cpsc 525: ethical considerations in information …cpsc 525: ethical considerations in information...

CPSC 525: Ethical Considerations in InformationSecurity

“In which we distinguish between being an armchair ethicist and anethics practicioner”

Michael E. Locasto

Department of Computer ScienceUofC

CPSC 525/625

January 16, 2013

Agenda

Announcements (1 minute)

Learning Objectives for Today (1 minute)

→ Mild Orientation to Moral Theories

→ Practice dissecting some common IT-related ethical questions

Moral Theories Overview (10 minutes)

Ethical Scenarios (15 minutes)

Aaron Swartz video (time–permitting)

Michael E. Locasto CPSC 525: Ethical Considerations in Information Security

Announcements

→ Lab Schedule

→ Skipping “Legislation”

→ quoted material below comes from “Applying Moral Theories” byCE Harris, Jr. (I encourage you to purchase this book for yourbookshelf)


Manifesto

Your personal code of ethics dictates what actions you take. There aredifferent systems of ethical thought; you may subscribe to one consistentmodel, or you may implicitely follow an amalgem of them. You might noteven give it a thought, but you probably follow some sort of rule.

We believe that information security professionals should at least be awareof the system they follow, even it is based on moral relativism andoptimizes for “selfish” interests.

So whatever your ethical code of conduct is, we believe that our codemandates that we cover this material to help expose you to thecomplexities of making really hard choices in this space and distinguishingbetween the numerous shades of grey posed by information securityscenarios.


Moral Philosophies

Egoism – self-interest

Natural Law – human nature

Utilitarianism – greatest overall good

Respect for persons – “equal dignity of all human beings”


Capt. OatesFrom: “Applying Moral Theories”, CE Harris, JR. pp. 2–6

Suffering from frostbite and slowing the march away from the SouthPole...

“This was the end. [Oates] slept through the night before last,hoping not to wake; but he woke in the morning–yesterday. Itwas blowing a blizzard. He said, “I am just going outside andmay be some time.” He went out into the blizzard and we havenot seen him since.”

Was his action justifiable? Morally permissable? Morally praiseworthy?


Mental Clarity

How can we argue effectively one way or the other?

Factual issues – what is the reality

Conceptual issues – definitions, semantics, applicability

Moral issues – “applying moral principles or standards”


Ethical Scenarios

The Subway Photo

Cryptography as a Weapon

Vulnerability Disclosure

Writing an Exploit

Backdoors

Shortcuts

Sniffing

Downloading

Others...


The Subway Photo


Cryptography as a Weapon


Listening to Network Traffic

“Research”

Curiosity

Diagnosing network connectivity problems


Vulnerability Disclosure

What if you find a vuln in MintChip?

Related Scenarios:

Writing an Exploit

Inserting a Backdoor

Leaving Security Out


Other Scenarios

downloading music; downloading JSTOR; weev

Academic copyright policy:http://www.patrickmcdaniel.org/IEEE-copyright-policy.html

guessing email password of political figure, friend

shoulder-surfing

not obeying EULA provision for “no reverse engineering” (Amazon MusicDownloader)


http://www.patrickmcdaniel.org/IEEE-copyright-policy.html

Readings

Pay special attention to:

“Pretending Systems Are Secure”

“Towards an Ethical Code for Information Security”

Stanford prison experiment

the Therac-25 report

ACM Code of Ethics


cpsc 525: ethical considerations in information …cpsc 525: ethical considerations in information...

Documents