This Article 
 Bibliographic References 
 Add to: 
Building an Active Computer Security Ethics Community
July-Aug. 2011 (vol. 9 no. 4)
pp. 32-40
David Dittrich, University of Washington
Michael Bailey, University of Michigan
Sven Dietrich, Stevens Institute of Technology
The Declaration of Helsinki and Belmont Report motivated the growth of bioethics alongside traditional biomedical research. Unfortunately, no equivalently active ethics discipline has paralleled the growth of computer security research, where serious ethical challenges are regularly raised by studies of increasingly sophisticated security threats (such as worms, botnets, and phishing). In this absence, program committees and funding agencies routinely must judge the acceptability of research studies. Such judgments are often difficult because of a lack of community consensus on ethical standards, disagreement about who should enforce standards and how, and limited experience applying ethical decision-making methods. This article motivates the need for such a community, touching on the extensive field of ethical decision making, examining existing ethical guidelines and enforcement mechanisms used by the computer security research community, and calling the community to joint action to address this broad challenge.

1. D. Dittrich and K.E. Himma, "Active Response to Computer Intrusions," Handbook of Information Security, vol. III, John Wiley & Sons, 2005, chap. 182, pp. 664–681.
2. D. Dittrich, M. Bailey, and S. Dietrich, Towards Community Standards for Ethical Behavior in Computer Security Research, tech. report CS 2009-01, Stevens Inst. of Technology, 2009; dbd2009tr1.
3. J. Fieser, "Ethics," Internet Encyclopedia of Philosophy, 2010; www.iep.utm.eduethics.
4. T.W. Bynum and S. Rogerson, Computer Ethics and Professional Responsibility: Introductory Text and Readings, Blackwell Publishers, 2003.
5. J.H. Moor, "What Is Computer Ethics?" Metaphilosophy, vol. 16, no. 4, 1985, pp. 266–275.
6. D.G. Johnson and K.W. Miller eds., Computers Ethics, Prentice-Hall, 2009.
7. Office for Human Research Protections, Int'l Compilation of Human Research Protections, 2011, intlcompilation.html.
8. ACM Council, , Code of Ethics and Professional Conduct, Oct. 1992;
9. IEEE Board of Directors, IEEE Code of Ethics, Feb. 2006; .
10. D. Gotterbarn, K. Miller, and S. Rogerson, "Software Engineering Code of Ethics," Comm. ACM, vol. 40, no. 11, Nov. 1997, pp. 110–118.
11. Int'l Committee of the Red Cross (ICRC), The Geneva Conventions: The Core of International Humanitarian Law, Jan. 2006; geneva-conventions.
12. D.B. Parker, Ethical Conflicts in Computer Science and Technology, AFIPS Press, 1979.
13. M. Allman, "What Ought a Program Committee to Do?" Proc. Usenix Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems, Usenix Assoc., 2008, pp. 1–5.
14. S.L. Garfinkel, "IRBs and Security Research: Myths, Facts, and Mission Creep," Proc. Usability, Psychology, and Security (UPSEC 08), Usenix Assoc., 2008, pp. 13:1–13:5.
15. E. Kenneally, M. Bailey, and D. Maughan, "A Tool for Understanding and Applying Ethical Principles in Network and Security Research," Proc. Workshop on Ethics in Computer Security Research (WECSR 10), LNCS 6054, Springer, 2010, pp. 240–246.
1. A.J. Burstein, "Conducting Cybersecurity Research Legally and Ethically," Proc. 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET 08), Usenix Assoc., 2008, pp. 1–8.
2. D.C. Sicker, P. Ohm, and D. Grunwald, "Legal Issues Surrounding Monitoring during Network Research," Proc. 7th ACM SIGCOMM Conf. Internet Measurement, ACM Press, 2007, pp. 141–148.

Index Terms:
ethics, computer security, computer network security, professional societies, computer crime, technology social factors
David Dittrich, Michael Bailey, Sven Dietrich, "Building an Active Computer Security Ethics Community," IEEE Security & Privacy, vol. 9, no. 4, pp. 32-40, July-Aug. 2011, doi:10.1109/MSP.2010.199
Usage of this product signifies your acceptance of the Terms of Use.