10. The Boundaries of Cybersecurity: Ethics, Rights, and Laws 265 utilitarianism, virtue theory, Kantian ethics, and social contract theory, respectively. The professional responsibilities are more specific. While all have some applicability to cybersecurity professionals, two are especially relevant: 2.8 Access computing and communication resources only when authorized or when compelled by the public good, and 2.9 Design and implement systems that are robustly and usably secure. For example, Section 2.9 provides the following guidance: “As threats can arise and change after a system is deployed, computing professionals should integrate mitigation techniques and policies, such as monitoring, patching, and vulnerability reporting.” To see how a code of ethics can be practically applied, we can consider which parts of the Code might relate to Bob’s ethical dilemma. If Bob had been familiar with the Code, could it have helped him? Section 1.6 states, “Technology enables the collection, monitoring, and exchange of personal information quickly, inexpensively, and often without the knowledge of the people affected.” This is exactly what Bob discovered. Bob violated the president’s privacy without his knowledge. 1.3 Be honest and trustworthy, is also applicable to Bob’s situation. Reading a code of ethics is a good reminder of the high standards of behavior that a profession like cybersecurity requires, and could spur someone in Bob’s position to strive to stay above reproach. It is possible that Bob may not have listened to the call in the first place had he been more in tune with the gravity of the situation and the position of trust he held. It is important for cybersecurity professionals to recognize their social responsibility to do good and to abide by professional ethics. Because of the trust that must be placed in them and the vital nature of their work to society, they have a social responsibility to behave morally at all times. The next section examines the rights of individuals that cybersecurity practitioners have both a legal and ethical obligation to protect. 10.2 Rights “The responsibility of respecting privacy applies to computing professionals in a particularly profound way…a computing professional should…understand the rights and responsibilities associated with the collection and use of personal information.” - Section 1.6, The ACM Code of Ethics and Professional Conduct Individual rights are based on ethical paradigms and are protected by the government. Social contract theory promotes the government’s involvement in codifying and enforcing rights to make for a just and free society. Part of being a citizen means entering into this social contract and respecting the rights of others. Rights are protected by laws. Laws give the courts the ability to punish individuals, organizations, and the government when they violate the rights of others. These laws will be explored more in depth in the next section. Cybersecurity professionals and ethical hackers are involved either directly or indirectly in protecting the rights of individuals and organizations in cyberspace. Cyberspace rights are important because society increasingly depends on cyberspace, and violations
RkJQdWJsaXNoZXIy MTM4ODY=