Cybersecurity Ethics
This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cyberethics and the ways that fundamental ethical theories relate to these core issues.
Course Material
INTRODUCTION
During this course, I’ve engaged with a number of topics which I either hadn’t thought about before, or my understanding was very basic. Throughout this degree program, I’ve been learning that, legally and philosophically, society is still at the very beginning of reckoning with the degree to which the internet has completely transformed global society. Philosophy and law influence each other, and so I really enjoyed reading some of the foundational philosophical frameworks that have helped shape society to this point, and the ones that are looking to the future in order to help us build a secure foundation for future generations.
This course is a writing-intensive course, and for this assignment we were instructed to select from our assignments three topics, perspectives, or positions with which we’ve engaged and discuss how they’ve changed our own perspectives on the issues. For my selections, I’ve chosen Privacy, User Data, and Corporate Social Responsibility.
PRIVACY
The most interesting thing about this module for me was the scholarly work presented about the conception of privacy itself. I would think that most of us believe we understand what privacy means, but the most striking things for me to learn about were the concepts of static and dynamic privacy, discussed in Floridi’s The Fourth Revolution, which is what he calls the transition into the Information Age. Static privacy can be considered the “old way,” before the revolution, where people were largely anonymous, access to information about other people was much more restricted as a function of the “information landscape” having “high informational friction,” to borrow Floridi’s terms. Post-revolution, Floridi notes that not only is it trivially simple to access others’ personal information, but people often freely volunteer this information themselves. Consequently, people have adapted their conceptions and applications of privacy with more nuance, choosing carefully what information is shared in a given context.
Grimmelman, the other author studied in this module, also shows that privacy has become a highly contextual, nuanced, individual decision, and uses this to debunk four myths about Facebook users and privacy. Grimmelman then proposes that privacy should be considered a commodity, subject to the same consumer protection regulations as automobile manufacturers, for example – to get entities who make money from users’ data to get some “skin in the game” by putting some of the liability on their shoulders.
Both of these ideas were completely new to me, and helped me to understand how society’s relationship to privacy has been completely transformed by our transition into the Information Age. I also agree that there is some responsibility borne by enterprises who trade in user data, and I think these arguments will help lay legal foundations for better consumer protections in the U.S.
USER DATA & GDPR
When the General Data Protection Regulation (GDPR) took effect in the European Union in 2019, I had heard about it, but I don’t recall it having much effect on my life other than suddenly having to answer a lot more questions about cookies. This unit helped me to understand just how important and groundbreaking the GDPR is as a legal framework.
After completing this module, I’m confident that the GDPR will be used as a basis for other nations’ privacy laws. It clearly outlines the different types of parties who are subject to the law, as well as who has which responsibilities and rights, without giving up the generality that allows it to adapt and evolve to meet unknowable future privacy needs. I think it goes a long way toward closing the loopholes that are bound to appear when “new” technologies are governed by “old” laws. I’m encouraged that California has enacted privacy laws very similarly to the GDPR, and I look forward to the day that the U.S. as a nation adopts something similar.
CORPORATE SOCIAL RESPONSIBILITY
In this module, we covered two authors I had never engaged with before, Melvin Anshen and Milton Friedman. I had heard Friedman’s name before in discussions of the “greed is good” corporate hedonism of the 1980s, but I’d never engaged with any of his work. I had never heard of Anshen before. But in this module, we were presented with their opposing viewpoints on the issue of corporate social responsibility. Friedman argued that there was no such thing. Anshen, rather than simply taking a contrary position, allows that there may have been an arrangement of “the social contract” which was compatible with Friedman’s viewpoint, but that the contract is continually being revised as new technologies and economic ideals are introduced to society at large.
These readings were presented in the context of analysis of Ron Leiber’s 2017 New York Times article “Why the Equifax Breach Stings So Bad.” Until reading this article, I hadn’t realized just how big a mistake the breach was, how much of the responsibility Equifax bore, and how pitiful their response was. Lieber’s article includes many responses he solicited from the public about the breach, and the overall impression was hopelessness at how deeply ingrained in our economic lives the credit reporting system has become.
This module helped me to frame the Equifax breach in a new context, and instilled in me the idea that we can and should amend the social contract to reflect the current societal values.
CONCLUSION
This has been a very challenging, interesting, and rewarding class. I’m hoping that, as I progress through my career, I am able to preserve the mindset that everything we do now is shaping future generations. I know we can meet the challenge.