TR3.5

Ethics Questions

Houjun Liu 2021-09-27 Mon 12:00

Table of Contents

1 Berdanido

  1. What are the ethical choices people faced? What, if any, actions would you consider unethical? Why? The FBI and teams at Apple had to face the choices whether to push an OTA update to the phone of the San Bernadino Shooter. When Apple failed to do so, FBI attempted to use a third-party service that decrypted the device. Because of the court-issued injunction, the FBI was acting within its legal capacity to do so. However, Apple made the difficult moral decision in not co-operating with the FBI with their investigation. Although I don't believe that they were fully in their legal rights to do so, I do believe their actions were ethical. They did not divert the resources to build a back-door to their devices that could be issued via an OTA update, which therefore protect future customers from attack.
  2. What, if any, actions in this story do you think should be illegal? What actions are actually illegal? Specify laws that might be relevant, even if no one was caught or prosecuted. Digital locks, if breakable, could be done. The FBI was in their rights to issue an injunction, but they should also attempt to seek third-party help should they want to break the encryption. For instance, a lock maker is not responsible to issue a master key to their lock when the FBI could simply break the door.
  3. What things do you think the people involved could have done to achieve their goals while staying within legal and ethical bounds? I believe that the FBI acted reasonably here: seeking a third-party security official to attempt to acquire the decryption key. However, Apple should therefore strengthen their security, as that act would protect against future attacks by third-parties down the line.
  4. What would you consider appropriate punishment? If relevant to your story, how does that compare to the punishments that were handed down? There is no punishment that could be issued here. I believe that Apple's refusal, although perhaps in-lawful, would be a civil and not criminal case. As per aforementioned, though, they should attempt to increase the security of their devices in order prevent future parties from breaking into their systems.
  5. What are the technical lessons that can be learned to improve security? I believe that the security company leveraged three zero-days to be able to trigger the decryption mechanism on iPhone unlock to bring down full-disk encryption. Because of the fact that newer iPhones have e-SIMs, I think it is no longer possible to leverage the iMessage bug to introduce the first payload. Also, I believe that iMessages are now encrypted now until phone unlock, instead of at the moment they were received: protecting against this exploit.

2 Silk Road

  1. What are the ethical choices people faced? What, if any, actions would you consider unethical? Why? "Force" (Nob) leveraged going under undercover to trick individuals to flip for the DEA. I don't necessarily believe that this act is ethical, but it I nevertheless don't believe that he could have done anything different given his job as an DEA agent.
  2. What, if any, actions in this story do you think should be illegal? What actions are actually illegal? Specify laws that might be relevant, even if no one was caught or prosecuted. I think the process of working in this is definitely de-jure not illegal, because of the fact that there is no laws that would prevent a DEA/FBI agent from simply doing their proper job. However, I do believe that parts of staging an undercover investigation is quite strange as a behavior and should be formally investigated for their legality as it nevertheless may trick/put innocent people into crime or otherwise exasperate the extent of the crime.
  3. What things do you think the people involved could have done to achieve their goals while staying within legal and ethical bounds? I believe that the legal bounds were met. However, the bounds of ethics is harder to meet here because what they do essentially has to include some ethically challenging areas. One potential route may include seeking stronger security systems and attempting to passively observe and indite the actions instead of attempting to trick those into action.
  4. What would you consider appropriate punishment? If relevant to your story, how does that compare to the punishments that were handed down? The punishment is likely appropriate as handed down: double life sentence. However, due to the designation of the owner of the website as a "kingpin", he is being held in a maximum security prison through it is likely that he had much lower flight risk than others in a similar position.
  5. What are the technical lessons that can be learned to improve security? Attempt to segregate usernames! It seems like the arrest and breakthrough came when his username was digitally linked with that of another which eventually lead to a much earlier fourm post that contained his email. This was not a breach that needed anything but social engineering, which is something that eventually the creator of this site fell to.