"Why would I design a course," Kelly asks on his syllabus, "that is both a study of historical hoaxes and then has the specific aim of promoting a lie (or two) about the past?" Kelly explains that he hopes to mold his students into "much better consumers of historical information," and at the same time, "to lighten up a little" in contrast to "overly stuffy" approaches to the subject."Lighten up" sometimes has merit, but it's facile. When you are literally using your students to try to make the world worse—even if your overall goal is to make parts of it better—I think you need to be packing something more substantial than "lighten up." He doesn't seem to be.
As with the previous incarnation of the course, the students all walked away from the course with a firm belief that research counts and that accepting whatever you find online at first glance is a bad policy. I was really pleased to see that they extended this lesson beyond the Internet to pretty much all historical sources. As one student said to me, from now on she was going to apply the “sniff test” to all her sources..if it smelled slightly fishy, she was going to have to seek corroboration. If all they got out of the class was this one lesson, then it was well worth teaching.Syllabus for Lying About the Past: "By learning about historical fakery, lying, and hoaxes, we all become much better consumers of historical information. In short, we are much less likely to be tricked by what we find in our own personal research about the past...I hope that you’ll improve your research and analytical skills and that you’ll become a much better consumer of historical information. I hope you’ll become more skeptical without becoming too skeptical for your own good. I hope you’ll learn some new skills in the digital realm that can translate to other courses you take or to your eventual career. And, I hope you’ll be at least a little sneakier than you were before you started the course."
Agree that "putting fake info on Wikipedia that nobody gets around to noticing or correcting" is not exactly the same as "fooling Wikipedia."
...this seems like a great thing and I'm really curious why people are reacting so strongly.
"Have to?" No, they don't have to. They're volunteering.
It would be far harder than doing what the class did, and far less likely to succeed even a little bit.
There's something weirdly territorial about this.
If Wikipedia is in fact democratic, it is as much his pool as anybody else's.
...permanently replace it with "GWB sux" for kicks...
So all I was objecting to was that folks seemed to be complaining about the natural outcome of endorsing the Wikipedia philosophy.She's not saying you should go out and steal from your library for no reason. She's saying that the library knows things are going to get stolen, but accepts that as a price for open access. Similarly, Wikipedia editors have to accept that college professors will experiment with their platform. That is the cost of having an encyclopedia that anyone can edit - some of those editors will have a different agenda.
But it can't be said that it's something those volunteers who built it "have" to do. They could choose to do something else.
We don't moan about the harm to the exhibits or the loss to the public good...
Similarly, Wikipedia editors have to accept that college professors will experiment with their platform.
But it's also not something protected by law. It's just not in that same category of recognized public benefit which a broad consensus has agreed is deserving of governmental resources and community protection.
Wikipedia is open to anonymous and collaborative editing, so assessments of its reliability usually include examinations of how quickly false or misleading information is removed. An early study conducted by IBM researchers in 2003—two years following Wikipedia's establishment—found that "vandalism is usually repaired extremely quickly — so quickly that most users will never see its effects"[10] and concluded that Wikipedia had "surprisingly effective self-healing capabilities".[11] A 2007 peer-reviewed study stated that "42% of damage is repaired almost immediately... Nonetheless, there are still hundreds of millions of damaged views."On vandalism:
The open nature of the editing model has been central to most criticism of Wikipedia, as traditional encyclopedias such as Encyclopædia Britannica rest their reputations on the fact that they are written by experts with much care. One particular criticism is that, at any moment, a reader of an article cannot be certain that it has not been compromised by the insertion of false information or the removal of essential information.IN Wikipedia is Not So Great, accuracy is listed as the "single biggest problem."
We spent a lot of time in class discussing the ethical issues surrounding our project, which is why we created a hoax on something so innocuous as a small time pirate who never amounted to much.And in the comments, someone notes:
I gather from the Chronicle article that one of the issues that the class grappled with was that of the ethics of this project. The article references a few ethical concerns that were discussed:posted by Miko at 12:26 PM on May 17, 2012
* No money would change hands.
* No medical information would be put forth.
* No national-security issues would be involved.
* No violations of the university’s responsible-computing policy would be made.
Frankly, while these are all certainly legitimate ethical pitfalls of living and producing information online, I think the one that’s not mentioned and the one that I feel this class DID stumble on was the issue of trust networks. Some of the folks who were duped by this project were led to it by messages distributed in social networking channels by people whom they new and trusted. I think this kind of trust is a critical component of the social contract that we all tacitly agree to by participating in these networks.
Another commenter says:the very existence of your class made me highly skeptical of my own online trust networks in the blogosphere.So that's interesting. And that could be dealt with more deeply. In this age, does it become easier for spin and lies to travel if you understand how to plant them in and subvert trust networks? Why do we trust trust networks? Should we? That's really something to look at.
A student from the 2008 class writes:We concluded this hoax and all of the research for it before two of my other history classes were finished. I had two papers left to write. I carried the enthusiasm for this class over to my final two papers and was able to produce well-written papers, and my level of enthusiasm was like never before (I’ve always been enthusiastic about history, but at the end of the semester, my enthusiasm doesn’t get as high as it could.). I’m anticipating my Spring ’09 semester on a level I never thought possible. I want to get into my history classes, do research and really, truly check my sources. Thanks to Mills, I now know how to recognize some of the tiniest details that could make something that seems credible to be completely false.This info had to be rooted out by others.
But if it hadn't been, it would have been revealed at the end of the term anyhow. It was revealed in 2008 in the Chronicle of Higher Education.In the first go-round, they chose to reveal it because it was starting to take in a journalist and some professors, which is pretty interesting.
I thought it was common knowledge to take everything you read or hear with a grain of salt, especially off the net.
I wish that that were true, but it's not.
the spread of this attitude could mean the difference between putting up with a managable level of deception and not being able to trust anyone -- and let's be clear, ultimately that amounts to the collapse of civilization. Eventually you have to trust someone, you can't fact check everything.
To me, the first part is true - we can contend adequately with a certain level of deception in everyday life - but the second part is not - that you can trust no one and that will cause a collapse of civilization. We all do depend on trust just in order to get through the day - in the people who wired your house, drivers, employers, people who email you, friends and lovers. Sometimes that trust does bite us on the ass, which is the risk trusting. But to me the response is simply to recognize that we are placing that trust, and to give some thought to what it's founded on, if anything. If you proceed through life in a totally trusting manner, you will believe a lot of falsehoods. If you proceed through life willing to step back and engage in skeptical inquiry when you come across a hint of deceit, something seeming off, something seeming too good to be true, something not gelling, then I think we'll all be better off.
Ultimately we all have to make individual judgments about the trustworthiness of what we encounter. Where I get troubled by untruth is not that untruth exists as a thing. That's all over the place. But it's not always malicious. I am troubled by it when it's put in the service of narratives that oppress, suppress, and take advantage of people - particularly people who can't develop or were never taught the skills of critical inquiry. Intent and outcome matter more to me than any other aspect of fabulism, which after all is a fairly universal human trait.
...knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer...This does not seem to square with your statement that "There's nothing that says what Anonymous does is wrong on principle". Especially in a post-USA-Patriot-Act world, though that law was originally created in 1986. But that doesn't really matter to me, because I'm not the one trying to make an argument about things being non-dickish when they aren't illegal or not censured by society with enough force.
(2) the term “protected computer” means a computer—(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
I understand it frustrates you but I don't see a moral obligation for me to condemn it...
So this isn't even an unusual thing,
...and it looks as though the community is well aware of it and has taken it into account, in a matter-of-fact way not reflected in feelings aired in this thread.
If there are inevitably and forever going to be hoaxes on Wikipedia, and I think that Wikipedia's own documentation accepts the fact that there are inevitably going to be, there are things Wikipedia could do to more clearly inform people who have called up a hoaxed page that it was a hoax, once it's found out.
They don't do that right now, but they could.
I'm not sure what I'd think if it happened, but if university systems are that easily gamed, then I probably would support the point of view that they need to be more secure because they are treated with a higher level of trust, as systems. It would be a serious challenge to the trust we place in professional librarians and library systems.
[Stuff about private government data and then]All pretty concrete, physical-world definition of damage.
Knowingly accessing a protected computer with the intent to defraud and there by obtaining anything of value.
Knowingly causing the transmission of a program, information, code, or command that causes damage or intentionally accessing a computer without authorization, and as a result of such conduct, causes damage that results in:
-Loss to one or more persons during any one-year period aggregating at least $5,000 in value.
-The modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals.
-Physical injury to any person.
A threat to public health or safety.
-Damage affecting a government computer system
-Knowingly and with the intent to defraud, trafficking in a password or similar information through which a computer may be accessed without authorization.
But I do think in saying "this is a terrible thing to do to Wikipedia" people are endorsing a special status for Wikipedia that they aren't extending to YouTube or Blogger or whatever other sites or projects were involved.
It may have inconvenienced a few people who have already stepped up to volunteer for a whole big bundle of inconvenience, and that's the worst I can see of it.
My point is that if preventing misinformation were really more important to Wikipedia than its other priorities, they'd implement the many easy ways to do it. It's clearly not a big priority.
I get that you really love Wikipedia and think it's great.
Causing Computer Damage (18 U.S.C. 1030(a)(5))But even if you can't get beyond page one of a primary source, you don't need to be a lawyer to understand that nothing about an activity like messing with Wikipedia is covered under this law.
Paragraph 1030(a)(5) proscribes unleashing worms or viruses or otherwise causing computer damage, that is, (A) intentionally causing unauthorized damage by knowingly causing a transmission to a protected computer; (B) recklessly causing damage by intentionally accessing a protected computer; or (C) causing damage and loss by intentionally accessing a protected computer. These kinds of damage are only federal crimes under paragraph 1030(a)(5) if they involve a protected computer.
...Other than physical injury or death, the types of serious damage that trigger more severe punishment are damage that (1) causes a loss that over the course a year exceeds $5,000; (2) modifies, impairs, or could modify or impair medical services; (3) causes physical injury; (4) threatens public health or safety; (5) affects a justice, national defense, or national security entity computer; or (6) affects 10 or more protected computers over the course of a year.
I guess you must have missed page two, then.
Congress also added a provision to penalize those who intentionally alter, damage, or destroy data belonging to others.So definitely, at the very least activities like messing with Wikipedia are covered under this law.
Regardless of how much "gray area" there still is in cyberlaw, and there is in fact a ton, it still has absolutely zero bearing on what happens on a self-contained, volunteer-run, free, nonprofit website.
If it's a bad idea to vandalize a nongovernmental, noncommercial website, we haven't enshrined that in law yet. No parallel can be made.
Note that the computer must be “used in or affecting” not “used by the defendant in”—that is, it is enough that the computer is connected to the Internet; the statute does not require proof that the defendant also used the Internet to access the computer or used the computer to access the Internet.
Several courts have held that using the Internet from a computer is sufficient to meet this element. See, e.g., United States v. Drew, 259 F.R.D. 449, 457 (C.D. Cal. 2009) (“[T]he latter two elements of the section 1030(a)(2)(C) crime [obtaining information from a protected computer] will always be met when an individual using a computer contacts or communicates with an Internet website.”); United States v. Trotter, 478 F.3d 918, 921 (8th Cir. 2007) (“No additional interstate nexus is required when instrumentalities or channels of interstate commerce are regulated.”) (internal citations omitted); Paradigm Alliance, Inc. v. Celeritas Technologies, LLC, 248 F.R.D. 598, 602 (D. Kan. 2008) (“As a practical matter, a computer providing a ‘web-based’ application accessible through the internet would satisfy the ‘interstate communication’ requirement.”).
Prior to 2008, this definition did not explicitly cover computers that were not connected to the Internet and that were not used by the federal government or financial institutions. For example, some state-run utility companies operate computers that are not connected to the Internet for security reasons. Congress remedied this gap in the Identity Theft Enforcement and Restitution Act of 2008 by broadening the definition of “protected computer” to include computers that “affect” interstate or foreign commerce or communications. 18 U.S.C. § 1030(e)(2)(B).
Ah, yes. Well, Google will get to it.
If you were indifferent about the project you probably wouldn't think that person was an asshole. You wouldn't care.
But their saying "You're an asshole because your anti-yarnbombing stance severely reduces the value of my yarnbombing" gives me no incentive to change my view.
He's working on the public perception issue, which is that Wikipedia is an excellent resource that has transformed human knowledge, makes research a breeze, and is quite reliable as fair, knowledgeable and accurate.
Yeah. Which is damage. Whatever. I tihink I'm accurate in stating that there's a standard of harm which essentially means "you compromised security and/or our computers don't work any more."
And that NONE of this legislation, no matter how closely you read it, applies to websites like Wikipedia.
So it both is and isn't regarded as reliable?
What would they put their hands on in the absence of Wikipedia? Nothing?
The thing is, speaking as an educator and a current graduate student, and even as a MeFite, yes, Wikipedia is regarded as reliable.
But the really problematic thing is that I won't condemn the guy.
Yeah, and nobody did that. Nobody did even an analogue of that. It's such an irrational exaggeration.
Yeah, of course, because it's not a business.
You can write any crazy, hate-speech, full-of-lies crap on a website you own or participate in, and it just doesn't become a legal issue. That's why it doesn't count. It's just random free expression, and nothing about it is touched on by law except what's been touched on in criminal law already.
I actually have a pretty good handle on this and think you should continue reading up on why I keep saying inaccuracy/accuracy or content changes on Wikipedia that use its very own system and do not cause any other form of harm are not matters for law.
Stealing a trade secret didn't count.
In Shurgard Storage Centers, a self-storage company hired away a key employee of its main competitor. Before the employee left to take his new job, he emailed copies of computer files containing trade secrets to his new employer. In support of a motion for summary judgment as to the section 1030(a)(5) count, the defendant argued that the plaintiff’s computer system had suffered no “damage” as a consequence of a mere copying of files by the disloyal employee. The court, however, found the term “integrity” contextually ambiguous and held that the employee did in fact impair the integrity of the data on the system—even though no data was “physically changed or erased” in the process—when he accessed a computer system without authorization to collect trade secrets.Using an example (a hypothetical one?) rather than citing actual court cases, the authors of the document seem to think that under the "access" clauses a person wouldn't even necessarily have to do anything with what we would normally think of as the data and information which is the computer's purpose to store:
...
The statute defines “loss” quite broadly: “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” 18 U.S.C. § 1030(e)(11). his definition includes, for example, the prorated salary of a system administrator who restores a backup of deleted data, the prorated hourly wage of an employee who checks a database to make sure that no information in it has been modified, the expense of re-creating lost work, the cost of reinstalling system software...
...
“Loss” also includes such harms as lost advertising revenue or lost sales due to a website outage and the salaries of company employees who are unable to work due to a computer shutdown.
...
At least one court has held that harm to a company’s reputation and goodwill as a consequence of an intrusion might properly be considered loss for purposes of alleging a violation of section 1030.
A computer network intrusion—even a fairly noticeable one—can amount to a kind of trespass that causes no readily discoverable impairment to the computers intruded upon or the data accessed. Even so, such “trespass intrusions” often require that substantial time and attention be devoted to responding to them. In the wake of seemingly minor intrusions, the entire computer system is often audited, for instance, to ensure that viruses, back- doors, or other harmful codes have not been left behind or that data has not been altered or copied. In addition, holes exploited by the intruder are sometimes patched, and the network generally is resecured through a rigorous and time-consuming technical effort.And finally, another example that bears on vandalism:EXAMPLE 3: The system administrator of a community college reviews server logs one morning and notes an unauthorized intrusion that occurred through a backdoor at about 3:30 in the morning. It appears to the administrator that the intruder accessed a student database that listed students’ home addresses, phone numbers, and social security numbers. After calling the FBI, she and her staff spend several hours reviewing what occurred, devising patches for the vulnerabilities that the intruder exploited, and otherwise trying to prevent similar intrusions from occurring again. Still, the result of the technical review is that no offending code can be found, and the network appears to function as before. In the two months after the intrusion, staff at the community college report no known alterations or errors in the student database. he cost of the employee time devoted to the review totaled approximately $7,500.
posted by XMLicious at 2:14 AM on May 20, 2012EXAMPLE 1: Prior to the annual football game between rival schools, an intruder from one high school gains access to the computer system of a rival school and defaces the football team’s website with graffiti announcing that the intruder’s school was going to win the game.In this example, the intruder has caused damage—the integrity of the information on the website has been impaired because viewers of the site will not see the information that the site’s designers put there.
in Shaw v. Toshiba America Information Systems, 91 F. Supp. 2d 926, 931 (E.D. Tex. 1999), Toshiba manufactured computers with faulty software that improperly deleted data on diskettes used in their floppy drives, and Toshiba shipped the computers in interstate commerce. In that case, the court found that the shipment of the software by itself constituted transmission for purposes of the statute....so it appears to even be applicable to things done accidentally.
« Older Now I agree that to some people using half a kilo ... | Dalal al-Mutairi, the senior b... Newer »
This thread has been archived and is closed to new comments
posted by Horace Rumpole at 5:43 PM on May 15, 2012 [2 favorites]