Folder: ethics
File: ethics/scenario1.pdf
Follow the partner policy.
This assignment involves a computer security scenario with potential ethical implications. Your job is to analyze the ethics of the scenario.
You have discovered a bug in the InstaToonz music-sharing app. This bug is a nasty one that would allow an attacker to read the contents of all the private InstaToonz direct messages for anyone who has ever posted a public InstaToonz message. This bug threatens the privacy of hundreds of millions of InstaToonz users.
You want to report this bug to InstaToonz, Inc. to protect their customers, but you know that the last time somebody reported a security bug to them privately, InstaToonz sued the bug-reporter in North Carolina and also called in the FBI, causing the person significant hassle and expense. The case was briefly a cause célèbre in the tech world, with calls for boycotts and state and Congressional action. Eventually, after a fair amount of sabre-rattling, InstaToonz dropped the suit. But at the same time, they released a statement articulating their belief that all security researchers (which InstaToonz always put inside scare quotes) are engaging in attempted thievery of trade secrets. After a brief investigation upon being first contacted by InstaToonz, the FBI declined to pursue the matter further. InstaToonz has refused all demands that they establish a bug bounty program.
The goal of this assignment is to get you to think seriously about the ethics of a tricky situation. To give some structure to your analysis, I'd like you to organize your report around the following questions.
This particular scenario has an interesting legal twist if it happens in the US. So make sure to include in your discussion of items A-F these two possible options:
Keep your write-up concise but detailed. At a rough guess, I'd expect your write-up to take 2-4 pages.