Rework Ethics (#19)

Author: h4ckd0tm3

Curriculum/Module 01 - Ethics and Legal/lectures/lecture_1_ethics.md

@@ -1,22 +1,77 @@
 # Hacker Ethics
 
-### Definition
+## Definition
 
-Hacker ethics is a set of principles that guide the behavior and decision-making of ethical hackers or those involved in the IT security community. These principles stress the importance of sharing information, maintaining integrity, and avoiding malicious intent.
+**Hacker ethics** refers to a set of moral values and principles that shape the behavior of individuals within the hacker and cybersecurity communities. Unlike the stereotypical image of hackers as criminals, hacker ethics emphasize curiosity, creativity, freedom of information, and responsible conduct in the digital world. This ethical framework emerged alongside the hacker subculture in the 1960s and 70s at institutions like MIT, later codified by figures such as Steven Levy in his book *Hackers: Heroes of the Computer Revolution* (1984).
 
-### Key Principles
+### Core Principles of Hacker Ethics
 
-- **Information should be free:** Knowledge and information are seen as universal goods, and their distribution should be encouraged.
-- **Access to computers should be unlimited and total:** Exploration and experimentation are vital to learning and innovation.
-- **Promote decentralization:** Centralized systems can become single points of failure or control, making decentralization more resilient.
-- **Judge by skills, not by formal credentials:** Recognize merit and talent over formal education or titles.
-- **You can create art and beauty on a computer:** Computers can be a medium for creativity, not just utility.
-- **Computers can change your life for the better:** Embracing technology can lead to positive societal changes.
+Drawing from historical texts and community norms, the following principles define hacker ethics:
 
-## Ethical Dilemmas
+- **1. Information should be free**  
+  Knowledge is a public good that should not be hoarded. Free flow of information fosters innovation, collaboration, and transparency. Ethical hackers advocate open-source systems and data democratization (Levy, 1984).
 
-While ethical guidelines provide a general roadmap, real-life situations often pose dilemmas that can't be easily resolved. Some of these might include:
+- **2. Access to computers—and anything which might teach you something about the way the world works—should be unlimited and total**  
+  Learning through exploration (a practice known as *tinkering*) is a core tenet. Barriers to access are seen as obstacles to growth and understanding. This principle underlies initiatives like hackathons and open hardware labs (Himanen, 2001).
 
-- **Responsibility when discovering vulnerabilities:** Should one disclose the vulnerability immediately, notify the entity at risk first, or keep it private?
-- **Balancing privacy and security:** At what point does monitoring become surveillance? How do we balance the need for security against individual rights to privacy?
-- **Engaging in "gray hat" activities:** Sometimes actions may lie between clearly ethical (white hat) and clearly malicious (black hat). How does one navigate these gray areas?
+- **3. Mistrust authority—promote decentralization**  
+  Centralized control often inhibits innovation and invites abuse of power. Decentralized networks and systems distribute responsibility and reduce single points of failure (Raymond, 1999).
+
+- **4. Hackers should be judged by their skills, not bogus criteria such as degrees, age, race, or position**  
+  A meritocratic ethos governs hacker communities—contributions and abilities matter more than credentials. Online platforms like GitHub and Stack Overflow reward reputation through meaningful participation.
+
+- **5. You can create art and beauty on a computer**  
+  Hackers see code as a form of expression. Elegant solutions, efficient algorithms, and digital creativity all reflect this aesthetic philosophy (Levy, 1984).
+
+- **6. Computers can change your life for the better**  
+  Technology is a tool for empowerment—whether through social connection, civic engagement, or personal creativity. Ethical hackers use this potential to improve systems, reveal flaws, and build more resilient infrastructure.
+
+---
+
+### Contemporary Ethical Dilemmas
+
+Despite a strong ethical foundation, real-world scenarios often involve **complex moral ambiguities**. Ethical hackers must navigate difficult choices, balancing principles with practical risks.
+
+| Category     | Intent           | Typical Actions             | Ethical Dilemmas                        |
+|--------------|------------------|------------------------------|-----------------------------------------|
+| White Hat    | Improve security | Authorized testing, reporting | Disclosure challenges, privacy concerns |
+| Grey Hat     | Mixed/ambiguous  | Unsolicited testing           | Legality, intent, lack of compensation  |
+| Black Hat    | Personal gain    | Exploitation, theft           | Criminal activity, ethical violations   |
+
+#### 1. Responsibility When Discovering Vulnerabilities
+
+Should a vulnerability be publicly disclosed, privately reported, or kept secret?
+
+- **Responsible disclosure** is widely supported in the cybersecurity community. It involves notifying the affected party and giving them time to patch the issue before making it public (Householder et al., 2020).
+- However, delays or lack of action from vendors can motivate public disclosure as a form of pressure.
+
+#### 2. Balancing Privacy and Security
+
+Where is the line between **protective surveillance** and **invasive spying**?
+
+- Governments and corporations may justify surveillance for national security or service optimization, but such practices can violate individual rights (Zuboff, 2019).
+- Ethical hackers often advocate for **privacy-preserving technologies** (like encryption) and **transparent oversight** of surveillance systems (Acquisti et al., 2015).
+
+#### 3. Gray Hat Activities
+
+What if breaking into a system leads to a good outcome?
+
+- **Gray hats** may access systems without permission but without malicious intent, often reporting the vulnerabilities they find.
+- Although these actions can improve security, they technically violate laws like the CFAA (Computer Fraud and Abuse Act), raising ethical and legal tensions (Denning et al., 2014).
+
+---
+
+### Conclusion
+
+Hacker ethics are not just about *what* hackers do, but *how* and *why* they do it. Grounded in curiosity, creativity, and social responsibility, these principles help distinguish ethical hackers from malicious actors. Yet the ethical landscape is dynamic, and navigating dilemmas requires continuous reflection, community dialogue, and legal awareness.
+
+---
+
+### Resources
+
+- Levy, S. (1984). *Hackers: Heroes of the Computer Revolution*  
+- Himanen, P. (2001). *The Hacker Ethic and the Spirit of the Information Age*  
+- Raymond, E. S. (1999). *The Cathedral and the Bazaar*  
+- Householder et al. (2020) *Coordinated vulnerability disclosure*
+- Acquisti et al. (2015) *Economics of privacy*  
+- Denning et al. (2014) *Ethical analysis of hacking*

Curriculum/Module 01 - Ethics and Legal/slides/Module_01_Slides_Ethics.typ

@@ -7,58 +7,146 @@
 
 #set text(font: "Noto Sans Mono", weight: "regular", size: 20pt)
 #show math.equation: set text(font: "Fira Math")
-#set strong(delta: 100)
-#set par(justify: true)
 
 #title-slide(
   title: [Module 01: Ethics],
-  subtitle: [Hacker Ethics - Guiding Principles in IT Security],
+  subtitle: [Hacker Ethics – Guiding Principles in IT Security],
 )
 
-#slide(title: "What is Hacker Ethics")[
-A framework for:
+#slide(title: "Outline")[
+  #metropolis-outline
+]
+
+#new-section-slide("Introduction to Hacker Ethics")
 
+#slide(title: "Definition")[
+  #defbox(
+    title: [Hacker Ethics],
+    [
+      *Hacker ethics* are moral values shaping how individuals in the cybersecurity community act.
 
-- Ethical hacking
+      They emphasize:
 
+      - Curiosity, creativity, and freedom of information
+      - Responsible behavior in the digital world
+      - A tradition originating in the 1960s/70s, codified by Steven Levy (1984)
 
-- Decision-making in IT security
+      *Not about crime—about exploration and improving systems.*
+    ],
+  )
+]
 
+#new-section-slide("Core Principles")
 
-*Emphasizes integrity, information sharing, and non-malicious intent.*
+#slide(title: "Core Principles – Part 1")[
+  1. *Information should be free*
+    
+    Open knowledge promotes innovation and transparency.
 
-]
+  2. *Unlimited access to learning tools*
+    
+    Hands-on exploration (*tinkering*) fosters understanding.
 
-#slide(title: "Key Principles")[
-1. *Free Information:* Knowledge as a universal good.
+  3. *Mistrust authority – promote decentralization*
+    
+    Power should be distributed, not centralized.
 
+  #alert("Inspired by hacker subcultures at MIT and beyond.")
+]
+
+#slide(title: "Core Principles – Part 2")[
+  4. *Judge by skill, not status*
+    
+    Merit over formal credentials.
 
-2. *Open Access:* Encourage exploration.
+  5. *Code as art*
+    
+    Beauty in elegant solutions and creative hacks.
 
+  6. *Computers can improve lives*
+    
+    #alert("Ethical use of tech to empower people and fix broken systems.")
+]
 
-3. *Decentralization:* Avoid single points of failure.
+#new-section-slide("Ethical Dilemmas")
+
+#slide(title: "Ethical Dilemmas Overview")[
+  #set table(
+    stroke: none,
+    gutter: 0.2em,
+    fill: (x, y) => if x == 0 or y == 0 {
+      gray
+    },
+    inset: (right: 1.5em),
+  )
+  #table(
+    columns: 3,
+    align: (left, left, left),
+    [*Category*], [*Intent*], [*Typical Actions*],
+    [White Hat], [Improve security], [Authorized testing, reporting],
+    [Grey Hat], [Ambiguous], [Unsolicited testing],
+    [Black Hat], [Personal gain], [Exploitation, theft],
+  )
+
+  #alert("Ethics are shaped not just by actions—but also by intent and context.")
+]
 
+#slide(title: "Dilemma 1: Vulnerability Disclosure")[
+  *What should you do when you find a vulnerability?*
 
-4. *Meritocracy:* Skills over titles.
+  - *Responsible disclosure:* Notify vendors, give time to fix
+  - *Full disclosure:* Go public to pressure action
+  - *Non-disclosure:* Risky but sometimes done
 
+  #alert("⟶ Community norms favor responsible, coordinated disclosure.")
 ]
 
-#slide(title: "Creativity and Impact")[
-- *Artistic Expression:* Creativity through technology.
+#slide(title: "Dilemma 2: Privacy vs. Security")[
+  *How do we balance protection and freedom?*
 
+  - Surveillance can prevent threats—but may violate privacy
+  - Ethical hackers support:
 
-- *Positive Change:* Technology as a catalyst for improvement.
+    - Privacy-preserving tech (e.g., encryption)
+    - Transparent oversight and accountability
 
+  #alert("“Security” is not an excuse to erase rights.")
 ]
 
-#slide(title: "Ethical Dilemmas")[
-1. *Vulnerability Disclosure:* Immediate, notify, or private?
+#slide(title: "Dilemma 3: Gray Hat Behavior")[
+  **Is it okay to break rules for a good cause?**
 
+  - Access without permission—then report flaws
+  - Intention is good, but legality is unclear
+  - Laws like the CFAA make this a risky path
 
-2. *Privacy vs. Security:* Balancing individual rights.
+  #alert("⚠️ Even good intentions can lead to legal consequences.")
+]
+
+#new-section-slide("Conclusion")
+
+#slide(title: "Conclusion")[
+  Hacker ethics are about #alert("how") and #alert("why") we hack.
+
+  They call for:
 
+  - Curiosity, creativity, and responsibility
+  - Openness and meritocracy
+  - Continuous reflection and legal awareness
 
-3. *Gray Hat Activities:* Navigating ethical boundaries.
+  #alert("Ethical hacking is about building a better, safer digital world.")
+]
 
+#slide(title: "Further Reading")[
+  - *Hackers* – Steven Levy (1984)
+  - *The Hacker Ethic* – Pekka Himanen (2001)
+  - *The Cathedral and the Bazaar* – Eric S. Raymond (1999)
+  - *Coordinated Vulnerability Disclosure* – Householder et al. (2020)
+  - *Economics of Privacy* – Acquisti et al. (2015)
+  - *Ethical Analysis of Hacking* – Denning et al. (2014)
 ]
 
+#title-slide(
+  title: [Module 01: Ethics],
+  subtitle: [Hacker Ethics – Guiding Principles in IT Security],
+)