An online poll* of 233 computer users, undertaken by IT security
and control firm Sophos, shows that the majority of people surveyed
disagree that it is acceptable to infect and hack into a PC if it
is believed it may belong to a child abuser.
The poll followed last week's news that 66-year-old American
judge, Ronald C Kline, has been convicted for
possessing child pornography on the basis of evidence obtained by a
hacker.
The survey reveals that 64 percent of computer users do not
believe it is ever right to illegally infect or hack into a PC,
even if its owner is suspected to be a child abuser.
"Having a 'hunch' that someone might be involved in child abuse
isn't a justifiable reason to infect and hack into their PC -
that's what most people we surveyed have told us loud and clear,"
said Graham
Cluley, senior technology consultant for Sophos. "Two wrongs
don't make a right, and hackers should not take the law into their
own hands. Instead of acting alone, anyone with a strong reason or
evidence to suspect someone of illegal activity should notify the
authorities immediately and let the investigation run its proper
course."
Survey results
Is it okay to illegally infect and hack into a
PC if you think it might belong to a child abuser?
|
| Yes, it is okay |
|
|
| No, it is not
okay |
|
|
* Source: Sophos online poll, 233 respondents,
February 2007.
In 1999, Canadian hacker Brad Willman planted a Trojan horse,
disguised as images of child abuse, on an internet newsgroup
visited by pedophiles. The hacker (who used the handle Omni-Potent)
broke into the PCs of those he infected, focusing on those he
suspected of being involved in child abuse. One of the PCs targeted
by Willman belonged to Kline, a former Californian judge.
"Not only is vigilante hacking illegal, it can seriously
compromise a police investigation. For instance, suspects could
argue that as they have been hacked it could have been the hacker
who actually placed the illegal material on their PC," continued
Cluley. "Authorities investigating potential suspects may even fall
victim to cyberattacks themselves as they download evidence from
sites such as the one targeted by Willman."
Many respondents also sent comments to Sophos in reaction to the
survey. Here is a small selection:
"I think this is quite straight forward. If there is enough
evidence to justify your suspicion in the first place, then there
is enough evidence for a warrant to seize the computer. Otherwise
we will get to the point where I could be accused of illegal
hacking and I reply, but he just looked like a pedophile to
me."
"I agree that people need to be caught if they are doing
something illegal. But I don't agree with law enforcement or the
government having the right to break laws to catch people."
"Although I believe that it is not right for a member of the
general public to infect and hack into someone else's computer if
it might be used for child abuse (or, indeed, for any other
nefarious activities), I do believe that these sorts of tools
should be available to the authorities if they have just cause in
an ongoing investigation."
"This was a clear case of vigilantism. The suspicion should have
been reported to the proper civil authorities who could obtain a
warrent to monitor properly. While the crime was reprehensible two
wrongs do not make a right but rather often take away a rite. The
hacker should be working with the civil authorities to share his
expertise in training and legally stopping these crimes. Was
anything done to locate these children and the person or person
responsible for making these obscene materials?"
"I do not think the question is worded to avoid a skewed
response. You are asking a simple question not well worded to
answer a complex problem. Is it okay to illegally infect and hack
into a PC if you think it might belong to a child abuser? The
question implies that you only need to think that the person is a
pedophile. This does not consider WHY you think that the person is
a pedophile. What would any parent say to this formation of the
question? 'Is it OK to use illegal means to protect your own
child?'"
"Dangerous to start allowing some people to hack and others to
not. At what point do we say you can hack you cannot. Where does it
stop. On the other hand those who break the law survive of such
arguments and loopholes in the law. In such serious cases as
pedophiles then I think we should allow the police to hack our
computers as long as they have a search warrant from the judiciary.
Personally I have nothing to hide on my PCs so I do not really care
if they hack in... as long as there is no malicious intent. How do
we control that? Hence there needing to be controls over those who
hack."
"It is the rule of law that protects us ultimately, and any end
run around the rule of law endangers us more than the spurious
protections we believe that we obtain. No! Emphatically no to
illegally hacking anyone's computer for any reason, including
protection of children, or even national security. We need to
answer: do we want to become a police state or an anarchic society
of vigilantes?"
Disclaimer: Please bear in mind that this poll is
not scientific and is provided for information purposes only. The
comments expressed on this page are those of a subsection of poll
participants, and not necessarily those of Sophos. Sophos makes no
guarantees about the accuracy of the results other than that they
reflect the choices of the users who participated. Sophos reserves
the right to edit participants' comments for the purposes of
clarity, brevity and decency. Sophos reserves the right not to
publish the comments of all participants.
