Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
CPSC 525: Ethical Considerations in InformationSecurity
“In which we distinguish between being an armchair ethicist and anethics practicioner”
Michael E. Locasto
Department of Computer ScienceUofC
CPSC 525/625
January 16, 2013
Agenda
Announcements (1 minute)
Learning Objectives for Today (1 minute)
→ Mild Orientation to Moral Theories
→ Practice dissecting some common IT-related ethical questions
Moral Theories Overview (10 minutes)
Ethical Scenarios (15 minutes)
Aaron Swartz video (time–permitting)
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Announcements
→ Lab Schedule
→ Skipping “Legislation”
→ quoted material below comes from “Applying Moral Theories” byCE Harris, Jr. (I encourage you to purchase this book for yourbookshelf)
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Manifesto
Your personal code of ethics dictates what actions you take. There aredifferent systems of ethical thought; you may subscribe to one consistentmodel, or you may implicitely follow an amalgem of them. You might noteven give it a thought, but you probably follow some sort of rule.
We believe that information security professionals should at least be awareof the system they follow, even it is based on moral relativism andoptimizes for “selfish” interests.
So whatever your ethical code of conduct is, we believe that our codemandates that we cover this material to help expose you to thecomplexities of making really hard choices in this space and distinguishingbetween the numerous shades of grey posed by information securityscenarios.
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Moral Philosophies
Egoism – self-interest
Natural Law – human nature
Utilitarianism – greatest overall good
Respect for persons – “equal dignity of all human beings”
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Capt. OatesFrom: “Applying Moral Theories”, CE Harris, JR. pp. 2–6
Suffering from frostbite and slowing the march away from the SouthPole...
“This was the end. [Oates] slept through the night before last,hoping not to wake; but he woke in the morning–yesterday. Itwas blowing a blizzard. He said, “I am just going outside andmay be some time.” He went out into the blizzard and we havenot seen him since.”
Was his action justifiable? Morally permissable? Morally praiseworthy?
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Mental Clarity
How can we argue effectively one way or the other?
Factual issues – what is the reality
Conceptual issues – definitions, semantics, applicability
Moral issues – “applying moral principles or standards”
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Ethical Scenarios
The Subway Photo
Cryptography as a Weapon
Vulnerability Disclosure
Writing an Exploit
Backdoors
Shortcuts
Sniffing
Downloading
Others...
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
The Subway Photo
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Cryptography as a Weapon
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Cryptography as a Weapon
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Listening to Network Traffic
“Research”
Curiosity
Diagnosing network connectivity problems
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Vulnerability Disclosure
What if you find a vuln in MintChip?
Related Scenarios:
Writing an Exploit
Inserting a Backdoor
Leaving Security Out
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Other Scenarios
downloading music; downloading JSTOR; weev
Academic copyright policy:http://www.patrickmcdaniel.org/IEEE-copyright-policy.html
guessing email password of political figure, friend
shoulder-surfing
not obeying EULA provision for “no reverse engineering” (Amazon MusicDownloader)
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
Readings
Pay special attention to:
“Pretending Systems Are Secure”
“Towards an Ethical Code for Information Security”
Stanford prison experiment
the Therac-25 report
ACM Code of Ethics
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security