Intersection of Philosophy, Ethics, Science, Technology, and Society - 12/28/17

We have begun wrapping up our initial background research component for this research and have begun examining the different viewpoints we have synthesized from other sources combined with our own opinions. Through extensive discussion and debate between me and Sohini, we decided to settle upon these three viewpoints/arguments:

Viewpoint I

Code, just like writing, is a form of free speech, an inalienable right everyone is entitled to. While some may argue that social engineers (or "hackers") who create malware is a form of coercion, or a duress crime to force their victims to give up their information, this is most of the time, not the case. Especially with phishing, users themselves have to give up their own information by typing it into some sort of web-based interface. This is no different than a stranger walking up to someone, request their bank account information, and have the victim comply, but of course, in a more concealed manner. Despite the fact that most social engineers try to make their platforms be as similar as possible to the interface they are trying to recreate, the responsibility still lies with the user, as falling victim to phishing (or any sort of malware requiring the victim from intervening) is the result of his or her negligence. This same principle applies to malware that does not require human intervention. Just like in the real world, users in the virtual world must always be on the alert for threats, especially since the user is knowledgeable of these threats through pre-installed anti-virus systems, and constant reminders for security on the Internet, such as changing your password every so often.

Viewpoint II

Users of the technology argue that the malicious intent to harm is what is bad as the initial purpose of the internet was solely to transmit research data, no one expected it to be infected with malware on a closed internet. Today, the Internet plays a prominent role is social globalization and thus rely on in for trade, education, socialization, entertainment, among many other important aspects of human life. Unless one is browsing the Internet for the purpose of becoming infected with malware, people tend to assume they are immune to attacks. After all, most computers today come pre-installed with anti-virus systems. Should a user be affected by malware, it is the extensive work of a social engineer to break through existing security systems. As a result, users affected by malware would place all fault on the creator, as they were the ones who knowingly committed a crime. Many parallels can be drawn from this perspective. For example, if someone was hit by a stray bullet on the road, the person who shot it is at fault because they are aware that carelessly shooting may result in dire consequences whereas the person shot would have assumed the road is safe and constantly monitored by law enforcement.


Viewpoint III

The manufacturers themselves are at fault. For example,  iOS is only manufactured by the company Apple, which has a tight focus on security. If there’s “a malware threat to iPhones and iPads, Apple can blast out an update and, in theory, that’s the end of it” (Beres). Similarly, “if something goes wrong on Android, Google has to identify the problem and deliver a fix to manufacturers, and then those manufacturers have to beam that update to their customers” (Beres). The manufacturers may also be held accountable for educating users in malware prevention. Often, they do put in place firewalls and employ other cybersecurity and cryptography techniques to prevent specific attacks directly to the system.

From these three viewpoints, we see that Viewpoint I is most valid (despite it being ethically controversial :/). In the digital age that we live in today, it is with no doubt that people are knowledgeable of the destruction that malware can bring to a computer, or even a whole networking system, as we are constantly kept current through the media and new security updates/patches on mobile devices and web applications. Of course, our perspective may also be the result of a biased lens from living in the Silicon Valley. Our next step is to examine this issue and each of our perspectives from a philosophical lens, such as through Nietzsche or Pyrrho, specifically on the ideas of good versus evil. From a closer analysis from the perspective of these classical philosophers, we hope to bring new light on this topic that has constantly debated amongst the consumer electronics markets.

-James

Happy Holidays - Online Shopping Safety - 12/17/17

Holiday season is right around the corner! With an unprecedented number of expected online shoppers this year, it's important to remember that the Internet isn’t a safe place. While we can trust sites such as Amazon, Best Buy, Walmart, etc., scammers and hackers are always creating sites similar to these to steal our information. In fact, some even take it a step further. I was recently awaiting a $50 Amazon Gift Card in my email after filling out an online redemption form from a third party. Unfortunately, the third party’s system was compromised, and I received this in my inbox two days later:

Thanks to the filtering system implemented by Google, I was able to cautiously handle the email. Opening the link that supposedly led me to my “redemption code”, the following site showed up:

This person was deceivingly smart. The phisher (those who create fake websites to steal information) was able to accurately duplicate the Amazon sign-in page. Even the tab title and logo were correct. However, what instantly threw a red flag was the url, and that’s how I confirmed this site was ingenuine.

This is a prime example of what is known as phishing, which is defined as the practice of sending a fradulent offer through electronic transmission supposedly holding reputable content in order to induce individuals to reveal personal information. Phishing nowadays usually is done first by sending an email to the victim, claiming the victim has a reward to redeem (like the one shown), or their account (i.e. social, bank, etc.) may be at risk. Then, they are led to a site that is identical to what they would normally see, except the URL is wrong. If the victim enters their credentials, that information is sent to the phisher, and the victim is usually redirected to the official site login (and the victim will likely assume this was a glitch). The phisher then uses that information to compromise the victim’s identity, and possibly sends the phishing site to the victim’s connections through his/her account.

While we typically take the utmost precautions when logging into our financial accounts, these precautions have to be taken everywhere. Many people have one password for everything, and with one account compromised, it doesn’t take too much effort for one for the phisher to steal the victim’s identity. Here are some tips to stay safe during this holiday season:

• Never leave your password in plain view, especially in a public location
• Always log out when you are done, and make sure you are logged out
• Whenever possible, put in the least amount of personal information as possible. That way, if someone were to compromise your account, it is less likely they would be able to compromise other information about you.
• Use different passwords for every account
• Don’t transmit personal information and passwords over the internet

We wish you all a happy and safe holiday season! We’ll be updating our research progress sometime around the New Year!

-James

Finding a Mentor - 12/12/17

Finding a mentor for this project was an interesting journey. We first created a spreadsheet online, posting links leading to staff pages of the humanities department in several universities. Then we painstakingly combed through each to find potential mentors, reading their papers and bios to determine fit. Finally, we had a comprehensive list of possible mentors, who we then reached out to via email. We gave them a brief description of our idea and what we expected to do, then explain why we would like them specifically for our project. Each professor we reached out to was selected for a unique, individual reason why they would be a huge asset for our project.

 Most professors replied back, around 80%, but most were negative as they were busy. However, we did receive several positive responses, with those professors either eager to be our mentor or interested in learning more.

We finally decided on Dr. Joshua Cohen. As a political theorist, we found him an amazing fit for our project, which partially deals with political philosophy. As a member of the faculty at Apple University and a Senior Director at Apply itself, he would be well versed in the computer science aspects of our project. We are very excited to work with Dr. Cohen.

For more information on Dr. Cohen, please see: https://en.wikipedia.org/wiki/Joshua_Cohen_(philosopher).

Official title:

Joshua Cohen

Senior Director, Apple, Inc.

Distinguished Senior Fellow, University of California, Berkeley

Editor, Boston Review

Emeritus Professor, MIT

Honorary Emeritus Professor, Stanford University

-Sohini

Phishing Opinion Survey - 12/2/17

I decided to conduct a survey among students in my school to get an idea of their opinions about phishing and who is at fault if a user falls into a social engineering trap, and the results were quite interesting. Feel free to tell us your thoughts as well!

In a survey of 10 high school students with half experienced and inexperienced with technology, they were asked three questions:
- What if your experience and comfort level with computers?
- If a computer virus infected your computer, who is at fault?
- If someone slipped at a restaurant because floor is slippery, who is at fault?

Those who stated they had experience with computers also stated that the user is at fault for negligence. Those who did not have extensive experience with computers stated that the person who created the malware is at fault for unethical practices. This is an interesting result, as it shows that people with considerable experience with computers may be aware to measures a user can take to prevent getting hacked and being the victim of malware. Additionally, it may show that helping employees become more comfortable with computers may lower their risk of falling for malware, as they can detect deviations and the social engineering more easily.

However, both groups stated that in a restaurant, the restaurant would be at fault for a risk not assumed by the customer. This could translate to consumers blaming companies who create technology if they fall for malware. They could claim that it is the fault of the creator (the restaurant), for leaving a potential risk (slippery floor) that doesn't not have to be assumed by the user (the customer).

These are definitely some viewpoints we are excited to consider and develop in our paper.

-James