Cybersecurity Ethics in the United States of America

Summary

Ethics describes the way people want to best live their lives. With regards to technology, ethics describes the way people use technology to live well. Many people across the world believe that ethics must be included in teaching within technical disciplines. ^[1]

Cybersecurity refers to defending networks, computer programs, and systems from malicious actors who seek to damage such infrastructure. Malicious actors use cyberattacks for different reasons, including stealing information or money, or damaging a victim's reputation. ^[2]

There are a few key ideas in cybersecurity ethics that the Association for Computer Machinery (ACM) made to serve as guidelines for people working in cybersecurity.

1. People who work in cybersecurity should respect others' right to privacy, act honestly, and avoid treating other unfairly.
2. It is critical for those in the cybersecurity industry to do their jobs the best they can and be as competent as possible.
3. People who work in the computer science industry should help those in their field to improve, make their coworkers' working lives better, and make the world a better place. ^[3]

Background

The prevalence of cyberattacks can be found everywhere, including in the United States. For example, in 2016, people associated with the Democratic National Committee fell victim to their emails being hacked and released. Additionally, many people in the United States believe that they lost their ability to control of their personal data, and others are concerned that companies and government organizations could be unable to protect any data that they gather. About 50% of Americans do not believe that social media websites and the US government can effectively safeguard their data.

There are also concerns among Americans that private and public entities are unable to keep their data safe from malicious actors who seek to steal such information. Specifically, less than one third of Americans do not believe that the US government is able to keep their information safe from malicious actors, and less than a quarter of people who use social media believe that social media companies can keep their data safe. ^[4]

Hacking in the United States

Hacking can be defined as using technology, such as computers, smart phones, networks, and/or tablets, to gain unauthorized access to another party's device or network. This other party can be a person, group of people, company, a government organization, or other type of organization. While hacking itself is not always used for malicious purposes, this article will discuss hacking used by malicious actors. ^[5]

As hacking has gotten more sophisticated and the technology for hacking has improved, it has become easier for malicious actors to use hacking to steal information from victims. In 2021 for example, over 800,000 complaints were sent by Americans to the Internet Crime Complaint Center of the Federal Bureau of Investigation (FBI) about malicious cyber activity, which was a 7% year over year increase. The total amount of loss from this malicious activity was $6.9 billion, a 64% increase from the previous year. ^[6]

To counter the threat of hacking, Paul R. Kolbe, the director of the Intelligence Project at Harvard Kennedy School's Belfer Center for Science and International Affairs, believes that the United States should understand that it is in an era of continuous malicious hacking and should rethink the nature of such hacking as combating a disease that does not have a cure. He additionally believes that the United States should attempt to build a strong defense against malicious hackers by keeping track of data flowing between government and corporate networks rather than a single line of defense against malicious hackers. He states that government agencies and corporations that provide software products should be held more accountable for major cybersecurity breaches because such weaknesses in security can put American society as a whole at risk of further attacks. Kolbe believes that the US should also counter its enemies' cyber systems by penetrating their most important systems, stating that weaknesses are not found by checks but by penetrating said systems. He concludes by saying that America should be willing to meet with its enemies to agree on how to appropriately behave in cyberspace to lessen the chances of malicious hackers harming critical infrastructure that could affect society as a whole. ^[7]

Surveillance in the United States

Surveillance refers to watching another person or entity (such as a business) for the purpose of obtaining evidence. It is one of the most frequent way that people in law enforcement investigate suspects to obtain evidence.

Surveillance can occur using fixed or electronic methods. Fixed surveillance occurs when people are being watched in person without their knowledge. Electronic surveillance occurs when people are watched using bugging, videotaping, wiretapping, etc.

From a legal standpoint, the US Constitution prevents people from "unreasonable searches and seizures", which includes surveillance. ^[8]

Since 2005, the National Security Administration (NSA) has been surveying Americans by intercepting their Internet activity and phone conversations since 2005. In 2013, media outlets reported that the NSA receives copies of all traffic that occurs through fiber optic cable networks.

An organization called the Electronic Frontier Foundation (EFF) is against such activity by the US government by helping the party Jewel in its lawsuit against the NSA in order to prevent wiretapping without a warrant as well as hold the US government and its officials accountable for their actions. In September 2014, the American Civil Liberties Union (ACLU) and the EFF supported a neonatal nurse named Anna Smith in her lawsuit against the government's mass collecting of phone data on millions of American people. ^[9]

Elizabeth Goitein, a writer for the Brennan Center for Justice, is against the US government conducting surveillance against US citizens. She reported that in 2021, the director of the National Intelligence revealed that the FBI conducted searches against 3.4 million emails, texts, and phone calls by Americans without any warrants. Such activity is only allowed against foreign citizens who are not in the United States. Section 702 of the Foreign Intelligence Surveillance Act, passed by Congress after the September 11 terrorist attacks, was designed to increase the US government's right to survey other people. The law permits the NSA to gather data on any foreign citizen not in the US. Despite foreign citizens having the ability to communicate with American citizens and Congress requiring data that the government unintentionally collects on Americans be minimized, the NSA instead shares such data with the Central Intelligence Agency (CIA), FBI, and the National Terrorism Center. Such data is kept for a minimum of five years. Goitein believes that Congress should make it mandatory for government officials to get a warrant any time they want to examine section 702 data with regards to communications by Americans. She concludes by saying that despite such a bill not passing in Congress overall, passing such a bill would allow Americans' Fourth Amendment rights to be protected, while allowing the government to conduct surveillance on foreign citizens. ^[10]

1. ↑ https://www.scu.edu/media/ethics-center/technology-ethics/IntroToCybersecurityEthics.pdf
2. ↑ https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
3. ↑ https://reciprocity.com/the-importance-of-ethics-in-information-security/
4. ↑ https://www.pewresearch.org/internet/2017/01/26/americans-and-cybersecurity/
5. ↑ https://www.fortinet.com/resources/cyberglossary/what-is-hacking
6. ↑ https://www.cnbc.com/2022/12/16/fbi-7-billion-lost-in-criminal-hacks-most-victims-small-businesses.html#:~:text=In%202021%2C%20the%20FBI's%20Internet%20Crime%20Complaint%20Center%20(IC3),compared%20to%20the%20previous%20year.
7. ↑ https://www.nytimes.com/2020/12/23/opinion/russia-united-states-hack.html
8. ↑ https://www.law.cornell.edu/wex/surveillance
9. ↑ https://www.eff.org/nsa-spying
10. ↑ https://www.brennancenter.org/our-work/analysis-opinion/us-surveillance-americans-must-stop