Cybersecurity Ethics
This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cyberethics and the ways that fundamental ethical theories relate to these core issues.
Course Material
Reflective Writing Assignment
First Topic: Confucianism and “The Year of the Rat”
After reading “The Year of the Rat” and learning about Confucianism it felt like a very good position to have morally. Having roles is something that makes a lot of sense. It delves into the idea of what the best option is based on the role you are in. Confucianism is highly contextual which I think is the best way to evaluate things. Not everything or everyone is going to act or be the same every time it deeply depends on the situation we are given and the best that we can do within our role. I best understood this in “The Year of the Rat” when the drill instructor changed his level of strictness based on the situation. When one of the cadets died, he was silent compared to his usual demanding self. This was his role, and his role was to be strict and prepare his soldiers for dangerous situations and keep them disciplined while still maintaining a level of humility and respect. Confucianism deals with doing things that is the best overall for you and may not be the best for someone else and I agree immensely on this.
Second Topic: Contractarianism and “The Evening and the Morning and the Night”
Contractarianism to me felt very mixed based on what it applied to. In “The Evening and the Morning and the Night” It follows a girl named Lynn who discovers she would be best to work in a role based on the disease that she has. She was willing to make that sacrifice for the greater good of other people around her and possibly herself even if she would rather not do it. The one that did speak to me the most out of this view was the “Veil of ignorance”. This deals with looking at overall everything to see if it works out better or even worse for yourself and others and then making a decision based off of it. I also agree with Thomas Hobbes with that there is no “natural law”. Morality is simply society based. What was considered ethical two hundred years ago is not all ethical in present day. I agree with how we all have to hold each other to a moral standard otherwise chaos would break loose. We all agree murder and theft being wrong because it does not benefit society not just because we think it is inherently wrong. This view still is something that I feel does not apply to everything and can be misconstrued based on context.
Third Topic: Deontology and “What’s So Funny ’bout Truth, Justice & the American Way?”
Deontology is one I do not necessarily agree upon. I think it is one of those moral views that most people would not accurately identify with. Now I do agree with being “moral” and respecting others around you to a certain extent. Kant brought up an example about lying to an angry man coming to your door to look for your friend who is in the house. Lying to the man depending on the circumstance does not seem immoral to me due to the fact that harm could be possibly done. He states that deceit is disrespectful, but the problem is respect is a definition that is different to many people. Superman in “What’s So Funny ’bout Truth, Justice & the American Way?” Lied in order to defeat the enemy and making it seem like he was doing immoral things. This does not follow Deontology, but I still agree with his actions and believe they are morally justified. The problem I have with this view is the lack of context required to see something as immoral going by the definition of Deontology itself.
Case Analysis on CSR
The New York Times article “Why the Equifax Breach Stings So Bad” Ron Lieber describes why the Equinox breach has affected so many people (Lieber, 2017). He speaks to many individuals with varying levels of knowledge on how the breach has caused them issues. The data that Equinox had was personal and unavoidable unless you had lived a life free of credit, cell phones, and even some jobs (Lieber, 2017). A big issue is Equinox not being able to present proof to whether or not they knew about the breach before certain actions their higher ups were making. Equinox being a company as big as they are with all of the information they have, much of which is without a lot of people being aware of, should have had better protection as well as more effort into correcting what went wrong in the first place. In this Case Analysis I will argue that Confucianism shows us that the Equifax breach harmed many unknowing citizens by having their information and not being able to protect it as well as a lack of credibility post breach and that this was morally bad.
In Friedman’s “The Social Responsibility of Business Is to Increase Its Profits” he talks about how increasing profits is ethically the right thing to do as a businessman. In corporations the responsibilities are to make the money back for the investors and owners of the business (Friedmen, 1973). All of this while still being lawful and adhering to the basic rules of society. The main goal is to accomplish what the owners expect from you in said business while not doing anything illegal. One concept Friedman talks about is the difference between social responsibilities of business and social responsibilities of individuals (Friedmen, 1973). The example he uses is with a corporate executive. His individual responsibilities would be to his family, his conscience, or even his country. He may see some of these things as a reason to do something else in his field. In his capacity as a businessman what could he do to involving social responsibility. Friedman shows other examples involving using the stockholder’s money to benefit people like the unemployed rather than the higher qualified to reduce poverty (Friedmen, 1973). Even with examples like this, how are these actions justified when using the company’s money? This connects to Confucianism regarding roles that businessmen have. Confucianism tells us how to best live our lives as well as staying on a path to properly fill the role you have in your lives. As a businessman, their role is to do their jobs and maximize profits but at the same time keeping a level head regarding the morality in what they do. In a situation like the Equinox, one holds responsibilities in different areas regarding different roles. How the Equinox higher ups handled the breach was unprofessional. Equinox held people’s personal information without an option to opt out, added on to this they did not inform the people of the breach when it happened (Lieber, 2017). The reason people want CEO Richard Smith out of the door was because he did not properly follow his role as CEO in the handling of this situation.
Another concept that Friedman used was getting stockholders to require corporations to exercise social responsibility (Friedmen, 1973). Doing this allows things like imposing taxes and spending the proceeds on things like activism (Friedmen, 1973). This shows the owners of a company using their resources to help fulfill the social responsibilities of everyone at the company. When businessmen do their jobs efficiently and fill their role it goes along with how Confucianism works. Confucianism if highly contextual in this sense and is different when looking at the Equinox situation. In a role as a leader in a company that has so many citizens personal information the data should have had better protection as well as informing any user who possibly could have been harmed from it. A big issue that goes with this is the fact that many people did or do not know that Equinox holds their personal information (Lieber, 2017). Equinox’s leaders should have taken better precautions regarding user data and informed them that they had the data. They also should have made it known to everyone involved when the breach happened that their data may be compromised. The social responsibility lies on the people who own and make the decisions in the company not the ones that are helping run it.
Social Responsibility varies among positions and how society is operating during a certain period. This being a very context driven concept art can be hard to try and distinguish what is right and what is wrong within certain roles. In Melvin Anshen’s “Changing the Social Contract: A Role for Business” He talks about the difficulties of trying to maximize private profit with maximizing public benefits (Anshen, 2001). He highlights the issues caused by private businesses using rising living standards as an example (Anshen, 2001). Some ways to support why this works was the use of a private enterprise system. This involves putting resources controlled by skilled management to do good like improving living conditions. Another way the recognition of general affluence leads to a concern about the quality of life (Anshen, 2001). This leaves a grey area on what is considered part of the social contract when it comes to helping others as a leader of a private business for example.
When Anshen talks about the development of the Social Contract he uses Jean Jacques Rousseau’s idea that stated each member of society entered a contract that went along with other people, organizations, and the general public (Anshen, 2001). The majority’s decision making would be tolerated by the minorities for the most part and would yield a rebellion as such (Anshen, 2001). If that Rebellion were to still happen, then there would need to be a change in the social contract. This is no different when looking at private organization like Equinox. The higher ups at Equinox did not follow the social contract or even their own social responsibilities having the data of these citizens.
The Role of a business is to maximize profit, but the social contract has individuals within this business having to choose what to use the profits for. Ideally you would want to make the most amount of money while accomplishing the greater good for the public. Business leaders tend to not follow their role involving social contract due to many things. Anshen talks about how most business leaders do take involvement in humanitarian efforts but only to keep a positive look in the public eye (Anshen, 2001). It is only known due to public outcry that these investments are being made and still they are not as seen as high as they should be. Confucianism would have these leaders ready to help just as much as make profits for their companies. Equinox getting backlash for the breach happening is a result of the social contract changing. The higher ups at Equinox also not disclosing information on the breach earlier is another reason. Speculation of the president of Information Systems and the CEO of Equinox selling their stock after the breach and before it was made public is immoral, illegal and completely breaks the Social Contract. This shows that they were not trying to do what was best for society and only for their business. The breaking of a social contract or responsibility means that you are not following your role in society and in this case, it has to do with the role of being a leader in private enterprise.
The Equinox breach was an unfortunate attack that could have been prevented with better management but became worse after the leaders of the company’s handling of the situation. Using the Confucianism theory, the roles of certain businessmen vary but all hold the requirements of some level of social responsibility. The Social Responsibilities and role of a businessman vary depending on context. In this case, having access to a large percentage of citizens personal data and not being able to protect it as well as not informing the people exposed in the breach caused more harm to the consumers. Social Contract in society should heavily influence people who are in power. This contract also applies to credibility of the role that the leaders of Equinox are in. The CEO and the president of Information Systems selling their stock after the breach but before it was made public breaks the social contract making this harm morally bad as well as illegal.
Works Cited
Anshen, M. (2001). Changing the Social Contract: A Role for Business. Columbia Journal of World Business, 6-14.
Friedmen, M. (1973, September 13). The Social Responsibility of Business Is to Increase Its Profits. New York Times, pp. 51-55.
Lieber, R. (2017, September 22). Why the Equifax Breach Stings So Bad. The New York Times.
Case Analysis on Professional Ethics
In the article “The Code I’m Still Ashamed Of” Bill Sourour talks about a pharmaceutical quiz that he coded for. Bill talks about how he has been coding his whole life and had a lot of experience in the field and early on landed a full-time job with an interactive marketing firm as a coder (Sourour, 2016). One of the things that he worked on was a quiz on a website for a pharmaceutical company. The website was used for general information about certain drugs. The website and quiz were directed specifically to woman and by taking a quiz it would give you an answer. The problem starts with the requirements to code the quiz which ends up recommending the same drug regardless of the answers given unless the person is allergic or is already taking the drug (Sourour, 2016). Sourour did not see any issue with this as it was a job he was paid to do as well as being completely legal. It wasn’t until a colleague of his emailed him a news report about a girl who had taken the drug and committed suicide due to the side-effects that he felt he had done something wrong. He resigned soon after that and since then has been more careful about the work he does. Although Sourour had no part in making the drug he could have done more research about what he was coding to prevent unethical practices by big companies such as this one (Sourour, 2016). In this Case Analysis I will argue that the Deontological tool shows us that the code was morally problematic because of prioritizing the indirect advertisement of the drug rather than recommending what is best for the user and that Sourour should have done more research before accepting the project due to the code’s unethical nature.
In the ACM code of ethics one of the first general moral imperatives is to “Contribute to society and human well-being” (ACM Council, 2018). This principle goes into protecting fundamental rights and respecting the diversity of all cultures. It specifically aims at computer professionals and the importance of maintaining social responsibility when using the technological medium (ACM Council, 2018). This applies directly to Bill Sourour and the company he created the code for. Although not an advertisement like Sourour stated, the requirements to the code that were sent to him were clearly shown only to show the client’s drug. This misleads the girls taking the quiz into only thinking the drug is their best option regardless of their answers. The only thing that did not lead to it was if they already take it or are allergic. Sourour saw this abnormality in the requirements and did not think twice about it and did his “job”.
Another concept from the ACM code of ethics was “Avoid harm to others”. Examples that were brought up in this principle were loss of information, loss of property, property damage, or unwanted environmental impacts (ACM Council, 2018). Even actions that are well intended can result in something that can cause harm. If something like this were to happen it is the individual or companies’ obligation to do all that it can to fix the harm done. Regarding the case, the pharmaceutical company not only caused harm to some individuals who used their drug, due to their side effects, they also deliberately led them to their drug by fixing the quiz requirements, even if it was not the best option (Sourour, 2016). Sourour made the mistake of not having an issue with the quiz because he just saw himself as the coder. Him not declining the work or speaking on the issue caused the problems to happen that resulted in harm coming to some of the women.
Deontology focuses on why people think certain actions are right or wrong. People should not do things that are good for bad reasons, they should simply do them because it is the right thing to do. Bill Sourour’s initial reaction to the requirements on the quiz that he coded were unethical. His thoughts were that he had no real responsibility even if it did take advantage of the women who took the quiz. It was not until he learned of the girl who had killed herself that he regretted his actions knowing that it could harm someone close to him like his sister (Sourour, 2016). Categorical Imperative is a moral reasoning that essentially states that you should treat everyone with the same level of ethical respect regardless of what they have done good or bad. After Sourour resigned he followed a mindset similar to this and made sure what he was coding was being used for harmless purposes no matter the price.
This case being one hundred percent legal makes the decisions that are being made double immoral if taking advantage of a party, in this case it would be the women taking the quiz. The pharmaceutical company had the complete opposite mindset of deontology. They were not concerned about doing the right thing and were prioritizing their product being advertised instead. If they were to follow the deontological ideology, they would have made the quiz to actually take into account the answers the women gave instead of based on only three factors which most of which led to their drug. Sending out information about something that can help people is a good thing but, in this case, it is only to get people to use their drug.
In Mary Beth Armstrong’s work “Confidentiality: A comparison Across the Professions of Medicine, Engineering and Accounting” Deontology is used to justify confidentiality based on four reasons (Armstrong, 1994). These are: individual autonomy over personal information, respect for relationships among human beings, obligation based on a pledge of silence and utility to persons and society (Armstrong, 1994). Regarding the pharmaceutical company that created the quiz, they do not follow any of these principles. Confidentiality was not a priority for the company anyways, but they still did not disclose how the quiz worked. They were able to obtain information from the women taking the quiz but did not actually use it and led them to believe that the answers they gave actually mattered when in reality they did not.
One concept that Armstrong talks about is whistleblowing. Whistleblowing is when someone from inside of an organization exposes them for illicit activities (Armstrong, 1994). A breach of loyalty is seen from people who do this and offers a mixed response from the media (Armstrong, 1994). In terms of being ethical whistleblowing makes sense. If exposing a group of something immoral prevents them from continuing to commit such acts, then it is ethical. Also, if the whistleblower is committing the act for the right reason not for money or revenge. Kant’s view on deontology states that one can do something that resulted in good things but were motivated by bad reasons and this is still considered wrong. If someone is directly involved in something immoral and they know they have a chance at stopping it, they should try. Whistleblowing can be unethical if things are exposed that are supposed to be private. Even for the greater good deontology states that you cannot achieve good with being bad.
Armstrong talks about an uncertainty of outcome regarding how strict certain duties need to be accomplished in order for something good or bad to happen (Armstrong, 1994). She states that “usually if a negative duty is violated some bad will come of it but if a positive duty is violated the bad part can be avoided by other means (Armstrong, 1994). A negative duty in our case would be the requirements in the quiz that make the drug show up under strict parameters. Less harm would have been done if the company made the quiz honest. The pharmaceutical company’s responsibility was to make something that helps people not only themselves. Sourour’s situation is a complicated one. Ethically he could have declined to create the code and even called the company out. Problem with that is what they did was completely legal and most likely could have hired someone else to accomplish what he did anyways. Calling the company out could create a negative public opinion of the company and maybe sway them into doing the right thing but even then, the company would still be unethical because they are doing it for the wrong reasons. What Sourour did was immoral because he knew that the quiz was taking advantage of these women, but he did not care as it was a job he was assigned and rewarded well for. On top of that it was completely legal. Regardless of if Sourour was getting paid top dollar or not, he is negatively affecting a group of people by taking part in the company’s unethical practices.
The Pharmaceutical quiz was an immoral attempt at getting women to use their drug. The requirements made on the quiz answers made most of them invalid. Sourour also unethically created the code for the quiz with the requirements knowing it was tricking women. It was not until he realized the side effects of the drug caused depression and possible suicide that he changed his views. A Deontologist perspective wants to create the best outcome without doing anything immoral and this was the complete opposite. The Pharmaceutical company should not have created such a quiz. They should have utilized the answers that create the best possible outcome for the women that took the quiz. Sourour regardless was what he was getting paid to do should not have accepted being part of an unethical practice that has prioritized the company and not the users taking the quiz. Although not illegal both parties were certainly unethical in their reasoning and actions.
Works Cited
ACM Council. (2018, March 7 ). ACM Code. Code of Ethics.
Armstrong, M. B. (1994). Confidentiality: A comparison across the Professions of Medicine, Engineering and Accounting. Professional Ethics, pp. 71-88.
Sourour, B. (2016, November 13). freeCodeCamp. Retrieved from freeCodeCamp: https://www.freecodecamp.org/news/the-code-im-still-ashamed-of-e4c021dff55e