|
|
| Author |
Message |
codemastr
Idler
Joined: 05 Feb 2004
Posts: 353
|
 Posted: May 18, 2004 8:13pm Post subject: |
 |
|
Allow me to make a comparison.
People often say you should not argue the ethics of software, because people break ethics, not the software. So here is an example:
I am a gun manufacturer. As we all know, guns can be used to kill people. However, as the NRA so often likes to point out, "guns don't kill people, people kill people." Basically, they argue based on the fact that the technology isn't unethical, the shooter is.
But now consider this gun:
This gun is 100% guaranteed never to have any fingerprints on it. It will leave no gun powder on the shooter, and the bullet dissintegrates on impact. This gun leaves no evidence of the shooting! In this instance, the gun is not simply being presented as a gun, it is being presented as a gun *designed* for unethical purposes.
That's what I view the spying on IRC as. If the admins really wanted it for protection (detecting DoS bots, etc.) then they would use a "targetted" logger. Meaning one that detects key phrases. Like "!login" and such. However, this is not what is being done. The technology is designed in such a way that it is made to carry out unethical tasks.
I agree though, ethics is a hard issue. I happened to have just taken a course in computer programming ethics this past semester so I can atest to the fact that decisions made every day in a programmers life are hard ethical decisions. You might not see it at first, but remember, a computer programmer designed the code to launch nuclear bombs, execute prisoners, choose which patients receive life saving organ transplants, etc. Those are all obviously major ethical issues. It most certainly is not black and white. But, since it is hard to find a universal code of ethics (be it from God, a supernatural being, nature, or even genetics), we must at least for now base it on what we do have. And that is our own consciences. I could not, in good conscience, allow +I to remain in Unreal. In my mind it was unethical. And having talked to AngryWolf, he feels the same way about his modules. Hence why they are gone. |
|
| Back to top |
|
 |
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: May 18, 2004 9:18pm Post subject: |
|
|
very well said. I too had to take an ethics course for business management.  |
|
| Back to top |
|
|
Howard
none
Joined: 16 Nov 2003
Posts: 34
|
| Posted: May 19, 2004 1:40am Post subject: |
|
|
| codemastr wrote: |
That's what I view the spying on IRC as. If the admins really wanted it for protection (detecting DoS bots, etc.) then they would use a "targetted" logger. Meaning one that detects key phrases. Like "!login" and such. However, this is not what is being done. The technology is designed in such a way that it is made to carry out unethical tasks.
|
I am not convinced that you can call watching what someone sends through a facility you 'own' can be called unethical in and of itself. You've got less justification to run a rf receiver and listen to the local police, fire, and cell-phone traffic, and *that* has been allowed by law since 1934 (albeit modified slightly in the case of satellite-tv). However, that same law set up some heavy restrictions on what you could *do* with what you heard - basically, darned little unless there was danger to life and limb involved.
The question turns on the expectations of the folks using the facility. Is it reasonable for folks to *expect* that no one but the recipient of a msg can see the text they're typing while they're on a given server, service, or even the net as a whole. Many do, certainly, but does this in and of itself make the expectation 'reasonable'?
On the other side of the argument is the fact that *some* areas, some themes, do tend to attract genuine nogoodniks that are intending to do genuine harm to those they find vulnerable. When you put up a facility whose purpose is to serve the *good* people in that community (in my case, bdsm-net), do you not at the same time incur an obligation to do everything you can to identify and exclude those who would so serious harm (up to and including murdering) those good people? How far are you justified in going to fulfill that obligation?
Yes, you can say that 'I can't act on what I can't see.' But now the issue is not that you *can not see* because the facility to see it is readily available; it is whether you are going to choose *not to look*.
The ethical considerations are not black/white, it's something that in each situation needs some careful thought.
And, just for the record, after all that thought I've committed to leaving the spy module off. We *do* put a lot of effort into identifying and excluding folks that don't belong on the net - underagers, predators, twidgits pushing kiddie material and the like. But the hate and discontent that would come from watching everything that everyone says, all the time, just isn't worth what benefit could reasonably be expected from it. |
|
| Back to top |
|
|
Guest
|
| Posted: May 19, 2004 4:22am Post subject: |
|
|
codemastr:
The difference between your gun analogy and the m_spy module analogy is that the module itself can be used for good and useful purposes.
There is a legitimate point for having the ability to monitor users when need-be. It's not just a function used for 'unethical' behavior. As I said, all ethics aside, if it's legal in the region where the server resides that you can in fact do this, then ethics should not play a part into it.
The need for such a module INCREASES as people slowly move to SSL-based IRC connections. Prior to this, one could simply sniff all the traffic that goes in and out of the IRCD with an adequate packet sniffer. The problem now is that once server links go SSL and client-to-server links move to SSL, packet sniffing is no longer an option.
Therefore, a previous helpful ability in some scenarios is no longer helpful. People need these tools for whatever reason.
And finally, what harm would come from using the module?
Example:
A) Large networks - they have adequate developers of their own IRCDs so they really don't need such a module, they can do it themselves. Obviously releasing such a module would not be an issue with these guys.
B) Smaller networks
1) Legitimate networks - The small guy that wants to setup an IRC server for his company or for a particular purpose. These guys want the ability to monitor their users to ensure the integrity of the network. However, these guys aren't programmers and therefore can't do this themselves. They go to the programmers for assistance and the programmers shy away saying how it's "unethical" to monitor users.
2) illegitimate networks - It won't matter if these guys get spied on. After all their network is usually run by a bunch of children anyway and they probably facilitate warez like crazy. These guys have much more to worry about than the 'Network Administrators' monitoring them. Then again, the network administrators would probably also have to worry.
Just by writing this out I can't see where there is a problem. Larger networks don't need it, illegitimate networks really don't have to worry about it, and therefore the only guys in harm's way are the ones who need the module.
I'd hate to use your gun analogy, but I have to  Remember, just by outlawing the guns does not mean those who would've gotten and used them illegally in the first place will not be able to obtain them. |
|
| Back to top |
|
|
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: May 19, 2004 4:37am Post subject: |
|
|
| Quote: |
I am not convinced that you can call watching what someone sends through a facility you 'own' can be called unethical in and of itself. You've got less justification to run a rf receiver and listen to the local police, fire, and cell-phone traffic, and *that* has been allowed by law since 1934 (albeit modified slightly in the case of satellite-tv). However, that same law set up some heavy restrictions on what you could *do* with what you heard - basically, darned little unless there was danger to life and limb involved.
|
I think you are bit confused or are not from the USA. An RF receiver may be used to monitor PUBLIC transmissions ... radio ... TV broadcasts.
It has been and currently is a federal crime to monitor PRIVATE conversations cell phone, wiretap(unless you tap your own house) etc... without a permission from a judge or at least one person in the conversation and in some states the consent of all parties involved.
There has been articles posted on the internet on how it's possible to go to jail for copying and pasting a private conversation you WAS involved in and I'm talkin about IRC conversations ... the laws in New Hampshire specificlly include internet conversations.
I'm not going to watc this thread anymore, I feel I've said everything I feel needs to be said.
Just a little note to those that are considering using a private message logger. To most people it's unethical and is some places outright illegal.
Just say no! |
|
| Back to top |
|
|
Guest
|
| Posted: May 19, 2004 4:38am Post subject: |
|
|
| The keyword in your statement was "in some places". But not all. |
|
| Back to top |
|
|
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: May 19, 2004 2:27pm Post subject: |
|
|
| "some places" is still enough to get you into trouble ... If a user in New Hampshire presses charges ... it don't matter if you're in California or not, the charges in New Hampshire will still be valid. |
|
| Back to top |
|
|
Guest
|
| Posted: May 19, 2004 2:40pm Post subject: |
|
|
Where's the law that states this?
Even so, disclaimers can go a long, long ways
If the network admin doesn't put a disclaimer, then that's his fault
And at that point, the user in New Hampshire would have to prove that the Administrator was in fact spying on him or her. Which of course is nearly impossible to do unless the Administrator made it known. If the Administrator is going to make it known, then he'd probably be smart enough to make note of it in the MOTD and/or a network rules website, etc.
It's not very hard to make it very clear to the user. And this usually is enough to get around whatever you so speak, so as long as the law where the server is supports the Administrator's actions. |
|
| Back to top |
|
|
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: May 19, 2004 2:51pm Post subject: |
|
|
| Quote: |
Where's the law that states this?
|
I wish I had it bookmarked when I seen, sorry I don't. If I come across it agin I will post it The article also covers instances where law enforcement officials had their logs of officers posing as minor females engaging in setting up to meet with child molesters thrown out of court because there were illegaly obtained.
| Quote: |
Even so, disclaimers can go a long, long ways
If the network admin doesn't put a disclaimer, then that's his fault
|
It's in my MOTD that by using my network the user agrees to normal IRC logging including server to server traffic and logging done by IRC Clients of channels and private messages.
| Quote: |
And at that point, the user in New Hampshire would have to prove that the Administrator was in fact spying on him or her. Which of course is nearly impossible to do unless the Administrator made it known. If the Administrator is going to make it known, then he'd probably be smart enough to make note of it in the MOTD and/or a network rules website, etc.
|
That's easy to do actually .. all you have to do is accidently paste any portion of the log from a /msg window either to them or in channel.
Last edited by uchat on May 19, 2004 2:55pm; edited 1 time in total |
|
| Back to top |
|
|
Guest
|
| Posted: May 19, 2004 2:53pm Post subject: |
|
|
Easy to make a mistake of doing, yes. But again, disclaimers really do go a long way. This is like saying it's illegal for me as a client to log this guy's conversation in an internet channel because that guy will sue me for doing so.....that's just dumb man  |
|
| Back to top |
|
|
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: May 19, 2004 2:58pm Post subject: |
|
|
| Quote: |
This is like saying it's illegal for me as a client to log this guy's conversation in an internet channel because that guy will sue me for doing so.....that's just dumb man
|
according to the article .. it is illegal. Hunting whales from a moving vehicle is dumb ... but still illegal in California.
Here ya go: http://www.securityfocus.com/printable/columnists/233
When you see things like:
"New Hampshire is "two-party consent state" -- one of those jurisdictions that requires all parties to a conversation to consent before the conversation can be intercepted or recorded. The decision is the first of its kind to apply that standard to online chats, and the ruling is clearly supported by the text of the law."
It's hard to misunderstand the article. Notice it says BEFORE it can be recorded ... |
|
| Back to top |
|
|
Howard
none
Joined: 16 Nov 2003
Posts: 34
|
| Posted: May 19, 2004 3:43pm Post subject: |
|
|
| Quote: |
I think you are bit confused or are not from the USA. An RF receiver may be used to monitor PUBLIC transmissions ... radio ... TV broadcasts.
It has been and currently is a federal crime to monitor PRIVATE conversations cell phone, wiretap(unless you tap your own house) etc... without a permission from a judge or at least one person in the conversation and in some states the consent of all parties involved.
|
Look at 47 USC 605 a. What it says is that you cannot *disclose* the contents of any radio communications you intercept, nor can you use said contents for your own benefit. As long as the transmission is not from a satellite tv bird *and* is encrypted, you can *listen* all you want.
Cable-carried communications are different, you do indeed need a warrant to tap a wire. But if it's in the air, you can listen all you want.
Last edited by Howard on May 19, 2004 3:53pm; edited 2 times in total |
|
| Back to top |
|
|
Guest
|
| Posted: May 19, 2004 3:50pm Post subject: |
|
|
Please make note of the following two items from the text.
| Quote: |
Clearly Detective Warchol consented to the recording he made, and MacMillan had little expectation of privacy in the chat session. But New Hampshire, like many other U.S. states including California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Pennsylvania and Washington, requires all parties to the communication to consent to a recording before it is legal. And MacMillan, while engaged in the conversation with the putative 14-year-old, did not consent to recording the conversation.
|
As I stated in Maryland, all parties must consent to the logging AND THEREFORE IT IS LEGAL. I am well aware of the laws in my jurisdiction to wiretapping of conversations.
| Quote: |
It is useful to contrast the MacMillan case with one in 2002 in Washington state which has an even more stringent all-party consent statute. In that case, Donald Townsend engaged in an ICQ session with what he believed to be a 13-year-old girl, but was in fact an undercover police officer. In permitting the introduction of the recorded ICQ session, the court noted that the ICQ technology itself had a default setting to make a permanent record of the conversation. The court found that since Townsend should have known about the default setting, he effectively consented to the making of the recording under Washington's all-party consent statute.
|
This proves my point that when the party is aware of it, that means that it is okay to use in the court of law. Similarly, this means that mIRC has a logging setting and therefore can be legally used to log the conversations of the channels. The question is that whether or not knowing about the setting is enough to know that logging IS occurring versus logging CAN occur using the client. Remember that it was noted that it was the DEFAULT setting in ICQ. Also, this is irrelevant to the server, since the server is not using mIRC. However, with a disclaimer in the MOTD which is default to view by every IRC client known to man, it would be perfectly legal to log all conversations in the state of Maryland.
Ethics aside, this is how the law is. So why hide a module that can be legally used by companies and other individuals in the course of very legitimate and legal use? |
|
| Back to top |
|
|
Guest
|
| Posted: May 19, 2004 3:56pm Post subject: |
|
|
I should just register an account.
But for the sake of discussion, these are the laws that are currently in place. But given the prevalence of logging systems within internet chat clients (ranging from IM services, to emails, to IRC clients), the laws need to be modified to distinguish these types of logging. The author of the article touched on this briefly with the concern as to the way routers log information.
As of right now I'm sure these such things continue to fall under the 'wiretap' laws in most areas, which means it's perfectly legal.
The fact that there is no federal law makes this a messy situation, but in the case of an IRC server with IRC Operators that log conversations and redirect them to channels or messages (i.e. methods of outputting the logs, after all, redirection requires input and output), I would say that you could probably get away with the argument that it falls under the server's jurisdiction. |
|
| Back to top |
|
|
uchat
Idler
Joined: 17 Mar 2004
Posts: 335
|
| Posted: May 19, 2004 4:10pm Post subject: |
|
|
| Quote: |
But for the sake of discussion, these are the laws that are currently in place. But given the prevalence of logging systems within internet chat clients (ranging from IM services, to emails, to IRC clients), the laws need to be modified to distinguish these types of logging. The author of the article touched on this briefly with the concern as to the way routers log information.
|
New Hampshire law DOES specify online chats. It says so in the second paragraph.
It says in plain English:
"requires all parties to a conversation to consent before the conversation can be intercepted or recorded."
AND in the very next sentence:
"The decision is the first of its kind to apply that standard to online chats, and the ruling is clearly supported by the text of the law."
Cell Phone Monitoring:
"The Federal Communications Commission (www.fcc.gov) ruled that as of April 1994 no radio scanners may be manufactured or imported into the U.S. that can pick up frequencies used by cellular telephones, or that can be readily altered to receive such frequencies. (47 CFR Part 15.37(f)) The law rarely deters the determined eavesdropper, however."
There are clauses that allow for Emergency Services to monitor, granted ... but your average Joe cannot.
from: http://www.privacyrights.org/fs/fs2-wire.htm |
|
| Back to top |
|
|
|
|
| |
Register
Log in
