1
CS 305Social, Ethical, and Legal
Implications of Computing
Chapter 3WWW to Wireless Communication
Herbert G. Mayer, PSU CSHerbert G. Mayer, PSU CSstatus 7/18/2011status 7/18/2011
Slides derived from prof. Wu-Chang Feng Slides derived from prof. Wu-Chang Feng
2
Syllabus Spam Electronic Mail Why Spam? How Done? Spam and Ethics CAN Spam Class Exercise Solutions to Spam World-Wide Web Censorship Freedom of Expression
3
Spam SPAM? No: Spam! Spam is not an acronym Spam is unsolicited bulk information sent indiscriminately Possibly derived as a second meaning of derided product:
Spam from Hormel Corp. known as SPiced hAM Spam is one of email’s not so desired side-effects SPIT is Spam over Internet Telephony In 2000 Spam accounted for 8% of all email In 2003 Spam accounted for 40% of all email In 2009 Spam accounted for 90% of all email In 2011 Spam is estimated to account for ~7 Trillion emails
4
Electronic Mail
Three major components: Three major components: user agents
mail servers
Simple Mail Transfer Protocol: SMTP
User AgentUser Agenta.k.a. “mail reader”
composing, editing, reading mail messages
e.g., Eudora, Outlook, elm, Mozilla Thunderbird
outgoing, incoming messages stored on server
user mailbox
outgoing message queue
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
5
Electronic Mail: Mail Servers
Mail Servers Mail Servers mailbox contains incoming
messages for user message queue of outgoing
(to be sent) mail messages e.g. sendmail, postfix,
Exchange
SMTP protocol SMTP protocol Between mail servers to send
email messages Mail servers are both clients
and servers
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
6
Electronic Mail: SMTP [RFC 821]
Uses Transmission Control Protocol (TCP) to reliably Uses Transmission Control Protocol (TCP) to reliably transfer message from client to server, port 25transfer message from client to server, port 25 User agent to sending server (sometimes) Sending server to receiving server (always)
Command-Response interactionCommand-Response interaction commands: composing, reading, sending, sending with
acknowledgment, replying, replying to all … response: status code and phrase
7
Alice emails Bob1) Alice uses UA to compose
message, “to” [email protected]
2) Alice’s UA sends message to her mail server; message placed in message queue
3) Client side of SMTP opens TCP connection with Bob’s mail server
4) SMTP client sends Alice’s message over the TCP connection
5) Bob’s mail server places the message in Bob’s mailbox
6) Bob invokes his user agent to read message
7) More complex scenarios with ACK possible
useragent
mailserver
mailserver user
agent
1
2 3 4 56
8
Spam TodayBy mid 2011, the majority of all email received is unwantedBy mid 2011, the majority of all email received is unwanted
Unwanted email can meanUnwanted email can mean Informative for our just interests, and thus be enjoyed A bother, since the subject is not of interest Some topics even can be strongly offensive
First level protection:First level protection: Have tools to re-direct Span to junk mail boxes Error-prone, and place some good mail into junk boxes Happened to this instructor with this CS class’s homework
How do we achieve real protection?How do we achieve real protection? Through laws? Then they need enforcement By tools? They need to be strongly refined
Spam-ers will find ways around the tools, and the laws Spam-ers will find ways around the tools, and the laws
9
Why Spam?Let’s say I want to send an advertisement to 1,000,000 Let’s say I want to send an advertisement to 1,000,000
“targeted” people“targeted” people
To send by regular bulk mail, this will cost ~$200-300 k To send by email, it will cost ~$1 k, i.e. the cost to buy a list of
email addresses from an Internet companyemail addresses harvested from web sites, mailing lists, chat
rooms, and newsgroups, then sold to Spammers
Dictionary attacks trying lots of plausible address combinationskeeping the ones not bouncing backThus putting added strain (bandwidth) to the network
10
How Done?Run their own server farms for sending SpamRun their own server farms for sending Spam
Typically located off-shore Use ISPs that do not care about Spam Less effective now
with proliferation of blacklists With efforts to shut down rogue ISPs
Locate open mail proxies and bounce Spam through themLocate open mail proxies and bounce Spam through them Less effective
Use networks of compromised machines (botnets)Use networks of compromised machines (botnets) Single, most popular use for a botnet Monetization of botnet to send Spam drives malware effort Some steps taken to prevent (i.e. ISPs allowing direct port 25
access only to their own mail servers)
11
How Done?
Definition: Phishing is fraudulent acquisition of Definition: Phishing is fraudulent acquisition of sensitive (e.g. confidential) information thru internetsensitive (e.g. confidential) information thru internet
Phishing accountsPhishing accounts Trick legitimate user to give up username/password Send as the user (reputation hijacking) to avoid blacklisting
based on IP addresses
Creating bogus webmail accountsCreating bogus webmail accounts Rely on good reputation of popular webmail services such as
Gmail and Yahoo! Mail, to avoid blacklisting based on IP addresses
12
Spam and Ethics
Kantian evaluation of SpamKantian evaluation of Spam Act guided by moral principles that can at the same time be
used as base for a universal code of law Act so that you always treat both yourself and other people
as ends in themselves; never purely as means to an end
Scenario: Suppose I have a great new product that I wish to advertise. I send an unsolicited email to a large group of people knowing that only a tiny fraction is interested
Is that ethical under Kant’s CI?
Students discuss …
13
Spam and Ethics
Act Utilitarian evaluation of SpamAct Utilitarian evaluation of Spam An action is right (or wrong) to the extent that it increases
(or decreases) the total happiness of the affected parties. Scenario: A product that costs $10 to make, is sold for $25,
purchasers value at $30 (i.e. their derived happiness)100 million bulk messages sent costing those who receive it and
are not interestedAs a result each of those has $0.01 of unhappiness (time wasted)10,000 customers purchase product and get full happiness
Is that ethical under Act Utilitarianism?
Students discuss … and compute amount of happiness
14
Spam and EthicsRule Utilitarian evaluation of SpamRule Utilitarian evaluation of Spam
We should adopt moral rules which, if followed by everyone, will lead to greatest increase in overall happiness
Scenario: Products being advertised, where only a small fraction of targets is known to be interested
What if 0nly 1% of all small businesses in the US email What if 0nly 1% of all small businesses in the US email you 1 Spam advertisement per year?you 1 Spam advertisement per year? There are 24,000,000 small businesses in America 1% => 240,000 emails per year 240,000 / 365 = 657 emails per day for each person You are one of these persons! Do you feel happy about 657
unwanted emails every day?
Is sending Spam ethical under Rule Utilitarianism?Is sending Spam ethical under Rule Utilitarianism? Students discuss … and compute happiness again!
15
Spam and Ethics
Social Contract Theory evaluation of SpamSocial Contract Theory evaluation of Spam Morality is the set of rules, governing how people are
to treat one another, that rational people will agree to
accept, for their mutual benefit, on condition that others follow those rules as well
Right to free speech as applied to mass communication Is sending Spam ethical under Social Contract Theory?
Students discuss … also think of enforcement! And why we have Spam in our current society?
16
CAN Spam of 2003 Federal Law
CControlling ontrolling AAssault of ssault of NNon-Solicited Pornography & Marketingon-Solicited Pornography & Marketing
Largely unenforcedLargely unenforced Difficult, time-consuming, and resource intensive to track the
sources of Spam Some successes
Greco (2/2004), Goodin (1/2006) JumpStart (3/2006) $900k judgment
But largely ignored Spam 75% of all messages in 2006, more AND larger percentage today
in 2011 0.27% of Spam was compliant
Divides email into 3 categories; Spam should adhere to guidelines Divides email into 3 categories; Spam should adhere to guidelines of these 3 categories, to be:of these 3 categories, to be: Transactional, commercial, unsolicited
17
CAN SpamTransactionalTransactional
Sender and receiver have an established business or personal relationship
Header, sender, and organization must be correct Can’t disguise identity of the sender from which message was sent
CommercialCommercial Commercial email messages to which user has consented to receive Same as above and must provide option to remove from list
Mechanism to opt-out must include an Internet based method i.e. not an 800 number of the kind: “Your call is important to us!”
Must contain the postal address of sender
UnsolicitedUnsolicited Must meet requirements of category 1 and 2 and: Must include clear and conspicuous evidence that the message is an
advertisement
18
CAN SpamCritics call this the “You can” Spam ActCritics call this the “You can” Spam Act
You get one free shot at a user’s Inbox Does not prevent sending of Spam, but forces such messages into
complying with defined rules
Unsolicited messages must comply with all 3 types of rulesUnsolicited messages must comply with all 3 types of rules Unsubscribe compliance
Visible, operable opt-out (unsubscribe) mechanism for all types of messages with requests honored within 10 days
Content compliance Accurate “From:” lines with relevant “Subject:” lines Legitimate physical address of publisher/advertiser If applicable, a label is present for adult content
Sending behavior compliance No sending through open relays –i.e. server that blindly pass on/through
email messages No sending via harvested email No deceiving, false headers
19
CAN Spam
ExemptionsExemptions Religious messages Political messages Content that complies with lawful marketing mechanisms National security messages Transactional or relationship messages from companies to
existing customers
Overrides state lawOverrides state law Rushed passage to supercede a tougher California law
Prohibits recipients from suing senders directly!!Prohibits recipients from suing senders directly!!
PenaltiesPenalties Misdemeanor to send with falsified header
20
CAN Spam
Problems with the “opt out” provision in CAN Spam?Problems with the “opt out” provision in CAN Spam? For illegal email sender, your opting out means they know you
exist; so they can and will send you more email May unsubscribe you, and send Spam from a different entity!
Time provisions on length of unsubscriptionAllowable delay in unsubscriptionCreate many LLCs to keep user receiving Spam??
What about a legitimate company? Is there a potential problem with opting out?
Can they then sell your email address to another company? Is your email address your possession or theirs to use?
What about non-US Spammers?
21
Class Exercise
How do you suggest to solve the problem of Spam in an ethical manner?
Students propose a practical, legal method of curbing Spam, in a way that the Internet remains usable!
Discuss Pros Discuss Cons Enforceable? Would this be an improvement over current situation?
22
Solutions to Spam Require explicit opt-in to email lists Require labeling of email advertising, e.g. “AAA subscription”
in the subject line Add a cost to every email that is sent Ban all unsolicited email 1991 – Telephone consumer protection act, included a
provision against junk faxes Provide fast method of unsubscribing: not 10 days! Problems?
23
Ethics & World-Wide Web
24
World-Wide Web Invented by Timothy Berners-Lee Invented by Timothy Berners-Lee
Proposed 1989 Co-invented with Robert Cailliau Ref: http://en.wikipedia.org/wiki/Tim_Berners-Lee
Hypertext system that isHypertext system that is Decentralized Uniquely addressable (via URLs) Ubiquitous, internet based
ApplicationsApplications E-commerce Social networks Content creation (wikis, blogs) News, Advertise Distance learning Pay taxes, Gamble, …
25
WWW & CensorshipShould the Internet be filtered/censored?Should the Internet be filtered/censored?
In our times, access to the internet is tightly controlled in some countries: e.g. North Korea, Cuba, China, Myanmar
In others the content is tightly controlled, e.g.: Saudi Arabia (centralized control center in Riyadh blocks pornography,
gambling, and sites offensive to Islam, government, royal family) China’s Great Firewall (human censors who perform similar functions)
Special interesting cases of censorship: Germany:
» Bans neo-Nazi web sites
» Bans message denying Holocaust; denial illegal in 16 EU countries USA:
» Controls pornography (Children’s Internet Protection Act)
26
Censorship During HistoryDirect censorshipDirect censorship
Since the 4th century, the Catholic Church banned the reading and possession of certain books
List of books named “Index Librorum Prohibitorum” List officially maintained by the Vatican, later by those cardinals who were
the official institution of the “Inquisition” Maintained until the mid 20th century (NOT a typo!!) http://en.wikipedia.org/wiki/Index_Librorum_Prohibitorum
State execution, Church control, University responsibility for enforcing the “Index”
Catholic church did not have the executive arm to enforce that all the books on “Index” be collected and burnt
Was the duty of catholic states, delegated generally to the universities Last issue of “Index” was in the 1960s! Seriously, the 20th century! Today the church has no such official list
Autocratic states like Saudi Arabia, Myanmar, etc. today maintain Autocratic states like Saudi Arabia, Myanmar, etc. today maintain similar prohibited lists not of books, but of select Internet sitessimilar prohibited lists not of books, but of select Internet sites
27
CensorshipDirect censorshipDirect censorship
Government monopolization enables censorship Government controls all means of communication e.g. Soviet television stations, radio, etc. Hard to do with Internet; but being attempted!
Prepublication review Sensitive classified documents must go through process to become
declassified and publishable Licensing and registration
Controlling who gets access (i.e. television stations being grant ed electromagnetic spectrum in exchange for something)
Note that “selling frequencies” is a huge source of tax/income potential
Self censorshipSelf censorship Suppressing information as a means to an end
CNN suppressed negative government info in Iraq to retain office in Baghdad
Voluntary rating systems so users can avoid certain content What is “voluntary?”
28
Practical Censorship IssuesMany-to-many communicationMany-to-many communication
Prevents governments from controlling the content Gutenberg’s invention of the printing press raised the difficulty of controlling
books considerably (printing was known in China before Gutenberg)
DynamicDynamic New web sites and content continuously published New site-names created and deleted constantly
SizeSize Millions of sites, numerous pieces of information, mirror sites See WikiLeaks Department of State content: ¼ million files for one event
GlobalGlobal Limited authority for any government to restrict activities around the world Many countries have server farms; impossible to shut all down!
IdentityIdentity Difficult to distinguish children from adults, criminals from bona-fide users
29
Censorship & EthicsWhere does censorship leave “freedom of expression”?Where does censorship leave “freedom of expression”?
KantCensorship is clearly a backwards stepPrevents people from getting information they need to make their
own decisions
John Stuart Mill, 1806 – 1873, British philosopher:None of us is infallible and knows the whole truth. Censorship
may be silencing the voice of truthMajority opinion is not necessarily/usually/ever/always the whole
truth. Must allow others to express their opinions to get a better sense of what is the truth
Majority opinion must be tested and validated. Otherwise it is prejudice
Tested opinions using free and open discourse has a vital effect on character and conduct
30
Censorship & EthicsIs censorship of books, films, internet, posters practiced Is censorship of books, films, internet, posters practiced
in the USA?in the USA?
Aside from limiting a) pornography from internet sites Aside from limiting a) pornography from internet sites and b) offensive language and c0 libel, there seems to and b) offensive language and c0 libel, there seems to be no censorship; see freedom of expression below!be no censorship; see freedom of expression below!
31
Freedom of ExpressionMill’s Principle of HarmMill’s Principle of Harm
The only ground on which intervention is justified is to prevent harm to others; the individual’s own good is not a sufficient condition
Students: How does this apply to drug users who destroy themselves?
Or how to people wanting to commit suicide? What ethical framework does Mill’s principle follow? Explains positions of most western democratic governments
with regard to pornographyAdults viewing hurt mostly themselves by doing so as opposed
to othersNote exception for children
32
Freedom of Expression in US
Not an absolute right in eyes of the US Supreme CourtNot an absolute right in eyes of the US Supreme Court See Supreme Court Justice Clarence Thomas’ dissentions
Right is balanced against the public goodRight is balanced against the public good Abuse of such freedom in order to harm the public may be
punishable Libel, reckless or calculated lies, slander, misrepresentation,
perjury, false advertising, obscenity and profanity, solicitation of crime, and personal abuse
Example: Cigarette advertising on televisionHow many cigarette ads have you seen recently?Ethical argument for why it should not be allowed:Opinons?
33
FCC v. Pacifica Foundation
Radio broadcast of George Carlin performance “Filthy Radio broadcast of George Carlin performance “Filthy Words” in 1973Words” in 1973 Preceded by warning of sensitive language
A man had heard “filthy words” on car radio while A man had heard “filthy words” on car radio while driving with his young son; he complained to FCCdriving with his young son; he complained to FCC
FCC informed Pacifica Foundation: further complaints FCC informed Pacifica Foundation: further complaints would lead to sanctionswould lead to sanctions
Pacifica sued FCC, and won: Supreme Court 1978 in a 5 Pacifica sued FCC, and won: Supreme Court 1978 in a 5 to 4: FCC did not violate the First Amendment!to 4: FCC did not violate the First Amendment!
34
FCC vs. Pacifica FoundationBroadcast media is uniquely pervasiveBroadcast media is uniquely pervasive
Indecent material broadcast into privacy of homes People can turn it on-off at any time, making the warning
ineffective Damage is done as soon as it is heard (can not undo its harm
by turning it off after the fact)
Uniquely accessible to childrenUniquely accessible to children Can restrict access in bookstores and movie theaters Time of day is an important consideration, however, for
broadcast radio/television
Students debate and exercise: Ethical analysis!Students debate and exercise: Ethical analysis! Kant’s CI, Act U., Rule U., Social Contract
35
Censorship and Children
Child Internet Protection Act (CIPA)Child Internet Protection Act (CIPA) Government requirement for installing anti-pornography
filters before receiving federal funds for Internet accessArgument for: Libraries do already abstain from offering X-rated
magazines or moviesSo they should not be obliged to filter Internet pornographyArgument against: Filters are inaccurate and inconvenient. They
restrict freedom of speech from some web publishers
Upheld by U.S. Supreme Court in 2003 It is not the role and function of libraries to provide a public
forum for free speech; can be exercised elsewhere
36
Is CIPA Ethical?Kantian evaluation of protecting children from harm using filtersKantian evaluation of protecting children from harm using filters
Assumption is that some non-pornographic web pages are filtered Filters treat creators of non-offensive, blocked pages as a means to the
end for restricting children’s access to pornographic materials
Act utilitarian evaluationAct utilitarian evaluation Up to each of us Enacting CIPA results in fewer children being exposed Some legitimate sites will be filtered accidentally Stigma, discomfort for legitimate users getting sites unfiltered
Social contract theory evaluationSocial contract theory evaluation Private viewing of pornography does not make social living impossible Public libraries offer arguments on both sides (assumption is that filters
block some useful sites)
37
Catch Chat-Room PredatorsPolice sting operations to lure pedophilesPolice sting operations to lure pedophiles
Ethical? Kantian analysis
Is the will leading to the action OK? Yes and no
» Overall goal is good; but that is not of prime interest to CI» Deceptiveness to do so is always wrong to a Kantian!
Utilitarian analysis Result is public benefit (OK to harm one pedophile so society benefits) Publicity may deter other pedophiles Impact on chat rooms as an effective medium for communication if one
knows one is being “watched”? Social contract theory analysis
Misrepresentation by pedophile should be punished Police are also misrepresenting themselves Not a clear cut argument
38
Discussions
Suppose 99% of all email from country X is SpamSuppose 99% of all email from country X is Spam
Discuss the ethics behind blacklisting all email from Discuss the ethics behind blacklisting all email from country X:country X: Kantian Act Utilitarianism Rule Utilitarianism Social Contract
39
Discussions
Definition MMORPG: Massively Multiplayer Online Role-Definition MMORPG: Massively Multiplayer Online Role-Playing Game Playing Game
Discuss the ethics behind rule in China mandating a Discuss the ethics behind rule in China mandating a time-limit for playing MMORPGs. Is this law moral? time-limit for playing MMORPGs. Is this law moral? What would the judgment depend upon?What would the judgment depend upon? Kantian Act Utilitarianism Rule Utilitarianism Social contract theory
40
Discussions
Discuss the ethics of posting photos on-line without the Discuss the ethics of posting photos on-line without the permission of those who appear in thempermission of those who appear in them Are there situations when it would be unethical? If so, what
are they? Kantian Act Utilitarianism Rule Utilitarianism Social contract theory
41
References Spam: http://www.etymonline.com/index.php?Spam: http://www.etymonline.com/index.php?
search=spam&searchmode=nonesearch=spam&searchmode=none
SMTP: http://www.smtp2go.com/articles/smtp-protocol.htmlSMTP: http://www.smtp2go.com/articles/smtp-protocol.html
Mill’s utilitarianism: http://en.wikipedia.org/wiki/John_Stuart_MillMill’s utilitarianism: http://en.wikipedia.org/wiki/John_Stuart_Mill
Clarence Thomas supreme court dissentions: Clarence Thomas supreme court dissentions: http://blog.beliefnet.com/watchwomanonthewall/2011/06/court-rules-http://blog.beliefnet.com/watchwomanonthewall/2011/06/court-rules-against-parents-justice-thomas%E2%80%99-dissent-protects-children-against-parents-justice-thomas%E2%80%99-dissent-protects-children-by-steve-birn.html by-steve-birn.html
MMORGPG: MMORGPG: http://en.wikipedia.org/wiki/Massively_multiplayer_online_role-http://en.wikipedia.org/wiki/Massively_multiplayer_online_role-playing_gameplaying_game
Phishing at Microsoft: Phishing at Microsoft: http://www.microsoft.com/security/resources/phishing-whatis.aspx http://www.microsoft.com/security/resources/phishing-whatis.aspx
Phishtank: http://www.phishtank.com/what_is_phishing.php Phishtank: http://www.phishtank.com/what_is_phishing.php
Index of Prohibited books: http://www.aloha.net/~mikesch/ILP-1559.htmIndex of Prohibited books: http://www.aloha.net/~mikesch/ILP-1559.htm
Holocaust denial: Holocaust denial: http://www.jewishvirtuallibrary.org/jsource/Holocaust/denial.htmlhttp://www.jewishvirtuallibrary.org/jsource/Holocaust/denial.html