Cybersecurity Ethics
This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cyber ethics and the ways that fundamental ethical theories relate to these core issues.
Course Material:
Cybersecurity Ethics Reflection
Many lessons were learned while I took cybersecurity ethics but three stood out to me that I think I will use when I begin to start my career in cybersecurity. I feel these are the most important to me because they all create the bases of what type of mindset and things that should not be overlooked or poses a strong sense of detail. These three I feel will lead to an employer to trust my judgement and know that I understand the personal lines of work and home.
What I got from the class is the importance of privacy and how it effects the ways we use different websites like Facebook along with the importance of protecting our privacy in cyberspace and in the real world. As technology continually advances through the years, we have seen it began to show more users’ personal data like address, phone numbers, and surrounding areas unintentionally. What I have understood that we must be educated on what it means to keep information private or if not be able to know where to find where our information is being stored or who we can be in contact with if we want something done like the example of alerting google about blocking out certain information on street view. We all are entitled privacy with no restrictions to age, race, religion, and other characteristics allowing us the freedom to keep information to ourselves unless we choose to disclose the information. A takeaway from this is we must be more vigilant to what we agree on or what we share on the internet no matter who you are or what you have done in the privacy of that person and who the share the information with.
Corporate social responsibility puts into prospective the importance of role we must be responsible for within the cyber community and how our actions can affect mass of people’s personal information being leaked to unwanted hands. This can be broken down to responsibilities between subordinate and supervisors, public users and admin users, and down to people in the know and people who need to know. When responsibilities are not followed, it can lead to vulnerabilities that can cause major damages to plan or organization like an information leak or a whistleblower within. After learning the risk of these leaks damaging to a person’s personal information it can also be damaging to a business or corporation. We must take responsibility for what we are protection as cybersecurity workers. When securing information, we must make sure we have all points covered when at threat occurs and the ability to react fast. A takeaway from this is we are the first line of defense when it comes to protecting private information.
When understanding professional ethics aligned all the topics into an understanding of how what we have learned in this class is used in a work environment and the decisions we make when we are programing or managing projects. These professional codes of ethic regulations explain to us how professional behavior allows the workspace to be calm, flowing, and minimize issues within. Some pertain to the use of computer networking while the others are directed more towards the relationships between employees and organization or consumers. By us being in the network community we must abide by the guidelines of ethics, it keeps relationships strong and intact, while maintaining trust between each other. A takeaway from this lesson was that a strong relationship will affect a workspace or organization positively mentally, socially, and professionally because we are more trusted to do the right thing while keeping what we believe is right based of decisions as a group or individual. These three topics are the most missed when involved in work especially when the stress levels are high, and we begin to cut corners. By understanding the risks of releasing data privacy can snowball to damaging consequences including construing of roles and not following professional ethical rules. We have read the articles of the damages and repercussion not following these ideas have so now I feel we have the tool to make sure what we produce will follow the right path and gain the trust of our peers and society.
Case Analysis on Privacy
When new technology is revealed to the public that can beneficial it becomes the new tool people spent the time to figure its limits and understand how to use it. On the same side it can be exploited by people for ease of access to thing that should be off limits. Most technological advancements do help with social problems like GPS, Cellphones, and internet creating a larger community. When technology is used by the dark corners of the world and are used for malicious intent. Who is responsible and where is the line of ethnics when technology is used and exploited by criminals? I argue that the deontology of Google’s street view should have token precautions to keep the privacy of people’s appearance, property, and location secure and take ownership of actions caused by criminals using google street view to commit crimes.
In the article from Floridi she stresses that privacy are freedoms that we are born with. The writer breaks these down into four main freedoms of privacy starting with physical, mental, decisional, and informational. When she speaks on physical, she is referring to the privacy of her own space and the disruption of her space including her body. When thinking about physical privacy in America we have a set of law that protect this type of privacy. These include laws of harassment, assault, robbery, and other related laws to protect property and bodily harm. When she talks about mental privacy, she focuses on the use of psychological techniques to control a person opinion. This could suggest to the government using mind control practices on the population to pass legislation or to enforce a plan into action. Her third freedom is based on decisional privacy which gives us freedom to have a choice to do what we want. This includes basic things like religion, education, and a list of other things we do in our everyday life. This is also highlighted in our constitution when you read the Bill of Rights. They give us the right under law to have choice and we can add in the contribution that the Civil Rights Movement allowed the abolishment of the Jim Crow Laws. Her forth freedom is a grey area when you think about information privacy due to other laws and policies set in place. Yes, we have freedom to information, but the information is limited to the laws and policies of the land. This leads to what extent is ethical and what is unethical when looking for information or hiding info from the public.
This is when you look at google street view and how it can intrude on all these freedoms because of how people’s information can be seen by the description of the photo taken that day. The issue with google street view it can be used for ethical reasons like looking for a location and having a physical description. The other side of this is the information can be used for the wrong reasons for illegal activities and invading the privacy by displaying their information, then can lead to intrusion of mental privacy. The unethical way google street view can be used is to spy on personal property or the person in general. With all the technology that goes into google street view makes it easier to find a person based on the photos taken when the car passes by. Even if the faces were unrecognizable someone can identify the person their looking for by the time, clothing, and building surrounding that person. When you use this information and put it all together it makes it easier for a person to know the area a person lives, the path they take to and from work, and the person’s daily schedule.
The deontology of google street view is a good tool when using it to find location because you can reference the surrounding locations or use it to familiarize an unknown area. What google should have done was focus the pictures more on the landscape and buildings. Google should have a program that generates computer models to take the place of the people that are with in the pictures and black out or remove the cars on the roads.
In Grimmelmann article he makes a point about how privacy is very accessible due to social media and how we overshare personal information on websites like Facebook. What he does is try to debunk the myths about the actions and activities that users on Facebook do that are not protecting their privacy. In his first myth he starts with Facebook users oversharing information about themselves. He states that most users will share almost all their information down to the color a user’s underwear. Media have capitalized on this by airing more reality shows to network television along with social media accounts. This leads to more users to reiterate the same post these celebrities do, in hope to become famous based on number of likes and follows. This widens the gap of users who understand oversharing and users who do not or uneducated of the precautions of oversharing privacy information.
His second myth is based on users making rational choices with their privacy. This is a slippery slope because some user’s choice to protect their privacy, but they may create vulnerabilities like weak passwords, falling for fake website ads, phishing, and post that show private information. The unethical thinking is the Facebook preys on the individuals that do not think about their privacy because they are too young or do not understand what it means to have user data private. This makes it an easy target to direct advertisers to their account because of the ease it is to reach their profile. When it comes down to being Facebook famous it seems that you must lower the user’s protection of privacy, doing this leads to more accounts able to reach that users profile without the restraints of being accepted. In return this leads to a more marketable account depending on who the audience is and the flow of traffic, but this can also lead to being targeted by people with illegal intent. With popularity and a weak level of privacy protection makes it easy for you to be targeted in real life. With a platform of so many people and information shared everyday a user can become other users target by a post or comment a user took offence to. By having weak protection can allow the user to look up their name, appearance, and pictures to reference of where they are located. With the help of Google street view has made easier for a person to be found with the information off a user profile. This can lead to dangerous situation happing to these Facebook users which can possibly turn into a life-or-death situation.
The deontology of google street view is that when it is used it is a great tool when used for its intended purpose, but it is used for illegal actions, it becomes a tool the invades the privacy of many people. When you think of how deontology is practiced by the company it becomes hard to decide because when the actions are taken, and the tool is used by criminals to commit crimes you began to wonder if the company that owns the technology should be responsible? It would be considered unethical to know that many people are being targeted by personal profiles of Facebook and located by using google street view to commit crimes, but as a company know this and look the other way instead of addressing the situation or figuring ways to prevent the event from happening.
Case Analysis on Data Ethics
The European union has adapted a new policy to will now be in place to protect citizens privacy when surfing, transferring, and communicating over the internet. These are a list of regulations the hill explains what will happen if the is a data leak, who is responsible, and what actions will be taken. The group of standards is called The General Data Protection Regulation (GDPR) and will be used as the basics for any digital law dealing with civilians’ private personal information. In My case analysis I believe consequentialism proves to us the United States should not follows Europe’s regulations because of how different our society, economy, and government holds power over its civilians. Within the two articles that I read and the understanding of consequentialism I was able to decide this would not fit American society. When reading a thing to remember is what things in America are, we allowed to do and have compared to most European countries and how would it effect the people from a financial standing.
In Zimmer’s article he explains what the three t’s are and how they can affect personal privacy on social media, web surfing, and other cyber uses. He digs into how creating too many standards can create failures in the ethics of cyber communication. To start it brings the question to how much personal information should be collected and stored in databases. In government regulated databases the risk if improper access to the information becomes greater due to the quantity of information being saved. When holding person information, you must account for security on both fronts, physical and in the cyberworld. He also explains how it can create gaps depending on each country in the European union due to the different laws of the land and how to handle vulnerabilities under the European union. Other issue can occur when processing all the data but, at the same time it can still lead to many errors accumulating causing vulnerabilities.
GDPR as of now hold all the European union’s civilian’s personal information in selected database split between controllers and processors. The controllers determine how they will be processing the data and are the ones responsible if a data breach occurs. An issue that can be brought up on why this would not work in America is that most companies in America would not want to be responsible for vulnerabilities that can the movement of their company’s integrity and funds. The internet is monitored by the government of the countries within the European union and are enforced in conjunction in similar fashion between the country and the European Union. The views of what is right and wrong can be overlooked based on stakes of the company has and the amount of information is shared between government. Most companies in America do not want to spend money on threats that are caused by the masses of the people because of the laws in America and how easy legal action can be taken, costing them large amounts of money and blemish on their representation if they are found in the wrong. GDPR can be based of the understanding of utilitarianism because when you read the regulations behind GDPR you can see that it is bases on fairness on both sides. A company should be responsible for allowing a threat to penetrate the network and release people’s private information. By not implementing the GDPR in the US allows for the freedoms that we are given in the constitution like freedom of speech and freedom of religion. There are freedoms all for us to speak our minds on social media and make opinions about thing we do and do not like about our government or to ask for change like BLM, Civil Rights Movement, Right Wing, Gun laws and other social issues we want to address in America. If we were to adopt the GDPR these freedoms would be lost because the internet would be monitored by the government and if they find something that be treason to the country, you can be tried under federal law. By not adopting the GDPR it would allow people in all levels to call out companies when they are doing things that are wrong, it would add more power to the population and not the government.
In Buchanan’s article he explains how companies uses hashtag trends to try to collect information on active user’s social media profiles like twitter. What is being understood is the following hashtags are unreliable to understand marketing but intrudes on people’s freedoms, especially in America. In the article the research data they followed were the hashtags used that included societal views like ISIS, BLM, and other political or social organizations. It brings the question, when looking at hashtags people use on social media ethical or unethical because it intrudes on people’s rights, privacy, and political views based on countries laws. It would be unethical for companies to take the data collected, filtered between what they feel is right or wrong then turn over the data to the government because in America it violates our first amendment rights and creates chaos between people’s everyday life.
An example can be the Red Scare during the beginning of the Cold War. During this time America was on the verge of was with Russia formally known as the Soviet Union. America wanted to contain the spread of communism from taking over the world. This event in time and what Buchanan’s article parallel each other. The differences are that when the threat of communism surged into the public people began to point fingers at Americans who they though were communist or spies for the Soviet Union. This led to the uncovering of user data to prove these points, leading to people being imprisoned, ostracized, threatened, and other factors they would devastate the person they accused livelihood. Using the same tactics for then today follows the same path. The difference is that instead of it being in controlled area its global and can be used to invade someone’s privacy because of the hashtag they used. It effects the user in the same ways because when that hashtag is used on that account they are watched by the government and depending on what used data they have it can lead to being charged and imprisoned or other measures taken. All while the companies hold the user’s data for the highest bidder.
America’s privacy act is like the GDPR used in European union but indifferent on implementing the rules and regulations on companies. In compares to America, both policies focus is to protect the citizens personal information from being use without consent or being leaked to other entities that could benefit from the information. They both contain information on how to go about safe keeping information while on the world web. It labels what is considered as personal information and how it should be safeguarded when transferring between companies and other host by laying out guidelines that must be followed. They also share similar ideas of regulations that support what happens when there is a breach in the network. What is different is the under the GDPR the company is responsible for the breach compared to Americas privacy act which the responsibility is on the individual.
A big reason these policies would not work in America because it will clash with the laws of the land and the agendas if the companies. In America runs off the power of companies and anything that threats their assets could damage the economy of the country. An example would be the stock market crashing in the 1920’s and how the economy completely failed leading the great depression. When this happen the U.S civilians were not the focus, funds and aid was mostly toward the companies so they could stay afloat during this period. When you research about the great depression you can see that the American government sees the if the economy is good then the people will be good to, instead of the other way around. Since the laws we have allow for us certain freedoms that European countries do not have, this allows us share what is public and what is private. In conjunction with the laws America has a thing about how we can take almost anything and anyone to court and the fact the there is only unified law of the land for all states, and that America is a capitalist nation creates too many infractions between GDPR and the Constitution. By not adopting the GDPR we have more freedoms to read, post, watch, and create without the government censoring it. It would decrease the amount of violence because allow the population relieve aggression and allow children to be creative instead of trouble.
These is why I believe consequentialism proves to us the United States should not follows Europe’s regulations because of how different our society, economy, and government holds power over its civilians. Our society has been made to focus on the economy to stimulate the way of life and how most things we use and do are influenced by companies. Compared to Europe where most countries are family oriented and rely on family business making GDPR more affective for the individual than to a company. You can make the opinion that my argument is bias or that I am only looking on at one side. Can America benefit from GDPR regulations or is America just fine with the privacy act? Well, based on the history of previous events that I have mention, American track record shows that they focus on companies and these companies will not take responsibility for an attack on peoples personal information.