Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cosc 4765 Ethics and security. Security Computer security crosses over legal and ethics lines in many places. –Hacking is pretty much always illegal.

Similar presentations


Presentation on theme: "Cosc 4765 Ethics and security. Security Computer security crosses over legal and ethics lines in many places. –Hacking is pretty much always illegal."— Presentation transcript:

1 Cosc 4765 Ethics and security

2 Security Computer security crosses over legal and ethics lines in many places. –Hacking is pretty much always illegal. See next slides for some legal issues –Hacking by some is considered ethical. Depending on how it is done This topic and more is covered by the rest of the lecture.

3 Legal acts and computers Federal: US computer fraud and abuse act, 1984, prohibits –Unauthorized access to a computer containing data protected by national defense or foreign relations concerns Also computers containing certain banking or financial information Access, use, modifications, destruction, or disclosure of a computer or information in a computer operated on behalf of the US government.

4 Legal acts and computers (2) Accessing without permission a “protected computer” –The courts now interprets to include any computer connected to the Internet. Computer fraud Transmitting code that causes damage to a computer system or network Trafficking in computer passwords

5 Legal acts and computers (3) USA Patriot Act of 2001 –Amendment to computer fraud and abuse act –Knowing causing the transmission of code resulting in damage to a protected computer is a felony –Recklessly causing damage to a computer system as a consequence of unauthorized access is a felony –Causing damage (even unintentionally) as consequence of unauthorized access to a protected computer is a misdemeanor.

6 Legal acts and computers (4) US Electronic communications Privacy act, 1986 –Protects against electronic wiretapping Allows law enforcement agencies to ask for a court ordered wiretap Requires ISPs to have equipment to allow for wiretapping –Allows ISPs to read communications to maintain service or protect itself from damage

7

8 Law vs. Ethics LawEthics Described by formal, written documents Described by unwritten principles Interpreted by courtsInterpreted by each individual Established by legislaturesPresented by philosophers, religions, professional groups Applicable to everyonePersonal choice Priority determined by courts if 2 laws conflict Priority determined by an individual if 2 principles conflict Court is the final arbiter of “right”No external arbiter Enforceable by police and courtsLimited enforcement

9 Ethics Ethical pluralism recognizes that more than one position may be ethically justifiable. –In fields of Science and Tech, this type of statement seems illogical. –There is no higher authority and there are no “correct” answers.

10 Examining ethical issues 1. Understand the situation –Learn the facts of the situations 2. Know a several theories for ethical reasoning –You need to be able to justify your choices 3. List the ethical principles involved –What can be applied to the case? 4. Determine which principles outweigh others. –Subjective, but we need a logical conclusion or determination.

11 Ethical principles and theories Most ethics break down into 2 school of thought. 1.Based on the good that results from the actions –Consequence-based principles 2. Based on certain prima facie duties of people Rule-Based Principles

12 Consequence-Based principles Teleological theory focuses on consequences of an action –A action is chosen which results in the “greatest” future good and least harm. Egoism –Based on positive benefits to person taking the action. Utilitarianism –Based on positive benefits of everyone (entire Universe actually). “The good of the many outweighs the good of the few or the one.” --Spock

13 Rule-based principles Deontology: which is founded in a sense of duty. Certain things are good in and of themselves, they need no higher justification –To name a few: truth, justice, peace, security, freedom, honor, love, friendship, happiness, consciousness, beauty. –Often stated as rights: Right to know, right to privacy, right to fair compensation for work.

14 Rule-based principles (2) Various duties incumbent on all human beings: –Fidelity, or truthfulness –Reparation, duty to recompense for a previous wrongful act –Gratitude, thankfulness for previous services or kind acts –Justice, distribution of happiness in accordance with merit –Beneficence, the obligation to help other people or to make their lives better –Nonmaleficence, not harming others –Self-improvement, to become continually better.

15 Applying ethics to security Many things are legal or illegal, The questions here are Ethical. –While it is legal of ISPs to read communications, when is it ethical? –Security will at some point intrude on issues of privacy. When can you ethically read someone e-mail, look through their files, etc, pretty much invade their privacy.

16 Applying ethics to security (2) What are the ethics of vulnerabilities –Searching for them –Reporting them to everyone, not just the vendor. There ethical arguments that vulnerabilities should not be reported until a patch is available And that vulnerabilities should be reported as soon as possible –Full disclosure – including how it vulnerability works. –Partial disclosure – only how to protect the system.

17 Applying ethics to security Can they be an ethical argument for writing worms and viruses? How about password sniffing? And hacking: ethical hacking? –You look around and do not intend to damage the system. What is the case for ethical hacking? What is the case where hacking is unethical?

18 Code of Ethics Varying computer groups have developed a code of ethics: –IEEE: Code of ethics –ACM: Code of Ethics and Professional Conduct to long to reprint in this lecture. –The Computer Ethics Institute. The Ten Commandments of Computer Ethics.

19 IEEE Code of ethics 1.To accept responsibly in making engineering decisions consistent with the safety, health, and welfare of the public, and to disclose promptly factors that might endanger the public or the environment 2.To avoid real or perceived conflicts of interest wherever possible, and to disclose them to affected parties when they exist. 3.To be honest and realistic in stating claims or estimates based on available data 4.To reject bribery in all of it forms 5.To improve understanding of technology, its appropriate application, and potential consequences

20 IEEE Code of ethics (2) 6.To maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations 7.To seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others 8.To treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin 9.To avoid injuring others, their property, reputation, or employment by false or malicious actions 10.To assist colleagues and coworkers in their professional development and to support them in following this code of ethics.

21 Ten Commandments of Computer Ethics 1.Thou shalt not use a computer to harm other people. 2.Thou shalt not interfere with other people’s computer work. 3.Thou shalt not snoop around in other people’s computer files. 4.Thou shalt not use a computer to steal. 5.Thou shalt not use a computer to bear false witness 6.Thou shalt not copy or use proprietary software for which you have not paid

22 Ten Commandments of Computer Ethics (2) 7.Thou shalt not use other people’s computer resources without authorization or proper compensation. 8.Thou shalt not appropriate other people intellectual output 9.Thou shalt think about the social consequences of the program you are writing or the system you are designing. 10.Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.

23 Q A &


Download ppt "Cosc 4765 Ethics and security. Security Computer security crosses over legal and ethics lines in many places. –Hacking is pretty much always illegal."

Similar presentations


Ads by Google