Building an Active Computer Security Ethics Community

David Dittrich; Michael Bailey; Sven Dietrich

doi:10.1109/MSP.2010.199

Security&Privacy
2011
Issue No. 4 - July-Aug.
Abstract - Building an Active Computer Security Ethics Community

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by David Dittrich Articles by Michael Bailey Articles by Sven Dietrich

Building an Active Computer Security Ethics Community

July-Aug. 2011 (vol. 9 no. 4)

pp. 32-40

	ASCII Text	x
	David Dittrich, Michael Bailey, Sven Dietrich, "Building an Active Computer Security Ethics Community," IEEE Security & Privacy, vol. 9, no. 4, pp. 32-40, July-Aug., 2011.

	BibTex	x
	@article{ 10.1109/MSP.2010.199, author = {David Dittrich and Michael Bailey and Sven Dietrich}, title = {Building an Active Computer Security Ethics Community}, journal ={IEEE Security & Privacy}, volume = {9}, number = {4}, issn = {1540-7993}, year = {2011}, pages = {32-40}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2010.199}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Building an Active Computer Security Ethics Community IS - 4 SN - 1540-7993 SP32 EP40 EPD - 32-40 A1 - David Dittrich, A1 - Michael Bailey, A1 - Sven Dietrich, PY - 2011 KW - ethics KW - computer security KW - computer network security KW - professional societies KW - computer crime KW - technology social factors VL - 9 JA - IEEE Security & Privacy ER -

David Dittrich, University of Washington

Michael Bailey, University of Michigan

Sven Dietrich, Stevens Institute of Technology

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.199

The Declaration of Helsinki and Belmont Report motivated the growth of bioethics alongside traditional biomedical research. Unfortunately, no equivalently active ethics discipline has paralleled the growth of computer security research, where serious ethical challenges are regularly raised by studies of increasingly sophisticated security threats (such as worms, botnets, and phishing). In this absence, program committees and funding agencies routinely must judge the acceptability of research studies. Such judgments are often difficult because of a lack of community consensus on ethical standards, disagreement about who should enforce standards and how, and limited experience applying ethical decision-making methods. This article motivates the need for such a community, touching on the extensive field of ethical decision making, examining existing ethical guidelines and enforcement mechanisms used by the computer security research community, and calling the community to joint action to address this broad challenge.

1. D. Dittrich and K.E. Himma, "Active Response to Computer Intrusions," Handbook of Information Security, vol. III, John Wiley & Sons, 2005, chap. 182, pp. 664–681.
2. D. Dittrich, M. Bailey, and S. Dietrich, Towards Community Standards for Ethical Behavior in Computer Security Research, tech. report CS 2009-01, Stevens Inst. of Technology, 2009; http://staff.washington.edu/dittrich/papers dbd2009tr1.
3. J. Fieser, "Ethics," Internet Encyclopedia of Philosophy, 2010; www.iep.utm.eduethics.
4. T.W. Bynum and S. Rogerson, Computer Ethics and Professional Responsibility: Introductory Text and Readings, Blackwell Publishers, 2003.
5. J.H. Moor, "What Is Computer Ethics?" Metaphilosophy, vol. 16, no. 4, 1985, pp. 266–275.
6. D.G. Johnson and K.W. Miller eds., Computers Ethics, Prentice-Hall, 2009.
7. Office for Human Research Protections, Int'l Compilation of Human Research Protections, 2011, www.hhs.gov/ohrp/international/intlcompilation intlcompilation.html.
8. ACM Council, , Code of Ethics and Professional Conduct, Oct. 1992; www.acm.org/aboutcode-of-ethics.
9. IEEE Board of Directors, IEEE Code of Ethics, Feb. 2006; www.ieee.org/about/corporate/governancep7-8.html .
10. D. Gotterbarn, K. Miller, and S. Rogerson, "Software Engineering Code of Ethics," Comm. ACM, vol. 40, no. 11, Nov. 1997, pp. 110–118.
11. Int'l Committee of the Red Cross (ICRC), The Geneva Conventions: The Core of International Humanitarian Law, Jan. 2006; www.icrc.org/eng/war-and-law/treaties-customary-law geneva-conventions.
12. D.B. Parker, Ethical Conflicts in Computer Science and Technology, AFIPS Press, 1979.
13. M. Allman, "What Ought a Program Committee to Do?" Proc. Usenix Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems, Usenix Assoc., 2008, pp. 1–5.
14. S.L. Garfinkel, "IRBs and Security Research: Myths, Facts, and Mission Creep," Proc. Usability, Psychology, and Security (UPSEC 08), Usenix Assoc., 2008, pp. 13:1–13:5.
15. E. Kenneally, M. Bailey, and D. Maughan, "A Tool for Understanding and Applying Ethical Principles in Network and Security Research," Proc. Workshop on Ethics in Computer Security Research (WECSR 10), LNCS 6054, Springer, 2010, pp. 240–246.
1. A.J. Burstein, "Conducting Cybersecurity Research Legally and Ethically," Proc. 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET 08), Usenix Assoc., 2008, pp. 1–8.
2. D.C. Sicker, P. Ohm, and D. Grunwald, "Legal Issues Surrounding Monitoring during Network Research," Proc. 7th ACM SIGCOMM Conf. Internet Measurement, ACM Press, 2007, pp. 141–148.

Index Terms:

ethics, computer security, computer network security, professional societies, computer crime, technology social factors

Citation:

David Dittrich, Michael Bailey, Sven Dietrich, "Building an Active Computer Security Ethics Community," IEEE Security & Privacy, vol. 9, no. 4, pp. 32-40, July-Aug. 2011, doi:10.1109/MSP.2010.199

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.