cpsc 525: ethical considerations in information …cpsc 525: ethical considerations in information...

15
CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics practicioner” Michael E. Locasto Department of Computer Science UofC CPSC 525/625 January 16, 2013

Upload: others

Post on 14-Aug-2020

8 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

CPSC 525: Ethical Considerations in InformationSecurity

“In which we distinguish between being an armchair ethicist and anethics practicioner”

Michael E. Locasto

Department of Computer ScienceUofC

CPSC 525/625

January 16, 2013

Page 2: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Agenda

Announcements (1 minute)

Learning Objectives for Today (1 minute)

→ Mild Orientation to Moral Theories

→ Practice dissecting some common IT-related ethical questions

Moral Theories Overview (10 minutes)

Ethical Scenarios (15 minutes)

Aaron Swartz video (time–permitting)

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 3: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Announcements

→ Lab Schedule

→ Skipping “Legislation”

→ quoted material below comes from “Applying Moral Theories” byCE Harris, Jr. (I encourage you to purchase this book for yourbookshelf)

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 4: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Manifesto

Your personal code of ethics dictates what actions you take. There aredifferent systems of ethical thought; you may subscribe to one consistentmodel, or you may implicitely follow an amalgem of them. You might noteven give it a thought, but you probably follow some sort of rule.

We believe that information security professionals should at least be awareof the system they follow, even it is based on moral relativism andoptimizes for “selfish” interests.

So whatever your ethical code of conduct is, we believe that our codemandates that we cover this material to help expose you to thecomplexities of making really hard choices in this space and distinguishingbetween the numerous shades of grey posed by information securityscenarios.

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 5: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Moral Philosophies

Egoism – self-interest

Natural Law – human nature

Utilitarianism – greatest overall good

Respect for persons – “equal dignity of all human beings”

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 6: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Capt. OatesFrom: “Applying Moral Theories”, CE Harris, JR. pp. 2–6

Suffering from frostbite and slowing the march away from the SouthPole...

“This was the end. [Oates] slept through the night before last,hoping not to wake; but he woke in the morning–yesterday. Itwas blowing a blizzard. He said, “I am just going outside andmay be some time.” He went out into the blizzard and we havenot seen him since.”

Was his action justifiable? Morally permissable? Morally praiseworthy?

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 7: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Mental Clarity

How can we argue effectively one way or the other?

Factual issues – what is the reality

Conceptual issues – definitions, semantics, applicability

Moral issues – “applying moral principles or standards”

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 8: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Ethical Scenarios

The Subway Photo

Cryptography as a Weapon

Vulnerability Disclosure

Writing an Exploit

Backdoors

Shortcuts

Sniffing

Downloading

Others...

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 9: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

The Subway Photo

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 10: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Cryptography as a Weapon

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 11: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Cryptography as a Weapon

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 12: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Listening to Network Traffic

“Research”

Curiosity

Diagnosing network connectivity problems

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 13: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Vulnerability Disclosure

What if you find a vuln in MintChip?

Related Scenarios:

Writing an Exploit

Inserting a Backdoor

Leaving Security Out

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 14: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Other Scenarios

downloading music; downloading JSTOR; weev

Academic copyright policy:http://www.patrickmcdaniel.org/IEEE-copyright-policy.html

guessing email password of political figure, friend

shoulder-surfing

not obeying EULA provision for “no reverse engineering” (Amazon MusicDownloader)

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Page 15: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics

Readings

Pay special attention to:

“Pretending Systems Are Secure”

“Towards an Ethical Code for Information Security”

Stanford prison experiment

the Therac-25 report

ACM Code of Ethics

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security