Cybersecurity Ethics in the United States of America

From SI410
Revision as of 16:43, 27 January 2023 by Drevsine (Talk | contribs) (Surveillance in the United States)

Jump to: navigation, search

Cybersecurity refers to using rules, technologies, methods, and humans to safeguard companies and other entities by preventing important data from being stolen or compromised. [1]

Ethics is a set of rules that people follow in their daily lives. There are a few key ideas in cybersecurity ethics that the Association for Computer Machinery (ACM) made to serve as guidelines for people who have jobs involving computer systems (ask about this in office hours).

  1. People who work in cybersecurity should respect others' right to privacy, act honestly, and avoid treating other unfairly.
  2. It is critical for those in the cybersecurity industry to do their jobs the best they can and be as competent as possible.
  3. People who work in the computer science industry should help those in their field to improve, make their coworkers' working lives better, and make the world a better place. [2]

This article will discuss cyber warfare, hacking, and surveillance in the United States and will include ethics related opinions from different people on these topics.

Background

The prevalence of cyberattacks can be found everywhere, including in the United States. There are concerns among Americans that private and public entities are unable to keep their data safe from malicious actors who seek to steal such information. According to the Pew Research Center, specifically, less than one third of Americans do not believe that the US government is able to keep their information safe from malicious actors, and less than a quarter of people who use social media believe that social media companies can keep their data safe. [3]

According to a survey conducted by the Pew Research Center between March 30 and May 3 in 2016, within 5 years, 51% believed that a cyberattack would likely occur targeting public infrastructure, while 48% believed that a cyberattack would likely occur targeting financial and banking systems. The survey states that 18% believed that the American government can effectively defend against cyberattacks targeting government organizations, and 13% believed that the American government can effectively defend against cyberattacks targeting public assets. The survey reports that 9% believed that American companies can effectively defend against cyberattacks targeting their systems. [4]

With regards to surveillance, American citizens are generally against being observed without their consent. A Pew Research Center survey conducted between January 27 and February 16 in 2015 revealed that 88% of those surveyed value not being watched without their consent. [5]

Cyber Warfare and the United States

Cyber warfare can be defined as activity conducted by a person, group of people, or a country designed to harm other entities' (ex. countries, groups of people) networks and their computers. Cyber warfare includes targeting public assets (ex. power grids), safety assets (ex. traffic lights), military assets, and/or financial assets. [6]

Types of cyber warfare include sabotage, spying, economic damage, propaganda, denial of service (DOS), power grid, and surprise attacks. Sabotage includes trying to steal highly valued information, such as social security numbers and bank account information. Spying includes monitoring enemies to steal their secrets. This can be done using botnets or other kinds of cyberattacks to try and get access into a computer before stealing such information. Economic damage can consist of disrupting computers needed in the economy, such as banks, systems of payment, stock markets, etc. Stealing/disrupting such systems can allow hackers to steal money and prevent others from reaching money that they might need. Propaganda can include revealing information that a country's government might find humiliating or by spreading false information to a country's citizens in the hopes of turning the population against the government. A denial of service attack involves hackers passing many fake requests to a website, causing it to be unable to provide services for real users. Such attacks can disrupt important websites used by members of a country's military, scientists, government officials, etc. Attacks on a country's power grids can prevent a country from using important systems, possibly causing many people to die. In addition, the ability to communicate via the internet would be very difficult. Surprise attacks can involve large scale attacks that completely surprise the enemy and cause massive damage. Such attacks can be used as a first step before attack an enemy physically. [7]

Lieutenant Colonel Pete Kilner, a former US Army soldier, believes that the introduction of cyber warfare should result in people reevaluating the morality of war with adversaries. His reasoning is that current rules of war do not provide appropriate moral guidelines on cyber warfare because such rules were created from outdated preconceived notions. During a war, Kilner asserts that soldiers should adhere to three basic guidelines: proportionality, necessity, and discrimination to avoid violence towards civilians and reduce collateral damage. [8]

Kilner notes that some countries in the eastern hemisphere who are enemies of the United States do not consider war in an at peace/at war mindset, like some Western countries do. He also states that America's enemies are willing to conduct continuous cyber warfare, while America and its allies have trouble determining the morality of using cyber warfare as a tool to combat its enemies, despite not being legally or publicly fighting said enemies. Kilner acknowledges that cybersecurity personnel working for the United States occasionally do not work within the confines of standard military ethics, while also mentioning that said workers are being constrained by taking more actions because the US is not officially fighting its enemies. Another challenge to cyber warfare that the US faces, Kilner points out, is the ability to make American citizens believe the US government when it declares that an enemy is attacking the country via cyber warfare. [9]

According to Kilner, the presence of nations not involved in cyber warfare with America's enemies can also be challenging because any cyber operations the US undertakes can also interfere with the cyberspace of these nations. As a result, it is extremely difficult to attack an enemy via cyber warfare without affecting other countries not involved, and much of "fighting" that occurs in such a war occurs in neutral nations. For example, when North Korea launched a cyber attack on the company Sony, the cyber attack traveled through routers on five continents. [10]

Kilner believes that it is important to determine who the cyber attacks will target (civilians or people in the military). He writes that while a conventional war separates civilians from soldiers, cyber warfare makes this separation more nuanced. A lot of cyber attacks pass through networks owned by civilian companies. In addition, a lot of people participating in cyber attacks, both in the US and in other countries, are civilians. In cyberspace, an enemy can be classified as anyone with an internet connection and the desire to harm the US by creating and spreading cyber attacks. [11]

To address these issues, Kilner believes that it is necessary to make appropriate changes to the rules governing how war is conducted, considering greater corporate influence in the world and the widespread use of the internet. Kilner cites a collection of people with legal backgrounds living in the West who worked together to create the Tallinn Manuals, which provide recommended guidelines for cyber warfare. Despite the consideration of creating new laws that govern cyber warfare, Kilner believes that the pace at which this is occurring is too slow. Kilner believes that updating the rules that govern warfare should begin with an examination of the nature of modern day wars. He argues for such conversations to occur in the public domain because war occurs on behalf of the citizens of a country, and the use of cyber warfare is no longer secret, so it should be included in such public discourse. Kilner states that based on people's views of cyber warfare, people with legal backgrounds can create a new set of laws that are consistent, understood by all, and are morally sound. Kilner concludes that the US should take a leading role in creating internationally followed laws that address the morality of cyber warfare. [12]

Hacking in the United States

Hacking can be defined as using technology, such as computers, smart phones, networks, and/or tablets, to gain unauthorized access to another party's device or network. This other party can be a person, group of people, company, a government organization, or other type of organization. While hacking itself is not always used for malicious purposes, this article will discuss hacking used by malicious actors. [13]

As hacking has gotten more sophisticated and the technology for hacking has improved, it has become easier for malicious actors to use hacking to steal information from victims. In 2021 for example, over 800,000 complaints were sent by Americans to the Internet Crime Complaint Center of the Federal Bureau of Investigation (FBI) about malicious cyber activity, which was a 7% increase year over year. The total amount of loss from this malicious activity was $6.9 billion, a 64% increase from the previous year. [14]

To counter the threat of hacking, Paul R. Kolbe, the director of the Intelligence Project at Harvard Kennedy School's Belfer Center for Science and International Affairs, believes that the United States should understand that it is in an era of continuous malicious hacking and should rethink the nature of such hacking as combating a disease that does not have a cure. He additionally believes that the United States should attempt to build a strong defense against malicious hackers by keeping track of data flowing between government and corporate networks rather than a single line of defense against malicious hackers. He states that government agencies and corporations that provide software products should be held more accountable for major cybersecurity breaches because such weaknesses in security can put American society as a whole at risk of further attacks. Kolbe believes that the US should also counter its enemies' cyber systems by penetrating their most important systems, stating that weaknesses are not found by checks but by penetrating said systems. He concludes by saying that America should be willing to meet with its enemies to agree on how to appropriately behave in cyberspace to lessen the chances of malicious hackers harming critical infrastructure that could affect society as a whole. [15]

A Politico article written by Kim Zetter reports that the United States government is cautious to engage in cyber warfare with Russia, despite the CIA and NSA spending lots of time infiltrating key computer networks in Russia. Experts in US cyber strategy believe that Russia and the US are equally unlikely to immediately order widespread damaging cyberattacks against each other. The US also does not plan to sabotage civilian infrastructure, according to Robert M. Lee, a former NSA employee who was a part of cyber warfare operations. He believes that the US would most likely send a message to Russia indicating its willingness to retaliate should Russia hack or try to otherwise disrupt American infrastructure. Rather, the US would continue to gather information about Russia, while trying to gain access to new infrastructure or gain further access into already compromised key infrastructure would not occur. [16]

Surveillance in the United States

Surveillance refers to watching another person or entity (such as a business) for the purpose of obtaining evidence. It is one of the most frequent way that people in law enforcement investigate suspects to obtain evidence. Surveillance can occur using fixed or electronic methods. Fixed surveillance occurs when people are being watched in person without their knowledge. Electronic surveillance occurs when people are watched using bugging, videotaping, wiretapping, etc. From a legal standpoint, the US Constitution prevents people from being unfairly searched by law enforcement, which includes surveillance. [17]

Elizabeth Goitein, a writer for the Brennan Center for Justice, is against the US government conducting surveillance against US citizens. She reported that in 2021, the director of the National Intelligence revealed that the FBI conducted searches on at most 3.4 million emails, texts, and phone calls by Americans without any warrants. Such activity is only allowed against foreign citizens who are not in the United States. Section 702 of the Foreign Intelligence Surveillance Act, passed by Congress after the September 11 terrorist attacks, was designed to increase the US government's right to survey other people. The law permits the NSA to gather data on any foreign citizen not in the US. Despite foreign citizens having the ability to communicate with American citizens and Congress requiring data that the government unintentionally collects on Americans be minimized, the NSA instead shares such data with the Central Intelligence Agency (CIA), FBI, and the National Terrorism Center. Such data is kept for a minimum of five years. Goitein believes that Congress should make it mandatory for government officials to get a warrant any time they want to examine section 702 data with regards to communications by Americans. She concludes by saying that despite such a bill not passing in Congress overall, passing such a bill would allow Americans' Fourth Amendment rights to be protected, while allowing the government to conduct surveillance on foreign citizens. [18]

According to Eric Tucker and Hannah Fingerhut of Associated Press (AP), only 28% of Americans surveyed from an AP-NORC poll in 2021 believe that the US government should engage in surveillance on international phone calls, compared to 49% in 2011. For domestic phone calls, only 14% of Americans in 2021 support such surveillance, compared to 23% in 2011. In 2021, only 27% of Americans surveyed in the previously mentioned poll believe that the US government should engage in surveillance on emails sent to another person living in another country, compared to 47% in 2011. Similarly, only 17% of Americans in 2021 from the poll believe in such surveillance on emails sent to another person living in the US, compared to 30% of Americans in 2011. Tucker and Fingerhut suggest that decreased American support for government surveillance can be attributed to the government receiving more authority to spy on Americans as well as an increase in technology that allows the government to spy on its citizens. Roughly 66.6% of American citizens are against the US government listening in on phone calls and viewing texts and emails without a warrant when such communication occurs in the United States. Roughly 50% of American citizens are against the US government spying on its citizens internet activity, including such activity by Americans, if not possessing a warrant. Despite most Americans being against government surveillance without a warrant, roughly 60% of Americans support the use of security cameras in public, so law enforcement can identify people acting suspiciously. [19]

Glenn Sulmasy, a law professor and head of department humanities at the US Coast Guard Academy, supports the US government using surveillance. He believes that in the modern era, new wars can be won by using new ways to collect information. Because of an increase of the threat of terrorism in the United States, Sulmasy argues, it is necessary for the US government to collect information on communications between Americans and foreign citizens. Since war against terrorism is ongoing, Sulmasy believes that the US government should change the ways it protects Americans. Sulmasy states that if surveillance of Americans continues, the executive branch of the government must inform Congress of such surveillance to avoid the executive branch from misusing its powers. [20]
  1. “What Is Cybersecurity?” Gartner, Gartner, Inc., https://www.gartner.com/en/topics/cybersecurity
  2. “The Importance of Ethics in Information Security.” Reciprocity, Reciprocity, 26 Feb. 2021, https://reciprocity.com/the-importance-of-ethics-in-information-security/
  3. Olmstead, Kenneth, and Aaron Smith. “Americans and Cybersecurity.” Pew Research Center: Internet, Science & Tech, Pew Research Center, 15 Sept. 2022, https://www.pewresearch.org/internet/2017/01/26/americans-and-cybersecurity/
  4. ibid
  5. Madden, Mary, and Lee Rainie. “Americans' Attitudes about Privacy, Security and Surveillance.” Pew Research Center: Internet, Science & Tech, Pew Research Center, 17 Aug. 2020, https://www.pewresearch.org/internet/2015/05/20/americans-attitudes-about-privacy-security-and-surveillance/
  6. “What Is Cyber Warfare?” Fortinet, Fortinet, Inc., https://www.fortinet.com/resources/cyberglossary/cyber-warfare
  7. ibid
  8. Kilner, Pete. “Ethics of Cyber Operations: ‘5th Domain’ Creates Challenges, Needs New Rules.” Association of the United States Army, Association of the United States Army, 21 Dec. 2017, https://www.ausa.org/articles/ethics-cyber-operations-%E2%80%985th-domain%E2%80%99-creates-challenges-needs-new-rules
  9. ibid
  10. ibid
  11. ibid
  12. ibid
  13. “What Is Hacking?” Fortinet, Fortinet, Inc., https://www.fortinet.com/resources/cyberglossary/what-is-hacking
  14. Thomas, Ian. “The FBI Is Worried about a Wave of Cyber Crime against America's Small Businesses.” CNBC, CNBC, 16 Dec. 2022, https://www.cnbc.com/2022/12/16/fbi-7-billion-lost-in-criminal-hacks-most-victims-small-businesses.html#:~:text=In%202021%2C%20the%20FBI's%20Internet%20Crime%20Complaint%20Center%20(IC3),compared%20to%20the%20previous%20year
  15. Kolbe, Paul R. “With Hacking, the United States Needs to Stop Playing the Victim.” The New York Times, The New York Times, 24 Dec. 2020, https://www.nytimes.com/2020/12/23/opinion/russia-united-states-hack.html
  16. Zetter, Kim. “'Not the Time to Go Poking around': How Former U.S. Hackers View Dealing with Russia.” Politico, Politico LLC, 12 Mar. 2022, https://www.politico.com/news/2022/03/12/cyber-russia-hacking-security-00016598
  17. Wex Definitions Team. “Surveillance.” Legal Information Institute, Legal Information Institute, Oct. 2021, https://www.law.cornell.edu/wex/surveillance
  18. Goitein, Elizabeth. “US Surveillance of Americans Must Stop.” Brennan Center for Justice, Brennan Center for Justice at NYU Law, 20 May 2022, https://www.brennancenter.org/our-work/analysis-opinion/us-surveillance-americans-must-stop
  19. Tucker, Eric, and Hannah Fingerhut. “Americans Warier of US Government Surveillance: AP-NORC Poll.” AP News, Associated Press, 7 Sept. 2021, https://apnews.com/article/technology-afghanistan-race-and-ethnicity-racial-injustice-government-surveillance-d365f3a818bb9d096e8e3b5713f9f856
  20. Sulmasy, Glenn. “Why We Need Government Surveillance.” CNN, Cable News Network, 10 June 2013, https://www.cnn.com/2013/06/10/opinion/sulmasy-nsa-snowden/index.html