Ethical questions for security experts


#1

[Permalink]


#2

Why is "First, Do No Harm" listed third?


#3

it's a stack...


#4

H) Do nothing, tell nobody. Accept that it will likely be exploited by others.


#6

G, F, E, D, B, in that order.


#7

In a society based on exploitation, the only ethical obligation of those working for state or capitalist security is to cease existing. They are the defenders of the il gotten gains of the bourgeoisie. The "black hat" electronic Robin Hoods and insurgents are the ethical ones.


#8

It's nice to see this conversation is happening, but I suspect it will be in vain. Electronic security is the kind of thing it only takes one black hat to ruin. There are a lot of black hats, many of them working for our governments. If 99% of engineers agree to play nice, the other one will eat their lunch.

The only solution is "peace through strength." Strong crypto, strong anti-malware, etc. I guess Norton won't ever remove the NSA's back doors, but PGP and TOR seem like they still work, and their creators haven't been jailed yet. A good strong open-source malware killer would be a blow for liberty - and therefore an act of treason. A nice start would be a free tool to remove the crap that got in via TOR last week - but the programmer would be a hunted ciminal.


#9

I disagree, if the goal is make people think about ethics. (If the goal is to prevent people from ever doing unethical things, you're right that is unrealistic not only because of human weakness but because we do not all agree on what ethical behaviors include.)

I think it is a really good idea to encourage people to think about ethics, and to imagine in advance how they would respond to various situations. Boing Boing may have a high percentage of readers who are already thinking about ethics (it's an activist blog), but that approach to life is far from universal. When I was in school/grad-school I thought of professional ethics mostly as something other people had to worry about. My rationale was that as a physical science major my work was inherently ethically neutral (science is neither good nor evil) and that since we didn't have human subjects or provide goods or services to humans we didn't have much to worry about. Sure, doctors and business majors had to worry, but not us scientists, I thought.

I think it's easy when you spend most of your time working with THINGS instead of PEOPLE to forget that people nonetheless can be affected. Also, at least for me, it is helpful to remember that even though I am not a business 'decision maker', I am nonetheless empowered to be more or less ethical.

Now, I claim to know where I stand. I work in defense and long ago made a mental list of what I would and would not be willing to do (e.g., I won't design firearms, bombs, or other offensive weapons) and how close I'm willing to be to people who do these things. But if asked, would I be tough enough to choose unemployment? That's where some of the imagining and the mental roleplay is useful, so that I have a plan in advance, and failing that, at least more honesty.


#10

You are absolutely right.


#11

To assert that medicine has an ethical base shows an acute lack of insider knowledge. 'First, do no harm' is not, in fact, part of the Hippocratic oath.


#12

As usual the Categorical Imperative is pretty applicable.

**Act only according to that maxim whereby you can, at the same time, will that it should become a universal law. -- Immanuel Kant, Fundamental Principles of the Metaphysic of Morals, 1785**

Every single time you do anything - breathing, eating, killing, hacking computers, whatever - it can only be ethical action if it would be morally and practically defensible for every single sentient being in existence to be forced to behave the same way when faced with the same situation. Don't think of the word forced here meaning government thugs with guns pointed at your head, think rather that any other action would be prevented by the nature of the universe itself.

So it's only OK for you to break into someone else's computer and delete their files if it's OK for everyone in the world to do it. And that means everyone, not anyone. Stealing instead of working is indefensible because if we all stole instead of working we'd face mass starvation; lying instead of telling the truth is indefensible in the majority of situations because if we all lied all the time we'd be unable to communicate & massive unnecessary suffering and privation &etc.


#13

You mean the same Black Hats that own your computer and steal your credit card numbers after adding you to their botnet? Yeah, ethical.


#14

Which Stamos actually said, at the talk, isn't taken by med school graduates anymore.


#16

This topic was automatically closed after 5 days. New replies are no longer allowed.