ETHICAL ISSUES IN COMPUTER

SECURITY
Hacking and Computer Crime

A large part of computer security is concerned with the protection of computer resources and data against
unauthorized, intentional break-ins or disruptions. Such actions are often called hacking. Hacking, is the
use of computer skills to gain unauthorized access to computer resources. Hackers are highly skilled
computer users that use their talents to gain such access, and often form communities or networks with
other hackers to share knowledge and data. Hacking is often also defined, more negatively, as the gaining
of such unauthorized access for malicious purposes: to steal information and software or to corrupt data or
disrupt system operations. Self-identified hackers, however, make a distinction between non-malicious
break-ins, which they describe as hacking, and malicious and disruptive break-ins, which they call cracking.
Self-identified hackers often justify their hacking activities by arguing that they cause no real harm and
instead have a positive impact. The positive impact of hacking, they argue, is that it frees data to the benefit
of all, and improves systems and software by exposing security holes. The reconsideration are part of what
has been called the hacker ethic or hacker code of ethics, which is a set of (usually implicit) principles that
guide the activity of many hackers. Such principles include convictions that information should be free, that
access to computers should be unlimited and total, and that activities in cyberspace cannot do harm in the
real world. Various professionals have argued that many principles of the hacker ethic cannot be sustained.
The belief that information should be free runs counter to the very notion of intellectual property, and would
imply that creators of information would have no right to keep it to themselves and have no opportunity to
make a profit from it. It would moreover fundamentally undermine privacy, and would undermine the
integrity and accuracy of information, as information could be modified and changed at will by anyone who
would access it. A school of thought, that the helpfulness of hacking in pointing to security weaknesses
may not outweigh the harm it does, and that activities in cyberspace can do harm in the real world.

Both hacking and cracking tend to be unlawful, and may therefore be classified as a form of computer
crime, or cybercrime, as it has also been called. There are many varieties of computer crime, and not all of
them compromise computer security. There are two major types of cybercrime that compromise computer
security:

 cybertrespass, which is defined as the use of information technology to gain unauthorized access to
computer systems or password-protected websites, and
 cybervandalism, which is the use of information technology to unleash programs that disrupt the
operations of computer networks or corrupt data.

Another type of cybercrime that sometimes includes breaches of computer security, cyberpiracy.
Cyberpiracy, also called software piracy, is the use of information technology to reproduce copies of
proprietary software or information or to distribute such data across a computer network. Cyberpiracy is
much more widespread than cybervandalism or cybertrespass, because it does not require extensive
computer skills and many computer users find it morally permissible to make copies of copyrighted
software and data. Cyberpiracy involves breaches in computer security when it includes the cracking of
copyright protections. Another type of cybercrime that sometimes involves breaches of computer security is
computer fraud, which is deception for personal gain in online business transactions by assuming a false
online identity or by altering or misrepresenting data. Computer fraud may depend on acts of cyber
trespass to obtain passwords, digital identities, or other transaction or access codes, and acts of
cybervandalism involving the modification of data. Other types of cybercrime, such as the online distribution
of child pornography or online harassment and libel, usually do not involve breaches of computer security.

Cyberterrorism and Information Warfare

A recent concern in computer and national security has been the possibility of cyberterrorism, which is
defined by Herman Tavani as the execution of “politically motivated hacking operations intended to cause
grave harm, that is, resulting in either loss of life or severe economic loss, or both”. The possibility of major
attacks on information infrastructure, intending to debilitate or compromise this infrastructure and harm
economic,

industrial or social structures dependent on it, has become a major concern since the 9/11 attacks. Such
attacks could be both foreign and domestic. Controversy exists on the proper scope of “cyberterrorism”.
Where should the boundaries be drawn between cyberterrorism, cybercrime, and cybervandalism? Should
a teenager who releases a dangerous virus that

turns out to cause major harm to government computers be persecuted as a

cyberterrorist? Are politically motivated hijackings of the homepages of major organizations acts of
cyberterrorism? A distinction between cyberterrorism and other kinds of cyberattacks may be found in its
political nature: cyberterrorism consists of politically motivated operations that aim

to cause harm. Yet, Mark Mainon and Abby Goodrum have argued that not all politically motivated
cyberattacks should be called cyberterrorism. They distinguish cyberterrorism from hacktivism, which are
hacking operations against an internet site or server with the intent to disrupt normal operations but without
the intent to cause serious damage. Hacktivists may make use of e-mail bombs, low-grade viruses, and
temporary homepage hijackings. They are politically motivated hackers who engage in a form of electronic
political activism that should be distinguished from terrorism .Information warfare is an extension of
ordinary warfare in which combatants use information and attacks on information and information systems
as tools of warfare. Information warfare may include the use of information media to spread propaganda,
the disruption, jamming or hijacking of communication infrastructure or propaganda feeds of the enemy,
and hacking into computer systems that control vital infrastructure (e.g., oil and gas pipelines, electric
power grids, or railway infrastructure).

Moral Responsibilities of Information Security

Professionals
Information security (IS) professionals are individuals whose job it is to maintain system and information
security. By standing of their profession, they have a professional responsibility to assure the correctness,
reliability, availability, safety and security of all aspects of information and information systems. The
discussion in the above sections makes clear that this responsibility has a moral dimension: professional
activities in computer security may protect people from morally important harms but could also cause such
harms, and may either protect or violate people’s moral rights. In case of safety-critical systems, the
decisions of information security professionals may even be a matter of life or death. That IS professionals
have moral responsibilities as part of their profession is reflected in codes of ethics used by various
organizations for computer and information security. These codes of ethics rarely go into detail, however,
on the moral responsibilities of IS professionals in specific situations. For instance, the code of ethics of the
Information Systems Security Association (ISSA), an international organization of information security
professionals and practitioners, only states that members should “perform all professional activities and
duties in accordance with all applicable laws and the highest ethical principles” but does not go on to
specify what these
ethical principles are or how they should be applied and balanced against each other in specific
situations For IS professionals, as well as for other computer professionals who have a responsibility for
computer security, a code of ethics clearly is not enough. To appreciate the moral dimension of their work,
and to cope with moral dilemmas in it, they require training in information security ethics. Such training
helps professionals to get clear about interests, rights, and moral values that are at stake in computer
security, to recognize ethical questions and dilemmas in their work, and to balance different moral
principles in resolving such ethical issues.