CyberEthics
From Wikipedia, the free encyclopedia
Contents |
[edit] Definition
Ethics |
Theoretical |
Meta-ethics |
Applied |
Bioethics · Cyberethics · Medical |
Core issues |
Justice · Value |
Key thinkers |
Confucius · Mencius |
Lists |
Cyberethics is the study of ethical dilemma imposed by the emergence of ubiquitous digital technologies, information and computer infrastructure within today's society. However, the concept of ethic dates back further as a study into morality and virtue; Aristole's Nicomachean Ethics is a good starting point for ethical debate. According to Aristole, moral virtue which is a sense of what is right and wrong "comes about as a result of habit" (McKeon, 2001).[1]
Aristole further argues: the purpose of "every action and pursuit, is thought to aim at some good: some goods subordinate to others"(McKeon, 2001).[1] Throughout life a person develops a prioritized list of mortal virtue that becomes an ethical framework for oneself. Furthermore, the ethical framework serves as guidelines on how people should behave for the good of society. "Shall we not, like archers who have a mark to aim at, in outline at least to determine what it is, and of which of the sciences or capacities it is the object?"(McKeon, 2001)[1]
[edit] Ethics is not Universal
Ethics do not apply universally. In a much broader sense, the definition of what is good or ethical differs from nation to nation and person to person due to both religious and cultural influences. For example, western cultures generally perceive secrecy as beneficial to individuals. However, in many eastern cultures if someone acts with secrecy, they are perceived to have something to hide and thus an untrustworthy person (Pfleeger, C. & Pfleeger, S., 2007).[2]
In addition, the roles people play in society influences their ethical values. For example, salesmen are interested in maximizing profit. This can lead to limited disclosure of the details of the product they trying to sell. Generally, the rule of thumb is what's good for you may not be good for someone else.
[edit] Relationship between Law and Ethics
In the United States, laws are formal written directives that apply to everyone. Laws are interpreted by the judicial system and enforced by the police. Writing comprehensive laws that enforce every aspect of human behavior within a free society is very impractical and unnecessary. A general guideline differentiating what is right and what is wrong a can be defined by ethics rather than laws. Ethics by nature is a set of unwritten principles which are freely interpreted, weighed, and put into action by each individual without third party arbitration and with limited enforcement (Pfleeger, C. & Pfleeger, S., 2007).[2] Ethics is important for defining acceptable action within the gray areas where laws do not cover.
[edit] The Theory of Privacy
In the late 1800 century, the inventions of cameras spurred similar ethical debates as the Internet does today. During a Harvard Law Review seminal in 1890, Warren and Brandeis defines privacy from an ethical and moral point of view to be "central to dignity and individuality and personhood. Privacy is also indispensable to a sense of autonomy - to 'a feeling that there is an area of an individual's life that is totally under his or her control, an area that is free from outside intrusion.' The deprivation of privacy can even endanger a person's health." (Warren & Brandeis, 1890).[3] Over 100 years later, the Internet and proliferation of private data through ecommerce is a phenomenon which requires a new round of ethical debate involving a person's privacy.
Privacy can be decomposed to the limitation of others' access to an individual with "three elements of secrecy, anonymity, and solitude" (Gavison, 1984).[4] Anonymity refers to the individual's right to protection from undesired attention. Solitude refers to the lack of physical proximity of an individual to others. Secrecy refers to the protection of personalized information from being freely distributed.
Individuals surrender private information when conducting transactions and registering for services. Ethical business practice protects the privacy of their customers by securing information which may attribute to the loss of secrecy, anonymity, and solitude. Credit card information, social security numbers, phone numbers, mothers' maiden names, addresses and phone numbers freely collected and shared over the internet may lead to a loss of Privacy.
Fraud and impersonation are some of the malicious activities that occurr due to the direct or indirect abuse of private information. Identity theft is rising rapidly due to the availability of private information in the internet. For instance, seven million Americans have fallen victim to Identity Theft in 2003, making identity theft as the fastest growing crime in the United States (Latak, 2005).[5] Public records search engines and databases are the main culprits contributing to the rise of cybercrime. Listed below are a few recommendations to restrict online databases from proliferating sensitive personnel information.
- Exclude sensitive unique identifiers from database records such as social security numbers, birth dates, hometown and mothers' maiden names.
- Exclude phone numbers that are normally unlisted.
- Clear provision of a method which allows people to have their names removed from a database.
- Banning the reverse social security number lookup services (Spinello, 2006).[6]
[edit] Private Data Collection
Data warehouses are used today to collect and store huge amounts of personal data and consumer transactions. These facilities can preserve large volumes of consumer information for an indefinite amount of time. Some of the key architectures contributing to the erosion of privacy include databases, cookies and spyware (Spinello, 2006). [6]
Some may argue that data warehouses are supposed to stand alone and be protected. However, the fact is enough personal information can be gathered from corporate websites and social networking sites to initiate a reverse lookup. Therefore, is it not important to address some of the ethical issues regarding how protected data ends up in the public domain?
As a result, identity theft protection businesses are on the rise. Companies such as LifeLock and JPMorgan Chase have begun to capitalize on selling identity theft protection insurance.
[edit] Intellectual Property
In the United States, another controversial area of computer ethics concerns the intellectual property rights (IPR) and software ownership. Two opposing views on IPRs are proponents for the strengthening of copyright laws and the proponent for free and open source software (Freeman & Peace, 2004).[7] The argument can be made that IPRs are required because companies would not invest weeks and months in development if there is no incentive for revenue generated from sales and licensing fees. Proponents for open source believe that all programs should be available to anyone who wants to study them. Consider Yochai Benkler's argument that trends in governance of creativity are contemptible if "works such as Elvis and Disney will never enter the public domain in the same way as Mozart or Shakespeare" (Benkler, 2006)[8]
[edit] Ethical Fallacies
Ethical fallacies in cyberspace are prevalent due to misunderstanding and a general lack of computer training among the adult population. Peter S. Tippett identified some of the most widely discussed fallacies in computing as follows:
[edit] The Computer Game Fallacy
A significant number of people believe computers will generally prevent them from cheating or doing wrong. Programmers believe if a software program is working then it must be free of errors. Users believe that computers are accurate and precise enough to prevent errors. Therefore, the common misperception of computers preventing the user from doing anything unethical is a fallacy (Tipton & Henry, 2007). [9]
[edit] The Law-Abiding Citizen Fallacy
Users do not know that they must consider legal consequences of actions done with computers because laws only define the minimum set of requirements for an action to be judged. As a result, confusion as to what is actually legal occurs when actions fall outside the scope of the law (Tipton & Henry, 2007). [9] Users can also make the false assumption that all ecommerce sites are law-abiding.
[edit] The Shatterproof Fallacy
The shatterproof fallacy is the belief that what a person can do minimal harm with a computer. The possible ramifications of which are limited to only a few files on the computer itself without consideration as to what the implication of the action is beforehand (Tipton & Henry, 2007). [9]
[edit] The Candy from a Baby Fallacy
Just because doing something illegal is easy with a computer does not make it right. For example, it is very easy to make copies of documents and applications with computers without physical property ever changing hands. However it is still considered stealing if you do not own the license to use it (Tipton & Henry, 2007). [9] Napster, a firm that promoted downloading free music over the internet using peer-to-peer technology was sued over copyright violations.
[edit] The Hacker's Fallacy
Hackers believe it is not wrong to exploit the vulnerabilities of a computer as long as it is not for the purpose of personal profit.[10] Considering personal interest over the best interests of society is the fallacy of the hacker's code of ethics (Tipton & Henry, 2007). [9]
[edit] The Free Information Fallacy
This is the notion that "information wants to be free." However, information cannot make decisions. It is the user behind the keyboard that ultimately presses the "OK" button. (Tipton & Henry, 2007). [9]
[edit] Codes of Ethics in Computing
Information Technology managers today are required to establish a set of ethical standards common to their organization. There are many examples of ethical code currently published that can be tailored to fit any organization. Code of Ethics is an instrument that establishes an common ethical framework for a large group of people. Four well known examples of Code of Ethics for IT professionals are listed below:
[edit] Ten Commandments of Computer Ethics
The ethical values as defined in 1992 by the computer ethics institute; a nonprofit organization whose mission is to advance technology by ethical means defines computer ethics as follows:
- Thou shalt not use a computer to harm other people.
- Thou shalt not interfere with other people's computer work.
- Thou shalt not snoop around in other people's computer files.
- Thou shalt not use a computer to steal.
- Thou shalt not use a computer to bear false witness.
- Thou shalt not copy or use proprietary software for which you have not paid.
- Thou shalt not use other people's computer resources without authorization or proper compensation.
- Thou shalt not appropriate other people's intellectual output.
- Thou shalt think about the social consequences of the program you are writing or the system you are designing.
- Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans (Computer Ethics Institute, 1992).[11]
[edit] RFC 1087
In January 1989, the Internet Architecture Board (IAB) in RFC 1087 defines an activity as unethical and unacceptable if they:
- Seeks to gain unauthorized access to the resources of the Internet.
- Disrupts the intended use of the Internet.
- Wastes resources (people, capacity, computer) through such actions.
- Destroys the integrity of computer-based information, or
- Compromises the privacy of users (RFC 1087, 1989). [12]
[edit] (ISC)2 Code of Ethics
(ISC)2 an organization committed to certification of computer security professional has further defined its own Code of Ethics generally as:
- Act honestly, justly, responsibly, and legally, and protecting the commonwealth.
- Work diligently and provide competent services and advance the security profession.
- Encourage the growth of research – teach, mentor, and value the certification.
- Discourage unsafe practices, and preserve and strengthen the integrity of public infrastructures.
- Observe and abide by all contracts, expressed or implied, and give prudent advice.
- Avoid any conflict of interest, respect the trust that others put in you, and take on only those jobs you are qualified to perform.
- Stay current on skills, and do not become involved with activities that could injure the reputation of other security professionals (Harris, 2003).[13]
[edit] The Code of Fair Information Practices
The Code of Fair Information Practices is based on five principles outlining the requirements for records keeping systems. This requirement was implemented in 1973 by the U.S. Department of Health, Education and Welfare.
- There must be no personal data record-keeping systems whose very existence is secret.
- There must be a way for a person to find out what information about the person is in a record and how it is used.
- There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person's consent.
- There must be a way for a person to correct or amend a record of identifiable information about the person.
- Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data (Harris, 2003).[13]
[edit] Conclusion
The rapid growth of information technology in the 21st century requires computer professionals to spend a bulk of their time improving their technical skills. IT professionals should also study the legal and ethical implications of the information to which they are entrusted. Mishandling private data comes with a substantial cost because most of the database records stored by businesses actually represent information about real people. Therefore, inaccurate records, noncompliance in fair business practices, and poorly designed information systems can harm the lives of real people.
Microsoft allowed manufacturers to place "Windows Vista Capable" stickers on computers. Many users have sued Microsoft because the system systems they purchased were only capable of running Vista Home edition. A federal judge granted class-action status to a lawsuit against Microsoft on February 22, 2008. [14] Is it not interesting to study the root cause of this particular failure? Was it the market pressure, inadequate compliance or an inadequate set of core values? Surley Microsoft's unethical conduct will result in a new set of laws.
All members of society have a large stake in the Internet therefore, awareness of ethical responsibilities is critical. Fallacies like alligators are generally easy to avoid if you know where they are. Knowing what's legal can prevent intellectual property misuse and the loss of large amounts of business revenue. Finally, adopting a Code of Ethics within an organization is relatively easy task to perform that can keep employees from doing the wrong thing.
[edit] See Also
[edit] References
- ^ a b c McKeon, Richard (2001). The Basic works of Aristotle. New York, New York: Random House Inc. ISBN 0-375-75799-6.
- ^ a b Pfleeger, Charles; Pfleeger, Shari (2007). Security in Computing Fourth Edition. Saddle River, New Jersey: Prentice Hall. ISBN 0-13-239077-9.
- ^ Warren, Samuel; Brandeis, Louis (1998). "Privacy, photography, and the press.". . Harvard Law Review 111:4 Retrieved on 2008-04-29.
- ^ Gavison, R. (1984). "Privacy and the Limits of the Law". . The Yale Law Journal 8:421
- ^ Latak, A (2005, February). Identity Crisis: To make its players safe the NFL is tackling schemers and scammers. Legal Affairs. Retrieved on 2008-05-01.
- ^ a b Spinello, Richard (2006). Cyberethics: Morality and Law in Cyberspace, Third Edition. Sudbury, Massachusetts: Jones and Bartlett Publishers. ISBN 0-7637-3783-6.
- ^ Freeman, Lee; Peace, Graham (2004). Information Ethics: Privacy and Intellectual Property. Hersey, Pennsylvannia: Information Science Publishing. ISBN 1-5914-0491-6.
- ^ Benkler, Y. (2006, July 8). "The Wealth of Networks: How Social Production Transforms Markets and Freedom". . The Financial Times
- ^ a b c d e f Tipton, Harold; Henry, Kevin (2007). Official (ISC)2 Guide to the CISSP CBK.. Boca Raton, FL: Auerbach Publications. ISBN 0-8493-8231-9.
- ^ Hacker Ethic (2008-04-27). Hacker Ethic. Wikipedia. Retrieved on 2008-05-07.
- ^ Computer Ethics Institute (1992). The Ten Commandments of Computer Ethics. Computer Ethics Institute. Retrieved on 2008-05-01.
- ^ Network Working Group. (1989). Ethics and the Internet. Network Working Group. Retrieved on 2008-05-01.
- ^ a b Harris, Shon (2003). CISSP Certification: Exam Guide Second Edition. New York, NY: McGraw-Hill/Osbourne. ISBN 0-07-222966-7.
- ^ Tartakoff, Joseph; Bishop, Todd (2008-02-23). 'Vista Capable' lawsuit against Microsoft now a class action. SeattlePI. Retrieved on 2008-05-01.
[edit] External Links
IEEE Website
ACM Website
ISC2 Website
Internet Architecture Board