Modern threats such asdenial-of-service (DoS) attacks, worms, viruses, phishing, and botnetsunderscore the need for Internet security research in an increasingly networkedand computationally reliant society. Responses to these threats vary frompassive observation to calls for the legal right to defend computer systemsusing aggressive countermeasures. Researcherstook active control of malicious botnet C&C servers.
The attacks targetedhigh-profile victims, resulting in high-profile news coverage. They involvedhostile (criminal) activity across international borders. The targets includedboth governmental and nongovernmental organizations with ties to sovereigngovernments in multiple nations.However, they differ in that theattacks in the first case were fast moving and aggressive, whereas the secondinvolved more subtle and concealed attacks on information and informationsystems.Ethics is the field of ethics (ormoral philosophy) involves systematizing, defending, and recommending conceptsof right and wrong behavior. Normative ethics is a subfield that seeks todevelop a set of morals or guiding principles to influence the conduct ofindividuals and groups within a population.
Normative ethics is the branch of philosophical ethics who investigates the set of question that arise when consideringhow one ought to morally speaking, to act.Three main strategies for arrivingat these moral standards have emerged over time:Consequentialism espouses the endjustifies the means. For example, a consequentialist argument regarding torturewould evaluate the benefits of the information gained in relation to the lossof an individual’s rights.
Deontology, or duty-based ethics, looks at therightness or wrongness of the acts themselves and the duty to follow rules. Forexample, a deontological argument might state that it’s never acceptable totorture anyone, for any reason. Virtue ethics considers the character of theperson making the choice, rather than the act or its consequences. For example,you would consider an individual’s strong moral foundation and history ofacting in virtuous ways when evaluating his or her decision to use torture.
The definition of computer ethicshas various interpretations in line with this broader definition. One of themost oft-cited definitions is from James Moor who said that a typical problemin computer ethics arises because there is a policy vacuum about how computertechnology should be used. Computers provide us with new capabilities and thesein turn give us new choices for action. Often, either no policies for conductin these situations exist or existing policies seem inadequate. A central taskof computer ethics is to determine what we should do in such cases—that is, toformulate policies to guide our actions.Unfortunately, although the richfield of ethics offers us a way to consistently and coherently reason aboutspecific ethical issues, the gap between these approaches and a practicalethical framework is tremendous.
US Academic Standards In 1947, theNuremberg Code was the first call for informed consent and voluntaryparticipation in research experiments. The World Medical Association’s MedicalEthics Committee responded in 1954 by writing the Declaration of Helsinki,which was completed and adopted in 1964. This declaration addressed researchprotocols involving humans in terms of risks and benefits, informed consent,researcher qualifications, and so on, and informed a set of standards, or goodclinical practices (GCPs). More than a thousand laws, regulations, andguidelines worldwide now protect human research subjects.
In the US, one of the mostwell-known cases of medical research abuse involved experiments on low-incomeAfrican-American men infected with syphilis in Tuskegee, Alabama. Theseexperiments began in 1932, and although researchers learned in the 1940s thatpenicillin was an effective treatment, they quietly withheld this informationso doctors could see how the disease affected patients as the diseaseprogressed.The Belmont Report describes threebasic ethical principles and their application:Respect for persons, participationas a research subject is voluntary and follows from informed consent.Individuals should be treated as autonomous agents, and their right to decideabout their own best interests respected. Individuals with diminished autonomy,incapable of deciding for themselves, are entitled to protection. Beneficence,do not harm. Maximize possible benefits and minimize possible harm.
Systematically assess both risk and benefit. Justice, each person shouldreceive an equal share in treatments and benefit of research according toindividual need, effort, societal contribution, and merit. There should befairness of procedures and outcomes in selection of subjects.