Computer Security:

Principles and Practice

Fourth Edition, Global Edition

By: William Stallings and Lawrie Brown

The NIST Internal/Interagency Report
NISTIR 7298 (Glossary of Key Information
Security Terms , May 2013) defines the term
computer security as follows:

“ Measures and controls that ensure

confidentiality, integrity, and availability of
information system
assets including hardware, software,
firmware, and information being processed,
stored, and communicated.”
Key Security Concepts
Confidentiality Integrity Availability

• Preserving • Guarding against • Ensuring timely and

authorized improper reliable access to
restrictions on information and use of
information access modification or information
and disclosure, destruction,
including means for including ensuring
protecting personal information
privacy and nonrepudiation and
proprietary authenticity
information
Levels of Impact
Moderat
Low High
e
The loss could be
The loss could be The loss could be
expected to have a
expected to have a expected to have a
severe or
limited adverse serious adverse
catastrophic
effect on effect on
adverse effect on
organizational organizational
organizational
operations, operations,
operations,
organizational organizational
organizational
assets, or assets, or
assets, or
individuals individuals
individuals
Computer Security Challenges
1. Computer security is not as simple as it might first appear to the novice

2. In developing a particular security mechanism or algorithm, one must always consider potential attacks
on those security features

3. Procedures used to provide particular services are often counterintuitive

4. Physical and logical placement needs to be determined

5. Security mechanisms typically involve more than a particular algorithm or protocol and also require that
participants be in possession of some secret information which raises questions about the creation, distribution, and
protection of that secret information
6. Attackers only need to find a single weakness, while the designer must find and eliminate all weaknesses
to achieve perfect security

7. Security is still too often an afterthought to be incorporated into a system after the design is complete,
rather than being an integral part of the design process

8. Security requires regular and constant monitoring

9. There is a natural tendency on the part of users and system managers to perceive little benefit from
security investment until a security failure occurs

10. Many users and even security administrators view strong security as an impediment to efficient and
user-friendly operation of an information system or use of information
Table 1.1

Computer Security Terminology, from RFC 2828, Internet Security Glossary, May 2000
 
 
Adversary (threat agent)
Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

Attack
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.

Countermeasure
A device or techniques that has as its objective the impairment of the operational effectiveness of undesirable or adversarial activity, or the
prevention of espionage, sabotage, theft, or unauthorized access to or use of sensitive information or information systems.

Risk
A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of 1) the adverse impacts
that would arise if the circumstance or event occurs; and 2) the likelihood of occurrence.
 
Security Policy
A set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in order to maintain a
condition of security for systems and data.

System Resource (Asset)

A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically
related group of systems.
 
Threat
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation),
organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure,
modification of information, and/or denial of service.

Vulnerability
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a
threat source.

(Table can be found on page 8 in the textbook)

Assets of a Computer
System
Hardware

Software

Data

Communication facilities and networks

Vulnerabilities, Threats
and Attacks
• Categories of vulnerabilities
• Corrupted (loss of integrity)
• Leaky (loss of confidentiality)
• Unavailable or very slow (loss of availability)

• Threats
• Capable of exploiting vulnerabilities
• Represent potential security harm to an asset

• Attacks (threats carried out)

• Passive – attempt to learn or make use of information from the system that does
not affect system resources
• Active – attempt to alter system resources or affect their operation
• Insider – initiated by an entity inside the security parameter
• Outsider – initiated from outside the perimeter
Countermeasures
Means used to
deal with security
attacks
• Prevent
• Detect
• Recover

Residual
vulnerabilities
may remain

Goal is to
May itself
minimize residual
introduce new
level of risk to the
vulnerabilities
assets
Table 1.2

Threat
Consequences,
and the
Types of
Threat Actions
That Cause
Each
Consequence

Based on
RFC 4949

**Table is on page 10 in the textbook.

Table 1.3
Computer and Network Assets, with Examples of Threats
Passive and Active
Attacks
Passive Attack Active Attack
• Attempts to alter system
• Attempts to learn or make use of resources or affect their
operation
information from the system but
• Involve some modification of
does not affect system resources
the data stream or the creation of
• Eavesdropping on, or monitoring of, a false stream
transmissions • Four categories:
o Replay
• Goal of attacker is to obtain o Masquerade
information that is being transmitted o Modification of messages
o Denial of service
• Two types:
o Release of message contents
o Traffic analysis
Table 1.4

Security
Requirements

(FIPS 200)

(page 1 of 2)

(Table can be found on pages 16-17 in the

textbook.)
Table 1.4

Security
Requirements

(FIPS 200)

(page 2 of 2)

(Table can be found on pages 16-17 in the

textbook.)
Fundamental Security
Design Principles
Economy of Fail-safe Complete
Open design
mechanism defaults mediation

Separation of Least common Psychological

Least privilege
privilege mechanism acceptability

Isolation Encapsulation Modularity Layering

Least
astonishment
Attack Surfaces
Consist of the reachable and exploitable vulnerabilities
in a system

Examples:

Code that processes

Open ports on An employee with
incoming data,
outward facing access to sensitive
Services available email, XML, office
Web and other Interfaces, SQL, information
on the inside of a documents, and
servers, and code and Web forms vulnerable to a
firewall industry-specific
listening on those social engineering
custom data
ports attack
exchange formats
Attack Surface Categories
Network Software Human
Attack Attack Attack
Surface Surface Surface
Vulnerabilities over an enterprise
Vulnerabilities in application,
network, wide-area network, or the
utility, or operating system code
Internet

Vulnerabilities created by
personnel or outsiders, such as
social engineering, human error,
and trusted insiders
Included in this category are
network protocol vulnerabilities,
such as those used for a denial-of- Particular focus is Web server
service attack, disruption of software
communications links, and various
forms of intruder attacks
Computer Security Strategy
Security Policy Security
• Formal statement of rules Implementation
and practices that specify or • Involves four
regulate how a system or complementary courses of
organization provides action:
security services to protect • Prevention
sensitive and critical system
• Detection
resources
• Response
• Recovery

Assurance Evaluation
• Encompassing both system • Process of examining a
design and system computer product or system
implementation, assurance with respect to certain
is an attribute of an criteria
information system that • Involves testing and may
provides grounds for having also involve formal analytic
confidence that the system or mathematical techniques
operates such that the
system’s security policy is
enforced
Standards
• Standards have been developed to cover management practices
and the overall architecture of security mechanisms and
services
• The most important of these organizations are:
o National Institute of Standards and Technology (NIST)
• NIST is a U.S. federal agency that deals with measurement science, standards,
and technology related to U.S. government use and to the promotion of U.S.
private sector innovation
o Internet Society (ISOC)
• ISOC is a professional membership society that provides leadership in
addressing issues that confront the future of the Internet, and is the organization
home for the groups responsible for Internet infrastructure standards
o International Telecommunication Union (ITU-T)
• ITU is a United Nations agency in which governments and the private sector
coordinate global telecom networks and services
o International Organization for Standardization (ISO)
• ISO is a nongovernmental organization whose work results in international
agreements that are published as International Standards
Symmetric Encryption
• The universal technique for providing confidentiality for
transmitted or stored data
• Also referred to as conventional encryption or single-key
encryption

• Two requirements for secure use:

• Need a strong encryption algorithm
• Sender and receiver must have obtained copies
of the secret key in a secure fashion and must
keep the key secure
Attacking Symmetric
Encryption
Cryptanalytic Attacks Brute-Force Attacks
 Rely on:  Try all possible keys on some
 Nature of the algorithm ciphertext until an intelligible
 Some knowledge of the general translation into plaintext is obtained
characteristics of the plaintext  On average half of all possible keys
must be tried to achieve success
 Some sample plaintext-ciphertext
pairs
 Exploits the characteristics of the
algorithm to attempt to deduce a
specific plaintext or the key being
used
 If successful all future and past
messages encrypted with that key are
compromised
Table 2.1

Comparison of Three Popular Symmetric

Encryption Algorithms
Data Encryption Standard
(DES)
Until recently was the most widely used encryption
scheme
FIPS PUB 46
Referred to as the Data Encryption Algorithm (DEA)
Uses 64 bit plaintext block and 56 bit key to produce a 64
bit ciphertext block

Strength concerns:
Concerns about the algorithm itself
DES is the most studied encryption algorithm
in existence
Concerns about the use of a 56-bit key
The speed of commercial off-the-shelf processors makes
this key length woefully inadequate
Table 2.2

Average Time Required for Exhaustive Key Search

Triple DES (3DES)
 Repeats basic DES algorithm three times using either two or
three unique keys
 First standardized for use in financial applications in ANSI
standard X9.17 in 1985
 Attractions:
 168-bit key length overcomes the vulnerability to brute-force attack of
DES
 Underlying encryption algorithm is the same as in DES
 Drawbacks:
 Algorithm is sluggish in software
 Uses a 64-bit block size
Advanced Encryption
Standard (AES)
NIST called for
Needed a Selected
proposals for a
replacement for Rijndael in
new AES in
3DES November 2001
1997
Should have a security
strength equal to or better
than 3DES

Significantly improved
3DES was not efficiency
Published as
reasonable for long
term use FIPS 197
Symmetric block cipher

128 bit data and

128/192/256 bit keys
Practical Security Issues
 Typically symmetric encryption is applied to a unit of data
larger than a single 64-bit or 128-bit block
 Electronic codebook (ECB) mode is the simplest approach to
multiple-block encryption
 Each block of plaintext is encrypted using the same key
 Cryptanalysts may be able to exploit regularities in the plaintext

 Modes of operation
 Alternative techniques developed to increase the security of symmetric
block encryption for large sequences
 Overcomes the weaknesses of ECB
Block & Stream Ciphers
Block Cipher

• Processes the input one block of elements at a time

• Produces an output block for each input block
• Can reuse keys
• More common

Stream Cipher
• Processes the input elements continuously
• Produces output one element at a time
• Primary advantage is that they are almost always faster and use far less
code
• Encrypts plaintext one byte at a time
• Pseudorandom stream is one that is unpredictable without knowledge of
the input key
Message Authentication

Protects against
active attacks

Verifies received • Contents have not been altered

• From authentic source
message is authentic • Timely and in correct sequence

Can use
• Only sender and receiver share a
conventional key
encryption
Message Authentication
Without Confidentiality
• Message encryption by itself does not provide a secure form of
authentication
• It is possible to combine authentication and confidentiality in a single
algorithm by encrypting a message plus its authentication tag
• Typically message authentication is provided as a separate function from
message encryption
• Situations in which message authentication without confidentiality may
be preferable include:
• There are a number of applications in which the same message is broadcast to a number of
destinations
• An exchange in which one side has a heavy load and cannot afford the time to decrypt all incoming
messages
• Authentication of a computer program in plaintext is an attractive service

• Thus, there is a place for both authentication and encryption in meeting

security requirements
To be useful for message
authentication, a hash function H must have the
following properties:

Can be applied to a block of data of any size

Produces a fixed-length output

H(x) is relatively easy to compute for any given x

One-way or pre-image resistant

• Computationally infeasible to find x such that H(x) = h

Computationally infeasible to find y ≠ x such that H(y) = H(x)

Collision resistant or strong collision resistance

• Computationally infeasible to find any pair (x,y) such that H(x) = H(y)
Security of Hash Functions
There are two
Additional secure
approaches to SHA most widely
hash function
attacking a secure used hash algorithm
applications:
hash function:

Cryptanalysis Passwords
• Exploit logical weaknesses in • Hash of a password is stored
the algorithm by an operating system

Brute-force attack Intrusion detection

• Strength of hash function • Store H(F) for each file on a
depends solely on the length system and secure the hash
of the hash code produced by values
the algorithm
Public-Key Encryption Structure

Asymmetric
• Uses two
Publicly separate keys Some form of
proposed by Based on • Public key and protocol is
Diffie and mathematical private key needed for
Hellman in functions • Public key is
distribution
1976 made public for
others to use
 Plaintext
 Readable message or data that is fed into the algorithm as input
 Encryption algorithm
 Performs transformations on the plaintext
 Public and private key
 Pair of keys, one for encryption, one for decryption
 Ciphertext
 Scrambled message produced as output
 Decryption key
 Produces the original plaintext
 User encrypts data using his or her own
private key

 Anyone who knows the corresponding

public key will be able to decrypt the
message
Table 2.3

Applications for Public-Key Cryptosystems

Requirements for Public-Key
Cryptosystems
Computationally easy to
create key pairs

Computationally easy
Useful if either key can for sender knowing
be used for each role public key to encrypt
messages

Computationally Computationally easy

infeasible for opponent for receiver knowing
to otherwise recover private key to decrypt
original message ciphertext

Computationally
infeasible for opponent to
determine private key
from public key
Asymmetric Encryption
Algorithms
RSA (Rivest, Most widely accepted and
Block cipher in which the
Shamir, Developed in 1977 implemented approach to
public-key encryption
plaintext and ciphertext are
integers between 0 and n-1 for

Adleman) some n.

Diffie-Hellman Enables two users to securely

reach agreement about a
key exchange shared secret that can be used
as a secret key for subsequent
Limited to the exchange of the
keys

algorithm symmetric encryption of

messages

Digital
Signature Provides only a digital
signature function with SHA-1
Cannot be used for encryption
or key exchange

Standard (DSS)

Elliptic curve
cryptography Security like RSA, but with
much smaller keys

(ECC)
Digital Signatures
 NIST FIPS PUB 186-4 defines a digital signature as:
”The result of a cryptographic transformation of data that,
when properly implemented, provides a mechanism for
verifying origin authentication, data integrity and signatory non-
repudiation.”
 Thus, a digital signature is a data-dependent bit pattern, generated by an
agent as a function of a file, message, or other form of data block
 FIPS 186-4 specifies the use of one of three digital signature algorithms:
 Digital Signature Algorithm (DSA)
 RSA Digital Signature Algorithm
 Elliptic Curve Digital Signature Algorithm (ECDSA)
Random  Keys for public-key
Numbers algorithms
 Stream key for symmetric
stream cipher
Uses include
generation of:  Symmetric key for use as a
temporary session key or in
creating a digital envelope
 Handshaking to prevent
replay attacks
Random Number
Requirements
Randomness Unpredictability
 Criteria:
 Uniform distribution  Each number is statistically
 Frequency of occurrence of each
of the numbers should be independent of other
approximately the same numbers in the sequence
 Independence
 No one value in the sequence
can be inferred from the others
 Opponent should not be
able to predict future
elements of the sequence
on the basis of earlier
elements
Random versus
Pseudorandom
Cryptographic applications typically make use of algorithmic techniques
for random number generation
• Algorithms are deterministic and therefore produce sequences of numbers that are not statistically
random

Pseudorandom numbers are:

• Sequences produced that satisfy statistical randomness tests
• Likely to be predictable

True random number generator (TRNG):

• Uses a nondeterministic source to produce randomness
• Most operate by measuring unpredictable natural processes
• e.g. radiation, gas discharge, leaky capacitors
• Increasingly provided on modern processors
Practical Application:
Encryption of Stored Data
Common to encrypt transmitted data

Much less common for stored data

There is often little protection
beyond domain authentication
and operating system access

Approaches to encrypt stored data:

controls

Data are archived for indefinite

periods

Use a commercially
Library based tape Background laptop/PC
available encryption Back-end appliance
encryption data encryption
package
Even though erased, until disk
sectors are reused data are
recoverable
“Computer crime, or
cybercrime, is a term used
broadly to describe criminal
activity in which computers
or computer networks are a
tool, a target, or a place of
criminal activity.”
--Fromthe New York Law School Course on
Cybercrime, Cyberterrorism, and Digital
Law Enforcement
Types of Computer Crime
• The U.S. Department of Justice categorizes computer
crime based on the role that the computer plays in the
criminal activity:

Computers as
Computers as Computers as
communications
targets storage devices
tools

Using the computer Crimes that are

to store stolen committed online,
password lists, credit such as fraud,
Involves an attack on card or calling card gambling, child
data integrity, system
numbers, proprietary pornography, and the
integrity, data
confidentiality, corporate illegal sale of
privacy, or availability information, prescription drugs,
pornographic image controlled
files, or pirated substances, alcohol,
commercial software or guns
Table 19.1

Cybercrimes
Cited
in the
Convention
on
Cybercrime

(page 1 of 2)
Table 19.1
Cybercrimes Cited in the Convention on
Cybercrime (page 2 of 2)
Table 19.2

CERT 2007
E-Crime
Watch
Survey
Results

(Table can be found on page 582 in the

textbook)
Law Enforcement
Challenges
• The deterrent effect of law enforcement on computer and
network attacks correlates with the success rate of
criminal arrest and prosecution
• Law enforcement agency difficulties:
• Lack of investigators knowledgeable and experienced in dealing with
this kind of crime
• Required technology may be beyond their budget
• The global nature of cybercrime
• Lack of collaboration and cooperation with remote law enforcement
agencies
• Convention on Cybercrime introduces a common
terminology for crimes and a framework for
harmonizing laws globally
The lack of success in bringing
them to justice has led to an
increase in their numbers,
boldness, and the global scale
of their operations

Are difficult to profile

Cybercriminals

Tend to be young and

very computer-savvy

Range of behavioral
characteristics is wide

No cybercriminal
databases exist that can
point to likely suspects
Are influenced by
the success of
cybercriminals
and the lack of
Cybercrime
success of law
enforcement Victims

Reporting rates tend to

be low because of a lack
Many of these of confidence in law
organizations have not enforcement, concern
invested sufficiently in about corporate
technical, physical, reputation, and a
and human-factor concern about civil
resources to prevent liability
attacks
Working with Law
Enforcement
• Executive management and security
administrators need to look upon law
enforcement as a resource and tool
• Management needs to:
• Understand the criminal investigation process
• Understand the inputs that investigators need
• Understand the ways in which the victim can
contribute positively to the investigation
Copyright
• Protects tangible or fixed expression of an idea
but not the idea itself
• Creator can claim and file copyright at a national
government copyright office if:
• Proposed work is original
• Creator has put original idea in concrete form
Copyright Rights
• Examples include:
• Copyright owner has
these exclusive rights, • Literary works
protected against • Musical works
infringement:
• Dramatic works
• Reproduction right • Pantomimes and
choreographic works
• Modification right
• Distribution right
• Pictorial, graphic, and
sculptural works
• Public-performance right • Motion pictures and other
• Public-display right audiovisual works
• Sound recordings
• Architectural works
• Software-related works
Patent
• Grant a property right to the inventor
• “The right to exclude others from making, using, offering
for sale, or selling” the invention in the United States or
“importing” the invention into the United States
• Types:

Utility Design Plant

• Any new and • New, original, • Discovers and

useful process, and ornamental asexually
machine, article design for an reproduces any
of manufacture, article of distinct and
or composition manufacture new variety of
of matter plant
• A word, name, symbol, or
device Trademark
• Used in trade with goods
• Indicates source of goods
• Distinguishes them from
goods of others
• Trademark rights may be
used to:
• Prevent others from using a
confusingly similar mark
• But not to prevent others
from making the same
goods or from selling the
same goods or services
under a clearly different
mark
Intellectual Property Relevant to
Network and Computer Security
• A number of forms of intellectual property are relevant
in the context of network and computer security
• Examples of some of the most prominent:

Digital
Software Databases Algorithms
content
• Programs produced • Data that is collected • Includes audio and • An example of a
by vendors of and organized in video files, patentable algorithm
commercial software such a fashion that it multimedia is the RSA public-
• Shareware has potential courseware, Web site key cryptosystem
• Proprietary software commercial value content, and any
created by an other original digital
organization for work
internal use
• Software produced
by individuals
U.S. Digital Millennium
Copyright ACT (DMCA)
• Signed into law in 1998
• Implements WIPO treaties to strengthen
protections of digital copyrighted materials
• Encourages copyright owners to use
technological measures to protect their
copyrighted works
• Measures that prevent access to the work
• Measures that prevent copying of the work
• Prohibits attempts to bypass the measures
• Both criminal and civil penalties apply to attempts to circumvent
DMCA Exemptions
• Certain actions are exempted from the provisions of the
DMCA and other copyright laws including:

Fair use Reverse Encryption Security Personal

engineering research testing privacy

• Considerable concern exists that DMCA inhibits

legitimate security and encryption research
• Feel that innovation and academic freedom is stifled and open source
software development is threatened
Digital Rights Management
(DRM)
• Systems and procedures that ensure that holders of
digital rights are clearly identified and receive
stipulated payment for their works
• May impose further restrictions such as inhibiting printing or
prohibiting further distribution

• No single DRM standard or architecture

• Objective is to provide mechanisms for the complete
content management life cycle
• Provide persistent content protection for a variety of
digital content types/platforms/media
Privacy
• Overlaps with computer security
• Dramatic increase in scale of information collected and
stored
• Motivated by law enforcement, national security, economic incentives
• Individuals have become increasingly aware of access
and use of personal information and private details
about their lives
• Concerns about extent of privacy compromise have led
to a variety of legal and technical approaches to
reinforcing privacy rights
European Union (EU)
Directive on Data Protection
• Adopted in 1998 to:
• Ensure member states protect fundamental privacy rights when
processing personal information
• Prevent member states from restricting the free flow of personal
information within EU
• Organized around principles of:

Notice Consent Consistency Access

Onward
Security Enforcement
transfer
United States Privacy Initiatives
Privacy Act of 1974

• Deals with personal information collected and used by

federal agencies
• Permits individuals to determine records kept
• Permits individuals to forbid records being used for other
purposes
• Permits individuals to obtain access to records and to
correct and amend records as appropriate
• Ensures agencies properly collect, maintain, and use
personal information
• Creates a private right of action for individuals

Also have a range of other privacy laws

ISO 27002 states . . .
“An organization’s data policy for privacy and protection
of personally identifiable information should be developed
and implemented. This policy should be communicated to all
persons involved in the processing of personally identifiable information.
Compliance with this policy and all relevant legislation and regulations
concerning the protection of the privacy of people and the protection of
personally identifiable information requires appropriate management
structure and control. Often this is best achieved by the appointment of a
person responsible, such as a privacy officer, who should provide
guidance to managers, users and service providers on their individual
responsibilities and the specific procedures that should be followed.
Responsibility for handling personally identifiable information and
ensuring awareness of the privacy principles should be dealt with in
accordance with relevant legislation and regulations. Appropriate
technical and organizational measures to protect personally identifiable
information should be implemented.”
Privacy and Data Surveillance
• The demands of big business, government and law enforcement
have created new threats to personal privacy
• Scientific and medical research data collection for analysis
• Law enforcement data surveillance
• Private organizations profiling
• This creates tension between enabling beneficial outcomes is areas including scientific
research, public health, national security, law enforcement and efficient use of resources,
while still respecting an individual’s right to privacy

• Another areas of particular concern is the rapid rise in the use of

public social media sites
• These sites gather, analyze, and share large amounts of data on individuals and their
interactions with other individuals and organizations
• Many people willingly upload large amounts of personal information, including photos
and status updates
• This data could potentially be used by current and future employers, insurance
companies, private investigators, and others, in their interactions with the individual
Privacy Protection
• Both policy and technical approaches are needed to protect
privacy
• In terms of technical approaches, the requirements for privacy
protection for data stored on information systems can be
addresses in part using the technical mechanisms developed for
database security
• With regard to social media sites, technical controls include:
• The provision of suitable privacy settings to manage who can view data on individuals
• Notification when one individual is referenced or tagged in another’s content
• Although social media sites include some form of these controls, they are constantly
changing, causing frustration for users who are trying to keep up with these
mechanisms

• Another approach for managing privacy concerns in big data

analysis is to anonymize the data, removing any personally
identifying information before release to researchers or other
organizations for analysis
Data Privacy
• In terms of policy, guidelines are needed to manage the use and reuse of big
data, ensuring suitable constraints are imposed in order to preserve privacy
• Consent
• Ensuring participants can make informed decisions about their participation
in the research
• Privacy and confidentiality
• Privacy is the control that individuals have over who can access their
personal information
• Confidentiality is the principle that only authorized persons should have
access to information
• Ownership and authorship
• Addresses who has responsibility for the data, and at what point does an
individual give up their right to control their personal data
• Data sharing – assessing the social benefits of research
• The social benefits that result from data matching and reuse of data from
one source or research project in another
• Governance and custodianship
• Oversight and implementation of the management, organization, access,
and preservation of digital data
• Many potential misuses
and abuses of information
Ethical Issues and electronic
communication that create
privacy and security
• Ethics: problems
“A system of moral • Basic ethical principles
principles that relates developed by civilizations
to the benefits and apply
harms of particular
actions, and to the • Unique considerations
rightness and surrounding computers and
information systems
wrongness of motives
and ends of those • Scale of activities not possible
before
actions.” • Creation of new types of entities
for which no agreed ethical
rules have previously been
formed
Ethical Issues Related to Computers
and Information Systems
• Some ethical issues from computer use:
• Repositories and processors of information
• Producers of new forms and types of assets
• Instruments of acts
• Symbols of intimidation and deception
• Those who understand, exploit technology,
and have access permission, have power
over these
Professional/Ethical
Responsibilities
• Concern with balancing professional responsibilities with
ethical or moral responsibilities
• Types of ethical areas a computing or IT professional may
face:
• Ethical duty as a professional may come into conflict with loyalty to employer
• “Blowing the whistle”
• Expose a situation that can harm the public or a company’s customers
• Potential conflict of interest

• Organizations have a duty to provide alternative, less extreme

opportunities for the employee
• In-house ombudsperson coupled with a commitment not to penalize employees for exposing
problems

• Professional societies should provide a mechanism whereby

society members can get advice on how to proceed
Codes of Conduct
• Ethics are not precise laws or sets of facts
• Many areas may present ethical ambiguity
• Many professional societies have adopted ethical codes of
conduct which can:

1
• Be a positive stimulus and instill confidence

2
• Be educational

3
• Provide a measure of support

4
• Be a means of deterrence and discipline

5
• Enhance the profession's public image
Comparison of Codes of Conduct
• All three codes place their emphasis on the responsibility of
professionals to other people

• Do not fully reflect the unique ethical problems related to the

development and use of computer and IT technology

• Common themes:
• Dignity and worth of other people

• Personal integrity and honesty

• Responsibility for work

• Confidentiality of information

• Public safety, health, and welfare

• Participation in professional societies to improve standards of the profession

• The notion that public knowledge and access to technology is equivalent to social
power
The Rules
• Collaborative effort to develop a short list of guidelines
on the ethics of computer systems
• Ad Hoc Committee on Responsible Computing
• Anyone can join this committee and suggest changes to the
guidelines
• Moral Responsibility for Computing Artifacts

• Generally referred to as The Rules

• The Rules apply to software that is commercial, free, open
source, recreational, an academic exercise or a research tool

• Computing artifact

• Any artifact that includes an executing computer program

As of this writing, the rules are as follows:
1) The people who design, develop, or deploy a computing artifact are morally responsible
for that artifact, and for the foreseeable effects of that artifact. This responsibility is
shared with other people who design, develop, deploy or knowingly use the artifact as
part of a sociotechnical system.

2) The shared responsibility of computing artifacts is not a zero-sum game. The

responsibility of an individual is not reduced simply because more people become
involved in designing, developing, deploying, or using the artifact. Instead, a person’s
responsibility includes being answerable for the behaviors of the artifact and for the
artifact’s effects after deployment, to the degree to which these effects are reasonably
foreseeable by that person.

3) People who knowingly use a particular computing artifact are morally responsible for
that use.

4) People who knowingly design, develop, deploy, or use a computing artifact can do so
responsibly only when they make a reasonable effort to take into account the
sociotechnical systems in which the artifact is embedded.

5) People who design, develop, deploy, promote, or evaluate a computing artifact should
not explicitly or implicitly deceive users about the artifact or its foreseeable effects, or
about the sociotechnical systems in which the artifact is embedded.