Cybersecurity Ethics
This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cyberethics and the ways that fundamental ethical theories relate to these core issues.
Course Material
Through the course material covered by this class, I expanded my knowledge in the following topics:
Topic 1: Right to Privacy
Going into this course, I already held strong beliefs about the right to privacy. I believed everyone was entitled to that right and that it should be strongly protected both by government legislation and by everyday citizens through protective measures taken online. I have always been able to articulate how such a thing could be attained, but never the why. For most people, claiming that “that’s just how it should be” is not sufficient reason for a right being given, especially one as controversial as privacy. However, this course has equipped me with the proper tools and knowledge to argue this point effectively. The most important of these tools is the ethical concept of Ubuntu. From studying ubuntu, I learned that rights come from the community, and if the community does not uphold those rights for one group of people within it it can easily strip those rights from everyone else as well. This is how I will argue that the privacy of all should be protected. Sure, there are people like criminals and terrorists who may use privacy to their advantage, but allowing the government to invade their privacy sets the precedent for them to do it to the rest of us law-abiding citizens. In addition, the numerous case studies I have read in the course have given me strong examples as to what happens when privacy isn’t properly protected and the consequences of such failures. If privacy is not protected, that data can easily be used to manipulate us by “trusted” companies or threat actors if the data is stolen.
Topic 2: The Subjectivity of Morality
I have always considered myself to have strong moral character and have a good handle on what is right and wrong, but I have always experienced difficulty when two of my moral values are at odds. For example, when ubuntu (or the idea I had of it before I learned of it in class) and consequentialism are two opposing sides of an argument. Going back to the terrorism example: if we take the terrorist’s privacy and use the information gained to stop a devastating attack that would harm thousands, this is a positive thing, at least if you ask a consequentialist. However, if we look back at ubuntu, we have compromised this person’s rights and thus set a precedent that can be used to compromise our own. In pondering conflicts like this, I have reached the conclusion that no moral code can be absolute. To do so places arbitrary limits on the human mind and our capacity to solve problems. It can force us to take actions that may not actually be the best course given the circumstances. I have now come to appreciate the subjectivity of my own morality instead of constantly throwing it aside in favor of an unchanging moral code. Instead of my moral code being based an unchanging treatise written centuries ago, it will instead be a flexible and ever-changing concept influenced by my own experiences and what I deem is the right thing to do. I now understand that these ethical tools are meant to be just that: tools to construct our own morality from, not ideas to copy directly.
Topic 3: The Morality of People in Positions of Power
Due to my strong positions on the morality of certain things, I used to hold a very negative view of people in positions of power, especially governing bodies and corporations. This view applied to everyone in service of those powers as well, from the lowest manager at a grocery store to the highest CEO. However, the case analysis concerning the story of a developer who wrote an online medical questionnaire that referred everyone who took it to his employer’s drug helped me see things differently. Normally, I would have seen him, as the person who wrote the quiz, as someone irredeemable. However, in reading his article on the topic and his thoughts on his actions and their results, I realize that I must be more fair to people regardless of their power in a situation. While yes, people should be held accountable, I see that the most important takeaway from a situation is not the retribution of the victim, but that the person responsible learns from their mistakes and uses that knowledge to at least improve themselves if not use that knowledge to educate others.