Cyber Strategy & Policy

Policy Analysis: Ethical Issues

Posted by sfran016 on

Cybercrime Ethics

Since cybersecurity and cybercrimes are fairly new and expanding rapidly, the rules and
regulations surrounding them are also fairly new. Because of this, they don’t exactly cover every
way a cybercrime can be committed or even have punishments for all of them. With how new
these issues are, are there any ethical implications in the punishments for them?
Based on the information written in the “Cybercrime and Punishment: An Analysis of the
Deontological and Utilitarian Functions of Punishment in the Information Age”, punishments for
crimes are typically based on 4 things, retribution (based off of the crime being committed),
deterrence (based on how harsh the punishment should be based on the crime), incapacitation (to
remove the lawbreaker from society to prevent more harm), and rehabilitation (to help reform the
lawbreaker) (Jetha 2013). Given that the “Computer Fraud and Abuse Act” (CFAA) already
states some of the penalties for committing some of those cybercrimes, does it follow that policy
of the reasons why we give out those punishments, even without the information behind them?
According to the utilitarian ethic view stated in Jetha’s writing, which deems it is your
duty to be good to everyone, anyone who commits these crimes needs to be punished for
commiting the act regardless of circumstances because it is wrong. So, under this view it is
completely ethical to have the punishments outlined because everyone who commits the act
would get the same time (Jetha 2013). When focusing on the rehabilitation section for the
punishments according to Jetha, that falls more under the deontologist view because it allows for
people like children to be held by a different standard and be charged for less with the
assumption that their behavior was based on their surroundings (Jetha 2013).
Examples of somewhat cruel punishments can be found all over the world, one being the
case with Aaron Swarts, who faced up to 1 million dollars in fines and potentially 35 years in
prison for illegally making papers he had access to for school, public so others could use them. They charged him for each paper he published and he ended up killing himself because of this. In
my opinion I understand that it was illegal but, I feel like the fines and the punishments were
extreme. So depending on which ethical reasoning you follow, in some ways the punishments
can be seen as ethical and others not so much. Would you rather be punished for doing the crime
or punished based on the circumstances? Especially with policies that are so new and still have
been edited many times according to page 23 of the CFAA and 116th Congress (Berris 2020).
As far as the rights that are protected with the policies, privacy is still protected because
for cybercrimes the proof is often found through digital forensics which includes collecting
evidence, preserving, and analyzing the evidence as well. Even though it focuses on digital work
it still follows all the privacy laws when it comes to searches and seizures so it is viewed as
pretty ethical (Jaju 2023).
One thing I will mention about the cybercrime policies, specifically the CFAA, is that it
does allow for companies who end up spending more than $5,000 fixing whatever issues came
up because of someone breaching them and breaking the CFAA as a civil claim to try and get
some if not all of the money back (Business Cyber Risk 2017). So even if the company loses a
lot fixing the issue, as long as they have proof they can try to get some back, although that may
hurt the government as far as costs go, it can very much help the victims of these cybercrimes
(Business Cyber Risk 2017).
Overall, when it comes to the ethical issues with the policies I think there aren’t very
many. Depending on which view you look at it from, it is still ethical in both utilitarian ways and
deontology ways. I think the main issues people have with it are that it needs to be more updated
to include more items and have better descriptions of what they do include.

Resources


Berris, Peter G. “Computer Fraud and Abuse Act (CFAA) and the 116th Congress.”
Congressional Research Service, 21 Sept. 2020,
crsreports.congress.gov/product/pdf/R/R46536.
Jaju, Amit. “Ethical Digital Forensics – Balancing Investigation Procedures with Privacy
Concerns.” Lexology, Ankura, 7 Apr. 2023,
www.lexology.com/library/detail.aspx?g=fb018971-9604-405b-a13c-
2ec2e3c19fcc.
Jetha, Karim, “Cybercrime and Punishment: An Analysis of the Deontological and Utilitarian
Functions of Punishment in the Information Age” (2013). Annual ADFSL
Conference on Digital Forensics, Security and Law. 7.
“What Does CFAA Mean and Why Should I Care? A Primer on the Computer Fraud and Abuse
Act for Civil Litigators.” Business Cyber Risk, 1 Apr. 2017,
shawnetuma.com/cyber-law-resources/what-does-cfaa-mean-and-why-should-i-
care-a-primer-on-the-computer-fraud-and-abuse-act-for-civil-
litigators/#_Toc303338005.

Leave a Reply

Your email address will not be published. Required fields are marked *