Alana Maurushat

Good worms and human rights

The extent of Internet censorship in countries like China is regularly tested, but the testing methods used from within a censored country can entail risk for humans. A benevolent worm can be used for testing instead: the worms self-replication, long the bane of suggested benevolent viruses and worms, is shown to be essential here. We describe the design of this benevolent worm, along with some other related applications for it. A technical, ethical, and legal analysis is provided.

The benevolent health worm: comparing Western human rights-based ethics and Confucian duty-based moral philosophy

Censorship in the area of public health has become increasingly important in many parts of the world for a number of reasons. Groups with vested interest in public health policy are motivated to censor material. As governments, corporations, and organizations champion competing visions of public health issues, the more incentive there may be to censor. This is true in a number of circumstances: curtailing access to information regarding the health and welfare of soldiers in the Kuwait and Iraq wars, poor health conditions in Aboriginal communities, downplaying epidemics to bolster economies, and so forth. This paper will look at the use of a computer worm (the benevolent health worm) to disseminate vital information in␣situations where public health is threatened by government censorship and where there is great risk for those who ‹speak out’. The discussion of the benevolent health worm is focused on the Peoples’ Republic of China (China) drawing on three public health crises: HIV/AIDS, SARS and Avian Influenza. Ethical issues are examined first in a general fashion and then in a specific manner which uses the duty-based moral philosophy of Confucianism and a Western human rights-based analysis. Technical, political and legal issues will also be examined to the extent that they better inform the ethical debate.

Discovery and Dissemination of Discovering Security Vulnerabilities

The method of discovering security vulnerabilities raises separate legal and ethical issues apart from the disclosure of such vulnerabilities. This chapter explains the various methods of discovering and disseminating vulnerabilities (such as the use of a honeynet, youtube concept of proof videos, zero day exploit markets) and provides for an explanation of each method, then uses a case study where possible to introduce legal and ethical issues.

Hacktivism and Whistleblowing in the Era of Forced Transparency

Leni Riefenstahl is one of the most controversial women and artists of the last century. Painter, actress, dancer, director genius, personal friend of Hitler, and commissioned film director of the Propaganda Ministry in Nazi Germany, Riefenstahl is both reviled and revered. She is best known for her direction of two films, Triumph of the Will (Riefenstahl 1935) and Olympia (Riefenstahl 1938).

Types of Disclosure

While there are many different types of vulnerability disclosure, two broad categories cover most situations. These are third party disclosure and self-disclosure. This chapter looks at a variety of motivations for each of these broad disclosure categories and draws on case studies where possible to provide context and as a means for introducing legal discussion. More detailed legal and ethical discussion is found in Chaps. 4 and 5.

Other Legal and Ethical Issues

This chapter considers legal areas outside the scope of criminal law. Civil liability and civil liberties are discussed in the context of security disclosure. These are: freedom of expression/free speech, copyright, tort of negligence, defamation, illegal telecommunications interception (surveillance), privacy law, data protection and data breach notification.

Criminal Offences: Unauthorised Access, Modification or Interference Comprovisions

Disclosure of security vulnerabilities attracts many different types of legal sanction. The most severe sanction is that of criminal law. This chapter identifies the main criminal offences that would apply to disclosure. The Convention on Cybercrime is briefly explained. The Convention is the only international agreement in the area, and virtually all Western democracies have adopted measures similar to those found in the Convention. The most important provision is what is known as “computer offences” which is often used interchangeably with “hacking offences.” Australia will be used as a case study for the examination of “computer offences” along with more general criminal sanctions such as conspiracy, aiding and abetting/facilitation of a crime, and possession of hacking devices. Additionally, there is discussion around the importance of security research and public interest exemptions to computer offences. At present there are no exceptions to most forms of hacking and disclosure of security vulnerabilities. Elements of responsible disclosure are discussed at the end of the chapter. Tables are provided in Appendix A examining the provisions found in the Convention with the laws of certain jurisdictions including California and Federal US Law, Canada, Hong Kong, India, Japan and the UK.