Computer Security and Ethics
The study of ethics entails the subject of study, which deals with differentiating what is wrong and what is right. Ethicists endeavor to legitimize their ethical judgments by reference to the moral standards of hypotheses that attempt to catch our ethical instincts about what is good or bad. The two hypothetical methodologies that are most regular in morals are consequentialism and deontology. Consequentialist approaches accept that activities are not right to the degree that they have bad consequences while deontological approaches expect that individuals have moral obligations that exist autonomously regardless of what good or bad that may result from their actions. Therefore, the moral standards may determine legislation. However, it is perceived in morals that legislation cannot work as a substitute for morality. In fact, people and organizations are regularly required to not only consider whether their actions are allowed by the law but also to consider the morality of their actions (Brey 21).
Computer security relates to the steps taken in a bid to ensure the required level of integrity, confidentiality, and typical protection against the misuse and malfunction of both the computer system and the data it may contain. Computer security may be divided into system security and information or data security. The former is the protection of the hardware and software components of the computer system from sabotage and malicious programs. On the other hand, the information security refers to the protection of data stored in the computer system to ensure its confidentiality, integrity, and availability (Brey 22).
Computer Security and Ethics
In computer security, one security feature often represents an advantage and a disadvantage at the same time often leaving one in a dilemma. One example is when security features are enabled to protect personal privacy, on the downside this security feature can also be used to deny access to personal information to a person who has the right to access that information. These antagonistic characteristics of computer security show the ability to be either constructive or destructive (Neumann 209).
Compromises of computer security may bring grave damages to the system and the individuals or organization involved. This may happen in purported safety-critical systems, which are computational frameworks with a segment or constant control that can have a direct life-debilitating effect. The illustrations are computational frameworks in nuclear reactor control, flying machines, and aviation authority, and restorative treatment frameworks. The corruption of different sorts of frameworks may likewise have life-debilitating outcomes in a less direct way. These may incorporate frameworks that are utilized for monitoring or decision-making. For instance, the systems utilized for scaffolding configuration or medical diagnosis (Brey 23).
Breaches in information confidentiality may result in additional harm and lead to a violation of rights. Outsiders may breach the confidentiality of data by accessing it, duplicating, and spreading it. Such activities may abuse property rights, including intellectual property rights, which are rights to claim and utilize scholarly works; for example, aesthetic or artistic works and industrial plans. Somebody who has the privilege to determine who can get to and utilize the data should only possess the data and this privilege can be abused. A breach of the confidentiality of information may as well violate privacy rights. This happens when data that is obtained incorporates data about persons, which should be confidential. Notwithstanding, the infringement of property and privacy rights and a breach of confidentiality may likewise bring an assortment of different damages because of the spread and utilization of private data. For instance, a scattering of internal memos of a firm harms its image, and compromises of the privacy of online credit card exchanges undermine trust in the security of online money related transactions and damages e-banking and e-commerce operations (Brey 23).
Compromising the availability of data can disregard freedom rights, especially when they are deliberate, particularly the rights to freedom of information and free speech. Jeroen van den Hoven has contended that access to data has turned into an ethical right of residents in the information age since data has become an essential social good as well as a noteworthy asset vital for individuals to be fruitful in the public eye (Brey 24). Closing down fundamental informational administrations could damage this privilege to data. In addition, the computer system networks have become vital as a medium of expression. Websites, e-mails, social networks, and different administrations are used to share information with others. At the point when access to such information is obstructed, or in the occasion through the refusal of service breaches or hijackings of sites, such acts are legitimately considered as an infringement of free speech. Computer security efforts to establish safety regularly avert harm and secure rights, but they can likewise bring about the opposite (Brey 24).
Hacking and Ethics
An extensive piece of computer security is concerned with the insurance of computer assets and data against unapproved, deliberate break-ins or disturbances. Such activities are frequently called hacking. In essence, hacking refers to the use of computer skills to gain unauthorized access to computer resources. Hackers are profoundly gifted computer users that utilize their abilities to obtain access to, and frequently form groups or systems with different hackers to share knowledge and data. Hacking is characterized by the picking up of such unapproved access for vindictive purposes such as to take information and software, degenerate data or disturb system operations. Self-distinguished hackers, in any case, make a distinction between non-malignant break-ins, which they depict as hacking, and malicious and problematic break-ins, which they call cracking (Brey 23). Self-recognized programmers regularly legitimize their hacking exercises by trying to justify that they bring about no genuine harm and rather have a positive effect. Some of the arguments put forward are discussed below.
The Idle System Argument
One argument presented by computer hackers is that they are just utilizing idle computers. This statement is based on the argument that since some computers are not utilized to their maximum potential, this gives them (hackers) the right to use them. This argument, however, does not stand. First, the systems are not usually set up to offer the standard computer services. On the contrary, they are in fact set up to be used in specific industries like medicine, public safety, business, research, and government institutions. The underutilized capacity is usually provided to create room for future expansions or developments due to certain forces like advancements in technology or spikes in their activity and not for supporting outsiders. If underutilized processor memory was made available to the public, the system would be so overloaded that it would hardly accomplish its primary purpose. Besides, it is hard to find a logical reason that would justify why an individual would purchase and maintain a system only for others be granted the right to use the system when it is idle (Spafford 235). The purported assumptions that unutilized computing capacity of one individual’s system is a shared resource and privately developed and owned software belongs to everybody is unethical.
The Student Hacker Argument
Some hackers defend themselves by saying that by carrying out their hacking activities, they don’t intend to do any harm but are simply trying to learn and understand how computer systems work. They contend that it is expensive to buy computers, and they are therefore furthering their studies in a cheaper way. Some computer virus creators have gone ahead to claim that their viruses do not cause any malicious harm, but they rather just try to learn how to create complex computer programs.
Again, this argument has many shortcomings. Developing viruses or hacking into other people’s computer systems does not concern education in any way. Rightful education in computer science and similar courses involves the exposure to critical aspects of theory, and design techniques of which hacking and malware creation does not contribute to. In addition, somebody who is trying to learn how a computer system works would not have the knowledge nor ability to understand how the system operates or the effects that would result from their actions. Computer systems have been known to collapse accidentally due to actions from ignorant intruders. Another discredit to this argument is connected to the knowledge of the extent of the intrusion. A person responsible for the security of a system would not take an intruder for his word. A malicious party would still say they were just looking and trying to learn. To ensure the security of the system, there would have to be an examination of the system. If this argument was permitted, computer security enforcers would still have to spend a lot of time verifying systems as nobody would take a chance on the word of an intruder (Spafford 236).
The Social Protector Argument
Another argument more prevalent in Europe more than in the United States is when hackers try to justify their intrusions by claiming that they were looking for instances of data abuse. This context places hackers as protectors and not intruders. This argument assumes that hackers are capable of doing good. True to their word, governments and other large corporations have been known to misuse data. The evolving use of computerized record systems and networks provides room for more abuse. It is however not certain that breaking into the concerned systems will help in only correcting the wrongs. In fact, the agencies will use this as an incentive to become more secretive and employ access that is more restricted. Another issue is that it is not certain that hackers are the people the public would want to “protect.” Trained computer professionals would be a better placed for such a role due to their professional awareness of the rights and expected behavior regarding the security and sensitivity of computer systems (Spafford 237).
Cybercrime and Ethics
Hacking and cracking are both against the law and, as such, they qualify to be referred to as cybercrime. Computer crimes are many, but not all of them compromise computer security. The two main cybercrimes that compromise computer security is cybertrespass, which Tavani describes as the unauthorized access to computer systems, or password protected websites using information technology (Brey 28). The second cybercrime is cyber vandalism, which is the use of information technology to release malicious programs that affect the normal operations of the computer system or corrupt data. Although not common in the context of cybercrime, cyber piracy is another form of cybercrime that may breach computer security. Cyber piracy or software piracy is the illegal reproduction of copyrighted material or information with the aim of sharing it across computer networks. Cyber piracy does not require sophisticated computer skills, and this makes it more widespread. The computer fraud, which is the use of information technology to deceive intentionally for personal gain is also a form of cybercrime. Computer fraud may manifest itself in the form of cybertrespass to gain illegal access as well as cyber vandalism in order to manipulate data.
Information security professionals have a professional and moral obligation to ensure the security of computer and information systems. Their moral obligations are usually well outlined in the company’s code of ethics. Company code of ethics does not, however, go into detail on what to do in specific situations unless for large technology-based organizations like Google. It is worth noting that the Information Systems Security Association is an international organization for information security practitioners and its code of ethics clearly states that all members should carry their duties and activities in accordance with the provision of law and with the highest ethical principles (Brey 29).
Information’s Privacy and Ethics
Mostly in Western societies, there exists a wide knowledge of the existence of the right to personal privacy. Samuel Warren and Louis Brandeis were among the first justices to defend privacy in America and defined privacy as “the right to be left alone” (Brey 30). Another concept of looking at the advancement of the rights to privacy is that it has taken after the advancement of humanist conventions. Everybody is said to have a “characteristic worth,” which means that every person is significant in his way, which is the premise of human rights. This advancement has made a tapestry of privacy where the individual and the society one resides in has woven together social qualities with innovation and strategy. This tapestry of privacy does not give a specific definition of privacy to the public. It provides a pattern, which covers certain privacy issues in the public at large (Mason 12). The concept of privacy as an embroidered artwork, identifies with Warren and Brandeis investigation, by saying that, in any case, people are reliant of society, whether they need to or not. Society has expectations of its members and consequently the individual has rights and benefits of participation.
The right to privacy is not absolute because there is a limit to the right to privacy. Therefore, it requires a balance between other existing rights such as the preservation of public order and the maintenance of national security. Rights to privacy also fluctuate depending on the situation; for instance, the level of privacy is lesser in public places or in the workplace environment compared to the home environment. One crucial principle of privacy used in most countries is informed consent, which ascertains that individuals have the rights to be told how organizations intend to handle personal information, and that they should be asked for approval before obtaining it (Brey 32).
The Internet Privacy and Ethics
The widespread use of the internet in modern days has brought about many privacy concerns. The internet brings about two main types of privacy issues. To start with, the posting and conglomeration of individual data on Internet sites occasionally disregard privacy. Sites on the Internet contain a wide range of individual data that is made openly accessible, frequently without the carrier’s express assent. Their information may contain; for example, one’s telephone number and address, filled announcement board messages from the past, data about one’s enrollment in associations, online magazines and daily papers in which one is specified, online databases with open records, pictures and video cuts including oneself, and so on. The aspect of utilizing web search tools can be found and be utilized to make elaborate composite records about persons. This brings about the ethical dilemmas, which states, should there be a limit to this? At what point should somebody’s consent be asked for when his data is posted on the web, or at what point should the data be utilized for particular purposes? (Brey 33).
The second issue is the web surveillance of web clients. Internet users’ who are associated with the web might be used by the outsiders to assist in gathering data about them in a way that is undetectable to them. Online privacy dangers incorporate cookies, which are little information parcels put by servers on one’s computer for client verification, consumer following, maintaining client specific data, tracking, and spyware. In fact, spywares are computer programs that malignantly gather data from a client’s computer framework or around a client’s program and send this data over the web to a third party. Additionally, employers, internet service suppliers, and government institutions might intercept private email and information activity at different stations. This also begs the question of when such actions constitute a privacy violation and what should be done to prevent this? (Brey 33).
Microsoft and Google are two modern day technology powerhouses that are in a constant state of competition. On 19 October 2012, Microsoft made an amendment to its policies that gave it more control over how they collect and utilize personal information from its customers that use free web-based products like Bing search and e-mail. It is worth noting that only a few individuals realized that Microsoft’s strategy changes were much the same as those that Google had made to its privacy laws earlier the same year. Google’s extended forces drew intense disapproval from protection advocates, leading to inquiries from controllers and broadside assaults from the opponents. Those included Microsoft, which purchased full-page daily paper promotions telling Google clients that Google did not think about their privacy, an allegation it immediately denied. The distinction in the two occasions shows the perplexity encompassing Internet user privacy. No single power administers the gathering of individual data from Web clients from Internet organizations. Despite the fact that most organizations have composed privacy policies, they are frequently expressed in such ambiguity that they appear to permit any utilization of clients’ personal data (Wyatt and Wingfield 1).
Computer security is a wide field of study concerned with the protection of computer hardware and software systems and the information contained therein. As such, computer security can be further divided into system security, which covers the protection of hardware and software components of the computer system as well as information security, which covers the data stored in the computer hardware and software system. In fact, the information security preserves data integrity, confidentiality, and availability. All these three properties present great harm when breached in various ways. Hacking, on the other hand, represents the unauthorized access of computer resources. Notably, hackers often try to justify their unlawful actions with the ethical argument that their actions are motivated towards doing good since all information should be shared publicly, a justification that is controversial but has been refuted by many. The right to privacy is another major ethical issue related to computer security in which the extent of access to and utilization of personal information has not been clearly articulated by well-defined policies, especially because no organizational body has been set up specifically to deal with these issues.