Compulsive Computing

Another impact of computers, which was recognized very early in the history of our field, is impulsive computing. The addiction to computer-related activities may be the result of the siren call of irresistible power and the sense of accomplishment that is the consequence of the use of that power. The addiction to any icon is questionable, though suitably channeled addiction need not be unnecessarily negative. However experience with other addictions suggests that addicts reach a stage where extension of the addiction to a new high or to another level is irresistible. Thus the fear of creating addicts of computing among our students must be muted by the availability of a stepped series of exercises that provide the students with accomplishments that continually satisfy the needs of those students. The field of computing and communications are now broad enough to lead to a lifetime of learning; part of our educational process must be to point to the next appropriate challenge.

Why Viruses?

Viruses, like the term hackers, have become the byword of the recent years. Viruses and hackers seem to go together. Contrasted with logic bombs and trap doors, viruses have the basic characteristic that they replicate under certain circumstances and thus are said to "infect" other software items. The minuteness of simple viruses means that they can be embedded in other systems quite easily and any differences in file size may be attributed to version differences. By attaching themselves to word processors or spreadsheets the likelihood of invasion by a virus is greatly increased. Viruses can be introduced into a system by a variety of doors. Attractive software, commonly to be obtained illicitly to circumvent copyrights or protective locks serve as "Trojan horses" and carry with them the virus. Antidotes to viruses have been constructed for many of the well known versions and a new industry has been created to build virus detectives, immunization procedures and antidotes. Like safe sex, there are virtues associated with obtaining software and data through well known, legitimate sources! Abstinence is also a virtue! Practice safe hex!

The attraction of developing a virus as a personal project derives from the fact that viruses are among the most challenging software to develop. Not only are there the challenge of producing a system that reproduces itself, is miniature and invisible, yet powerful and resistant to detection and modification. To be successful most viruses must access the supervisory mode of the victimized system and beguile the operating system into believing that they have privileges that permit their entry to the complete catalog of programs, applications and utilities within the organization. To masquerade as, and to operate at the supervisory level is an achievement greatly to be desired! Thus viruses present themselves as challenges whose defeat is a mark of achievement that can rarely be attained through "plain" programming activities.

Why Protect Software?

In the year 2000 computers will be given away to sell software[5]

Truly useful systems, such as Lotus 1,2,3, involve major expenditures that were not to be taken lightly; computer games were no less expensive than packages for specialized systems. Even though computer store and mail order enterprises have become widespread, the ready availability of a piece of software in someone else's system when you want it promotes copying. Estimates in the trade press suggest that so-called software piracy in the USA produces two copies of every piece of packaged software for every legitimate sale. Estimates in other countries where access to authorized sources is far more difficult, place this proportion of improper to valid copies as high as 20:1. But like exceeding the speed limit and cheating on income taxation, copyright violation is practiced at all levels of our society to meet the immediate needs of the moment. Like the locksmith profession, the information technology community has provided society with the double edged tools of reasonable and unreasonable data access. The responsibility of the information technology community must be to provide the means by which these tools are used correctly. In the extreme this raises the question of Orwellian "thought control" that has plagued computer ethicists for a considerable period. Consider the question that can be posed to compiler implementers: "should the compiler permit the use of translated programs which are likely to give erroneous results?" or to data base managers: "should data base processors permit the attempted correlation of data sets which are known to be independent?" In general, we need to find a means to answer the question "should we permit uncontrolled experimentation with computer and communications systems, so long as no harm is done?"[6] Answers to all these questions may depend on our knowledge and acceptance of a code of ethics.

Codes of Ethics

Following the exposure of the internet virus introduced by Robert Morris in Fall 1988, there was a profusion of publication of "ethical statements" by such organizations as EDUCOM and the National Science Foundation [ACM 1989]. Codes already existed in the repertoire of the professional information science societies - ACM, IEEE and DPMA [Johnson and Snapper 1985]. Few members realize that they agreed to uphold and conform to those codes when they placed their signatures on their original membership application forms! An examination of these codes will reveal that they are basic derivatives of the most fundamental guideline:

A breach of common sense is a breach of a rule

The ACM code includes a set of disciplinary actions that might be taken against a member who is found to be in violation of the code. However in the many years since they were promulgated, ACM has neither questioned the actions of any member and thus never applied these disciplinary actions. Whether this attests to the high ethical standards of ACM members or the inability (or reluctance) of the Association to prosecute a violation is not clear. Such codes were written in an era when (1) the majority of computer software developers were members of one of the societies and (2) the problem of computer/communications misuse was still unrecognized.

After a study of the world of hacking in 1984[7], Steven Levy documented the Hacker's Ethic:

The open systems imperative within the MIT (TX-0) environment of 1960 and the Bell Labs (UNIX and C) environment of 1970 encouraged the review of the activities of peers by the browsing of unprotected files. This imperative opened the possibility that partially developed processes could be improved, corrected and expanded freely. Some systems were debugged overnight to the delight of the originators. This suggests an additional Hacker Ethic:

You can always make things better

In partial response to one of the questions disclosed in the previous section regarding the borderline between ethical and unethical behavior, one must recognize an additional ethic:

What you don't know can't hurt - If no harm is done, then there is no ethical violation

Ethics in the classroom often exists in terms of a set of school rules that are intended to supplement the basic law of the community in which the school resides, and which now apply to the specific school community. Such rules, like those of the professional societies, were not designed, and probably cannot be easily modified, to take into account the ever changing technological community. School rules relating to the use of motor vehicles simply were not required when students did not arrive in cars. School rules do not need to overrule the basic rules of a family unless those rules permit actions that contravene the basic mission of the school. Very few schools had rules limiting interpersonal (bordering on sexual) guidelines before the "sexual revolution" of the 1960's. On the contrary, schools had unwritten rules that expelled pregnant teenagers (their presence being disruptive to the school discipline). Bedroom activities, on the other hand, were still under the control of parents. But bedrooms are commonly the place where parents and their children have installed their computers and communication interfaces! The majority of secondary school graduates do not enter professional organizations that espouse codes of ethical conduct, and thus school honor codes must be the basis of the code of ethics of the majority of adults. Similarly, the majority of computer users will never be eligible to join an information technology professional society and any ethical decisions they make will be based on their prior or parallel experiences that relate to ethical behavior. Just as was used in the fight against drug usage, so we must expect that schools provide sufficient information and background in ethical guidelines at least to

Know when to say no

Computer Education

Computer education today must minimally include problem solving, programming, and ethics. It is incumbent on us to overcome the misconception to think of computing as programming, a highly mechanical activity distinct from studies of the underlying theory and uses of the programming. Even a balanced study of (say) music is balanced by studies of the history of the field, case studies of successful implementations, the underlying theory and its application in various environments. Aficionados of a technology have a tendency to immerse themselves in the topic for its own sake. Studies that lead to an appreciation of ethical behavior must include a comprehension of the building blocks of the field (and an understanding of the pitfalls that were circumvented), the impact of the technology on not only the field but also it's surrounding community, and the means by which this technology supports and fosters change in allied activities.

From these thoughts and from several years of a mission to bring an understanding of ethical notions to computer science students, I propose that the curriculum for computer studies must include the following themes (exemplified by some suggested subtopics):

(1) A study of the history of computing and its impact on society

(2) Case studies of the application of computers outside of computing itself

(3) An understanding of the basis for ethics - codes of practice, intellectual property laws


(4) Case studies, scenarios for ethical review


Conclusion

In discussing hackers and the melanoma alleged to be associated with their activities, we have perhaps overlooked the ultimate instantiation of their trade - the computer criminal. Clearly the computer is a tool that can be used in illegitimate manners just as almost any other tool in our modern repertoire can be used inappropriately. While much of the alleged activity of hackers has come under scrutiny in the legislatures, a line still exists between the hacker and the criminal. This line may hinge on intent and purpose, and while it is not clear that hackers accrue much financial benefit by their actions, the impact on the owner of a (hardware or software) system is not that different. Computer law is only now receiving attention in state legislatures and the national congresses; but in any case laws tend only to keep honest people honest! Our least expensive and possibly the most effective counter to future computer and communications misuse is education. The time has come to include ethical considerations into computer curriculum, preferably at the secondary school level, with reinforcement at the college and professional school level.

Acknowledgements

Reading over one's own words is always difficult since one knows what was meant before you even read it again. My many thanks to Dr. Richard E. Nance, Virginia Tech, for his careful and thoughtful suggestions for improvement in the readability of this paper.

References:

ACM. 1989. "The Worm Story", A collection of papers and reports, Comm. ACM, Vol. 32, No. 6, pp. 677-703.
Dorsey, Gary. 1990. The Fullness of Wings: The Making of a New Daedalus, Viking, New York, esp. chapter 3.
Johnson, Deborah G. and John W. Snapper. 1985. Ethical Issues in the Use of Computers, Wadsworth Pub. Co.
Joyce, E. J. Oct. 3, 1986. "Malfunction 54: Unravelling Deadly Medical Mystery of Computerized Accelerator Gone Awry", American Medical News, 1,pp.13-17.
Levy, Steven. 1984. Hackers: Heroes of the Computer Revolution, Anchor Press/Doubleday, Garden City, NY, 458 pp.
Shapiro, Norman Z. and Robert H. Anderson. 1985. Towards an Ethics and Etiquette for Electronic Mail, Rep. No. R-3283-NSF/RC, Rand Corp., Santa Monica CA.

Additional Suggested Reading:


David, E. E., Jr., and Robert M. Fano. 1965. "Some Thoughts about the Social Implications of Accessible Computing", in AFIPS, Proc. Fall Joint Computer Conf., Vol. 27, Spartan Books Inc, Washington DC, pp. 243-247.
Gemignani, Michael. 1989. "Viruses and Criminal Law", Legally Speaking, Comm. ACM, Vol. 32, No. 6, pp. 669-671.
Irwin, Stephen T. 1990. "The Great Hacker Challenge of 1989", Technical Support,..
Jennings, Karla. 1990. The Devouring Fungus: Tales of the Computer Age, W.W. Norton & Co., Inc., New York.
Landreth, Bill. 1985. Out of the Inner Circle: A Hacker's Guide to Computer Security, Microsoft Press, Bellvue WA, 230 pp.
Lee, J.A.N., Roz Steier, and Gerald Segal. 1986. "Positive Alternatives: A Report of an ACM Panel on Hacking", Comm. ACM, Vol.29, No.4, April 1986, pp.297-299.
Parker, Donn B. 1976. Crime by Computer, Scribner's, New York.
Parker, Donn B. 1983. Fighting Computer Crime, Scribner's, New York.
Parker, Donn, and John F. Maxfield. 1985. "The Nature and Extent of Electronic Computer Intrusion", Workshop on Protection of Computer Systems and Software, National Science Foundation.
Perry, Tekla S. and Paul Wallich. May 1984. "Can Computer Crime be Stopped?", IEEE Spectrum.
Robinett, Jane. 1991. "Ethics in Invisible Communities: Looking for Network Security in Our Changing Society", Computer Research News, Washington DC, Vol. 3, No. 1, p. 16.
Samuelson, Pamela. 1989. "Can Hackers be Sued for Damages Caused by Computer Viruses?", Legally Speaking, Comm. ACM, Vol. 32, No. 6, pp. 666-669.
Steele, Jr., Guy L. et al. 1983. The Hacker's Dictionary, Harper & Row, Publ., New York.
Stoll, Cliff. 1989. The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage, Simon and Shuster Inc., New York.

Footnotes

[1] Author's Address: Department of Computer Science, Virginia Tech, Blacksburg VA 24061.
[2] Before 1960 most computers permitted immediate user interaction; the need for the "efficient" use of high cost machines introduced operating systems and banished the user from the computer room until about 1980 when the computer room became the family room.
[3] There are obviously some cases where a computer is in control of a situation that impinges on human health and welfare where this is not true. The Therac 25 case, for example [Joyce, 1986]. However, very few students have authorized access to such environments.
[4] Perhaps erroneously attributed since so many quotations are misattributed to Emerson.
[5] Howard Aiken, quoted by Henry Tropp.
Registered Trademark of Lotus Development Corporation, Cambridge MA.
[6] The 1990 British Computer Crime Act outlawed even attempts to access closed systems.
[7] Levy 1984.