-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jay D. Dyson writes: >Such a practice strikes me as teleologically ethical[-]. A system >is being abused and we recipient systems are paying the canonical price >for it. And since we bear the cost of someone else's irresponsibility, we >have both the right and the responsibility to pick up the slack created by >the other party so that other systems do not receive the same net.abuse >ours have. I don't see how any of this follows necessarily. Let's break your comments down into individual contentions: 1) If a system is sending spam, recipient systems are being done some wrong 2) Those having such a wrong done to them are given: a) The right to react; and b) The obligation to react 3) Such a reaction involves (for example) scanning the system sending the spam A case could certainly be made for all of these points. I think it is also true that a case could be made -against- any of these points, and no general consensus exists on any of them, with the -possible- exception of the first. Further, framing this rationale as an assertion of teleological ethicality suggests that in addition to making the case for the propositions outlined above, you can make a case that the result (i.e., reciprocal scanning of spam relays) can be construed as somehow maximising the general good. This latter is a particularly tricky notion, and is after all at the heart of the -bulk- of professional ethics. So I'm not sure how identifying that you're attempting to make an evaluation in terms of teleological ethics adds any weight to the argument. In other words, you're saying that reciprocal scanning aids the general good. But that's a claim that could be made (and frequently is) for virtually -any- action whose ostensible goal is to right some wrong. Merely saying that's what you're doing (or attempting to do) doesn't mean that's what you're doing. More on this in a bit. >The only thing that would color such a practice as even remotely >unethical would be later utilization of such findings for the purpose of >further spamming or other nefarious conduct. I really can't see it. If anything, I think the _prima facie_ case is the other way around: We generally acknowledge that scanning systems without the owner's permission is wrong; and we generally acknowledge that ethical practise of a profession involves not intentionally doing what the practicioner knows to be wrong. Further, I'd say that we generally subscribe to the idea that if we are done a wrong, this does not justify our doing a wrong to the one who wronged us (contradicting what you contend in item 2 above). Again, I'm not suggesting that it -isn't- ethical. I just think that it certainly isn't clear that it -is- ethical, as you appear to be suggesting. And, all other things being equal, I tend to think that professional ethical behaviour should be construed fairly narrowly. In other words, if you have to spend more than a couple minutes explaining why something really is ethical, it probably isn't. Returning to my earlier `Mafia' example: If some guy in an expensive suit shows up right after you scan the Corleone's network, you -don't- want to have to explain to the guy in the suit who shows up on your doorstep why it was really okay because their MTA was an open relay. - -spb - ----- - - Dereferencing pointer to invalid footnote. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (OpenBSD) iD8DBQE+FKpGG3kIaxeRZl8RAlVVAKClYMMZX5um8W80qD9ru8JbJ+LDjgCg88Qf +BnV7bfGscChcuU0cUs46yU= =T51T -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:47:06 PST