Computer Security Ethics Legal Issues Privacy Ethics Definition

Computer Security Ethics, Legal Issues, Privacy

Ethics Definition – moral ideals and principles that govern behavior for the good of the individual and society Purpose of discussion n Not to say what’s right or wrong, but to raise issues that we need to consider in the context of computer security

Cycle of Development of Ethical Positions and Legal Rules in Response to Technology (Oz, “Ethics for the Information Age”) Ethical Values Discussion New or Modified Technology Legislation

Ethics in Cyberspace Computing technology changes very quickly Changes raise new ethical questions Decisions are made without the opportunity for well-reasoned deliberation

Importance of Ethics in Computer Security Your security knowledge and behavior affects others n n e. g. , Robert Morris Internet worm (1988) http: //www. swiss. ai. mit. edu/6805/articles/morrisworm. html Important to consider the impact of your actions n n n e. g. , security policies affect privacy e. g. , security work may give additional privileges e. g. , hacking causes time and financial resources to be spent

Computer Ethics Resources Computer Professionals for Social Responsibility n http: //www. cpsr. org Electronic Frontier Foundation n http: //www. eff. org ACM Code of Ethics n http: //www. acm. org/constitution/code. html Sample Security Professionals Code of Ethics n n http: //www. issa. org/codeofethics. html https: //www. isc 2. org/cgi/content. cgi? category=12

Legal Issues in Security Many relevant statutes for information security n Federal Computer Fraud and Abuse Act (1986) (Morris) Electronic Communications Privacy Act (1986) Computer Security Act (1987) (Mitnick) Digital Millennium Copyright Act (Intellectual Property - 1998) Health Insurance Portability and Accountability Act (HIPAA (2000) Public Company Accounting Reform and Investor Protection Act (Sarbanes/Oxley Act - 2002) n State general laws on trespassing, theft, fraud, property damage specific laws on computer data, usage

Problem: Which Laws Are Relevant? Randal Schwartz case n n n http: //www. lightlink. com/spacenka/fors/ convicted under Oregon Computer Crime Law did his actions constitute: trespassing? theft? altering data? fraud? none of the above? n related questions: were his actions unethical? were his actions improper in any other sense?

Case Studies http: //www. unknownnews. net/040123 spyin g. html – Political Information Gathering http: //itmanagement. earthweb. com/secu/ar ticle. php/2217781 - Virus Writing 101 at University of Calgary

The Legal Point Computing and telecommunication technology is changing so fast that laws are being: n n applied in new and innovative ways generated with only partial understanding of their consequences Computer security workers must be careful that their work is not construed as being illegal

Privacy Issues Computer Security allows us to maintain privacy n n n Much more information available Easier to correlate once the Internet became available Without security, personal information can be read, taken, or altered

Privacy for whom? n Individuals on a personal level n e. g. , personal firewall on home computer on a global level n n e. g. , keeping records of you from others (credit, government, business, medical, …) Businesses protect against industrial espionage

Privacy Resource Electronic Privacy Information Center n http: //www. epic. org

Summary Important to keep issues of ethics, legal ramifications, and privacy in mind as a computer security professional Lines between ethical/not ethical and legal/ illegal are not always clear – need to think and act carefully Important to use computer security skills in ways that: n n “contribute to society and human well being” (ACM Code of Ethics) “avoid harm to others” (ditto)