Ethics for Computer Forensics
Download
Report
Transcript Ethics for Computer Forensics
Ethics for Computer
Forensics
A Consensus Approach
Thomas Schwarz, S.J. with help from Mark Ravizza, S.J. and the Markkula
Center for Applied Ethics
Theses
• Systematic ethical reasoning is vital for
any professional in a changing field.
• No single system of ethical reasoning is
accepted.
• Codes of Conduct help, but are not
sufficient in a changing field.
Observations
• Most “ethical” questions are non-brainers
(I should not throw a little dog in front of a
car because its owner upset me.)
• Most systems give the same outcome for
most of the remaining problems.
• Few “hard” questions remain: abortion,
care for severely malformed newborns,
etc.
Observations
Ethical Complexity Pyramid
Inherently Hard
Difficult Problem
results in a majority consensus
Serious Problem
results in a consensus by various schemes
Checking Required
No Brainers
Goal
• Present a Scheme to Systematically
Investigate Ethical Issues
• Not Yet About Cases.
Procedure
• Collect everybody’s favorite ethical
system.
• Derive a simple set of questions.
• Answer systematically these questions.
• Make a decision based on these answers.
Procedure Evaluation
• Not quite as tedious as it seems.
• No right answer.
• But “forms conscience”.
(According to Christian Theology, a wellformed conscience needs to be obeyed.)
Markkula Center for Applied Ethics
A Framework for Ethical Decision
Making
• Recognize the Moral Issue
• Get the Facts
• Evaluate the Alternative Actions from Various
Moral Perspectives
• Make a Decision
• Reflect on the Decision
Typical Example
• Employee Conrad Clueless uses a “pornographic”
screen-saver at his company provided workstation in a
semipublic office. He is informed by management that
this violates the company’s policy against sexual
harassment. He signs a statement that he understands
the policy and agrees to stop offending behavior. The
screensaver is indeed removed.
• Several months later, another employee objects again
against C.C. using a pornographic screen-saver. He
insists that he did not install it and alleges a trap.
• When told that a forensics examination can determine
when the screen-saver was installed and thus exonerate
him he suddenly claims violation of privacy.
Medium Example
• A law enforcement community develops
the Ruminant, a program that monitors all
electronic communication through a given
internet site. Ruminant generates a listing
of email for human consumption according
to rather narrow search criteria as spelled
out in a search warrant. Is deploying
Ruminant ethical?
Hard Example Case
A systems administrator discovers the
vulnerability to a worm infecting machines
running SQL-Runner from ABCSoft. This is
being discussed at a hacker forum in which she
participates. From past experiences, she
expects no reaction from a bug report in time, as
an administrator of a high-profile website she
also expects distributed DoS attacks on her site.
She has written an “inoculating worm” that
discovers vulnerable websites and changes the
default settings to prevent the malicious worm
from spreading.
Recognize the Moral Issue
• Is there something wrong, personally,
interpersonally, socially. Is there conflict
damaging to people, the environment,
institutions, or society?
Get the Facts
• What are the relevant facts in the
case?
• What individuals and groups have a
direct or indirect important stake in
the outcome?
• What are the options for acting?
Evaluate the Alternatives from
Different Perspectives
• Consequences: Which option will produce the most good
and do the least harm?
• Rights: Which option respects the rights and dignities of
all shareholders? Which treat everyone fairly?
• Common Good: Which option promotes the common
good and helps all participate more fully in the goods we
share as a society, as a community, as a company or
agency, as a family?
• Virtue: Which option would enable the deepening or
development of those virtues or traits that we value as
individuals, as a profession, or as a society?
Consequences
“Of any two actions, the most
ethical one will produce the
greatest balance of benefits
over harms.”
Consequences
• Known as Utilitarianism.
• Assumes that benefits can be compared.
• Does not address how benefits are
distributed.
(E.g. If I steal $1.- from you in order to make $10.- for me, that’s better.)
• Does not explain what accrues the
benefits. (Rules vs. individual acts.)
Consequences
• Offers a simple calculus for most cases.
Rights
“Act in ways that respect the dignity of other
persons by honoring and protecting their
legitimate moral rights.”
• Identifies certain fundamental civil, political, and
economic rights that merit protection because
they pertain to the dignity of the human person.
• Each person has a right to be respected and
treated as a free and equal rational person
capable of making decisions.
• Includes right to privacy, autonomy, subsistence,
freedom of conscience, physical integrity, etc.
Rights
• Takes the perspective of the stakeholders.
• US legal system is right-based.
• Enumerating all possible rights that might
be infringed is hard.
• Rights might conflict.
Common Good
“What is ethical is what advances the common
good.”
• Presents a vision of a society as a community
whose members are joined in a shared pursuit
of values and goal that they hold in common.
• The community consists of individuals whose
own good is inextricably bound to the goods of
the whole.
Common Good
• Can a pluralistic society speak of common
goods? And even if it would, how about
the relative values?
• Free-Rider Problem
• Individualism
• Unequal Burdens
Common Good
• Decision making needs to identify the
community, e.g. hackerdom vs. US vs.
World population.
Virtue
“What is ethical is what develops moral virtues
in ourselves and our communities.”
• Focuses on attitudes, dispositions, or
character traits that enable us to be and to
develop our human potential.
• Includes: Honesty, courage, faithfulness,
trustworthiness, integrity, compassion, etc.
Virtue
• Can the notion of virtues be extended to
corporate decision making?
• On the positive side, discussing virtues of
a corporation forces it to develop a
corporate culture.
Virtue
• Virtues are developed through learning
and practice. They become a habit.
• Virtues are not individual, but related to a
community or to a succession of
communities arranged in a shell.
Make a Decision
• Considering the analysis, which option is
the right thing to do?
• If you were to die today, what would you
like to have done?
Act and Reflect
• How did it turn out?
• What should we have done differently?
Shortcomings of the Method
• Knowledge Fallacy:
Plato: “If you know the good, you will do it”
But, is that true? According to Aristotle only the
already virtuous should study ethics.
• Gives short thrift to the philosophical
background.
Every theory claims to have the answer, not one of
many possible ones.
Positive Side Effects
• Discussion of an ethical issue often leads
to innovative solutions.
• Solving a current problem helps avoid
future problems (e.g. by putting policies in
place, clarifying rights and expectations,
...)
Why do it if it does not work all the
time?
• A procedure is most needed for the “hard”
cases.
• The framework does not provide the
decision.
• But,
– It clarifies the values at stake.
– Forces co-operative reflection.
– Framework provides a common language for
discussion.
Proposed Outcome
• Participants are sensitized to discern
ethical issues.
• Participants are capable of discussing
ethical issues.
• Participants can argue their decisions.