Cybersecurity Ethics
This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cyberethics and the ways that fundamental ethical theories relate to these core issues.
Reflective Writing Assignment
Throughout the course of this class, I’ve encountered many different topics and perspectives that have either challenged my pre-existing views or helped me gain a deeper understanding of key issues regarding a wide range of concepts:
One of the topics covered in this class that helped increase the depth of my knowledge and understanding is the unauthorized secondary uses of data, which came from the second module involving data ethics. The topic came up predominantly within the supplementary texts provided to answer the case analysis question, wherein the text reviews an incident where researchers overstep their academic boundaries and unethically glean the personal information of a group of Facebook users. The researchers essentially used a source inside the social circle of this group to record identifying information to use in a dataset. While the researchers ended up not obscuring the identities of the Facebook users well enough and caused a large leak, the most impactful part of the review came from their justification to use the Facebook group’s data. Their primary justification for using the data gleaned from the Facebook profiles was that every piece of information taken was completely public and available to the world. Before taking this class, I would have agreed with the researchers that anything a person decides to put online is fair game. However, the counterarguments against these researchers claimed that while their information was public, the social structure of an environment like Facebook is not either all public or private. Facebook, and other sites like it, are more of a collection of social bubbles and communities where different standards and ways of communication can be established. By using an inside source within the Facebook group to take information, the researchers have breached the group’s expectation of privacy and autonomy. These readings opened my eyes to the varying degrees of privacy that are contextual based on the different variables present in a certain circumstance. Whereas previously I would assume that since data is public its owner should expect the world to see it. A major takeaway from this topic would be to consider the context by which privacy is expected and to plan research or data extrapolation with those variables in mind.
Another important concept that made me change my perspectives comes from the primary reading for the fourth case analysis: “The Code I’m Still Ashamed Of”, by Bill Sourour. The article goes over the ethical responsibilities a developer has to uphold as one of the last lines of defense against a product that could prove dangerous to the public. In the article, Sourour works on a website and quiz that pretends to be informative but only recommends a certain kind of product. Apathetic to the potential unethicality the quiz presents, he submits the project and it goes public. Only after he gets word of a teenager committing suicide from the after-effects of the drug his quiz recommended does he understand the severity of his actions. I had always thought commercial developers were neutral in the creation of their products, and that the responsibility of using their products in good faith rested with the decision-makers of the company. Now I have a better understanding of the ethical duties developers and similar positions have to the public as a last line of defense. An important takeaway from this lesson would be that regardless of your position in a company, you have a duty to the welfare of the public to raise concerns for potentially dangerous or unethical practices.
A change in a very long-maintained perspective of mine came from one of the supplementary texts for the fifth case analysis on whistleblowing. Before this class, I had always assumed that to whistleblow an organization the employee would have to betray their loyalty to said organization. However, the supplementary texts introduced the concept of rational loyalty, a reconceptualization of loyalty’s definition and nuances that tackles the conflict of loyalty between an organization and the welfare of the public. In the texts, the idea of loyalty is changed based on the aspects that created the conflicts. The idea of rational loyalty revolves around the duty and responsibility of an employee to uphold a series of core values, codes of conduct, and mission statements of a company. The company in turn creates protective measures and internal channels by which employees can safely raise concerns about certain issues without breaching confidentiality. The decentralized nature of rational loyalty and corporate responsibility to safe internal whistleblowing removes conflicts between honoring company policy and the betterment of the public. These readings provided me with a deeper insight into the loyalty structures in employee/company relationships, and a valuable takeaway in the form of researching prospective working environments to see how they institutionalize internal whistleblowing, if at all.