top of page

CYBERSECURITY ETHICS CHAPTER SUMMARY

CHAPTER 1-2 | 3-4 | 5-6 | 7-8

Chapter 1: The Main Idea

Key ideas you will encounter in this chapter include the following:

 

  • Ethics is a branch of philosophy concerned with “the good.”

  • Practical ethics considers everyday issues and provides practical solutions to the question “What is an ethical response in this situation?”

  • Normative ethics is concerned with questions of what one ‘ought to’ do, while descriptive ethics is concerned not with ‘should’ questions but with observing and understanding ethical behaviors in different places, times and cultures.

  • Computer ethics are normative ethics.They are a branch of both practical and professional ethics.

  • Ethical accountability may be to a religious authority or to society and one’s community.Thus, ethics may parallel religious beliefs but they do not always do so.

  • Moral philosophers can be either or . Moral relativists argue that what is morally right  or wrong can depend on someone’s individual disposition or on the conventions of a particular historical era or culture. Objectivists believe that it is possible to find out what the right thing to do is objectively, and that values and value commitments are universal in scope.

  • Professional communities often evolve and rely upon shared ideas – including shared, forming an which has a shared ethic.

​

Chapter 2 O

Chapter 2: Models for Ethical Thinking

Key ideas you will encounter in this chapter include the following:

​

  •  Over time, different ways of evaluating the ethical aspects of actions have emerged, based on developments in religion and philosophy

  • The three frames considered here (Virtue Ethics; Utilitarianism and Deontological Ethics) differ in terms of what constitutes ethical behavior – is it acting in line with one’s values?Achieving a particular ethical outcome, or acting in line with moral standards?

  •  Virtue ethicists believe that there is some objective list of virtues that, when cultivated, maximize a person’s chance of living a good life.

  •  assumes that one can measure the utility of particular choices and decide rationally which action will yield the most utility. In seeking a particular end, it is possible that other values will need to be compromised, and it assumes that what is ‘best’ in one  situation might not be best in another.

  •  Deontological ethicists believe that humans can use their reasoning abilities to derive an ethical position through asking a series of questions including “What would be the outcome if everyone acted this way?”  And “Would I approve of this type of behavior having the status of a universal law?”

  •  Each framework allows us to make a particular type of ethical argument. The  frameworks might not all agree on what the best choice is in a particular situation.

Chapter 4

Chapter 3: The Ethical Hacker

Key ideas you will encounter in this chapter include the following:

​

  • Hacker culture is seen as having its own distinctive set of norms and values, which have changed over time. It originally had an anti-state and libertarian character. 

  • As cybersecurity, has evolved as a profession, hacking has moved from a casual, unregulated activity to one with clearly stated norms and standards of professional practice. 

  • Today we can distinguish between white hat and black hat hackers, with white hats often assisting government and groups in improving their security through running pen tests. 

  • Many types of hacks are illegal. The distinction between cyberterrorism and hacking  is not always clear. 

  • Philosophers of technology describe the ways in which both technology developers  and users share ethical responsibilities. Thus, it is possible to identify a duty not to hack as well as a duty to safeguard one’s material so that one is not hacked.

  • The Three Frameworks provide different ways of thinking about hacking: The virtue  ethics framework focusses on the values of restraint, empathy, and respect in determining whether an action is ethical. The Utilitarian perspective suggests that hacking can add value to a target throughout identifying security vulnerabilities and allowing for them to be fixed. The Deontological perspective suggests that  corporations have a duty to safeguard information.

Chapter 4: Privacy

Key Ideas you will encounter in this chapter include the following:

​

  • Historically, most cultures have had a notion of privacy and a taboo against revealing secrets. However, this may vary greatly according to culture.

  • Today, decision-makers increasingly face trade-offs between an individual’s right to keep his private life private and the obligations of employers and the government to keep citizens safe.

  • In the United States, our normative understandings of the right to privacy are often spelled out in legislation. Legislation exists to preserve medical confidentiality, education confidentiality, and to require provisions of reasons for collecting data related to law breaking, etc.

  • Understandings of privacy are evolving along with new technologies. Today it is often whether social media is private or social, and geographic issues make it less clear whether you are at home or at work, or when you are being a private person or a public person.

  • Both normative understandings and legislation today are still evolving regarding questions of data ownership and data privacy. It is often unclear who your data  belongs to – When does it cease being yours, who has the right to college it, and  what are their obligations to safeguard this data?

  • While much of today’s conversation is about privacy rights, others are beginning to  ask about the responsibilities of individuals to provide data. For example, should individuals should feel duty-bound to contribute private data – such as health data –  to large-scale analytics projects which might aim at keeping society safe from a  pandemic or finding a cure for a disease?

Chapter 6

Chapter 5: Surveillance

Key ideas you will encounter in this chapter include the following:

​

  • Although the technologies currently available for carrying out surveillance are new and more sophisticated, surveillance for the purpose of security is an old idea.

  • The ‘right to surveillance’ belongs to corporations, agencies and states while the right to privacy belongs to individuals.

  • Differential surveillance refers to practices in which certain groups – including the poor, ethnic and racial minorities, and the disenfranchised – are more likely to have their behavior monitored and their rights curtailed.

  • Surveillance is controversial because it aims not to react to behaviors but rather to preempt behaviors (such as terrorism) before they occur. Some ethicists argue that techniques like predictive analytics rest on the premise that people are ‘guilty until proven innocent’ rather than ‘innocent until proven guilty’.

  • Because of the emphasis on preempting crimes, analytics attempt to identify someone’s intent to commit a crime. Critics argue that surveillance may make people less likely to criticize their government since doing so might be read as intent.

  • Ubiquitous computing means that today more people are watched in more places at more times and more data is stored and shared. Critics suggest that the ‘death of privacy’ is therefore inevitable and that surveillance and privacy are incompatible.

  • People in different cultures may hold different views about acceptable levels of surveillance and privacy. As a result, nations may have different laws regarding surveillance and citizen rights.

  • Today globalized patterns of data storage complicate surveillance activities since it is not always clear whose jurisdiction prevails when national laws differ regarding surveillance.

Chapter 6: Piracy and Intellectual Property

Key Ideas you will encounter in this chapter include the following:

​

  • Intellectual Property, or the right to claim ownership of an idea, is not new. However, new technological developments which make the reproduction of information (in written, auditory and visual forms) easier have created new issues in IP.

  • Analysts debate whether traditional ways of thinking about the right to own physical property can and should be applied to thinking about the new issues in intellectual property.

  • It has been difficult to establish a consensus in terms of respecting intellectual property because of the architecture of the internet itself, a traditional ‘pro sharing’ attitude on the part of many internet users, and the fact that many different cultures with different traditions use the internet.

  • In some instances, nations may lack the will or the ability to enforce laws aimed at curtailing IP theft.

  • It is difficult to establish jurisdiction for prosecution since IP theft frequently occurs  across national borders.

  • Utilitarian arguments focus on the economic and intellectual costs of IP theft – arguing that it makes it harder to make progress in science if inventors can’t count on being compensated for their advances.

  • Virtue ethics arguments recommend that users cultivate the virtues of restraint and respect for others, even in situations where it seems easy to engage in IP Theft.

  • Deontological arguments ask would-be IP thieves to consider the perspective of the creators of new technologies.

  • This issue is far from resolved, and new issues arise every day – including the  question of whether or not one owns one’s personal data and genetic material.

Chapter 8

Chapter 7: Cyberwarfare

Key Ideas you will encounter in this chapter include the following:

​

  • [EDIT] Intellectual Property, or the right to claim ownership of an idea, is not new. However, new technological developments which make the reproduction of information (in written, auditory and visual forms) easier have created new issues in IP.

  • [EDIT] Analysts debate whether traditional ways of thinking about the right to own physical property can and should be applied to thinking about the new issues in intellectual property.

Chapter 8: Looking Forward

Key ideas you will encounter in this chapter include the following:

​

  • It is impossible to ever declare an ethical issue (like privcy or surveillance) resolved. Instead, ethical issues should be viewed as dynamic. A changing information environment has the potential to create new ethical issues, many of which the original creators of a technology may not have anticipated.

  • The term refers to new technological developments which differ radically from those which preceded them. Emerging technologies create new social, political, economic and ethics challenges. Ideally, creators would anticipate the ethics issues which could arise as a technology develops and work to create concepts
    and ethical frameworks for dealing with these issues before ethical breaches and issues occur – rather than waiting and reacting to them when they do.

  • In this book, we have assumed that there is one clearly defined ethical decision-maker who makes a decision in a discrete situation. But real life is messy! Professionals often make ethical decisions within a web of constraints – like preexisting technological constraints; financial constraints; user constraints; legal constraints and organizational constraints. The decision-maker needs to be skilled at finding a solution which is ethical but also reasonable and practical.

  • Today, many of the emerging cyber issues are interdisciplinary. Cybersecurity experts mightwork with medical personnel to keep implanted medical devices safe from  hacking, with librarians to assure that information is preserved for future library  patrons, or with economists to resolve security issues associated with  cryptocurrencies. Such issues will require knowledge of cyber ethics as well as  related fields like military, medical, or financial ethics.

  • The community of computer practitioners has a responsibility to guide the  development of their field and to think long-term about the project of computer science and information technology – to ensure that it is meeting the needs of its  users and defining and adhering to its mission.

  • Because ethics is a dynamic and not a static field, codes of professional ethics and practice may require updating in the future to take into account new issues such as the rise of Big Data. Possible that codes will requiring UPDATING to take into account new issues – like Big Data

  • In a globalized world, professional societies may encounter challenges in articulating a set of values and behavioral standards which are universally accepted and which ‘match’ or resonate with the values and practices of their members in diverse nations throughout the world.

bottom of page