Information ethics Unit 6

1. The information
ethics of
surveillence and
security
John Blake

2. Ethical Approaches
• Utilitarianism
An ethical theory that determines right from
wrong based on the outcomes of actions.
• Deontological Ethics
An ethical theory that judges morality based
on adherence to rules and duties.
• Virtue Ethics
An ethical theory that focuses on character
traits and what it means to live a good life.
• Rights-based Ethics
An ethical theory based on inherent human
rights that all people deserve.
• Social Contract Theory
An ethical theory based on an implicit
agreement within a society to cooperate for
social benefits.

3. Security Concepts
• Encryption
Encryption encodes data to protect
confidentiality and prevent unauthorized
access
• Firewalls
Firewalls control network traffic and protect
systems from intrusions
• Intrusion Detection Systems
Intrusion detection systems monitor networks
for malicious activity and policy violations
• Secure Socket Layer (SSL)
SSL encrypts communications and
authenticates servers to enable secure
connections
• Two-Factor Authentication
(2FA)
2FA requires an additional verification factor
beyond just a password for secure user
authentication

4. Surveillance Types
• Closed-Circuit Television
(CCTV)
Video cameras used to monitor people in
public places, search icon
• Data Mining
Analyzing large data sets to identify patterns,
data icon
• Internet Monitoring
Tracking online activities and
communications, worldwide icon
• Wiretapping
Intercepting phone calls and electronic
communications, phone icon
• Facial Recognition
Identifying individuals by facial
characteristics, face icon

5. Ethical Hacking Techniques
• Penetration Testing
Authorized simulated attacks to evaluate
security of a computer system
• Social Engineering
Manipulating people into sharing confidential
info or performing actions
• Phishing
Fraudulent emails or websites to steal user
data
• Vulnerability Assessment
Systematic examination to identify security
weaknesses
• Red Teaming
Assume an adversarial role to test
effectiveness of defenses

6. Legal Frameworks and Policies
• General Data Protection
Regulation (GDPR)
European privacy regulation focused on
personal data protection and privacy.
• Computer Fraud and Abuse Act
(CFAA)
US law focused on prosecuting computer
crimes like hacking.
• Federal Information Security
Management Act (FISMA)
US law focused on information security for
government agencies.
• Right to be Forgotten
Allows individuals to request removal of
personal data.
• Consent Decrees
Agreements to stop prohibited acts, often for
privacy violations.

7. Privacy Concepts
• Anonymity
Protecting identities of users by not linking
data to individuals
• Data Minimization
Collecting least amount of data needed for
specific purpose
• Opt-in vs. Opt-out
Getting explicit consent vs passive
agreement for data collection
• Information Lifecycle
Managing data from collection to deletion
with access controls
• Do Not Track
Allowing users to opt out of data collection by
websites

8. Stakeholders
• End Users
Individuals who use information systems and
are impacted by security practices
• Security Analysts
Experts who implement security controls and
assess vulnerabilities
• Government Agencies
Oversee regulations and investigate security
incidents
• Ethical Hackers
Test systems for vulnerabilities to improve
security
• Data Brokers
Collect and sell user data often without
consent

9. Social and Cultural Factors
• Digital Divide
The gap between demographics and regions
that have access to modern information and
communications technology, and those that
don't.
• Surveillance Capitalism
An economic system centered around the
commodification of personal data with the
core purpose of profit-making.
• Privacy Paradox
The disconnect between people's intended
privacy attitudes and their actual privacy
behaviors.
• Security Theater
Security measures that provide the feeling of
improved security without actually improving
security.
• Trust Economy
An economic system where trust facilitates
transactions directly between participants,
without centralized institutions.

10. Ethical Dilemmas and Scenarios
• Backdoors
Backdoors in software and hardware can
undermine security and privacy.
• Data Breaches
Data breaches leak sensitive user
information, violating privacy.
• Insider Threats
Insiders with access can abuse privileges
and compromise systems.
• Whistleblowing
Whistleblowers expose unethical practices
but may violate laws.
• Dark Web
The dark web enables illegal activities hidden
from surveillance.