Targeting the innocent: Active defense and the moral immunity of innocent persons from aggression
| Published date | 29 February 2004 |
| DOI | https://doi.org/10.1108/14779960480000241 |
| Date | 29 February 2004 |
| Pages | 31-40 |
| Author | Kenneth Einar Himma |
| Subject Matter | Information & knowledge management |
Targeting the Innocent: Active Defense and the Moral
Immunity of Innocent Persons from Aggression
Victims of hacker attacks are increasingly
adopting “active defense” against Internet-
based attacks. Instead of adopting purely
defensive measures, many victims are opt-
ing for active countermeasures no less
aggressive than the attacks themselves. For
example, victims of denial of service (DoS)
attacks sometimes respond by redirecting
incoming packets back to their sources
instead of by dropping the packets at the
router. The intent is to stop the attack by
overloading the network from which it is
staged.
Active defense can impact the rights of
innocent persons in a variety of ways. For
example, redirecting incoming packets
from a distributed denial of service (DDoS)
attack back to the immediate sources can
overload their networks, harming not only
innocent persons who do not know their
machines were used to stage the attack but
also other innocent persons on the net-
works whose machines have not figured
into the attacks at all. Indeed, even purely
exploratory tracebacks must usually pass
through innocent machines to identify the
culpable source of an attack.
In this paper, I consider the question of
whether it is ethically permissible for pri-
vate persons or entities (as opposed to gov-
Info, Comm & Ethics in Society (2004) 2: 31–40
©2004 Troubador Publishing Ltd.
KKEEYYWWOORRDDSS
Active defense
Hacking back
Rights of
Innocent
persons
Hackers
Aggression
Kenneth Einar Himma
Department of Philosophy, The Information School and The Law School,
University of Washington, Seattle, WA, USA
Email: himma@u.washington.edu
CCOOVVEERRAAGGEE
Private persons and entities are increasingly adopting aggressive “active defense” measures (i.e., “hack
back”) against Internet-based attacks that can infringe the rights of innocent persons. In this paper, I argue
that aggressive active defense cannot be justified by the Necessity Principle, which defines a moral liber-
ty to infringe the right of an innocent person if necessary to achieve a significantly greater moral good. It
is a necessary condition for justifiably acting under an ethical principle that we have adequate reason to
believe its application-conditions are satisfied. Since, absent special knowledge, the victim of a hacker
attack will not be able to reliably predict the direct or indirect consequences of aggressive countermea-
sures, she lacks adequate reason to think that those measures will achieve a good that significantly out-
weighs the evil that is done to innocent parties.
ABSTRACT
To continue reading
Request your trial