The Ethics of Tracing Hacker Attacks through the Machines of Innocent Persons


  • Kenneth Einar Himma



Victims of hacker attacks are increasingly responding with a variety of “active defense” measures, including “invasive tracebacks” that are intended to identify the parties responsible for the attack by tracing its path back to its original source. The use of invasive tracebacks raise ethical issues because, in most cases, they involve trespassing upon the machines of innocent owners. Sophisticated hackers attempt to conceal their identities by routing their attacks through layers of innocent agent machines and networks that are compromised without the knowledge of the owners. The use of invasive traceback technologies in such cases, then, involves an act is presumptively problematic from an ethical standpoint: intentionally entering upon the property of an innocent person without her consent constitutes a prima facie trespass. I argue that there is no ethical principle that would justify the use of invasive tracebacks by private persons or entities (as opposed to governmental persons or entities). First, I argue that invasive tracebacks cannot be justified under the Defense Principle, which allows one person to use proportional force to defend herself or other innocent persons from attacks. Second, I argue that, in ordinary cases, the use of an invasive traceback impacting innocent persons cannot be justified under the Necessity Principle, which permits the infringement of an innocent person’s rights when necessary to achieve a significantly greater good. Since these are the only applicable principles, I conclude that, in the absence of special circumstances, it is not ethically permissible for private parties and entities to implement invasive traceback technologies.




How to Cite

Einar Himma, Kenneth. 2004. “The Ethics of Tracing Hacker Attacks through the Machines of Innocent Persons”. The International Review of Information Ethics 2 (November). Edmonton, Canada.