The Ethics of Firesheep

Posted by Aaron Massey on 08 Nov 2010.

Eric Butler, the creator of Firesheep, posted his thoughts on the ethics of Firesheep last week:

It goes without saying that harassing or attacking people is a terrible thing to do. To suggest Firesheep was created for this purpose is completely false; Firesheep was created to raise awareness about an existing and frequently ignored problem. As I’ve said before, I reject the notion that something like Firesheep turns otherwise innocent people evil.

There are two basic schools of thought in the ethics of design:

Tools themselves are ethically neutral. Ethics are inherently tied to a human using a tool for some purpose, either bad or good.
Tools can be designed in such a way that the design of the tool is ethically inseparable from its use.

Consider a hammer. You can use it to build a tree house or you can use it to beat someone to death. Neither of these actions can really be credited to or blamed on the hammer; the actor is responsible.

Now consider a “prank” hammer designed to appear solid but break in half harming the user’s hand. The act of designing and building such a hammer could be considered ethically dubious.

To bring this discussion back to Firesheep, I don’t believe that designing and building Firesheep was unethical. Full disclosure is an important tool for improving computer security. This sort of attack has been known by most security experts for a long time, but no one was all that serious about fixing it. As Eric Butler says:

Similar tools have existed for years, so big companies, especially Facebook and Twitter, cannot claim they are unaware of these issues. They have knowingly placed user privacy on the back burner, and I’d be interested to hear some discussion about the ethics of these decisions, which have left users at risk since long before Firesheep.

Firesheep has certainly raised awareness of the problem. Hopefully people will start fixing it.