cpsc 525: ethical considerations in information …cpsc 525: ethical considerations in information...
TRANSCRIPT
![Page 1: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/1.jpg)
CPSC 525: Ethical Considerations in InformationSecurity
“In which we distinguish between being an armchair ethicist and anethics practicioner”
Michael E. Locasto
Department of Computer ScienceUofC
CPSC 525/625
January 16, 2013
![Page 2: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/2.jpg)
Agenda
Announcements (1 minute)
Learning Objectives for Today (1 minute)
→ Mild Orientation to Moral Theories
→ Practice dissecting some common IT-related ethical questions
Moral Theories Overview (10 minutes)
Ethical Scenarios (15 minutes)
Aaron Swartz video (time–permitting)
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 3: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/3.jpg)
Announcements
→ Lab Schedule
→ Skipping “Legislation”
→ quoted material below comes from “Applying Moral Theories” byCE Harris, Jr. (I encourage you to purchase this book for yourbookshelf)
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 4: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/4.jpg)
Manifesto
Your personal code of ethics dictates what actions you take. There aredifferent systems of ethical thought; you may subscribe to one consistentmodel, or you may implicitely follow an amalgem of them. You might noteven give it a thought, but you probably follow some sort of rule.
We believe that information security professionals should at least be awareof the system they follow, even it is based on moral relativism andoptimizes for “selfish” interests.
So whatever your ethical code of conduct is, we believe that our codemandates that we cover this material to help expose you to thecomplexities of making really hard choices in this space and distinguishingbetween the numerous shades of grey posed by information securityscenarios.
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 5: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/5.jpg)
Moral Philosophies
Egoism – self-interest
Natural Law – human nature
Utilitarianism – greatest overall good
Respect for persons – “equal dignity of all human beings”
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 6: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/6.jpg)
Capt. OatesFrom: “Applying Moral Theories”, CE Harris, JR. pp. 2–6
Suffering from frostbite and slowing the march away from the SouthPole...
“This was the end. [Oates] slept through the night before last,hoping not to wake; but he woke in the morning–yesterday. Itwas blowing a blizzard. He said, “I am just going outside andmay be some time.” He went out into the blizzard and we havenot seen him since.”
Was his action justifiable? Morally permissable? Morally praiseworthy?
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 7: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/7.jpg)
Mental Clarity
How can we argue effectively one way or the other?
Factual issues – what is the reality
Conceptual issues – definitions, semantics, applicability
Moral issues – “applying moral principles or standards”
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 8: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/8.jpg)
Ethical Scenarios
The Subway Photo
Cryptography as a Weapon
Vulnerability Disclosure
Writing an Exploit
Backdoors
Shortcuts
Sniffing
Downloading
Others...
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 9: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/9.jpg)
The Subway Photo
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 10: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/10.jpg)
Cryptography as a Weapon
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 11: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/11.jpg)
Cryptography as a Weapon
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 12: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/12.jpg)
Listening to Network Traffic
“Research”
Curiosity
Diagnosing network connectivity problems
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 13: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/13.jpg)
Vulnerability Disclosure
What if you find a vuln in MintChip?
Related Scenarios:
Writing an Exploit
Inserting a Backdoor
Leaving Security Out
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 14: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/14.jpg)
Other Scenarios
downloading music; downloading JSTOR; weev
Academic copyright policy:http://www.patrickmcdaniel.org/IEEE-copyright-policy.html
guessing email password of political figure, friend
shoulder-surfing
not obeying EULA provision for “no reverse engineering” (Amazon MusicDownloader)
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security
![Page 15: CPSC 525: Ethical Considerations in Information …CPSC 525: Ethical Considerations in Information Security “In which we distinguish between being an armchair ethicist and an ethics](https://reader034.vdocuments.mx/reader034/viewer/2022042606/5fb30719907c9101d01bd59a/html5/thumbnails/15.jpg)
Readings
Pay special attention to:
“Pretending Systems Are Secure”
“Towards an Ethical Code for Information Security”
Stanford prison experiment
the Therac-25 report
ACM Code of Ethics
Michael E. Locasto CPSC 525: Ethical Considerations in Information Security