DistOS-2011W Justice: Difference between revisions
Mike Preston (talk | contribs) No edit summary |
Mike Preston (talk | contribs) |
||
Line 67: | Line 67: | ||
====Purpose of Justice:==== | ====Purpose of Justice:==== | ||
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article. | John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article. | ||
====Morality==== | ====Morality==== |
Revision as of 19:10, 15 March 2011
Members
- Matthew Chou
- Mike Preston
- Thomas McMahon
- David Barrera
Note: research so far moved to Discussion section.
Abstract
The goal of this article is to investigate the feasibility of implementing a system of justice on a distributed computing environment. Although directly applying human concepts related to justice, for example intent, is not possible in the realm of computers, we can use these concepts to construct a justice system that helps maintain the stability and efficiency of the distributed environment. To provide this functionality, the justice system requires a reporting mechanism as well as a mechanism for guaranteed attribution of transactions such that members of the distributed society can flag deviant behaviour and proper punishment may be exacted based on collected evidence.
This article is divided into two main sections; the first is a discussion on theories of human justice and how concepts from the human example may be used within the scope of computers. The second section describes the components necessary to create a justice system for a distributed computing society and how these components would be used in four deviant acts; comment spam, unauthorized access, denial of service, and phishing attacks.
Can Justice be Implemented on a Distributed Computing System: Discussion
What is Justice?
To understand how justice can be incorporated into a distributed computer system it is critical to understand what justice is. In this section we discuss key concepts related to justice and provide some thoughts on how human justice theory can be related to justice in terms of computing.
Theory of Justice
For our purposes, we will discuss justice as it relates to punishment. From a philosophical point of view, there are 3 main categories of punishment; Teleologic, Retributive, and Teleologic Retributive. [3]
Teleologic:
The teleologic view of punishment is that any punishment should always be accompanied by some beneficial effect. Even though the act of punishing someone may itself be considered “evil”, the overall punishment will be considered “good” if it provides some form of social benefit to the society. For example, if a criminal is punished for a crime and this punishment serves to dissuade potential criminals from committing future crimes, then the overall social value of the punishment is positive.[3]
Punishment from this perspective provides a good model for computer systems as any criminal act will be handled such that punishment is beneficial for the system. A simple example of such a transaction can be visualized through the management of bandwidth. If there is a particular computer who is deemed to be a criminal bandwidth hog, using more resources than it is allowed, the perpetrator’s network connection may be throttled. This punishment would correct the deviant computer while free the resources for other computers in the system to utilize.
Retributive:
Retributive punishment is defined by the belief that punishment itself is either just or intrinsically valuable even if there is social benefit to the punishment. This view is probably best characterised by the phrase “eye for an eye”. Essentially punishment is dispensed because it is necessary to inflict harm on those who do bad things but society may not get any benefit from the punishment.[3] The point of view of retributive punishment is that it is better to punish someone who commits a crime regardless of the severity of the punishment.[2]
It is also important to discuss retributive punishment in comparison to retaliation. Although they both incorporate the concept punishment as a just, and necessary, act, they have very different goals. Retribution focuses on the wrongdoing of the criminal whereas retaliation is based on the right of the victim to seek punishment. Retaliation is based on the concept of deterrence; if you are convicted of a crime then someone will get to exact revenge and thus you will pay a price. Retribution requires a criminal to pay a price for the crime committed and thus he should internalize how the crime has a negative effect on society. [1]
Although the necessity of punishment is certainly true, it is hard to see a situation where truly retributive punishment is beneficial for a computer system. Since computers on a distributed system are sharing finite resources, inflicting punishment on criminal computers, without considering the benefit/harm to the society, may result in further negative effects on the system. If a crime has been committed, the effects of that crime have already had an effect on the computing system. Punishing the perpetrator of the criminal act will not reverse the effect of the act, and it may adversely affect the system.
For example, suppose a computer is caught conducting spam attacks on other computers and the punishment for this act is to remove the computer from the network. It may be the case that the criminal computer had previously provided a very efficient connection to some data set but now there is no way to communicate with this computer. As a result, members of the remaining network must use a less efficient connection to reach the same data, thus the punishment had a negative effect on the system.
Teleologic Retributive:
This third view of punishment combines the concept of the need to punish within the limits of what is considered reasonable punishment for the crime. From this perspective, punishment is necessary and provides a valuable service to society but it is only enforced within acceptable limits.
To illustrate this view of punishment, consider the spam attack example from the retributive section above. If the punishment is reduced from being removed from the network to simply blocking a specific type of communication originating from the criminal computer, then it would be considered a teleological retributive punishment. This new punishment would match the severity of the crime but also still allows the other computers on the network to utilize the efficient network path through the criminal computer.
Structure of Punishment
To maintain a stable and efficient distributed system, punishment requires structure, or more accurately, there needs to be some power imbalance designed within the system such that some computers can hand out punishments upon other, criminal computers. Here we will briefly discuss a few methods which may be used to implement a penal system into a society.
Sovereign Rule:
In the 1600s, Thomas Hobbes wrote a dissertation on how government and society should be structured. Within this work Hobbes discusses how punishment should be handled by a sovereign ruler. In this system, there is a known set of laws which originate from a single entity which exists above the law. This sovereign ruler is the highest authority of the law, but he may assign lesser judges who may carry out punishment in accordance to the laws.[4]
In this system, breaking the law is never excusable as the law is known to all members of the society. The exception to this are any members of society that are without reason, for example “children and madmen”. Punishment is a necessary evil and the sovereign has the right to punish any criminal in order to protect the “commonwealth”. The sovereign can even order other subjects to punish criminals but he may not order a criminal to punish himself as this violates the law of self preservation. To balance the system the sovereign may also reward individuals and thus the balance of punishment and reward are the “nerves and joints which move the limbs of a commonwealth.”[4]
Essentially, sovereign rule is one overall leader of justice who determines what is right and wrong in order to best serve the needs of a system.
Corporal Punishment. Economic Punishment, and Prison:
Human punishment commonly falls into three overlapping categories; corporal punishment, economic punishment, and prison. Corporal punishment involves inflicting pain or possibly disfiguring a criminal in response to the crime committed. The main idea is that the criminal should serve as a demonstration of the terrible things that befall those who break the law. Furthermore, any criminal who is disfigured must live with a visual reminder of the act they committed, thus imparting shame upon the perpetrator and allowing others in society to form a conceptual model of the type of person that individual is.[5]
Economic punishment is forcing a criminal to pay a fine for the act committed. The main idea is to make criminals internalize the social costs of the crime they committed. The penalty fine imposed upon the criminal may not be equal to the social cost of the crime committed but it should cause the criminal the same amount of distress as the crime that was committed. [1] Prison is a modern method of punishment by which criminals are forced to exist under the watch of professionals and it is up to the discretion of the professionals as to when the punishment is complete. For example, it is up to lawyers, judges, psychologists and prison guards determine when a criminal’s prison sentence has ended.[5]
These three methods are not mutually exclusive as commonly criminals may be asked to pay a penalty fine as well as serve a prison sentence; however they all serve different purposes. All three punishment types serve as a deterrent to future criminals but each method has a different active agent; corporal punishment uses shame, economic punishment uses monetary handicapping, and prison focuses on reducing personal freedoms. These three concepts may be very useful to a distributed computer justice system.
Addition Concepts Related to Justice
Purpose of Justice:
John Rawls provides a definition of the purpose of justice as providing two primary functions; first, justice assigns rights and duties for the basic institutions of society, and second, justice describes the best way to distribute the benefits and burdens of society. [1] Essentially justice must ensure that a society is able to operate efficiently and with sufficient stability. This view fits well within the scope of justice for a distributed computing system as there are very clear roles which can be assigned and there are finite resources which can be used to manage the “benefits and burdens” of society. These roles will be further discussed later in this article.
Morality
For a system of justice to be effective, a known moral code must exist within the society. Friedrich Nietzsche provides one interpretation of morality based on social position which is divided into two categories; “master-morality” and “slave-morality”. Master-morality is split based on good vs. bad, for example, good would be things like wealth, strength, health, and power, while bad is associated terms like poor, weak, sick, and pathetic. Slave-morality, on the other hand, is based on good vs. evil, for example, good would be terms like charity, piety, restraint, meekness, submission, while evil terms are worldly, cruel, selfish, wealthy, and aggressive.[6]
Although some of these terms make no sense in the realm of computers, others certainly could work as a basis for computer morality. For example, if there were measure of strength, health, wealth based on network and data concepts like bandwidth, latency, data integrity, etc. than certain computers could be more "good" than others. Similarly, if computers were acting selfishly, cruelly or aggressively (say DoS or spam attacks) then those computers would be considered as morally "bad". Based on these moral evaluations, computers could have relationships created or destroyed. Moreover, relationship parameters could be given to computers so that if you don't care how something gets accomplished (whether it is morally good or not) then you could tell your computer to allow less moral interactions to occur.
If morality was introduced to a distributed computer system that already has a reliable reputation mechanism, then all computers would be able to know how other computers behave "socially”. This would further allow punishment methods based on shame, to be exacted based on how "bad" a computer’s moral code is. An offending would then have to rebuild a positive moral reputation before it could participate in more trusted social interactions.
Justice Involving Computers
How Justice applies to the realm of computers. This includes how a computer can be exposed to Justice vs. how the user would be involved in the Justice applied.
The existence of justice is created by an act of harm or negative affect which was caused by some entity or group whom is now being sought out to be punished by the affected party. Whether the punishment to take place is teleological or retributive, the causing factor is the crime that has taken place. Before discussing about how justice can be applied to computers, it is important to understand the steps towards dealing justice to a human.
Path to Justice for Humans
Mens Rea - state of the mind
It is said that a crime consists of two elements, the actus reus, and the mens rea. The actus reus defines the action of the crime, and the mens rea defines the mental state. The mental state of a person is highly regarded as being relevant to the punishment of crimes and the Model Penal Code (“MPC”) is used to categorize the mens rea into four levels: purposely, knowingly, recklessly, and negligently. These levels rank from being the highest is acting upon a crime on purpose, and the lowest is being part of a crime negligently. An example of such a case would be when one distinguishes between whether a car hitting someone had been done intentionally, or by accident.[7]
Computer Fraud and Abuse Act
The digital age has brought on many new kinds of crimes on the Internet in computers. An example of preventative measures for these crimes was created in 1984 by the United States of America’s congress called the Computer Fraud and Abuse Act(“CFAA”). This criminal statute was built under the ideas of mens rea, and the MPC. After being first implemented, there has had to be many changes to it because of unspecific instances of how different crimes were categorized based on the mens rea. The change between “knowingly” and “intentionally” doing an act would change in degrees of punishment as well as accessing a system and damaging a system had to be more specified over time.[8]
One well know case is of Robert Tappan Morris, who was a 1st year graduate student in Cornell University who attempted to demonstrate the inadequacies of current security measures on the computer networks(INTERNET) by releasing a worm virus. The virus had propagated faster than he had intended and attempted to release the instructions on how to kill the worm, but it had been too late, and many computers across the INTERNET had been affected. The government had to try and prove that it was his intent to access unauthorized computers, which he did, and they also tried to prove that it was his intent to damage the machines, but at that point damaging machines had no category in mens rea.[9]
General Deterrence Theory (GDT)
In order to prevent some outcome from happening, there must be measures that have to be put into place to deter such an outcome. The idea of preventative measures is a common theme in management of crime and justice. Dating back to the days of when there was a king of Babylon named Hammurabi(1795-1750BC) who was well known for his code of laws. He had erected a black stone monument which could be viewed by the public. This stone monument had written upon it the laws that should be followed by man and society that were under his rule, including punishments that fit the crimes. This stone’s purpose was firstly to state what laws were to be followed, and secondly, by stating the laws and its consequences for not following, it was a sign of deterrence to whom might have done such things.[10] Deterrence has become a common idea when it comes to opposing forces/powers, as it was the basis behind the Cold War, one country building more weapons to deter the other from attacking, and the other way around too. [11] The GDT used in relation to cyber crimes mainly focuses on making rational decisions based on maximizing their benefits and minimizing the costs.
( might be some more to write about here in this paper http://jrc.sagepub.com.proxy.library.carleton.ca/content/30/4/445.full.pdf+html) (more GDT And notes http://www.emeraldinsight.com/journals.htm?articleid=862814&show=abstract)
Once the intent has been made and the actus reus is in place, the outcome that we are describing would be of the negative nature, where someone has now been maliciously attacked and is seeking out justice. In terms of computers, there are many human factors which limits our theme of justice in relation to computers.
Applying justice to computers
The first issue arises from the discussion of the mens rea. Some might say that the computer executes commands that is inputted by the user, so this would mean that everything that the computer does, must be on purpose, because it is just following instructions. This may be true except in the following case that an error has occurred in the system, or a bit has gone missing and the address to which sensitive information was to be sent has now been sent to an incorrect address. If this error created many losses to some entity, would the user be blamed for this error or would the computer be blamed for negligently sending to the wrong address? This type of situation seems similar to how humans may be charged for killing someone, the difference between murder and manslaughter is the intent.[12] With the current structure of how computers are set up, it is difficult to map a mens rea scheme to it’s inner workings. (*perhaps if the computer was running some genetic programming to create a program which it deemed good, and then intentionally used it, then that intent to use differs from it continually creating new programs until it decides one is suitable)
Assuming that the state of mind of a computer has been decided, the next thing to consider would be how would one prevent a computer from doing malicious actions. Attempting to follow in the footsteps of the general deterrence theory, we would try to instill some sort of fear of consequences/shame that would come from causing malicious actions. The problem with this approach to justice is difficult because of the idea that computers do not have feelings, and doing any kind of work such as word processing to a denial of service attack would be equal in aspects to what it prefers to do. Deterring possible criminals only works if they are afraid of the consequences and can not accept the ratio of profit over penalty that they will procure from a malicious act. If a punishment for a computer was to execute many functions for a long period of time, the computer itself would not care any less if it were doing those functions or standing by idle. However, for the human that might force it’s computer to do such malicious actions may be deterred from doing so because of the consequences that might follow from the law, or the possible performance drop from his own computer. The penalties set in place are currently only going to affect a human, whether it be sentenced to jail or confiscation of the physical computer, the human aspect of the problem will be removed from the computer element. Had it been that the computer itself was the only one punished for such malicious actions, then it would not prevent further malicious actions from occurring on a computer network by the human user using another computer terminal.[13]
Since a distributed system would want to one day grow to a global scale, the laws and punishments can not be enforced in a legal sense because of jurisdiction issues, therefore, the implementation of a new system must be done so that computers on the system will be deterred from malicious actions. Implementing a morality system that has every node on the system with their personal morality rating will allow for nodes to communicate with other nodes based on how low or high the rating is. From lowering in morality because of malicious actions and raising it by being more helpful to the system will allow for computers to "care" for who they are communicating with, and to also feel shame for when their morality is so low that they can barely communicate with others.(Lowest level might equal to expulsion) Based on this simulated feeling of care and shame will possible allow for a justice system to be implemented onto computers.
(* talk about conclusion of how there is a partial solution using a morality counter between nodes, and check out http://www.witsa.org/papers/McConnell-cybercrime.pdf also)
Possible Implementation
Crime and Punishment
A broad description of possible crimes committed within the scope of the class, and punishments for those within the system and attackers from without.
Resources
[1] Posner, Richard A., Retirbution and Related Concepts of Punishment, The Journal of Legal Studies Vol. 9 No. 1, University of Chicago Press, 1980. PDF
[2] Rawls, John, A Theory of Justice: Revised Edition, Harvard University Press, 2003. PDF (preview copy)
[3] Ezorsky, Gertrude, Philosophical Perspectives on Punishment, State University of New York Press, 1972. HTML (preview copy)
[4] Hobbes, Thomas, The Leviathon, first published 1651, republished by Forgotten Books, 2008. HTML
[5] Foucault, Michel, Discipline & Punish: The Birth of the Prison, Random House, New York, 1995. PDF (preview copy)
[6] Nietzsche, Friedrich, Ecce Homo & The Anarchist translated by Thomas Wayne, New York, 2004. PDF (preview copy)
[7] Haeji Hong, Hacking Through the Computer Fraud and Abuse Act, originally published in 24 U.C. DAVIS L. REV. 283 (1998), HTML (part A)
[8] Haeji Hong, Hacking Through the Computer Fraud and Abuse Act, originally published in 24 U.C. DAVIS L. REV. 283 (1998), HTML (part B)
[9] 928 F. 2d 504 - Court of Appeals, US v. Morris, 2nd Circuit 1991, HTML (case file)
[10] Charles F. Horne(1915),Claude Hermann Walter Johns, The Encyclopaedia Britannica, 11th ed 1910-, Ancient History Sourcebook:Code of Hammurabi, c. 1780 BCE, Translated by L. W. King, Paul Halsall March 1998, HTML (Internet History Sourcebook)
[11] Scott D. Sagan, Review: History, Analogy, and Deterrence Theory, The MIT Press, 1991, HTML (book link)
[12]Rollin M. Perkins, A Rationale of Mens Rea, Harvard Law Review, 1939, HTML (book link)
[13] Marquis Beccaria, Of Crimes and Punishments, Translated by: Edward D. Ingraham, Philip H. Nicklin: A. Walker, 1819, HTML (essay translation)