Ipad's Security Breach

iPad Security Breach and Corporate Ethics In the course of this short essay, the author will demonstrate hacking into a Web site is almost never justifiable unless the hackers are acting with a warrant and under the direction of law enforcement agencies. We will see this applied to a real world case, in which Goatse Security and Gawker Media hacked into iPAD email records stored on an AT&T server in June of 2010. In fact this is probably the best example that can be found.

The author will also create a corporate ethics statement for a computer security firm that would allow activities like hacking only under the most extreme of circumstances. In this author's viewpoint, if hacking results at all, the perpetrator must be able to defend himself in front of a judge or the police because it is a basic violation of the sacred right of privacy.

Furthermore, this author maintains that it is important for organizations like Gawker Media to be socially responsible and we will consider (based on this incident) what factors chat chief executive officers (CEOs) should consider when responding to a security breach. Finally, the author will create an email script to be sent to AT&T customers informing them of the security breach and a plan to resolve the issue, explaining the rationale in the process.

Steven Jobs and Apple as Models The model of this type of policy is Steven Jobs and his company. In the video commentary article posted below the video interview with Steven Jobs, Richard Tate is insulting when he calls Mr. Jobs sanctimonious instead of responsible and doing the right thing. The fact that a group of hackers embarrassed him and made his company's responsible policy a laughing stock does not make him wrong. Considering that he is a spokesman for Gawker really says it all.

This upstart company seeks to profit from tech voyeurism and has the gall to thumb their nose at responsible party's who has made good faith efforts to guard their clients' privacy agaist just such stupidty (Tate, 2010, June 10). Certainly, it points to the sad lack of social responsibility amongst business and society in general with reference to the issue of privacy and the protection of private information. The onus should be upon them more than on the victim.

The voyeur, paparazzi nature of today's intrusion into our privacy has to have limits. Certainly, once our privacy is compromised, we feel personally violated. Just because a celebrity is a victim does not justify the intrusion and we need to take a stand for privacy before the wolf of compromise comes to our door.

Gawker and "Techno-Voyeurism" Tate and Gawker were quite proud of their "achievement" when they castigated AT&T which "operated the Web server with weak security controls, as Gawker first reported, that allowed security researchers and unknown others to down load email addresses and "ICC" cellular IDs for tens of thousands of iPad 3G customers, including leaders in politics, the military, the media, and finance." While Tate is correct when he observe that "customers aren't served by leaks of their private information..," he might add that the news consumers of the Fifth Estate's media are not served by a news media obsessed with creating its own news.

While AT&T's security measures may have been lacking, this is no justification of Gawker's actions (Tate, 12 June 2010). The fact that the FBI went to investigate Goatse's hacking does not even faze Gawker. For them, situation ethics apply and the ends justify the means, even if the means are criminal and illegal ("Fbi investigating at&t," 2010). In this author's opinion, AT&T's approach to the crisis was appropriate.

They owned up to their mistakes, revealed the extent of the breach, and informed the victims so they could protect themselves. AT&T has apologized and said it will notify all iPad users whose e-mail addresses may have been accessed.

While "it noted that the only information hackers would have been able to steal using the attack were users' e-mail addresses...Criminals could use that knowledge to trick them into opening e-mails that plant malicious software on their computers (ibid)." This is a model approach and while AT7T took heat for their actions, one would think that in the long run that they are a stronger company and that their honesty will play out well with their customers in the long run.

Not only should this conduct be encouraged, security breaches be made illegal to conceal from customers. Then companies like Goatse and Gawker would not have anything to exploit. CEOS and Security The chief worry for CEOs according to computer security specialist Gary Loveland surrounds the following ten questions and critical criteria: 1. Who is accountable for protecting our critical information? 2. How do we define our key security objectives to ensure they remain relevant? 3. How do we evaluate the effectiveness of our security program? 4.

How do we monitor our systems and prevent breaches? 5. What is our plan for responding to a security breach? 6. How do we train employees to view security as their responsibility? 7. How do we take advantage of cloud computing and still protect our information assets? 8. Are we spending our money on the right things? 9. How can we ensure that we comply with regulatory requirements and industry standards in the most cost-effective, efficient manner? 10.

How do we meet expectations regarding data privacy? While the Loveland approach may seem top-down, it has to be. Security rules have to be consistent across a company and the only place is from the top down and backed up by a thorough corporate culture that encourages this to the hilt ("Top ten security questions for ceos to ask, " 10 June 2010). There has to be one stand with regard to security and damage control involves consistency and unity across an organization.

Conclusion In the course of this short paper, the author has demonstrated that hacking into a Web site is almost never justifiable unless the hackers are acting with a warrant and under the direction of law enforcement agencies. We applied to a real world case, in which Goatse Security and Gawker Media hacked into iPad email records stored on an AT&T server in June of 2010. This author feels it is the best and most contemporary example available.

The author will also created a corporate ethics statement for a computer security firm that would allow activities like hacking only under the most extreme of circumstances. In this author's viewpoint, if hacking results at all, the perpetrator must be able to defend himself in front of a judge or the police because it is a basic violation of the sacred right of privacy.

Furthermore, this author maintains that it is important for organizations like Gawker Media to be socially responsible and we will consider (based on this incident) what factors those chief executive officers (CEOs) should consider when responding to a security breach. Finally, the author.