PHIL 355E
Cybersecurity Ethics
¶ 1 Leave a comment on paragraph 1 0 This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cyberethics and the ways that fundamental ethical theories relate to these core issues.
Course Material
Course Reflection
¶ 2 Leave a comment on paragraph 2 0 My knowledge of cybersecurity has broadened as I’ve taken part in this course, particularly in the area of moral obligations and responsibilities that are essential to maintain within the industry. It has brought attention to the ethical issues that often occur in cyberspace, which is becoming more interconnected, as well as the fine line that must be drawn between maintaining security and safeguarding personal privacy. I have developed a greater understanding of the crucial role that moral decision-making plays in influencing the direction of digital security by looking at real-world case studies and interacting with significant ethical frameworks. In addition to improving my technical understanding, this has given me a more comprehensive understanding of the social and legal implications of cybersecurity activities.
¶ 3 Leave a comment on paragraph 3 0 My initial viewpoint on whistleblowing was less considerate of the complex legal consequences that follow. Since most whistleblowers do so for a noble cause, it stands to reason that their heroic actions are worth the costs, regardless of the repercussions. The ethical considerations and legal processes that occur during the whistleblowing process and aftermath are very complex. It can have serious negative effects on a person’s reputation, career, and even legal standing. Even though the whistleblower is aware of the serious repercussions that are likely to occur, it is crucial for me as a professional to take into account the ethical considerations and legal procedures that are involved. I’ve learned from this course that the truth about whistleblowing is far more complex, particularly in light of the legal and moral consequences that follow. This course highlighted a lot of details that are involved in the whistleblowing process. As a result of this understanding, my appreciation for the ethical considerations involved has been amplified.
¶ 4 Leave a comment on paragraph 4 0 When I first started this course, I had a soft understanding of the data collection process with the perspective of it being just for convince. I thought that the advantages of customized features, focused ads, and smooth online interactions were effective ideas for a great customer experience. But the more I explored the course content, the more I understood the serious moral and legal consequences of mass data collection. It became clear that the monetization of personal information had major consequences for both social trust and individual privacy. My awareness of the dangers associated with living in a society that values data was raised, and caused me to wonder about the morality of businesses that put convenience ahead of privacy. The significance of finding a balance between the obligation to protect individual privacy and the convenience that data collecting should be of more concern.
¶ 5 Leave a comment on paragraph 5 0 If one approaches the topic of cyber wars with bias, there can be a lot of gray areas. However, in this course, we were to set aside our biases to analyze cyber conflicts between two countries. It was easy for me to understand that there are victims from everywhere when it comes to war, including cyber conflicts. This course helped me in analyzing these particular situations by assessing the cyber attackers’ motivations and whether their actions are justified. It is extremely common for cyber attackers to go for innocent civilians instead of aiming their disruptions toward more prominent figures. I believe people who are not directly involved in foreign conflicts should not have to suffer for executive decisions that were made.
¶ 6 Leave a comment on paragraph 6 0 It was easy for me to understand that there are victims from everywhere when it comes to war, including cyber conflicts. By evaluating the motivations of the cybercriminals and whether their actions can be justified, this course helped me understand these specific situations. It is extremely common for cyber attackers to go for innocent bystanders instead of aiming their disruptions toward more prominent figures. People who are not actively involved in international conflicts shouldn’t have to bear the consequences of governmental choices.
Case Analysis – Professional Ethics
¶ 7 Leave a comment on paragraph 7 0 As a new hire at a marketing firm, Bill Sourour was tasked with developing a website for patients designed to market medical products as a recommendation. This was done by formatting a quiz for medical information seekers to take that would suggest a drug product based on their answers and responses in the quiz. Even though the website has a broad target audience, this quiz was intended for teenage girls. Additionally, the website was not explicitly created to sell or advertise products, as it was stated to be a general information site. Despite this, the program was developed to suggest the same product every time, even if the quiz answers differed. This project, which Sourour developed for his company, was an attempt to implicitly promote a specific drug product. Regardless of this program being evaluated by his supervisors, Sourour and his management neglected the consequences this program could potentially have. It was later discovered that the drug being recommended through this quiz caused other side effects such as severe depression and suicidal thoughts, and a young girl unfortunately suffered these side effects after participating in Sourour’s quiz. This project raises many concerns and could have been prevented with proper ethical management. In this Case Analysis, I will argue that it was unethical of Sourour to write the code for the pharmaceutical quiz and measures should have been taken to raise more concern for the participants of this quiz.
¶ 8 Leave a comment on paragraph 8 0 The ACM Code of Ethics focuses on ensuring public trust and honesty. It does this by emphasizing the importance of computing integrity and avoiding harming any users. It also stated developers should not use their work to deceive or harm other people. Sourour’s pharmaceuticals quiz showcases the importance of the ACM Code of Ethics guidelines. When safeguarding ethical practices is neglected, consequences can be potentially dangerous. Measures that are not taken to ensure ethical practices could lead to deceptive software, which could lead to the loss of trust from clients. The intentionally biased design of the pharmaceutical quiz was disguised as a website for medical inquiry and assistance. This violates the ACM Code of Ethics’ statement on using projects to deceive or harm others.
¶ 9 Leave a comment on paragraph 9 0 Sourour mentioned that he was just trying to do his job and follow the instructions given by his management, which is a common justification presented in situations involving moral lapse, and his scenario can apply to many cases of ethical violations. While Sourour undeniably played a key role in developing the pharmaceutical quiz, responsibility does not rest with him alone. His supervisors and project managers also bear significant ethical accountability for approving and directing the creation of a tool designed to mislead users. Ethical neglect typically comes from multiple participants. Although the most explicit liability may eventually fall on one individual, many people share the collective oversight of failing to bring up ethical issues during the planning and development. Silence on confronting ethical concerns or development also violates the code of ethics. According to the ACM Code of Ethics, it is crucial to uphold the ethical duty of voicing concerns when one recognizes potential risks. It is against the Code of Ethics to remain silent in the face of morally dubious concepts or advancements. The ACM Code states that computer professionals must speak up when they see possible dangers, particularly when the welfare of the public is at risk.
¶ 10 Leave a comment on paragraph 10 0 In Armstrong’s discussion on professionalism regarding medicine, engineering, and accounting, she provides some principles on the nature of responsibility that comes with being a professional. Armstrong emphasizes the importance of professional ethics and responsibility because of the significant amount of influence an individual with specialized knowledge can have on public well being and safety. Specialized professionals in fields like medicine, engineering, and accounting hold societal trust because their line of work have a large amount of impact in other people’s lives. Armstrong argues that the amount of trust carried by specialized professionals comes with a greater amount of moral and ethical responsibility. She also states that moral obligations should reach beyond legal complicity, and standards should be upheld based on independent integrity. A professional’s independent integrity is highly important because it ensures that ethical decisions are less likely to be challenged by authoritative pressure.
¶ 11 Leave a comment on paragraph 11 0 In Sourour’s case, he has shown a lack of independent integrity while the pharmaceutical quiz was in progress. As a developer, he possessed specialized skills and insight into the structure and intent of the quiz. The responsibility that came with his specialized knowledge required further evaluation on whether his project would aid or harm the user for whom he was developing it. His insights, if used, could have prevented an unfortunate situation that resulted in a loss of someone’s life. Despite having thoughts of ethical considerations and hesitation, his justification for continuing to work on this project was due to the authoritative pressure he felt from his management. This reliance on authority over his ethical judgment is also a failure to uphold the professional obligation that Armstrong highlights in her argument. It also showcases a breach of trust that society grants professionals.
¶ 12 Leave a comment on paragraph 12 0 In Armstrong’s argument, she states that true professionalism requires going beyond legal compliance to actively assess and uphold moral responsibilities. Committing to ethical integrity can be a safeguarding method used against authoritative pressure. While Sourour may not have broken any laws or breached contractual obligations, he did participate in unethical activities while developing his pharmaceutical quiz, which was intentionally misleading. The quiz was designed to appear as a medical tool for individuals seeking health guidance. Instead, it was designed to deceive those users and was used as an opportunity to promote a specific pharmaceutical drug rather than providing an appropriate recommendation based on a user’s answers. Sourour directly contributed to an unethical practice of exploitation that prioritized marketing a product over the welfare of his company’s clients. The outcome of this project could have been prevented if more people had the professionalism to critically assess the potential risks. Sourour should have raised more questions and concerns about this project. When assigned to develop the quiz to recommend a specific product instead of providing more appropriate pharmaceutical drug options, he should have been more vocal about the concerns about the unethical nature of the quiz. As Armstrong had emphasized in her discussion of professional independence, refusing to write the code or countering his supervisor’s request for the code would have upheld an ethical standard and professional obligation to safeguard public welfare.
¶ 13 Leave a comment on paragraph 13 0 Sourour’s case highlights the ethical challenges that come with protocols that lack transparency and honesty. The pharmaceutical quiz developed in this case was disguised as a legitimate medical tool while operating as a marketing technique. The ACM Code of Ethics provides some ethical standards that can be applied to this scenario. It emphasizes transparency, honesty, and computing responsibility. This ensures clients and individuals who use these codes are not at risk of harm due to negligence from software developers. Additionally, Armstrong’s discussion on professional ethics and trust states that professionals with specialized knowledge should act with more integrity than what is required. While it may have been difficult for Sourour to vocalize his concerns about the pharmaceutical quiz he was put in charge of developing, if he had practiced better independent morals and responsibilities, the tragedy of someone losing their life could have been avoided. This case can be used as an example for many software developers and engineers and remind more professionals the significance of ethical decision-making.
Case Analysis – Data Collecting
¶ 14 Leave a comment on paragraph 14 0 In this scenario, an HR department of a private company is looking to utilize some of LinkedIn’s users’ data to develop a training process for their new Hiring Managers. The topic at hand is to assess whether or not this is an ethical method. The main ethical concerns that arise with this case are privacy and consent. Collecting scraped data is not considered to be illegal in the United States, however, social media interfaces will typically limit or ban this practice because of its ethical ambiguity. In Jason Tan’s article “The Fine Line of LinkedIn Data Scraping: Legality, Consequences, and Best Practices,” he discusses that the ongoing legal processing surrounding LinkedIn’s public data can bring consequences for those who engage with it. In this Case Analysis, I will argue that Zimmer and O’Niell’s readings show us that this company should not use scraped data because it violates the principles of consent and privacy, and bias algorithms will not be able to provide a reliable outlook on ideal candidates for new hiring managers.
¶ 15 Leave a comment on paragraph 15 0 Zimmer’s core argument highlights the ethics of collecting public data from social media without the consent of its users. He discusses the data collection of Facebook users in 2008 titled “Taste, Ties and Time,”(T3) dataset and explains how data scraping can violate someone’s privacy. While they did attempt to make data scraping safe by protecting the user’s information by trying to keep it anonymous, they were still unable to keep them fully unidentified. This showcases the limitations of safeguarding data.
¶ 16 Leave a comment on paragraph 16 0 When LinkedIn users initially create their account, they do so expecting they are setting up their information to socialize on their platform. They do not sign up to consent to third-party businesses using their public information for data scraping purposes. In Tan’s article, it is stated by LinkedIn that they do not condone companies using their platform for collecting individuals’ public data because it violates their Terms and Services. The reason for this is that it can easily be labelled as breaching someone’s privacy, even though a business may not intend to do so. Even if LinkedIn had terms and agreements that users must accept before creating an account, signing up for the social media does not directly consent to any privacy agreement for data scraping.
¶ 17 Leave a comment on paragraph 17 0 Zimmer’s main argument is consent and permission, arguing that companies should directly inform individuals whose data they intend to collect and present them with privacy agreements or data protection policies before using their information. In Zimmer’s argument, he emphasized the need for meaningful consent that requires companies to seek out individuals that would have their data collected to present them with their privacy agreement or safeguarding policy and get their permission directly. The HR department that hopes to scrap LinkedIn’s public user information reflects the complication pointed out in his argument. Zimmer has stated he fails to agree that public information being available to use signifies it is ethical to actually use it. The HR department would fall under his criticism in this case and would be considered unethical for assuming public access equates to direct permission.
¶ 18 Leave a comment on paragraph 18 0 With Zimmer’s touch on data collection, we can understand that if the HR department seeks to repurpose LinkedIn users’ data to develop training material for new hiring managers, they would need explicit permission from its users. However, in Tan’s analysis of LinkedIn, collecting scraped data is not deemed as illegal. LinkedIn does state in their terms and services that they do not allow external companies to collect any of their scraped data because of the ethical consequences of the process. While this does not legally restrict companies from publically collecting user data, it does set an ethical boundary between external parties and their users. As a result of this, if the HR department of this company continues with its plan to collect data from LinkedIn users, it can legally affect the company.
¶ 19 Leave a comment on paragraph 19 0 I would argue that collecting scraped data from LinkedIn should be avoided to respect the privacy of their users. Zimmer discussed the ethical concerns of collecting data without the consent of the affected individuals. Even though their data is public information, LinkedIn users should have the right to express whether they would like for their data to be repurposed for another organization.
¶ 20 Leave a comment on paragraph 20 0 O’Neil’s argument centers on biased algorithms within law enforcement and hiring processes. She states that algorithms on social sites unintentionally showcase certain demographics over others. While they are perceived as a neutral automated system, they actually reinforce systemic bias by excluding certain communities, which amplifies discriminatory practices. Her position on collecting scraped data supports the idea that using LinkedIn’s user data to develop training materials for new hiring managers can play a part in biased hiring. Data collection bias happens when the data scraped only represents a portion of the demographic data. Marginalized groups of users tend to be left out of the gathering process. If the HR department wishes to use data scraping methods to develop hiring materials, it could put underrepresented groups at a bigger disadvantage.
¶ 21 Leave a comment on paragraph 21 0 O’Neil supports algorithms being more exclusive and less biased because the lack of representation can be harmful to marginalized groups. For example, over policing in these communities occurs because data algorithms predict crime will occur mostly in those areas. As a result of this, law enforcement is recording more crime from this area, which then feeds algorithms with more biased data. These stigmatized communities often are labelled as crime cities because of biased data that has been collected at a more rapid speed compared to communities with less policing. The biased algorithm is a less-recognized form of systematic exclusion, but it can still be damaging to misrepresented communities. The HR department should refrain from collecting scraped data of LinkedIn user data because it does not offer a fair and inclusive set of data for disadvantaged communities.
¶ 22 Leave a comment on paragraph 22 0 On LinkedIn, there are groups of people that are overrepresented based on socioeconomics, while others are unrepresented for the same reasons. With this in mind, the HR department may assume that they will be collecting data that provides visibility for potential employees with different backgrounds. As stated in O’Neil’s argument, collecting scraped data from a social media app that has a biased algorithm would not be an ethical method to develop materials. Hiring practices that benefit privileged groups and disadvantage those with less internet presence may result from using scraped data without considering these differences. The right thing to do is to have the HR department organically collect information and develop materials for the new hiring managers without using data scraping. The algorithms that output this data aren’t reliable enough to provide authentic information for this case. It would be best to gain insights from training professionals and ethical sources of data instead. In Tan’s discussion, he emphasises the unreliability of scrapped data in his analysis and how it can be easily misrepresented. This would result in a significant flaw in the training materials the HR department develops. The hiring managers in charge of collecting the scraped data from LinkedIn would be provided inaccurate data on who is eligible to be considered a qualified employee. This further supports my argument that the HR department should collect scraped data from LinkedIn because its algorithms are not reliable enough to provide an accurate representation of suitable candidates.
¶ 23 Leave a comment on paragraph 23 0 In conclusion, I’ve argued that ethical considerations from Zimmer, O’Niell, and Tan’s analysis show that the HR department should avoid using scraped data from LinkedIn for training materials. Zimmer’s discussion on how collecting data from users on social media without their direct knowledge and consent is a significant ethical concern. While some may justify that public information equates to accessibility, it is important to acknowledge that users who create online profiles are not publicizing their information for companies to repurpose it. O’Niell’s argument discusses the bias algorithms that companies want to collect data from. Media algorithm automation unintentionally excludes certain groups of communities, which can affect the reliability of the data. It can be argued that this should not result in poor-quality materials developed for new hiring managers. However, the company would be ignoring the ethical considerations for other communities that are put in a disadvantage because of the algorithmic bias.