farber@linc.cis.upenn.edu (David Farber) (01/16/90)
I thought this group should see the two resolutions that have come out of BITNET/CSNET and the NSF DNCRI DAP on the ethical implications of the worm. Dave BITNET/CSNET The network worm (sometimes called virus) affair raises issues that are very important to our field. Both the BITNET Board of Trustees and the CSNET Executive Committee have been struck by the fact that many public comments on the event have contained statements such as, "We learned from it," "We will make sure technically it will not happen again," or "He did us a favor by showing...," unaccompanied by expressions of ethical concern. We have succeeded as a profession technically in creating facilities -- the BITNET, CSNET and other components of the national research network -- which are now critical to the conduct of science and engineering in our nation's academic, industrial, and government research laboratories. Further, this technology has spread within our nation's commercial research and development organizations and even into their manufacturing and marketing. Just as medical malpractice can have a serious effect on an individual's health, one of the costs of our success is that we are now in a position where misuse of our national and private computer networks can have as serious an effect on the nation's economic, defense, and social health. Yet while almost every medical college has at least one course on medical ethics and insists on the observance of ethical guidelines during practice, computer scientists seem to avoid such non-scientific issues. The worm "experiment" caused a major disruption in the research community. Among other points of attack, the worm exploited a trapdoor that had been distributed as a software "feature". Many hours of talent were wasted finding and curing the problems raised by this "game". Many additional hours were lost when researchers were unable to access supercomputers and mail systems due to system overload and network shutdown. We condemn the perpetration of such "experiments", "games", or "features" by workers in our field, be they students, faculty, researchers or providers. We are especially worried about widespread tendencies to justify, ignore, or perpetuate such breaches. We must behave as do our fellow scientists who have organized around comparable issues to enforce strong ethical practices in the conduct of experiments. We propose to join with the relevant professional societies and the national research networks to form a Joint Ethics Committee charged with examining existing statements of professional ethics and modifying them as necessary in order to create a strong statement of networking ethics and recommendations for appropriate enforcement procedures. DNCRI-DAP The DAP of the NSF DNCRI passed the following resolutions in its bi-annual meeting last week. 1. The DAP unanimously supports the statement of BITNET/CSNET on the breach of ethics implied by the Worm. 2. The DAP unanimously endorsed the following statement. Ethical Network Use Statement The Division Advisory Panel of the National Science Foundation Division of Networking and Communications Research and Infrastructure deplores lapses of ethical behavior which cause disruption to our national network resources. Industry, government and academia have established computer networks in support of research and scholarship. Recent events have accentuated the importance of establishing community standards for the ethical use of networks. In this regard, the DNCRI DAP defines as unethical any activity which purposefully, or through negligence: a) disrupts the intended use of the networks b) wastes resources though such actions (people, bandwidth or computer) c) destroys the integrity of computer-based information d) compromises the privacy of users e) consumes unplanned resources for control and eradication We encourage organizations managing and operating networks to adopt and publicize policies and standards for ethical behavior. We also encourage these organizations to adopt administrative procedures to enforce appropriate disciplinary responses to violations and to work with appropriate bodies on drafting legislation in this area. David Farber Chair, DNCRI DAP David Farber; Prof. of CIS and EE, U of Penn, Philadelphia, PA 19104-6389 Tele: 215-898-9508(off); 215-274-8292 (home); FAX: 215-898-0587; Cellular: 302-740- 1198 "The fundamental principle of science, the definition almost, is this: the sole test of the validity of any idea is experiment." -- R. P. Feynman