Over the course of this semester, my understanding of ethics in technology and cybersecurity has grown significantly. At the start of the class, I viewed ethics mostly as a matter of following rules and staying within the law. Through the case studies, readings, and case analyses I completed, I came to understand ethics as a deeper process of judgment that applies especially when laws are unclear, incomplete, or lag behind technology. Three topics that most shaped my thinking were privacy and data ethics, corporate social responsibility (CSR), and professional ethics within technical fields.
Privacy and Data Ethics
One of the first major topics we covered was privacy, which I engaged with through multiple Case Studies on Privacyand the Case Analysis on Privacy, as well as readings by Luciano Floridi and James Grimmelmann. Before this course, I believed privacy was mostly an individual responsibility—something users give up when they agree to terms of service or share information online. My position changed as I learned how technology systems are designed in ways that actively reduce user control over their data.
Floridi’s concept of informational friction helped me understand how removing barriers to data collection increases ethical risk. Grimmelmann’s argument that privacy should be treated as a form of product safety further shifted my thinking. I began to see privacy failures not as personal mistakes, but as ethical and design failures by organizations that collect and process user data. This perspective made privacy feel more connected to accountability and responsibility rather than individual choice.
Takeaway:
Privacy should be treated as a design responsibility, not just a user preference. Ethical systems must protect people from foreseeable harm even when data is legally accessible or publicly available.
Corporate Social Responsibility (CSR)
Another topic that challenged my thinking was corporate social responsibility, which I explored through the Case Analysis on CSR and readings by Milton Friedman and Melvin Anshen. Initially, I agreed with Friedman’s view that a business’s primary responsibility is to maximize profits as long as it follows the law. I believed ethical concerns beyond that were optional or secondary.
After engaging with CSR case studies and Anshen’s discussion of the changing social contract, my position became more nuanced. I realized that corporations—especially technology companies—have enormous influence over data, communication, and access to resources. Decisions made for profit can produce real social harms, even when those decisions are legal. CSR, in this sense, is not about charity or branding, but about acknowledging the power companies hold and the obligations that come with it.
Takeaway:
Businesses that shape digital systems also shape society. Ethical responsibility extends beyond profit and legality to include the broader social impact of corporate decisions.
Professional Ethics and Responsibility
The topic that felt most directly connected to my future career was professional ethics, particularly through the Case Analysis on Professional Ethics, the ACM, IEEE, and NSPE Codes of Ethics, and readings on confidentiality and whistleblowing. Before this course, I thought professional ethics mainly meant following workplace policies and avoiding misconduct.
Through the professional ethics and whistleblowing case studies, I learned that ethical responsibility often involves difficult decisions where loyalty to an employer conflicts with public welfare. The readings on care, loyalty, and confidentiality showed that ethical professionals must sometimes challenge authority or expose wrongdoing to prevent harm. As someone pursuing a career in cybersecurity, this topic made it clear that technical expertise gives professionals power—and that power comes with serious ethical responsibility.
Takeaway:
Professional ethics require moral courage. Doing the right thing may involve personal risk, but public trust and harm prevention must come first.
Conclusion
This course reshaped how I think about ethics in technology and cybersecurity. I now see ethics as an active responsibility that requires anticipating harm, balancing competing values, and making thoughtful decisions even when the law does not provide clear answers. The lessons I learned about privacy, corporate responsibility, and professional ethics will guide my future academic work and my career in cybersecurity.