed.)
by Sara Baase

Presentation assignments for Chap. 7: Computer Crime

----------

Last updated: Nov. 12, 2002 (Recent additions or changes marked in red)

Comments to instructors

In addition to the assignments below, some of the Class Discussion Exercises in the text on page 323 are suitable for student presentation assignments. Also, Exercise 10.26 includes another scenario similar to those in Assignments 1 and 2 below; you might want to use it as a variant. It can be useful to assign different groups of students to slightly different scenarios; they may consider subtle differences to be important, generating good discussion.

In a few assignments, two groups of students are assigned the same topic. I do this hoping that their presentations will bring out different points. If the presentations are too similar, I just assign one group to that topic when I use it again.

General instructions given to students

The presentations should analyze the situation, use analogies and similar cases where possible, mention various possible risks or consequences, etc. Include some discussion of how the new technology changes the situation. What advantages or problems result from using it, compared to the old way of doing things? Present the group's proposals and/or conclusions, supported by arguments.

Presentation assignments

Asmt. 1: Hacking to improve security
A Dutch hacker, who said he worked in computer security, sent e-mail to Microsoft warning that some of its Web sites were vulnerable to break-ins. Microsoft did not reply until after he broke in to one of the Web sites about a week later and left a taunting message as proof. Was his action ethical? Did he do Microsoft and the public a favor? What might be some reasons why Microsoft did not respond to his e-mail?
Group 1: Argue in support of the hacker.
Group 2: Argue against the hacker.

****

Asmt. 2: Hacking to improve security
You discovered a flaw in software used by a national bank's Web site that allows anyone who knows about the flaw to read all information about other people's bank accounts. You consider it a serious privacy risk. You sent e-mail to the bank about the problem but received no answer. What should you do next? Discuss pros and cons of various possible actions.
Groups 1 and 2: Both groups have the same assignment.

****

Asmt. 3: Publishing sensitive security information
Discuss some similarities and differences among arguments about the issue of whether publication of research in the following areas should be restricted by law.
Computer security loopholes and defenses
Techniques for protecting intellectual property from unauthorized uses
Strong cryptography.
Groups 1 and 2: Both groups have the same assignment.

****

Asmt. 4: Adapting to hacking
Consider the analogy of occasional downtime on the Web as a result of viruses, worms, or denial-of-service attacks and vehicle traffic slowdowns on roads during rush hour or caused by bad weather. Describe similarities; then evaluate. Are both side effects of modern civilization that we have to get used? How can individuals and businesses reduce the negative impacts on themselves?
Groups 1 and 2: Both groups have the same assignment.

****

Asmt. 5: Appropriate penalties for hackers
Comments to instructors
I've used selections from the following scenarios and other variants, usually several in one class so that the presentations cover hackers of different ages and hackers that do different levels of damage. Our class discussion about penalties for teen-age hackers whose intentions are nonmalicious get very lively. Generally, students argue for strong penalties, including jail time, for most hacking cases that cause disruption.

The assignment (as given to the students)

Your group is a committee of prosecutors, computer scientists, and members of the hacking community who oppose malicious and destructive hacking. You have been asked to evaluate specific hacking cases and recommend penalities and any other appropriate actions (e.g., probation, denial of use of computers, etc.) Tell what other information, besides what is given below, you consider relevant and how your decision would depend on it. Most of these are all real cases. The unauthorized access in each case is illegal, and you may assume that the right person was caught. The law allows long jail sentences for some of these offenses. However, you do not have to use any existing law to determine the penalty. Decide what you think is reasonable and explain your reasons.

Group 1: A 17-year old was charged with hacking the Los Angeles Police Department's anti-drug Web page and putting pro-drug slogans and images on the site. He admitted to hacking Web sites of the U.S. Commerce Dept. and an Internet security firm.
Group 2: The Melissa virus (see Sec. 7.2.1). The virus was spread in e-mail attachments. It sent large volumes of e-mail, clogging systems. Several companies shut down their e-mail systems for a few days to remove the virus. The man responsible was 30 years old.
Group 3: A 28-year-old college student was charged with breaking into military and government computers, gaining control of a NASA system, and interrupting business at an Internet service provider. He did not disrupt national defense or meddle with satellite controls.
Group 4: The denial-of-service attacks in 2000. (See Sec. 7.2.1.)
Group 5: A 16-year-old boy broke into 12 Defense Department computers. He did not destroy any files. It appeared he looked around at various directories, then exited.
Group 6: A 16-year-old boy hacked into computers that controlled communications for a local airport, rendering the system unusable for six hours. The airport used a backup radio system; flights were delayed but there were no mishaps.
Group 7: The same as Group 6, except that the hacker is 27 years old.
Group 8: Any recent hacking case in the news.

****

Asmt. 6: Hacktivism
Group 1: Argue that hacktivism should be recognized as a form of civil disobedience and not considered in the same ethical category as malicious, destructive hacking.
Group 2: Argue that hacktivism should not be considered a special ethical category of hacking; it should be treated ehtically and legally like any other hacking.

****

Asmt. 7: Hearing/lawsuit concerning a computer virus
Comments to instructors
This group assignment is based on a scenario presented at the Computers, Freedom, and Privacy Conference, 1993. It was written by Donald G. Ingraham, Assistant District Attorney, Alameda County, California.
For use in courses where students (and most instructors) are unlikely to know the intricacies of extradition law (the issue in the original scenario), it works better to set this assignment as a series of presentations about the degree of responsibility of each person and what, if any, penalty is appropriate. Alternatively, it could be set as a series of civil suits by the families of the patients who died in the hopital.
Exercise 7.29 is similar; it was based on Ingraham's scenario. Here, I reduced the "cast of characters" to four. I think the four cases selected cover a useful variety of roles, and eight presentations are likely to be enough for most classes.

The assignment (as given to the students)
Read the virus case scenario. Students are divided into eight groups to prepare arguments for and against a claim of significant responsibility/liability for each of the following people:

Results
Students often place most of the blame on Talio and/or Maurice. Their arguments for apportioning a small amount of responsibility to Unter-Prezur and Modem are similar: that each oversees a large organization and can't be held responsible for everyone or everything in the organization. On the other hand, at the Computers, Freedom, and Privacy conference where the scenario was presented to the audience (containing a mix of academics, lawyers, hackers, law enforcement officials, students, etc.), the bulk of the responsibility was assigned to Modem because of his responsibility for the welfare of the patients in the hospital.

****

Asmt. 8: War driving
A "war drive" is an organized event in which people drive by office buildings using laptops, radio scanners, and other equipment to detect wireless networks that are not secure (e.g., on which messages can be intercepted and/or outsiders can gain access to the computer system). Organizers map vulnerable locations on a Web site, where some drives are announced in advance and take place in several cities and countries. War driving is a hobby for some, a public service for others (exposing security weaknesses and encouraging improvements), a sales tool for security services, and a means of finding insecure networks to access for free Web surfing and e-mail and possibly more serious intrusions or theft of information.
Each of the following people is interviewed and asked to give their arguments for or against war driving.
Group 1: The president of a network security services company.
Group 2: One of the organizers of a war drive Web site
Group 3: The president of a company whose network was listed as vulnerable on a previous war drive.
Group 4: A computer crime specialist from the FBI.
Group 5: You.

Return to A Gift of Fire home page.